Sujet Précédent Sujet Suivant

Virus/spyware ?

Fermé
gael31390 Messages postés 719 Date d'inscription lundi 2 avril 2007 Statut Membre Dernière intervention 2 avril 2011 - 28 août 2008 à 13:48
gael31390 Messages postés 719 Date d'inscription lundi 2 avril 2007 Statut Membre Dernière intervention 2 avril 2011 - 31 août 2008 à 22:59
Bonjour,
J'ai un virus/spyware dans mon autre ordi depuis hier et je n'arrive pas a la supprimer, j'ai fait un scan avast en mode sans echec mais il a "juste" trouvé 14204 fichiers infectés, mais le virus est tjrs là ... alors j'ai utiliser malwarebytes pour le virer mais il ne lance pas, j'ai utilisé spyhunter 3, il se lance fait un scan, trouve 180 fichiers infectés mais pour les supprimer je doit m'enregistrer mais le virus a bloqué ma connexion internet et en plus c'est pas payant, alors j'ai utilisé hijackthis, il s'installe mais ne se lance pas comme malwarebytes.
Je ne sais plus quoi faire ... Aidez moi siou plait !!
Merci !
A voir également:

119 réponses

Précédent
Réponse 61 / 119
gael31390 Messages postés 719 Date d'inscription lundi 2 avril 2007 Statut Membre Dernière intervention 2 avril 2011 75
29 août 2008 à 17:36
j'ai rien dit j'avais pas vu.
0
Réponse 62 / 119
gael31390 Messages postés 719 Date d'inscription lundi 2 avril 2007 Statut Membre Dernière intervention 2 avril 2011 75
29 août 2008 à 18:16
bon il est en train de faire le rapport, mais il met du tps !
0
Réponse 63 / 119
Utilisateur anonyme
29 août 2008 à 18:24
ok
0
Réponse 64 / 119
gael31390 Messages postés 719 Date d'inscription lundi 2 avril 2007 Statut Membre Dernière intervention 2 avril 2011 75
29 août 2008 à 18:27
Et voila le rapport, mais tjrs pas internet ... :


[b]SDFix: Version 1.220 [/b]
Run by Administrateur on 29/08/2008 at 17:51

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\23.tmp - Deleted
C:\2A.tmp - Deleted





Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 18:17:42
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:1e,44,77,6e,e2,16,a9,3e,78,96,c5,7e,56,cd,ee,e1,a8,63,ff,74,ef,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:22,95,58,f1,b7,61,66,f1,af,26,66,3d,f6,87,0c,d8,a2,4c,9f,bc,a9,..
"a0"=hex:20,01,00,00,53,d3,f3,49,39,c2,f0,39,47,34,82,a1,65,d1,a9,85,d5,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1e,e6,23,8a,69,37,78,0e,e9,7f,9b,95,90,d4,66,a3,b3,bb,e1,ca,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:1e,44,77,6e,e2,16,a9,3e,78,96,c5,7e,56,cd,ee,e1,a8,63,ff,74,ef,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:22,95,58,f1,b7,61,66,f1,af,26,66,3d,f6,87,0c,d8,a2,4c,9f,bc,a9,..
"a0"=hex:20,01,00,00,53,d3,f3,49,39,c2,f0,39,47,34,82,a1,65,d1,a9,85,d5,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1e,e6,23,8a,69,37,78,0e,e9,7f,9b,95,90,d4,66,a3,b3,bb,e1,ca,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:1e,44,77,6e,e2,16,a9,3e,78,96,c5,7e,56,cd,ee,e1,a8,63,ff,74,ef,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:22,95,58,f1,b7,61,66,f1,af,26,66,3d,f6,87,0c,d8,a2,4c,9f,bc,a9,..
"a0"=hex:20,01,00,00,53,d3,f3,49,39,c2,f0,39,47,34,82,a1,65,d1,a9,85,d5,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1e,e6,23,8a,69,37,78,0e,e9,7f,9b,95,90,d4,66,a3,b3,bb,e1,ca,a6,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\CIMSVR.exe"="C:\\WINDOWS\\system32\\CIMSVR.exe:*:Enabled:Logitech IM Video Companion Server"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"="C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"D:\\Gael\\battlefield 2\\BF2.exe"="D:\\Gael\\battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\sandra.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\sandra.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\Win32\\RpcDataSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\Win32\\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"D:\\Gael\\Mes Programmes\\azureus\\Azureus.exe"="D:\\Gael\\Mes Programmes\\azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\\Gael\\Mes Programmes\\emule\\eMule\\emule.exe"="D:\\Gael\\Mes Programmes\\emule\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\\Gael\\Mes Programmes\\skype\\Phone\\Skype.exe"="D:\\Gael\\Mes Programmes\\skype\\Phone\\Skype.exe:*:Enabled:Skype"
"D:\\Gael\\Mes Programmes\\adsltv\\adsltv.exe"="D:\\Gael\\Mes Programmes\\adsltv\\adsltv.exe:*:Enabled:adsltv"
"D:\\Gael\\Mes Programmes\\adsltv\\vlc.exe"="D:\\Gael\\Mes Programmes\\adsltv\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\\Gael\\itunes\\iTunes.exe"="D:\\Gael\\itunes\\iTunes.exe:*:Enabled:iTunes"
"\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe:*:enabled:@shell32.dll,-1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\sandra.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\sandra.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\Win32\\RpcDataSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\Win32\\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Wed 21 Feb 2007 10,752 A..H. --- "C:\Program Files\MSN Messenger\WINHTTP.dll"
Sun 26 Nov 2006 8 ..SHR --- "C:\WINDOWS\system32\3E4521AF55.sys"
Fri 30 Nov 2007 104 ..SHR --- "C:\WINDOWS\system32\55AF21453E.sys"
Fri 4 Jan 2008 5,746 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Mon 22 Aug 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 6 Jul 2008 55,296 ...H. --- "C:\Documents and Settings\Laurent\Bureau\~WRL0002.tmp"
Thu 6 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 10 Dec 2005 96 A..H. --- "C:\Program Files\Common Files\X10\Common\x10prod.sys"
Fri 29 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT2.tmp"
Fri 29 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\71dbbbe29103410f2afc92925fe4a5f7\BIT3.tmp"

[b]Finished![/b]
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 65 / 119
Utilisateur anonyme
29 août 2008 à 18:35
j ai entendu pour internet

c est plutot normal je vais t expliquer pourquoi

refais un scan hijackthis et post le rapport
0
Réponse 66 / 119
gael31390 Messages postés 719 Date d'inscription lundi 2 avril 2007 Statut Membre Dernière intervention 2 avril 2011 75
29 août 2008 à 18:39
et hop :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:38:10, on 29/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Gael\Avast\aswUpdSv.exe
D:\Gael\Avast\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Remote Task Manager\RTMService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
D:\Gael\Avast\ashMaiSv.exe
D:\Gael\Avast\ashWebSv.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
D:\Gael\Avast\ashDisp.exe
C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tcljxzcrcdchtwqj.com/JKnJWJ0pGXmm9xCaSYkBIs5aZocM8hxewLc3zrOSsezohjvRhRLDXaK_HZ2vRg0P.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [avast!] D:\Gael\Avast\ashDisp.exe
O4 - HKLM\..\Run: [eCarteBleue-LP-P1] "C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe" /dontopenmycards
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SMKRun] C:\Program Files\JustWrite Office\ScreenMark.exe -i
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Gael\itunes\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Gael\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HKPHALKM] %systemroot%\HKPHALKM.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Toolless] C:\DOCUME~1\Laurent\APPLIC~1\BALLON~1\Idle Plan.exe
O4 - HKCU\..\Run: [_Windows] C:\WINDOWS\WinSecurity\services.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: e-Carte Bleue La Banque Postale.lnk = C:\Program Files\e-Carte Bleue La Banque Postale\ecbl-lbp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: https://sts.lecnam.net/idp/profile/SAML2/Redirect/SSO?execution=e1s1
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28805E8B-A507-48A9-B96E-FE2BDC1399A5}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{30921518-B0FB-4716-A461-0331E3459A7D}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C11A8CE-C3DE-4036-BA56-B1E8FBC7303B}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{96B48026-EEB7-4744-B309-6960BFEBC5CF}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD02D15F-883F-4C51-8739-6AB736997AD5}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{BDCCA0A7-3A75-42BA-81B4-43E6F577A408}: NameServer = 81.210.20.254
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Gael\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Gael\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Gael\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Gael\Avast\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Task Manager service (RTM) - Unknown owner - C:\Program Files\Remote Task Manager\RTMService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 67 / 119
Utilisateur anonyme
29 août 2008 à 18:54
Il reste des infection et ton detournement de DNS qui nous ramène en pologne d ou tes soucis de connexions

réouvre hijackthis
fais scan only
coche ces lignes :


O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O15 - Trusted Zone: https://sts.lecnam.net/idp/profile/SAML2/Redirect/SSO?execution=e1s1
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28805E8B-A507-48A9-B96E-FE2BDC1399A5}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{30921518-B0FB-4716-A461-0331E3459A7D}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C11A8CE-C3DE-4036-BA56-B1E8FBC7303B}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{96B48026-EEB7-4744-B309-6960BFEBC5CF}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD02D15F-883F-4C51-8739-6AB736997AD5}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{BDCCA0A7-3A75-42BA-81B4-43E6F577A408}: NameServer = 81.210.20.254


tu les coches et tu clic sur fix checked


ensuite :

télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)

0
Réponse 68 / 119
gael31390 Messages postés 719 Date d'inscription lundi 2 avril 2007 Statut Membre Dernière intervention 2 avril 2011 75
29 août 2008 à 19:09
le voila :



--------------------\\ Lop S&D 4.2.3-6 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 3000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Laurent ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 080826-0] 4.8.1229 (Activated)

"C:\Lop SD" ( MAJ : 27-08-2008|22:40 )
Option : [1] ( 29/08/2008|19:01 )

--------------------\\ Listing des dossiers dans APPLIC~1

[05/11/2007|20:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\Corel
[21/05/2005|18:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[28/08/2008|22:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
[05/11/2007|21:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[28/08/2008|12:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla

[13/05/2007|12:22] C:\DOCUME~1\akaya\APPLIC~1\$_hpcst$.hpc
[09/01/2008|15:29] C:\DOCUME~1\akaya\APPLIC~1\Adobe
[29/11/2006|00:12] C:\DOCUME~1\akaya\APPLIC~1\AdobeUM
[09/01/2007|18:07] C:\DOCUME~1\akaya\APPLIC~1\Ahead
[29/12/2007|19:49] C:\DOCUME~1\akaya\APPLIC~1\Apple Computer
[03/10/2007|10:38] C:\DOCUME~1\akaya\APPLIC~1\Corel
[21/05/2005|18:31] C:\DOCUME~1\akaya\APPLIC~1\desktop.ini
[06/12/2007|21:41] C:\DOCUME~1\akaya\APPLIC~1\EFF
[22/10/2007|18:42] C:\DOCUME~1\akaya\APPLIC~1\GDIPFONTCACHEV1.DAT
[20/08/2007|21:28] C:\DOCUME~1\akaya\APPLIC~1\HP
[16/11/2006|20:27] C:\DOCUME~1\akaya\APPLIC~1\Identities
[11/12/2007|11:14] C:\DOCUME~1\akaya\APPLIC~1\JustWrite Office
[11/02/2007|17:25] C:\DOCUME~1\akaya\APPLIC~1\Leadertech
[18/11/2006|14:15] C:\DOCUME~1\akaya\APPLIC~1\Macromedia
[26/11/2007|10:43] C:\DOCUME~1\akaya\APPLIC~1\Media Player Classic
[16/06/2007|18:19] C:\DOCUME~1\akaya\APPLIC~1\Microsoft
[18/11/2006|14:13] C:\DOCUME~1\akaya\APPLIC~1\Mozilla
[06/06/2008|13:53] C:\DOCUME~1\akaya\APPLIC~1\OpenOffice.org2
[20/12/2006|20:02] C:\DOCUME~1\akaya\APPLIC~1\Sun
[18/11/2006|14:13] C:\DOCUME~1\akaya\APPLIC~1\Talkback
[26/12/2006|22:35] C:\DOCUME~1\akaya\APPLIC~1\vlc
[13/12/2007|23:08] C:\DOCUME~1\akaya\APPLIC~1\WTablet

[16/01/2006|21:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{7F8108F6-359E-4BA7-8C2C-E52196483C9C}
[19/03/2008|21:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[19/09/2007|20:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[01/07/2007|10:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[25/12/2006|16:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[27/08/2008|13:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[08/05/2006|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bike ace list meow
[11/09/2005|17:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[21/05/2005|18:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[21/05/2005|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[23/06/2008|15:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[18/08/2007|17:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[17/04/2008|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
[28/08/2005|15:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[05/07/2005|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[28/08/2008|16:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[13/10/2005|15:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[29/02/2008|22:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[21/05/2005|21:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[16/12/2007|19:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
[21/05/2005|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[04/01/2006|21:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OrbNetworks
[03/09/2007|12:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[10/11/2005|21:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\River Past G4
[15/02/2006|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[01/08/2008|16:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SongbirdVLC
[18/08/2007|17:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[08/12/2007|21:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[27/07/2007|14:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WhiteCap (Holiday Edition)
[22/07/2006|21:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[01/03/2008|14:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[21/05/2005|18:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[01/12/2007|00:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[13/04/2007|22:41] C:\DOCUME~1\Gael\APPLIC~1\$_hpcst$.hpc
[19/09/2006|20:40] C:\DOCUME~1\Gael\APPLIC~1\ACD Systems
[09/10/2005|16:20] C:\DOCUME~1\Gael\APPLIC~1\AchrafCherti
[05/12/2007|20:42] C:\DOCUME~1\Gael\APPLIC~1\Address Book
[23/06/2008|21:03] C:\DOCUME~1\Gael\APPLIC~1\Adobe
[13/07/2006|17:22] C:\DOCUME~1\Gael\APPLIC~1\AdobeUM
[06/08/2005|19:41] C:\DOCUME~1\Gael\APPLIC~1\Ahead
[19/05/2008|17:02] C:\DOCUME~1\Gael\APPLIC~1\Apple Computer
[13/04/2007|23:00] C:\DOCUME~1\Gael\APPLIC~1\Arcsoft
[17/08/2007|15:31] C:\DOCUME~1\Gael\APPLIC~1\Atari
[23/05/2008|15:24] C:\DOCUME~1\Gael\APPLIC~1\AVSMedia
[30/07/2008|22:33] C:\DOCUME~1\Gael\APPLIC~1\Azureus
[08/05/2006|19:20] C:\DOCUME~1\Gael\APPLIC~1\Ballonelies
[04/06/2008|14:15] C:\DOCUME~1\Gael\APPLIC~1\Blender Foundation
[01/11/2006|16:15] C:\DOCUME~1\Gael\APPLIC~1\Camfrog
[22/09/2007|16:39] C:\DOCUME~1\Gael\APPLIC~1\Corel
[24/05/2005|19:45] C:\DOCUME~1\Gael\APPLIC~1\Cyberlink
[23/03/2008|22:10] C:\DOCUME~1\Gael\APPLIC~1\DAEMON Tools
[19/02/2008|16:59] C:\DOCUME~1\Gael\APPLIC~1\DeepBurner
[12/03/2006|18:01] C:\DOCUME~1\Gael\APPLIC~1\Desktop Sidebar
[21/05/2005|18:31] C:\DOCUME~1\Gael\APPLIC~1\desktop.ini
[02/02/2008|19:29] C:\DOCUME~1\Gael\APPLIC~1\Dev-Cpp
[05/12/2007|20:24] C:\DOCUME~1\Gael\APPLIC~1\Finder Bar
[11/04/2006|21:08] C:\DOCUME~1\Gael\APPLIC~1\FotoWire
[22/04/2008|19:51] C:\DOCUME~1\Gael\APPLIC~1\GDIPFONTCACHEV1.DAT
[22/01/2008|21:57] C:\DOCUME~1\Gael\APPLIC~1\GetRightToGo
[03/08/2008|16:25] C:\DOCUME~1\Gael\APPLIC~1\Google
[22/09/2005|19:30] C:\DOCUME~1\Gael\APPLIC~1\Grisbi
[07/02/2008|20:56] C:\DOCUME~1\Gael\APPLIC~1\gtk-2.0
[03/07/2005|16:11] C:\DOCUME~1\Gael\APPLIC~1\Help
[18/08/2007|18:34] C:\DOCUME~1\Gael\APPLIC~1\HP
[09/04/2007|01:08] C:\DOCUME~1\Gael\APPLIC~1\Identities
[19/04/2008|13:15] C:\DOCUME~1\Gael\APPLIC~1\JustWrite Office
[08/05/2006|19:03] C:\DOCUME~1\Gael\APPLIC~1\Lavasoft
[19/09/2006|20:43] C:\DOCUME~1\Gael\APPLIC~1\Leadertech
[21/05/2005|20:46] C:\DOCUME~1\Gael\APPLIC~1\Macromedia
[30/05/2005|13:10] C:\DOCUME~1\Gael\APPLIC~1\Media Player Classic
[10/12/2007|21:42] C:\DOCUME~1\Gael\APPLIC~1\Microsoft
[21/05/2005|20:43] C:\DOCUME~1\Gael\APPLIC~1\Mozilla
[19/08/2005|00:21] C:\DOCUME~1\Gael\APPLIC~1\MSN6
[23/01/2006|21:27] C:\DOCUME~1\Gael\APPLIC~1\Nvu
[25/08/2008|18:38] C:\DOCUME~1\Gael\APPLIC~1\OpenOffice.org2
[22/12/2007|16:58] C:\DOCUME~1\Gael\APPLIC~1\OtakuSoftware
[03/06/2008|12:11] C:\DOCUME~1\Gael\APPLIC~1\PnkBstrK.sys
[18/06/2005|22:09] C:\DOCUME~1\Gael\APPLIC~1\Real
[08/05/2006|19:21] C:\DOCUME~1\Gael\APPLIC~1\Regs 16
[10/11/2005|21:19] C:\DOCUME~1\Gael\APPLIC~1\River Past G4
[09/10/2005|15:53] C:\DOCUME~1\Gael\APPLIC~1\RobotProgPrefs
[15/03/2007|21:30] C:\DOCUME~1\Gael\APPLIC~1\Screenshot Sender
[12/12/2005|18:32] C:\DOCUME~1\Gael\APPLIC~1\Seven Zip
[06/06/2008|21:21] C:\DOCUME~1\Gael\APPLIC~1\Skype
[09/10/2005|15:59] C:\DOCUME~1\Gael\APPLIC~1\Solve Elec Prefs
[04/07/2005|15:55] C:\DOCUME~1\Gael\APPLIC~1\Sun
[07/08/2005|13:25] C:\DOCUME~1\Gael\APPLIC~1\Talkback
[02/06/2007|13:36] C:\DOCUME~1\Gael\APPLIC~1\teamspeak2
[03/07/2008|14:25] C:\DOCUME~1\Gael\APPLIC~1\vlc
[03/07/2008|22:37] C:\DOCUME~1\Gael\APPLIC~1\Vso
[03/07/2008|22:36] C:\DOCUME~1\Gael\APPLIC~1\VSO_HWE
[15/08/2007|01:27] C:\DOCUME~1\Gael\APPLIC~1\Wallpaper
[27/08/2008|16:43] C:\DOCUME~1\Gael\APPLIC~1\WTablet

