Sujet Précédent Sujet Suivant

Virus vundo.of

Fermé
chanur - 18 déc. 2008 à 15:30
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 25 déc. 2008 à 12:44
Bonjour,
je viens de faire une analyse avec hjackthis, parce que j'ai le trojan vundo.of.
voici mon rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:24:27, on 18/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\evelyne\local settings\application data\ceaue.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\FileZilla\filezilla.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st#home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {42fc8449-482b-4b7a-91ba-6fa9aa193ea7} - C:\WINDOWS\system32\vagivoho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoBho - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PrintMe - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - C:\Program Files\EFI\PrintMeToolbar\htpmcap.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCome.dll
O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O3 - Toolbar: PrintMe - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - C:\Program Files\EFI\PrintMeToolbar\htpmcap.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCome.dll
O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Proc Deaf Delete Peak] C:\Documents and Settings\All Users\Application Data\file joy proc deaf\Exit Copy.exe
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [vizonojope] Rundll32.exe "C:\WINDOWS\system32\zimuworo.dll",s
O4 - HKLM\..\Run: [c8f15057] rundll32.exe "C:\WINDOWS\system32\pupuzuno.dll",b
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [CPMcbc263cb] Rundll32.exe "c:\windows\system32\yajosofo.dll",a
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Hope Trans] C:\DOCUME~1\Evelyne\APPLIC~1\OOZEDE~1\Burn base.exe
O4 - HKCU\..\Run: [ceaue] "c:\documents and settings\evelyne\local settings\application data\ceaue.exe" ceaue
O4 - HKUS\S-1-5-19\..\Run: [vizonojope] Rundll32.exe "C:\WINDOWS\system32\zimuworo.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [vizonojope] Rundll32.exe "C:\WINDOWS\system32\zimuworo.dll",s (User 'SERVICE RÉSEAU')
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\pefedamu.dll c:\windows\system32\yajosofo.dll c:\windows\system32\kolopiro.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yajosofo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yajosofo.dll
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
A voir également:

55 réponses

Réponse 1 / 55
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
18 déc. 2008 à 15:49
si tu n'avais que vundo ......tu as oublié du lop, navipromo .......




télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
1
Réponse 2 / 55
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
19 déc. 2008 à 19:24
salut,


lop S&D en mode 2 (nettoyage) ?
1
Réponse 3 / 55
sherred Messages postés 8346 Date d'inscription samedi 26 janvier 2008 Statut Membre Dernière intervention 25 mars 2024 350
18 déc. 2008 à 15:47
bonjour
Télécharge combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
clique combofix.exe.
touche 1 (Yes) pour démarrer le scan.
une fois fini un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
Le rapport se trouve également ici : C:\Combofix.txt

Déconnecte toi d'internet ferme les fenêtres de tous les programmes en cours.et provisoirement
arrete les anti virus et autres protection pendand l'analyse
Pendant la durée de l'analyse ne te sert pas de ton pc

une fois l'analyse terminé ,remet toute tes protections antivirus et antispywares

---------------------------------------------------------------------------------------------------------------
Télécharge Ad-Remover (de C_XX) sur ton Bureau.

/!\ Déconnecte toi et ferme toutes les applications en cours /!\

● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Fais un clic-droit sur l'icône Ad-remover située sur ton Bureau et choisis "Exécuter en temps qu'administrateur"
● Au menu principal choisis l'option "A"
● Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report(date).log )
http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
0
Réponse 4 / 55
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
18 déc. 2008 à 15:51
Salut,

pour suivre.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 55
sherred Messages postés 8346 Date d'inscription samedi 26 janvier 2008 Statut Membre Dernière intervention 25 mars 2024 350
18 déc. 2008 à 15:57
houla tous les pro sont là...je vous laisse faire
0
Réponse 6 / 55
totobetourne Messages postés 5592 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 6 juin 2012 65
18 déc. 2008 à 16:02
belle collection.

tu dois avoir un comportement a risque ou bien aussi comme quoi pas de vrai pare feu.
0
Réponse 7 / 55
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
18 déc. 2008 à 16:42
Slt

Pour suivre

0
Réponse 8 / 55
5Chanur Messages postés 23 Date d'inscription jeudi 18 décembre 2008 Statut Membre Dernière intervention 22 décembre 2008
18 déc. 2008 à 17:52
Merci , de votre réactivité.
Je vais donc suivre les instructions de jlpjlp puisque sherred laisse ça place.

J'ai un frère qui a mis la main sur mon pc pendant 1 journée et qui c'est inscrit sur plein site porno et de rencontre et autres...

Comme vous devez vous en douter mon pc rame , dès que je peut , je poste le rapport.

Nouveau nom enregistrer 5 chanur :p
0
Réponse 9 / 55
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
18 déc. 2008 à 17:55
ok mets combofix et un nouveau rapport hijackthis

a plus et coucou à tous
0
Réponse 10 / 55
5Chanur Messages postés 23 Date d'inscription jeudi 18 décembre 2008 Statut Membre Dernière intervention 22 décembre 2008
19 déc. 2008 à 06:09
Rapport de combo fix :


ComboFix 08-12-17.01 - Evelyne 2008-12-19 5:25:27.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1014.179 [GMT 1:00]
Lancé depuis: c:\documents and settings\Evelyne\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
c:\windows\system32\ladasazo.dll
c:\windows\system32\kolopiro.dll
c:\windows\system32\yajosofo.dll


(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Evelyne\Local Settings\Application Data\ceaue.dat
c:\documents and settings\Evelyne\Local Settings\Application Data\ceaue.exe
c:\documents and settings\Evelyne\Local Settings\Application Data\ceaue_nav.dat
c:\documents and settings\Evelyne\Local Settings\Application Data\ceaue_navps.dat
c:\program files\internetgamebox
c:\program files\internetgamebox\language
c:\program files\internetgamebox\ressources\AttenteOff.html
c:\program files\internetgamebox\ressources\AttenteOn.html
c:\program files\internetgamebox\ressources\configv2_en.xml
c:\program files\internetgamebox\ressources\configv2_es.xml
c:\program files\internetgamebox\ressources\configv2_fr.xml
c:\program files\internetgamebox\ressources\favoris\defaultv2.swf
c:\program files\internetgamebox\skins\skinv2.skn
c:\windows\system32\awewibut.ini
c:\windows\system32\dasofupu.dll
c:\windows\system32\ekinuyit.ini
c:\windows\system32\hememefo.dll
c:\windows\system32\izohanek.ini
c:\windows\system32\kenahozi.dll
c:\windows\system32\kolopiro.dll.vir
c:\windows\system32\mafopiwo.dll
c:\windows\system32\mijikive.dll
c:\windows\system32\mizenode.dll
c:\windows\system32\onuzupup.ini
c:\windows\system32\pulobuha.dll
c:\windows\system32\pupuzuno.dll
c:\windows\system32\puzujoda.dll
c:\windows\system32\tiyunike.dll
c:\windows\system32\tubiwewa.dll
c:\windows\system32\tuneyevi.dll
c:\windows\system32\ufasezay.ini
c:\windows\system32\umapazug.ini
c:\windows\system32\uruyubof.ini
c:\windows\system32\uvuwehaw.ini
c:\windows\system32\vagivoho.dll
c:\windows\system32\wahewuvu.dll
c:\windows\system32\yajosofo.dll.vir
c:\windows\system32\yazesafu.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


((((((((((((((((((((((((((((( Fichiers créés du 2008-11-19 au 2008-12-19 ))))))))))))))))))))))))))))))))))))
.

2008-12-19 05:39 . 2008-12-19 05:39 120 ---hs---- c:\windows\system32\uruyubof.ini
2008-12-19 04:28 . 2004-08-04 00:54 154,112 --a------ c:\windows\system32\irftp.exe
2008-12-19 04:28 . 2004-08-04 00:54 154,112 --a--c--- c:\windows\system32\dllcache\irftp.exe
2008-12-19 04:28 . 2004-08-04 00:54 28,160 --a------ c:\windows\system32\irmon.dll
2008-12-19 04:28 . 2004-08-04 00:54 28,160 --a--c--- c:\windows\system32\dllcache\irmon.dll
2008-12-19 04:28 . 2004-08-04 00:54 8,192 --a------ c:\windows\system32\wshirda.dll
2008-12-19 04:28 . 2004-08-04 00:54 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2008-12-18 17:03 . 2008-12-18 18:31 <REP> d-------- c:\windows\system32\CatRoot_bak
2008-12-18 15:34 . 2008-04-11 19:51 683,520 --a------ c:\windows\system32\SET18D.tmp
2008-12-18 15:33 . 2008-09-04 17:45 1,106,944 --a------ c:\windows\system32\SET17A.tmp
2008-12-18 15:26 . 2008-06-14 18:59 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-18 15:23 . 2008-12-18 15:23 <REP> d-------- c:\program files\Trend Micro
2008-12-18 15:19 . 2008-08-14 14:44 2,182,400 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-18 15:19 . 2008-08-14 14:44 2,138,112 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-18 15:19 . 2008-08-14 14:44 2,059,776 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-18 15:19 . 2008-08-14 14:44 2,017,792 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-18 14:06 . 2008-10-15 17:59 332,800 --a------ c:\windows\system32\SET17F.tmp
2008-12-18 13:15 . 2008-12-12 18:35 3,081,216 --a------ c:\windows\system32\SET1A0.tmp
2008-12-18 13:14 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-18 11:12 . 2006-12-07 07:40 2,362,184 --a------ c:\windows\system32\SET192.tmp
2008-12-18 10:59 . 2005-02-08 11:37 167,936 -ra------ c:\windows\system32\igfxres.dll
2008-12-18 10:45 . 2004-08-05 13:00 131,584 --a--c--- c:\windows\system32\dllcache\pmxviceo.dll
2008-12-18 10:44 . 2004-08-05 13:00 92,416 --a--c--- c:\windows\system32\dllcache\mga.sys
2008-12-18 10:44 . 2004-08-05 13:00 92,032 --a--c--- c:\windows\system32\dllcache\mga.dll
2008-12-18 10:44 . 2001-08-23 17:47 65,536 --a--c--- c:\windows\system32\dllcache\EXCH_mailmsg.dll
2008-12-18 10:44 . 2004-08-05 13:00 36,864 --a--c--- c:\windows\system32\dllcache\iprip.dll
2008-12-18 10:44 . 2004-08-05 13:00 33,792 --a--c--- c:\windows\system32\dllcache\lmmib2.dll
2008-12-18 10:44 . 2004-08-05 13:00 23,040 --a--c--- c:\windows\system32\dllcache\lpdsvc.dll
2008-12-18 10:44 . 2004-08-05 13:00 19,456 --a--c--- c:\windows\system32\dllcache\lprmon.dll
2008-12-18 10:44 . 2004-08-05 13:00 18,432 --a--c--- c:\windows\system32\dllcache\jupiw.dll
2008-12-18 10:44 . 2004-08-05 13:00 7,680 --a--c--- c:\windows\system32\dllcache\migregdb.exe
2008-12-18 10:42 . 2004-08-05 13:00 334,336 --a--c--- c:\windows\system32\dllcache\aqueue.dll
2008-12-18 10:41 . 2004-05-13 00:39 876,653 --a--c--- c:\windows\system32\dllcache\fp4awel.dll
2008-12-18 10:39 . 2008-12-18 10:39 488 -rah----- c:\windows\system32\logonui.exe.manifest
2008-12-18 10:38 . 2004-08-05 13:00 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe
2008-12-18 10:38 . 2008-12-18 10:38 749 -rah----- c:\windows\WindowsShell.Manifest
2008-12-18 10:38 . 2008-12-18 10:38 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2008-12-18 10:38 . 2008-12-18 10:38 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2008-12-18 10:38 . 2008-12-18 10:38 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2008-12-18 10:35 . 2004-08-05 13:00 218,624 --a--c--- c:\windows\system32\dllcache\icwconn1.exe
2008-12-18 10:35 . 2004-08-05 13:00 86,016 --a--c--- c:\windows\system32\dllcache\icwconn2.exe
2008-12-18 10:35 . 2004-08-05 13:00 32,768 --a--c--- c:\windows\system32\dllcache\icwdl.dll
2008-12-18 10:35 . 2004-08-05 13:00 20,480 --a--c--- c:\windows\system32\dllcache\inetwiz.exe
2008-12-18 10:11 . 2004-08-05 13:00 571,392 --a------ c:\windows\system32\TINTLGNT.IME
2008-12-18 10:11 . 2004-08-05 13:00 571,392 --a--c--- c:\windows\system32\dllcache\tintlgnt.ime
2008-12-18 10:11 . 2004-08-05 13:00 480,256 --a--c--- c:\windows\system32\dllcache\cintsetp.exe
2008-12-18 10:11 . 2004-08-05 13:00 455,168 --a--c--- c:\windows\system32\dllcache\tintsetp.exe
2008-12-18 10:11 . 2004-08-05 13:00 198,656 --a--c--- c:\windows\system32\dllcache\cintime.dll
2008-12-18 10:11 . 2004-08-05 13:00 173,568 --a--c--- c:\windows\system32\dllcache\chtskf.dll
2008-12-18 10:11 . 2004-08-05 13:00 97,792 --a--c--- c:\windows\system32\dllcache\chtmbx.dll
2008-12-18 10:11 . 2004-08-05 13:00 56,320 --a--c--- c:\windows\system32\dllcache\chtskdic.dll
2008-12-18 10:11 . 2004-08-05 13:00 44,032 --a--c--- c:\windows\system32\dllcache\tintlphr.exe
2008-12-18 10:11 . 2004-08-05 13:00 21,504 --a--c--- c:\windows\system32\dllcache\cintlgnt.ime
2008-12-18 10:11 . 2004-08-05 13:00 21,504 --a------ c:\windows\system32\CINTLGNT.IME
2008-12-18 10:11 . 2004-08-05 13:00 10,240 --a--c--- c:\windows\system32\dllcache\tmigrate.dll
2008-12-18 10:10 . 2004-08-05 13:00 10,096,640 --a--c--- c:\windows\system32\dllcache\hwxcht.dll
2008-12-18 10:10 . 2004-08-05 13:00 482,304 --a------ c:\windows\system32\PINTLGNT.IME
2008-12-18 10:10 . 2004-08-05 13:00 482,304 --a--c--- c:\windows\system32\dllcache\pintlgnt.ime
2008-12-18 10:10 . 2004-08-05 13:00 70,144 --a--c--- c:\windows\system32\dllcache\pintlphr.exe
2008-12-18 10:10 . 2004-08-05 13:00 67,584 --a--c--- c:\windows\system32\dllcache\pmigrate.dll
2008-12-18 10:10 . 2004-08-05 13:00 59,392 --a--c--- c:\windows\system32\dllcache\imscinst.exe
2008-12-18 10:10 . 2004-08-05 13:00 16,254 --a------ c:\windows\system32\PINTLPAE.HLP
2008-12-18 10:10 . 2004-08-05 13:00 14,821 --a------ c:\windows\system32\PINTLPAD.HLP
2008-12-17 14:35 . 2008-12-17 14:35 <REP> d-------- c:\documents and settings\Evelyne\Tracing
2008-12-17 14:34 . 2008-12-17 14:34 <REP> d-------- c:\program files\Microsoft Silverlight
2008-12-17 14:33 . 2008-12-17 14:33 <REP> d-------- c:\program files\Microsoft Office Outlook Connector
2008-12-17 14:33 . 2008-12-08 17:01 55,136 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2008-12-17 14:31 . 2008-12-17 14:31 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-12-17 14:31 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-12-17 14:28 . 2008-12-17 14:28 <REP> d-------- c:\program files\Windows Live SkyDrive
2008-12-17 14:28 . 2008-12-17 14:34 <REP> d-------- c:\program files\Microsoft
2008-12-17 14:18 . 2008-12-17 14:18 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2008-12-14 14:09 . 2007-09-07 02:41 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2008-12-14 14:09 . 2007-09-07 02:41 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2008-12-14 14:09 . 2007-12-28 01:47 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2008-12-14 14:09 . 2007-09-07 02:41 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2008-12-14 14:09 . 2007-09-07 02:41 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2008-12-14 14:09 . 2007-09-07 02:41 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2008-12-14 14:09 . 2007-09-07 02:41 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2008-12-14 14:09 . 2008-12-14 14:09 <REP> d-------- c:\documents and settings\Administrateur
2008-12-12 00:21 . 2008-12-12 00:23 <REP> d-------- C:\Virtual
2008-12-12 00:19 . 2008-12-12 00:19 <REP> d-------- c:\documents and settings\All Users\Application Data\BufferZone
2008-12-12 00:18 . 2008-12-12 00:18 <REP> d-------- c:\windows\E4153266612C460FAB94C9DB6802459A.TMP
2008-12-12 00:18 . 2008-12-12 00:18 <REP> d-------- c:\program files\securedie
2008-12-12 00:18 . 2008-12-12 00:19 <REP> d-------- c:\program files\Secured IE
2008-12-10 18:23 . 2008-12-10 18:23 <REP> d-------- c:\program files\Avira
2008-12-10 18:23 . 2008-12-10 18:23 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-08 18:22 . 2008-12-08 18:22 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-08 18:21 . 2008-12-08 18:21 <REP> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-12-05 00:11 . 2008-12-05 00:11 308,584 --a------ c:\windows\WLXPGSS.SCR
2008-12-02 22:37 . 2008-12-02 22:37 49,480 --a------ c:\windows\system32\sirenacm.dll
2008-12-02 17:23 . 2008-12-02 17:23 <REP> d-------- c:\program files\Citrix
2008-11-27 20:17 . 2008-12-08 18:23 <REP> d-------- c:\program files\iTunes
2008-11-27 20:17 . 2008-12-08 18:22 <REP> d-------- c:\program files\iPod
2008-11-27 20:13 . 2008-12-08 18:22 <REP> d-------- c:\program files\QuickTime
2008-11-20 19:58 . 2008-12-08 18:19 <REP> d-------- c:\documents and settings\NetworkService\Application Data\agi
2008-11-19 17:23 . 2008-11-19 17:23 <REP> d-------- c:\program files\Kiwee Toolbar
2008-11-19 17:23 . 2008-12-08 18:19 <REP> d-------- c:\documents and settings\LocalService\Application Data\agi
2008-11-19 17:21 . 2008-11-19 17:21 2,117,632 --a------ c:\windows\system32\python25.dll
2008-11-19 17:21 . 2008-09-16 17:26 1,332,197 --a------ c:\windows\system32\pythondll.zip
2008-11-19 17:21 . 2008-11-19 17:21 339,968 --a------ c:\windows\system32\pythoncom25.dll
2008-11-19 17:21 . 2008-11-19 17:21 114,688 --a------ c:\windows\system32\pywintypes25.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-19 04:41 --------- d-----w c:\documents and settings\Evelyne\Application Data\EoRezo
2008-12-19 03:47 95,976 ----a-w c:\windows\system32\ladasazo.dll
2008-12-19 03:47 85,281 --sha-w c:\windows\system32\fobuyuru.dll
2008-12-17 13:33 --------- d-----w c:\program files\Windows Live
2008-12-11 23:27 --------- d-----w c:\program files\eMule
2008-12-11 15:11 --------- d-----w c:\program files\Symantec
2008-12-11 15:11 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2008-12-11 14:59 --------- d-----w c:\program files\Norton AntiVirus
2008-12-10 17:19 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-10 17:18 --------- d-----w c:\documents and settings\Evelyne\Application Data\Apple Computer
2008-12-10 05:01 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-08 17:22 --------- d-----w c:\program files\Fichiers communs\Apple
2008-12-08 17:20 --------- d-----w c:\documents and settings\Evelyne\Application Data\Ooze defy win
2008-12-08 17:19 --------- d-----w c:\program files\Safari
2008-11-06 16:50 --------- d-----w c:\program files\EoRezo
2008-10-30 23:41 --------- d-----w c:\documents and settings\Evelyne\Application Data\Image Zone Express
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 08:04 21,840 ----atw c:\windows\system32\SIntfNT.dll
2008-10-24 08:04 17,212 ----atw c:\windows\system32\SIntf32.dll
2008-10-24 08:04 12,067 ----atw c:\windows\system32\SIntf16.dll
2008-10-23 18:47 4,608 ----a-w c:\windows\system32\w95inf32.dll
2008-10-23 18:47 2,272 ----a-w c:\windows\system32\w95inf16.dll
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\SET175.tmp
2008-10-19 18:43 --------- d-----w c:\program files\PhotoFiltre
2008-10-19 15:11 --------- d-----w c:\documents and settings\Evelyne\Application Data\Printer Info Cache
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 10:38 663,552 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:17 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-07-02 19:07 15,397 ----a-w c:\program files\settings.dat
2008-03-08 19:14 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cd36797a-70f3-4acd-8825-623d3b896881}"= "c:\program files\securedie\tbsecu.dll" [2007-09-06 1453080]

[HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8a5b62c-517f-42a5-85ae-29b5497fb15f}]
2008-08-20 22:03 1780248 --a------ c:\program files\Come2PlayK2P\tbCome.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd36797a-70f3-4acd-8825-623d3b896881}]
2007-09-06 12:28 1453080 --a------ c:\program files\securedie\tbsecu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b8a5b62c-517f-42a5-85ae-29b5497fb15f}"= "c:\program files\Come2PlayK2P\tbCome.dll" [2008-08-20 1780248]
"{cd36797a-70f3-4acd-8825-623d3b896881}"= "c:\program files\securedie\tbsecu.dll" [2007-09-06 1453080]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B8A5B62C-517F-42A5-85AE-29B5497FB15F}"= "c:\program files\Come2PlayK2P\tbCome.dll" [2008-08-20 1780248]
"{CD36797A-70F3-4ACD-8825-623D3B896881}"= "c:\program files\securedie\tbsecu.dll" [2007-09-06 1453080]

[HKEY_CLASSES_ROOT\clsid\{b8a5b62c-517f-42a5-85ae-29b5497fb15f}]

[HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-28 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 860160]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-03-29 233534]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
"Microsoft Works Update Detection"="c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-24 28672]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Proc Deaf Delete Peak"="c:\documents and settings\All Users\Application Data\file joy proc deaf\Exit Copy.exe" [2008-12-19 7565824]
"EoEngine"="c:\program files\EoRezo\EoEngine.exe" [2008-11-01 472912]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-05 44032]
"c8f15057"="c:\windows\system32\fobuyuru.dll" [2008-12-19 85281]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 c:\windows\system32\bthprops.cpl]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 c:\windows\AGRSMMSG.exe]

c:\documents and settings\Evelyne\Menu D‚marrer\Programmes\D‚marrage\
TribalWeb.lnk - c:\program files\TribalWeb\tribalweb.exe [2007-09-27 1077248]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Symantec\\LiveUpdate\\AluSchedulerSvc.exe"=
"c:\\Program Files\\HPQ\\HP Wireless Assistant\\HP Wireless Assistant.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Fichiers communs\\Symantec Shared\\Security Center\\SymSCUI.exe"=

R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2008-12-17 55136]
S3 adiusbae;USB ADSL LAN Adapter;c:\windows\system32\DRIVERS\adiusbae.sys []
S3 fsssvc;Windows Live Contrôle parental;"c:\program files\Windows Live\Family Safety\fsssvc.exe" [2008-12-08 533344]
S3 npkycryp;npkycryp;\??\c:\program files\Gravity\RO\npkycryp.sys []
S3 ovt530;Webcam Deluxe;c:\windows\system32\Drivers\ov530vid.sys [2007-09-11 161792]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0683c52d-b685-11dd-a97c-00150044db48}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fc5556c-8ed2-11dc-a70f-00150044db48}]
\Shell\AutoRun\command - E:\autoplay.exe
.
Contenu du dossier 'Tâches planifiées'

2008-12-19 c:\windows\Tasks\A738181791A38C5B.job
- c:\docume~1\evelyne\applic~1\oozede~1\GreatBallUp.exe []

2008-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{42fc8449-482b-4b7a-91ba-6fa9aa193ea7} - c:\windows\system32\vagivoho.dll
HKCU-Run-Hope Trans - c:\docume~1\Evelyne\APPLIC~1\OOZEDE~1\Burn base.exe
HKCU-Run-ceaue - c:\documents and settings\evelyne\local settings\application data\ceaue.exe
HKLM-Run-vizonojope - c:\windows\system32\zimuworo.dll
HKLM-Run-CPMcbc263cb - c:\windows\system32\kolopiro.dll


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://lo.st#home
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Evelyne\Application Data\Mozilla\Firefox\Profiles\w9ttrjpv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://lo.st#home
FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
FF - component: c:\documents and settings\Evelyne\Application Data\Mozilla\Firefox\Profiles\w9ttrjpv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
FF - component: c:\documents and settings\Evelyne\Application Data\Mozilla\Firefox\Profiles\w9ttrjpv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

[color=red]ATTENTION: FIREFOX POLICES IS IN FORCE [/color]
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("general.useragent.vendorComment", "ax");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.xpconnect.activex.global.hosting_flags", 9);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.classID.allowByDefault", false);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6BF52A52-394A-11D3-B153-00C04F79FAA6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID22D6F312-B0F6-11D0-94AB-0080C74C7E95", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.rights.version", 3);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.rights.3.shown", false);
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-19 05:37:51
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????6?8?1?9??????? ???B?????????????hLC? ??????

Recherche de fichiers cachés ...


c:\windows\system32\uruyubof.ini 120 bytes

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\searchindexer.exe
c:\program files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
c:\program files\Apoint2K\ApntEx.exe
c:\windows\system32\rundll32.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\windows\system32\rundll32.exe
c:\program files\HPQ\shared\hpqwmi.exe
c:\windows\system32\searchprotocolhost.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\program files\Hp\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Heure de fin: 2008-12-19 5:46:01 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-19 04:45:49

Avant-CF: 35 021 230 080 octets libres
Après-CF: 35,250,487,296 octets libres

401 --- E O F --- 2008-12-18 17:09:33




Rapport deHijackthis :



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:55, on 19/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st#home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoBho - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PrintMe - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - C:\Program Files\EFI\PrintMeToolbar\htpmcap.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCome.dll
O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O3 - Toolbar: PrintMe - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - C:\Program Files\EFI\PrintMeToolbar\htpmcap.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCome.dll
O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Proc Deaf Delete Peak] C:\Documents and Settings\All Users\Application Data\file joy proc deaf\Exit Copy.exe
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [c8f15057] rundll32.exe "C:\WINDOWS\system32\fobuyuru.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
0
Réponse 11 / 55
Utilisateur anonyme
19 déc. 2008 à 06:46
poursuivre......bonjour a tous
0
Réponse 12 / 55
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
19 déc. 2008 à 13:17
ok je n'attendais plus ... un peu occupé pour le script ce jour...

pour avancer on va faire:



1/
Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
http://sd-1.archive-host.com/membres/up/16506160323759868/AD­-R.exe

/!\ Déconnectes toi et fermes toutes applications en cours

● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


2/

---> Télécharge Lop S&D sur ton Bureau
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
---> Double-clique dessus pour lancer l'installation
---> Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
---> Séléctionne la langue souhaitée, puis choisis l'option 1 (Recherche)
---> Patiente jusqu'à la fin du scan
---> Poste le rapport généré (C:\lopR.txt)

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

Si tu as un problème pour utiliser Lop S&D, regarde dans le tutorial :
http://bibou0007.com/outils-specifiques-f78/tutorial-lop-sd-t956.htm#11431
0
Réponse 13 / 55
5Chanur Messages postés 23 Date d'inscription jeudi 18 décembre 2008 Statut Membre Dernière intervention 22 décembre 2008
19 déc. 2008 à 17:19
Liens non valide , erreur 404 :
Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
http://sd-1.archive-host.com/membres/up/16506160323759868/AD­­-R.exe

Je passe a l'étape 2?

J'ai pris le liens qu'il y a au début de ce forum , donc étape 1 c'est partie :s


Rapport AD-REMOVER :



--------- Logfile of AD-Remover 1.0.7.8 by C_XX ---------

# START at: 17:30:04 | Ven 19/12/2008 | Microsoft® Windows XP™ SP2 (v5.1.2600)
# BOOT MODE: Normal

# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

# PC: EVELYNE-59CAD7C | USER: Evelyne ( Current user is an administrator)

# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: CDFS)

# Internet Explorer v6.0.2900.2180

--------- [ RUNNING PROCESSES: 56 ] ---------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\ntvdm.exe

-----------------------------------


+-----------------------| Boonty/Boonty Games Elements found :

"HKEY_CURRENT_USER\SOFTWARE\Boonty"
"HKEY_LOCAL_MACHINE\Software\Boonty"
.
[27/09/2007 22:33|d--------] C:\PROGRA~1\Boonty
[27/09/2007 22:33|d--------] C:\PROGRA~1\Boonty\COMPON~1
[27/09/2007 22:33|--a------] C:\PROGRA~1\Boonty\COMPON~1\MUSIC_~1.EXE
[27/09/2007 22:33|d--------] C:\PROGRA~1\BOONTY~1
[27/09/2007 22:33|d--------] C:\PROGRA~1\FICHIE~1\BOONTY~1
[27/09/2007 22:33|d--------] C:\PROGRA~1\FICHIE~1\BOONTY~1\Service
[27/09/2007 22:33|--a------] C:\PROGRA~1\FICHIE~1\BOONTY~1\Service\Boonty.exe
[27/09/2007 22:33|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[27/09/2007 22:33|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY\Licenses
[27/09/2007 22:35|-r-------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY\Licenses\B5014000.dat

+-----------------------| Eorezo Elements found :

"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\EoRezoBHO.DLL"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "EoEngine"
.
[06/11/2008 17:50|d--------] C:\PROGRA~1\EoRezo
[27/06/2007 13:56|--a------] C:\PROGRA~1\EoRezo\CONFME~1.CYP
[06/11/2008 17:50|d--------] C:\PROGRA~1\EoRezo\EoAdv
[01/11/2008 15:55|--a------] C:\PROGRA~1\EoRezo\EoEngine.exe
[06/11/2008 17:50|--a------] C:\PROGRA~1\EoRezo\eoEngine.url
[24/10/2008 15:42|--a------] C:\PROGRA~1\EoRezo\EOMULT~1.DLL
[01/11/2008 15:56|--a------] C:\PROGRA~1\EoRezo\EOREZO~1.DLL
[24/10/2008 16:08|--a------] C:\PROGRA~1\EoRezo\EOREZO~4.DLL
[24/10/2008 16:08|--a------] C:\PROGRA~1\EoRezo\EO6115~1.DLL
[24/10/2008 16:09|--a------] C:\PROGRA~1\EoRezo\EO4511~1.DLL
[24/10/2008 16:09|--a------] C:\PROGRA~1\EoRezo\EO4515~1.DLL
[24/10/2008 16:10|--a------] C:\PROGRA~1\EoRezo\EO5519~1.DLL
[24/10/2008 15:43|--a------] C:\PROGRA~1\EoRezo\EO551D~1.DLL
[24/10/2008 16:10|--a------] C:\PROGRA~1\EoRezo\EOREZO~2.DLL
[24/10/2008 16:11|--a------] C:\PROGRA~1\EoRezo\EOREZO~3.DLL
[24/10/2008 16:22|--a------] C:\PROGRA~1\EoRezo\EO6CF9~1.DLL
[24/10/2008 16:23|--a------] C:\PROGRA~1\EoRezo\EO400A~1.DLL
[24/10/2008 16:23|--a------] C:\PROGRA~1\EoRezo\EO400E~1.DLL
[24/10/2008 16:25|--a------] C:\PROGRA~1\EoRezo\EO5002~1.DLL
[24/10/2008 16:25|--a------] C:\PROGRA~1\EoRezo\EO5006~1.DLL
[01/11/2008 15:56|--a------] C:\PROGRA~1\EoRezo\EO600A~1.DLL
[26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\FREEIM~1.DLL
[26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\Host.cyp
[06/11/2008 17:50|d--------] C:\PROGRA~1\EoRezo\lang
[01/11/2008 15:58|--a------] C:\PROGRA~1\EoRezo\MNGINS~1.DLL
[06/11/2008 17:50|--a------] C:\PROGRA~1\EoRezo\unins000.dat
[06/11/2008 17:50|--a------] C:\PROGRA~1\EoRezo\unins000.exe
[21/12/2007 10:23|--a------] C:\PROGRA~1\EoRezo\user.cyp
[07/11/2007 01:19|--a------] C:\PROGRA~1\EoRezo\EoAdv\atl90.dll
[24/10/2008 15:37|--a------] C:\PROGRA~1\EoRezo\EoAdv\EoAdv.dll
[16/10/2008 12:50|--a------] C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL
[07/11/2007 01:19|--a------] C:\PROGRA~1\EoRezo\EoAdv\mfc90.dll
[06/11/2007 20:24|--a------] C:\PROGRA~1\EoRezo\EoAdv\MICROS~1.MAN
[06/11/2007 20:24|--a------] C:\PROGRA~1\EoRezo\EoAdv\MICROS~2.MAN
[06/11/2007 22:51|--a------] C:\PROGRA~1\EoRezo\EoAdv\MICROS~3.MAN
[07/11/2007 01:19|--a------] C:\PROGRA~1\EoRezo\EoAdv\msvcr90.dll
[26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\IHM_EO~3.XML
[26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\IH935B~1.XML
[26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\IHM_EO~1.XML
[26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\IH0447~1.XML
[26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\IHM_EO~2.XML
[26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\IHM_EO~4.XML
[26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\lang_en.xml
[26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\lang_es.xml
[26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\lang_fr.xml
[26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\lang_it.xml
[19/12/2008 17:19|d--------] C:\DOCUME~1\Evelyne\APPLIC~1\EoRezo
[06/11/2008 17:50|--a------] C:\DOCUME~1\Evelyne\APPLIC~1\EoRezo\cmhost.cyp
[19/12/2008 04:54|--a------] C:\DOCUME~1\Evelyne\APPLIC~1\EoRezo\CONFME~1.CYP
[19/12/2008 04:54|--a------] C:\DOCUME~1\Evelyne\APPLIC~1\EoRezo\CONFME~1.OLD
[05/12/2008 13:30|d--------] C:\DOCUME~1\Evelyne\APPLIC~1\EoRezo\db
[19/12/2008 17:19|d--------] C:\DOCUME~1\Evelyne\APPLIC~1\EoRezo\EODESK~1
[19/12/2008 04:54|--a------] C:\DOCUME~1\Evelyne\APPLIC~1\EoRezo\host.cyp
[19/12/2008 17:19|--a------] C:\DOCUME~1\Evelyne\APPLIC~1\EoRezo\user.cyp
[05/12/2008 13:30|--a------] C:\DOCUME~1\Evelyne\APPLIC~1\EoRezo\db\cat.cyp
[19/12/2008 17:19|--a------] C:\DOCUME~1\Evelyne\APPLIC~1\EoRezo\EODESK~1\config.xml
[19/12/2008 17:19|--a------] C:\DOCUME~1\Evelyne\APPLIC~1\EoRezo\EODESK~1\EODESK~1.HTM
[19/12/2008 17:19|--a------] C:\DOCUME~1\Evelyne\APPLIC~1\EoRezo\EODESK~1\USERCO~1.XML
[19/12/2008 05:39|--a------] C:\WINDOWS\Prefetch\EOENGI~1.PF
[16/12/2008 05:53|--a------] C:\DOCUME~1\Evelyne\Cookies\EV90B8~1.TXT
[13/12/2008 03:42|--a------] C:\DOCUME~1\Evelyne\Cookies\EVDC9A~1.TXT
[17/11/2008 02:39|--a------] C:\DOCUME~1\Evelyne\Cookies\EV8914~1.TXT
[12/11/2008 18:16|--a------] C:\DOCUME~1\Evelyne\Cookies\EVELYN~4.TXT

+-----------------------| Everest Poker Elements found :

.

+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

.

+-----------------------| It's TV Elements found :

.

+-----------------------| Sweetim Elements found :

.

+-----------------------| ADDED SCAN :



+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

...\w9ttrjpv.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.5 ~~~~

Start Page : "http://lo.st#home"

+----------+


+---------------------------------------------------------------------------+

+--[HKEY_CURRENT_USER\..\Run]

BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} REG_SZ "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe

+--[HKEY_LOCAL_MACHINE\..\Run]

IMJPMIG8.1 REG_SZ "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
SoundMAXPnP REG_SZ C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
SoundMAX REG_SZ C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
Apoint REG_SZ C:\Program Files\Apoint2K\Apoint.exe
IgfxTray REG_SZ C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds REG_SZ C:\WINDOWS\system32\hkcmd.exe
Cpqset REG_SZ C:\Program Files\HPQ\Default Settings\cpqset.exe
eabconfg.cpl REG_SZ C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
hpWirelessAssistant REG_SZ C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
Microsoft Works Update Detection REG_SZ C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
BluetoothAuthenticationAgent REG_SZ rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
MSPY2002 REG_SZ C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
AGRSMMSG REG_SZ AGRSMMSG.exe
HP Software Update REG_SZ C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
Proc Deaf Delete Peak REG_SZ C:\Documents and Settings\All Users\Application Data\file joy proc deaf\Exit Copy.exe
EoEngine REG_SZ "C:\Program Files\EoRezo\EoEngine.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
AppleSyncNotifier REG_SZ C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
IMEKRMIG6.1 REG_SZ C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
c8f15057 REG_SZ rundll32.exe "C:\WINDOWS\system32\fobuyuru.dll",b

+--[HKEY_USERS\.DEFAULT\..\Run]


+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://lo.st#home

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

+---------------------------------------------------------------------------+

- "C:\AD-report-Scan-19.12.2008.log" (~12250 bytes)

# END at: 17:30:19 | 19/12/2008 - Time elapsed: 15.4 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 210 lines ]
+---------------------------------------------------------------------------+







Rapport Lop :




--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.73GHz )
BIOS : Ver 1.00PARTTBLX
USER : Evelyne ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
Firewall : Norton Internet Worm Protection 2005 (Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:32 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 19/12/2008|17:36 )

--------------------\\ Listing des dossiers dans APPLIC~1

[14/12/2008|14:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[08/12/2008|18:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[06/06/2008|12:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[18/03/2008|09:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[18/03/2008|09:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[10/12/2008|18:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[27/09/2007|22:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[12/12/2008|00:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone
[18/06/2008|22:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[15/10/2008|08:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\file joy proc deaf
[07/09/2007|02:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[02/02/2008|01:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[08/12/2008|18:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
[07/09/2007|01:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpqwmi
[30/03/2008|13:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HPSSUPPLY
[07/09/2007|01:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[15/09/2007|00:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[17/12/2008|14:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[10/12/2008|06:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[20/01/2008|17:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\n7-89-o9-3r-4t-r9
[07/09/2007|18:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[18/09/2007|21:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[11/09/2007|17:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[10/12/2008|18:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[24/09/2007|18:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[07/03/2008|23:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[20/01/2008|10:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[07/09/2007|00:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[23/02/2008|11:26] C:\DOCUME~1\Evelyne\APPLIC~1\Adobe
[06/06/2008|12:06] C:\DOCUME~1\Evelyne\APPLIC~1\AdobeUM
[12/06/2008|22:16] C:\DOCUME~1\Evelyne\APPLIC~1\Ahead
[10/12/2008|18:18] C:\DOCUME~1\Evelyne\APPLIC~1\Apple Computer
[07/04/2008|16:52] C:\DOCUME~1\Evelyne\APPLIC~1\ArcSoft
[24/10/2007|13:31] C:\DOCUME~1\Evelyne\APPLIC~1\DeskSoft
[12/06/2008|22:42] C:\DOCUME~1\Evelyne\APPLIC~1\dvdcss
[19/12/2008|17:35] C:\DOCUME~1\Evelyne\APPLIC~1\EoRezo
[14/09/2007|13:02] C:\DOCUME~1\Evelyne\APPLIC~1\FileZilla
[20/01/2008|17:11] C:\DOCUME~1\Evelyne\APPLIC~1\GameHouse
[09/02/2008|16:32] C:\DOCUME~1\Evelyne\APPLIC~1\Google
[12/09/2007|13:08] C:\DOCUME~1\Evelyne\APPLIC~1\Help
[02/02/2008|02:06] C:\DOCUME~1\Evelyne\APPLIC~1\HP
[20/01/2008|10:58] C:\DOCUME~1\Evelyne\APPLIC~1\Identities
[31/10/2008|00:41] C:\DOCUME~1\Evelyne\APPLIC~1\Image Zone Express
[24/09/2007|18:26] C:\DOCUME~1\Evelyne\APPLIC~1\InstallShield
[08/09/2007|20:44] C:\DOCUME~1\Evelyne\APPLIC~1\InterVideo
[10/10/2007|09:37] C:\DOCUME~1\Evelyne\APPLIC~1\Leadertech
[05/03/2008|18:54] C:\DOCUME~1\Evelyne\APPLIC~1\Macromedia
[12/10/2008|16:46] C:\DOCUME~1\Evelyne\APPLIC~1\Microsoft
[27/08/2008|16:11] C:\DOCUME~1\Evelyne\APPLIC~1\Mozilla
[20/01/2008|16:52] C:\DOCUME~1\Evelyne\APPLIC~1\Mysteryville2
[08/12/2008|18:20] C:\DOCUME~1\Evelyne\APPLIC~1\Ooze defy win
[19/10/2008|16:11] C:\DOCUME~1\Evelyne\APPLIC~1\Printer Info Cache
[09/03/2008|15:37] C:\DOCUME~1\Evelyne\APPLIC~1\Skype
[09/03/2008|13:30] C:\DOCUME~1\Evelyne\APPLIC~1\skypePM
[10/10/2007|09:37] C:\DOCUME~1\Evelyne\APPLIC~1\Sonic
[08/09/2007|21:43] C:\DOCUME~1\Evelyne\APPLIC~1\Sun
[07/09/2007|01:52] C:\DOCUME~1\Evelyne\APPLIC~1\Symantec
[07/09/2007|02:01] C:\DOCUME~1\Evelyne\APPLIC~1\Talkback
[08/09/2007|13:13] C:\DOCUME~1\Evelyne\APPLIC~1\TeamViewer
[19/10/2007|13:18] C:\DOCUME~1\Evelyne\APPLIC~1\TribalWeb
[07/09/2007|02:09] C:\DOCUME~1\Evelyne\APPLIC~1\vlc
[24/10/2007|22:01] C:\DOCUME~1\Evelyne\APPLIC~1\VSO
[05/05/2008|23:25] C:\DOCUME~1\Evelyne\APPLIC~1\Windows Desktop Search
[08/09/2007|14:41] C:\DOCUME~1\Evelyne\APPLIC~1\WinRAR
[20/01/2008|10:58] C:\DOCUME~1\Evelyne\APPLIC~1\Zylom

[08/12/2008|18:19] C:\DOCUME~1\LOCALS~1\APPLIC~1\agi
[24/10/2008|20:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[10/01/2008|03:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\Symantec

[08/12/2008|18:19] C:\DOCUME~1\NETWOR~1\APPLIC~1\agi
[07/09/2007|00:59] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[19/12/2008 17:00][--ah-----] C:\WINDOWS\tasks\A738181791A38C5B.job
[18/12/2008 19:57][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[19/12/2008 14:40][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( A738181791A38C5B.job )=( c:\docume~1\evelyne\applic~1\oozede~1\GreatBallUp.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[04/12/2007|20:15] C:\Program Files\Adobe
[19/12/2008|17:30] C:\Program Files\Ad-remover
[07/09/2007|01:04] C:\Program Files\Analog Devices
[07/09/2007|01:13] C:\Program Files\Apoint2K
[15/10/2008|17:23] C:\Program Files\Apple Software Update
[17/06/2008|21:18] C:\Program Files\ArcSoft
[10/12/2008|18:23] C:\Program Files\Avira
[08/06/2008|12:06] C:\Program Files\BarreDeSurf
[15/10/2008|17:12] C:\Program Files\Bonjour
[27/09/2007|22:33] C:\Program Files\Boonty
[27/09/2007|22:33] C:\Program Files\BoontyGames
[02/12/2008|17:23] C:\Program Files\Citrix
[15/10/2008|08:38] C:\Program Files\Come2PlayK2P
[07/09/2007|00:52] C:\Program Files\ComPlus Applications
[15/10/2008|08:38] C:\Program Files\Conduit
[17/06/2008|21:36] C:\Program Files\Digital Video
[08/09/2007|12:06] C:\Program Files\DynGate
[09/02/2008|16:26] C:\Program Files\EFI
[12/12/2008|00:27] C:\Program Files\eMule
[06/11/2008|17:50] C:\Program Files\EoRezo
[19/12/2008|05:29] C:\Program Files\Fichiers communs
[19/06/2008|14:24] C:\Program Files\FileZilla
[29/03/2008|23:57] C:\Program Files\FlashGet
[02/07/2008|19:55] C:\Program Files\Free PDF2Fax
[27/07/2008|02:12] C:\Program Files\Free.fr
[07/09/2007|02:15] C:\Program Files\freeBrowser
[31/01/2008|21:50] C:\Program Files\GameHouse
[06/03/2008|09:19] C:\Program Files\Google
[08/09/2007|13:14] C:\Program Files\Gravity
[11/09/2007|12:39] C:\Program Files\Hercules
[02/02/2008|01:35] C:\Program Files\Hewlett-Packard
[24/08/2008|18:30] C:\Program Files\Hp
[28/12/2007|02:41] C:\Program Files\HPQ
[24/08/2008|18:59] C:\Program Files\IKEA HomePlanner
[17/10/2008|01:43] C:\Program Files\InstallShield Installation Information
[28/12/2007|02:35] C:\Program Files\Intel
[18/12/2008|18:07] C:\Program Files\Internet Explorer
[07/09/2007|01:24] C:\Program Files\InterVideo
[08/12/2008|18:22] C:\Program Files\iPod
[08/12/2008|18:23] C:\Program Files\iTunes
[24/08/2008|18:33] C:\Program Files\Java
[19/11/2008|17:23] C:\Program Files\Kiwee Toolbar
[03/12/2007|15:18] C:\Program Files\Ma‹do Production
[17/10/2008|01:44] C:\Program Files\Messenger
[17/10/2008|17:39] C:\Program Files\Messenger Plus! Live
[12/01/2008|15:53] C:\Program Files\Micro Application
[17/12/2008|14:34] C:\Program Files\Microsoft
[07/09/2007|00:56] C:\Program Files\microsoft frontpage
[05/05/2008|09:58] C:\Program Files\Microsoft Office
[17/12/2008|14:33] C:\Program Files\Microsoft Office Outlook Connector
[11/09/2007|12:30] C:\Program Files\Microsoft Picture It! 7
[17/12/2008|14:34] C:\Program Files\Microsoft Silverlight
[17/12/2008|14:31] C:\Program Files\Microsoft SQL Server Compact Edition
[05/05/2008|09:58] C:\Program Files\Microsoft Visual Studio
[05/05/2008|09:52] C:\Program Files\Microsoft Visual Studio 8
[05/05/2008|09:59] C:\Program Files\Microsoft Works
[05/05/2008|09:56] C:\Program Files\Microsoft.NET
[18/12/2008|10:37] C:\Program Files\Movie Maker
[19/12/2008|17:31] C:\Program Files\Mozilla Firefox
[05/05/2008|09:58] C:\Program Files\MSBuild
[17/05/2008|16:33] C:\Program Files\MSN
[07/09/2007|00:51] C:\Program Files\MSN Gaming Zone
[04/10/2008|17:04] C:\Program Files\MSXML 4.0
[18/10/2008|00:40] C:\Program Files\MyFreeTV
[29/01/2008|21:32] C:\Program Files\Mysteryville
[20/01/2008|19:14] C:\Program Files\Mysteryville 2
[29/01/2008|12:16] C:\Program Files\Mysteryville Deluxe
[09/12/2007|12:34] C:\Program Files\Nero
[18/12/2008|10:36] C:\Program Files\NetMeeting
[11/12/2008|15:59] C:\Program Files\Norton AntiVirus
[07/09/2007|00:51] C:\Program Files\Online Services
[15/10/2008|08:39] C:\Program Files\Ooze defy win
[18/12/2008|10:36] C:\Program Files\Outlook Express
[06/05/2008|21:36] C:\Program Files\PCStitch 7
[02/07/2008|20:07] C:\Program Files\PDFCreator
[19/10/2008|19:43] C:\Program Files\PhotoFiltre
[21/01/2008|20:25] C:\Program Files\PHP
[29/01/2008|12:14] C:\Program Files\PopCap Games
[08/12/2008|18:22] C:\Program Files\QuickTime
[12/06/2008|18:59] C:\Program Files\RADVideo
[20/01/2008|16:48] C:\Program Files\ReflexiveArcade
[24/02/2008|00:05] C:\Program Files\RegCleaner
[08/12/2008|18:19] C:\Program Files\Safari
[16/10/2008|22:05] C:\Program Files\SAGEM
[12/12/2008|00:19] C:\Program Files\Secured IE
[12/12/2008|00:18] C:\Program Files\securedie
[07/09/2007|00:54] C:\Program Files\Services en ligne
[20/12/2007|13:24] C:\Program Files\Skyline
[08/03/2008|20:13] C:\Program Files\Skype
[07/09/2007|01:34] C:\Program Files\Sonic
[24/08/2008|18:33] C:\Program Files\Sun
[11/12/2008|16:11] C:\Program Files\Symantec
[03/06/2008|03:47] C:\Program Files\Tales of Pirates Online
[08/09/2007|12:05] C:\Program Files\TeamViewer
[18/09/2007|21:35] C:\Program Files\Toshiba
[13/01/2008|02:26] C:\Program Files\TrackMania Nations ESWC
[18/12/2008|15:23] C:\Program Files\Trend Micro
[27/09/2007|21:44] C:\Program Files\TribalWeb
[07/09/2007|01:03] C:\Program Files\Uninstall Information
[16/10/2008|22:28] C:\Program Files\VideoLAN
[18/06/2008|22:37] C:\Program Files\VirginMega
[14/10/2007|22:10] C:\Program Files\VSO
[05/05/2008|10:16] C:\Program Files\Windows Desktop Search
[17/12/2008|14:33] C:\Program Files\Windows Live
[17/12/2008|14:28] C:\Program Files\Windows Live SkyDrive
[18/10/2007|22:13] C:\Program Files\Windows Media Connect 2
[18/12/2008|10:41] C:\Program Files\Windows Media Player
[18/12/2008|10:31] C:\Program Files\Windows NT
[07/09/2007|00:54] C:\Program Files\WindowsUpdate
[08/09/2007|12:11] C:\Program Files\WinRAR
[07/09/2007|00:56] C:\Program Files\xerox
[16/10/2008|22:04] C:\Program Files\Zero G Registry
[29/01/2008|21:28] C:\Program Files\Zylom Games

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[06/06/2008|12:09] C:\Program Files\Fichiers communs\Adobe
[09/12/2007|12:34] C:\Program Files\Fichiers communs\Ahead
[08/12/2008|18:22] C:\Program Files\Fichiers communs\Apple
[11/09/2007|12:42] C:\Program Files\Fichiers communs\ArcSoft
[27/09/2007|22:33] C:\Program Files\Fichiers communs\BOONTY Shared
[05/05/2008|09:58] C:\Program Files\Fichiers communs\DESIGNER
[02/02/2008|01:33] C:\Program Files\Fichiers communs\Hewlett-Packard
[02/02/2008|01:39] C:\Program Files\Fichiers communs\HP
[07/09/2007|01:36] C:\Program Files\Fichiers communs\InstallShield
[07/09/2007|01:36] C:\Program Files\Fichiers communs\Java
[17/12/2008|14:28] C:\Program Files\Fichiers communs\Microsoft Shared
[07/09/2007|00:53] C:\Program Files\Fichiers communs\MSSoap
[07/09/2007|02:43] C:\Program Files\Fichiers communs\ODBC
[07/09/2007|00:53] C:\Program Files\Fichiers communs\Services
[08/03/2008|20:13] C:\Program Files\Fichiers communs\Skype
[07/09/2007|01:34] C:\Program Files\Fichiers communs\Sonic Shared
[07/09/2007|02:43] C:\Program Files\Fichiers communs\SpeechEngines
[07/09/2007|01:34] C:\Program Files\Fichiers communs\SureThing Shared
[11/12/2008|16:11] C:\Program Files\Fichiers communs\Symantec Shared
[18/12/2008|10:36] C:\Program Files\Fichiers communs\System
[07/09/2007|01:35] C:\Program Files\Fichiers communs\TiVo Shared
[17/12/2008|14:18] C:\Program Files\Fichiers communs\Windows Live
[07/03/2008|23:25] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[24/08/2008|18:59] C:\Program Files\Fichiers communs\Wise Installation Wizard

--------------------\\ Process

( 59 Processes )

iexplore.exe ~ [PID:3520]
iexplore.exe ~ [PID:2800]

--------------------\\ Recherche avec S_Lop

C:\DOCUME~1\Evelyne\APPLIC~1\OOZEDE~1

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf
C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf\Exit Copy.exe
C:\DOCUME~1\Evelyne\APPLIC~1\oozede~1
C:\Program Files\oozede~1
C:\DOCUME~1\Evelyne\Cookies\evelyne@advertising[1].txt
C:\DOCUME~1\Evelyne\Cookies\evelyne@advertising[3].txt
C:\DOCUME~1\Evelyne\Cookies\evelyne@banner.cotedazurpalace[2].txt
C:\DOCUME~1\Evelyne\Cookies\evelyne@cotedazurpalace[1].txt
C:\DOCUME~1\Evelyne\Cookies\evelyne@www.cotedazurpalace[1].txt
C:\DOCUME~1\Evelyne\Cookies\evelyne@adopt.euroclick[2].txt
C:\WINDOWS\Tasks\A738181791A38C5B.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WAITAXISDEAF]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\Evelyne\\APPLIC~1\\OOZEDE~1\\Burn base.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Proc Deaf Delete Peak"="C:\\Documents and Settings\\All Users\\Application Data\\file joy proc deaf\\Exit Copy.exe"

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-19 17:37:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:7][D:1]-> C:\DOCUME~1\Evelyne\LOCALS~1\Temp
[F:125][D:0]-> C:\DOCUME~1\Evelyne\Cookies
[F:2][D:0]-> C:\DOCUME~1\Evelyne\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 19/12/2008|17:39 - Option : [1]

--------------------\\ Fin du rapport a 17:39:41
0
Réponse 14 / 55
Utilisateur anonyme
19 déc. 2008 à 17:45
Bonsoir pour avancer :

/!\ Déconnecte-toi et ferme toutes applications en cours /!\


Double-clique sur AD-Remover pour le lancer : au menu principal, choisis l'option B.

Coche à l'écran de sélection :
http://sd-1.archive-host.com/membres/up/16506160323759868/Capturer-ADR.JPG

Suppression Boonty/BoontyGames (Si trouvé)
Suppression Eorezo (Si trouvé)
Suppression Everest Poker (Si trouvé)
Suppression Funwebproduct/MyWay/MyWebsearch (Si trouvé)
Suppression Messenger Skinner (Si trouvé)
Suppression Sweetim (Si trouvé)

Puis choisis S, le programme va travailler.

Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report.log)

/!\ Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide) /!\

Note :

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...)


0
Réponse 15 / 55
5Chanur Messages postés 23 Date d'inscription jeudi 18 décembre 2008 Statut Membre Dernière intervention 22 décembre 2008
19 déc. 2008 à 18:37
Voici le nouveau rapport

--------- Logfile of AD-Remover 1.0.7.8 by C_XX ---------

*** Limited to ***

Boonty/BoontyGames
Eorezo
Everest Poker
Funwebproduct/MyWay/MyWebsearch
It's TV
Sweetim

******************

# START at: 18:32:18 | Ven 19/12/2008 | Microsoft® Windows XP™ SP2 (v5.1.2600)
# BOOT MODE: Normal

# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

# PC: EVELYNE-59CAD7C | USER: Evelyne ( Current user is an administrator)

# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: CDFS)

# Internet Explorer v6.0.2900.2180

--------- [ RUNNING PROCESSES: 54 ] ---------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ntvdm.exe

-----------------------------------

(!) ---- IE start pages reset

+-----------------------| Boonty/Boonty Games Elements Deleted :

"HKEY_CURRENT_USER\SOFTWARE\Boonty"
"HKEY_LOCAL_MACHINE\Software\Boonty"
.
[27/09/2007 22:33|d--------] C:\Program Files\Boonty
[27/09/2007 22:33|d--------] C:\Program Files\BoontyGames
[27/09/2007 22:33|d--------] C:\Program Files\Fichiers communs\BOONTY Shared
[27/09/2007 22:33|d--------] C:\Documents and Settings\All Users\Application Data\BOONTY

+-----------------------| Eorezo Elements Deleted :

"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\EoRezoBHO.DLL"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "EoEngine"
.
[06/11/2008 17:50|d--------] C:\Program Files\EoRezo
[19/12/2008 18:23|d--------] C:\Documents and Settings\Evelyne\Application Data\EoRezo
/!\ NOT DELETED - [19/12/2008 05:39|--a------] C:\WINDOWS\Prefetch\EOENGI~1.PF
[16/12/2008 05:53|--a------] C:\DOCUME~1\Evelyne\Cookies\EV90B8~1.TXT
[13/12/2008 03:42|--a------] C:\DOCUME~1\Evelyne\Cookies\EVDC9A~1.TXT
[17/11/2008 02:39|--a------] C:\DOCUME~1\Evelyne\Cookies\EV8914~1.TXT
[12/11/2008 18:16|--a------] C:\DOCUME~1\Evelyne\Cookies\EVELYN~4.TXT

+-----------------------| Everest Poker Elements Deleted :

.

+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

.

+-----------------------| It's TV Elements Deleted :

.

+-----------------------| Sweetim Elements Deleted :

.

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.


************* /!\ File(s)/Folder(s) Not Deleted /!\ *************

"C:\WINDOWS\Prefetch\EOENGINE.EXE-020B3EA2.pf"

Second run ...

"C:\WINDOWS\Prefetch\EOENGINE.EXE-020B3EA2.pf" - RESIST !


+-----------------------| ADDED SCAN :



+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

...\w9ttrjpv.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.5 ~~~~

Start Page : "http://lo.st#home"

+----------+

+--[HKEY_CURRENT_USER\..\Run]

BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} REG_SZ "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe

+--[HKEY_LOCAL_MACHINE\..\Run]

IMJPMIG8.1 REG_SZ "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
SoundMAXPnP REG_SZ C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
SoundMAX REG_SZ C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
Apoint REG_SZ C:\Program Files\Apoint2K\Apoint.exe
IgfxTray REG_SZ C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds REG_SZ C:\WINDOWS\system32\hkcmd.exe
Cpqset REG_SZ C:\Program Files\HPQ\Default Settings\cpqset.exe
eabconfg.cpl REG_SZ C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
hpWirelessAssistant REG_SZ C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
Microsoft Works Update Detection REG_SZ C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
BluetoothAuthenticationAgent REG_SZ rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
MSPY2002 REG_SZ C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
AGRSMMSG REG_SZ AGRSMMSG.exe
HP Software Update REG_SZ C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
Proc Deaf Delete Peak REG_SZ C:\Documents and Settings\All Users\Application Data\file joy proc deaf\Exit Copy.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
AppleSyncNotifier REG_SZ C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
IMEKRMIG6.1 REG_SZ C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
c8f15057 REG_SZ rundll32.exe "C:\WINDOWS\system32\fobuyuru.dll",b

+--[HKEY_USERS\.DEFAULT\..\Run]


+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://fr.msn.com/

+---------------------------------------------------------------------------+

- "C:\AD-report-Clean-19.12.2008.log" (~8398 bytes)

- "C:\AD-report-Scan-19.12.2008.log" (~12586 bytes)

# END at: 18:34:40 | 19/12/2008 - Time elapsed: 2 minutes, 21 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 159 lines ]
+---------------------------------------------------------------------------+
0
Réponse 16 / 55
Utilisateur anonyme
19 déc. 2008 à 19:11
ok ensuite :


Telecharge maintenant FindyKill sur ton bureau :

http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

--> Lance l installation avec les parametres par default

--> Fais un clic droit sur le raccourci FindyKill sur ton bureau

--> Choisi executer en tant qu administrateur

--> Au menu principal,choisi l option 1 (Recherche)

--> Post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
0
Réponse 17 / 55
5Chanur Messages postés 23 Date d'inscription jeudi 18 décembre 2008 Statut Membre Dernière intervention 22 décembre 2008
19 déc. 2008 à 20:45
voici le rapport
----------------- FindyKill V4.709 ------------------

* User : Evelyne - EVELYNE-59CAD7C
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 10/12/08 par Chiquitine29
* Recherche effectuée à 20:41:47 le 19/12/2008
* Windows XP - Internet Explorer 6.0.2900.2180

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch


»»»» Presence des fichiers dans C:\WINDOWS\system32


»»»» Presence des fichiers dans C:\WINDOWS\system32\config\systemprofile\AppData\Roaming


»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers


»»»» Presence des fichiers dans C:\Documents and Settings\Evelyne\Application Data


»»»» Presence des fichiers dans C:\DOCUME~1\Evelyne\LOCALS~1\Temp


»»»» Presence des fichiers dans C:\Documents and Settings\Evelyne\Local Settings\Temporary Internet Files\Content.IE5

Found ! [31/08/2007 16:40] - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\7B5560BB781B40259A06350E9B643B6E_more.jpg
Found ! [11/09/2007 17:54] - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg
Found ! [30/12/2007 23:13] - C:\Program Files\TrackMania Nations ESWC\GameData\Cache\8f3eb24f_Any%5cAdvertisement%5cTMXDown.jpg
Found ! [30/12/2007 23:13] - C:\Program Files\TrackMania Nations ESWC\GameData\Cache\8f3eb24f_Any%5cAdvertisement%5cTMXDown.jpg.loc

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
SoundMAXPnP=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
SoundMAX=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
Apoint=C:\Program Files\Apoint2K\Apoint.exe
IgfxTray=C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds=C:\WINDOWS\system32\hkcmd.exe
Cpqset=C:\Program Files\HPQ\Default Settings\cpqset.exe
eabconfg.cpl=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
hpWirelessAssistant=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
Microsoft Works Update Detection=C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
BluetoothAuthenticationAgent=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
MSPY2002=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
AGRSMMSG=AGRSMMSG.exe
HP Software Update=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
Proc Deaf Delete Peak=C:\Documents and Settings\All Users\Application Data\file joy proc deaf\Exit Copy.exe
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
AppleSyncNotifier=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
IMEKRMIG6.1=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
c8f15057=rundll32.exe "C:\WINDOWS\system32\fobuyuru.dll",b

[HKEY_CURRENT_USER\software\local appwizard-generated applications\DestComp]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\hpqqpawp]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\hprbui]

--------------- [ Registre / Clés infectieuses ] ----------------



--------------- [ Etat / Services ] ----------------



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 3

Ip6Fw - Type de démarrage = 3

SharedAccess - Type de démarrage = 2

/!\ wuauserv - Type de démarrage = 4

wscsvc - Type de démarrage = 2



--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe

D: - Lecteur de CD-ROM


+- Contenu de l'autorun : D:\autorun.inf

[AutoRun]
open=setup.exe
icon=setup.exe,0



































+- presence des fichiers :

Found ! [05/08/2004 13:00][-r-------] - D:\autorun.inf


--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------
0
Réponse 18 / 55
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
20 déc. 2008 à 10:30
relance lop sd puis
* Choisis cette fois ci l'Option 2 (Suppression)
* Ne ferme pas la fenêtre lors de la suppression !
* Poste le rapport généré (C:\lopR.txt)


(Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

______________________


Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
Réponse 19 / 55
Utilisateur anonyme
20 déc. 2008 à 11:55
salut.....et findy2....non??? :

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 3

Ip6Fw - Type de démarrage = 3

SharedAccess - Type de démarrage = 2

/!\ wuauserv - Type de démarrage = 4

wscsvc - Type de démarrage = 2
0
Réponse 20 / 55
5Chanur Messages postés 23 Date d'inscription jeudi 18 décembre 2008 Statut Membre Dernière intervention 22 décembre 2008
20 déc. 2008 à 13:42
Bonjour voici les rapports demandés

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.73GHz )
BIOS : Ver 1.00PARTTBLX
USER : Evelyne ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
Firewall : Norton Internet Worm Protection 2005 (Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:32 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 20/12/2008|13:35 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf\Exit Copy.exe
Supprime! - C:\DOCUME~1\Evelyne\Cookies\evelyne@advertising[1].txt
Supprime! - C:\DOCUME~1\Evelyne\Cookies\evelyne@advertising[3].txt
Supprime! - C:\DOCUME~1\Evelyne\Cookies\evelyne@banner.cotedazurpalace[2].txt
Supprime! - C:\DOCUME~1\Evelyne\Cookies\evelyne@cotedazurpalace[1].txt
Supprime! - C:\DOCUME~1\Evelyne\Cookies\evelyne@www.cotedazurpalace[1].txt
Supprime! - C:\DOCUME~1\Evelyne\Cookies\evelyne@adopt.euroclick[2].txt
Supprime! - C:\WINDOWS\Tasks\A738181791A38C5B.job
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf
Supprime! - C:\DOCUME~1\Evelyne\APPLIC~1\oozede~1
Supprime! - C:\Program Files\oozede~1

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[14/12/2008|14:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[08/12/2008|18:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[06/06/2008|12:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[18/03/2008|09:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[18/03/2008|09:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[10/12/2008|18:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[12/12/2008|00:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone
[18/06/2008|22:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[07/09/2007|02:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[02/02/2008|01:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[08/12/2008|18:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
[07/09/2007|01:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpqwmi
[30/03/2008|13:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HPSSUPPLY
[07/09/2007|01:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[15/09/2007|00:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[17/12/2008|14:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[10/12/2008|06:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[20/01/2008|17:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\n7-89-o9-3r-4t-r9
[07/09/2007|18:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[18/09/2007|21:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[11/09/2007|17:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[10/12/2008|18:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[24/09/2007|18:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[07/03/2008|23:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[20/01/2008|10:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[07/09/2007|00:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[23/02/2008|11:26] C:\DOCUME~1\Evelyne\APPLIC~1\Adobe
[06/06/2008|12:06] C:\DOCUME~1\Evelyne\APPLIC~1\AdobeUM
[12/06/2008|22:16] C:\DOCUME~1\Evelyne\APPLIC~1\Ahead
[10/12/2008|18:18] C:\DOCUME~1\Evelyne\APPLIC~1\Apple Computer
[07/04/2008|16:52] C:\DOCUME~1\Evelyne\APPLIC~1\ArcSoft
[24/10/2007|13:31] C:\DOCUME~1\Evelyne\APPLIC~1\DeskSoft
[12/06/2008|22:42] C:\DOCUME~1\Evelyne\APPLIC~1\dvdcss
[14/09/2007|13:02] C:\DOCUME~1\Evelyne\APPLIC~1\FileZilla
[20/01/2008|17:11] C:\DOCUME~1\Evelyne\APPLIC~1\GameHouse
[09/02/2008|16:32] C:\DOCUME~1\Evelyne\APPLIC~1\Google
[12/09/2007|13:08] C:\DOCUME~1\Evelyne\APPLIC~1\Help
[02/02/2008|02:06] C:\DOCUME~1\Evelyne\APPLIC~1\HP
[20/01/2008|10:58] C:\DOCUME~1\Evelyne\APPLIC~1\Identities
[31/10/2008|00:41] C:\DOCUME~1\Evelyne\APPLIC~1\Image Zone Express
[24/09/2007|18:26] C:\DOCUME~1\Evelyne\APPLIC~1\InstallShield
[08/09/2007|20:44] C:\DOCUME~1\Evelyne\APPLIC~1\InterVideo
[10/10/2007|09:37] C:\DOCUME~1\Evelyne\APPLIC~1\Leadertech
[05/03/2008|18:54] C:\DOCUME~1\Evelyne\APPLIC~1\Macromedia
[12/10/2008|16:46] C:\DOCUME~1\Evelyne\APPLIC~1\Microsoft
[27/08/2008|16:11] C:\DOCUME~1\Evelyne\APPLIC~1\Mozilla
[20/01/2008|16:52] C:\DOCUME~1\Evelyne\APPLIC~1\Mysteryville2
[19/10/2008|16:11] C:\DOCUME~1\Evelyne\APPLIC~1\Printer Info Cache
[09/03/2008|15:37] C:\DOCUME~1\Evelyne\APPLIC~1\Skype
[09/03/2008|13:30] C:\DOCUME~1\Evelyne\APPLIC~1\skypePM
[10/10/2007|09:37] C:\DOCUME~1\Evelyne\APPLIC~1\Sonic
[08/09/2007|21:43] C:\DOCUME~1\Evelyne\APPLIC~1\Sun
[07/09/2007|01:52] C:\DOCUME~1\Evelyne\APPLIC~1\Symantec
[07/09/2007|02:01] C:\DOCUME~1\Evelyne\APPLIC~1\Talkback
[08/09/2007|13:13] C:\DOCUME~1\Evelyne\APPLIC~1\TeamViewer
[19/10/2007|13:18] C:\DOCUME~1\Evelyne\APPLIC~1\TribalWeb
[07/09/2007|02:09] C:\DOCUME~1\Evelyne\APPLIC~1\vlc
[24/10/2007|22:01] C:\DOCUME~1\Evelyne\APPLIC~1\VSO
[05/05/2008|23:25] C:\DOCUME~1\Evelyne\APPLIC~1\Windows Desktop Search
[08/09/2007|14:41] C:\DOCUME~1\Evelyne\APPLIC~1\WinRAR
[20/01/2008|10:58] C:\DOCUME~1\Evelyne\APPLIC~1\Zylom

[08/12/2008|18:19] C:\DOCUME~1\LOCALS~1\APPLIC~1\agi
[24/10/2008|20:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[10/01/2008|03:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\Symantec

[08/12/2008|18:19] C:\DOCUME~1\NETWOR~1\APPLIC~1\agi
[07/09/2007|00:59] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[18/12/2008 19:57][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[20/12/2008 13:19][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[04/12/2007|20:15] C:\Program Files\Adobe
[19/12/2008|18:35] C:\Program Files\Ad-remover
[07/09/2007|01:04] C:\Program Files\Analog Devices
[07/09/2007|01:13] C:\Program Files\Apoint2K
[15/10/2008|17:23] C:\Program Files\Apple Software Update
[17/06/2008|21:18] C:\Program Files\ArcSoft
[10/12/2008|18:23] C:\Program Files\Avira
[08/06/2008|12:06] C:\Program Files\BarreDeSurf
[15/10/2008|17:12] C:\Program Files\Bonjour
[02/12/2008|17:23] C:\Program Files\Citrix
[15/10/2008|08:38] C:\Program Files\Come2PlayK2P
[07/09/2007|00:52] C:\Program Files\ComPlus Applications
[15/10/2008|08:38] C:\Program Files\Conduit
[17/06/2008|21:36] C:\Program Files\Digital Video
[08/09/2007|12:06] C:\Program Files\DynGate
[09/02/2008|16:26] C:\Program Files\EFI
[12/12/2008|00:27] C:\Program Files\eMule
[19/12/2008|18:33] C:\Program Files\Fichiers communs
[19/06/2008|14:24] C:\Program Files\FileZilla
[19/12/2008|20:43] C:\Program Files\FindyKill
[29/03/2008|23:57] C:\Program Files\FlashGet
[02/07/2008|19:55] C:\Program Files\Free PDF2Fax
[27/07/2008|02:12] C:\Program Files\Free.fr
[07/09/2007|02:15] C:\Program Files\freeBrowser
[31/01/2008|21:50] C:\Program Files\GameHouse
[06/03/2008|09:19] C:\Program Files\Google
[08/09/2007|13:14] C:\Program Files\Gravity
[11/09/2007|12:39] C:\Program Files\Hercules
[02/02/2008|01:35] C:\Program Files\Hewlett-Packard
[24/08/2008|18:30] C:\Program Files\Hp
[28/12/2007|02:41] C:\Program Files\HPQ
[24/08/2008|18:59] C:\Program Files\IKEA HomePlanner
[17/10/2008|01:43] C:\Program Files\InstallShield Installation Information
[28/12/2007|02:35] C:\Program Files\Intel
[18/12/2008|18:07] C:\Program Files\Internet Explorer
[07/09/2007|01:24] C:\Program Files\InterVideo
[08/12/2008|18:22] C:\Program Files\iPod
[08/12/2008|18:23] C:\Program Files\iTunes
[24/08/2008|18:33] C:\Program Files\Java
[19/11/2008|17:23] C:\Program Files\Kiwee Toolbar
[03/12/2007|15:18] C:\Program Files\Ma‹do Production
[17/10/2008|01:44] C:\Program Files\Messenger
[17/10/2008|17:39] C:\Program Files\Messenger Plus! Live
[12/01/2008|15:53] C:\Program Files\Micro Application
[17/12/2008|14:34] C:\Program Files\Microsoft
[07/09/2007|00:56] C:\Program Files\microsoft frontpage
[05/05/2008|09:58] C:\Program Files\Microsoft Office
[17/12/2008|14:33] C:\Program Files\Microsoft Office Outlook Connector
[11/09/2007|12:30] C:\Program Files\Microsoft Picture It! 7
[17/12/2008|14:34] C:\Program Files\Microsoft Silverlight
[17/12/2008|14:31] C:\Program Files\Microsoft SQL Server Compact Edition
[05/05/2008|09:58] C:\Program Files\Microsoft Visual Studio
[05/05/2008|09:52] C:\Program Files\Microsoft Visual Studio 8
[05/05/2008|09:59] C:\Program Files\Microsoft Works
[05/05/2008|09:56] C:\Program Files\Microsoft.NET
[18/12/2008|10:37] C:\Program Files\Movie Maker
[20/12/2008|13:26] C:\Program Files\Mozilla Firefox
[05/05/2008|09:58] C:\Program Files\MSBuild
[17/05/2008|16:33] C:\Program Files\MSN
[07/09/2007|00:51] C:\Program Files\MSN Gaming Zone
[04/10/2008|17:04] C:\Program Files\MSXML 4.0
[18/10/2008|00:40] C:\Program Files\MyFreeTV
[29/01/2008|21:32] C:\Program Files\Mysteryville
[20/01/2008|19:14] C:\Program Files\Mysteryville 2
[29/01/2008|12:16] C:\Program Files\Mysteryville Deluxe
[09/12/2007|12:34] C:\Program Files\Nero
[18/12/2008|10:36] C:\Program Files\NetMeeting
[11/12/2008|15:59] C:\Program Files\Norton AntiVirus
[07/09/2007|00:51] C:\Program Files\Online Services
[18/12/2008|10:36] C:\Program Files\Outlook Express
[06/05/2008|21:36] C:\Program Files\PCStitch 7
[02/07/2008|20:07] C:\Program Files\PDFCreator
[19/10/2008|19:43] C:\Program Files\PhotoFiltre
[21/01/2008|20:25] C:\Program Files\PHP
[29/01/2008|12:14] C:\Program Files\PopCap Games
[08/12/2008|18:22] C:\Program Files\QuickTime
[12/06/2008|18:59] C:\Program Files\RADVideo
[20/01/2008|16:48] C:\Program Files\ReflexiveArcade
[24/02/2008|00:05] C:\Program Files\RegCleaner
[08/12/2008|18:19] C:\Program Files\Safari
[16/10/2008|22:05] C:\Program Files\SAGEM
[12/12/2008|00:19] C:\Program Files\Secured IE
[12/12/2008|00:18] C:\Program Files\securedie
[07/09/2007|00:54] C:\Program Files\Services en ligne
[20/12/2007|13:24] C:\Program Files\Skyline
[08/03/2008|20:13] C:\Program Files\Skype
[07/09/2007|01:34] C:\Program Files\Sonic
[24/08/2008|18:33] C:\Program Files\Sun
[11/12/2008|16:11] C:\Program Files\Symantec
[03/06/2008|03:47] C:\Program Files\Tales of Pirates Online
[08/09/2007|12:05] C:\Program Files\TeamViewer
[18/09/2007|21:35] C:\Program Files\Toshiba
[13/01/2008|02:26] C:\Program Files\TrackMania Nations ESWC
[18/12/2008|15:23] C:\Program Files\Trend Micro
[27/09/2007|21:44] C:\Program Files\TribalWeb
[07/09/2007|01:03] C:\Program Files\Uninstall Information
[16/10/2008|22:28] C:\Program Files\VideoLAN
[18/06/2008|22:37] C:\Program Files\VirginMega
[14/10/2007|22:10] C:\Program Files\VSO
[05/05/2008|10:16] C:\Program Files\Windows Desktop Search
[17/12/2008|14:33] C:\Program Files\Windows Live
[17/12/2008|14:28] C:\Program Files\Windows Live SkyDrive
[18/10/2007|22:13] C:\Program Files\Windows Media Connect 2
[18/12/2008|10:41] C:\Program Files\Windows Media Player
[18/12/2008|10:31] C:\Program Files\Windows NT
[07/09/2007|00:54] C:\Program Files\WindowsUpdate
[08/09/2007|12:11] C:\Program Files\WinRAR
[07/09/2007|00:56] C:\Program Files\xerox
[16/10/2008|22:04] C:\Program Files\Zero G Registry
[29/01/2008|21:28] C:\Program Files\Zylom Games

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[06/06/2008|12:09] C:\Program Files\Fichiers communs\Adobe
[09/12/2007|12:34] C:\Program Files\Fichiers communs\Ahead
[08/12/2008|18:22] C:\Program Files\Fichiers communs\Apple
[11/09/2007|12:42] C:\Program Files\Fichiers communs\ArcSoft
[05/05/2008|09:58] C:\Program Files\Fichiers communs\DESIGNER
[02/02/2008|01:33] C:\Program Files\Fichiers communs\Hewlett-Packard
[02/02/2008|01:39] C:\Program Files\Fichiers communs\HP
[07/09/2007|01:36] C:\Program Files\Fichiers communs\InstallShield
[07/09/2007|01:36] C:\Program Files\Fichiers communs\Java
[17/12/2008|14:28] C:\Program Files\Fichiers communs\Microsoft Shared
[07/09/2007|00:53] C:\Program Files\Fichiers communs\MSSoap
[07/09/2007|02:43] C:\Program Files\Fichiers communs\ODBC
[07/09/2007|00:53] C:\Program Files\Fichiers communs\Services
[08/03/2008|20:13] C:\Program Files\Fichiers communs\Skype
[07/09/2007|01:34] C:\Program Files\Fichiers communs\Sonic Shared
[07/09/2007|02:43] C:\Program Files\Fichiers communs\SpeechEngines
[07/09/2007|01:34] C:\Program Files\Fichiers communs\SureThing Shared
[11/12/2008|16:11] C:\Program Files\Fichiers communs\Symantec Shared
[18/12/2008|10:36] C:\Program Files\Fichiers communs\System
[07/09/2007|01:35] C:\Program Files\Fichiers communs\TiVo Shared
[17/12/2008|14:18] C:\Program Files\Fichiers communs\Windows Live
[07/03/2008|23:25] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[24/08/2008|18:59] C:\Program Files\Fichiers communs\Wise Installation Wizard

--------------------\\ Process

( 62 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-20 13:36:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:142][D:13]-> C:\DOCUME~1\Evelyne\LOCALS~1\Temp
[F:117][D:0]-> C:\DOCUME~1\Evelyne\Cookies
[F:137][D:4]-> C:\DOCUME~1\Evelyne\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 19/12/2008|17:39 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 20/12/2008|13:38 - Option : [2]

--------------------\\ Fin du rapport a 13:38:37


et enfin


Logfile of random's system information tool 1.05 (written by random/random)
Run by Evelyne at 2008-12-20 13:40:29
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 34 GB (44%) free of 76 GB
Total RAM: 1014 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:40, on 20/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Evelyne\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Evelyne.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PrintMe - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - C:\Program Files\EFI\PrintMeToolbar\htpmcap.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCome.dll
O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O3 - Toolbar: PrintMe - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - C:\Program Files\EFI\PrintMeToolbar\htpmcap.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCome.dll
O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [c8f15057] rundll32.exe "C:\WINDOWS\system32\fobuyuru.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses