fenetre puiblicitaire Fermé

Question

Bonjour,
des fenetre de pub apparraissene en quantite industrielle puis mon micro parfois se fige 
voici un rapport de hisjackthis juste apre le demarrage (sous windows xp)
pouvez vous m'aider SVP
Alain

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:40:54, on 30/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Bertrand\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7
tiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Vga Multi Creative Amen] C:\Documents and Settings\All Users\Application Data\Bird audio vga multi\Type Tool.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data	hird lies itch ford\book cash.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [morewin] C:\DOCUME~1\Bertrand\APPLIC~1\GRAMVI~1\mpeg heck.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [A00F4B9C81.exe] C:\DOCUME~1\Bertrand\LOCALS~1\Temp\_A00F4B9C81.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBD21726-0C4F-4AC6-8097-F264A1CA9046}: NameServer = 80.10.246.2,80.10.246.129
O20 - AppInit_DLLs: amwqll.dll qvyflq.dll azdpxc.dll wpetzo.dll udpewc.dll ygwovw.dll kylbde.dll qwlfdp.dll cyoegx.dll lndvpx.dll,C:\WINDOWS\System32\chkuqsru32.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

Utilisateur anonyme · Answer

Salut,

télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2 

* Double-clique dessus pour lancer l'installation 
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau 
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche) 
* Patiente jusqu'à la fin du scan 
* Poste le rapport généré (C:\lopR.txt)

audreyalain · Answer

voici le rapport 
poiur info avant de faire tourner ce programme j'ai fait tourner Malwarebytes(pour l'instant je n'ai plus de pug ?)

cordialement 
AA



   --------------------\  Lop S&D 4.2.4-4   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
   X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ )
   BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
   USER : Bertrand ( Administrator )
   BOOT : Normal boot
   C:\ (Local Disk) - NTFS - Total : 145 Go Free : 103 Go
   D:\ (Local Disk) - FAT32 - Total : 146 Go Free : 146 Go
   E:\ (CD or DVD) - UDF - Total : 0 Go Free : 0 Go
   F:\ (USB)
   G:\ (USB)
   H:\ (USB)
   I:\ (USB)

   "C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
   Option : [1] ( 30/09/2008|16:24 )
 
   --------------------\  Listing des dossiers dans APPLIC~1  

   [15/10/2006|05:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
   [15/10/2006|05:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
   [30/09/2008|15:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
   [15/10/2006|18:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

   [21/08/2008|12:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [07/07/2007|17:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
   [07/07/2007|17:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [10/06/2007|18:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bird audio vga multi
   [21/01/2007|22:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
   [29/05/2008|19:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ENJOY Plus!
   [22/03/2007|19:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
   [30/09/2008|15:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [19/03/2007|22:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
   [29/09/2007|14:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [14/09/2007|13:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\RealBashMeetLicense
   [05/09/2007|13:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
   [27/12/2006|15:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
   [27/12/2006|15:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
   [26/12/2006|16:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
   [30/09/2008|16:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\third lies itch ford
   [05/07/2007|14:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [13/03/2008|15:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
   [26/12/2006|16:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

   [09/01/2007|21:55] C:\DOCUME~1\Bertrand\APPLIC~1\Adobe
   [22/08/2008|11:06] C:\DOCUME~1\Bertrand\APPLIC~1\AdobeUM
   [16/07/2008|12:23] C:\DOCUME~1\Bertrand\APPLIC~1\Apple Computer
   [31/01/2007|16:34] C:\DOCUME~1\Bertrand\APPLIC~1\ArcSoft
   [25/09/2008|20:14] C:\DOCUME~1\Bertrand\APPLIC~1\Canon
   [29/02/2008|17:56] C:\DOCUME~1\Bertrand\APPLIC~1\CyberLink
   [29/05/2008|19:07] C:\DOCUME~1\Bertrand\APPLIC~1\ENJOY Plus!
   [30/09/2008|16:13] C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4
   [22/01/2007|22:17] C:\DOCUME~1\Bertrand\APPLIC~1\Help
   [15/10/2006|05:05] C:\DOCUME~1\Bertrand\APPLIC~1\Identities
   [06/09/2008|19:48] C:\DOCUME~1\Bertrand\APPLIC~1\LimeWire
   [15/10/2006|05:05] C:\DOCUME~1\Bertrand\APPLIC~1\Macromedia
   [30/09/2008|16:05] C:\DOCUME~1\Bertrand\APPLIC~1\Malwarebytes
   [05/03/2008|15:06] C:\DOCUME~1\Bertrand\APPLIC~1\Microsoft
   [27/12/2006|15:58] C:\DOCUME~1\Bertrand\APPLIC~1\Microsoft Web Folders
   [26/08/2008|19:13] C:\DOCUME~1\Bertrand\APPLIC~1\Mozilla
   [30/09/2008|15:38] C:\DOCUME~1\Bertrand\APPLIC~1\OpenOffice.org2
   [27/12/2006|15:39] C:\DOCUME~1\Bertrand\APPLIC~1\ScanSoft
   [06/05/2007|19:26] C:\DOCUME~1\Bertrand\APPLIC~1\Screenshot Sender
   [17/01/2007|15:35] C:\DOCUME~1\Bertrand\APPLIC~1\Sun
   [27/12/2006|21:29] C:\DOCUME~1\Bertrand\APPLIC~1\Talkback

   [15/10/2006|05:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
   [15/10/2006|05:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
   [15/10/2006|18:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

   [15/10/2006|05:05] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [15/10/2006|05:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
 
   --------------------\  Tâches planifiées dans C:\WINDOWS\tasks

   [30/09/2008 16:13][--ah-----] C:\WINDOWS\tasks\A45A4D449185C83C.job
   [29/08/2008 15:52][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
   [30/09/2008 16:17][--ah-----] C:\WINDOWS\tasks\SA.DAT
   [10/08/2004 22:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

   ( A45A4D449185C83C.job )=( c:\docume~1\bertrand\applic~1\gramvi~1\meetonegrim.exe )

   --------------------\  Listing des dossiers dans C:\Program Files

   [15/10/2006|05:06] C:\Program Files\Acer WLAN 11g USB Dongle
   [15/10/2006|05:06] C:\Program Files\Adobe
   [25/03/2007|20:09] C:\Program Files\Adverts
   [07/06/2008|13:23] C:\Program Files\Apple Software Update
   [27/12/2006|15:37] C:\Program Files\ArcSoft
   [04/03/2008|20:42] C:\Program Files\Astase
   [24/12/2007|15:43] C:\Program Files\Atari
   [17/02/2008|13:54] C:\Program Files\AxBx
   [24/09/2007|18:01] C:\Program Files\Babylon
   [16/07/2008|12:32] C:\Program Files\Bonjour
   [27/12/2006|15:39] C:\Program Files\Canon
   [15/10/2006|05:06] C:\Program Files\commercial
   [11/08/2006|19:27] C:\Program Files\ComPlus Applications
   [15/10/2006|05:06] C:\Program Files\CyberLink
   [21/06/2008|17:19] C:\Program Files\Datel
   [15/10/2006|05:06] C:\Program Files\DIFX
   [14/09/2008|19:00] C:\Program Files\EA GAMES
   [12/07/2007|16:21] C:\Program Files\Eidos Interactive
   [29/05/2008|19:07] C:\Program Files\ENJOY Plus!
   [21/08/2008|12:50] C:\Program Files\Fichiers communs
   [15/10/2006|05:06] C:\Program Files\FrenchOtto
   [23/09/2007|12:31] C:\Program Files\GedonSoft
   [15/10/2006|05:06] C:\Program Files\GemMasterFrench
   [29/09/2008|20:32] C:\Program Files\GeoGebra
   [07/02/2007|16:40] C:\Program Files\Google
   [30/09/2008|16:11] C:\Program Files\Gram View 4
   [20/01/2007|13:47] C:\Program Files\Infogrames
   [02/02/2007|20:26] C:\Program Files\InstallShield Installation Information
   [11/06/2008|21:50] C:\Program Files\Internet Explorer
   [16/07/2008|12:33] C:\Program Files\iPod
   [16/07/2008|12:33] C:\Program Files\iTunes
   [26/12/2006|15:43] C:\Program Files\Java
   [30/07/2008|18:51] C:\Program Files\LimeWire
   [30/09/2008|16:03] C:\Program Files\Malwarebytes' Anti-Malware
   [15/10/2006|05:06] C:\Program Files\Messenger
   [30/03/2008|20:31] C:\Program Files\Messenger Plus! Live
   [30/09/2007|22:21] C:\Program Files\Microsoft CAPICOM 2.1.0.2
   [15/10/2006|05:06] C:\Program Files\microsoft frontpage
   [09/01/2008|20:12] C:\Program Files\Microsoft Games
   [03/01/2007|16:37] C:\Program Files\Microsoft Money
   [27/12/2006|15:58] C:\Program Files\Microsoft Office
   [27/12/2006|15:59] C:\Program Files\Microsoft Visual Studio
   [15/10/2006|05:06] C:\Program Files\Movie Maker
   [30/09/2008|16:19] C:\Program Files\Mozilla Firefox
   [15/10/2006|05:06] C:\Program Files\MSN
   [15/10/2006|05:06] C:\Program Files\MSN Gaming Zone
   [24/09/2007|21:45] C:\Program Files\MSXML 4.0
   [15/10/2006|05:06] C:\Program Files\NetMeeting
   [15/10/2006|05:06] C:\Program Files\NewTech Infosystems
   [11/02/2008|12:34] C:\Program Files\NRJ
   [15/10/2006|05:07] C:\Program Files\Oca History Tool
   [15/10/2006|05:07] C:\Program Files\Online Services
   [13/12/2007|20:23] C:\Program Files\OpenOffice.org 2.3
   [20/06/2007|23:13] C:\Program Files\Outlook Express
   [22/01/2007|22:10] C:\Program Files\PC Camer@
   [27/12/2006|17:02] C:\Program Files\PhotoFiltre
   [17/06/2008|16:15] C:\Program Files\PhotoRedukto
   [07/12/2007|20:30] C:\Program Files\Picasa2
   [16/07/2008|12:32] C:\Program Files\QuickTime
   [10/02/2007|20:19] C:\Program Files\QuickZip4
   [15/12/2007|15:29] C:\Program Files\RabGeom
   [22/09/2007|19:45] C:\Program Files\Race - The WTCC Game
   [15/10/2006|05:07] C:\Program Files\Realtek
   [16/07/2008|12:17] C:\Program Files\Safari
   [27/12/2006|15:38] C:\Program Files\ScanSoft
   [02/02/2007|20:26] C:\Program Files\Serif
   [15/10/2006|05:07] C:\Program Files\Services en ligne
   [10/01/2008|19:39] C:\Program Files\Sierra On-Line
   [30/09/2008|16:14] C:\Program Files\Steam
   [11/08/2006|19:40] C:\Program Files\Uninstall Information
   [29/09/2007|14:28] C:\Program Files\Windows Live
   [05/07/2007|14:20] C:\Program Files\Windows Media Connect 2
   [05/07/2007|14:23] C:\Program Files\Windows Media Player
   [15/10/2006|05:07] C:\Program Files\Windows NT
   [15/10/2006|05:07] C:\Program Files\Windows Plus
   [11/08/2006|19:28] C:\Program Files\WindowsUpdate
   [15/10/2006|05:07] C:\Program Files\xerox
   [26/12/2006|15:51] C:\Program Files\Yahoo!
   [28/09/2008|12:54] C:\Program Files\Zero G Registry

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [21/08/2008|12:50] C:\Program Files\Fichiers communs\Adobe
   [07/07/2007|17:48] C:\Program Files\Fichiers communs\Apple
   [27/12/2006|15:59] C:\Program Files\Fichiers communs\Designer
   [15/10/2006|05:06] C:\Program Files\Fichiers communs\InstallShield
   [26/12/2006|15:43] C:\Program Files\Fichiers communs\Java
   [15/10/2006|05:06] C:\Program Files\Fichiers communs\LightScribe
   [13/03/2008|15:21] C:\Program Files\Fichiers communs\Microsoft Shared
   [15/10/2006|05:06] C:\Program Files\Fichiers communs\MSSoap
   [15/10/2006|05:06] C:\Program Files\Fichiers communs\muvee Technologies
   [15/10/2006|05:06] C:\Program Files\Fichiers communs\NewTech Infosystems
   [15/10/2006|05:06] C:\Program Files\Fichiers communs\ODBC
   [22/01/2007|22:10] C:\Program Files\Fichiers communs\PCCamera
   [27/12/2006|15:39] C:\Program Files\Fichiers communs\ScanSoft Shared
   [15/10/2006|05:06] C:\Program Files\Fichiers communs\Services
   [15/10/2006|05:06] C:\Program Files\Fichiers communs\SpeechEngines
   [26/12/2006|16:04] C:\Program Files\Fichiers communs\Symantec Shared
   [20/06/2007|23:13] C:\Program Files\Fichiers communs\System
   [13/03/2008|15:20] C:\Program Files\Fichiers communs\WindowsLiveInstaller

   --------------------\  Process

   ( 44 Processes )

   iexplore.exe ~ [PID:984]
   iexplore.exe ~ [PID:1160]
   iexplore.exe ~ [PID:1408]

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4
   C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\dnpvvclc.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\efvcceat.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\eiwcpojz.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\enghirgp.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\hbariddm.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\iemzqwzh.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\jqikpmvk.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\meetonegrim.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\mpeg heck.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\pfcbsjpt.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\pnixznmw.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\ronqdeys.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\spoerpet.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\szxvqcso.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\uploadsettingsfacehole.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\uqffuzsb.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\vkkqokzr.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\vlhlxyqf.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\wwuyakgr.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\xvqbksnz.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\ydfjzyny.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\ygsnkcco.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\zkozunww.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\zlaiqwtx.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\zpjfnqui.exe
   C:\Program Files\Gram View 4
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\third lies itch ford
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\third lies itch ford\book cash.exe
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\third lies itch ford\DUMB LONG.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\gramvi~1
   C:\DOCUME~1\Bertrand\APPLIC~1\gramvi~1\dnpvvclc.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\gramvi~1\efvcceat.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\gramvi~1\eiwcpojz.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\gramvi~1\enghirgp.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\gramvi~1\hbariddm.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\gramvi~1\iemzqwzh.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\gramvi~1\jqikpmvk.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\gramvi~1\meetonegrim.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\gramvi~1\mpeg heck.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\gramvi~1\pfcbsjpt.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\gramvi~1\pnixznmw.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\gramvi~1\ronqdeys.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\gramvi~1\spoerpet.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\gramvi~1\szxvqcso.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\gramvi~1\uploadsettingsfacehole.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\gramvi~1\uqffuzsb.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\gramvi~1\vkkqokzr.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\gramvi~1\vlhlxyqf.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\gramvi~1\wwuyakgr.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\gramvi~1\xvqbksnz.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\gramvi~1\ydfjzyny.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\gramvi~1\ygsnkcco.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\gramvi~1\zkozunww.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\gramvi~1\zlaiqwtx.exe
   C:\DOCUME~1\Bertrand\APPLIC~1\gramvi~1\zpjfnqui.exe
   C:\Program Files\gramvi~1
   C:\Program Files\Adverts
   C:\Program Files\Adverts\uninst.exe
   C:\DOCUME~1\Bertrand\Cookies\bertrand@adserver.advertstream[1].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@advertstream[2].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@www.adserver5[1].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@adultfriendfinder[2].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@advertising[1].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@advertising[2].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@adin.bigpoint[1].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@bigpoint[1].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@bigpoint[3].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@bigpoint[4].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@es.bigpoint[1].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@es.bigpoint[2].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@fr.seafight.bigpoint[1].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@fr.seafight.bigpoint[2].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@fr.thepimps.bigpoint[2].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@fr1.darkorbit.bigpoint[1].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@fr1.seafight.bigpoint[2].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@www.bigpoint[2].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@www.bigpoint[3].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@banner.casinoking[2].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@casinoking[1].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@banner.cotedazurpalace[2].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@cotedazurpalace[2].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@cotedazurpalace[3].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@www.cotedazurpalace[1].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@adopt.euroclick[2].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@sr2.livemediasrv[1].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@pacificpoker[1].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@partygaming.122.2o7[2].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@partypoker[1].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@partypoker[2].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@partypoker[3].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@partypoker[4].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@partypoker[5].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@partypoker[6].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@partypoker[7].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@partypoker[8].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@partypoker[9].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@fr.seafight.bigpoint[1].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@fr.seafight.bigpoint[2].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@fr1.seafight.bigpoint[2].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@seafight[1].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@32vegas[1].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@32vegas[2].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@32vegas[3].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@32vegas[4].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@32vegas[5].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@banner.32vegas[2].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@cachewww.32vegas[1].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@vegas-millions[2].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@vegasred[1].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@www.vegas-millions[1].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@www.vegasaffiliates[2].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@www.vegasred[2].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@www.lop[2].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@2xmoinscher[1].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@cc.2xmoinscher[1].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@www.2xmoinscher[2].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@888[1].txt
   C:\DOCUME~1\Bertrand\Cookies\bertrand@888[2].txt
   C:\WINDOWS\Tasks\A45A4D449185C83C.job
 
   --------------------\  Verification du Registre

   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
   "morewin"="C:\DOCUME~1\Bertrand\APPLIC~1\GRAMVI~1\mpeg heck.exe"

   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   "Itch ford four knob"="C:\Documents and Settings\All Users\Application Data\third lies itch ford\DUMB LONG.exe"

   --------------------\  Verification du fichier Hosts

   Fichier Hosts MODIFIE

   127.0.0.1 bin.errorprotector.com ## added by CiD
   127.0.0.1 br.errorsafe.com ## added by CiD
   127.0.0.1 br.winantivirus.com ## added by CiD
   127.0.0.1 br.winfixer.com ## added by CiD
   127.0.0.1 cdn.drivecleaner.com ## added by CiD
   127.0.0.1 cdn.errorsafe.com ## added by CiD
   127.0.0.1 cdn.winsoftware.com ## added by CiD
   127.0.0.1 de.errorsafe.com ## added by CiD
   127.0.0.1 de.winantivirus.com ## added by CiD
   127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
   127.0.0.1 download.cdn.errorsafe.com ## added by CiD
   127.0.0.1 download.cdn.winsoftware.com ## added by CiD
   127.0.0.1 download.errorsafe.com ## added by CiD
   127.0.0.1 download.systemdoctor.com ## added by CiD
   127.0.0.1 download.winantispyware.com ## added by CiD
   127.0.0.1 download.windrivecleaner.com ## added by CiD
   127.0.0.1 download.winfixer.com ## added by CiD
   127.0.0.1 drivecleaner.com ## added by CiD
   127.0.0.1 dynamique.drivecleaner.com ## added by CiD
   127.0.0.1 errorprotector.com ## added by CiD
   127.0.0.1 errorsafe.com ## added by CiD
   127.0.0.1 es.winantivirus.com ## added by CiD
   127.0.0.1 fr.winantivirus.com ## added by CiD
   127.0.0.1 fr.winfixer.com ## added by CiD
   127.0.0.1 go.drivecleaner.com ## added by CiD
   127.0.0.1 go.errorsafe.com ## added by CiD
   127.0.0.1 go.winantispyware.com ## added by CiD
   127.0.0.1 go.winantivirus.com ## added by CiD
   127.0.0.1 hk.winantivirus.com ## added by CiD
   127.0.0.1 instlog.errorsafe.com ## added by CiD
   127.0.0.1 instlog.winantivirus.com ## added by CiD
   127.0.0.1 instlog.winfixer.com ## added by CiD
   127.0.0.1 jsp.drivecleaner.com ## added by CiD
   127.0.0.1 kb.errorsafe.com ## added by CiD
   127.0.0.1 kb.winantivirus.com ## added by CiD
   127.0.0.1 nl.errorsafe.com ## added by CiD
   127.0.0.1 se.errorsafe.com ## added by CiD
   127.0.0.1 secure.drivecleaner.com ## added by CiD
   127.0.0.1 secure.errorsafe.com ## added by CiD
   127.0.0.1 secure.winantispam.com ## added by CiD
   127.0.0.1 secure.winantispy.com ## added by CiD
   127.0.0.1 secure.winantivirus.com ## added by CiD
   127.0.0.1 support.winantivirus.com ## added by CiD
   127.0.0.1 trial.updates.winsoftware.com ## added by CiD
   127.0.0.1 ulog.winantivirus.com ## added by CiD
   127.0.0.1 utils.errorsafe.com ## added by CiD
   127.0.0.1 utils.winantivirus.com ## added by CiD
   127.0.0.1 utils.winfixer.com ## added by CiD
   127.0.0.1 winantispyware.com ## added by CiD
   127.0.0.1 winantivirus.com ## added by CiD
   127.0.0.1 winfixer.com ## added by CiD
   127.0.0.1 winfixer2006.com ## added by CiD
   127.0.0.1 winsoftware.com ## added by CiD
   127.0.0.1 [i]ww/iw.drivecleaner.com ## added by CiD
   127.0.0.1 [i]ww/iw.errorprotector.com ## added by CiD
   127.0.0.1 [i]ww/iw.errorsafe.com ## added by CiD
   127.0.0.1 [i]ww/iw.systemdoctor.com ## added by CiD
   127.0.0.1 [i]ww/iw.utils.winfixer.com ## added by CiD
   127.0.0.1 [i]ww/iw.win-anti-virus-pro.com ## added by CiD
   127.0.0.1 [i]ww/iw.win-virus-pro.com ## added by CiD
   127.0.0.1 [i]ww/iw.winantispam.com ## added by CiD
   127.0.0.1 [i]ww/iw.winantispy.com ## added by CiD
   127.0.0.1 [i]ww/iw.winantispyware.com ## added by CiD
   127.0.0.1 [i]ww/iw.winantivirus.com ## added by CiD
   127.0.0.1 [i]ww/iw.winantiviruspro.com ## added by CiD
   127.0.0.1 [i]ww/iw.windrivecleaner.com ## added by CiD
   127.0.0.1 [i]ww/iw.windrivesafe.com ## added by CiD
   127.0.0.1 [i]ww/iw.winfixer.com ## added by CiD
   127.0.0.1 [i]ww/iw.winfixer2006.com ## added by CiD
   127.0.0.1 [i]ww/iw.winsoftware.com ## added by CiD

   -> 72 [ 70 ## added by CiD ]

   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-09-30 16:25:39
   Windows 5.1.2600 Service Pack 2 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   C:\DOCUME~1\Bertrand\LOCALS~1\APPLIC~1\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1091 bytes hidden from API
   scan completed successfully
   hidden processes: 0
   hidden files: 81
 
   --------------------\  Recherche d'autres infections

   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\Bertrand\Mes documents\Ma musique\zik\(06) [Lunaman] Nutcracka (Stormtraxx remix).mp3


   [F:306][D:35]-> C:\DOCUME~1\Bertrand\LOCALS~1\Temp
   [F:1282][D:0]-> C:\DOCUME~1\Bertrand\Cookies
   [F:1031][D:8]-> C:\DOCUME~1\Bertrand\LOCALS~1\TEMPOR~1\content.IE5

   1 - "C:\Lop SD\LopR_1.txt" - 30/09/2008|16:30 - Option : [1]

   --------------------\  Fin du rapport a 16:30:00

Utilisateur anonyme · Answer

Relance Lop S&D 


* Choisis cette fois ci l'Option 2 (Suppression) 
* Ne ferme pas la fenêtre lors de la suppression ! 
* Poste le rapport généré (C:\lopR.txt)

audreyalain · Answer

voila ca le rapport demande 
cordialement


   --------------------\  Lop S&D 4.2.4-4   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
   X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ )
   BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
   USER : Bertrand ( Administrator )
   BOOT : Normal boot
   C:\ (Local Disk) - NTFS - Total : 145 Go Free : 105 Go
   D:\ (Local Disk) - FAT32 - Total : 146 Go Free : 146 Go
   E:\ (CD or DVD) - UDF - Total : 0 Go Free : 0 Go
   F:\ (USB)
   G:\ (USB)
   H:\ (USB)
   I:\ (USB)
   J:\ (USB) - FAT - Total : 249 Mo Free : 0 Go

   "C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
   Option : [2] ( 30/09/2008|17:23 )


   \\\\\\\\\\\\\\\ SUPPRESSION

   Supprime! - C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\dnpvvclc.exe
   Supprime! - C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\efvcceat.exe
   Supprime! - C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\eiwcpojz.exe
   Supprime! - C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\enghirgp.exe
   Supprime! - C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\hbariddm.exe
   Supprime! - C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\iemzqwzh.exe
   Supprime! - C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\jqikpmvk.exe
   Supprime! - C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\meetonegrim.exe
   Supprime! - C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\mpeg heck.exe
   Supprime! - C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\pfcbsjpt.exe
   Supprime! - C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\pnixznmw.exe
   Supprime! - C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\ronqdeys.exe
   Supprime! - C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\spoerpet.exe
   Supprime! - C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\szxvqcso.exe
   Supprime! - C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\uploadsettingsfacehole.exe
   Supprime! - C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\uqffuzsb.exe
   Supprime! - C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\vkkqokzr.exe
   Supprime! - C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\vlhlxyqf.exe
   Supprime! - C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\wwuyakgr.exe
   Supprime! - C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\xvqbksnz.exe
   Supprime! - C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\ydfjzyny.exe
   Supprime! - C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\ygsnkcco.exe
   Supprime! - C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\zkozunww.exe
   Supprime! - C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\zlaiqwtx.exe
   Supprime! - C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\zpjfnqui.exe
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\third lies itch ford\book cash.exe
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\third lies itch ford\DUMB LONG.exe
   Supprime! - C:\Program Files\Adverts\uninst.exe
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@adserver.advertstream[1].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@advertstream[2].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@www.adserver5[1].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@adultfriendfinder[2].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@advertising[1].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@advertising[2].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@adin.bigpoint[1].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@bigpoint[1].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@bigpoint[3].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@bigpoint[4].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@es.bigpoint[1].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@es.bigpoint[2].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@fr.seafight.bigpoint[1].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@fr.seafight.bigpoint[2].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@fr.thepimps.bigpoint[2].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@fr1.darkorbit.bigpoint[1].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@fr1.seafight.bigpoint[2].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@www.bigpoint[2].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@www.bigpoint[3].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@banner.casinoking[2].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@casinoking[1].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@banner.cotedazurpalace[2].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@cotedazurpalace[2].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@cotedazurpalace[3].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@www.cotedazurpalace[1].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@adopt.euroclick[2].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@sr2.livemediasrv[1].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@pacificpoker[1].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@partygaming.122.2o7[2].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@partypoker[1].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@partypoker[2].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@partypoker[3].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@partypoker[4].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@partypoker[5].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@partypoker[6].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@partypoker[7].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@partypoker[8].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@partypoker[9].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@seafight[1].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@32vegas[1].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@32vegas[2].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@32vegas[3].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@32vegas[4].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@32vegas[5].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@banner.32vegas[2].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@cachewww.32vegas[1].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@vegas-millions[2].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@vegasred[1].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@www.vegas-millions[1].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@www.vegasaffiliates[2].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@www.vegasred[2].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@www.lop[2].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@2xmoinscher[1].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@cc.2xmoinscher[1].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@www.2xmoinscher[2].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@888[1].txt
   Supprime! - C:\DOCUME~1\Bertrand\Cookies\bertrand@888[2].txt
   Supprime! - C:\WINDOWS\Tasks\A45A4D449185C83C.job 
   Supprime! - C:\DOCUME~1\Bertrand\APPLIC~1\Gram View 4
   Supprime! - C:\Program Files\Gram View 4
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\third lies itch ford
   Supprime! - C:\Program Files\Adverts
   -
   [ Fichier Hosts ] .. Restaure!
 
   \\\\\\\\\\\\\\\ 

 
   --------------------\  Listing des dossiers dans APPLIC~1  

   [15/10/2006|05:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
   [15/10/2006|05:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
   [30/09/2008|15:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
   [15/10/2006|18:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

   [21/08/2008|12:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [07/07/2007|17:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
   [07/07/2007|17:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [10/06/2007|18:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bird audio vga multi
   [21/01/2007|22:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
   [29/05/2008|19:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ENJOY Plus!
   [22/03/2007|19:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
   [30/09/2008|15:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [19/03/2007|22:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
   [29/09/2007|14:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [14/09/2007|13:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\RealBashMeetLicense
   [05/09/2007|13:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
   [27/12/2006|15:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
   [27/12/2006|15:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
   [26/12/2006|16:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
   [05/07/2007|14:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [13/03/2008|15:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
   [26/12/2006|16:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

   [09/01/2007|21:55] C:\DOCUME~1\Bertrand\APPLIC~1\Adobe
   [22/08/2008|11:06] C:\DOCUME~1\Bertrand\APPLIC~1\AdobeUM
   [16/07/2008|12:23] C:\DOCUME~1\Bertrand\APPLIC~1\Apple Computer
   [31/01/2007|16:34] C:\DOCUME~1\Bertrand\APPLIC~1\ArcSoft
   [25/09/2008|20:14] C:\DOCUME~1\Bertrand\APPLIC~1\Canon
   [29/02/2008|17:56] C:\DOCUME~1\Bertrand\APPLIC~1\CyberLink
   [29/05/2008|19:07] C:\DOCUME~1\Bertrand\APPLIC~1\ENJOY Plus!
   [22/01/2007|22:17] C:\DOCUME~1\Bertrand\APPLIC~1\Help
   [15/10/2006|05:05] C:\DOCUME~1\Bertrand\APPLIC~1\Identities
   [06/09/2008|19:48] C:\DOCUME~1\Bertrand\APPLIC~1\LimeWire
   [15/10/2006|05:05] C:\DOCUME~1\Bertrand\APPLIC~1\Macromedia
   [30/09/2008|16:05] C:\DOCUME~1\Bertrand\APPLIC~1\Malwarebytes
   [05/03/2008|15:06] C:\DOCUME~1\Bertrand\APPLIC~1\Microsoft
   [27/12/2006|15:58] C:\DOCUME~1\Bertrand\APPLIC~1\Microsoft Web Folders
   [26/08/2008|19:13] C:\DOCUME~1\Bertrand\APPLIC~1\Mozilla
   [30/09/2008|15:38] C:\DOCUME~1\Bertrand\APPLIC~1\OpenOffice.org2
   [27/12/2006|15:39] C:\DOCUME~1\Bertrand\APPLIC~1\ScanSoft
   [06/05/2007|19:26] C:\DOCUME~1\Bertrand\APPLIC~1\Screenshot Sender
   [17/01/2007|15:35] C:\DOCUME~1\Bertrand\APPLIC~1\Sun
   [27/12/2006|21:29] C:\DOCUME~1\Bertrand\APPLIC~1\Talkback

   [15/10/2006|05:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
   [15/10/2006|05:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
   [15/10/2006|18:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

   [15/10/2006|05:05] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [15/10/2006|05:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
 
   --------------------\  Tâches planifiées dans C:\WINDOWS\tasks

   [29/08/2008 15:52][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
   [30/09/2008 16:17][--ah-----] C:\WINDOWS\tasks\SA.DAT
   [10/08/2004 22:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

   --------------------\  Listing des dossiers dans C:\Program Files

   [15/10/2006|05:06] C:\Program Files\Acer WLAN 11g USB Dongle
   [15/10/2006|05:06] C:\Program Files\Adobe
   [07/06/2008|13:23] C:\Program Files\Apple Software Update
   [27/12/2006|15:37] C:\Program Files\ArcSoft
   [04/03/2008|20:42] C:\Program Files\Astase
   [24/12/2007|15:43] C:\Program Files\Atari
   [17/02/2008|13:54] C:\Program Files\AxBx
   [24/09/2007|18:01] C:\Program Files\Babylon
   [16/07/2008|12:32] C:\Program Files\Bonjour
   [27/12/2006|15:39] C:\Program Files\Canon
   [15/10/2006|05:06] C:\Program Files\commercial
   [11/08/2006|19:27] C:\Program Files\ComPlus Applications
   [15/10/2006|05:06] C:\Program Files\CyberLink
   [21/06/2008|17:19] C:\Program Files\Datel
   [15/10/2006|05:06] C:\Program Files\DIFX
   [14/09/2008|19:00] C:\Program Files\EA GAMES
   [12/07/2007|16:21] C:\Program Files\Eidos Interactive
   [29/05/2008|19:07] C:\Program Files\ENJOY Plus!
   [21/08/2008|12:50] C:\Program Files\Fichiers communs
   [15/10/2006|05:06] C:\Program Files\FrenchOtto
   [23/09/2007|12:31] C:\Program Files\GedonSoft
   [15/10/2006|05:06] C:\Program Files\GemMasterFrench
   [29/09/2008|20:32] C:\Program Files\GeoGebra
   [07/02/2007|16:40] C:\Program Files\Google
   [20/01/2007|13:47] C:\Program Files\Infogrames
   [02/02/2007|20:26] C:\Program Files\InstallShield Installation Information
   [11/06/2008|21:50] C:\Program Files\Internet Explorer
   [16/07/2008|12:33] C:\Program Files\iPod
   [16/07/2008|12:33] C:\Program Files\iTunes
   [26/12/2006|15:43] C:\Program Files\Java
   [30/07/2008|18:51] C:\Program Files\LimeWire
   [30/09/2008|16:03] C:\Program Files\Malwarebytes' Anti-Malware
   [15/10/2006|05:06] C:\Program Files\Messenger
   [30/03/2008|20:31] C:\Program Files\Messenger Plus! Live
   [30/09/2007|22:21] C:\Program Files\Microsoft CAPICOM 2.1.0.2
   [15/10/2006|05:06] C:\Program Files\microsoft frontpage
   [09/01/2008|20:12] C:\Program Files\Microsoft Games
   [03/01/2007|16:37] C:\Program Files\Microsoft Money
   [27/12/2006|15:58] C:\Program Files\Microsoft Office
   [27/12/2006|15:59] C:\Program Files\Microsoft Visual Studio
   [15/10/2006|05:06] C:\Program Files\Movie Maker
   [30/09/2008|16:59] C:\Program Files\Mozilla Firefox
   [15/10/2006|05:06] C:\Program Files\MSN
   [15/10/2006|05:06] C:\Program Files\MSN Gaming Zone
   [24/09/2007|21:45] C:\Program Files\MSXML 4.0
   [15/10/2006|05:06] C:\Program Files\NetMeeting
   [15/10/2006|05:06] C:\Program Files\NewTech Infosystems
   [11/02/2008|12:34] C:\Program Files\NRJ
   [15/10/2006|05:07] C:\Program Files\Oca History Tool
   [15/10/2006|05:07] C:\Program Files\Online Services
   [13/12/2007|20:23] C:\Program Files\OpenOffice.org 2.3
   [20/06/2007|23:13] C:\Program Files\Outlook Express
   [22/01/2007|22:10] C:\Program Files\PC Camer@
   [27/12/2006|17:02] C:\Program Files\PhotoFiltre
   [17/06/2008|16:15] C:\Program Files\PhotoRedukto
   [07/12/2007|20:30] C:\Program Files\Picasa2
   [16/07/2008|12:32] C:\Program Files\QuickTime
   [10/02/2007|20:19] C:\Program Files\QuickZip4
   [15/12/2007|15:29] C:\Program Files\RabGeom
   [22/09/2007|19:45] C:\Program Files\Race - The WTCC Game
   [15/10/2006|05:07] C:\Program Files\Realtek
   [16/07/2008|12:17] C:\Program Files\Safari
   [27/12/2006|15:38] C:\Program Files\ScanSoft
   [02/02/2007|20:26] C:\Program Files\Serif
   [15/10/2006|05:07] C:\Program Files\Services en ligne
   [10/01/2008|19:39] C:\Program Files\Sierra On-Line
   [30/09/2008|16:14] C:\Program Files\Steam
   [11/08/2006|19:40] C:\Program Files\Uninstall Information
   [29/09/2007|14:28] C:\Program Files\Windows Live
   [05/07/2007|14:20] C:\Program Files\Windows Media Connect 2
   [05/07/2007|14:23] C:\Program Files\Windows Media Player
   [15/10/2006|05:07] C:\Program Files\Windows NT
   [15/10/2006|05:07] C:\Program Files\Windows Plus
   [11/08/2006|19:28] C:\Program Files\WindowsUpdate
   [15/10/2006|05:07] C:\Program Files\xerox
   [26/12/2006|15:51] C:\Program Files\Yahoo!
   [28/09/2008|12:55] C:\Program Files\Zero G Registry

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [21/08/2008|12:50] C:\Program Files\Fichiers communs\Adobe
   [07/07/2007|17:48] C:\Program Files\Fichiers communs\Apple
   [27/12/2006|15:59] C:\Program Files\Fichiers communs\Designer
   [15/10/2006|05:06] C:\Program Files\Fichiers communs\InstallShield
   [26/12/2006|15:43] C:\Program Files\Fichiers communs\Java
   [15/10/2006|05:06] C:\Program Files\Fichiers communs\LightScribe
   [13/03/2008|15:21] C:\Program Files\Fichiers communs\Microsoft Shared
   [15/10/2006|05:06] C:\Program Files\Fichiers communs\MSSoap
   [15/10/2006|05:06] C:\Program Files\Fichiers communs\muvee Technologies
   [15/10/2006|05:06] C:\Program Files\Fichiers communs\NewTech Infosystems
   [15/10/2006|05:06] C:\Program Files\Fichiers communs\ODBC
   [22/01/2007|22:10] C:\Program Files\Fichiers communs\PCCamera
   [27/12/2006|15:39] C:\Program Files\Fichiers communs\ScanSoft Shared
   [15/10/2006|05:06] C:\Program Files\Fichiers communs\Services
   [15/10/2006|05:06] C:\Program Files\Fichiers communs\SpeechEngines
   [26/12/2006|16:04] C:\Program Files\Fichiers communs\Symantec Shared
   [20/06/2007|23:13] C:\Program Files\Fichiers communs\System
   [13/03/2008|15:20] C:\Program Files\Fichiers communs\WindowsLiveInstaller

   --------------------\  Process

   ( 42 Processes )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-09-30 17:26:35
   Windows 5.1.2600 Service Pack 2 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   C:\DOCUME~1\Bertrand\LOCALS~1\APPLIC~1\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1091 bytes hidden from API
   scan completed successfully
   hidden processes: 0
   hidden files: 81
 
   --------------------\  Recherche d'autres infections

   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\Bertrand\Mes documents\Ma musique\zik\(06) [Lunaman] Nutcracka (Stormtraxx remix).mp3


   [F:306][D:35]-> C:\DOCUME~1\Bertrand\LOCALS~1\Temp
   [F:1225][D:0]-> C:\DOCUME~1\Bertrand\Cookies
   [F:1031][D:8]-> C:\DOCUME~1\Bertrand\LOCALS~1\TEMPOR~1\content.IE5

   1 - "C:\Lop SD\LopR_1.txt" - 30/09/2008|16:30 - Option : [1]
   2 - "C:\Lop SD\LopR_2.txt" - 30/09/2008|17:30 - Option : [2]

   --------------------\  Fin du rapport a 17:30:45

Utilisateur anonyme · Answer

désinstal java car pas a jours et telecharge et instal cette version


Ensuite refais un scan hijackthis et post le rapport stp

audreyalain · Answer

ces 2 fichiers se sont chargés 
mais ils ne veulent pas se lancer ?

jre-6u7-windows-i586-p-s.exe.part   310k
jre-6u7-windows-i586-p-s.exe    0k

audreyalain · Answer

autant pour moi le telechargement n'etait pas fini

audreyalain · Answer

voila le nouveau rapport 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02:00, on 30/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Bertrand\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7
tiMUI.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Vga Multi Creative Amen] C:\Documents and Settings\All Users\Application Data\Bird audio vga multi\Type Tool.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [A00F4B9C81.exe] C:\DOCUME~1\Bertrand\LOCALS~1\Temp\_A00F4B9C81.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBD21726-0C4F-4AC6-8097-F264A1CA9046}: NameServer = 80.10.246.2,80.10.246.129
O20 - AppInit_DLLs: amwqll.dll qvyflq.dll azdpxc.dll wpetzo.dll udpewc.dll ygwovw.dll kylbde.dll qwlfdp.dll cyoegx.dll lndvpx.dll,C:\WINDOWS\System32\chkuqsru32.dll
O20 - Winlogon Notify: 48c5338c448 - C:\WINDOWS\System32\chkuqsru32.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

Utilisateur anonyme · Answer

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 




-> Double clique sur combofix.exe. 
-> Tape sur la touche 1 (Yes) pour démarrer le scan. 
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt 

Avant d'utiliser ComboFix : 

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours. 

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil. 

Une fois fait, sur ton bureau double-clic sur Combofix.exe. 

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc. 

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. 

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire. 

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt) 

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. 

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

audreyalain · Answer

voila le rapport
ComboFix 08-09-28.05 - Bertrand 2008-09-30 18:20:46.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.587 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Bertrand\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Bertrand\Cookies\bertrand@a.hasbro[2].txt
C:\Documents and Settings\Bertrand\Cookies\bertrand@bluestreak[1].txt
C:\Documents and Settings\Bertrand\Cookies\bertrand@edt02[2].txt
C:\Documents and Settings\Bertrand\Cookies\bertrand@edt02[3].txt
C:\Documents and Settings\Bertrand\Cookies\bertrand@metaffiliation[1].txt
C:\Documents and Settings\Bertrand\Cookies\bertrand@metaffiliation[2].txt
C:\Documents and Settings\Bertrand\Cookies\bertrand@tracker.affistats[1].txt
C:\Documents and Settings\Bertrand\Cookies\bertrand@tradedoubler[2].txt
C:\WINDOWS\system32\amwqll.dll
C:\WINDOWS\system32\bgklcx.dll
C:\WINDOWS\system32\bkdloc.dll
C:\WINDOWS\system32\bnctnt.dll
C:\WINDOWS\system32\btemmrtu.dll
C:\WINDOWS\system32\djqjxdwk.dll
C:\WINDOWS\system32\doxxez.dll
C:\WINDOWS\system32\dudyqajp.dll
C:\WINDOWS\system32\dvlgklme.dll
C:\WINDOWS\system32\eekdvn.dll
C:\WINDOWS\system32\engcviyf.dll
C:\WINDOWS\system32\gdwcnuft.dll
C:\WINDOWS\system32\gndghuln.dll
C:\WINDOWS\system32\gwhcblgg.dll
C:\WINDOWS\system32\icdtqi.dll
C:\WINDOWS\system32\ilvapv.dll
C:\WINDOWS\system32\iolqpdyk.dll
C:\WINDOWS\system32\liftsjei.dll
C:\WINDOWS\system32\llfsuh.dll
C:\WINDOWS\system32\lpabtjag.dll
C:\WINDOWS\system32\mbqmej.dll
C:\WINDOWS\system32\mbscfo.dll
C:\WINDOWS\system32\mfrxejdy.dll
C:\WINDOWS\system32\mjljusll.dll
C:\WINDOWS\system32\mvsfxq.dll
C:\WINDOWS\system32\necgjnkl.dll
C:\WINDOWS\system32\nnsfmxuj.dll
C:\WINDOWS\system32\oienfk.dll
C:\WINDOWS\system32\pdeval.dll
C:\WINDOWS\system32\qbysjm.dll
C:\WINDOWS\system32\rhogdxgs.dll
C:\WINDOWS\system32\riqunkst.dll
C:\WINDOWS\system32\rmhfgy.dll
C:\WINDOWS\system32\sbrtmhpb.dll
C:\WINDOWS\system32\sjebwe.dll
C:\WINDOWS\system32\smihvqre.dll
C:\WINDOWS\system32\sqrccxrw.dll
C:\WINDOWS\system32\tekqbk.dll
C:\WINDOWS\system32\umopne.dll
C:\WINDOWS\system32\vjeifo.dll
C:\WINDOWS\system32\wdfwry.dll
C:\WINDOWS\system32\wtbxtkiq.dll
C:\WINDOWS\system32\xacswbre.dll
C:\WINDOWS\system32\yoxhlr.dll
C:\WINDOWS\system32\yvyujlns.dll
C:\WINDOWS\system32\zxwyut.dll
C:\xcrashdump.dat

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-30 ))))))))))))))))))))))))))))))))))))
.

2008-09-30 18:07 . 2008-09-30 18:07 <REP> d-------- C:\Program Files\Gadwin Systems
2008-09-30 18:01 . 2008-09-30 18:01 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-09-30 18:01 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-30 16:23 . 2008-09-30 17:30 <REP> d-------- C:\Lop SD
2008-09-30 16:05 . 2008-09-30 16:05 <REP> d-------- C:\Documents and Settings\Bertrand\Application Data\Malwarebytes
2008-09-30 15:58 . 2008-09-30 16:03 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-30 15:58 . 2008-09-30 15:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-30 15:58 . 2008-09-30 15:58 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-09-30 15:58 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-30 15:58 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-29 19:00 . 2008-09-29 19:00 126,976 --a------ C:\WINDOWS\system32\chkuqsru32.dll
2008-09-28 12:54 . 2008-09-28 12:55 <REP> d--h----- C:\Program Files\Zero G Registry
2008-09-28 12:54 . 2008-09-29 20:32 <REP> d-------- C:\Program Files\GeoGebra
2008-09-28 12:53 . 2008-09-28 12:53 <REP> d--h----- C:\Documents and Settings\Bertrand\InstallAnywhere
2008-09-26 20:00 . 2008-09-28 11:06 972,467 ---hs---- C:\WINDOWS\system32\anirlddi.ini
2008-09-25 18:54 . 2008-09-26 19:57 1,180,434 ---hs---- C:\WINDOWS\system32\vmyhjogh.ini
2008-09-24 18:57 . 2008-09-25 18:40 1,105,835 ---hs---- C:\WINDOWS\system32\lmppbaol.ini
2008-09-23 18:53 . 2008-09-24 18:53 1,109,468 ---hs---- C:\WINDOWS\system32\odmqgihb.ini
2008-09-22 18:54 . 2008-09-23 18:38 1,024,981 ---hs---- C:\WINDOWS\system32\bddltylh.ini
2008-09-21 12:01 . 2008-09-22 18:51 1,024,783 ---hs---- C:\WINDOWS\system32\jnqntqyd.ini
2008-09-19 20:14 . 2008-09-21 11:57 991,377 ---hs---- C:\WINDOWS\system32\komyvjli.ini
2008-09-18 20:14 . 2008-09-19 17:30 991,077 ---hs---- C:\WINDOWS\system32\wsbryuhc.ini
2008-09-17 20:11 . 2008-09-18 20:12 990,957 ---hs---- C:\WINDOWS\system32\jrnfawjy.ini
2008-09-16 20:13 . 2008-09-17 20:11 992,293 ---hs---- C:\WINDOWS\system32\ntvgguex.ini
2008-09-14 12:47 . 2008-09-15 20:07 1,502,348 ---hs---- C:\WINDOWS\system32\wgwdheqe.ini
2008-09-13 12:47 . 2008-09-14 11:32 1,435,559 ---hs---- C:\WINDOWS\system32\pljlwpfw.ini
2008-09-11 16:27 . 2008-09-13 12:43 1,569,234 ---hs---- C:\WINDOWS\system32\sdpxblrh.ini
2008-09-10 14:06 . 2008-09-11 16:26 1,557,633 ---hs---- C:\WINDOWS\system32\lxousrco.ini
2008-09-08 19:04 . 2008-09-10 14:05 1,505,023 ---hs---- C:\WINDOWS\system32\mxsvqtxu.ini
2008-09-07 18:26 . 2008-09-08 19:03 1,504,843 ---hs---- C:\WINDOWS\system32\qefsmbya.ini
2008-09-06 18:25 . 2008-09-07 18:25 1,504,723 ---hs---- C:\WINDOWS\system32\spdtpatx.ini
2008-09-05 18:22 . 2008-09-06 18:23 1,504,603 ---hs---- C:\WINDOWS\system32\djjgqnqy.ini
2008-09-04 17:01 . 2008-09-05 18:21 1,504,483 ---hs---- C:\WINDOWS\system32\ldrlnags.ini
2008-09-03 13:37 . 2008-09-04 16:58 1,504,363 ---hs---- C:\WINDOWS\system32\wsavrsxm.ini
2008-09-03 13:34 . 2008-09-03 13:34 98,304 --a------ C:\WINDOWS\system32\nefali.dll
2008-09-03 13:34 . 2008-09-03 13:34 98,304 --a------ C:\WINDOWS\system32\hqsjvsym.dll
2008-09-02 13:38 . 2008-09-03 11:05 1,449,572 ---hs---- C:\WINDOWS\system32\awmjarvf.ini
2008-09-01 13:36 . 2008-09-02 13:37 1,449,443 ---hs---- C:\WINDOWS\system32\kejcbncy.ini
2008-08-31 13:35 . 2008-09-01 13:36 1,449,323 ---hs---- C:\WINDOWS\system32\lmdrbadl.ini
2008-08-30 13:42 . 2008-08-30 14:18 0 --a------ C:\WINDOWS\system32\snaytohf.tmp
2008-08-29 12:39 . 2008-08-30 13:30 2,829,815 ---hs---- C:\WINDOWS\system32\esjlohwu.ini
2008-08-28 11:59 . 2008-08-29 12:38 1,490,593 ---hs---- C:\WINDOWS\system32\gbnjoybs.ini
2008-08-27 12:37 . 2008-08-28 11:56 1,487,620 ---hs---- C:\WINDOWS\system32\cwjsslte.ini
2008-08-26 12:39 . 2008-08-27 12:05 1,487,804 ---hs---- C:\WINDOWS\system32\fpsyveft.ini
2008-08-25 12:34 . 2008-08-26 12:35 1,487,675 ---hs---- C:\WINDOWS\system32\wxmxgifm.ini
2008-08-24 12:36 . 2008-08-25 11:36 1,487,522 ---hs---- C:\WINDOWS\system32\dixtxrce.ini
2008-08-23 12:32 . 2008-08-24 12:33 1,487,375 ---hs---- C:\WINDOWS\system32\lcnjofji.ini
2008-08-22 12:20 . 2008-08-23 12:31 1,544,779 ---hs---- C:\WINDOWS\system32\smmsljgd.ini
2008-08-21 12:50 . 2008-08-21 12:50 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-08-21 11:20 . 2008-08-22 11:29 1,483,475 ---hs---- C:\WINDOWS\system32\pewixskn.ini
2008-08-02 11:33 . 2008-08-01 17:02 474 --ahs---- C:\WINDOWS\system32\kqxgpmmb.ini
2008-08-01 17:02 . 2008-08-01 17:02 474 ---hs---- C:\WINDOWS\system32\kqxgpmmb.tmp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-30 16:01 --------- d-----w C:\Program Files\Java
2008-09-30 14:14 --------- d-----w C:\Program Files\Steam
2008-09-30 13:38 --------- d-----w C:\Documents and Settings\Bertrand\Application Data\OpenOffice.org2
2008-09-25 18:14 --------- d-----w C:\Documents and Settings\Bertrand\Application Data\Canon
2008-09-14 17:03 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-14 17:00 --------- d-----w C:\Program Files\EA GAMES
2008-09-06 17:48 --------- d-----w C:\Documents and Settings\Bertrand\Application Data\LimeWire
2008-08-22 09:06 --------- d-----w C:\Documents and Settings\Bertrand\Application Data\AdobeUM
2008-07-30 16:51 --------- d-----w C:\Program Files\LimeWire
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584]
"ntiMUI"="c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 7573504]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-27 86016]
"Acer Empowering Technology Monitor"="C:\WINDOWS\system32\SysMonitor.exe" [2006-04-18 49152]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
"Vga Multi Creative Amen"="C:\Documents and Settings\All Users\Application Data\Bird audio vga multi\Type Tool.exe" [2007-06-10 530944]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-04-27 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\48c5338c448]
2008-09-29 19:00 126976 C:\WINDOWS\system32\chkuqsru32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\System32\chkuqsru32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acer WLAN 11g USB Dongle.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer WLAN 11g USB Dongle.lnk
backup=C:\WINDOWS\pss\Acer WLAN 11g USB Dongle.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bertrand^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\Bertrand\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
--a------ 2004-08-10 22:00 44032 C:\WINDOWS\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-10 22:00 208952 C:\WINDOWS\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-10 10:51 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
--a--c--- 2000-07-19 10:00 180279 C:\Program Files\Microsoft Money\System\Money Express.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632]
R3 LVHybrid;LVHybrid service;C:\WINDOWS\system32\DRIVERS\LVHybrid.sys [2006-05-16 892032]
S3 PAC207;SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-05-27 162304]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 402432]
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Bertrand\Application Data\Mozilla\Firefox\Profiles\blktgzg9.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ig
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 18:24:19
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

C:\Documents and Settings\Bertrand\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1091 bytes hidden from API

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\System32\chkuqsru32.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\twain_32\ca561a\SnapDetect.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Heure de fin: 2008-09-30 18:29:43 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-30 16:29:40

Avant-CF: 113ÿ354ÿ768ÿ384 octets libres
Après-CF: 113,323,114,496 octets libres

256 --- E O F --- 2008-07-13 09:44:58

Utilisateur anonyme · Answer

Copie le texte ci-dessous : 

File:: 
C:\WINDOWS\system32\chkuqsru32.dll 
C:\Documents and Settings\All Users\Application Data\Bird audio vga multi\Type Tool.exe
C:\WINDOWS\system32\anirlddi.ini 
C:\WINDOWS\system32\vmyhjogh.ini 
C:\WINDOWS\system32\lmppbaol.ini 
C:\WINDOWS\system32\odmqgihb.ini 
C:\WINDOWS\system32\bddltylh.ini 
C:\WINDOWS\system32\jnqntqyd.ini 
C:\WINDOWS\system32\komyvjli.ini 
C:\WINDOWS\system32\wsbryuhc.ini 
C:\WINDOWS\system32\jrnfawjy.ini 
C:\WINDOWS\system32
tvgguex.ini 
C:\WINDOWS\system32\wgwdheqe.ini 
C:\WINDOWS\system32\pljlwpfw.ini 
C:\WINDOWS\system32\sdpxblrh.ini 
C:\WINDOWS\system32\lxousrco.ini 
C:\WINDOWS\system32\mxsvqtxu.ini 
C:\WINDOWS\system32\qefsmbya.ini 
C:\WINDOWS\system32\spdtpatx.ini 
C:\WINDOWS\system32\djjgqnqy.ini 
C:\WINDOWS\system32\ldrlnags.ini 
C:\WINDOWS\system32\wsavrsxm.ini 
C:\WINDOWS\system32
efali.dll 
C:\WINDOWS\system32\hqsjvsym.dll 
C:\WINDOWS\system32\awmjarvf.ini 
C:\WINDOWS\system32\kejcbncy.ini 
C:\WINDOWS\system32\lmdrbadl.ini 
C:\WINDOWS\system32\snaytohf.tmp 
C:\WINDOWS\system32\esjlohwu.ini 
C:\WINDOWS\system32\gbnjoybs.ini 
C:\WINDOWS\system32\cwjsslte.ini 
C:\WINDOWS\system32\fpsyveft.ini 
C:\WINDOWS\system32\wxmxgifm.ini 
C:\WINDOWS\system32\dixtxrce.ini 
C:\WINDOWS\system32\lcnjofji.ini 
C:\WINDOWS\system32\smmsljgd.ini 
C:\WINDOWS\system32\pewixskn.ini 
C:\WINDOWS\system32\kqxgpmmb.ini 

Folder:: 
C:\Lop SD 
C:\Documents and Settings\All Users\Application Data\Bird audio vga multi

Registry:: 
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\48c5338c448] 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] 
"appinit_dlls"=""



Ouvre le Bloc-Notes puis colle le texte copié. 
(Démarrer\Tous les programmes\Accessoires\Bloc notes.) 
Sauvegarde ce fichier sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci : 

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. 

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal! 

Ne touche à rien tant que le scan n'est pas terminé. 

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis. 

S'il n'y a pas de rédémarrage, poste quand même les rapports.

audreyalain · Answer

voici les rapport

ComboFix 08-09-28.05 - Bertrand 2008-09-30 19:12:48.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.599 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Bertrand\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Bertrand\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\Documents and Settings\All Users\Application Data\Bird audio vga multi\Type Tool.exe
C:\WINDOWS\system32\anirlddi.ini
C:\WINDOWS\system32\awmjarvf.ini
C:\WINDOWS\system32\bddltylh.ini
C:\WINDOWS\system32\chkuqsru32.dll
C:\WINDOWS\system32\cwjsslte.ini
C:\WINDOWS\system32\dixtxrce.ini
C:\WINDOWS\system32\djjgqnqy.ini
C:\WINDOWS\system32\esjlohwu.ini
C:\WINDOWS\system32\fpsyveft.ini
C:\WINDOWS\system32\gbnjoybs.ini
C:\WINDOWS\system32\hqsjvsym.dll
C:\WINDOWS\system32\jnqntqyd.ini
C:\WINDOWS\system32\jrnfawjy.ini
C:\WINDOWS\system32\kejcbncy.ini
C:\WINDOWS\system32\komyvjli.ini
C:\WINDOWS\system32\kqxgpmmb.ini
C:\WINDOWS\system32\lcnjofji.ini
C:\WINDOWS\system32\ldrlnags.ini
C:\WINDOWS\system32\lmdrbadl.ini
C:\WINDOWS\system32\lmppbaol.ini
C:\WINDOWS\system32\lxousrco.ini
C:\WINDOWS\system32\mxsvqtxu.ini
C:\WINDOWS\system32\nefali.dll
C:\WINDOWS\system32\ntvgguex.ini
C:\WINDOWS\system32\odmqgihb.ini
C:\WINDOWS\system32\pewixskn.ini
C:\WINDOWS\system32\pljlwpfw.ini
C:\WINDOWS\system32\qefsmbya.ini
C:\WINDOWS\system32\sdpxblrh.ini
C:\WINDOWS\system32\smmsljgd.ini
C:\WINDOWS\system32\snaytohf.tmp
C:\WINDOWS\system32\spdtpatx.ini
C:\WINDOWS\system32\vmyhjogh.ini
C:\WINDOWS\system32\wgwdheqe.ini
C:\WINDOWS\system32\wsavrsxm.ini
C:\WINDOWS\system32\wsbryuhc.ini
C:\WINDOWS\system32\wxmxgifm.ini
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Bird audio vga multi
C:\Documents and Settings\All Users\Application Data\Bird audio vga multi\About Blah.exe
C:\Documents and Settings\All Users\Application Data\Bird audio vga multi\Admin Okay.exe
C:\Documents and Settings\All Users\Application Data\Bird audio vga multi\Keepdeletestart
C:\Documents and Settings\All Users\Application Data\Bird audio vga multi\Type Tool.exe
C:\Lop SD
C:\Lop SD\App-Prog.lsd
C:\Lop SD\AuDoss.lsd
C:\Lop SD\AutrInf.cmd
C:\Lop SD\AWF.cmd
C:\Lop SD\Back.cmd
C:\Lop SD\Backup-Lop\DOCUME~1\ALLUSE~1\APPLIC~1\third lies itch ford\book cash.exe
C:\Lop SD\Backup-Lop\DOCUME~1\ALLUSE~1\APPLIC~1\third lies itch ford\DUMB LONG.exe
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\dnpvvclc.exe
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\efvcceat.exe
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\eiwcpojz.exe
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\enghirgp.exe
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\hbariddm.exe
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\iemzqwzh.exe
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\jqikpmvk.exe
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\meetonegrim.exe
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\mpeg heck.exe
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\pfcbsjpt.exe
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\pnixznmw.exe
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\ronqdeys.exe
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\spoerpet.exe
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\szxvqcso.exe
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\uploadsettingsfacehole.exe
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\uqffuzsb.exe
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\vkkqokzr.exe
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\vlhlxyqf.exe
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\wwuyakgr.exe
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\xvqbksnz.exe
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\ydfjzyny.exe
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\ygsnkcco.exe
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\zkozunww.exe
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\zlaiqwtx.exe
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\APPLIC~1\Gram View 4\zpjfnqui.exe
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@2xmoinscher[1].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@32vegas[1].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@32vegas[2].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@32vegas[3].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@32vegas[4].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@32vegas[5].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@888[1].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@888[2].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@adin.bigpoint[1].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@adopt.euroclick[2].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@adserver.advertstream[1].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@adultfriendfinder[2].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@advertising[1].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@advertising[2].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@advertstream[2].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@banner.32vegas[2].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@banner.casinoking[2].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@banner.cotedazurpalace[2].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@bigpoint[1].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@bigpoint[3].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@bigpoint[4].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@cachewww.32vegas[1].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@casinoking[1].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@cc.2xmoinscher[1].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@cotedazurpalace[2].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@cotedazurpalace[3].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@es.bigpoint[1].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@es.bigpoint[2].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@fr.seafight.bigpoint[1].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@fr.seafight.bigpoint[2].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@fr.thepimps.bigpoint[2].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@fr1.darkorbit.bigpoint[1].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@fr1.seafight.bigpoint[2].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@pacificpoker[1].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@partygaming.122.2o7[2].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@partypoker[1].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@partypoker[2].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@partypoker[3].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@partypoker[4].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@partypoker[5].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@partypoker[6].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@partypoker[7].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@partypoker[8].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@partypoker[9].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@seafight[1].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@sr2.livemediasrv[1].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@vegas-millions[2].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@vegasred[1].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@www.2xmoinscher[2].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@www.adserver5[1].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@www.bigpoint[2].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@www.bigpoint[3].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@www.cotedazurpalace[1].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@www.lop[2].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@www.vegas-millions[1].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@www.vegasaffiliates[2].txt
C:\Lop SD\Backup-Lop\DOCUME~1\Bertrand\Cookies\bertrand@www.vegasred[2].txt
C:\Lop SD\Backup-Lop\Hosts\hosts
C:\Lop SD\Backup-Lop\Program Files\Adverts\uninst.exe
C:\Lop SD\Backup-Lop\Reg\HKCU_Run.reg
C:\Lop SD\Backup-Lop\Reg\HKLM_Run.reg
C:\Lop SD\Backup-Lop\Reg\HKLM_Uninstall.reg
C:\Lop SD\Backup-Lop\WINDOWS\Tasks\A45A4D449185C83C.job
C:\Lop SD\Boo.reg
C:\Lop SD\BooFix.cmd
C:\Lop SD\catchme.exe
C:\Lop SD\catchme.log
C:\Lop SD\Changelog Lop SD.txt
C:\Lop SD\Crack.txt
C:\Lop SD\DirectFix.cmd
C:\Lop SD\Discl_en.vbs
C:\Lop SD\Discl_fr.vbs
C:\Lop SD\Discl_ne.vbs
C:\Lop SD\Discl_sp.vbs
C:\Lop SD\Discl_su.vbs
C:\Lop SD\Doss.lsd
C:\Lop SD\exist.txt
C:\Lop SD\Icon_Lop.ico
C:\Lop SD\KILL.cmd
C:\Lop SD\Langues.cmd
C:\Lop SD\LopR_1.txt
C:\Lop SD\LopR_2.txt
C:\Lop SD\LopScript.cmd
C:\Lop SD\LopSD.cmd
C:\Lop SD\lsTasks.exe
C:\Lop SD\Orph.egd
C:\Lop SD\OsV.exe
C:\Lop SD\paths.bat
C:\Lop SD\Proc.txt
C:\Lop SD\pv.exe
C:\Lop SD\RegLop.reg
C:\Lop SD\RKit.lsd
C:\Lop SD\RoGUeS.lsd
C:\Lop SD\RunTool.txt
C:\Lop SD\S_LopV.cmd
C:\Lop SD\S_LopX.cmd
C:\Lop SD\sed.exe
C:\Lop SD\setpath.exe
C:\Lop SD\task.txt
C:\Lop SD\Uninstal.exe
C:\WINDOWS\system32\anirlddi.ini
C:\WINDOWS\system32\awmjarvf.ini
C:\WINDOWS\system32\bddltylh.ini
C:\WINDOWS\system32\chkuqsru32.dll
C:\WINDOWS\system32\cwjsslte.ini
C:\WINDOWS\system32\dixtxrce.ini
C:\WINDOWS\system32\djjgqnqy.ini
C:\WINDOWS\system32\esjlohwu.ini
C:\WINDOWS\system32\fpsyveft.ini
C:\WINDOWS\system32\gbnjoybs.ini
C:\WINDOWS\system32\hqsjvsym.dll
C:\WINDOWS\system32\jnqntqyd.ini
C:\WINDOWS\system32\jrnfawjy.ini
C:\WINDOWS\system32\kejcbncy.ini
C:\WINDOWS\system32\komyvjli.ini
C:\WINDOWS\system32\kqxgpmmb.ini
C:\WINDOWS\system32\lcnjofji.ini
C:\WINDOWS\system32\ldrlnags.ini
C:\WINDOWS\system32\lmdrbadl.ini
C:\WINDOWS\system32\lmppbaol.ini
C:\WINDOWS\system32\lxousrco.ini
C:\WINDOWS\system32\mxsvqtxu.ini
C:\WINDOWS\system32\nefali.dll
C:\WINDOWS\system32\ntvgguex.ini
C:\WINDOWS\system32\odmqgihb.ini
C:\WINDOWS\system32\pewixskn.ini
C:\WINDOWS\system32\pljlwpfw.ini
C:\WINDOWS\system32\qefsmbya.ini
C:\WINDOWS\system32\sdpxblrh.ini
C:\WINDOWS\system32\smmsljgd.ini
C:\WINDOWS\system32\snaytohf.tmp
C:\WINDOWS\system32\spdtpatx.ini
C:\WINDOWS\system32\vmyhjogh.ini
C:\WINDOWS\system32\wgwdheqe.ini
C:\WINDOWS\system32\wsavrsxm.ini
C:\WINDOWS\system32\wsbryuhc.ini
C:\WINDOWS\system32\wxmxgifm.ini

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-30 ))))))))))))))))))))))))))))))))))))
.

2008-09-30 19:01 . 2008-09-30 19:09 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-30 19:01 . 2008-09-30 19:01 <REP> d-------- C:\WINDOWS\LastGood.Tmp
2008-09-30 19:01 . 2008-09-30 19:02 <REP> d-------- C:\Program Files\PDFCreator
2008-09-30 19:01 . 2004-03-09 01:00 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-09-30 19:01 . 1998-06-24 01:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX
2008-09-30 19:01 . 2001-10-28 17:42 116,224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-09-30 19:01 . 1998-07-13 02:08 59,904 --a------ C:\WINDOWS\system32\MSCC2FR.DLL
2008-09-30 19:01 . 1998-07-06 01:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
2008-09-30 18:39 . 2008-09-30 18:39 <REP> d-------- C:\Program Files\Alwil Software
2008-09-30 18:07 . 2008-09-30 18:07 <REP> d-------- C:\Program Files\Gadwin Systems
2008-09-30 18:01 . 2008-09-30 18:01 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-09-30 18:01 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-30 16:05 . 2008-09-30 16:05 <REP> d-------- C:\Documents and Settings\Bertrand\Application Data\Malwarebytes
2008-09-30 15:58 . 2008-09-30 16:03 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-30 15:58 . 2008-09-30 15:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-30 15:58 . 2008-09-30 15:58 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-09-30 15:58 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-30 15:58 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-28 12:54 . 2008-09-28 12:55 <REP> d--h----- C:\Program Files\Zero G Registry
2008-09-28 12:54 . 2008-09-29 20:32 <REP> d-------- C:\Program Files\GeoGebra
2008-09-28 12:53 . 2008-09-28 12:53 <REP> d--h----- C:\Documents and Settings\Bertrand\InstallAnywhere
2008-08-21 12:50 . 2008-08-21 12:50 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-08-01 17:02 . 2008-08-01 17:02 474 ---hs---- C:\WINDOWS\system32\kqxgpmmb.tmp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-30 16:01 --------- d-----w C:\Program Files\Java
2008-09-30 14:14 --------- d-----w C:\Program Files\Steam
2008-09-30 13:38 --------- d-----w C:\Documents and Settings\Bertrand\Application Data\OpenOffice.org2
2008-09-25 18:14 --------- d-----w C:\Documents and Settings\Bertrand\Application Data\Canon
2008-09-14 17:00 --------- d-----w C:\Program Files\EA GAMES
2008-09-06 17:48 --------- d-----w C:\Documents and Settings\Bertrand\Application Data\LimeWire
2008-08-22 09:06 --------- d-----w C:\Documents and Settings\Bertrand\Application Data\AdobeUM
2008-07-30 16:51 --------- d-----w C:\Program Files\LimeWire
.

((((((((((((((((((((((((((((( snapshot@2008-09-30_18.29.26.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-07-30 17:19:20 92,504 -c--a-w C:\WINDOWS\system32\cdm.dll
+ 2008-07-18 20:10:48 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
- 2007-07-30 17:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2008-07-18 20:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
- 2007-07-30 17:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2008-07-18 20:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
- 2007-07-30 17:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2008-07-18 20:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2007-07-30 17:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2008-07-18 20:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2007-07-30 17:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2008-07-18 20:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
- 2007-07-30 17:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2008-07-18 20:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
- 2007-07-30 17:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2008-07-18 20:09:44 205,000 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
- 2004-08-10 20:00:00 1,392,671 ----a-w C:\WINDOWS\system32\msvbvm60.dll
+ 2004-02-22 23:00:00 1,386,496 ----a-w C:\WINDOWS\system32\MSVBVM60.DLL
+ 2008-07-18 20:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-18 20:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
+ 2005-06-25 12:16:50 138,240 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\PS5UI.DLL
+ 2005-06-25 12:16:52 480,256 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
- 2007-07-30 17:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
+ 2008-07-18 20:09:44 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2007-07-30 17:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2008-07-18 20:10:42 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2007-07-30 17:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2008-07-18 20:09:42 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2007-07-30 17:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
+ 2008-07-18 20:09:46 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2007-07-30 17:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
+ 2008-07-18 20:10:20 36,552 ----a-w C:\WINDOWS\system32\wups.dll
- 2007-07-30 17:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
+ 2008-07-18 20:10:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
- 2007-07-30 17:19:28 203,096 -c--a-w C:\WINDOWS\system32\wuweb.dll
+ 2008-07-18 20:09:44 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584]
"ntiMUI"="c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 7573504]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-27 86016]
"Acer Empowering Technology Monitor"="C:\WINDOWS\system32\SysMonitor.exe" [2006-04-18 49152]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-04-27 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acer WLAN 11g USB Dongle.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer WLAN 11g USB Dongle.lnk
backup=C:\WINDOWS\pss\Acer WLAN 11g USB Dongle.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bertrand^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\Bertrand\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
--a------ 2004-08-10 22:00 44032 C:\WINDOWS\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-10 22:00 208952 C:\WINDOWS\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-10 10:51 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
--a--c--- 2000-07-19 10:00 180279 C:\Program Files\Microsoft Money\System\Money Express.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632]
R3 LVHybrid;LVHybrid service;C:\WINDOWS\system32\DRIVERS\LVHybrid.sys [2006-05-16 892032]
S3 PAC207;SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-05-27 162304]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 402432]
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-Vga Multi Creative Amen - C:\Documents and Settings\All Users\Application Data\Bird audio vga multi\Type Tool.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 19:16:45
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

C:\Documents and Settings\Bertrand\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1091 bytes hidden from API

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\twain_32\ca561a\SnapDetect.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Heure de fin: 2008-09-30 19:21:43 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-30 17:21:40
ComboFix2.txt 2008-09-30 16:29:44

Avant-CF: 112ÿ732ÿ258ÿ304 octets libres
Après-CF: 112,648,667,136 octets libres

409 --- E O F --- 2008-07-13 09:44:58

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:23:15, on 30/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bertrand\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBD21726-0C4F-4AC6-8097-F264A1CA9046}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

Utilisateur anonyme · Answer

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. 
double-clique sur OTMoveIt.exe pour le lancer. 
Assure toi que la case Unregister Dll's and Ocx's soit bien cochée 
copie la liste qui se trouve en gras ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved. 

C:\WINDOWS\system32\kqxgpmmb.tmp 


clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. 


ensuite :


Télécharge, puis installe MSNFix : http://sosvirus.changelog.fr/MSNFix.zip , tuto de Malekal 
- Décompresse donc le dossier zip MSNFix et lance le fichier "MSNFix.bat". Une fenêtre bleue doit apparaitre. 
- Mets l'interface en français en appuyant sur la touche F puis sur Entrée. 
- Lance la recherche de virus en appuyant sur la touche R puis sur Entrée. 
Si un virus est détecté, il te sera alors demandé de nettoyer l'ordinateur. 
Un message d'erreur concernant la suppression impossible d'un fichier sera résolu par un redémarrage. 
Après le nettoyage, la barre "Démarrer" s'efface puis réapparait, cela fait partie de la procédure de nettoyage. 
- Poste le rapport qui s'ouvre en fin de nettoyage sur le forum stp. 

Si ta barre "Démarrer" ne s'affiche toujours pas, il suffit de faire : 
Ctrl + Alt + Suppr (sous Windows XP), ou Ctrl + Maj + Echap (sous Windows Vista) pour ouvrir le Gestionnaire de tâches Windows. 
- Fais ensuite "Fichier", puis "Nouvelle tâche" et entre explorer.exe dans la fenêtre qui apparait et finis par "OK". 

- redémarre ton ordinateur pour achever le nettoyage !

audreyalain · Answer

Bonjour, 
rien n'a ete trouvé j'ai redemarrer  tout est OK merci  de votre aide 
bien cordialement 
Alain

Utilisateur anonyme · Answer

réouvre hijackthis
fais scan only
coches ces lignes :

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') 
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') 
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') 

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab 
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab 
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab 
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab 
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab 


tu les coches et tu clic sur fix checked 


ensuite :

-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo): 


http://download.piriform.com/ccsetup210.exe

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

-> Tuto : https://www.malekal.com/tutoriel-ccleaner/


met internet explorer a jours : IE 7 : ftp://ftp.telecharger.com/01net/IE7Setup.exe

pourquoi ? : IE6 VS IE7 : https://forum.malekal.com/viewtopic.php?f=45&t=12405


* pour supprimer les outils/fix utilisés : 

Télécharge ToolsCleaner sur ton bureau. 
--> 
ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
http://pc-system.fr/ 

# Clique sur Recherche et laisse le scan agir ... 
# Clique sur Suppression pour finaliser. 
# Tu peux, si tu le souhaites, te servir des Options facultatives. 
# Clique sur Quitter pour obtenir le rapport. 
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 


Désactive et réactive ta restauration system :

(1) Désactiver la Restauration du système 

cliques sur Démarrer 
Cliques droit sur Poste de travail 
cliques sur Propriétés 
Cliques sur l'onglet Restauration du système 
Coches Désactiver la Restauration du système sur tous les lecteurs 
Cliques sur Appliquer, Lorsque le message de confirmation apparaît, 
cliques sur Oui. 
Cliques sur OK. 


(2) Activer la Restauration du système 


cliques sur Démarrer 
Cliques droit sur Poste de travail 
cliques sur Propriétés 
Cliques sur l'onglet Restauration du système 
Décoches Désactiver la Restauration du système sur tous les lecteurs 
Cliques sur Appliquer, Lorsque le message de confirmation apparaît, 
cliques sur Oui. 
Cliques sur OK. 


Tuto xp : http://service1.symantec.com/support/inter/tsgeninfointl.Nsf/fr_docid/20020830101856924

Fenetre puiblicitaire

15 réponses

Discussions similaires