[18/04/2007|16:34] C:\DOCUME~1\Laurent\APPLIC~1\$_hpcst$.hpc
[25/06/2005|15:26] C:\DOCUME~1\Laurent\APPLIC~1\.bittorrent
[29/08/2008|11:10] C:\DOCUME~1\Laurent\APPLIC~1\Adobe
[16/01/2007|18:44] C:\DOCUME~1\Laurent\APPLIC~1\AdobeUM
[03/01/2007|20:01] C:\DOCUME~1\Laurent\APPLIC~1\Ahead
[22/08/2008|15:52] C:\DOCUME~1\Laurent\APPLIC~1\Apple Computer
[27/08/2008|13:52] C:\DOCUME~1\Laurent\APPLIC~1\Azureus
[08/05/2006|19:23] C:\DOCUME~1\Laurent\APPLIC~1\Ballonelies
[31/10/2007|20:59] C:\DOCUME~1\Laurent\APPLIC~1\Corel
[26/09/2007|09:37] C:\DOCUME~1\Laurent\APPLIC~1\Cyberlink
[21/05/2005|18:31] C:\DOCUME~1\Laurent\APPLIC~1\desktop.ini
[05/12/2007|20:34] C:\DOCUME~1\Laurent\APPLIC~1\Finder Bar
[26/07/2008|20:32] C:\DOCUME~1\Laurent\APPLIC~1\GDIPFONTCACHEV1.DAT
[28/07/2007|14:04] C:\DOCUME~1\Laurent\APPLIC~1\Google
[02/06/2005|18:58] C:\DOCUME~1\Laurent\APPLIC~1\Help
[18/08/2007|17:44] C:\DOCUME~1\Laurent\APPLIC~1\HP
[21/05/2005|17:44] C:\DOCUME~1\Laurent\APPLIC~1\Identities
[21/05/2005|18:25] C:\DOCUME~1\Laurent\APPLIC~1\InterTrust
[28/08/2008|23:23] C:\DOCUME~1\Laurent\APPLIC~1\JustWrite Office
[08/03/2006|16:48] C:\DOCUME~1\Laurent\APPLIC~1\Lavasoft
[16/04/2008|14:55] C:\DOCUME~1\Laurent\APPLIC~1\Leadertech
[21/05/2005|19:43] C:\DOCUME~1\Laurent\APPLIC~1\Macromedia
[28/08/2008|16:13] C:\DOCUME~1\Laurent\APPLIC~1\Malwarebytes
[27/06/2005|19:31] C:\DOCUME~1\Laurent\APPLIC~1\Media Player Classic
[18/08/2007|17:29] C:\DOCUME~1\Laurent\APPLIC~1\Microsoft
[01/08/2008|16:40] C:\DOCUME~1\Laurent\APPLIC~1\Mozilla
[14/08/2005|13:19] C:\DOCUME~1\Laurent\APPLIC~1\MSN6
[28/08/2008|15:52] C:\DOCUME~1\Laurent\APPLIC~1\OpenOffice.org2
[17/03/2006|18:38] C:\DOCUME~1\Laurent\APPLIC~1\Real
[08/05/2006|19:24] C:\DOCUME~1\Laurent\APPLIC~1\Regs 16
[18/03/2007|15:23] C:\DOCUME~1\Laurent\APPLIC~1\Skype
[01/08/2008|16:40] C:\DOCUME~1\Laurent\APPLIC~1\Songbird2
[27/06/2005|20:57] C:\DOCUME~1\Laurent\APPLIC~1\Sun
[25/09/2005|18:26] C:\DOCUME~1\Laurent\APPLIC~1\Talkback
[01/04/2007|21:01] C:\DOCUME~1\Laurent\APPLIC~1\vlc
[11/12/2007|22:09] C:\DOCUME~1\Laurent\APPLIC~1\WTablet
[20/01/2006|17:36] C:\DOCUME~1\Laurent\APPLIC~1\Xfire

[21/01/2007|15:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[12/12/2007|20:17] C:\DOCUME~1\LOCALS~1\APPLIC~1\WTablet
[14/08/2005|16:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\X10 Commander

[01/07/2005|14:02] C:\DOCUME~1\NETWOR~1\APPLIC~1\Macromedia
[01/12/2007|00:47] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[14/04/2007|11:06] C:\DOCUME~1\tiphaine\APPLIC~1\$_hpcst$.hpc
[24/07/2008|20:41] C:\DOCUME~1\tiphaine\APPLIC~1\Adobe
[28/01/2006|18:00] C:\DOCUME~1\tiphaine\APPLIC~1\AdobeUM
[20/12/2005|13:28] C:\DOCUME~1\tiphaine\APPLIC~1\Ahead
[08/07/2008|22:50] C:\DOCUME~1\tiphaine\APPLIC~1\Apple Computer
[08/05/2006|19:26] C:\DOCUME~1\tiphaine\APPLIC~1\Ballonelies
[08/11/2007|20:44] C:\DOCUME~1\tiphaine\APPLIC~1\Corel
[21/05/2005|18:31] C:\DOCUME~1\tiphaine\APPLIC~1\desktop.ini
[13/04/2008|16:23] C:\DOCUME~1\tiphaine\APPLIC~1\GDIPFONTCACHEV1.DAT
[28/07/2007|14:04] C:\DOCUME~1\tiphaine\APPLIC~1\Google
[30/12/2007|22:06] C:\DOCUME~1\tiphaine\APPLIC~1\gtk-2.0
[19/08/2007|12:04] C:\DOCUME~1\tiphaine\APPLIC~1\HP
[14/08/2005|15:18] C:\DOCUME~1\tiphaine\APPLIC~1\Identities
[14/12/2007|19:42] C:\DOCUME~1\tiphaine\APPLIC~1\JustWrite Office
[18/09/2006|20:36] C:\DOCUME~1\tiphaine\APPLIC~1\Leadertech
[14/08/2005|15:26] C:\DOCUME~1\tiphaine\APPLIC~1\Macromedia
[16/08/2005|18:09] C:\DOCUME~1\tiphaine\APPLIC~1\Media Player Classic
[07/03/2008|20:16] C:\DOCUME~1\tiphaine\APPLIC~1\Microsoft
[14/08/2005|15:18] C:\DOCUME~1\tiphaine\APPLIC~1\Mozilla
[16/12/2007|19:23] C:\DOCUME~1\tiphaine\APPLIC~1\NCH Swift Sound
[27/08/2008|13:52] C:\DOCUME~1\tiphaine\APPLIC~1\OpenOffice.org2
[08/05/2006|19:26] C:\DOCUME~1\tiphaine\APPLIC~1\Regs 16
[23/02/2007|22:21] C:\DOCUME~1\tiphaine\APPLIC~1\Skype
[16/08/2005|13:37] C:\DOCUME~1\tiphaine\APPLIC~1\Sun
[14/08/2005|15:18] C:\DOCUME~1\tiphaine\APPLIC~1\Talkback
[02/04/2007|16:19] C:\DOCUME~1\tiphaine\APPLIC~1\vlc
[06/07/2008|15:54] C:\DOCUME~1\tiphaine\APPLIC~1\Vso
[06/07/2008|15:52] C:\DOCUME~1\tiphaine\APPLIC~1\VSO_HWE
[14/12/2007|19:40] C:\DOCUME~1\tiphaine\APPLIC~1\WTablet

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[27/08/2008 16:38][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[29/08/2008 19:00][--ah-----] C:\WINDOWS\tasks\F24E101B90DDFAE7.job
[29/08/2008 19:00][--ah-----] C:\WINDOWS\tasks\8766042391D9DE33.job
[29/08/2008 19:00][--ah-----] C:\WINDOWS\tasks\AEBB77B49184F480.job
[29/08/2008 18:09][--ah-----] C:\WINDOWS\tasks\SA.DAT
[24/04/2003 14:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

( 8766042391D9DE33.job )=( c:\docume~1\laurent\applic~1\ballon~1\REFSIGNLONG.exe )
( AEBB77B49184F480.job )=( c:\docume~1\gael\applic~1\ballon~1\REFSIGNLONG.exe )
( F24E101B90DDFAE7.job )=( c:\docume~1\tiphaine\applic~1\ballon~1\REFSIGNLONG.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[09/07/2008|16:57] C:\Program Files\Adobe
[08/05/2006|19:33] C:\Program Files\Adverts
[09/10/2005|16:14] C:\Program Files\Agelong Tree
[19/12/2005|16:46] C:\Program Files\Ahead
[11/08/2008|17:23] C:\Program Files\Apple Software Update
[23/05/2008|15:23] C:\Program Files\AVSMedia
[02/04/2007|21:25] C:\Program Files\Axon Data
[23/03/2006|17:49] C:\Program Files\Ballonelies
[02/11/2007|13:30] C:\Program Files\Belkin
[25/07/2008|11:41] C:\Program Files\Bonjour
[29/08/2007|22:35] C:\Program Files\Boonty
[21/05/2005|18:17] C:\Program Files\C-Media 3D Audio
[16/12/2007|16:41] C:\Program Files\Common Files
[22/09/2007|17:56] C:\Program Files\Corel
[12/03/2006|12:56] C:\Program Files\Cyanide
[21/05/2005|18:23] C:\Program Files\CyberLink
[15/05/2006|10:49] C:\Program Files\DIFX
[04/01/2006|11:48] C:\Program Files\directx
[13/01/2008|14:55] C:\Program Files\DivX
[31/10/2007|21:00] C:\Program Files\EasyStudio II 1.0
[18/08/2005|19:03] C:\Program Files\e-Carte Bleue
[20/03/2008|18:17] C:\Program Files\e-Carte Bleue La Banque Postale
[04/11/2006|17:31] C:\Program Files\Eidos Interactive
[28/08/2008|12:22] C:\Program Files\Enigma Software Group
[16/12/2007|15:59] C:\Program Files\EuroSat
[07/12/2007|14:59] C:\Program Files\Extrafilm FotoFacil
[29/08/2008|16:54] C:\Program Files\Fichiers communs
[21/09/2005|14:15] C:\Program Files\Firefox Setup 1.0.7.exe
[30/08/2005|10:13] C:\Program Files\Foreignword
[26/06/2008|10:19] C:\Program Files\Free
[21/05/2005|18:48] C:\Program Files\Free.fr
[03/07/2005|15:21] C:\Program Files\gomysoft
[03/08/2008|16:24] C:\Program Files\Google
[18/08/2007|17:38] C:\Program Files\Hewlett-Packard
[21/05/2005|18:24] C:\Program Files\Home Cinema
[18/08/2007|17:44] C:\Program Files\HP
[18/08/2007|17:18] C:\Program Files\HP C5180
[20/06/2005|09:38] C:\Program Files\Illustrate
[17/09/2007|22:14] C:\Program Files\INFORAD
[17/09/2007|22:14] C:\Program Files\INFORAD_DRIVERS
[07/06/2008|17:03] C:\Program Files\InstallShield Installation Information
[13/08/2008|22:45] C:\Program Files\Internet Explorer
[03/08/2008|12:46] C:\Program Files\iPod
[27/08/2008|18:48] C:\Program Files\Jargon Informatique
[28/08/2005|15:58] C:\Program Files\Jasc Software Inc
[09/08/2008|12:02] C:\Program Files\Java
[10/12/2007|21:42] C:\Program Files\JustWrite Office
[08/03/2006|16:48] C:\Program Files\Lavasoft
[11/04/2006|21:08] C:\Program Files\Logitech
[13/06/2005|16:05] C:\Program Files\Maxis
[19/08/2007|19:37] C:\Program Files\Media Access
[24/02/2007|19:09] C:\Program Files\MermozDB
[21/05/2005|17:37] C:\Program Files\microsoft frontpage
[11/06/2008|21:04] C:\Program Files\Microsoft Games
[13/12/2007|19:56] C:\Program Files\Microsoft Office
[05/12/2007|21:03] C:\Program Files\Movie Maker
[28/08/2008|16:13] C:\Program Files\Mozilla Firefox
[21/05/2005|17:35] C:\Program Files\MSN Gaming Zone
[11/04/2008|18:20] C:\Program Files\MSN Messenger
[18/11/2006|13:02] C:\Program Files\MSXML 4.0
[04/01/2006|19:11] C:\Program Files\Musicmatch
[03/04/2006|22:25] C:\Program Files\MySQL
[16/12/2007|19:26] C:\Program Files\NCH Swift Sound
[27/08/2008|19:25] C:\Program Files\NetMeeting
[23/11/2006|21:16] C:\Program Files\Notepad2
[17/08/2005|13:20] C:\Program Files\NovaLogic
[23/11/2006|20:46] C:\Program Files\Olympus
[27/03/2006|12:08] C:\Program Files\Ontrack
[27/08/2008|19:26] C:\Program Files\OpenOffice.org 2.1
[04/01/2006|12:19] C:\Program Files\ORB Networks
[05/12/2007|20:56] C:\Program Files\Outlook Express
[03/09/2006|18:02] C:\Program Files\PAN vision
[01/06/2008|00:26] C:\Program Files\PestPatrol
[27/08/2008|19:27] C:\Program Files\PhotoFiltre
[03/06/2007|10:38] C:\Program Files\PrintMaster
[28/11/2005|19:57] C:\Program Files\Prolific
[18/03/2007|15:29] C:\Program Files\QuickTime
[11/04/2006|21:08] C:\Program Files\Real
[26/08/2006|15:45] C:\Program Files\Remote Task Manager
[28/08/2008|23:34] C:\Program Files\RevoUninstaller
[10/11/2005|21:18] C:\Program Files\River Past
[28/08/2008|21:42] C:\Program Files\RogueRemover FREE
[25/07/2008|11:27] C:\Program Files\Safari
[10/12/2005|18:40] C:\Program Files\Satsuki Decoder Pack
[27/11/2005|19:29] C:\Program Files\Serif
[21/05/2005|17:36] C:\Program Files\Services en ligne
[03/06/2007|10:35] C:\Program Files\SHARED
[26/08/2006|00:01] C:\Program Files\SiSoftware
[21/05/2005|18:55] C:\Program Files\Softwin
[28/08/2008|12:23] C:\Program Files\songbird
[26/08/2006|15:33] C:\Program Files\Synergy
[11/12/2007|19:30] C:\Program Files\Tablet
[29/08/2008|15:13] C:\Program Files\Trend Micro
[10/12/2006|16:31] C:\Program Files\Ubisoft
[11/02/2006|20:59] C:\Program Files\Uninstall Information
[05/11/2001|10:30] C:\Program Files\UNWISE.EXE
[28/08/2008|23:34] C:\Program Files\VS Revo Group
[16/01/2007|19:00] C:\Program Files\vso
[29/09/2006|17:13] C:\Program Files\VVSN
[16/11/2006|20:27] C:\Program Files\Web Publish
[28/06/2005|11:44] C:\Program Files\Windows Journal Viewer
[01/03/2008|14:48] C:\Program Files\Windows Live
[21/05/2005|18:35] C:\Program Files\Windows Media Components
[21/01/2007|15:29] C:\Program Files\Windows Media Connect 2
[06/12/2007|19:14] C:\Program Files\Windows Media Player
[05/12/2007|20:49] C:\Program Files\Windows NT
[05/12/2007|21:03] C:\Program Files\WinOSX
[27/08/2008|19:30] C:\Program Files\WinRAR
[26/08/2006|15:36] C:\Program Files\Winsos-Connect
[21/05/2005|18:23] C:\Program Files\X10 Hardware
[21/05/2005|17:37] C:\Program Files\xerox
[21/05/2005|18:02] C:\Program Files\XviD
[03/07/2005|19:25] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[19/09/2006|20:47] C:\Program Files\Fichiers communs\ACD Systems
[23/06/2008|14:57] C:\Program Files\Fichiers communs\Adobe
[19/12/2005|16:46] C:\Program Files\Fichiers communs\Ahead
[01/07/2007|10:39] C:\Program Files\Fichiers communs\Apple
[23/05/2008|15:24] C:\Program Files\Fichiers communs\AVSMedia
[28/09/2006|21:03] C:\Program Files\Fichiers communs\click2learn
[01/05/2008|13:56] C:\Program Files\Fichiers communs\Designer
[20/08/2005|14:42] C:\Program Files\Fichiers communs\DirectX
[11/04/2006|21:08] C:\Program Files\Fichiers communs\FotoWire
[18/08/2007|17:37] C:\Program Files\Fichiers communs\Hewlett-Packard
[18/08/2007|17:41] C:\Program Files\Fichiers communs\HP
[28/08/2005|15:54] C:\Program Files\Fichiers communs\InstallShield
[11/07/2005|22:53] C:\Program Files\Fichiers communs\Java
[21/05/2005|18:37] C:\Program Files\Fichiers communs\Logitech
[23/06/2008|14:40] C:\Program Files\Fichiers communs\Macrovision Shared
[02/03/2008|17:03] C:\Program Files\Fichiers communs\Microsoft Shared
[21/05/2005|17:35] C:\Program Files\Fichiers communs\MSSoap
[14/12/2005|13:28] C:\Program Files\Fichiers communs\ODBC
[11/04/2006|21:08] C:\Program Files\Fichiers communs\Real
[10/11/2005|21:18] C:\Program Files\Fichiers communs\River Past
[21/05/2005|17:36] C:\Program Files\Fichiers communs\Services
[21/05/2005|18:54] C:\Program Files\Fichiers communs\Softwin
[18/08/2007|17:42] C:\Program Files\Fichiers communs\Sonic Shared
[21/05/2005|18:31] C:\Program Files\Fichiers communs\SpeechEngines
[05/12/2007|20:55] C:\Program Files\Fichiers communs\System
[16/03/2006|18:42] C:\Program Files\Fichiers communs\Vbox
[01/03/2008|14:48] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 44 Processus )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\Gael\APPLIC~1\ballon~1
C:\DOCUME~1\Laurent\APPLIC~1\ballon~1
C:\DOCUME~1\tiphaine\APPLIC~1\ballon~1
C:\Program Files\ballon~1
C:\WINDOWS\system32\drivers\etc\hosts.alu
C:\WINDOWS\system32\drivers\etc\hosts.ics
C:\WINDOWS\system32\drivers\etc\hosts.lvv
C:\WINDOWS\system32\drivers\etc\hosts.owu
C:\Program Files\Adverts
C:\WINDOWS\Tasks\8766042391D9DE33.job
C:\WINDOWS\Tasks\AEBB77B49184F480.job
C:\WINDOWS\Tasks\F24E101B90DDFAE7.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toolless"="C:\\DOCUME~1\\Laurent\\APPLIC~1\\BALLON~1\\Idle Plan.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 19:02:39
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Laurent\Application Data\Azureus\torrents\Windows_XP_SP2_Keygen___Key_Changer___Windows_Genuine_Validation-Fenopy.com.torrent
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\1) Keygen
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\2) Key Changer
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\3) Windows Genuine Validation
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\1) Keygen\info.txt
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\1) Keygen\keygen.exe
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\2) Key Changer\XPPID.exe
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\3) Windows Genuine Validation\WGA.exe


[F:2][D:3]-> C:\DOCUME~1\Laurent\LOCALS~1\Temp
[F:1][D:0]-> C:\DOCUME~1\Laurent\Cookies
[F:6][D:4]-> C:\DOCUME~1\Laurent\LOCALS~1\TEMPOR~1\content.IE5

--------------------\\ Fin du rapport a 19:05:50
0
Réponse 69 / 119
Utilisateur anonyme
29 août 2008 à 19:18
Relance Lop S&D


* Choisis cette fois ci l'Option 2 (Suppression)
* Ne ferme pas la fenêtre lors de la suppression !
* Poste le rapport généré (C:\lopR.txt)

0
Réponse 70 / 119
gael31390 Messages postés 719 Date d'inscription lundi 2 avril 2007 Statut Membre Dernière intervention 2 avril 2011 75
29 août 2008 à 19:25
le rapport que voici :



--------------------\\ Lop S&D 4.2.3-6 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 3000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Laurent ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 080826-0] 4.8.1229 (Activated)

"C:\Lop SD" ( MAJ : 27-08-2008|22:40 )
Option : [2] ( 29/08/2008|19:19 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\WINDOWS\system32\drivers\etc\hosts.alu
Supprime! - C:\WINDOWS\system32\drivers\etc\hosts.ics
Supprime! - C:\WINDOWS\system32\drivers\etc\hosts.lvv
Supprime! - C:\WINDOWS\system32\drivers\etc\hosts.owu
Supprime! - C:\WINDOWS\Tasks\8766042391D9DE33.job
Supprime! - C:\WINDOWS\Tasks\AEBB77B49184F480.job
Supprime! - C:\WINDOWS\Tasks\F24E101B90DDFAE7.job
Supprime! - C:\DOCUME~1\Gael\APPLIC~1\ballon~1
Supprime! - C:\DOCUME~1\Laurent\APPLIC~1\ballon~1
Supprime! - C:\DOCUME~1\tiphaine\APPLIC~1\ballon~1
Supprime! - C:\Program Files\ballon~1
Supprime! - C:\Program Files\Adverts
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[05/11/2007|20:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\Corel
[21/05/2005|18:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[28/08/2008|22:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
[05/11/2007|21:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[28/08/2008|12:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla

[13/05/2007|12:22] C:\DOCUME~1\akaya\APPLIC~1\$_hpcst$.hpc
[09/01/2008|15:29] C:\DOCUME~1\akaya\APPLIC~1\Adobe
[29/11/2006|00:12] C:\DOCUME~1\akaya\APPLIC~1\AdobeUM
[09/01/2007|18:07] C:\DOCUME~1\akaya\APPLIC~1\Ahead
[29/12/2007|19:49] C:\DOCUME~1\akaya\APPLIC~1\Apple Computer
[03/10/2007|10:38] C:\DOCUME~1\akaya\APPLIC~1\Corel
[21/05/2005|18:31] C:\DOCUME~1\akaya\APPLIC~1\desktop.ini
[06/12/2007|21:41] C:\DOCUME~1\akaya\APPLIC~1\EFF
[22/10/2007|18:42] C:\DOCUME~1\akaya\APPLIC~1\GDIPFONTCACHEV1.DAT
[20/08/2007|21:28] C:\DOCUME~1\akaya\APPLIC~1\HP
[16/11/2006|20:27] C:\DOCUME~1\akaya\APPLIC~1\Identities
[11/12/2007|11:14] C:\DOCUME~1\akaya\APPLIC~1\JustWrite Office
[11/02/2007|17:25] C:\DOCUME~1\akaya\APPLIC~1\Leadertech
[18/11/2006|14:15] C:\DOCUME~1\akaya\APPLIC~1\Macromedia
[26/11/2007|10:43] C:\DOCUME~1\akaya\APPLIC~1\Media Player Classic
[16/06/2007|18:19] C:\DOCUME~1\akaya\APPLIC~1\Microsoft
[18/11/2006|14:13] C:\DOCUME~1\akaya\APPLIC~1\Mozilla
[06/06/2008|13:53] C:\DOCUME~1\akaya\APPLIC~1\OpenOffice.org2
[20/12/2006|20:02] C:\DOCUME~1\akaya\APPLIC~1\Sun
[18/11/2006|14:13] C:\DOCUME~1\akaya\APPLIC~1\Talkback
[26/12/2006|22:35] C:\DOCUME~1\akaya\APPLIC~1\vlc
[13/12/2007|23:08] C:\DOCUME~1\akaya\APPLIC~1\WTablet

