Sujet Précédent Sujet Suivant

Trojan.zlob.G

Résolu/Fermé
jstlovesnow Messages postés 24 Date d'inscription mercredi 10 décembre 2008 Statut Membre Dernière intervention 16 janvier 2010 - 10 déc. 2008 à 16:18
jstlovesnow Messages postés 24 Date d'inscription mercredi 10 décembre 2008 Statut Membre Dernière intervention 16 janvier 2010 - 10 déc. 2008 à 21:51
Bonjour,
j'ai un probleme avec le trojan.zlob.g j'ai éssayer de l'enlever avec plusieur anti-virus mais cela ne marche pas mon anti-virus est spyware doctor+anti-virus mais il ne le detect pas le virus me deconnect constament de mes pag intertnet et je ne peu rentré sur msconfig il redemarre toujour mon pc est-ce qu.il i a qu'elle qu'un qui pourrait maider ? merci

33 réponses

  • 1
  • 2
Réponse 1 / 33
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
10 déc. 2008 à 16:26
Salut,

- Télécharge HijackThis v2.0.2 sur ton Bureau.

- Double-clique sur HJTInstall afin de lancer l'installation.

- Clique sur Install ensuite sur I Accept.

- Clique sur Do a system scan and save a logfile.

- Le bloc-notes s'ouvrira, fais un copier/coller de tout son contenu ici dans ton prochain message.
1
Réponse 2 / 33
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
10 déc. 2008 à 16:30
- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
1
Réponse 3 / 33
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
10 déc. 2008 à 16:34
---> Télécharge Lop S&D sur ton Bureau.
---> Double-clique dessus pour lancer l'installation.
---> Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
---> Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche).
---> Patiente jusqu'à la fin du scan.
---> Poste le rapport généré (C:\lopR.txt).
1
Réponse 4 / 33
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
10 déc. 2008 à 16:42
---> Relance Lop S&D.
---> Choisis cette fois-ci l'option 2 (Suppression).
---> Ne ferme pas la fenêtre lors de la suppression !
---> Poste le rapport généré (C:\lopR.txt).

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
1

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 33
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
10 déc. 2008 à 16:54
---> Télécharge Toolbar S&D (Team IDN) sur ton Bureau.
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
1
Réponse 6 / 33
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
10 déc. 2008 à 16:59
---> Relance ToolBar S&D, fais l'option 2 et poste le rapport.
1
Réponse 7 / 33
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
10 déc. 2008 à 17:05
- Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) sur ton Bureau.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée.

- Un rapport sera généré, poste-le dans ta prochaine réponse.

[*] process.exe est détecté par certains antivirus comme étant un risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à des processus.[*]

** Ne fais l'étape 2 que si on te le demande, on doit d'abord examiner le premier rapport de SmitfraudFix.
1
Réponse 8 / 33
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
10 déc. 2008 à 17:09
- Redémarre ton ordinateur en mode sans échec :
https://blog.sosordi.net/

- Double-clique sur SmitfraudFix.exe, choisis l'option 2 et Entrée.

- Réponds O (Oui) à ces deux questions si elles te sont posées :

Voulez-vous nettoyer le registre ?
Corriger le fichier infecté ?

- Un rapport sera généré, sauvegarde-le sur le Bureau.

- Redémarre en mode normal.

- Poste le rapport SmitfraudFix.
1
Réponse 9 / 33
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
10 déc. 2008 à 17:35
---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen complet.
---> Clique sur Rechercher. L'analyse démarre, le scan est relativement long, c'est normal.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
1
Réponse 10 / 33
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
10 déc. 2008 à 21:17
--> Télécharge UsbFix (de Chiquitine29) sur ton Bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

--> Lance l'installation avec les paramètres par défaut.

--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.

--> Double-clique sur le raccourci UsbFix sur ton Bureau.

--> Choisis l'option 1 (Nettoyage).

--> Le PC va redémarrer.

--> Après redémarrage, poste le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)
1
Réponse 11 / 33
jstlovesnow Messages postés 24 Date d'inscription mercredi 10 décembre 2008 Statut Membre Dernière intervention 16 janvier 2010 1
10 déc. 2008 à 16:28
ok j'le fait !
0
Réponse 12 / 33
jstlovesnow Messages postés 24 Date d'inscription mercredi 10 décembre 2008 Statut Membre Dernière intervention 16 janvier 2010 1
10 déc. 2008 à 16:29
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:55, on 2008-12-10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://ca.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://ca.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://ca.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://ca.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://ca.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
R3 - URLSearchHook: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
O3 - Toolbar: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{89C58DB9-5E83-4CCE-82CF-D767D34179A5}: NameServer = 142.166.145.137 142.177.2.130
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
0
Réponse 13 / 33
jstlovesnow Messages postés 24 Date d'inscription mercredi 10 décembre 2008 Statut Membre Dernière intervention 16 janvier 2010 1
10 déc. 2008 à 16:32
Logfile of random's system information tool 1.04 (written by random/random)
Run by Jean-Sébastien at 2008-12-10 11:31:14
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 23 GB (32%) free of 74 GB
Total RAM: 1023 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:17, on 2008-12-10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jean-Sébastien\Local Settings\Temporary Internet Files\Content.IE5\N41Y0KRK\RSIT[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Jean-Sébastien.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://ca.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://ca.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://ca.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://ca.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://ca.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
R3 - URLSearchHook: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
O3 - Toolbar: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{89C58DB9-5E83-4CCE-82CF-D767D34179A5}: NameServer = 142.166.145.137 142.177.2.130
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
0
Réponse 14 / 33
jstlovesnow Messages postés 24 Date d'inscription mercredi 10 décembre 2008 Statut Membre Dernière intervention 16 janvier 2010 1
10 déc. 2008 à 16:33
ceci?
0
Réponse 15 / 33
jstlovesnow Messages postés 24 Date d'inscription mercredi 10 décembre 2008 Statut Membre Dernière intervention 16 janvier 2010 1
10 déc. 2008 à 16:41
--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3000+ )
BIOS : Default System BIOS
USER : Jean-Sébastien ( Administrator )
BOOT : Normal boot
Antivirus : ESET NOD32 Antivirus 3.0 3.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:72 Go (Free:22 Go)
D:\ (Local Disk) - NTFS - Total:2 Go (Free:2 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 2008-12-10|11:36 )

--------------------\\ Listing des dossiers dans APPLIC~1


[2008-10-05|11:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008-04-14|20:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2008-04-15|20:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[2008-04-15|20:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2008-08-02|16:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg8
[2008-10-15|17:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Blizzard
[2008-07-30|15:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag
[2008-04-14|20:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESET
[2008-09-03|15:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2008-12-09|18:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[2008-05-28|21:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HipSoft
[2008-12-03|18:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
[2008-12-01|21:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[2008-12-07|16:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[2008-04-29|19:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[2008-10-21|22:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2008-04-15|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[2008-04-15|17:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MotiveSysIDs
[2008-09-18|19:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
[2008-11-12|17:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[2008-12-01|01:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Drivers HeadQuarters
[2008-07-29|16:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools
[2008-05-18|10:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ROBLOX
[2008-12-10|11:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[2008-04-14|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2008-04-17|22:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[2008-12-02|00:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
[2008-12-01|23:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[2008-04-14|17:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[2008-04-28|21:16] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Adobe
[2008-10-05|21:12] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Apple Computer
[2008-09-14|18:22] C:\DOCUME~1\JEAN-S~1\APPLIC~1\DivX
[2008-12-06|20:30] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Google
[2008-04-14|17:36] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Identities
[2008-07-31|15:32] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Itchfork
[2008-05-10|14:46] C:\DOCUME~1\JEAN-S~1\APPLIC~1\iWin
[2008-06-02|16:13] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Leadertech
[2008-12-09|17:38] C:\DOCUME~1\JEAN-S~1\APPLIC~1\LimeWire
[2008-04-28|21:16] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Macromedia
[2008-12-07|16:11] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Malwarebytes
[2008-10-21|23:14] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Microsoft
[2008-04-25|16:19] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Nero
[2008-04-17|10:24] C:\DOCUME~1\JEAN-S~1\APPLIC~1\PC Tools
[2008-05-18|10:57] C:\DOCUME~1\JEAN-S~1\APPLIC~1\ROBLOX
[2008-05-10|14:46] C:\DOCUME~1\JEAN-S~1\APPLIC~1\SpinTop
[2008-04-14|20:12] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Sun
[2008-06-16|13:02] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Ventrilo
[2008-10-15|18:54] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Vso
[2008-11-18|18:12] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Yahoo!

[2008-05-06|08:23] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[2008-05-06|08:22] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
[2008-08-02|16:27] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[2008-08-02|16:27] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[2008-08-29 14:10][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008-12-10 11:00][--ah-----] C:\WINDOWS\tasks\AE4D8704918A3724.job
[2008-12-10 10:51][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2002-08-30 08:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( AE4D8704918A3724.job )=( c:\docume~1\jean-s~1\applic~1\itchfork\Holeslowtitle.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[2008-10-26|10:55] C:\Program Files\3.0.2.8916 PTR Installer US-MX
[2008-08-24|18:57] C:\Program Files\Adobe
[2008-05-13|21:25] C:\Program Files\Alwil Software
[2008-08-04|18:04] C:\Program Files\Apple Software Update
[2008-12-29|22:15] C:\Program Files\AutoRun
[2008-04-14|19:42] C:\Program Files\AvRack
[2008-12-30|11:38] C:\Program Files\Bonjour
[2008-12-07|16:27] C:\Program Files\CCleaner
[2008-05-27|16:09] C:\Program Files\Circle Developement
[2008-10-19|17:04] C:\Program Files\Common Files
[2008-11-03|21:20] C:\Program Files\Conduit
[2008-12-01|00:57] C:\Program Files\directx
[2008-12-01|16:15] C:\Program Files\DirectX9
[2008-04-14|19:08] C:\Program Files\Dr.Hardware 2007 english
[2008-10-22|18:25] C:\Program Files\EA GAMES
[2008-12-30|11:36] C:\Program Files\EA SPORTS
[2008-12-10|10:56] C:\Program Files\Enigma Software Group
[2008-12-10|11:08] C:\Program Files\EsetOnlineScanner
[2008-12-01|21:01] C:\Program Files\Fichiers communs
[2008-04-29|06:30] C:\Program Files\Fun Web Products
[2008-08-23|21:18] C:\Program Files\GamesCampus
[2008-10-14|21:52] C:\Program Files\Google
[2008-12-01|21:05] C:\Program Files\InstallShield Installation Information
[2008-12-10|10:36] C:\Program Files\Internet Explorer
[2008-10-05|11:33] C:\Program Files\iPod
[2008-06-22|22:26] C:\Program Files\Itchfork
[2008-10-05|11:34] C:\Program Files\iTunes
[2008-11-09|13:40] C:\Program Files\Java
[2008-11-09|13:38] C:\Program Files\LimeWire
[2008-12-02|13:50] C:\Program Files\Logitech
[2008-12-07|16:11] C:\Program Files\Malwarebytes' Anti-Malware
[2008-06-18|23:37] C:\Program Files\Manual
[2008-11-12|17:04] C:\Program Files\Messenger
[2008-09-03|15:09] C:\Program Files\Messenger Plus! Live
[2008-08-13|11:27] C:\Program Files\M‚t‚oM‚dia
[2008-04-21|18:58] C:\Program Files\Micro Innovations
[2008-04-18|19:44] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008-04-14|17:30] C:\Program Files\microsoft frontpage
[2008-10-06|19:11] C:\Program Files\Microsoft Office
[2008-10-21|21:37] C:\Program Files\Microsoft Silverlight
[2008-11-12|18:01] C:\Program Files\Movie Maker
[2008-10-06|19:10] C:\Program Files\MSECache
[2008-04-14|17:25] C:\Program Files\MSN
[2008-04-14|17:25] C:\Program Files\MSN Gaming Zone
[2008-11-11|23:44] C:\Program Files\MSXML 4.0
[2008-04-14|17:29] C:\Program Files\MSXML 6.0
[2008-11-12|16:35] C:\Program Files\NetMeeting
[2008-04-14|17:26] C:\Program Files\Online Services
[2008-11-12|18:01] C:\Program Files\Outlook Express
[2008-12-01|01:02] C:\Program Files\PC Drivers HeadQuarters
[2008-11-11|16:46] C:\Program Files\QuickTime
[2008-04-14|19:42] C:\Program Files\Realtek AC97
[2008-04-14|19:42] C:\Program Files\Realtek Sound Manager
[2008-08-03|05:17] C:\Program Files\ReflexiveArcade
[2008-05-18|10:55] C:\Program Files\ROBLOX Corporation
[2008-10-05|11:25] C:\Program Files\Safari
[2008-04-14|17:28] C:\Program Files\Services en ligne
[2008-12-10|10:37] C:\Program Files\Spyware Doctor
[2008-08-11|23:53] C:\Program Files\Sun
[2008-12-29|22:16] C:\Program Files\Support
[2008-11-03|21:21] C:\Program Files\TorrentMan
[2008-12-07|16:04] C:\Program Files\Trend Micro
[2008-12-29|22:16] C:\Program Files\TSBin
[2008-12-29|22:17] C:\Program Files\TSData
[2008-04-14|17:36] C:\Program Files\Uninstall Information
[2008-06-16|12:57] C:\Program Files\Ventrilo
[2008-10-15|18:56] C:\Program Files\vso
[2008-04-17|22:13] C:\Program Files\Windows Live
[2008-04-14|17:26] C:\Program Files\Windows Media Connect 2
[2008-11-12|16:35] C:\Program Files\Windows Media Player
[2008-11-12|16:35] C:\Program Files\Windows NT
[2008-04-14|17:28] C:\Program Files\WindowsUpdate
[2008-04-14|18:20] C:\Program Files\WinRAR
[2008-12-09|23:06] C:\Program Files\World of Warcraft
[2008-11-12|17:15] C:\Program Files\World of Warcraft Public Test
[2008-04-16|13:58] C:\Program Files\World of Warcraft Trial
[2008-04-16|14:30] C:\Program Files\WoW-2.0.0-enUS-Installer
[2008-04-14|17:30] C:\Program Files\xerox
[2008-12-01|23:55] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[2008-04-14|20:35] C:\Program Files\Fichiers communs\Adobe
[2008-04-15|20:49] C:\Program Files\Fichiers communs\Apple
[2008-11-11|14:55] C:\Program Files\Fichiers communs\Blizzard Entertainment
[2008-04-14|20:44] C:\Program Files\Fichiers communs\DESIGNER
[2008-04-14|21:12] C:\Program Files\Fichiers communs\InstallShield
[2008-04-14|20:01] C:\Program Files\Fichiers communs\Java
[2008-12-01|21:35] C:\Program Files\Fichiers communs\logishrd
[2008-12-01|21:30] C:\Program Files\Fichiers communs\Logitech
[2008-10-21|22:33] C:\Program Files\Fichiers communs\Microsoft Shared
[2008-04-14|17:27] C:\Program Files\Fichiers communs\MSSoap
[2008-12-30|11:20] C:\Program Files\Fichiers communs\Nero
[2008-04-14|13:54] C:\Program Files\Fichiers communs\ODBC
[2008-07-29|16:18] C:\Program Files\Fichiers communs\PC Tools
[2008-04-14|17:27] C:\Program Files\Fichiers communs\Services
[2008-04-14|13:54] C:\Program Files\Fichiers communs\SpeechEngines
[2008-10-28|18:41] C:\Program Files\Fichiers communs\Symantec Shared
[2008-11-12|16:35] C:\Program Files\Fichiers communs\System
[2008-04-17|22:13] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[2008-06-16|12:56] C:\Program Files\Fichiers communs\Wise Installation Wizard

--------------------\\ Process

( 57 Processes )

IEXPLORE.EXE ~ [PID:5944]

--------------------\\ Recherche avec S_Lop

C:\DOCUME~1\JEAN-S~1\LOCALS~1\Temp\bis107.exe
C:\DOCUME~1\JEAN-S~1\LOCALS~1\Temp\bis17.exe
C:\DOCUME~1\JEAN-S~1\LOCALS~1\Temp\bisF.exe

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag
C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork
C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork\FAST BEEP SIXTH FLAP.exe
C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork\ikivmdtb.exe
C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork\kbwohozq.exe
C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork\kgnaobxx.exe
C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork\lhvdpgbe.exe
C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork\rnepovkx.exe
C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork\spjlslvq.exe
C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork\umurfxly.exe
C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork\xeros.exe
C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork\zkyqmdfa.exe
C:\Program Files\itchfork
C:\DOCUME~1\JEAN-S~1\LOCALS~1\Temp\nsisdt.dll
C:\Program Files\Circle Developement
C:\WINDOWS\Tasks\AE4D8704918A3724.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts MODIFIE

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 [i]ww/iw.drivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.errorprotector.com ## added by CiD
127.0.0.1 [i]ww/iw.errorsafe.com ## added by CiD
127.0.0.1 [i]ww/iw.systemdoctor.com ## added by CiD
127.0.0.1 [i]ww/iw.utils.winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.win-anti-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.win-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispam.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispy.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispyware.com ## added by CiD
127.0.0.1 [i]ww/iw.winantivirus.com ## added by CiD
127.0.0.1 [i]ww/iw.winantiviruspro.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivesafe.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer2006.com ## added by CiD
127.0.0.1 [i]ww/iw.winsoftware.com ## added by CiD

-> 72 [ 70 ## added by CiD ]

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 11:38:58
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 21

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\JEAN-S~1\Mes documents\LimeWire\Saved\eek-a-mouse - Crack Cocaine and Marijuana.mp3
C:\DOCUME~1\JEAN-S~1\Mes documents\LimeWire\Saved\Silverfall Earth Awakening Crack FIXED + Serial to Play Online PC
C:\DOCUME~1\JEAN-S~1\Mes documents\LimeWire\Saved\Silverfall Earth Awakening Crack FIXED + Serial to Play Online PC\Password instructions.html
C:\DOCUME~1\JEAN-S~1\Mes documents\LimeWire\Saved\Silverfall Earth Awakening Crack FIXED + Serial to Play Online PC\Password instructions.txt
C:\DOCUME~1\JEAN-S~1\Mes documents\LimeWire\Saved\Silverfall Earth Awakening Crack FIXED + Serial to Play Online PC\sfallEAfixed
C:\DOCUME~1\JEAN-S~1\Mes documents\LimeWire\Saved\Silverfall Earth Awakening Crack FIXED + Serial to Play Online PC\sfallEAfixed.rar


[F:2699][D:153]-> C:\DOCUME~1\JEAN-S~1\LOCALS~1\Temp
[F:83][D:0]-> C:\DOCUME~1\JEAN-S~1\Cookies
[F:454][D:9]-> C:\DOCUME~1\JEAN-S~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 2008-12-10|11:41 - Option : [1]

--------------------\\ Fin du rapport a 11:41:17
0
Réponse 16 / 33
jstlovesnow Messages postés 24 Date d'inscription mercredi 10 décembre 2008 Statut Membre Dernière intervention 16 janvier 2010 1
10 déc. 2008 à 16:41
--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3000+ )
BIOS : Default System BIOS
USER : Jean-Sébastien ( Administrator )
BOOT : Normal boot
Antivirus : ESET NOD32 Antivirus 3.0 3.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:72 Go (Free:22 Go)
D:\ (Local Disk) - NTFS - Total:2 Go (Free:2 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 2008-12-10|11:36 )

--------------------\\ Listing des dossiers dans APPLIC~1


[2008-10-05|11:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008-04-14|20:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2008-04-15|20:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[2008-04-15|20:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2008-08-02|16:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg8
[2008-10-15|17:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Blizzard
[2008-07-30|15:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag
[2008-04-14|20:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESET
[2008-09-03|15:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2008-12-09|18:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[2008-05-28|21:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HipSoft
[2008-12-03|18:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
[2008-12-01|21:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[2008-12-07|16:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[2008-04-29|19:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[2008-10-21|22:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2008-04-15|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[2008-04-15|17:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MotiveSysIDs
[2008-09-18|19:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
[2008-11-12|17:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[2008-12-01|01:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Drivers HeadQuarters
[2008-07-29|16:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools
[2008-05-18|10:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ROBLOX
[2008-12-10|11:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[2008-04-14|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2008-04-17|22:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[2008-12-02|00:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
[2008-12-01|23:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[2008-04-14|17:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[2008-04-28|21:16] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Adobe
[2008-10-05|21:12] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Apple Computer
[2008-09-14|18:22] C:\DOCUME~1\JEAN-S~1\APPLIC~1\DivX
[2008-12-06|20:30] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Google
[2008-04-14|17:36] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Identities
[2008-07-31|15:32] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Itchfork
[2008-05-10|14:46] C:\DOCUME~1\JEAN-S~1\APPLIC~1\iWin
[2008-06-02|16:13] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Leadertech
[2008-12-09|17:38] C:\DOCUME~1\JEAN-S~1\APPLIC~1\LimeWire
[2008-04-28|21:16] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Macromedia
[2008-12-07|16:11] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Malwarebytes
[2008-10-21|23:14] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Microsoft
[2008-04-25|16:19] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Nero
[2008-04-17|10:24] C:\DOCUME~1\JEAN-S~1\APPLIC~1\PC Tools
[2008-05-18|10:57] C:\DOCUME~1\JEAN-S~1\APPLIC~1\ROBLOX
[2008-05-10|14:46] C:\DOCUME~1\JEAN-S~1\APPLIC~1\SpinTop
[2008-04-14|20:12] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Sun
[2008-06-16|13:02] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Ventrilo
[2008-10-15|18:54] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Vso
[2008-11-18|18:12] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Yahoo!

[2008-05-06|08:23] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[2008-05-06|08:22] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
[2008-08-02|16:27] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[2008-08-02|16:27] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[2008-08-29 14:10][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008-12-10 11:00][--ah-----] C:\WINDOWS\tasks\AE4D8704918A3724.job
[2008-12-10 10:51][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2002-08-30 08:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( AE4D8704918A3724.job )=( c:\docume~1\jean-s~1\applic~1\itchfork\Holeslowtitle.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[2008-10-26|10:55] C:\Program Files\3.0.2.8916 PTR Installer US-MX
[2008-08-24|18:57] C:\Program Files\Adobe
[2008-05-13|21:25] C:\Program Files\Alwil Software
[2008-08-04|18:04] C:\Program Files\Apple Software Update
[2008-12-29|22:15] C:\Program Files\AutoRun
[2008-04-14|19:42] C:\Program Files\AvRack
[2008-12-30|11:38] C:\Program Files\Bonjour
[2008-12-07|16:27] C:\Program Files\CCleaner
[2008-05-27|16:09] C:\Program Files\Circle Developement
[2008-10-19|17:04] C:\Program Files\Common Files
[2008-11-03|21:20] C:\Program Files\Conduit
[2008-12-01|00:57] C:\Program Files\directx
[2008-12-01|16:15] C:\Program Files\DirectX9
[2008-04-14|19:08] C:\Program Files\Dr.Hardware 2007 english
[2008-10-22|18:25] C:\Program Files\EA GAMES
[2008-12-30|11:36] C:\Program Files\EA SPORTS
[2008-12-10|10:56] C:\Program Files\Enigma Software Group
[2008-12-10|11:08] C:\Program Files\EsetOnlineScanner
[2008-12-01|21:01] C:\Program Files\Fichiers communs
[2008-04-29|06:30] C:\Program Files\Fun Web Products
[2008-08-23|21:18] C:\Program Files\GamesCampus
[2008-10-14|21:52] C:\Program Files\Google
[2008-12-01|21:05] C:\Program Files\InstallShield Installation Information
[2008-12-10|10:36] C:\Program Files\Internet Explorer
[2008-10-05|11:33] C:\Program Files\iPod
[2008-06-22|22:26] C:\Program Files\Itchfork
[2008-10-05|11:34] C:\Program Files\iTunes
[2008-11-09|13:40] C:\Program Files\Java
[2008-11-09|13:38] C:\Program Files\LimeWire
[2008-12-02|13:50] C:\Program Files\Logitech
[2008-12-07|16:11] C:\Program Files\Malwarebytes' Anti-Malware
[2008-06-18|23:37] C:\Program Files\Manual
[2008-11-12|17:04] C:\Program Files\Messenger
[2008-09-03|15:09] C:\Program Files\Messenger Plus! Live
[2008-08-13|11:27] C:\Program Files\M‚t‚oM‚dia
[2008-04-21|18:58] C:\Program Files\Micro Innovations
[2008-04-18|19:44] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008-04-14|17:30] C:\Program Files\microsoft frontpage
[2008-10-06|19:11] C:\Program Files\Microsoft Office
[2008-10-21|21:37] C:\Program Files\Microsoft Silverlight
[2008-11-12|18:01] C:\Program Files\Movie Maker
[2008-10-06|19:10] C:\Program Files\MSECache
[2008-04-14|17:25] C:\Program Files\MSN
[2008-04-14|17:25] C:\Program Files\MSN Gaming Zone
[2008-11-11|23:44] C:\Program Files\MSXML 4.0
[2008-04-14|17:29] C:\Program Files\MSXML 6.0
[2008-11-12|16:35] C:\Program Files\NetMeeting
[2008-04-14|17:26] C:\Program Files\Online Services
[2008-11-12|18:01] C:\Program Files\Outlook Express
[2008-12-01|01:02] C:\Program Files\PC Drivers HeadQuarters
[2008-11-11|16:46] C:\Program Files\QuickTime
[2008-04-14|19:42] C:\Program Files\Realtek AC97
[2008-04-14|19:42] C:\Program Files\Realtek Sound Manager
[2008-08-03|05:17] C:\Program Files\ReflexiveArcade
[2008-05-18|10:55] C:\Program Files\ROBLOX Corporation
[2008-10-05|11:25] C:\Program Files\Safari
[2008-04-14|17:28] C:\Program Files\Services en ligne
[2008-12-10|10:37] C:\Program Files\Spyware Doctor
[2008-08-11|23:53] C:\Program Files\Sun
[2008-12-29|22:16] C:\Program Files\Support
[2008-11-03|21:21] C:\Program Files\TorrentMan
[2008-12-07|16:04] C:\Program Files\Trend Micro
[2008-12-29|22:16] C:\Program Files\TSBin
[2008-12-29|22:17] C:\Program Files\TSData
[2008-04-14|17:36] C:\Program Files\Uninstall Information
[2008-06-16|12:57] C:\Program Files\Ventrilo
[2008-10-15|18:56] C:\Program Files\vso
[2008-04-17|22:13] C:\Program Files\Windows Live
[2008-04-14|17:26] C:\Program Files\Windows Media Connect 2
[2008-11-12|16:35] C:\Program Files\Windows Media Player
[2008-11-12|16:35] C:\Program Files\Windows NT
[2008-04-14|17:28] C:\Program Files\WindowsUpdate
[2008-04-14|18:20] C:\Program Files\WinRAR
[2008-12-09|23:06] C:\Program Files\World of Warcraft
[2008-11-12|17:15] C:\Program Files\World of Warcraft Public Test
[2008-04-16|13:58] C:\Program Files\World of Warcraft Trial
[2008-04-16|14:30] C:\Program Files\WoW-2.0.0-enUS-Installer
[2008-04-14|17:30] C:\Program Files\xerox
[2008-12-01|23:55] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[2008-04-14|20:35] C:\Program Files\Fichiers communs\Adobe
[2008-04-15|20:49] C:\Program Files\Fichiers communs\Apple
[2008-11-11|14:55] C:\Program Files\Fichiers communs\Blizzard Entertainment
[2008-04-14|20:44] C:\Program Files\Fichiers communs\DESIGNER
[2008-04-14|21:12] C:\Program Files\Fichiers communs\InstallShield
[2008-04-14|20:01] C:\Program Files\Fichiers communs\Java
[2008-12-01|21:35] C:\Program Files\Fichiers communs\logishrd
[2008-12-01|21:30] C:\Program Files\Fichiers communs\Logitech
[2008-10-21|22:33] C:\Program Files\Fichiers communs\Microsoft Shared
[2008-04-14|17:27] C:\Program Files\Fichiers communs\MSSoap
[2008-12-30|11:20] C:\Program Files\Fichiers communs\Nero
[2008-04-14|13:54] C:\Program Files\Fichiers communs\ODBC
[2008-07-29|16:18] C:\Program Files\Fichiers communs\PC Tools
[2008-04-14|17:27] C:\Program Files\Fichiers communs\Services
[2008-04-14|13:54] C:\Program Files\Fichiers communs\SpeechEngines
[2008-10-28|18:41] C:\Program Files\Fichiers communs\Symantec Shared
[2008-11-12|16:35] C:\Program Files\Fichiers communs\System
[2008-04-17|22:13] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[2008-06-16|12:56] C:\Program Files\Fichiers communs\Wise Installation Wizard

--------------------\\ Process

( 57 Processes )

IEXPLORE.EXE ~ [PID:5944]

--------------------\\ Recherche avec S_Lop

C:\DOCUME~1\JEAN-S~1\LOCALS~1\Temp\bis107.exe
C:\DOCUME~1\JEAN-S~1\LOCALS~1\Temp\bis17.exe
C:\DOCUME~1\JEAN-S~1\LOCALS~1\Temp\bisF.exe

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag
C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork
C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork\FAST BEEP SIXTH FLAP.exe
C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork\ikivmdtb.exe
C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork\kbwohozq.exe
C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork\kgnaobxx.exe
C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork\lhvdpgbe.exe
C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork\rnepovkx.exe
C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork\spjlslvq.exe
C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork\umurfxly.exe
C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork\xeros.exe
C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork\zkyqmdfa.exe
C:\Program Files\itchfork
C:\DOCUME~1\JEAN-S~1\LOCALS~1\Temp\nsisdt.dll
C:\Program Files\Circle Developement
C:\WINDOWS\Tasks\AE4D8704918A3724.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts MODIFIE

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 [i]ww/iw.drivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.errorprotector.com ## added by CiD
127.0.0.1 [i]ww/iw.errorsafe.com ## added by CiD
127.0.0.1 [i]ww/iw.systemdoctor.com ## added by CiD
127.0.0.1 [i]ww/iw.utils.winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.win-anti-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.win-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispam.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispy.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispyware.com ## added by CiD
127.0.0.1 [i]ww/iw.winantivirus.com ## added by CiD
127.0.0.1 [i]ww/iw.winantiviruspro.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivesafe.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer2006.com ## added by CiD
127.0.0.1 [i]ww/iw.winsoftware.com ## added by CiD

-> 72 [ 70 ## added by CiD ]

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 11:38:58
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 21

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\JEAN-S~1\Mes documents\LimeWire\Saved\eek-a-mouse - Crack Cocaine and Marijuana.mp3
C:\DOCUME~1\JEAN-S~1\Mes documents\LimeWire\Saved\Silverfall Earth Awakening Crack FIXED + Serial to Play Online PC
C:\DOCUME~1\JEAN-S~1\Mes documents\LimeWire\Saved\Silverfall Earth Awakening Crack FIXED + Serial to Play Online PC\Password instructions.html
C:\DOCUME~1\JEAN-S~1\Mes documents\LimeWire\Saved\Silverfall Earth Awakening Crack FIXED + Serial to Play Online PC\Password instructions.txt
C:\DOCUME~1\JEAN-S~1\Mes documents\LimeWire\Saved\Silverfall Earth Awakening Crack FIXED + Serial to Play Online PC\sfallEAfixed
C:\DOCUME~1\JEAN-S~1\Mes documents\LimeWire\Saved\Silverfall Earth Awakening Crack FIXED + Serial to Play Online PC\sfallEAfixed.rar


[F:2699][D:153]-> C:\DOCUME~1\JEAN-S~1\LOCALS~1\Temp
[F:83][D:0]-> C:\DOCUME~1\JEAN-S~1\Cookies
[F:454][D:9]-> C:\DOCUME~1\JEAN-S~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 2008-12-10|11:41 - Option : [1]

--------------------\\ Fin du rapport a 11:41:17
0
Réponse 17 / 33
jstlovesnow Messages postés 24 Date d'inscription mercredi 10 décembre 2008 Statut Membre Dernière intervention 16 janvier 2010 1
10 déc. 2008 à 16:50
--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3000+ )
BIOS : Default System BIOS
USER : Jean-Sébastien ( Administrator )
BOOT : Normal boot
Antivirus : ESET NOD32 Antivirus 3.0 3.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:72 Go (Free:22 Go)
D:\ (Local Disk) - NTFS - Total:2 Go (Free:2 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 2008-12-10|11:45 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork\FAST BEEP SIXTH FLAP.exe
Supprime! - C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork\ikivmdtb.exe
Supprime! - C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork\kbwohozq.exe
Supprime! - C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork\kgnaobxx.exe
Supprime! - C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork\lhvdpgbe.exe
Supprime! - C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork\rnepovkx.exe
Supprime! - C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork\spjlslvq.exe
Supprime! - C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork\umurfxly.exe
Supprime! - C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork\xeros.exe
Supprime! - C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork\zkyqmdfa.exe
Supprime! - C:\DOCUME~1\JEAN-S~1\LOCALS~1\Temp\nsisdt.dll
Supprime! - C:\WINDOWS\Tasks\AE4D8704918A3724.job
Supprime! - C:\DOCUME~1\JEAN-S~1\LOCALS~1\Temp\bis107.exe
Supprime! - C:\DOCUME~1\JEAN-S~1\LOCALS~1\Temp\bis17.exe
Supprime! - C:\DOCUME~1\JEAN-S~1\LOCALS~1\Temp\bisF.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag
Supprime! - C:\DOCUME~1\JEAN-S~1\APPLIC~1\itchfork
Supprime! - C:\Program Files\itchfork
Supprime! - C:\Program Files\Circle Developement
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1


[2008-10-05|11:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008-04-14|20:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2008-04-15|20:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[2008-04-15|20:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2008-08-02|16:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg8
[2008-10-15|17:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Blizzard
[2008-04-14|20:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESET
[2008-09-03|15:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2008-12-09|18:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[2008-05-28|21:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HipSoft
[2008-12-03|18:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
[2008-12-01|21:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[2008-12-07|16:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[2008-04-29|19:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[2008-10-21|22:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2008-04-15|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[2008-04-15|17:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MotiveSysIDs
[2008-09-18|19:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
[2008-11-12|17:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[2008-12-01|01:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Drivers HeadQuarters
[2008-07-29|16:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools
[2008-05-18|10:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ROBLOX
[2008-12-10|11:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[2008-04-14|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2008-04-17|22:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[2008-12-02|00:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
[2008-12-01|23:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[2008-04-14|17:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[2008-04-28|21:16] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Adobe
[2008-10-05|21:12] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Apple Computer
[2008-09-14|18:22] C:\DOCUME~1\JEAN-S~1\APPLIC~1\DivX
[2008-12-06|20:30] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Google
[2008-04-14|17:36] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Identities
[2008-05-10|14:46] C:\DOCUME~1\JEAN-S~1\APPLIC~1\iWin
[2008-06-02|16:13] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Leadertech
[2008-12-09|17:38] C:\DOCUME~1\JEAN-S~1\APPLIC~1\LimeWire
[2008-04-28|21:16] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Macromedia
[2008-12-07|16:11] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Malwarebytes
[2008-10-21|23:14] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Microsoft
[2008-04-25|16:19] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Nero
[2008-04-17|10:24] C:\DOCUME~1\JEAN-S~1\APPLIC~1\PC Tools
[2008-05-18|10:57] C:\DOCUME~1\JEAN-S~1\APPLIC~1\ROBLOX
[2008-05-10|14:46] C:\DOCUME~1\JEAN-S~1\APPLIC~1\SpinTop
[2008-04-14|20:12] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Sun
[2008-06-16|13:02] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Ventrilo
[2008-10-15|18:54] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Vso
[2008-11-18|18:12] C:\DOCUME~1\JEAN-S~1\APPLIC~1\Yahoo!

[2008-05-06|08:23] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[2008-05-06|08:22] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
[2008-08-02|16:27] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[2008-08-02|16:27] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[2008-08-29 14:10][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008-12-10 10:51][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2002-08-30 08:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[2008-10-26|10:55] C:\Program Files\3.0.2.8916 PTR Installer US-MX
[2008-08-24|18:57] C:\Program Files\Adobe
[2008-05-13|21:25] C:\Program Files\Alwil Software
[2008-08-04|18:04] C:\Program Files\Apple Software Update
[2008-12-29|22:15] C:\Program Files\AutoRun
[2008-04-14|19:42] C:\Program Files\AvRack
[2008-12-30|11:38] C:\Program Files\Bonjour
[2008-12-07|16:27] C:\Program Files\CCleaner
[2008-10-19|17:04] C:\Program Files\Common Files
[2008-11-03|21:20] C:\Program Files\Conduit
[2008-12-01|00:57] C:\Program Files\directx
[2008-12-01|16:15] C:\Program Files\DirectX9
[2008-04-14|19:08] C:\Program Files\Dr.Hardware 2007 english
[2008-10-22|18:25] C:\Program Files\EA GAMES
[2008-12-30|11:36] C:\Program Files\EA SPORTS
[2008-12-10|10:56] C:\Program Files\Enigma Software Group
[2008-12-10|11:08] C:\Program Files\EsetOnlineScanner
[2008-12-01|21:01] C:\Program Files\Fichiers communs
[2008-04-29|06:30] C:\Program Files\Fun Web Products
[2008-08-23|21:18] C:\Program Files\GamesCampus
[2008-10-14|21:52] C:\Program Files\Google
[2008-12-01|21:05] C:\Program Files\InstallShield Installation Information
[2008-12-10|10:36] C:\Program Files\Internet Explorer
[2008-10-05|11:33] C:\Program Files\iPod
[2008-10-05|11:34] C:\Program Files\iTunes
[2008-11-09|13:40] C:\Program Files\Java
[2008-11-09|13:38] C:\Program Files\LimeWire
[2008-12-02|13:50] C:\Program Files\Logitech
[2008-12-07|16:11] C:\Program Files\Malwarebytes' Anti-Malware
[2008-06-18|23:37] C:\Program Files\Manual
[2008-11-12|17:04] C:\Program Files\Messenger
[2008-09-03|15:09] C:\Program Files\Messenger Plus! Live
[2008-08-13|11:27] C:\Program Files\M‚t‚oM‚dia
[2008-04-21|18:58] C:\Program Files\Micro Innovations
[2008-04-18|19:44] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008-04-14|17:30] C:\Program Files\microsoft frontpage
[2008-10-06|19:11] C:\Program Files\Microsoft Office
[2008-10-21|21:37] C:\Program Files\Microsoft Silverlight
[2008-11-12|18:01] C:\Program Files\Movie Maker
[2008-10-06|19:10] C:\Program Files\MSECache
[2008-04-14|17:25] C:\Program Files\MSN
[2008-04-14|17:25] C:\Program Files\MSN Gaming Zone
[2008-11-11|23:44] C:\Program Files\MSXML 4.0
[2008-04-14|17:29] C:\Program Files\MSXML 6.0
[2008-11-12|16:35] C:\Program Files\NetMeeting
[2008-04-14|17:26] C:\Program Files\Online Services
[2008-11-12|18:01] C:\Program Files\Outlook Express
[2008-12-01|01:02] C:\Program Files\PC Drivers HeadQuarters
[2008-11-11|16:46] C:\Program Files\QuickTime
[2008-04-14|19:42] C:\Program Files\Realtek AC97
[2008-04-14|19:42] C:\Program Files\Realtek Sound Manager
[2008-08-03|05:17] C:\Program Files\ReflexiveArcade
[2008-05-18|10:55] C:\Program Files\ROBLOX Corporation
[2008-10-05|11:25] C:\Program Files\Safari
[2008-04-14|17:28] C:\Program Files\Services en ligne
[2008-12-10|10:37] C:\Program Files\Spyware Doctor
[2008-08-11|23:53] C:\Program Files\Sun
[2008-12-29|22:16] C:\Program Files\Support
[2008-11-03|21:21] C:\Program Files\TorrentMan
[2008-12-07|16:04] C:\Program Files\Trend Micro
[2008-12-29|22:16] C:\Program Files\TSBin
[2008-12-29|22:17] C:\Program Files\TSData
[2008-04-14|17:36] C:\Program Files\Uninstall Information
[2008-06-16|12:57] C:\Program Files\Ventrilo
[2008-10-15|18:56] C:\Program Files\vso
[2008-04-17|22:13] C:\Program Files\Windows Live
[2008-04-14|17:26] C:\Program Files\Windows Media Connect 2
[2008-11-12|16:35] C:\Program Files\Windows Media Player
[2008-11-12|16:35] C:\Program Files\Windows NT
[2008-04-14|17:28] C:\Program Files\WindowsUpdate
[2008-04-14|18:20] C:\Program Files\WinRAR
[2008-12-09|23:06] C:\Program Files\World of Warcraft
[2008-11-12|17:15] C:\Program Files\World of Warcraft Public Test
[2008-04-16|13:58] C:\Program Files\World of Warcraft Trial
[2008-04-16|14:30] C:\Program Files\WoW-2.0.0-enUS-Installer
[2008-04-14|17:30] C:\Program Files\xerox
[2008-12-01|23:55] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[2008-04-14|20:35] C:\Program Files\Fichiers communs\Adobe
[2008-04-15|20:49] C:\Program Files\Fichiers communs\Apple
[2008-11-11|14:55] C:\Program Files\Fichiers communs\Blizzard Entertainment
[2008-04-14|20:44] C:\Program Files\Fichiers communs\DESIGNER
[2008-04-14|21:12] C:\Program Files\Fichiers communs\InstallShield
[2008-04-14|20:01] C:\Program Files\Fichiers communs\Java
[2008-12-01|21:35] C:\Program Files\Fichiers communs\logishrd
[2008-12-01|21:30] C:\Program Files\Fichiers communs\Logitech
[2008-10-21|22:33] C:\Program Files\Fichiers communs\Microsoft Shared
[2008-04-14|17:27] C:\Program Files\Fichiers communs\MSSoap
[2008-12-30|11:20] C:\Program Files\Fichiers communs\Nero
[2008-04-14|13:54] C:\Program Files\Fichiers communs\ODBC
[2008-07-29|16:18] C:\Program Files\Fichiers communs\PC Tools
[2008-04-14|17:27] C:\Program Files\Fichiers communs\Services
[2008-04-14|13:54] C:\Program Files\Fichiers communs\SpeechEngines
[2008-10-28|18:41] C:\Program Files\Fichiers communs\Symantec Shared
[2008-11-12|16:35] C:\Program Files\Fichiers communs\System
[2008-04-17|22:13] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[2008-06-16|12:56] C:\Program Files\Fichiers communs\Wise Installation Wizard

--------------------\\ Process

( 54 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 11:48:12
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 21

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\JEAN-S~1\Mes documents\LimeWire\Saved\eek-a-mouse - Crack Cocaine and Marijuana.mp3
C:\DOCUME~1\JEAN-S~1\Mes documents\LimeWire\Saved\Silverfall Earth Awakening Crack FIXED + Serial to Play Online PC
C:\DOCUME~1\JEAN-S~1\Mes documents\LimeWire\Saved\Silverfall Earth Awakening Crack FIXED + Serial to Play Online PC\Password instructions.html
C:\DOCUME~1\JEAN-S~1\Mes documents\LimeWire\Saved\Silverfall Earth Awakening Crack FIXED + Serial to Play Online PC\Password instructions.txt
C:\DOCUME~1\JEAN-S~1\Mes documents\LimeWire\Saved\Silverfall Earth Awakening Crack FIXED + Serial to Play Online PC\sfallEAfixed
C:\DOCUME~1\JEAN-S~1\Mes documents\LimeWire\Saved\Silverfall Earth Awakening Crack FIXED + Serial to Play Online PC\sfallEAfixed.rar


[F:2694][D:153]-> C:\DOCUME~1\JEAN-S~1\LOCALS~1\Temp
[F:83][D:0]-> C:\DOCUME~1\JEAN-S~1\Cookies
[F:461][D:9]-> C:\DOCUME~1\JEAN-S~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 2008-12-10|11:41 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 2008-12-10|11:49 - Option : [2]

--------------------\\ Fin du rapport a 11:49:51
0
Réponse 18 / 33
jstlovesnow Messages postés 24 Date d'inscription mercredi 10 décembre 2008 Statut Membre Dernière intervention 16 janvier 2010 1
10 déc. 2008 à 16:58
-----------\\ ToolBar S&D 1.2.6 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3000+ )
BIOS : Default System BIOS
USER : Jean-Sébastien ( Administrator )
BOOT : Normal boot
Antivirus : ESET NOD32 Antivirus 3.0 3.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:72 Go (Free:22 Go)
D:\ (Local Disk) - NTFS - Total:2 Go (Free:2 Go)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
Option : [1] ( 2008-12-10|11:56 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\Fun Web Products
C:\Program Files\Fun Web Products\MSNMessenger
C:\Program Files\Fun Web Products\MSNMessenger\MSNBackgrounds
C:\DOCUME~1\JEAN-S~1\LOCALS~1\Temp\ICD1.tmp

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://ca.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://ca.search.yahoo.com/"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://ca.yahoo.com/"
"Default_Search_URL"="http://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://ca.search.yahoo.com/"
"Search Page"="http://ca.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://ca.search.yahoo.com/"
"Start Page"="https://ca.yahoo.com/"
"Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\JEAN-S~1\Mes documents\LimeWire\Saved\eek-a-mouse - Crack Cocaine and Marijuana.mp3
C:\DOCUME~1\JEAN-S~1\Mes documents\LimeWire\Saved\Silverfall Earth Awakening Crack FIXED + Serial to Play Online PC
C:\DOCUME~1\JEAN-S~1\Mes documents\LimeWire\Saved\Silverfall Earth Awakening Crack FIXED + Serial to Play Online PC\Password instructions.html
C:\DOCUME~1\JEAN-S~1\Mes documents\LimeWire\Saved\Silverfall Earth Awakening Crack FIXED + Serial to Play Online PC\Password instructions.txt
C:\DOCUME~1\JEAN-S~1\Mes documents\LimeWire\Saved\Silverfall Earth Awakening Crack FIXED + Serial to Play Online PC\sfallEAfixed
C:\DOCUME~1\JEAN-S~1\Mes documents\LimeWire\Saved\Silverfall Earth Awakening Crack FIXED + Serial to Play Online PC\sfallEAfixed.rar



1 - "C:\ToolBar SD\TB_1.txt" - 2008-12-10|11:57 - Option : [1]

-----------\\ Fin du rapport a 11:57:23,81
0
Réponse 19 / 33
jstlovesnow Messages postés 24 Date d'inscription mercredi 10 décembre 2008 Statut Membre Dernière intervention 16 janvier 2010 1
10 déc. 2008 à 17:02
-----------\\ ToolBar S&D 1.2.6 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3000+ )
BIOS : Default System BIOS
USER : Jean-Sébastien ( Administrator )
BOOT : Normal boot
Antivirus : ESET NOD32 Antivirus 3.0 3.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:72 Go (Free:22 Go)
D:\ (Local Disk) - NTFS - Total:2 Go (Free:2 Go)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
Option : [2] ( 2008-12-10|12:00 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\Fun Web Products\MSNMessenger
Supprime! - C:\DOCUME~1\JEAN-S~1\LOCALS~1\Temp\ICD1.tmp
Supprime! - C:\Program Files\Fun Web Products

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://ca.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://ca.search.yahoo.com/"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://ca.yahoo.com/"
"Default_Search_URL"="http://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://ca.search.yahoo.com/"
"Search Page"="http://ca.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://ca.search.yahoo.com/"
"Start Page"="https://www.msn.com/fr-fr/"
"Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\JEAN-S~1\Mes documents\LimeWire\Saved\eek-a-mouse - Crack Cocaine and Marijuana.mp3
C:\DOCUME~1\JEAN-S~1\Mes documents\LimeWire\Saved\Silverfall Earth Awakening Crack FIXED + Serial to Play Online PC
C:\DOCUME~1\JEAN-S~1\Mes documents\LimeWire\Saved\Silverfall Earth Awakening Crack FIXED + Serial to Play Online PC\Password instructions.html
C:\DOCUME~1\JEAN-S~1\Mes documents\LimeWire\Saved\Silverfall Earth Awakening Crack FIXED + Serial to Play Online PC\Password instructions.txt
C:\DOCUME~1\JEAN-S~1\Mes documents\LimeWire\Saved\Silverfall Earth Awakening Crack FIXED + Serial to Play Online PC\sfallEAfixed
C:\DOCUME~1\JEAN-S~1\Mes documents\LimeWire\Saved\Silverfall Earth Awakening Crack FIXED + Serial to Play Online PC\sfallEAfixed.rar



1 - "C:\ToolBar SD\TB_1.txt" - 2008-12-10|11:57 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 2008-12-10|12:02 - Option : [2]

-----------\\ Fin du rapport a 12:02:00,57
0
Réponse 20 / 33
jstlovesnow Messages postés 24 Date d'inscription mercredi 10 décembre 2008 Statut Membre Dernière intervention 16 janvier 2010 1
10 déc. 2008 à 17:08
SmitFraudFix v2.382

Rapport fait à 12:06:46,56, 2008-12-10
Executé à partir de C:\Documents and Settings\Jean-S‚bastien\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\Documents and Settings\Jean-Sébastien\Application Data\Google\kjzna1562565.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jean-Sébastien\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jean-S‚bastien


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JEAN-S~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jean-S‚bastien\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JEAN-S~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Google\googletoolbar1.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 142.166.145.137
DNS Server Search Order: 142.177.2.130

HKLM\SYSTEM\CCS\Services\Tcpip\..\{89C58DB9-5E83-4CCE-82CF-D767D34179A5}: NameServer=142.166.145.137 142.177.2.130
HKLM\SYSTEM\CS1\Services\Tcpip\..\{89C58DB9-5E83-4CCE-82CF-D767D34179A5}: NameServer=142.166.145.137 142.177.2.130
HKLM\SYSTEM\CS3\Services\Tcpip\..\{89C58DB9-5E83-4CCE-82CF-D767D34179A5}: NameServer=142.166.145.137 142.177.2.130


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0