Aide infection svp[CID, tojan...]

matthieu -
matthieu - 12 sept. 2008 à 13:54

Bonjour,
bonjour,
j'ai besoin de conseil pour nettoyer mon ordi suite a infections multiples ; trojan éliminé par norton , ainsi que des fenêtres CID ; je vous joins un log hijathis
merci de m'aider je n'y comprends rien
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:59, on 12/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Contrôle parental\fssui.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Explorer Class - {CD3EBD6D-75C3-11D4-AA9D-0000E8EB9341} - C:\Windows\system32\PAGEBEAMER_V2.DLL
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [RAMBoosterPro] "C:\Program Files\RAM Booster Pro\RAMBoosterPro.exe" auto
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [atom poll] "C:\ProgramData\Nouncloseclose.onmsrq7"
O4 - HKLM\..\Run: [ANTI LITE TITLE DEBUG] "C:\ProgramData\dart info extra.gfyru"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1219944130978&h=16592717b134907cb07f505cfe271407/&filename=jinstall-6u7-windows-i586-jc.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

Afficher la suite

A voir également:

Aide infection svp[CID, tojan...]
Infection - Forum Virus
Samy vous donne accès au fichier partagé le cid. que pouvez-vous faire avec ce document en ligne ? ✓ - Forum Réseau
Infection pc ✓ - Forum Virus
[Pnkbstra]infection ✓ - Forum Virus
Infection virus ✓ - Forum Virus

3 réponses

Réponse 1 / 3

Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537

Bonjour,

Désactive tes protections résidentes (Antivirus, ...) tu les réactivera après le scan

Télécharge Lop S&D < ici https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

Double-clique sur Lop S&D.exe présent sur ton bureau
Séléctionne la langue souhaitée, puis choisis l'Option 1 (Recherche)
Patiente jusqu'à la fin du scan
Poste le rapport généré (%SystemDrive%\lopR.txt)

(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

matthieu

BONJOUR §
MERCI pour ton aide voici le rapport lop :

--------------------\\ Lop S&D 4.2.4-2 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz )
BIOS : BIOS Date: 11/23/07 18:30:01 Ver: 08.00.15
USER : alex ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Not Activated)
Firewall : Norton Internet Security 2007 (Activated)

"C:\Lop SD" ( MAJ : 08-09-2008|21:40 )
Option : [1] ( 12/09/2008|12:54 )

[ UAC => 1 ]

--------------------\\ Listing des dossiers dans Local

[29/08/2008|13:47] C:\Users\alex\AppData\Local\Acer Arcade Live
[28/08/2008|15:40] C:\Users\alex\AppData\Local\Application Data
[28/08/2008|15:41] C:\Users\alex\AppData\Local\d3d9caps.dat
[04/09/2008|22:26] C:\Users\alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[28/08/2008|20:34] C:\Users\alex\AppData\Local\GDIPFONTCACHEV1.DAT
[28/08/2008|20:27] C:\Users\alex\AppData\Local\Google
[28/08/2008|15:40] C:\Users\alex\AppData\Local\Historique
[12/09/2008|10:16] C:\Users\alex\AppData\Local\IconCache.db
[11/09/2008|19:45] C:\Users\alex\AppData\Local\Microsoft
[29/08/2008|13:48] C:\Users\alex\AppData\Local\Microsoft Games
[28/08/2008|15:41] C:\Users\alex\AppData\Local\PlayMovie
[28/08/2008|15:41] C:\Users\alex\AppData\Local\PowerCinema
[12/09/2008|12:51] C:\Users\alex\AppData\Local\Temp
[28/08/2008|15:40] C:\Users\alex\AppData\Local\Temporary Internet Files
[28/08/2008|16:33] C:\Users\alex\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[12/09/2008 10:18][--a------] C:\Windows\tasks\Norton Internet Security - Analyse systŠme complŠte - alex.job
[12/09/2008 12:09][--a------] C:\Windows\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[12/09/2008 10:18][--ah-----] C:\Windows\tasks\SA.DAT
[12/09/2008 10:17][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[03/12/2007|10:42] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[03/12/2007|11:20] C:\ProgramData\Adobe
[02/11/2006|15:02] C:\ProgramData\Application Data
[28/08/2008|15:37] C:\ProgramData\Bureau
[28/08/2008|15:41] C:\ProgramData\CyberLink
[04/09/2008|22:22] C:\ProgramData\dart info extra.gfyru
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[29/08/2008|13:47] C:\ProgramData\eSobi
[28/08/2008|15:37] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[28/08/2008|20:23] C:\ProgramData\Google
[28/08/2008|15:37] C:\ProgramData\Menu D‚marrer
[28/08/2008|15:55] C:\ProgramData\Microsoft
[11/09/2008|10:38] C:\ProgramData\Microsoft Help
[28/08/2008|15:37] C:\ProgramData\ModŠles
[08/09/2008|21:00] C:\ProgramData\Nouncloseclose.0jl28kp
[09/09/2008|18:36] C:\ProgramData\Nouncloseclose.136ys
[10/09/2008|19:35] C:\ProgramData\Nouncloseclose.1tzt0rj
[06/09/2008|18:36] C:\ProgramData\Nouncloseclose.2ectz
[06/09/2008|14:42] C:\ProgramData\Nouncloseclose.2mkzkm
[11/09/2008|20:01] C:\ProgramData\Nouncloseclose.2pzjssp
[07/09/2008|13:19] C:\ProgramData\Nouncloseclose.2ve5yo
[07/09/2008|15:08] C:\ProgramData\Nouncloseclose.32zohi
[09/09/2008|15:21] C:\ProgramData\Nouncloseclose.3chs4
[10/09/2008|14:06] C:\ProgramData\Nouncloseclose.3m7j4
[08/09/2008|22:05] C:\ProgramData\Nouncloseclose.3q1bjrq
[08/09/2008|19:54] C:\ProgramData\Nouncloseclose.4pe9b9s
[09/09/2008|19:19] C:\ProgramData\Nouncloseclose.4stvm4
[05/09/2008|23:17] C:\ProgramData\Nouncloseclose.4yhdcm
[12/09/2008|11:02] C:\ProgramData\Nouncloseclose.4zx6o3
[08/09/2008|09:31] C:\ProgramData\Nouncloseclose.53ulh
[07/09/2008|12:36] C:\ProgramData\Nouncloseclose.55lmuns
[06/09/2008|20:03] C:\ProgramData\Nouncloseclose.560v7r
[10/09/2008|11:41] C:\ProgramData\Nouncloseclose.58fr3rr
[10/09/2008|22:16] C:\ProgramData\Nouncloseclose.5czy90
[06/09/2008|11:46] C:\ProgramData\Nouncloseclose.5j4lyf
[06/09/2008|21:32] C:\ProgramData\Nouncloseclose.6d2a6
[08/09/2008|13:27] C:\ProgramData\Nouncloseclose.6h7fwh7
[11/09/2008|11:57] C:\ProgramData\Nouncloseclose.6mqg82t
[08/09/2008|00:03] C:\ProgramData\Nouncloseclose.6ry9f4
[11/09/2008|11:35] C:\ProgramData\Nouncloseclose.6xv6urj
[06/09/2008|19:19] C:\ProgramData\Nouncloseclose.78jl7
[06/09/2008|15:04] C:\ProgramData\Nouncloseclose.7goqh2s
[08/09/2008|14:55] C:\ProgramData\Nouncloseclose.7h06sj
[11/09/2008|12:19] C:\ProgramData\Nouncloseclose.7kq8m
[05/09/2008|18:42] C:\ProgramData\Nouncloseclose.7s6oiko
[08/09/2008|14:33] C:\ProgramData\Nouncloseclose.7s73ha3
[07/09/2008|22:35] C:\ProgramData\Nouncloseclose.7uxu7
[08/09/2008|20:16] C:\ProgramData\Nouncloseclose.7uz890
[09/09/2008|21:30] C:\ProgramData\Nouncloseclose.7v33j
[12/09/2008|10:06] C:\ProgramData\Nouncloseclose.83bzn1
[09/09/2008|16:48] C:\ProgramData\Nouncloseclose.866oo5o
[07/09/2008|11:30] C:\ProgramData\Nouncloseclose.86jia
[09/09/2008|19:41] C:\ProgramData\Nouncloseclose.8bucp
[07/09/2008|12:57] C:\ProgramData\Nouncloseclose.8ecqjd
[09/09/2008|22:58] C:\ProgramData\Nouncloseclose.8tfsatf
[06/09/2008|17:37] C:\ProgramData\Nouncloseclose.8tsawe
[08/09/2008|21:44] C:\ProgramData\Nouncloseclose.9ho9aba
[05/09/2008|00:11] C:\ProgramData\Nouncloseclose.a5ay72a
[07/09/2008|14:25] C:\ProgramData\Nouncloseclose.a8a9oee
[11/09/2008|19:39] C:\ProgramData\Nouncloseclose.a9gyzs
[07/09/2008|23:19] C:\ProgramData\Nouncloseclose.aewos
[08/09/2008|20:38] C:\ProgramData\Nouncloseclose.b1c91o
[05/09/2008|19:48] C:\ProgramData\Nouncloseclose.b5i1a
[07/09/2008|13:41] C:\ProgramData\Nouncloseclose.b8zas4s
[10/09/2008|20:19] C:\ProgramData\Nouncloseclose.bagw4n1
[05/09/2008|18:20] C:\ProgramData\Nouncloseclose.bbmg489
[09/09/2008|15:43] C:\ProgramData\Nouncloseclose.bmlyeb6
[09/09/2008|20:47] C:\ProgramData\Nouncloseclose.bsy20
[06/09/2008|15:47] C:\ProgramData\Nouncloseclose.c0stiu8
[10/09/2008|22:59] C:\ProgramData\Nouncloseclose.ca49v2
[07/09/2008|14:03] C:\ProgramData\Nouncloseclose.ccqnsj
[06/09/2008|15:26] C:\ProgramData\Nouncloseclose.cdl62
[11/09/2008|17:50] C:\ProgramData\Nouncloseclose.ci12ll9
[09/09/2008|21:09] C:\ProgramData\Nouncloseclose.clf0h
[07/09/2008|20:03] C:\ProgramData\Nouncloseclose.cofaz8j
[10/09/2008|18:17] C:\ProgramData\Nouncloseclose.cut7gxu
[06/09/2008|16:09] C:\ProgramData\Nouncloseclose.cv2qt
[09/09/2008|16:05] C:\ProgramData\Nouncloseclose.cwrylvl
[09/09/2008|22:14] C:\ProgramData\Nouncloseclose.cxrrn
[11/09/2008|19:17] C:\ProgramData\Nouncloseclose.d67lw7
[09/09/2008|20:25] C:\ProgramData\Nouncloseclose.d6lnb
[10/09/2008|20:41] C:\ProgramData\Nouncloseclose.dgs6w33
[09/09/2008|22:36] C:\ProgramData\Nouncloseclose.dt6gf7j
[12/09/2008|11:24] C:\ProgramData\Nouncloseclose.dt6q9
[07/09/2008|11:52] C:\ProgramData\Nouncloseclose.dvwpy3
[09/09/2008|20:03] C:\ProgramData\Nouncloseclose.ejxn4o
[07/09/2008|18:12] C:\ProgramData\Nouncloseclose.eljmbxy
[06/09/2008|17:15] C:\ProgramData\Nouncloseclose.ep955x
[06/09/2008|17:58] C:\ProgramData\Nouncloseclose.epgm24k
[11/09/2008|15:02] C:\ProgramData\Nouncloseclose.eyugyic
[10/09/2008|12:47] C:\ProgramData\Nouncloseclose.f3a2tdd
[07/09/2008|20:46] C:\ProgramData\Nouncloseclose.f5gnwck
[12/09/2008|12:08] C:\ProgramData\Nouncloseclose.f5mokh
[08/09/2008|08:25] C:\ProgramData\Nouncloseclose.fhumjp2
[04/09/2008|22:21] C:\ProgramData\Nouncloseclose.fhy63v
[12/09/2008|09:44] C:\ProgramData\Nouncloseclose.fx7xp
[06/09/2008|11:02] C:\ProgramData\Nouncloseclose.gii52tj
[11/09/2008|22:55] C:\ProgramData\Nouncloseclose.gk3cod
[06/09/2008|21:54] C:\ProgramData\Nouncloseclose.gny1t
[10/09/2008|14:28] C:\ProgramData\Nouncloseclose.hcb6ti9
[10/09/2008|21:03] C:\ProgramData\Nouncloseclose.hcc8vy
[05/09/2008|22:56] C:\ProgramData\Nouncloseclose.hg53w
[08/09/2008|15:38] C:\ProgramData\Nouncloseclose.hjkwnmo
[07/09/2008|10:03] C:\ProgramData\Nouncloseclose.hk514c
[07/09/2008|11:08] C:\ProgramData\Nouncloseclose.hverd
[06/09/2008|22:38] C:\ProgramData\Nouncloseclose.i1dk3
[05/09/2008|00:59] C:\ProgramData\Nouncloseclose.i2npr5
[07/09/2008|22:57] C:\ProgramData\Nouncloseclose.i98s8
[11/09/2008|23:17] C:\ProgramData\Nouncloseclose.ijotm
[12/09/2008|12:52] C:\ProgramData\Nouncloseclose.ivn06
[07/09/2008|18:34] C:\ProgramData\Nouncloseclose.j22giq0
[11/09/2008|23:39] C:\ProgramData\Nouncloseclose.j5nldjc
[11/09/2008|18:33] C:\ProgramData\Nouncloseclose.jclab
[08/09/2008|13:05] C:\ProgramData\Nouncloseclose.jehlbu
[08/09/2008|22:27] C:\ProgramData\Nouncloseclose.jq14a
[08/09/2008|19:11] C:\ProgramData\Nouncloseclose.jqf3a
[10/09/2008|12:03] C:\ProgramData\Nouncloseclose.jwv1ot
[11/09/2008|18:11] C:\ProgramData\Nouncloseclose.k7zha
[06/09/2008|11:24] C:\ProgramData\Nouncloseclose.ka86o
[11/09/2008|20:44] C:\ProgramData\Nouncloseclose.kp1xhug
[05/09/2008|20:09] C:\ProgramData\Nouncloseclose.kp5kksh
[06/09/2008|12:29] C:\ProgramData\Nouncloseclose.krbl7a
[08/09/2008|21:22] C:\ProgramData\Nouncloseclose.ksegduo
[10/09/2008|19:01] C:\ProgramData\Nouncloseclose.kxa68
[11/09/2008|21:50] C:\ProgramData\Nouncloseclose.lal6xdq
[10/09/2008|23:21] C:\ProgramData\Nouncloseclose.leaqfo
[07/09/2008|15:30] C:\ProgramData\Nouncloseclose.m2dgc0e
[10/09/2008|16:21] C:\ProgramData\Nouncloseclose.m87ki
[11/09/2008|11:14] C:\ProgramData\Nouncloseclose.meki4a
[11/09/2008|21:06] C:\ProgramData\Nouncloseclose.mg52nyf
[09/09/2008|16:26] C:\ProgramData\Nouncloseclose.mncxofy
[07/09/2008|21:52] C:\ProgramData\Nouncloseclose.mxgciv
[06/09/2008|13:36] C:\ProgramData\Nouncloseclose.mz7rymq
[08/09/2008|14:11] C:\ProgramData\Nouncloseclose.n1umc
[07/09/2008|23:41] C:\ProgramData\Nouncloseclose.o18wgwq
[10/09/2008|19:57] C:\ProgramData\Nouncloseclose.o577z
[12/09/2008|11:46] C:\ProgramData\Nouncloseclose.onmsrq7
[06/09/2008|16:31] C:\ProgramData\Nouncloseclose.optvfsp
[12/09/2008|00:01] C:\ProgramData\Nouncloseclose.p3u5r
[08/09/2008|16:00] C:\ProgramData\Nouncloseclose.p8ddfaz
[07/09/2008|12:14] C:\ProgramData\Nouncloseclose.p8j16v
[09/09/2008|10:11] C:\ProgramData\Nouncloseclose.pciz0
[11/09/2008|15:24] C:\ProgramData\Nouncloseclose.poofvm4
[07/09/2008|21:30] C:\ProgramData\Nouncloseclose.ppaozc
[10/09/2008|12:25] C:\ProgramData\Nouncloseclose.pvy9h9
[10/09/2008|13:30] C:\ProgramData\Nouncloseclose.pwp38y
[08/09/2008|15:16] C:\ProgramData\Nouncloseclose.q1rczp4
[09/09/2008|10:32] C:\ProgramData\Nouncloseclose.q2xqj
[09/09/2008|18:57] C:\ProgramData\Nouncloseclose.q3hxqb1
[12/09/2008|00:23] C:\ProgramData\Nouncloseclose.q3ih3
[07/09/2008|19:39] C:\ProgramData\Nouncloseclose.q7jh9
[06/09/2008|12:08] C:\ProgramData\Nouncloseclose.qtqyh
[07/09/2008|14:47] C:\ProgramData\Nouncloseclose.qxh3l2
[06/09/2008|23:00] C:\ProgramData\Nouncloseclose.qzkmxq
[11/09/2008|22:34] C:\ProgramData\Nouncloseclose.rcw25e
[07/09/2008|18:55] C:\ProgramData\Nouncloseclose.rnh9vy9
[04/09/2008|23:06] C:\ProgramData\Nouncloseclose.roxqwn4
[11/09/2008|18:55] C:\ProgramData\Nouncloseclose.rzs1q
[08/09/2008|13:49] C:\ProgramData\Nouncloseclose.s02r9w2
[08/09/2008|01:30] C:\ProgramData\Nouncloseclose.s0c9x6
[11/09/2008|21:28] C:\ProgramData\Nouncloseclose.s25myhv
[04/09/2008|22:44] C:\ProgramData\Nouncloseclose.sbs04jn
[11/09/2008|10:52] C:\ProgramData\Nouncloseclose.sd6gu9u
[10/09/2008|15:59] C:\ProgramData\Nouncloseclose.se68ak
[05/09/2008|22:34] C:\ProgramData\Nouncloseclose.sp2w8i
[07/09/2008|21:08] C:\ProgramData\Nouncloseclose.t15fbxw
[10/09/2008|21:24] C:\ProgramData\Nouncloseclose.tdzfubm
[10/09/2008|22:37] C:\ProgramData\Nouncloseclose.thedy
[11/09/2008|16:30] C:\ProgramData\Nouncloseclose.tm3xg
[11/09/2008|16:08] C:\ProgramData\Nouncloseclose.tpx35k2
[06/09/2008|00:01] C:\ProgramData\Nouncloseclose.trb7lgq
[06/09/2008|18:57] C:\ProgramData\Nouncloseclose.tt9ezy
[08/09/2008|19:32] C:\ProgramData\Nouncloseclose.tylyr
[08/09/2008|12:44] C:\ProgramData\Nouncloseclose.u6yzwdq
[11/09/2008|15:46] C:\ProgramData\Nouncloseclose.uhkcdvb
[07/09/2008|17:28] C:\ProgramData\Nouncloseclose.uirzzu
[06/09/2008|16:53] C:\ProgramData\Nouncloseclose.umwwnen
[08/09/2008|16:22] C:\ProgramData\Nouncloseclose.uqp2e
[09/09/2008|18:14] C:\ProgramData\Nouncloseclose.uvg1f
[04/09/2008|22:21] C:\ProgramData\Nouncloseclose.uvprixy
[09/09/2008|21:52] C:\ProgramData\Nouncloseclose.uxiu686
[08/09/2008|16:44] C:\ProgramData\Nouncloseclose.v1nqv0
[06/09/2008|20:49] C:\ProgramData\Nouncloseclose.vg3cnv
[10/09/2008|14:50] C:\ProgramData\Nouncloseclose.vrijt3p
[08/09/2008|00:46] C:\ProgramData\Nouncloseclose.vs5o02t
[11/09/2008|22:12] C:\ProgramData\Nouncloseclose.vwa1w
[07/09/2008|10:46] C:\ProgramData\Nouncloseclose.vy8o0
[07/09/2008|22:14] C:\ProgramData\Nouncloseclose.wax3qr
[08/09/2008|00:25] C:\ProgramData\Nouncloseclose.wdq0ng
[05/09/2008|20:31] C:\ProgramData\Nouncloseclose.wegncr
[06/09/2008|20:25] C:\ProgramData\Nouncloseclose.wnsl7
[06/09/2008|19:41] C:\ProgramData\Nouncloseclose.wzb2rg
[11/09/2008|20:22] C:\ProgramData\Nouncloseclose.x96s4
[10/09/2008|18:39] C:\ProgramData\Nouncloseclose.xbg8r
[09/09/2008|17:10] C:\ProgramData\Nouncloseclose.xho2zm
[06/09/2008|22:16] C:\ProgramData\Nouncloseclose.xn7czee
[12/09/2008|10:41] C:\ProgramData\Nouncloseclose.xrsh2ai
[06/09/2008|13:58] C:\ProgramData\Nouncloseclose.xvz8fti
[10/09/2008|13:08] C:\ProgramData\Nouncloseclose.xxie7u
[07/09/2008|20:24] C:\ProgramData\Nouncloseclose.xy66s8
[08/09/2008|08:47] C:\ProgramData\Nouncloseclose.y4ekheg
[04/09/2008|23:49] C:\ProgramData\Nouncloseclose.y4oep
[07/09/2008|10:25] C:\ProgramData\Nouncloseclose.yaqnqh
[07/09/2008|15:52] C:\ProgramData\Nouncloseclose.yawmzez
[07/09/2008|17:50] C:\ProgramData\Nouncloseclose.ykrs8t
[06/09/2008|13:14] C:\ProgramData\Nouncloseclose.ymp2af
[08/09/2008|01:08] C:\ProgramData\Nouncloseclose.yn977sc
[12/09/2008|12:30] C:\ProgramData\Nouncloseclose.yww3nap
[05/09/2008|19:04] C:\ProgramData\Nouncloseclose.yx1ofoe
[08/09/2008|09:09] C:\ProgramData\Nouncloseclose.z1lqpv6
[10/09/2008|16:43] C:\ProgramData\Nouncloseclose.z6k8eb6
[07/09/2008|19:17] C:\ProgramData\Nouncloseclose.zew8r
[05/09/2008|23:39] C:\ProgramData\Nouncloseclose.zljdv76
[05/09/2008|19:26] C:\ProgramData\Nouncloseclose.zm56pht
[06/09/2008|21:10] C:\ProgramData\Nouncloseclose.zo2fa
[04/09/2008|23:27] C:\ProgramData\Nouncloseclose.zq3phr1
[08/09/2008|22:49] C:\ProgramData\Nouncloseclose.zqlwqpy
[06/09/2008|14:20] C:\ProgramData\Nouncloseclose.zwcrfvw
[06/09/2008|23:21] C:\ProgramData\Nouncloseclose.zz3ekw
[28/08/2008|15:41] C:\ProgramData\NVIDIA
[04/09/2008|22:22] C:\ProgramData\Okay meta anti lite
[02/11/2006|15:02] C:\ProgramData\Start Menu
[31/08/2008|00:38] C:\ProgramData\SweetIM
[12/09/2008|10:15] C:\ProgramData\Symantec
[02/11/2006|15:02] C:\ProgramData\Templates
[04/09/2008|22:22] C:\ProgramData\The Send
[28/08/2008|20:24] C:\ProgramData\WLInstaller
[28/08/2008|15:57] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing des dossiers dans C:\Program Files

[28/08/2008|15:40] C:\Program Files\Acer Arcade Live
[03/12/2007|11:08] C:\Program Files\Acer GameZone
[28/08/2008|15:44] C:\Program Files\Acer Inc
[03/12/2007|10:42] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[03/12/2007|11:19] C:\Program Files\Adobe
[28/08/2008|16:24] C:\Program Files\AIDA32 - Enterprise System Information
[28/08/2008|15:42] C:\Program Files\ATI
[28/08/2008|20:29] C:\Program Files\CCleaner
[12/09/2008|10:12] C:\Program Files\Common Files
[03/12/2007|10:59] C:\Program Files\CyberLink
[28/08/2008|15:59] C:\Program Files\Daren Softwares
[28/08/2008|15:58] C:\Program Files\DivX
[28/08/2008|16:22] C:\Program Files\DivXCodec
[28/08/2008|23:11] C:\Program Files\EoRezo
[03/12/2007|11:08] C:\Program Files\eSobi
[28/08/2008|15:37] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[29/08/2008|00:11] C:\Program Files\Google
[28/08/2008|20:34] C:\Program Files\Guitar Pro 5
[28/08/2008|15:44] C:\Program Files\InstallShield Installation Information
[29/08/2008|00:09] C:\Program Files\Internet Explorer
[28/08/2008|23:11] C:\Program Files\ItsLabel
[28/08/2008|20:21] C:\Program Files\Java
[28/08/2008|15:55] C:\Program Files\Lavasoft
[28/08/2008|16:04] C:\Program Files\LimeWire
[28/08/2008|21:02] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[03/12/2007|10:42] C:\Program Files\Microsoft Office
[28/08/2008|23:40] C:\Program Files\Microsoft SQL Server Compact Edition
[11/09/2008|10:36] C:\Program Files\Microsoft Works
[03/12/2007|10:39] C:\Program Files\Microsoft.NET
[02/11/2006|14:42] C:\Program Files\Movie Maker
[02/11/2006|14:37] C:\Program Files\MSBuild
[02/11/2006|14:37] C:\Program Files\MSN
[03/12/2007|10:06] C:\Program Files\MSXML 4.0
[28/08/2008|20:15] C:\Program Files\Neuf
[03/12/2007|10:47] C:\Program Files\NewTech Infosystems
[12/09/2008|10:18] C:\Program Files\Norton Internet Security
[01/09/2008|16:43] C:\Program Files\PC Camera
[28/08/2008|16:05] C:\Program Files\RAM Booster Pro
[03/12/2007|10:34] C:\Program Files\Realtek
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[28/08/2008|16:22] C:\Program Files\Rippackv3
[28/08/2008|15:56] C:\Program Files\SuperCopier2
[31/08/2008|00:38] C:\Program Files\SweetIM
[12/09/2008|10:13] C:\Program Files\Symantec
[12/09/2008|11:54] C:\Program Files\Trend Micro
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[28/08/2008|15:57] C:\Program Files\VideoLAN
[28/08/2008|16:25] C:\Program Files\Winamp
[03/12/2007|10:25] C:\Program Files\Windows Calendar
[02/11/2006|14:42] C:\Program Files\Windows Collaboration
[03/12/2007|10:25] C:\Program Files\Windows Defender
[02/11/2006|14:42] C:\Program Files\Windows Journal
[30/08/2008|12:22] C:\Program Files\Windows Live
[28/08/2008|23:59] C:\Program Files\Windows Live Favorites
[28/08/2008|23:59] C:\Program Files\Windows Live Toolbar
[03/12/2007|10:25] C:\Program Files\Windows Mail
[03/12/2007|10:25] C:\Program Files\Windows Media Player
[28/08/2008|15:37] C:\Program Files\Windows NT
[02/11/2006|14:42] C:\Program Files\Windows Photo Gallery
[29/08/2008|00:09] C:\Program Files\Windows Sidebar
[28/08/2008|16:25] C:\Program Files\WinRAR
[28/08/2008|15:40] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[03/12/2007|11:19] C:\Program Files\Common Files\Adobe
[03/12/2007|10:39] C:\Program Files\Common Files\DESIGNER
[03/12/2007|10:59] C:\Program Files\Common Files\InstallShield
[28/08/2008|20:20] C:\Program Files\Common Files\Java
[03/12/2007|10:47] C:\Program Files\Common Files\LightScribe
[28/08/2008|20:53] C:\Program Files\Common Files\microsoft shared
[03/12/2007|10:46] C:\Program Files\Common Files\muvee Technologies
[03/12/2007|10:47] C:\Program Files\Common Files\NewTech Infosystems
[03/12/2007|11:03] C:\Program Files\Common Files\Oberon Media
[28/08/2008|15:58] C:\Program Files\Common Files\PX Storage Engine
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[12/09/2008|10:18] C:\Program Files\Common Files\Symantec Shared
[03/12/2007|10:25] C:\Program Files\Common Files\System
[28/08/2008|20:32] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 72 Processes )

iexplore.exe ~ [PID:1612]
iexplore.exe ~ [PID:3488]
iexplore.exe ~ [PID:4288]

--------------------\\ Recherche avec S_Lop

C:\ProgramData\dart info extra.gfyru
C:\ProgramData\Nouncloseclose.136ys
C:\ProgramData\Nouncloseclose.2ectz
C:\ProgramData\Nouncloseclose.3chs4
C:\ProgramData\Nouncloseclose.3m7j4
C:\ProgramData\Nouncloseclose.53ulh
C:\ProgramData\Nouncloseclose.6d2a6
C:\ProgramData\Nouncloseclose.78jl7
C:\ProgramData\Nouncloseclose.7kq8m
C:\ProgramData\Nouncloseclose.7uxu7
C:\ProgramData\Nouncloseclose.7v33j
C:\ProgramData\Nouncloseclose.86jia
C:\ProgramData\Nouncloseclose.8bucp
C:\ProgramData\Nouncloseclose.aewos
C:\ProgramData\Nouncloseclose.b5i1a
C:\ProgramData\Nouncloseclose.bsy20
C:\ProgramData\Nouncloseclose.cdl62
C:\ProgramData\Nouncloseclose.clf0h
C:\ProgramData\Nouncloseclose.cv2qt
C:\ProgramData\Nouncloseclose.cxrrn
C:\ProgramData\Nouncloseclose.d6lnb
C:\ProgramData\Nouncloseclose.dt6q9
C:\ProgramData\Nouncloseclose.fx7xp
C:\ProgramData\Nouncloseclose.gny1t
C:\ProgramData\Nouncloseclose.hg53w
C:\ProgramData\Nouncloseclose.hverd
C:\ProgramData\Nouncloseclose.i1dk3
C:\ProgramData\Nouncloseclose.i98s8
C:\ProgramData\Nouncloseclose.ijotm
C:\ProgramData\Nouncloseclose.ivn06
C:\ProgramData\Nouncloseclose.jclab
C:\ProgramData\Nouncloseclose.jq14a
C:\ProgramData\Nouncloseclose.jqf3a
C:\ProgramData\Nouncloseclose.k7zha
C:\ProgramData\Nouncloseclose.ka86o
C:\ProgramData\Nouncloseclose.kxa68
C:\ProgramData\Nouncloseclose.m87ki
C:\ProgramData\Nouncloseclose.n1umc
C:\ProgramData\Nouncloseclose.o577z
C:\ProgramData\Nouncloseclose.p3u5r
C:\ProgramData\Nouncloseclose.pciz0
C:\ProgramData\Nouncloseclose.q2xqj
C:\ProgramData\Nouncloseclose.q3ih3
C:\ProgramData\Nouncloseclose.q7jh9
C:\ProgramData\Nouncloseclose.qtqyh
C:\ProgramData\Nouncloseclose.rzs1q
C:\ProgramData\Nouncloseclose.thedy
C:\ProgramData\Nouncloseclose.tm3xg
C:\ProgramData\Nouncloseclose.tylyr
C:\ProgramData\Nouncloseclose.uqp2e
C:\ProgramData\Nouncloseclose.uvg1f
C:\ProgramData\Nouncloseclose.vwa1w
C:\ProgramData\Nouncloseclose.vy8o0
C:\ProgramData\Nouncloseclose.wnsl7
C:\ProgramData\Nouncloseclose.x96s4
C:\ProgramData\Nouncloseclose.xbg8r
C:\ProgramData\Nouncloseclose.y4oep
C:\ProgramData\Nouncloseclose.zew8r
C:\ProgramData\Nouncloseclose.zo2fa
C:\ProgramData\Nouncloseclose.2mkzkm
C:\ProgramData\Nouncloseclose.2ve5yo
C:\ProgramData\Nouncloseclose.32zohi
C:\ProgramData\Nouncloseclose.4stvm4
C:\ProgramData\Nouncloseclose.4yhdcm
C:\ProgramData\Nouncloseclose.4zx6o3
C:\ProgramData\Nouncloseclose.560v7r
C:\ProgramData\Nouncloseclose.5czy90
C:\ProgramData\Nouncloseclose.5j4lyf
C:\ProgramData\Nouncloseclose.6ry9f4
C:\ProgramData\Nouncloseclose.7h06sj
C:\ProgramData\Nouncloseclose.7uz890
C:\ProgramData\Nouncloseclose.83bzn1
C:\ProgramData\Nouncloseclose.8ecqjd
C:\ProgramData\Nouncloseclose.8tsawe
C:\ProgramData\Nouncloseclose.a9gyzs
C:\ProgramData\Nouncloseclose.b1c91o
C:\ProgramData\Nouncloseclose.ca49v2
C:\ProgramData\Nouncloseclose.ccqnsj
C:\ProgramData\Nouncloseclose.d67lw7
C:\ProgramData\Nouncloseclose.dvwpy3
C:\ProgramData\Nouncloseclose.ejxn4o
C:\ProgramData\Nouncloseclose.ep955x
C:\ProgramData\Nouncloseclose.f5mokh
C:\ProgramData\Nouncloseclose.fhy63v
C:\ProgramData\Nouncloseclose.gk3cod
C:\ProgramData\Nouncloseclose.hcc8vy
C:\ProgramData\Nouncloseclose.hk514c
C:\ProgramData\Nouncloseclose.i2npr5
C:\ProgramData\Nouncloseclose.jehlbu
C:\ProgramData\Nouncloseclose.jwv1ot
C:\ProgramData\Nouncloseclose.krbl7a
C:\ProgramData\Nouncloseclose.leaqfo
C:\ProgramData\Nouncloseclose.meki4a
C:\ProgramData\Nouncloseclose.mxgciv
C:\ProgramData\Nouncloseclose.p8j16v
C:\ProgramData\Nouncloseclose.ppaozc
C:\ProgramData\Nouncloseclose.pvy9h9
C:\ProgramData\Nouncloseclose.pwp38y
C:\ProgramData\Nouncloseclose.qxh3l2
C:\ProgramData\Nouncloseclose.qzkmxq
C:\ProgramData\Nouncloseclose.rcw25e
C:\ProgramData\Nouncloseclose.s0c9x6
C:\ProgramData\Nouncloseclose.se68ak
C:\ProgramData\Nouncloseclose.sp2w8i
C:\ProgramData\Nouncloseclose.tt9ezy
C:\ProgramData\Nouncloseclose.uirzzu
C:\ProgramData\Nouncloseclose.v1nqv0
C:\ProgramData\Nouncloseclose.vg3cnv
C:\ProgramData\Nouncloseclose.wax3qr
C:\ProgramData\Nouncloseclose.wdq0ng
C:\ProgramData\Nouncloseclose.wegncr
C:\ProgramData\Nouncloseclose.wzb2rg
C:\ProgramData\Nouncloseclose.xho2zm
C:\ProgramData\Nouncloseclose.xxie7u
C:\ProgramData\Nouncloseclose.xy66s8
C:\ProgramData\Nouncloseclose.yaqnqh
C:\ProgramData\Nouncloseclose.ykrs8t
C:\ProgramData\Nouncloseclose.ymp2af
C:\ProgramData\Nouncloseclose.zz3ekw
C:\ProgramData\Nouncloseclose.0jl28kp
C:\ProgramData\Nouncloseclose.1tzt0rj
C:\ProgramData\Nouncloseclose.2pzjssp
C:\ProgramData\Nouncloseclose.3q1bjrq
C:\ProgramData\Nouncloseclose.4pe9b9s
C:\ProgramData\Nouncloseclose.55lmuns
C:\ProgramData\Nouncloseclose.58fr3rr
C:\ProgramData\Nouncloseclose.6h7fwh7
C:\ProgramData\Nouncloseclose.6mqg82t
C:\ProgramData\Nouncloseclose.6xv6urj
C:\ProgramData\Nouncloseclose.7goqh2s
C:\ProgramData\Nouncloseclose.7s6oiko
C:\ProgramData\Nouncloseclose.7s73ha3
C:\ProgramData\Nouncloseclose.866oo5o
C:\ProgramData\Nouncloseclose.8tfsatf
C:\ProgramData\Nouncloseclose.9ho9aba
C:\ProgramData\Nouncloseclose.a5ay72a
C:\ProgramData\Nouncloseclose.a8a9oee
C:\ProgramData\Nouncloseclose.b8zas4s
C:\ProgramData\Nouncloseclose.bagw4n1
C:\ProgramData\Nouncloseclose.bbmg489
C:\ProgramData\Nouncloseclose.bmlyeb6
C:\ProgramData\Nouncloseclose.c0stiu8
C:\ProgramData\Nouncloseclose.ci12ll9
C:\ProgramData\Nouncloseclose.cofaz8j
C:\ProgramData\Nouncloseclose.cut7gxu
C:\ProgramData\Nouncloseclose.cwrylvl
C:\ProgramData\Nouncloseclose.dgs6w33
C:\ProgramData\Nouncloseclose.dt6gf7j
C:\ProgramData\Nouncloseclose.eljmbxy
C:\ProgramData\Nouncloseclose.epgm24k
C:\ProgramData\Nouncloseclose.eyugyic
C:\ProgramData\Nouncloseclose.f3a2tdd
C:\ProgramData\Nouncloseclose.f5gnwck
C:\ProgramData\Nouncloseclose.fhumjp2
C:\ProgramData\Nouncloseclose.gii52tj
C:\ProgramData\Nouncloseclose.hcb6ti9
C:\ProgramData\Nouncloseclose.hjkwnmo
C:\ProgramData\Nouncloseclose.j22giq0
C:\ProgramData\Nouncloseclose.j5nldjc
C:\ProgramData\Nouncloseclose.kp1xhug
C:\ProgramData\Nouncloseclose.kp5kksh
C:\ProgramData\Nouncloseclose.ksegduo
C:\ProgramData\Nouncloseclose.lal6xdq
C:\ProgramData\Nouncloseclose.m2dgc0e
C:\ProgramData\Nouncloseclose.mg52nyf
C:\ProgramData\Nouncloseclose.mncxofy
C:\ProgramData\Nouncloseclose.mz7rymq
C:\ProgramData\Nouncloseclose.o18wgwq
C:\ProgramData\Nouncloseclose.onmsrq7
C:\ProgramData\Nouncloseclose.optvfsp
C:\ProgramData\Nouncloseclose.p8ddfaz
C:\ProgramData\Nouncloseclose.poofvm4
C:\ProgramData\Nouncloseclose.q1rczp4
C:\ProgramData\Nouncloseclose.q3hxqb1
C:\ProgramData\Nouncloseclose.rnh9vy9
C:\ProgramData\Nouncloseclose.roxqwn4
C:\ProgramData\Nouncloseclose.s02r9w2
C:\ProgramData\Nouncloseclose.s25myhv
C:\ProgramData\Nouncloseclose.sbs04jn
C:\ProgramData\Nouncloseclose.sd6gu9u
C:\ProgramData\Nouncloseclose.t15fbxw
C:\ProgramData\Nouncloseclose.tdzfubm
C:\ProgramData\Nouncloseclose.tpx35k2
C:\ProgramData\Nouncloseclose.trb7lgq
C:\ProgramData\Nouncloseclose.u6yzwdq
C:\ProgramData\Nouncloseclose.uhkcdvb
C:\ProgramData\Nouncloseclose.umwwnen
C:\ProgramData\Nouncloseclose.uvprixy
C:\ProgramData\Nouncloseclose.uxiu686
C:\ProgramData\Nouncloseclose.vrijt3p
C:\ProgramData\Nouncloseclose.vs5o02t
C:\ProgramData\Nouncloseclose.xn7czee
C:\ProgramData\Nouncloseclose.xrsh2ai
C:\ProgramData\Nouncloseclose.xvz8fti
C:\ProgramData\Nouncloseclose.y4ekheg
C:\ProgramData\Nouncloseclose.yawmzez
C:\ProgramData\Nouncloseclose.yn977sc
C:\ProgramData\Nouncloseclose.yww3nap
C:\ProgramData\Nouncloseclose.yx1ofoe
C:\ProgramData\Nouncloseclose.z1lqpv6
C:\ProgramData\Nouncloseclose.z6k8eb6
C:\ProgramData\Nouncloseclose.zljdv76
C:\ProgramData\Nouncloseclose.zm56pht
C:\ProgramData\Nouncloseclose.zq3phr1
C:\ProgramData\Nouncloseclose.zqlwqpy
C:\ProgramData\Nouncloseclose.zwcrfvw

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\ProgramData\Okay meta anti lite
C:\ProgramData\Okay meta anti lite\bib mfcd.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\BitDownload
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\BitDownload\BitDownload Downloads.lnk
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\BitDownload\BitDownload Uninstall.lnk
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\BitDownload\BitDownload.lnk
C:\Windows\Prefetch\BITDOWNLOAD.EXE-F407EECC.pf
C:\Users\alex\AppData\Roaming\MICROS~1\Windows\Cookies\alex@adopt.euroclick[1].txt

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ANTI LITE TITLE DEBUG"="\"C:\\ProgramData\\dart info extra.gfyru\""
"atom poll"="\"C:\\ProgramData\\Nouncloseclose.ivn06\""

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-12 12:55:02
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:101][D:9]-> C:\Users\alex\AppData\Local\Temp
[F:121][D:1]-> C:\Users\alex\AppData\Roaming\MICROS~1\Windows\Cookies
[F:302][D:6]-> C:\Users\alex\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:1][D:1]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 12/09/2008|12:56 - Option : [1]

--------------------\\ Fin du rapport a 12:56:15
[ UAC => 1 ]

matthieu

Réponse 2 / 3

Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537

Re,

Relance Lop S&D

Choisis cette fois ci l'Option 2 (Suppression)
Ne ferme pas la fenêtre lors de la suppression !
Poste le rapport généré (%SystemDrive%\lopR.txt)

(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

Remets aussi un rapport Hijackthis.

matthieu

voici le rapport lop, à suivre hijthis

--------------------\\ Lop S&D 4.2.4-2 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz )
BIOS : BIOS Date: 11/23/07 18:30:01 Ver: 08.00.15
USER : alex ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Activated)
Firewall : Norton Internet Security 2007 (Activated)

"C:\Lop SD" ( MAJ : 08-09-2008|21:40 )
Option : [2] ( 12/09/2008|13:18 )

[ UAC => 1 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\ProgramData\Okay meta anti lite\bib mfcd.exe
Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\BitDownload\BitDownload Downloads.lnk
Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\BitDownload\BitDownload Uninstall.lnk
Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\BitDownload\BitDownload.lnk
Supprime! - C:\Windows\Prefetch\BITDOWNLOAD.EXE-F407EECC.pf
Supprime! - C:\Users\alex\AppData\Roaming\MICROS~1\Windows\Cookies\alex@adopt.euroclick[1].txt
Supprime! - C:\ProgramData\dart info extra.gfyru
Supprime! - C:\ProgramData\Nouncloseclose.136ys
Supprime! - C:\ProgramData\Nouncloseclose.2ectz
Supprime! - C:\ProgramData\Nouncloseclose.3chs4
Supprime! - C:\ProgramData\Nouncloseclose.3m7j4
Supprime! - C:\ProgramData\Nouncloseclose.53ulh
Supprime! - C:\ProgramData\Nouncloseclose.6d2a6
Supprime! - C:\ProgramData\Nouncloseclose.78jl7
Supprime! - C:\ProgramData\Nouncloseclose.7kq8m
Supprime! - C:\ProgramData\Nouncloseclose.7uxu7
Supprime! - C:\ProgramData\Nouncloseclose.7v33j
Supprime! - C:\ProgramData\Nouncloseclose.86jia
Supprime! - C:\ProgramData\Nouncloseclose.8bucp
Supprime! - C:\ProgramData\Nouncloseclose.aewos
Supprime! - C:\ProgramData\Nouncloseclose.b5i1a
Supprime! - C:\ProgramData\Nouncloseclose.bsy20
Supprime! - C:\ProgramData\Nouncloseclose.cdl62
Supprime! - C:\ProgramData\Nouncloseclose.clf0h
Supprime! - C:\ProgramData\Nouncloseclose.cv2qt
Supprime! - C:\ProgramData\Nouncloseclose.cxrrn
Supprime! - C:\ProgramData\Nouncloseclose.d6lnb
Supprime! - C:\ProgramData\Nouncloseclose.dt6q9
Supprime! - C:\ProgramData\Nouncloseclose.fx7xp
Supprime! - C:\ProgramData\Nouncloseclose.gny1t
Supprime! - C:\ProgramData\Nouncloseclose.hg53w
Supprime! - C:\ProgramData\Nouncloseclose.hverd
Supprime! - C:\ProgramData\Nouncloseclose.i1dk3
Supprime! - C:\ProgramData\Nouncloseclose.i98s8
Supprime! - C:\ProgramData\Nouncloseclose.ijotm
Supprime! - C:\ProgramData\Nouncloseclose.ivn06
Supprime! - C:\ProgramData\Nouncloseclose.jclab
Supprime! - C:\ProgramData\Nouncloseclose.jq14a
Supprime! - C:\ProgramData\Nouncloseclose.jqf3a
Supprime! - C:\ProgramData\Nouncloseclose.k7zha
Supprime! - C:\ProgramData\Nouncloseclose.ka86o
Supprime! - C:\ProgramData\Nouncloseclose.kxa68
Supprime! - C:\ProgramData\Nouncloseclose.m87ki
Supprime! - C:\ProgramData\Nouncloseclose.n1umc
Supprime! - C:\ProgramData\Nouncloseclose.o577z
Supprime! - C:\ProgramData\Nouncloseclose.p3u5r
Supprime! - C:\ProgramData\Nouncloseclose.pciz0
Supprime! - C:\ProgramData\Nouncloseclose.q2xqj
Supprime! - C:\ProgramData\Nouncloseclose.q3ih3
Supprime! - C:\ProgramData\Nouncloseclose.q7jh9
Supprime! - C:\ProgramData\Nouncloseclose.qtqyh
Supprime! - C:\ProgramData\Nouncloseclose.rzs1q
Supprime! - C:\ProgramData\Nouncloseclose.thedy
Supprime! - C:\ProgramData\Nouncloseclose.tm3xg
Supprime! - C:\ProgramData\Nouncloseclose.tylyr
Supprime! - C:\ProgramData\Nouncloseclose.uqp2e
Supprime! - C:\ProgramData\Nouncloseclose.uvg1f
Supprime! - C:\ProgramData\Nouncloseclose.vwa1w
Supprime! - C:\ProgramData\Nouncloseclose.vy8o0
Supprime! - C:\ProgramData\Nouncloseclose.wnsl7
Supprime! - C:\ProgramData\Nouncloseclose.x96s4
Supprime! - C:\ProgramData\Nouncloseclose.xbg8r
Supprime! - C:\ProgramData\Nouncloseclose.y4oep
Supprime! - C:\ProgramData\Nouncloseclose.zew8r
Supprime! - C:\ProgramData\Nouncloseclose.zo2fa
Supprime! - C:\ProgramData\Nouncloseclose.2mkzkm
Supprime! - C:\ProgramData\Nouncloseclose.2ve5yo
Supprime! - C:\ProgramData\Nouncloseclose.32zohi
Supprime! - C:\ProgramData\Nouncloseclose.4stvm4
Supprime! - C:\ProgramData\Nouncloseclose.4yhdcm
Supprime! - C:\ProgramData\Nouncloseclose.4zx6o3
Supprime! - C:\ProgramData\Nouncloseclose.560v7r
Supprime! - C:\ProgramData\Nouncloseclose.5czy90
Supprime! - C:\ProgramData\Nouncloseclose.5j4lyf
Supprime! - C:\ProgramData\Nouncloseclose.6ry9f4
Supprime! - C:\ProgramData\Nouncloseclose.7h06sj
Supprime! - C:\ProgramData\Nouncloseclose.7uz890
Supprime! - C:\ProgramData\Nouncloseclose.83bzn1
Supprime! - C:\ProgramData\Nouncloseclose.8ecqjd
Supprime! - C:\ProgramData\Nouncloseclose.8tsawe
Supprime! - C:\ProgramData\Nouncloseclose.a9gyzs
Supprime! - C:\ProgramData\Nouncloseclose.b1c91o
Supprime! - C:\ProgramData\Nouncloseclose.ca49v2
Supprime! - C:\ProgramData\Nouncloseclose.ccqnsj
Supprime! - C:\ProgramData\Nouncloseclose.d67lw7
Supprime! - C:\ProgramData\Nouncloseclose.dvwpy3
Supprime! - C:\ProgramData\Nouncloseclose.ejxn4o
Supprime! - C:\ProgramData\Nouncloseclose.ep955x
Supprime! - C:\ProgramData\Nouncloseclose.f5mokh
Supprime! - C:\ProgramData\Nouncloseclose.fhy63v
Supprime! - C:\ProgramData\Nouncloseclose.gk3cod
Supprime! - C:\ProgramData\Nouncloseclose.hcc8vy
Supprime! - C:\ProgramData\Nouncloseclose.hk514c
Supprime! - C:\ProgramData\Nouncloseclose.i2npr5
Supprime! - C:\ProgramData\Nouncloseclose.jehlbu
Supprime! - C:\ProgramData\Nouncloseclose.jwv1ot
Supprime! - C:\ProgramData\Nouncloseclose.krbl7a
Supprime! - C:\ProgramData\Nouncloseclose.leaqfo
Supprime! - C:\ProgramData\Nouncloseclose.meki4a
Supprime! - C:\ProgramData\Nouncloseclose.mxgciv
Supprime! - C:\ProgramData\Nouncloseclose.p8j16v
Supprime! - C:\ProgramData\Nouncloseclose.ppaozc
Supprime! - C:\ProgramData\Nouncloseclose.pvy9h9
Supprime! - C:\ProgramData\Nouncloseclose.pwp38y
Supprime! - C:\ProgramData\Nouncloseclose.qxh3l2
Supprime! - C:\ProgramData\Nouncloseclose.qzkmxq
Supprime! - C:\ProgramData\Nouncloseclose.rcw25e
Supprime! - C:\ProgramData\Nouncloseclose.s0c9x6
Supprime! - C:\ProgramData\Nouncloseclose.se68ak
Supprime! - C:\ProgramData\Nouncloseclose.sp2w8i
Supprime! - C:\ProgramData\Nouncloseclose.tt9ezy
Supprime! - C:\ProgramData\Nouncloseclose.uirzzu
Supprime! - C:\ProgramData\Nouncloseclose.v1nqv0
Supprime! - C:\ProgramData\Nouncloseclose.vg3cnv
Supprime! - C:\ProgramData\Nouncloseclose.wax3qr
Supprime! - C:\ProgramData\Nouncloseclose.wdq0ng
Supprime! - C:\ProgramData\Nouncloseclose.wegncr
Supprime! - C:\ProgramData\Nouncloseclose.wzb2rg
Supprime! - C:\ProgramData\Nouncloseclose.xho2zm
Supprime! - C:\ProgramData\Nouncloseclose.xxie7u
Supprime! - C:\ProgramData\Nouncloseclose.xy66s8
Supprime! - C:\ProgramData\Nouncloseclose.yaqnqh
Supprime! - C:\ProgramData\Nouncloseclose.ykrs8t
Supprime! - C:\ProgramData\Nouncloseclose.ymp2af
Supprime! - C:\ProgramData\Nouncloseclose.zz3ekw
Supprime! - C:\ProgramData\Nouncloseclose.0jl28kp
Supprime! - C:\ProgramData\Nouncloseclose.1tzt0rj
Supprime! - C:\ProgramData\Nouncloseclose.2pzjssp
Supprime! - C:\ProgramData\Nouncloseclose.3q1bjrq
Supprime! - C:\ProgramData\Nouncloseclose.4pe9b9s
Supprime! - C:\ProgramData\Nouncloseclose.55lmuns
Supprime! - C:\ProgramData\Nouncloseclose.58fr3rr
Supprime! - C:\ProgramData\Nouncloseclose.6h7fwh7
Supprime! - C:\ProgramData\Nouncloseclose.6mqg82t
Supprime! - C:\ProgramData\Nouncloseclose.6xv6urj
Supprime! - C:\ProgramData\Nouncloseclose.7goqh2s
Supprime! - C:\ProgramData\Nouncloseclose.7s6oiko
Supprime! - C:\ProgramData\Nouncloseclose.7s73ha3
Supprime! - C:\ProgramData\Nouncloseclose.866oo5o
Supprime! - C:\ProgramData\Nouncloseclose.8tfsatf
Supprime! - C:\ProgramData\Nouncloseclose.9ho9aba
Supprime! - C:\ProgramData\Nouncloseclose.a5ay72a
Supprime! - C:\ProgramData\Nouncloseclose.a8a9oee
Supprime! - C:\ProgramData\Nouncloseclose.b8zas4s
Supprime! - C:\ProgramData\Nouncloseclose.bagw4n1
Supprime! - C:\ProgramData\Nouncloseclose.bbmg489
Supprime! - C:\ProgramData\Nouncloseclose.bmlyeb6
Supprime! - C:\ProgramData\Nouncloseclose.c0stiu8
Supprime! - C:\ProgramData\Nouncloseclose.ci12ll9
Supprime! - C:\ProgramData\Nouncloseclose.cofaz8j
Supprime! - C:\ProgramData\Nouncloseclose.cut7gxu
Supprime! - C:\ProgramData\Nouncloseclose.cwrylvl
Supprime! - C:\ProgramData\Nouncloseclose.dgs6w33
Supprime! - C:\ProgramData\Nouncloseclose.dt6gf7j
Supprime! - C:\ProgramData\Nouncloseclose.eljmbxy
Supprime! - C:\ProgramData\Nouncloseclose.epgm24k
Supprime! - C:\ProgramData\Nouncloseclose.eyugyic
Supprime! - C:\ProgramData\Nouncloseclose.f3a2tdd
Supprime! - C:\ProgramData\Nouncloseclose.f5gnwck
Supprime! - C:\ProgramData\Nouncloseclose.fhumjp2
Supprime! - C:\ProgramData\Nouncloseclose.gii52tj
Supprime! - C:\ProgramData\Nouncloseclose.hcb6ti9
Supprime! - C:\ProgramData\Nouncloseclose.hjkwnmo
Supprime! - C:\ProgramData\Nouncloseclose.j22giq0
Supprime! - C:\ProgramData\Nouncloseclose.j5nldjc
Supprime! - C:\ProgramData\Nouncloseclose.kp1xhug
Supprime! - C:\ProgramData\Nouncloseclose.kp5kksh
Supprime! - C:\ProgramData\Nouncloseclose.ksegduo
Supprime! - C:\ProgramData\Nouncloseclose.lal6xdq
Supprime! - C:\ProgramData\Nouncloseclose.m2dgc0e
Supprime! - C:\ProgramData\Nouncloseclose.mg52nyf
Supprime! - C:\ProgramData\Nouncloseclose.mncxofy
Supprime! - C:\ProgramData\Nouncloseclose.mz7rymq
Supprime! - C:\ProgramData\Nouncloseclose.o18wgwq
Supprime! - C:\ProgramData\Nouncloseclose.onmsrq7
Supprime! - C:\ProgramData\Nouncloseclose.optvfsp
Supprime! - C:\ProgramData\Nouncloseclose.p8ddfaz
Supprime! - C:\ProgramData\Nouncloseclose.poofvm4
Supprime! - C:\ProgramData\Nouncloseclose.q1rczp4
Supprime! - C:\ProgramData\Nouncloseclose.q3hxqb1
Supprime! - C:\ProgramData\Nouncloseclose.rnh9vy9
Supprime! - C:\ProgramData\Nouncloseclose.roxqwn4
Supprime! - C:\ProgramData\Nouncloseclose.s02r9w2
Supprime! - C:\ProgramData\Nouncloseclose.s25myhv
Supprime! - C:\ProgramData\Nouncloseclose.sbs04jn
Supprime! - C:\ProgramData\Nouncloseclose.sd6gu9u
Supprime! - C:\ProgramData\Nouncloseclose.t15fbxw
Supprime! - C:\ProgramData\Nouncloseclose.tdzfubm
Supprime! - C:\ProgramData\Nouncloseclose.tpx35k2
Supprime! - C:\ProgramData\Nouncloseclose.trb7lgq
Supprime! - C:\ProgramData\Nouncloseclose.u6yzwdq
Supprime! - C:\ProgramData\Nouncloseclose.uhkcdvb
Supprime! - C:\ProgramData\Nouncloseclose.umwwnen
Supprime! - C:\ProgramData\Nouncloseclose.uvprixy
Supprime! - C:\ProgramData\Nouncloseclose.uxiu686
Supprime! - C:\ProgramData\Nouncloseclose.vrijt3p
Supprime! - C:\ProgramData\Nouncloseclose.vs5o02t
Supprime! - C:\ProgramData\Nouncloseclose.xn7czee
Supprime! - C:\ProgramData\Nouncloseclose.xrsh2ai
Supprime! - C:\ProgramData\Nouncloseclose.xvz8fti
Supprime! - C:\ProgramData\Nouncloseclose.y4ekheg
Supprime! - C:\ProgramData\Nouncloseclose.yawmzez
Supprime! - C:\ProgramData\Nouncloseclose.yn977sc
Supprime! - C:\ProgramData\Nouncloseclose.yww3nap
Supprime! - C:\ProgramData\Nouncloseclose.yx1ofoe
Supprime! - C:\ProgramData\Nouncloseclose.z1lqpv6
Supprime! - C:\ProgramData\Nouncloseclose.z6k8eb6
Supprime! - C:\ProgramData\Nouncloseclose.zljdv76
Supprime! - C:\ProgramData\Nouncloseclose.zm56pht
Supprime! - C:\ProgramData\Nouncloseclose.zq3phr1
Supprime! - C:\ProgramData\Nouncloseclose.zqlwqpy
Supprime! - C:\ProgramData\Nouncloseclose.zwcrfvw
Supprime! - C:\ProgramData\Okay meta anti lite
Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\BitDownload
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans Local

[29/08/2008|13:47] C:\Users\alex\AppData\Local\Acer Arcade Live
[28/08/2008|15:40] C:\Users\alex\AppData\Local\Application Data
[28/08/2008|15:41] C:\Users\alex\AppData\Local\d3d9caps.dat
[04/09/2008|22:26] C:\Users\alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[28/08/2008|20:34] C:\Users\alex\AppData\Local\GDIPFONTCACHEV1.DAT
[28/08/2008|20:27] C:\Users\alex\AppData\Local\Google
[28/08/2008|15:40] C:\Users\alex\AppData\Local\Historique
[12/09/2008|10:16] C:\Users\alex\AppData\Local\IconCache.db
[11/09/2008|19:45] C:\Users\alex\AppData\Local\Microsoft
[29/08/2008|13:48] C:\Users\alex\AppData\Local\Microsoft Games
[28/08/2008|15:41] C:\Users\alex\AppData\Local\PlayMovie
[28/08/2008|15:41] C:\Users\alex\AppData\Local\PowerCinema
[12/09/2008|13:18] C:\Users\alex\AppData\Local\Temp
[28/08/2008|15:40] C:\Users\alex\AppData\Local\Temporary Internet Files
[28/08/2008|16:33] C:\Users\alex\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[12/09/2008 10:18][--a------] C:\Windows\tasks\Norton Internet Security - Analyse systŠme complŠte - alex.job
[12/09/2008 13:09][--a------] C:\Windows\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[12/09/2008 10:18][--ah-----] C:\Windows\tasks\SA.DAT
[12/09/2008 10:17][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[03/12/2007|10:42] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[03/12/2007|11:20] C:\ProgramData\Adobe
[02/11/2006|15:02] C:\ProgramData\Application Data
[28/08/2008|15:37] C:\ProgramData\Bureau
[28/08/2008|15:41] C:\ProgramData\CyberLink
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[29/08/2008|13:47] C:\ProgramData\eSobi
[28/08/2008|15:37] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[28/08/2008|20:23] C:\ProgramData\Google
[28/08/2008|15:37] C:\ProgramData\Menu D‚marrer
[28/08/2008|15:55] C:\ProgramData\Microsoft
[11/09/2008|10:38] C:\ProgramData\Microsoft Help
[28/08/2008|15:37] C:\ProgramData\ModŠles
[12/09/2008|13:13] C:\ProgramData\Nouncloseclose.vxnzomw
[28/08/2008|15:41] C:\ProgramData\NVIDIA
[02/11/2006|15:02] C:\ProgramData\Start Menu
[31/08/2008|00:38] C:\ProgramData\SweetIM
[12/09/2008|10:15] C:\ProgramData\Symantec
[02/11/2006|15:02] C:\ProgramData\Templates
[04/09/2008|22:22] C:\ProgramData\The Send
[28/08/2008|20:24] C:\ProgramData\WLInstaller
[28/08/2008|15:57] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing des dossiers dans C:\Program Files

[28/08/2008|15:40] C:\Program Files\Acer Arcade Live
[03/12/2007|11:08] C:\Program Files\Acer GameZone
[28/08/2008|15:44] C:\Program Files\Acer Inc
[03/12/2007|10:42] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[03/12/2007|11:19] C:\Program Files\Adobe
[28/08/2008|16:24] C:\Program Files\AIDA32 - Enterprise System Information
[28/08/2008|15:42] C:\Program Files\ATI
[28/08/2008|20:29] C:\Program Files\CCleaner
[12/09/2008|10:12] C:\Program Files\Common Files
[03/12/2007|10:59] C:\Program Files\CyberLink
[28/08/2008|15:59] C:\Program Files\Daren Softwares
[28/08/2008|15:58] C:\Program Files\DivX
[28/08/2008|16:22] C:\Program Files\DivXCodec
[28/08/2008|23:11] C:\Program Files\EoRezo
[03/12/2007|11:08] C:\Program Files\eSobi
[28/08/2008|15:37] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[29/08/2008|00:11] C:\Program Files\Google
[28/08/2008|20:34] C:\Program Files\Guitar Pro 5
[28/08/2008|15:44] C:\Program Files\InstallShield Installation Information
[29/08/2008|00:09] C:\Program Files\Internet Explorer
[28/08/2008|23:11] C:\Program Files\ItsLabel
[28/08/2008|20:21] C:\Program Files\Java
[28/08/2008|15:55] C:\Program Files\Lavasoft
[28/08/2008|16:04] C:\Program Files\LimeWire
[28/08/2008|21:02] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[03/12/2007|10:42] C:\Program Files\Microsoft Office
[28/08/2008|23:40] C:\Program Files\Microsoft SQL Server Compact Edition
[11/09/2008|10:36] C:\Program Files\Microsoft Works
[03/12/2007|10:39] C:\Program Files\Microsoft.NET
[02/11/2006|14:42] C:\Program Files\Movie Maker
[02/11/2006|14:37] C:\Program Files\MSBuild
[02/11/2006|14:37] C:\Program Files\MSN
[03/12/2007|10:06] C:\Program Files\MSXML 4.0
[28/08/2008|20:15] C:\Program Files\Neuf
[03/12/2007|10:47] C:\Program Files\NewTech Infosystems
[12/09/2008|10:18] C:\Program Files\Norton Internet Security
[01/09/2008|16:43] C:\Program Files\PC Camera
[28/08/2008|16:05] C:\Program Files\RAM Booster Pro
[03/12/2007|10:34] C:\Program Files\Realtek
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[28/08/2008|16:22] C:\Program Files\Rippackv3
[28/08/2008|15:56] C:\Program Files\SuperCopier2
[31/08/2008|00:38] C:\Program Files\SweetIM
[12/09/2008|10:13] C:\Program Files\Symantec
[12/09/2008|11:54] C:\Program Files\Trend Micro
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[28/08/2008|15:57] C:\Program Files\VideoLAN
[28/08/2008|16:25] C:\Program Files\Winamp
[03/12/2007|10:25] C:\Program Files\Windows Calendar
[02/11/2006|14:42] C:\Program Files\Windows Collaboration
[03/12/2007|10:25] C:\Program Files\Windows Defender
[02/11/2006|14:42] C:\Program Files\Windows Journal
[30/08/2008|12:22] C:\Program Files\Windows Live
[28/08/2008|23:59] C:\Program Files\Windows Live Favorites
[28/08/2008|23:59] C:\Program Files\Windows Live Toolbar
[03/12/2007|10:25] C:\Program Files\Windows Mail
[03/12/2007|10:25] C:\Program Files\Windows Media Player
[28/08/2008|15:37] C:\Program Files\Windows NT
[02/11/2006|14:42] C:\Program Files\Windows Photo Gallery
[29/08/2008|00:09] C:\Program Files\Windows Sidebar
[28/08/2008|16:25] C:\Program Files\WinRAR
[28/08/2008|15:40] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[03/12/2007|11:19] C:\Program Files\Common Files\Adobe
[03/12/2007|10:39] C:\Program Files\Common Files\DESIGNER
[03/12/2007|10:59] C:\Program Files\Common Files\InstallShield
[28/08/2008|20:20] C:\Program Files\Common Files\Java
[03/12/2007|10:47] C:\Program Files\Common Files\LightScribe
[28/08/2008|20:53] C:\Program Files\Common Files\microsoft shared
[03/12/2007|10:46] C:\Program Files\Common Files\muvee Technologies
[03/12/2007|10:47] C:\Program Files\Common Files\NewTech Infosystems
[03/12/2007|11:03] C:\Program Files\Common Files\Oberon Media
[28/08/2008|15:58] C:\Program Files\Common Files\PX Storage Engine
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[12/09/2008|10:18] C:\Program Files\Common Files\Symantec Shared
[03/12/2007|10:25] C:\Program Files\Common Files\System
[28/08/2008|20:32] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 72 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

C:\ProgramData\Nouncloseclose.vxnzomw

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-12 13:19:53
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:99][D:10]-> C:\Users\alex\AppData\Local\Temp
[F:124][D:1]-> C:\Users\alex\AppData\Roaming\MICROS~1\Windows\Cookies
[F:302][D:6]-> C:\Users\alex\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:1][D:1]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 12/09/2008|12:56 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 12/09/2008|13:21 - Option : [2]

--------------------\\ Fin du rapport a 13:21:05
[ UAC => 1 ]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:59, on 12/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Contrôle parental\fssui.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Explorer Class - {CD3EBD6D-75C3-11D4-AA9D-0000E8EB9341} - C:\Windows\system32\PAGEBEAMER_V2.DLL
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [RAMBoosterPro] "C:\Program Files\RAM Booster Pro\RAMBoosterPro.exe" auto
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [atom poll] "C:\ProgramData\Nouncloseclose.onmsrq7"
O4 - HKLM\..\Run: [ANTI LITE TITLE DEBUG] "C:\ProgramData\dart info extra.gfyru"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1219944130978&h=16592717b134907cb07f505cfe271407/&filename=jinstall-6u7-windows-i586-jc.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

Réponse 3 / 3

Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537

Re,

je regarde ça ce soir.

Pour toi qui semble un adepte du P2P, je te laisse lire ceci :

http://www.libellules.ch/...

matthieu

ok merci à plus !!

Discussions similaires

Encore les CiD

appel intrusif sur Skype

CiD

comment donner les droits sur fichier partage

Problème CiD

Aide infection svp[CID, tojan...]

3 réponses

Votre réponse

Discussions similaires

Newsletters