[16/01/2006|21:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{7F8108F6-359E-4BA7-8C2C-E52196483C9C}
[19/03/2008|21:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[19/09/2007|20:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[01/07/2007|10:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[25/12/2006|16:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[27/08/2008|13:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[08/05/2006|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bike ace list meow
[11/09/2005|17:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[21/05/2005|18:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[21/05/2005|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[23/06/2008|15:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[18/08/2007|17:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[17/04/2008|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
[28/08/2005|15:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[05/07/2005|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[28/08/2008|16:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[13/10/2005|15:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[29/02/2008|22:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[21/05/2005|21:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[16/12/2007|19:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
[21/05/2005|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[04/01/2006|21:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OrbNetworks
[03/09/2007|12:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[10/11/2005|21:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\River Past G4
[15/02/2006|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[01/08/2008|16:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SongbirdVLC
[18/08/2007|17:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[08/12/2007|21:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[27/07/2007|14:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WhiteCap (Holiday Edition)
[22/07/2006|21:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[01/03/2008|14:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[21/05/2005|18:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[01/12/2007|00:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[13/04/2007|22:41] C:\DOCUME~1\Gael\APPLIC~1\$_hpcst$.hpc
[19/09/2006|20:40] C:\DOCUME~1\Gael\APPLIC~1\ACD Systems
[09/10/2005|16:20] C:\DOCUME~1\Gael\APPLIC~1\AchrafCherti
[05/12/2007|20:42] C:\DOCUME~1\Gael\APPLIC~1\Address Book
[23/06/2008|21:03] C:\DOCUME~1\Gael\APPLIC~1\Adobe
[13/07/2006|17:22] C:\DOCUME~1\Gael\APPLIC~1\AdobeUM
[06/08/2005|19:41] C:\DOCUME~1\Gael\APPLIC~1\Ahead
[19/05/2008|17:02] C:\DOCUME~1\Gael\APPLIC~1\Apple Computer
[13/04/2007|23:00] C:\DOCUME~1\Gael\APPLIC~1\Arcsoft
[17/08/2007|15:31] C:\DOCUME~1\Gael\APPLIC~1\Atari
[23/05/2008|15:24] C:\DOCUME~1\Gael\APPLIC~1\AVSMedia
[30/07/2008|22:33] C:\DOCUME~1\Gael\APPLIC~1\Azureus
[04/06/2008|14:15] C:\DOCUME~1\Gael\APPLIC~1\Blender Foundation
[01/11/2006|16:15] C:\DOCUME~1\Gael\APPLIC~1\Camfrog
[22/09/2007|16:39] C:\DOCUME~1\Gael\APPLIC~1\Corel
[24/05/2005|19:45] C:\DOCUME~1\Gael\APPLIC~1\Cyberlink
[23/03/2008|22:10] C:\DOCUME~1\Gael\APPLIC~1\DAEMON Tools
[19/02/2008|16:59] C:\DOCUME~1\Gael\APPLIC~1\DeepBurner
[12/03/2006|18:01] C:\DOCUME~1\Gael\APPLIC~1\Desktop Sidebar
[21/05/2005|18:31] C:\DOCUME~1\Gael\APPLIC~1\desktop.ini
[02/02/2008|19:29] C:\DOCUME~1\Gael\APPLIC~1\Dev-Cpp
[05/12/2007|20:24] C:\DOCUME~1\Gael\APPLIC~1\Finder Bar
[11/04/2006|21:08] C:\DOCUME~1\Gael\APPLIC~1\FotoWire
[22/04/2008|19:51] C:\DOCUME~1\Gael\APPLIC~1\GDIPFONTCACHEV1.DAT
[22/01/2008|21:57] C:\DOCUME~1\Gael\APPLIC~1\GetRightToGo
[03/08/2008|16:25] C:\DOCUME~1\Gael\APPLIC~1\Google
[22/09/2005|19:30] C:\DOCUME~1\Gael\APPLIC~1\Grisbi
[07/02/2008|20:56] C:\DOCUME~1\Gael\APPLIC~1\gtk-2.0
[03/07/2005|16:11] C:\DOCUME~1\Gael\APPLIC~1\Help
[18/08/2007|18:34] C:\DOCUME~1\Gael\APPLIC~1\HP
[09/04/2007|01:08] C:\DOCUME~1\Gael\APPLIC~1\Identities
[19/04/2008|13:15] C:\DOCUME~1\Gael\APPLIC~1\JustWrite Office
[08/05/2006|19:03] C:\DOCUME~1\Gael\APPLIC~1\Lavasoft
[19/09/2006|20:43] C:\DOCUME~1\Gael\APPLIC~1\Leadertech
[21/05/2005|20:46] C:\DOCUME~1\Gael\APPLIC~1\Macromedia
[30/05/2005|13:10] C:\DOCUME~1\Gael\APPLIC~1\Media Player Classic
[10/12/2007|21:42] C:\DOCUME~1\Gael\APPLIC~1\Microsoft
[21/05/2005|20:43] C:\DOCUME~1\Gael\APPLIC~1\Mozilla
[19/08/2005|00:21] C:\DOCUME~1\Gael\APPLIC~1\MSN6
[23/01/2006|21:27] C:\DOCUME~1\Gael\APPLIC~1\Nvu
[25/08/2008|18:38] C:\DOCUME~1\Gael\APPLIC~1\OpenOffice.org2
[22/12/2007|16:58] C:\DOCUME~1\Gael\APPLIC~1\OtakuSoftware
[03/06/2008|12:11] C:\DOCUME~1\Gael\APPLIC~1\PnkBstrK.sys
[18/06/2005|22:09] C:\DOCUME~1\Gael\APPLIC~1\Real
[08/05/2006|19:21] C:\DOCUME~1\Gael\APPLIC~1\Regs 16
[10/11/2005|21:19] C:\DOCUME~1\Gael\APPLIC~1\River Past G4
[09/10/2005|15:53] C:\DOCUME~1\Gael\APPLIC~1\RobotProgPrefs
[15/03/2007|21:30] C:\DOCUME~1\Gael\APPLIC~1\Screenshot Sender
[12/12/2005|18:32] C:\DOCUME~1\Gael\APPLIC~1\Seven Zip
[06/06/2008|21:21] C:\DOCUME~1\Gael\APPLIC~1\Skype
[09/10/2005|15:59] C:\DOCUME~1\Gael\APPLIC~1\Solve Elec Prefs
[04/07/2005|15:55] C:\DOCUME~1\Gael\APPLIC~1\Sun
[07/08/2005|13:25] C:\DOCUME~1\Gael\APPLIC~1\Talkback
[02/06/2007|13:36] C:\DOCUME~1\Gael\APPLIC~1\teamspeak2
[03/07/2008|14:25] C:\DOCUME~1\Gael\APPLIC~1\vlc
[03/07/2008|22:37] C:\DOCUME~1\Gael\APPLIC~1\Vso
[03/07/2008|22:36] C:\DOCUME~1\Gael\APPLIC~1\VSO_HWE
[15/08/2007|01:27] C:\DOCUME~1\Gael\APPLIC~1\Wallpaper
[27/08/2008|16:43] C:\DOCUME~1\Gael\APPLIC~1\WTablet

[18/04/2007|16:34] C:\DOCUME~1\Laurent\APPLIC~1\$_hpcst$.hpc
[25/06/2005|15:26] C:\DOCUME~1\Laurent\APPLIC~1\.bittorrent
[29/08/2008|11:10] C:\DOCUME~1\Laurent\APPLIC~1\Adobe
[16/01/2007|18:44] C:\DOCUME~1\Laurent\APPLIC~1\AdobeUM
[03/01/2007|20:01] C:\DOCUME~1\Laurent\APPLIC~1\Ahead
[22/08/2008|15:52] C:\DOCUME~1\Laurent\APPLIC~1\Apple Computer
[27/08/2008|13:52] C:\DOCUME~1\Laurent\APPLIC~1\Azureus
[31/10/2007|20:59] C:\DOCUME~1\Laurent\APPLIC~1\Corel
[26/09/2007|09:37] C:\DOCUME~1\Laurent\APPLIC~1\Cyberlink
[21/05/2005|18:31] C:\DOCUME~1\Laurent\APPLIC~1\desktop.ini
[05/12/2007|20:34] C:\DOCUME~1\Laurent\APPLIC~1\Finder Bar
[26/07/2008|20:32] C:\DOCUME~1\Laurent\APPLIC~1\GDIPFONTCACHEV1.DAT
[28/07/2007|14:04] C:\DOCUME~1\Laurent\APPLIC~1\Google
[02/06/2005|18:58] C:\DOCUME~1\Laurent\APPLIC~1\Help
[18/08/2007|17:44] C:\DOCUME~1\Laurent\APPLIC~1\HP
[21/05/2005|17:44] C:\DOCUME~1\Laurent\APPLIC~1\Identities
[21/05/2005|18:25] C:\DOCUME~1\Laurent\APPLIC~1\InterTrust
[28/08/2008|23:23] C:\DOCUME~1\Laurent\APPLIC~1\JustWrite Office
[08/03/2006|16:48] C:\DOCUME~1\Laurent\APPLIC~1\Lavasoft
[16/04/2008|14:55] C:\DOCUME~1\Laurent\APPLIC~1\Leadertech
[21/05/2005|19:43] C:\DOCUME~1\Laurent\APPLIC~1\Macromedia
[28/08/2008|16:13] C:\DOCUME~1\Laurent\APPLIC~1\Malwarebytes
[27/06/2005|19:31] C:\DOCUME~1\Laurent\APPLIC~1\Media Player Classic
[18/08/2007|17:29] C:\DOCUME~1\Laurent\APPLIC~1\Microsoft
[01/08/2008|16:40] C:\DOCUME~1\Laurent\APPLIC~1\Mozilla
[14/08/2005|13:19] C:\DOCUME~1\Laurent\APPLIC~1\MSN6
[28/08/2008|15:52] C:\DOCUME~1\Laurent\APPLIC~1\OpenOffice.org2
[17/03/2006|18:38] C:\DOCUME~1\Laurent\APPLIC~1\Real
[08/05/2006|19:24] C:\DOCUME~1\Laurent\APPLIC~1\Regs 16
[18/03/2007|15:23] C:\DOCUME~1\Laurent\APPLIC~1\Skype
[01/08/2008|16:40] C:\DOCUME~1\Laurent\APPLIC~1\Songbird2
[27/06/2005|20:57] C:\DOCUME~1\Laurent\APPLIC~1\Sun
[25/09/2005|18:26] C:\DOCUME~1\Laurent\APPLIC~1\Talkback
[01/04/2007|21:01] C:\DOCUME~1\Laurent\APPLIC~1\vlc
[11/12/2007|22:09] C:\DOCUME~1\Laurent\APPLIC~1\WTablet
[20/01/2006|17:36] C:\DOCUME~1\Laurent\APPLIC~1\Xfire

[21/01/2007|15:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[12/12/2007|20:17] C:\DOCUME~1\LOCALS~1\APPLIC~1\WTablet
[14/08/2005|16:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\X10 Commander

[01/07/2005|14:02] C:\DOCUME~1\NETWOR~1\APPLIC~1\Macromedia
[01/12/2007|00:47] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[14/04/2007|11:06] C:\DOCUME~1\tiphaine\APPLIC~1\$_hpcst$.hpc
[24/07/2008|20:41] C:\DOCUME~1\tiphaine\APPLIC~1\Adobe
[28/01/2006|18:00] C:\DOCUME~1\tiphaine\APPLIC~1\AdobeUM
[20/12/2005|13:28] C:\DOCUME~1\tiphaine\APPLIC~1\Ahead
[08/07/2008|22:50] C:\DOCUME~1\tiphaine\APPLIC~1\Apple Computer
[08/11/2007|20:44] C:\DOCUME~1\tiphaine\APPLIC~1\Corel
[21/05/2005|18:31] C:\DOCUME~1\tiphaine\APPLIC~1\desktop.ini
[13/04/2008|16:23] C:\DOCUME~1\tiphaine\APPLIC~1\GDIPFONTCACHEV1.DAT
[28/07/2007|14:04] C:\DOCUME~1\tiphaine\APPLIC~1\Google
[30/12/2007|22:06] C:\DOCUME~1\tiphaine\APPLIC~1\gtk-2.0
[19/08/2007|12:04] C:\DOCUME~1\tiphaine\APPLIC~1\HP
[14/08/2005|15:18] C:\DOCUME~1\tiphaine\APPLIC~1\Identities
[14/12/2007|19:42] C:\DOCUME~1\tiphaine\APPLIC~1\JustWrite Office
[18/09/2006|20:36] C:\DOCUME~1\tiphaine\APPLIC~1\Leadertech
[14/08/2005|15:26] C:\DOCUME~1\tiphaine\APPLIC~1\Macromedia
[16/08/2005|18:09] C:\DOCUME~1\tiphaine\APPLIC~1\Media Player Classic
[07/03/2008|20:16] C:\DOCUME~1\tiphaine\APPLIC~1\Microsoft
[14/08/2005|15:18] C:\DOCUME~1\tiphaine\APPLIC~1\Mozilla
[16/12/2007|19:23] C:\DOCUME~1\tiphaine\APPLIC~1\NCH Swift Sound
[27/08/2008|13:52] C:\DOCUME~1\tiphaine\APPLIC~1\OpenOffice.org2
[08/05/2006|19:26] C:\DOCUME~1\tiphaine\APPLIC~1\Regs 16
[23/02/2007|22:21] C:\DOCUME~1\tiphaine\APPLIC~1\Skype
[16/08/2005|13:37] C:\DOCUME~1\tiphaine\APPLIC~1\Sun
[14/08/2005|15:18] C:\DOCUME~1\tiphaine\APPLIC~1\Talkback
[02/04/2007|16:19] C:\DOCUME~1\tiphaine\APPLIC~1\vlc
[06/07/2008|15:54] C:\DOCUME~1\tiphaine\APPLIC~1\Vso
[06/07/2008|15:52] C:\DOCUME~1\tiphaine\APPLIC~1\VSO_HWE
[14/12/2007|19:40] C:\DOCUME~1\tiphaine\APPLIC~1\WTablet

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[27/08/2008 16:38][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[29/08/2008 18:09][--ah-----] C:\WINDOWS\tasks\SA.DAT
[24/04/2003 14:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[09/07/2008|16:57] C:\Program Files\Adobe
[09/10/2005|16:14] C:\Program Files\Agelong Tree
[19/12/2005|16:46] C:\Program Files\Ahead
[11/08/2008|17:23] C:\Program Files\Apple Software Update
[23/05/2008|15:23] C:\Program Files\AVSMedia
[02/04/2007|21:25] C:\Program Files\Axon Data
[02/11/2007|13:30] C:\Program Files\Belkin
[25/07/2008|11:41] C:\Program Files\Bonjour
[29/08/2007|22:35] C:\Program Files\Boonty
[21/05/2005|18:17] C:\Program Files\C-Media 3D Audio
[16/12/2007|16:41] C:\Program Files\Common Files
[22/09/2007|17:56] C:\Program Files\Corel
[12/03/2006|12:56] C:\Program Files\Cyanide
[21/05/2005|18:23] C:\Program Files\CyberLink
[15/05/2006|10:49] C:\Program Files\DIFX
[04/01/2006|11:48] C:\Program Files\directx
[13/01/2008|14:55] C:\Program Files\DivX
[31/10/2007|21:00] C:\Program Files\EasyStudio II 1.0
[18/08/2005|19:03] C:\Program Files\e-Carte Bleue
[20/03/2008|18:17] C:\Program Files\e-Carte Bleue La Banque Postale
[04/11/2006|17:31] C:\Program Files\Eidos Interactive
[28/08/2008|12:22] C:\Program Files\Enigma Software Group
[16/12/2007|15:59] C:\Program Files\EuroSat
[07/12/2007|14:59] C:\Program Files\Extrafilm FotoFacil
[29/08/2008|16:54] C:\Program Files\Fichiers communs
[21/09/2005|14:15] C:\Program Files\Firefox Setup 1.0.7.exe
[30/08/2005|10:13] C:\Program Files\Foreignword
[26/06/2008|10:19] C:\Program Files\Free
[21/05/2005|18:48] C:\Program Files\Free.fr
[03/07/2005|15:21] C:\Program Files\gomysoft
[03/08/2008|16:24] C:\Program Files\Google
[18/08/2007|17:38] C:\Program Files\Hewlett-Packard
[21/05/2005|18:24] C:\Program Files\Home Cinema
[18/08/2007|17:44] C:\Program Files\HP
[18/08/2007|17:18] C:\Program Files\HP C5180
[20/06/2005|09:38] C:\Program Files\Illustrate
[17/09/2007|22:14] C:\Program Files\INFORAD
[17/09/2007|22:14] C:\Program Files\INFORAD_DRIVERS
[07/06/2008|17:03] C:\Program Files\InstallShield Installation Information
[13/08/2008|22:45] C:\Program Files\Internet Explorer
[03/08/2008|12:46] C:\Program Files\iPod
[27/08/2008|18:48] C:\Program Files\Jargon Informatique
[28/08/2005|15:58] C:\Program Files\Jasc Software Inc
[09/08/2008|12:02] C:\Program Files\Java
[10/12/2007|21:42] C:\Program Files\JustWrite Office
[08/03/2006|16:48] C:\Program Files\Lavasoft
[11/04/2006|21:08] C:\Program Files\Logitech
[13/06/2005|16:05] C:\Program Files\Maxis
[19/08/2007|19:37] C:\Program Files\Media Access
[24/02/2007|19:09] C:\Program Files\MermozDB
[21/05/2005|17:37] C:\Program Files\microsoft frontpage
[11/06/2008|21:04] C:\Program Files\Microsoft Games
[13/12/2007|19:56] C:\Program Files\Microsoft Office
[05/12/2007|21:03] C:\Program Files\Movie Maker
[28/08/2008|16:13] C:\Program Files\Mozilla Firefox
[21/05/2005|17:35] C:\Program Files\MSN Gaming Zone
[11/04/2008|18:20] C:\Program Files\MSN Messenger
[18/11/2006|13:02] C:\Program Files\MSXML 4.0
[04/01/2006|19:11] C:\Program Files\Musicmatch
[03/04/2006|22:25] C:\Program Files\MySQL
[16/12/2007|19:26] C:\Program Files\NCH Swift Sound
[27/08/2008|19:25] C:\Program Files\NetMeeting
[23/11/2006|21:16] C:\Program Files\Notepad2
[17/08/2005|13:20] C:\Program Files\NovaLogic
[23/11/2006|20:46] C:\Program Files\Olympus
[27/03/2006|12:08] C:\Program Files\Ontrack
[27/08/2008|19:26] C:\Program Files\OpenOffice.org 2.1
[04/01/2006|12:19] C:\Program Files\ORB Networks
[05/12/2007|20:56] C:\Program Files\Outlook Express
[03/09/2006|18:02] C:\Program Files\PAN vision
[01/06/2008|00:26] C:\Program Files\PestPatrol
[27/08/2008|19:27] C:\Program Files\PhotoFiltre
[03/06/2007|10:38] C:\Program Files\PrintMaster
[28/11/2005|19:57] C:\Program Files\Prolific
[18/03/2007|15:29] C:\Program Files\QuickTime
[11/04/2006|21:08] C:\Program Files\Real
[26/08/2006|15:45] C:\Program Files\Remote Task Manager
[28/08/2008|23:34] C:\Program Files\RevoUninstaller
[10/11/2005|21:18] C:\Program Files\River Past
[28/08/2008|21:42] C:\Program Files\RogueRemover FREE
[25/07/2008|11:27] C:\Program Files\Safari
[10/12/2005|18:40] C:\Program Files\Satsuki Decoder Pack
[27/11/2005|19:29] C:\Program Files\Serif
[21/05/2005|17:36] C:\Program Files\Services en ligne
[03/06/2007|10:35] C:\Program Files\SHARED
[26/08/2006|00:01] C:\Program Files\SiSoftware
[21/05/2005|18:55] C:\Program Files\Softwin
[28/08/2008|12:23] C:\Program Files\songbird
[26/08/2006|15:33] C:\Program Files\Synergy
[11/12/2007|19:30] C:\Program Files\Tablet
[29/08/2008|15:13] C:\Program Files\Trend Micro
[10/12/2006|16:31] C:\Program Files\Ubisoft
[11/02/2006|20:59] C:\Program Files\Uninstall Information
[05/11/2001|10:30] C:\Program Files\UNWISE.EXE
[28/08/2008|23:34] C:\Program Files\VS Revo Group
[16/01/2007|19:00] C:\Program Files\vso
[29/09/2006|17:13] C:\Program Files\VVSN
[16/11/2006|20:27] C:\Program Files\Web Publish
[28/06/2005|11:44] C:\Program Files\Windows Journal Viewer
[01/03/2008|14:48] C:\Program Files\Windows Live
[21/05/2005|18:35] C:\Program Files\Windows Media Components
[21/01/2007|15:29] C:\Program Files\Windows Media Connect 2
[06/12/2007|19:14] C:\Program Files\Windows Media Player
[05/12/2007|20:49] C:\Program Files\Windows NT
[05/12/2007|21:03] C:\Program Files\WinOSX
[27/08/2008|19:30] C:\Program Files\WinRAR
[26/08/2006|15:36] C:\Program Files\Winsos-Connect
[21/05/2005|18:23] C:\Program Files\X10 Hardware
[21/05/2005|17:37] C:\Program Files\xerox
[21/05/2005|18:02] C:\Program Files\XviD
[03/07/2005|19:25] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[19/09/2006|20:47] C:\Program Files\Fichiers communs\ACD Systems
[23/06/2008|14:57] C:\Program Files\Fichiers communs\Adobe
[19/12/2005|16:46] C:\Program Files\Fichiers communs\Ahead
[01/07/2007|10:39] C:\Program Files\Fichiers communs\Apple
[23/05/2008|15:24] C:\Program Files\Fichiers communs\AVSMedia
[28/09/2006|21:03] C:\Program Files\Fichiers communs\click2learn
[01/05/2008|13:56] C:\Program Files\Fichiers communs\Designer
[20/08/2005|14:42] C:\Program Files\Fichiers communs\DirectX
[11/04/2006|21:08] C:\Program Files\Fichiers communs\FotoWire
[18/08/2007|17:37] C:\Program Files\Fichiers communs\Hewlett-Packard
[18/08/2007|17:41] C:\Program Files\Fichiers communs\HP
[28/08/2005|15:54] C:\Program Files\Fichiers communs\InstallShield
[11/07/2005|22:53] C:\Program Files\Fichiers communs\Java
[21/05/2005|18:37] C:\Program Files\Fichiers communs\Logitech
[23/06/2008|14:40] C:\Program Files\Fichiers communs\Macrovision Shared
[02/03/2008|17:03] C:\Program Files\Fichiers communs\Microsoft Shared
[21/05/2005|17:35] C:\Program Files\Fichiers communs\MSSoap
[14/12/2005|13:28] C:\Program Files\Fichiers communs\ODBC
[11/04/2006|21:08] C:\Program Files\Fichiers communs\Real
[10/11/2005|21:18] C:\Program Files\Fichiers communs\River Past
[21/05/2005|17:36] C:\Program Files\Fichiers communs\Services
[21/05/2005|18:54] C:\Program Files\Fichiers communs\Softwin
[18/08/2007|17:42] C:\Program Files\Fichiers communs\Sonic Shared
[21/05/2005|18:31] C:\Program Files\Fichiers communs\SpeechEngines
[05/12/2007|20:55] C:\Program Files\Fichiers communs\System
[16/03/2006|18:42] C:\Program Files\Fichiers communs\Vbox
[01/03/2008|14:48] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 44 Processus )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 19:20:51
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Laurent\Application Data\Azureus\torrents\Windows_XP_SP2_Keygen___Key_Changer___Windows_Genuine_Validation-Fenopy.com.torrent
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\1) Keygen
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\2) Key Changer
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\3) Windows Genuine Validation
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\1) Keygen\info.txt
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\1) Keygen\keygen.exe
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\2) Key Changer\XPPID.exe
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\3) Windows Genuine Validation\WGA.exe


[F:2][D:3]-> C:\DOCUME~1\Laurent\LOCALS~1\Temp
[F:1][D:0]-> C:\DOCUME~1\Laurent\Cookies
[F:6][D:4]-> C:\DOCUME~1\Laurent\LOCALS~1\TEMPOR~1\content.IE5

--------------------\\ Fin du rapport a 19:24:02
0
Réponse 71 / 119
Utilisateur anonyme
29 août 2008 à 19:28
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
Assure toi que la case Unregister Dll's and Ocx's soit bien cochée
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\DOCUME~1\Laurent\Application Data\Azureus\torrents\Windows_XP_SP2_Keygen___Key_Changer___Windows_Genuine_Validation-Fenopy.com.torrent
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\1) Keygen
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\2) Key Changer
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\3) Windows Genuine Validation
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\1) Keygen\info.txt
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\1) Keygen\keygen.exe
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\2) Key Changer\XPPID.exe
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\3) Windows Genuine Validation\WGA.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
0
Réponse 72 / 119
gael31390 Messages postés 719 Date d'inscription lundi 2 avril 2007 Statut Membre Dernière intervention 2 avril 2011 75
29 août 2008 à 19:36
Est - ce que ceci est le rapport ? car il été au format .log donc j'ai utilisé le bloc note pour l'ouvrir :

File/Folder C:\DOCUME~1\Laurent\Application Data\Azureus\torrents\Windows_XP_SP2_Keygen___Key_Changer___­Windows_Genuine_Validation-Fenopy.com.torrent not found.
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\3) Windows Genuine Validation moved successfully.
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\2) Key Changer moved successfully.
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\1) Keygen moved successfully.
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation moved successfully.
File/Folder C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\1) Keygen not found.
File/Folder C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\2) Key Changer not found.
File/Folder C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\3) Windows Genuine Validation not found.
File/Folder C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\1) Keygen\info.txt not found.
File/Folder C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\1) Keygen\keygen.exe not found.
File/Folder C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\2) Key Changer\XPPID.exe not found.
File/Folder C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\3) Windows Genuine Validation\WGA.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08292008_193126
0
Réponse 73 / 119
Utilisateur anonyme
29 août 2008 à 19:37
oui c est cela

on va faire un peux le menage des outils utilisé :

Télécharge ToolsCleaner sur ton bureau.
-->
ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
http://pc-system.fr/

# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
0
Réponse 74 / 119
gael31390 Messages postés 719 Date d'inscription lundi 2 avril 2007 Statut Membre Dernière intervention 2 avril 2011 75
29 août 2008 à 19:42
voilà :

-->- Recherche:

C:\Lop SD: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Lop SD: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
0
Réponse 75 / 119
Utilisateur anonyme
29 août 2008 à 20:21
toujours pas de connexion ??

Télécharge HijackThis ici :

-> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
-> ftp://ftp.commentcamarche.com/download/HJTInstall.exe

-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

-> Clique sur Install ensuite sur I Accept

-> Clique sur Do a scan system and save log file

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
0
Réponse 76 / 119
gael31390 Messages postés 719 Date d'inscription lundi 2 avril 2007 Statut Membre Dernière intervention 2 avril 2011 75
29 août 2008 à 20:28
le rapport hijackthis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:27:27, on 29/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Gael\Avast\aswUpdSv.exe
D:\Gael\Avast\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
D:\Gael\Avast\ashDisp.exe
C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Remote Task Manager\RTMService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
D:\Gael\Avast\ashMaiSv.exe
D:\Gael\Avast\ashWebSv.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tcljxzcrcdchtwqj.com/JKnJWJ0pGXmm9xCaSYkBIs5aZocM8hxewLc3zrOSsezohjvRhRLDXaK_HZ2vRg0P.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [avast!] D:\Gael\Avast\ashDisp.exe
O4 - HKLM\..\Run: [eCarteBleue-LP-P1] "C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe" /dontopenmycards
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SMKRun] C:\Program Files\JustWrite Office\ScreenMark.exe -i
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Gael\itunes\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Gael\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HKPHALKM] %systemroot%\HKPHALKM.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [_Windows] C:\WINDOWS\WinSecurity\services.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: e-Carte Bleue La Banque Postale.lnk = C:\Program Files\e-Carte Bleue La Banque Postale\ecbl-lbp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Gael\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Gael\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Gael\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Gael\Avast\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Task Manager service (RTM) - Unknown owner - C:\Program Files\Remote Task Manager\RTMService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 77 / 119
Utilisateur anonyme
29 août 2008 à 20:31
c est presque finit ...

apres on s occupe de la connection supprime tout les rapport combofix

et on le repasse stp

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe




-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
0
Réponse 78 / 119
gael31390 Messages postés 719 Date d'inscription lundi 2 avril 2007 Statut Membre Dernière intervention 2 avril 2011 75
29 août 2008 à 21:24
et hop :


ComboFix 08-08-29.01 - Laurent 2008-08-29 20:48:36.6 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.648 [GMT 2:00]
Endroit: C:\Documents and Settings\Laurent\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))))))))
.

2008-08-29 17:43 . 2008-08-29 17:43 <REP> d-------- C:\WINDOWS\ERUNT
2008-08-29 17:38 . 2008-08-29 18:23 <REP> d-------- C:\SDFix
2008-08-29 15:32 . 2008-08-29 15:42 <REP> d-------- C:\fixwareout
2008-08-28 23:34 . 2008-08-28 23:34 <REP> d-------- C:\Program Files\RevoUninstaller
2008-08-28 22:26 . 2008-08-28 22:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-08-28 21:43 . 2008-08-28 23:34 <REP> d-------- C:\Program Files\VS Revo Group
2008-08-28 21:42 . 2008-08-28 21:42 <REP> d-------- C:\Program Files\RogueRemover FREE
2008-08-28 16:13 . 2008-08-28 16:13 <REP> d-------- C:\Documents and Settings\Laurent\Application Data\Malwarebytes
2008-08-28 16:13 . 2008-08-28 16:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-28 12:49 . 2008-08-29 20:27 <REP> d-------- C:\Program Files\Trend Micro
2008-08-28 11:53 . 2008-08-28 12:22 <REP> d-------- C:\Program Files\Enigma Software Group
2008-08-27 13:02 . 2008-08-27 13:52 <REP> d-------- C:\Documents and Settings\Laurent\Application Data\Azureus
2008-08-27 13:02 . 2008-08-27 13:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-08-03 16:24 . 2008-08-03 16:24 <REP> d-------- C:\Program Files\Google
2008-08-03 12:46 . 2008-08-03 12:46 <REP> d-------- C:\Program Files\iPod
2008-08-01 16:40 . 2008-08-01 16:40 <REP> d-------- C:\Documents and Settings\Laurent\Application Data\Songbird2
2008-08-01 16:40 . 2008-08-01 16:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-08-01 16:35 . 2008-08-28 12:23 <REP> d-------- C:\Program Files\songbird

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 21:23 --------- d-----w C:\Documents and Settings\Laurent\Application Data\JustWrite Office
2008-08-28 13:52 --------- d-----w C:\Documents and Settings\Laurent\Application Data\OpenOffice.org2
2008-08-27 17:27 --------- d-----w C:\Program Files\PhotoFiltre
2008-08-27 17:26 --------- d-----w C:\Program Files\OpenOffice.org 2.1
2008-08-27 16:48 --------- d-----w C:\Program Files\Jargon Informatique
2008-08-27 14:43 --------- d-----w C:\Documents and Settings\Gael\Application Data\WTablet
2008-08-27 11:52 --------- d-----w C:\Documents and Settings\tiphaine\Application Data\OpenOffice.org2
2008-08-25 16:38 --------- d-----w C:\Documents and Settings\Gael\Application Data\OpenOffice.org2
2008-08-22 13:52 --------- d-----w C:\Documents and Settings\Laurent\Application Data\Apple Computer
2008-08-16 13:07 137,968 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-16 13:02 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-08-11 15:23 --------- d-----w C:\Program Files\Apple Software Update
2008-08-09 10:02 --------- d-----w C:\Program Files\Java
2008-07-30 20:33 --------- d-----w C:\Documents and Settings\Gael\Application Data\Azureus
2008-07-26 18:32 79,608 ----a-w C:\Documents and Settings\Laurent\Application Data\GDIPFONTCACHEV1.DAT
2008-07-25 09:41 --------- d-----w C:\Program Files\Bonjour
2008-07-25 09:27 --------- d-----w C:\Program Files\Safari
2008-07-08 20:50 --------- d-----w C:\Documents and Settings\tiphaine\Application Data\Apple Computer
2008-07-07 18:53 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\WTablet
2008-07-06 13:54 --------- d-----w C:\Documents and Settings\tiphaine\Application Data\Vso
2008-07-06 13:52 --------- d-----w C:\Documents and Settings\tiphaine\Application Data\VSO_HWE
2008-07-03 20:37 --------- d-----w C:\Documents and Settings\Gael\Application Data\Vso
2008-07-03 20:36 --------- d-----w C:\Documents and Settings\Gael\Application Data\VSO_HWE
2008-07-03 12:25 --------- d-----w C:\Documents and Settings\Gael\Application Data\vlc
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-06 13:52 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-06-03 10:11 22,328 ----a-w C:\Documents and Settings\Gael\Application Data\PnkBstrK.sys
2008-04-22 17:51 81,568 ----a-w C:\Documents and Settings\Gael\Application Data\GDIPFONTCACHEV1.DAT
2008-04-13 14:23 81,568 ----a-w C:\Documents and Settings\tiphaine\Application Data\GDIPFONTCACHEV1.DAT
2007-10-22 16:42 76,304 ----a-w C:\Documents and Settings\akaya\Application Data\GDIPFONTCACHEV1.DAT
2006-05-21 08:22 31 -c--a-w C:\Documents and Settings\Laurent\getfile.dat
2006-05-19 19:08 31 -c--a-w C:\Documents and Settings\Gael\getfile.dat
2006-05-18 15:02 31 ----a-w C:\Documents and Settings\tiphaine\getfile.dat
2005-09-21 12:15 5,123,424 -c--a-w C:\Program Files\Firefox Setup 1.0.7.exe
2001-11-23 11:08 712,704 -c--a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2001-11-05 08:30 173,056 -c----w C:\Program Files\UNWISE.EXE
2006-06-05 05:48 614,400 ----a-w C:\Program Files\mozilla firefox\plugins\MannequinPlayer2.dll
2005-07-01 21:45 8,192 -csha-w C:\WINDOWS\o2cLicStore.bin
2006-11-26 18:04 8 --sh--r C:\WINDOWS\system32\3E4521AF55.sys
2007-11-30 17:57 104 --sh--r C:\WINDOWS\system32\55AF21453E.sys
2008-01-04 19:18 5,746 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2005-03-02 20:10 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll
2005-03-02 20:20 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:50 579072 4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-08 17:37 578560 c08f070bfd33ba831f3f77c1f2564e90 C:\WINDOWS\ServicePackFiles\i386\user32.dll
2007-03-08 17:37 578560 c08f070bfd33ba831f3f77c1f2564e90 C:\WINDOWS\system32\user32.dll
2007-03-08 17:37 578560 c08f070bfd33ba831f3f77c1f2564e90 C:\WINDOWS\system32\dllcache\user32.dll

2004-08-20 01:10 514048 0956e00f2ba5b265362e59969671ce40 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-20 01:10 506368 0a1a19fffc1467de5085d1b66c929e38 C:\WINDOWS\system32\winlogon.exe

2007-06-13 15:22 1044992 00a7b99e7feda4387bb6ae2fcab11586 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1044992 033e4e9d8461240d693d1be5bf4aa5bd C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 15:22 1044992 973690a4e14b41d7d6907a27972bda37 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 15:22 1044992 52f289cafdc15d8a75503ed6b5439af2 C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-20 01:09 23040 36469eb68fb925a61d7c47c3e7fc698d C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-08-20 01:09 23040 0a811c1dd0b94f6bbd24a3fbe3302313 C:\WINDOWS\system32\ctfmon.exe

2005-06-11 02:17 65536 44c884369d73b3d562e4193b3f7b6a37 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-20 01:10 65536 ee9e31776bc6f6dd43d2bda81dbaa74e C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2005-06-11 01:53 65536 563ca8ae085f4c4ee206ff108ef0bf71 C:\WINDOWS\system32\spoolsv.exe

2004-08-20 01:10 32768 e86be7428e5e0d6cb449c60dc8d1e73f C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2004-08-20 01:10 32768 cf32045823bb33d869319eb4dec974da C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-08 18:10 67128]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 23040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2002-09-20 15:16 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"PestPatrol Control Center"="C:\PROGRA~1\PESTPA~1\PPControl.exe" [2004-11-15 11:49 110080]
"PPMemCheck"="C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 07:53 156160]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 163840]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-04-11 21:08 28160]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-09-11 12:58 163840]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-09-11 12:57 53248]
"avast!"="D:\Gael\Avast\ashDisp.exe" [2008-07-19 16:38 78008]
"eCarteBleue-LP-P1"="C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe" [2002-12-20 10:49 196608]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 57344]
"SMKRun"="C:\Program Files\JustWrite Office\ScreenMark.exe" [2007-01-08 06:07 126976]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="D:\Gael\itunes\Quicktime\QTTask.exe" [2008-05-27 10:50 421888]
"iTunesHelper"="D:\Gael\itunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"CHotkey"="mHotkey.exe" [2002-07-23 11:09 485888 C:\WINDOWS\mHotkey.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 23040]

D:\Gael\Menu D‚marrer\Programmes\D‚marrage\
PowerReg Scheduler.exe [2007-07-28 13:57:51 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VP40"= vp4vfw.dll
"vidc.iv41"= ir41_32.dll
"MSACM.CEGSM"= mobilev.acm
"vidc.MJPG"= M3JPEG32.dll
"vidc.dmb1"= M3JPEG32.dll
"vidc.jpeg"= M3JPEG32.dll
"vidc.mxmc"= MimicICM.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gjl58.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Winter Fun Wallpaper Changer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Winter Fun Wallpaper Changer.lnk
backup=C:\WINDOWS\pss\Winter Fun Wallpaper Changer.lnkCommon Startup

[HKLM\~\startupfolder\D:^Gael^Menu Démarrer^Programmes^Démarrage^Groom Agent.lnk]
path=D:\Gael\Menu Démarrer\Programmes\Démarrage\Groom Agent.lnk
backup=C:\WINDOWS\pss\Groom Agent.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CookiePatrol]
--a------ 2005-01-10 09:35 81920 C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2003-06-24 15:23 69632 C:\Program Files\Home Cinema\PowerCinema\PCMService.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\CIMSVR.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"D:\\Gael\\battlefield 2\\BF2.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\sandra.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\RpcSandraSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"D:\\Gael\\Mes Programmes\\azureus\\Azureus.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Gael\\Mes Programmes\\emule\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Gael\\Mes Programmes\\skype\\Phone\\Skype.exe"=
"D:\\Gael\\Mes Programmes\\adsltv\\adsltv.exe"=
"D:\\Gael\\Mes Programmes\\adsltv\\vlc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Gael\\itunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10520:TCP"= 10520:TCP:BitComet 10520 TCP
"10520:UDP"= 10520:UDP:BitComet 10520 UDP

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2002-11-04 17:29]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2002-11-04 17:32]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 21:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 20:30]
S2 NVNVRZRJ;NVNVRZRJ;C:\WINDOWS\system32\drivers\NVNVRZRJ.sys []
S3 856589ad-e131-4880-a696-13ccdd935925;856589ad-e131-4880-a696-13ccdd935925;J:\Player\cds300.dll []
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 11:35]
S3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-09-20 09:15]
S3 PID_0960_V;Logitech ClickSmart 420(PID_0960_V);C:\WINDOWS\system32\DRIVERS\LVVIMULB.SYS [2002-09-20 09:19]
S3 VVRUSB;VVRUSB Device;C:\WINDOWS\system32\DRIVERS\VVRUSB.sys [2002-01-20 10:02]

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-08-27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-_Windows - C:\WINDOWS\WinSecurity\services.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Laurent\Application Data\Mozilla\Firefox\Profiles\4stnty8e.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 20:55:02
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE
-> C:\Program Files\WinRAR\rarext.dll
-> C:\WINDOWS\system32\CmdLineExt03.dll
-> C:\WINDOWS\system32\nvshell.dll
-> C:\WINDOWS\HKNTDLL.dll
.
Temps d'accomplissement: 2008-08-29 21:00:01
ComboFix-quarantined-files.txt 2008-08-29 18:59:29

Pre-Run: 27,456,647,168 octets libres
Post-Run: 27,457,495,040 octets libres

246 --- E O F --- 2008-08-13 20:49:22
0
Réponse 79 / 119
Utilisateur anonyme
29 août 2008 à 21:30
je regarde tes rapports .......... dis moi as tu un cd d installation fourni par ton fournisseur d acces internet ??
0
Réponse 80 / 119
gael31390 Messages postés 719 Date d'inscription lundi 2 avril 2007 Statut Membre Dernière intervention 2 avril 2011 75
29 août 2008 à 21:49
Il me semble ui
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses