Virus vundo.of

chanur -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
je viens de faire une analyse avec hjackthis, parce que j'ai le trojan vundo.of.
voici mon rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:24:27, on 18/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\evelyne\local settings\application data\ceaue.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\FileZilla\filezilla.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st#home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {42fc8449-482b-4b7a-91ba-6fa9aa193ea7} - C:\WINDOWS\system32\vagivoho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoBho - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PrintMe - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - C:\Program Files\EFI\PrintMeToolbar\htpmcap.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCome.dll
O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O3 - Toolbar: PrintMe - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - C:\Program Files\EFI\PrintMeToolbar\htpmcap.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCome.dll
O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Proc Deaf Delete Peak] C:\Documents and Settings\All Users\Application Data\file joy proc deaf\Exit Copy.exe
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [vizonojope] Rundll32.exe "C:\WINDOWS\system32\zimuworo.dll",s
O4 - HKLM\..\Run: [c8f15057] rundll32.exe "C:\WINDOWS\system32\pupuzuno.dll",b
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [CPMcbc263cb] Rundll32.exe "c:\windows\system32\yajosofo.dll",a
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Hope Trans] C:\DOCUME~1\Evelyne\APPLIC~1\OOZEDE~1\Burn base.exe
O4 - HKCU\..\Run: [ceaue] "c:\documents and settings\evelyne\local settings\application data\ceaue.exe" ceaue
O4 - HKUS\S-1-5-19\..\Run: [vizonojope] Rundll32.exe "C:\WINDOWS\system32\zimuworo.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [vizonojope] Rundll32.exe "C:\WINDOWS\system32\zimuworo.dll",s (User 'SERVICE RÉSEAU')
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\pefedamu.dll c:\windows\system32\yajosofo.dll c:\windows\system32\kolopiro.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yajosofo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yajosofo.dll
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 12176 bytes

merci de votre aide
Configuration: Windows XP
Firefox 3.0.5

55 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Une analyse avec HijackThis signale la détection d'un cheval de Troie Vundo et répertorie un grand nombre de composants potentiellement indésirables dans le registre et les processus système. Parmi les éléments cités figurent des BHO et des barres d'outils, des entrées d'AppInit_DLLs et des programmes de démarrage qui peuvent être à l'origine de la persistance de l'infection. La discussion traite ensuite des mesures possibles pour nettoyer le système, notamment dépolluer les clés de démarrage, évaluer les services inopinés et envisager une désinfection via des outils anti-malware à jour. D'autres éléments du fil évoquent de vérifier les programmes antivirus et la mise à jour des composants système, tout en évitant des suppressions inappropriées qui pourraient perturber le fonctionnement légitime.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    si tu n'avais que vundo ......tu as oublié du lop, navipromo .......

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    1
  2. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    salut,

    lop S&D en mode 2 (nettoyage) ?
    1
  3. sherred Messages postés 8605 Statut Membre 351
     
    bonjour
    Télécharge combofix.exe
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    clique combofix.exe.
    touche 1 (Yes) pour démarrer le scan.
    une fois fini un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
    Le rapport se trouve également ici : C:\Combofix.txt

    Déconnecte toi d'internet ferme les fenêtres de tous les programmes en cours.et provisoirement
    arrete les anti virus et autres protection pendand l'analyse
    Pendant la durée de l'analyse ne te sert pas de ton pc

    une fois l'analyse terminé ,remet toute tes protections antivirus et antispywares

    ---------------------------------------------------------------------------------------------------------------
    Télécharge Ad-Remover (de C_XX) sur ton Bureau.

    /!\ Déconnecte toi et ferme toutes les applications en cours /!\

    ● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
    ● Fais un clic-droit sur l'icône Ad-remover située sur ton Bureau et choisis "Exécuter en temps qu'administrateur"
    ● Au menu principal choisis l'option "A"
    ● Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report(date).log )
    http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
    0
  4. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Salut,

    pour suivre.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. sherred Messages postés 8605 Statut Membre 351
     
    houla tous les pro sont là...je vous laisse faire
    0
  7. totobetourne Messages postés 5677 Statut Membre 65
     
    belle collection.

    tu dois avoir un comportement a risque ou bien aussi comme quoi pas de vrai pare feu.
    0
  8. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Slt

    Pour suivre

    0
  9. 5Chanur Messages postés 23 Statut Membre
     
    Merci , de votre réactivité.
    Je vais donc suivre les instructions de jlpjlp puisque sherred laisse ça place.

    J'ai un frère qui a mis la main sur mon pc pendant 1 journée et qui c'est inscrit sur plein site porno et de rencontre et autres...

    Comme vous devez vous en douter mon pc rame , dès que je peut , je poste le rapport.

    Nouveau nom enregistrer 5 chanur :p
    0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok mets combofix et un nouveau rapport hijackthis

    a plus et coucou à tous
    0
  11. 5Chanur Messages postés 23 Statut Membre
     
    Rapport de combo fix :

    ComboFix 08-12-17.01 - Evelyne 2008-12-19 5:25:27.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1014.179 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Evelyne\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé

    [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
    .
    [color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
    c:\windows\system32\ladasazo.dll
    c:\windows\system32\kolopiro.dll
    c:\windows\system32\yajosofo.dll

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Evelyne\Local Settings\Application Data\ceaue.dat
    c:\documents and settings\Evelyne\Local Settings\Application Data\ceaue.exe
    c:\documents and settings\Evelyne\Local Settings\Application Data\ceaue_nav.dat
    c:\documents and settings\Evelyne\Local Settings\Application Data\ceaue_navps.dat
    c:\program files\internetgamebox
    c:\program files\internetgamebox\language
    c:\program files\internetgamebox\ressources\AttenteOff.html
    c:\program files\internetgamebox\ressources\AttenteOn.html
    c:\program files\internetgamebox\ressources\configv2_en.xml
    c:\program files\internetgamebox\ressources\configv2_es.xml
    c:\program files\internetgamebox\ressources\configv2_fr.xml
    c:\program files\internetgamebox\ressources\favoris\defaultv2.swf
    c:\program files\internetgamebox\skins\skinv2.skn
    c:\windows\system32\awewibut.ini
    c:\windows\system32\dasofupu.dll
    c:\windows\system32\ekinuyit.ini
    c:\windows\system32\hememefo.dll
    c:\windows\system32\izohanek.ini
    c:\windows\system32\kenahozi.dll
    c:\windows\system32\kolopiro.dll.vir
    c:\windows\system32\mafopiwo.dll
    c:\windows\system32\mijikive.dll
    c:\windows\system32\mizenode.dll
    c:\windows\system32\onuzupup.ini
    c:\windows\system32\pulobuha.dll
    c:\windows\system32\pupuzuno.dll
    c:\windows\system32\puzujoda.dll
    c:\windows\system32\tiyunike.dll
    c:\windows\system32\tubiwewa.dll
    c:\windows\system32\tuneyevi.dll
    c:\windows\system32\ufasezay.ini
    c:\windows\system32\umapazug.ini
    c:\windows\system32\uruyubof.ini
    c:\windows\system32\uvuwehaw.ini
    c:\windows\system32\vagivoho.dll
    c:\windows\system32\wahewuvu.dll
    c:\windows\system32\yajosofo.dll.vir
    c:\windows\system32\yazesafu.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BOONTY_GAMES
    -------\Service_Boonty Games

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-19 au 2008-12-19 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-19 05:39 . 2008-12-19 05:39 120 ---hs---- c:\windows\system32\uruyubof.ini
    2008-12-19 04:28 . 2004-08-04 00:54 154,112 --a------ c:\windows\system32\irftp.exe
    2008-12-19 04:28 . 2004-08-04 00:54 154,112 --a--c--- c:\windows\system32\dllcache\irftp.exe
    2008-12-19 04:28 . 2004-08-04 00:54 28,160 --a------ c:\windows\system32\irmon.dll
    2008-12-19 04:28 . 2004-08-04 00:54 28,160 --a--c--- c:\windows\system32\dllcache\irmon.dll
    2008-12-19 04:28 . 2004-08-04 00:54 8,192 --a------ c:\windows\system32\wshirda.dll
    2008-12-19 04:28 . 2004-08-04 00:54 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
    2008-12-18 17:03 . 2008-12-18 18:31 <REP> d-------- c:\windows\system32\CatRoot_bak
    2008-12-18 15:34 . 2008-04-11 19:51 683,520 --a------ c:\windows\system32\SET18D.tmp
    2008-12-18 15:33 . 2008-09-04 17:45 1,106,944 --a------ c:\windows\system32\SET17A.tmp
    2008-12-18 15:26 . 2008-06-14 18:59 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
    2008-12-18 15:23 . 2008-12-18 15:23 <REP> d-------- c:\program files\Trend Micro
    2008-12-18 15:19 . 2008-08-14 14:44 2,182,400 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
    2008-12-18 15:19 . 2008-08-14 14:44 2,138,112 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
    2008-12-18 15:19 . 2008-08-14 14:44 2,059,776 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
    2008-12-18 15:19 . 2008-08-14 14:44 2,017,792 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
    2008-12-18 14:06 . 2008-10-15 17:59 332,800 --a------ c:\windows\system32\SET17F.tmp
    2008-12-18 13:15 . 2008-12-12 18:35 3,081,216 --a------ c:\windows\system32\SET1A0.tmp
    2008-12-18 13:14 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
    2008-12-18 11:12 . 2006-12-07 07:40 2,362,184 --a------ c:\windows\system32\SET192.tmp
    2008-12-18 10:59 . 2005-02-08 11:37 167,936 -ra------ c:\windows\system32\igfxres.dll
    2008-12-18 10:45 . 2004-08-05 13:00 131,584 --a--c--- c:\windows\system32\dllcache\pmxviceo.dll
    2008-12-18 10:44 . 2004-08-05 13:00 92,416 --a--c--- c:\windows\system32\dllcache\mga.sys
    2008-12-18 10:44 . 2004-08-05 13:00 92,032 --a--c--- c:\windows\system32\dllcache\mga.dll
    2008-12-18 10:44 . 2001-08-23 17:47 65,536 --a--c--- c:\windows\system32\dllcache\EXCH_mailmsg.dll
    2008-12-18 10:44 . 2004-08-05 13:00 36,864 --a--c--- c:\windows\system32\dllcache\iprip.dll
    2008-12-18 10:44 . 2004-08-05 13:00 33,792 --a--c--- c:\windows\system32\dllcache\lmmib2.dll
    2008-12-18 10:44 . 2004-08-05 13:00 23,040 --a--c--- c:\windows\system32\dllcache\lpdsvc.dll
    2008-12-18 10:44 . 2004-08-05 13:00 19,456 --a--c--- c:\windows\system32\dllcache\lprmon.dll
    2008-12-18 10:44 . 2004-08-05 13:00 18,432 --a--c--- c:\windows\system32\dllcache\jupiw.dll
    2008-12-18 10:44 . 2004-08-05 13:00 7,680 --a--c--- c:\windows\system32\dllcache\migregdb.exe
    2008-12-18 10:42 . 2004-08-05 13:00 334,336 --a--c--- c:\windows\system32\dllcache\aqueue.dll
    2008-12-18 10:41 . 2004-05-13 00:39 876,653 --a--c--- c:\windows\system32\dllcache\fp4awel.dll
    2008-12-18 10:39 . 2008-12-18 10:39 488 -rah----- c:\windows\system32\logonui.exe.manifest
    2008-12-18 10:38 . 2004-08-05 13:00 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe
    2008-12-18 10:38 . 2008-12-18 10:38 749 -rah----- c:\windows\WindowsShell.Manifest
    2008-12-18 10:38 . 2008-12-18 10:38 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
    2008-12-18 10:38 . 2008-12-18 10:38 749 -rah----- c:\windows\system32\sapi.cpl.manifest
    2008-12-18 10:38 . 2008-12-18 10:38 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
    2008-12-18 10:35 . 2004-08-05 13:00 218,624 --a--c--- c:\windows\system32\dllcache\icwconn1.exe
    2008-12-18 10:35 . 2004-08-05 13:00 86,016 --a--c--- c:\windows\system32\dllcache\icwconn2.exe
    2008-12-18 10:35 . 2004-08-05 13:00 32,768 --a--c--- c:\windows\system32\dllcache\icwdl.dll
    2008-12-18 10:35 . 2004-08-05 13:00 20,480 --a--c--- c:\windows\system32\dllcache\inetwiz.exe
    2008-12-18 10:11 . 2004-08-05 13:00 571,392 --a------ c:\windows\system32\TINTLGNT.IME
    2008-12-18 10:11 . 2004-08-05 13:00 571,392 --a--c--- c:\windows\system32\dllcache\tintlgnt.ime
    2008-12-18 10:11 . 2004-08-05 13:00 480,256 --a--c--- c:\windows\system32\dllcache\cintsetp.exe
    2008-12-18 10:11 . 2004-08-05 13:00 455,168 --a--c--- c:\windows\system32\dllcache\tintsetp.exe
    2008-12-18 10:11 . 2004-08-05 13:00 198,656 --a--c--- c:\windows\system32\dllcache\cintime.dll
    2008-12-18 10:11 . 2004-08-05 13:00 173,568 --a--c--- c:\windows\system32\dllcache\chtskf.dll
    2008-12-18 10:11 . 2004-08-05 13:00 97,792 --a--c--- c:\windows\system32\dllcache\chtmbx.dll
    2008-12-18 10:11 . 2004-08-05 13:00 56,320 --a--c--- c:\windows\system32\dllcache\chtskdic.dll
    2008-12-18 10:11 . 2004-08-05 13:00 44,032 --a--c--- c:\windows\system32\dllcache\tintlphr.exe
    2008-12-18 10:11 . 2004-08-05 13:00 21,504 --a--c--- c:\windows\system32\dllcache\cintlgnt.ime
    2008-12-18 10:11 . 2004-08-05 13:00 21,504 --a------ c:\windows\system32\CINTLGNT.IME
    2008-12-18 10:11 . 2004-08-05 13:00 10,240 --a--c--- c:\windows\system32\dllcache\tmigrate.dll
    2008-12-18 10:10 . 2004-08-05 13:00 10,096,640 --a--c--- c:\windows\system32\dllcache\hwxcht.dll
    2008-12-18 10:10 . 2004-08-05 13:00 482,304 --a------ c:\windows\system32\PINTLGNT.IME
    2008-12-18 10:10 . 2004-08-05 13:00 482,304 --a--c--- c:\windows\system32\dllcache\pintlgnt.ime
    2008-12-18 10:10 . 2004-08-05 13:00 70,144 --a--c--- c:\windows\system32\dllcache\pintlphr.exe
    2008-12-18 10:10 . 2004-08-05 13:00 67,584 --a--c--- c:\windows\system32\dllcache\pmigrate.dll
    2008-12-18 10:10 . 2004-08-05 13:00 59,392 --a--c--- c:\windows\system32\dllcache\imscinst.exe
    2008-12-18 10:10 . 2004-08-05 13:00 16,254 --a------ c:\windows\system32\PINTLPAE.HLP
    2008-12-18 10:10 . 2004-08-05 13:00 14,821 --a------ c:\windows\system32\PINTLPAD.HLP
    2008-12-17 14:35 . 2008-12-17 14:35 <REP> d-------- c:\documents and settings\Evelyne\Tracing
    2008-12-17 14:34 . 2008-12-17 14:34 <REP> d-------- c:\program files\Microsoft Silverlight
    2008-12-17 14:33 . 2008-12-17 14:33 <REP> d-------- c:\program files\Microsoft Office Outlook Connector
    2008-12-17 14:33 . 2008-12-08 17:01 55,136 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
    2008-12-17 14:31 . 2008-12-17 14:31 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition
    2008-12-17 14:31 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
    2008-12-17 14:28 . 2008-12-17 14:28 <REP> d-------- c:\program files\Windows Live SkyDrive
    2008-12-17 14:28 . 2008-12-17 14:34 <REP> d-------- c:\program files\Microsoft
    2008-12-17 14:18 . 2008-12-17 14:18 <REP> d-------- c:\program files\Fichiers communs\Windows Live
    2008-12-14 14:09 . 2007-09-07 02:41 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
    2008-12-14 14:09 . 2007-09-07 02:41 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
    2008-12-14 14:09 . 2007-12-28 01:47 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
    2008-12-14 14:09 . 2007-09-07 02:41 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
    2008-12-14 14:09 . 2007-09-07 02:41 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
    2008-12-14 14:09 . 2007-09-07 02:41 <REP> d-------- c:\documents and settings\Administrateur\Favoris
    2008-12-14 14:09 . 2007-09-07 02:41 <REP> d-------- c:\documents and settings\Administrateur\Bureau
    2008-12-14 14:09 . 2008-12-14 14:09 <REP> d-------- c:\documents and settings\Administrateur
    2008-12-12 00:21 . 2008-12-12 00:23 <REP> d-------- C:\Virtual
    2008-12-12 00:19 . 2008-12-12 00:19 <REP> d-------- c:\documents and settings\All Users\Application Data\BufferZone
    2008-12-12 00:18 . 2008-12-12 00:18 <REP> d-------- c:\windows\E4153266612C460FAB94C9DB6802459A.TMP
    2008-12-12 00:18 . 2008-12-12 00:18 <REP> d-------- c:\program files\securedie
    2008-12-12 00:18 . 2008-12-12 00:19 <REP> d-------- c:\program files\Secured IE
    2008-12-10 18:23 . 2008-12-10 18:23 <REP> d-------- c:\program files\Avira
    2008-12-10 18:23 . 2008-12-10 18:23 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
    2008-12-08 18:22 . 2008-12-08 18:22 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-12-08 18:21 . 2008-12-08 18:21 <REP> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
    2008-12-05 00:11 . 2008-12-05 00:11 308,584 --a------ c:\windows\WLXPGSS.SCR
    2008-12-02 22:37 . 2008-12-02 22:37 49,480 --a------ c:\windows\system32\sirenacm.dll
    2008-12-02 17:23 . 2008-12-02 17:23 <REP> d-------- c:\program files\Citrix
    2008-11-27 20:17 . 2008-12-08 18:23 <REP> d-------- c:\program files\iTunes
    2008-11-27 20:17 . 2008-12-08 18:22 <REP> d-------- c:\program files\iPod
    2008-11-27 20:13 . 2008-12-08 18:22 <REP> d-------- c:\program files\QuickTime
    2008-11-20 19:58 . 2008-12-08 18:19 <REP> d-------- c:\documents and settings\NetworkService\Application Data\agi
    2008-11-19 17:23 . 2008-11-19 17:23 <REP> d-------- c:\program files\Kiwee Toolbar
    2008-11-19 17:23 . 2008-12-08 18:19 <REP> d-------- c:\documents and settings\LocalService\Application Data\agi
    2008-11-19 17:21 . 2008-11-19 17:21 2,117,632 --a------ c:\windows\system32\python25.dll
    2008-11-19 17:21 . 2008-09-16 17:26 1,332,197 --a------ c:\windows\system32\pythondll.zip
    2008-11-19 17:21 . 2008-11-19 17:21 339,968 --a------ c:\windows\system32\pythoncom25.dll
    2008-11-19 17:21 . 2008-11-19 17:21 114,688 --a------ c:\windows\system32\pywintypes25.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-19 04:41 --------- d-----w c:\documents and settings\Evelyne\Application Data\EoRezo
    2008-12-19 03:47 95,976 ----a-w c:\windows\system32\ladasazo.dll
    2008-12-19 03:47 85,281 --sha-w c:\windows\system32\fobuyuru.dll
    2008-12-17 13:33 --------- d-----w c:\program files\Windows Live
    2008-12-11 23:27 --------- d-----w c:\program files\eMule
    2008-12-11 15:11 --------- d-----w c:\program files\Symantec
    2008-12-11 15:11 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
    2008-12-11 14:59 --------- d-----w c:\program files\Norton AntiVirus
    2008-12-10 17:19 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
    2008-12-10 17:18 --------- d-----w c:\documents and settings\Evelyne\Application Data\Apple Computer
    2008-12-10 05:01 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2008-12-08 17:22 --------- d-----w c:\program files\Fichiers communs\Apple
    2008-12-08 17:20 --------- d-----w c:\documents and settings\Evelyne\Application Data\Ooze defy win
    2008-12-08 17:19 --------- d-----w c:\program files\Safari
    2008-11-06 16:50 --------- d-----w c:\program files\EoRezo
    2008-10-30 23:41 --------- d-----w c:\documents and settings\Evelyne\Application Data\Image Zone Express
    2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-24 08:04 21,840 ----atw c:\windows\system32\SIntfNT.dll
    2008-10-24 08:04 17,212 ----atw c:\windows\system32\SIntf32.dll
    2008-10-24 08:04 12,067 ----atw c:\windows\system32\SIntf16.dll
    2008-10-23 18:47 4,608 ----a-w c:\windows\system32\w95inf32.dll
    2008-10-23 18:47 2,272 ----a-w c:\windows\system32\w95inf16.dll
    2008-10-23 13:00 283,648 ----a-w c:\windows\system32\SET175.tmp
    2008-10-19 18:43 --------- d-----w c:\program files\PhotoFiltre
    2008-10-19 15:11 --------- d-----w c:\documents and settings\Evelyne\Application Data\Printer Info Cache
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
    2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-16 10:38 663,552 ----a-w c:\windows\system32\wininet.dll
    2008-10-03 10:17 247,326 ----a-w c:\windows\system32\strmdll.dll
    2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
    2008-07-02 19:07 15,397 ----a-w c:\program files\settings.dat
    2008-03-08 19:14 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{cd36797a-70f3-4acd-8825-623d3b896881}"= "c:\program files\securedie\tbsecu.dll" [2007-09-06 1453080]

    [HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8a5b62c-517f-42a5-85ae-29b5497fb15f}]
    2008-08-20 22:03 1780248 --a------ c:\program files\Come2PlayK2P\tbCome.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd36797a-70f3-4acd-8825-623d3b896881}]
    2007-09-06 12:28 1453080 --a------ c:\program files\securedie\tbsecu.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{b8a5b62c-517f-42a5-85ae-29b5497fb15f}"= "c:\program files\Come2PlayK2P\tbCome.dll" [2008-08-20 1780248]
    "{cd36797a-70f3-4acd-8825-623d3b896881}"= "c:\program files\securedie\tbsecu.dll" [2007-09-06 1453080]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{B8A5B62C-517F-42A5-85AE-29B5497FB15F}"= "c:\program files\Come2PlayK2P\tbCome.dll" [2008-08-20 1780248]
    "{CD36797A-70F3-4ACD-8825-623D3B896881}"= "c:\program files\securedie\tbsecu.dll" [2007-09-06 1453080]

    [HKEY_CLASSES_ROOT\clsid\{b8a5b62c-517f-42a5-85ae-29b5497fb15f}]

    [HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-28 68856]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
    "SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 860160]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976]
    "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-03-29 233534]
    "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
    "Microsoft Works Update Detection"="c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-24 28672]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "Proc Deaf Delete Peak"="c:\documents and settings\All Users\Application Data\file joy proc deaf\Exit Copy.exe" [2008-12-19 7565824]
    "EoEngine"="c:\program files\EoRezo\EoEngine.exe" [2008-11-01 472912]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-05 44032]
    "c8f15057"="c:\windows\system32\fobuyuru.dll" [2008-12-19 85281]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 c:\windows\system32\bthprops.cpl]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 c:\windows\AGRSMMSG.exe]

    c:\documents and settings\Evelyne\Menu D‚marrer\Programmes\D‚marrage\
    TribalWeb.lnk - c:\program files\TribalWeb\tribalweb.exe [2007-09-27 1077248]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056]
    HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
    Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
    Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Symantec\\LiveUpdate\\AluSchedulerSvc.exe"=
    "c:\\Program Files\\HPQ\\HP Wireless Assistant\\HP Wireless Assistant.exe"=
    "c:\\WINDOWS\\system32\\spoolsv.exe"=
    "c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Fichiers communs\\Symantec Shared\\Security Center\\SymSCUI.exe"=

    R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2008-12-17 55136]
    S3 adiusbae;USB ADSL LAN Adapter;c:\windows\system32\DRIVERS\adiusbae.sys []
    S3 fsssvc;Windows Live Contrôle parental;"c:\program files\Windows Live\Family Safety\fsssvc.exe" [2008-12-08 533344]
    S3 npkycryp;npkycryp;\??\c:\program files\Gravity\RO\npkycryp.sys []
    S3 ovt530;Webcam Deluxe;c:\windows\system32\Drivers\ov530vid.sys [2007-09-11 161792]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0683c52d-b685-11dd-a97c-00150044db48}]
    \Shell\Auto\command - cmd /C launch.bat
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fc5556c-8ed2-11dc-a70f-00150044db48}]
    \Shell\AutoRun\command - E:\autoplay.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2008-12-19 c:\windows\Tasks\A738181791A38C5B.job
    - c:\docume~1\evelyne\applic~1\oozede~1\GreatBallUp.exe []

    2008-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{42fc8449-482b-4b7a-91ba-6fa9aa193ea7} - c:\windows\system32\vagivoho.dll
    HKCU-Run-Hope Trans - c:\docume~1\Evelyne\APPLIC~1\OOZEDE~1\Burn base.exe
    HKCU-Run-ceaue - c:\documents and settings\evelyne\local settings\application data\ceaue.exe
    HKLM-Run-vizonojope - c:\windows\system32\zimuworo.dll
    HKLM-Run-CPMcbc263cb - c:\windows\system32\kolopiro.dll

    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://lo.st#home
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Evelyne\Application Data\Mozilla\Firefox\Profiles\w9ttrjpv.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.startup.homepage - hxxp://lo.st#home
    FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
    FF - component: c:\documents and settings\Evelyne\Application Data\Mozilla\Firefox\Profiles\w9ttrjpv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
    FF - component: c:\documents and settings\Evelyne\Application Data\Mozilla\Firefox\Profiles\w9ttrjpv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

    [color=red]ATTENTION: FIREFOX POLICES IS IN FORCE [/color]
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("general.useragent.vendorComment", "ax");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.xpconnect.activex.global.hosting_flags", 9);
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.classID.allowByDefault", false);
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6BF52A52-394A-11D3-B153-00C04F79FAA6", "AllAccess");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID22D6F312-B0F6-11D0-94AB-0080C74C7E95", "AllAccess");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.rights.version", 3);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.rights.3.shown", false);
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-19 05:37:51
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????6?8?1?9??????? ???B?????????????hLC? ??????

    Recherche de fichiers cachés ...

    c:\windows\system32\uruyubof.ini 120 bytes

    Scan terminé avec succès
    Fichiers cachés: 1

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    c:\program files\Analog Devices\SoundMAX\SMAgent.exe
    c:\windows\system32\searchindexer.exe
    c:\program files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    c:\program files\Apoint2K\ApntEx.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Internet Explorer\IEXPLORE.EXE
    c:\windows\system32\rundll32.exe
    c:\program files\HPQ\shared\hpqwmi.exe
    c:\windows\system32\searchprotocolhost.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
    c:\program files\Hp\Digital Imaging\bin\hpqste08.exe
    c:\windows\system32\searchfilterhost.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-12-19 5:46:01 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-12-19 04:45:49

    Avant-CF: 35 021 230 080 octets libres
    Après-CF: 35,250,487,296 octets libres

    401 --- E O F --- 2008-12-18 17:09:33

    Rapport deHijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 05:55, on 19/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\EoRezo\EoEngine.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st#home
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: EoBho - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PrintMe - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - C:\Program Files\EFI\PrintMeToolbar\htpmcap.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCome.dll
    O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
    O3 - Toolbar: PrintMe - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - C:\Program Files\EFI\PrintMeToolbar\htpmcap.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCome.dll
    O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Proc Deaf Delete Peak] C:\Documents and Settings\All Users\Application Data\file joy proc deaf\Exit Copy.exe
    O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [c8f15057] rundll32.exe "C:\WINDOWS\system32\fobuyuru.dll",b
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok je n'attendais plus ... un peu occupé pour le script ce jour...

    pour avancer on va faire:

    1/
    Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
    http://sd-1.archive-host.com/membres/up/16506160323759868/AD­-R.exe

    /!\ Déconnectes toi et fermes toutes applications en cours

    ● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
    ● Double clique sur l'icône Ad-removersituée sur ton bureau
    ● Au menu principal choisi l'option "A"
    ● Postes le rapport qui apparait à la fin .

    ( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    Note :

    "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    2/

    ---> Télécharge Lop S&D sur ton Bureau
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
    ---> Double-clique dessus pour lancer l'installation
    ---> Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
    ---> Séléctionne la langue souhaitée, puis choisis l'option 1 (Recherche)
    ---> Patiente jusqu'à la fin du scan
    ---> Poste le rapport généré (C:\lopR.txt)

    (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

    Si tu as un problème pour utiliser Lop S&D, regarde dans le tutorial :
    http://bibou0007.com/outils-specifiques-f78/tutorial-lop-sd-t956.htm#11431
    0
  13. 5Chanur Messages postés 23 Statut Membre
     
    Liens non valide , erreur 404 :
    Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
    http://sd-1.archive-host.com/membres/up/16506160323759868/AD­­-R.exe


    Je passe a l'étape 2?

    J'ai pris le liens qu'il y a au début de ce forum , donc étape 1 c'est partie :s

    Rapport AD-REMOVER :

    --------- Logfile of AD-Remover 1.0.7.8 by C_XX ---------

    # START at: 17:30:04 | Ven 19/12/2008 | Microsoft® Windows XP™ SP2 (v5.1.2600)
    # BOOT MODE: Normal

    # OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

    # PC: EVELYNE-59CAD7C | USER: Evelyne ( Current user is an administrator)

    # DRIVE(S):
    - C:\ (File System: NTFS)
    - D:\ (File System: CDFS)

    # Internet Explorer v6.0.2900.2180

    --------- [ RUNNING PROCESSES: 56 ] ---------

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\EoRezo\EoEngine.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\system32\ntvdm.exe

    -----------------------------------

    +-----------------------| Boonty/Boonty Games Elements found :

    "HKEY_CURRENT_USER\SOFTWARE\Boonty"
    "HKEY_LOCAL_MACHINE\Software\Boonty"
    .
    [27/09/2007 22:33|d--------] C:\PROGRA~1\Boonty
    [27/09/2007 22:33|d--------] C:\PROGRA~1\Boonty\COMPON~1
    [27/09/2007 22:33|--a------] C:\PROGRA~1\Boonty\COMPON~1\MUSIC_~1.EXE
    [27/09/2007 22:33|d--------] C:\PROGRA~1\BOONTY~1
    [27/09/2007 22:33|d--------] C:\PROGRA~1\FICHIE~1\BOONTY~1
    [27/09/2007 22:33|d--------] C:\PROGRA~1\FICHIE~1\BOONTY~1\Service
    [27/09/2007 22:33|--a------] C:\PROGRA~1\FICHIE~1\BOONTY~1\Service\Boonty.exe
    [27/09/2007 22:33|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
    [27/09/2007 22:33|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY\Licenses
    [27/09/2007 22:35|-r-------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY\Licenses\B5014000.dat

    +-----------------------| Eorezo Elements found :

    "HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
    "HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
    "HKEY_CURRENT_USER\SOFTWARE\EoRezo"
    "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
    "HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\EoRezoBHO.DLL"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "EoEngine"
    .
    [06/11/2008 17:50|d--------] C:\PROGRA~1\EoRezo
    [27/06/2007 13:56|--a------] C:\PROGRA~1\EoRezo\CONFME~1.CYP
    [06/11/2008 17:50|d--------] C:\PROGRA~1\EoRezo\EoAdv
    [01/11/2008 15:55|--a------] C:\PROGRA~1\EoRezo\EoEngine.exe
    [06/11/2008 17:50|--a------] C:\PROGRA~1\EoRezo\eoEngine.url
    [24/10/2008 15:42|--a------] C:\PROGRA~1\EoRezo\EOMULT~1.DLL
    [01/11/2008 15:56|--a------] C:\PROGRA~1\EoRezo\EOREZO~1.DLL
    [24/10/2008 16:08|--a------] C:\PROGRA~1\EoRezo\EOREZO~4.DLL
    [24/10/2008 16:08|--a------] C:\PROGRA~1\EoRezo\EO6115~1.DLL
    [24/10/2008 16:09|--a------] C:\PROGRA~1\EoRezo\EO4511~1.DLL
    [24/10/2008 16:09|--a------] C:\PROGRA~1\EoRezo\EO4515~1.DLL
    [24/10/2008 16:10|--a------] C:\PROGRA~1\EoRezo\EO5519~1.DLL
    [24/10/2008 15:43|--a------] C:\PROGRA~1\EoRezo\EO551D~1.DLL
    [24/10/2008 16:10|--a------] C:\PROGRA~1\EoRezo\EOREZO~2.DLL
    [24/10/2008 16:11|--a------] C:\PROGRA~1\EoRezo\EOREZO~3.DLL
    [24/10/2008 16:22|--a------] C:\PROGRA~1\EoRezo\EO6CF9~1.DLL
    [24/10/2008 16:23|--a------] C:\PROGRA~1\EoRezo\EO400A~1.DLL
    [24/10/2008 16:23|--a------] C:\PROGRA~1\EoRezo\EO400E~1.DLL
    [24/10/2008 16:25|--a------] C:\PROGRA~1\EoRezo\EO5002~1.DLL
    [24/10/2008 16:25|--a------] C:\PROGRA~1\EoRezo\EO5006~1.DLL
    [01/11/2008 15:56|--a------] C:\PROGRA~1\EoRezo\EO600A~1.DLL
    [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\FREEIM~1.DLL
    [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\Host.cyp
    [06/11/2008 17:50|d--------] C:\PROGRA~1\EoRezo\lang
    [01/11/2008 15:58|--a------] C:\PROGRA~1\EoRezo\MNGINS~1.DLL
    [06/11/2008 17:50|--a------] C:\PROGRA~1\EoRezo\unins000.dat
    [06/11/2008 17:50|--a------] C:\PROGRA~1\EoRezo\unins000.exe
    [21/12/2007 10:23|--a------] C:\PROGRA~1\EoRezo\user.cyp
    [07/11/2007 01:19|--a------] C:\PROGRA~1\EoRezo\EoAdv\atl90.dll
    [24/10/2008 15:37|--a------] C:\PROGRA~1\EoRezo\EoAdv\EoAdv.dll
    [16/10/2008 12:50|--a------] C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL
    [07/11/2007 01:19|--a------] C:\PROGRA~1\EoRezo\EoAdv\mfc90.dll
    [06/11/2007 20:24|--a------] C:\PROGRA~1\EoRezo\EoAdv\MICROS~1.MAN
    [06/11/2007 20:24|--a------] C:\PROGRA~1\EoRezo\EoAdv\MICROS~2.MAN
    [06/11/2007 22:51|--a------] C:\PROGRA~1\EoRezo\EoAdv\MICROS~3.MAN
    [07/11/2007 01:19|--a------] C:\PROGRA~1\EoRezo\EoAdv\msvcr90.dll
    [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\IHM_EO~3.XML
    [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\IH935B~1.XML
    [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\IHM_EO~1.XML
    [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\IH0447~1.XML
    [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\IHM_EO~2.XML
    [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\IHM_EO~4.XML
    [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\lang_en.xml
    [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\lang_es.xml
    [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\lang_fr.xml
    [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\lang_it.xml
    [19/12/2008 17:19|d--------] C:\DOCUME~1\Evelyne\APPLIC~1\EoRezo
    [06/11/2008 17:50|--a------] C:\DOCUME~1\Evelyne\APPLIC~1\EoRezo\cmhost.cyp
    [19/12/2008 04:54|--a------] C:\DOCUME~1\Evelyne\APPLIC~1\EoRezo\CONFME~1.CYP
    [19/12/2008 04:54|--a------] C:\DOCUME~1\Evelyne\APPLIC~1\EoRezo\CONFME~1.OLD
    [05/12/2008 13:30|d--------] C:\DOCUME~1\Evelyne\APPLIC~1\EoRezo\db
    [19/12/2008 17:19|d--------] C:\DOCUME~1\Evelyne\APPLIC~1\EoRezo\EODESK~1
    [19/12/2008 04:54|--a------] C:\DOCUME~1\Evelyne\APPLIC~1\EoRezo\host.cyp
    [19/12/2008 17:19|--a------] C:\DOCUME~1\Evelyne\APPLIC~1\EoRezo\user.cyp
    [05/12/2008 13:30|--a------] C:\DOCUME~1\Evelyne\APPLIC~1\EoRezo\db\cat.cyp
    [19/12/2008 17:19|--a------] C:\DOCUME~1\Evelyne\APPLIC~1\EoRezo\EODESK~1\config.xml
    [19/12/2008 17:19|--a------] C:\DOCUME~1\Evelyne\APPLIC~1\EoRezo\EODESK~1\EODESK~1.HTM
    [19/12/2008 17:19|--a------] C:\DOCUME~1\Evelyne\APPLIC~1\EoRezo\EODESK~1\USERCO~1.XML
    [19/12/2008 05:39|--a------] C:\WINDOWS\Prefetch\EOENGI~1.PF
    [16/12/2008 05:53|--a------] C:\DOCUME~1\Evelyne\Cookies\EV90B8~1.TXT
    [13/12/2008 03:42|--a------] C:\DOCUME~1\Evelyne\Cookies\EVDC9A~1.TXT
    [17/11/2008 02:39|--a------] C:\DOCUME~1\Evelyne\Cookies\EV8914~1.TXT
    [12/11/2008 18:16|--a------] C:\DOCUME~1\Evelyne\Cookies\EVELYN~4.TXT

    +-----------------------| Everest Poker Elements found :

    .

    +-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

    .

    +-----------------------| It's TV Elements found :

    .

    +-----------------------| Sweetim Elements found :

    .

    +-----------------------| ADDED SCAN :

    +---------- Scanning prefs.js ... ( # Mozilla User Preferences )

    ...\w9ttrjpv.default\prefs.js :

    ~~~~ Mozilla FireFox version 3.0.5 ~~~~

    Start Page : "http://lo.st#home"

    +----------+

    +---------------------------------------------------------------------------+

    +--[HKEY_CURRENT_USER\..\Run]

    BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} REG_SZ "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe

    +--[HKEY_LOCAL_MACHINE\..\Run]

    IMJPMIG8.1 REG_SZ "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    SoundMAXPnP REG_SZ C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    SoundMAX REG_SZ C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    Apoint REG_SZ C:\Program Files\Apoint2K\Apoint.exe
    IgfxTray REG_SZ C:\WINDOWS\system32\igfxtray.exe
    HotKeysCmds REG_SZ C:\WINDOWS\system32\hkcmd.exe
    Cpqset REG_SZ C:\Program Files\HPQ\Default Settings\cpqset.exe
    eabconfg.cpl REG_SZ C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    hpWirelessAssistant REG_SZ C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    Microsoft Works Update Detection REG_SZ C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    BluetoothAuthenticationAgent REG_SZ rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
    MSPY2002 REG_SZ C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    AGRSMMSG REG_SZ AGRSMMSG.exe
    HP Software Update REG_SZ C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    Proc Deaf Delete Peak REG_SZ C:\Documents and Settings\All Users\Application Data\file joy proc deaf\Exit Copy.exe
    EoEngine REG_SZ "C:\Program Files\EoRezo\EoEngine.exe"
    QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
    AppleSyncNotifier REG_SZ C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    IMEKRMIG6.1 REG_SZ C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    c8f15057 REG_SZ rundll32.exe "C:\WINDOWS\system32\fobuyuru.dll",b

    +--[HKEY_USERS\.DEFAULT\..\Run]

    +--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

    Start Page : hxxp://lo.st#home

    +--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

    Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

    +---------------------------------------------------------------------------+

    - "C:\AD-report-Scan-19.12.2008.log" (~12250 bytes)

    # END at: 17:30:19 | 19/12/2008 - Time elapsed: 15.4 seconds

    +---------------------------------------------------------------------------+
    +------------------------------- [ E.O.F - 210 lines ]
    +---------------------------------------------------------------------------+

    Rapport Lop :

    --------------------\\ Lop S&D 4.2.4-9c XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.73GHz )
    BIOS : Ver 1.00PARTTBLX
    USER : Evelyne ( Administrator )
    BOOT : Normal boot
    Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
    Firewall : Norton Internet Worm Protection 2005 (Activated)
    C:\ (Local Disk) - NTFS - Total:74 Go (Free:32 Go)
    D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

    "C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
    Option : [1] ( 19/12/2008|17:36 )

    --------------------\\ Listing des dossiers dans APPLIC~1

    [14/12/2008|14:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

    [08/12/2008|18:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    [06/06/2008|12:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [18/03/2008|09:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [18/03/2008|09:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [10/12/2008|18:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    [27/09/2007|22:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
    [12/12/2008|00:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone
    [18/06/2008|22:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
    [15/10/2008|08:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\file joy proc deaf
    [07/09/2007|02:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [02/02/2008|01:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
    [08/12/2008|18:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
    [07/09/2007|01:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpqwmi
    [30/03/2008|13:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HPSSUPPLY
    [07/09/2007|01:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    [15/09/2007|00:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [17/12/2008|14:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [10/12/2008|06:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
    [20/01/2008|17:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\n7-89-o9-3r-4t-r9
    [07/09/2007|18:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
    [18/09/2007|21:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    [11/09/2007|17:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    [10/12/2008|18:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    [24/09/2007|18:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [07/03/2008|23:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    [20/01/2008|10:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

    [07/09/2007|00:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [23/02/2008|11:26] C:\DOCUME~1\Evelyne\APPLIC~1\Adobe
    [06/06/2008|12:06] C:\DOCUME~1\Evelyne\APPLIC~1\AdobeUM
    [12/06/2008|22:16] C:\DOCUME~1\Evelyne\APPLIC~1\Ahead
    [10/12/2008|18:18] C:\DOCUME~1\Evelyne\APPLIC~1\Apple Computer
    [07/04/2008|16:52] C:\DOCUME~1\Evelyne\APPLIC~1\ArcSoft
    [24/10/2007|13:31] C:\DOCUME~1\Evelyne\APPLIC~1\DeskSoft
    [12/06/2008|22:42] C:\DOCUME~1\Evelyne\APPLIC~1\dvdcss
    [19/12/2008|17:35] C:\DOCUME~1\Evelyne\APPLIC~1\EoRezo
    [14/09/2007|13:02] C:\DOCUME~1\Evelyne\APPLIC~1\FileZilla
    [20/01/2008|17:11] C:\DOCUME~1\Evelyne\APPLIC~1\GameHouse
    [09/02/2008|16:32] C:\DOCUME~1\Evelyne\APPLIC~1\Google
    [12/09/2007|13:08] C:\DOCUME~1\Evelyne\APPLIC~1\Help
    [02/02/2008|02:06] C:\DOCUME~1\Evelyne\APPLIC~1\HP
    [20/01/2008|10:58] C:\DOCUME~1\Evelyne\APPLIC~1\Identities
    [31/10/2008|00:41] C:\DOCUME~1\Evelyne\APPLIC~1\Image Zone Express
    [24/09/2007|18:26] C:\DOCUME~1\Evelyne\APPLIC~1\InstallShield
    [08/09/2007|20:44] C:\DOCUME~1\Evelyne\APPLIC~1\InterVideo
    [10/10/2007|09:37] C:\DOCUME~1\Evelyne\APPLIC~1\Leadertech
    [05/03/2008|18:54] C:\DOCUME~1\Evelyne\APPLIC~1\Macromedia
    [12/10/2008|16:46] C:\DOCUME~1\Evelyne\APPLIC~1\Microsoft
    [27/08/2008|16:11] C:\DOCUME~1\Evelyne\APPLIC~1\Mozilla
    [20/01/2008|16:52] C:\DOCUME~1\Evelyne\APPLIC~1\Mysteryville2
    [08/12/2008|18:20] C:\DOCUME~1\Evelyne\APPLIC~1\Ooze defy win
    [19/10/2008|16:11] C:\DOCUME~1\Evelyne\APPLIC~1\Printer Info Cache
    [09/03/2008|15:37] C:\DOCUME~1\Evelyne\APPLIC~1\Skype
    [09/03/2008|13:30] C:\DOCUME~1\Evelyne\APPLIC~1\skypePM
    [10/10/2007|09:37] C:\DOCUME~1\Evelyne\APPLIC~1\Sonic
    [08/09/2007|21:43] C:\DOCUME~1\Evelyne\APPLIC~1\Sun
    [07/09/2007|01:52] C:\DOCUME~1\Evelyne\APPLIC~1\Symantec
    [07/09/2007|02:01] C:\DOCUME~1\Evelyne\APPLIC~1\Talkback
    [08/09/2007|13:13] C:\DOCUME~1\Evelyne\APPLIC~1\TeamViewer
    [19/10/2007|13:18] C:\DOCUME~1\Evelyne\APPLIC~1\TribalWeb
    [07/09/2007|02:09] C:\DOCUME~1\Evelyne\APPLIC~1\vlc
    [24/10/2007|22:01] C:\DOCUME~1\Evelyne\APPLIC~1\VSO
    [05/05/2008|23:25] C:\DOCUME~1\Evelyne\APPLIC~1\Windows Desktop Search
    [08/09/2007|14:41] C:\DOCUME~1\Evelyne\APPLIC~1\WinRAR
    [20/01/2008|10:58] C:\DOCUME~1\Evelyne\APPLIC~1\Zylom

    [08/12/2008|18:19] C:\DOCUME~1\LOCALS~1\APPLIC~1\agi
    [24/10/2008|20:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [10/01/2008|03:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\Symantec

    [08/12/2008|18:19] C:\DOCUME~1\NETWOR~1\APPLIC~1\agi
    [07/09/2007|00:59] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [19/12/2008 17:00][--ah-----] C:\WINDOWS\tasks\A738181791A38C5B.job
    [18/12/2008 19:57][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [19/12/2008 14:40][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    ( A738181791A38C5B.job )=( c:\docume~1\evelyne\applic~1\oozede~1\GreatBallUp.exe )

    --------------------\\ Listing des dossiers dans C:\Program Files

    [04/12/2007|20:15] C:\Program Files\Adobe
    [19/12/2008|17:30] C:\Program Files\Ad-remover
    [07/09/2007|01:04] C:\Program Files\Analog Devices
    [07/09/2007|01:13] C:\Program Files\Apoint2K
    [15/10/2008|17:23] C:\Program Files\Apple Software Update
    [17/06/2008|21:18] C:\Program Files\ArcSoft
    [10/12/2008|18:23] C:\Program Files\Avira
    [08/06/2008|12:06] C:\Program Files\BarreDeSurf
    [15/10/2008|17:12] C:\Program Files\Bonjour
    [27/09/2007|22:33] C:\Program Files\Boonty
    [27/09/2007|22:33] C:\Program Files\BoontyGames
    [02/12/2008|17:23] C:\Program Files\Citrix
    [15/10/2008|08:38] C:\Program Files\Come2PlayK2P
    [07/09/2007|00:52] C:\Program Files\ComPlus Applications
    [15/10/2008|08:38] C:\Program Files\Conduit
    [17/06/2008|21:36] C:\Program Files\Digital Video
    [08/09/2007|12:06] C:\Program Files\DynGate
    [09/02/2008|16:26] C:\Program Files\EFI
    [12/12/2008|00:27] C:\Program Files\eMule
    [06/11/2008|17:50] C:\Program Files\EoRezo
    [19/12/2008|05:29] C:\Program Files\Fichiers communs
    [19/06/2008|14:24] C:\Program Files\FileZilla
    [29/03/2008|23:57] C:\Program Files\FlashGet
    [02/07/2008|19:55] C:\Program Files\Free PDF2Fax
    [27/07/2008|02:12] C:\Program Files\Free.fr
    [07/09/2007|02:15] C:\Program Files\freeBrowser
    [31/01/2008|21:50] C:\Program Files\GameHouse
    [06/03/2008|09:19] C:\Program Files\Google
    [08/09/2007|13:14] C:\Program Files\Gravity
    [11/09/2007|12:39] C:\Program Files\Hercules
    [02/02/2008|01:35] C:\Program Files\Hewlett-Packard
    [24/08/2008|18:30] C:\Program Files\Hp
    [28/12/2007|02:41] C:\Program Files\HPQ
    [24/08/2008|18:59] C:\Program Files\IKEA HomePlanner
    [17/10/2008|01:43] C:\Program Files\InstallShield Installation Information
    [28/12/2007|02:35] C:\Program Files\Intel
    [18/12/2008|18:07] C:\Program Files\Internet Explorer
    [07/09/2007|01:24] C:\Program Files\InterVideo
    [08/12/2008|18:22] C:\Program Files\iPod
    [08/12/2008|18:23] C:\Program Files\iTunes
    [24/08/2008|18:33] C:\Program Files\Java
    [19/11/2008|17:23] C:\Program Files\Kiwee Toolbar
    [03/12/2007|15:18] C:\Program Files\Ma‹do Production
    [17/10/2008|01:44] C:\Program Files\Messenger
    [17/10/2008|17:39] C:\Program Files\Messenger Plus! Live
    [12/01/2008|15:53] C:\Program Files\Micro Application
    [17/12/2008|14:34] C:\Program Files\Microsoft
    [07/09/2007|00:56] C:\Program Files\microsoft frontpage
    [05/05/2008|09:58] C:\Program Files\Microsoft Office
    [17/12/2008|14:33] C:\Program Files\Microsoft Office Outlook Connector
    [11/09/2007|12:30] C:\Program Files\Microsoft Picture It! 7
    [17/12/2008|14:34] C:\Program Files\Microsoft Silverlight
    [17/12/2008|14:31] C:\Program Files\Microsoft SQL Server Compact Edition
    [05/05/2008|09:58] C:\Program Files\Microsoft Visual Studio
    [05/05/2008|09:52] C:\Program Files\Microsoft Visual Studio 8
    [05/05/2008|09:59] C:\Program Files\Microsoft Works
    [05/05/2008|09:56] C:\Program Files\Microsoft.NET
    [18/12/2008|10:37] C:\Program Files\Movie Maker
    [19/12/2008|17:31] C:\Program Files\Mozilla Firefox
    [05/05/2008|09:58] C:\Program Files\MSBuild
    [17/05/2008|16:33] C:\Program Files\MSN
    [07/09/2007|00:51] C:\Program Files\MSN Gaming Zone
    [04/10/2008|17:04] C:\Program Files\MSXML 4.0
    [18/10/2008|00:40] C:\Program Files\MyFreeTV
    [29/01/2008|21:32] C:\Program Files\Mysteryville
    [20/01/2008|19:14] C:\Program Files\Mysteryville 2
    [29/01/2008|12:16] C:\Program Files\Mysteryville Deluxe
    [09/12/2007|12:34] C:\Program Files\Nero
    [18/12/2008|10:36] C:\Program Files\NetMeeting
    [11/12/2008|15:59] C:\Program Files\Norton AntiVirus
    [07/09/2007|00:51] C:\Program Files\Online Services
    [15/10/2008|08:39] C:\Program Files\Ooze defy win
    [18/12/2008|10:36] C:\Program Files\Outlook Express
    [06/05/2008|21:36] C:\Program Files\PCStitch 7
    [02/07/2008|20:07] C:\Program Files\PDFCreator
    [19/10/2008|19:43] C:\Program Files\PhotoFiltre
    [21/01/2008|20:25] C:\Program Files\PHP
    [29/01/2008|12:14] C:\Program Files\PopCap Games
    [08/12/2008|18:22] C:\Program Files\QuickTime
    [12/06/2008|18:59] C:\Program Files\RADVideo
    [20/01/2008|16:48] C:\Program Files\ReflexiveArcade
    [24/02/2008|00:05] C:\Program Files\RegCleaner
    [08/12/2008|18:19] C:\Program Files\Safari
    [16/10/2008|22:05] C:\Program Files\SAGEM
    [12/12/2008|00:19] C:\Program Files\Secured IE
    [12/12/2008|00:18] C:\Program Files\securedie
    [07/09/2007|00:54] C:\Program Files\Services en ligne
    [20/12/2007|13:24] C:\Program Files\Skyline
    [08/03/2008|20:13] C:\Program Files\Skype
    [07/09/2007|01:34] C:\Program Files\Sonic
    [24/08/2008|18:33] C:\Program Files\Sun
    [11/12/2008|16:11] C:\Program Files\Symantec
    [03/06/2008|03:47] C:\Program Files\Tales of Pirates Online
    [08/09/2007|12:05] C:\Program Files\TeamViewer
    [18/09/2007|21:35] C:\Program Files\Toshiba
    [13/01/2008|02:26] C:\Program Files\TrackMania Nations ESWC
    [18/12/2008|15:23] C:\Program Files\Trend Micro
    [27/09/2007|21:44] C:\Program Files\TribalWeb
    [07/09/2007|01:03] C:\Program Files\Uninstall Information
    [16/10/2008|22:28] C:\Program Files\VideoLAN
    [18/06/2008|22:37] C:\Program Files\VirginMega
    [14/10/2007|22:10] C:\Program Files\VSO
    [05/05/2008|10:16] C:\Program Files\Windows Desktop Search
    [17/12/2008|14:33] C:\Program Files\Windows Live
    [17/12/2008|14:28] C:\Program Files\Windows Live SkyDrive
    [18/10/2007|22:13] C:\Program Files\Windows Media Connect 2
    [18/12/2008|10:41] C:\Program Files\Windows Media Player
    [18/12/2008|10:31] C:\Program Files\Windows NT
    [07/09/2007|00:54] C:\Program Files\WindowsUpdate
    [08/09/2007|12:11] C:\Program Files\WinRAR
    [07/09/2007|00:56] C:\Program Files\xerox
    [16/10/2008|22:04] C:\Program Files\Zero G Registry
    [29/01/2008|21:28] C:\Program Files\Zylom Games

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [06/06/2008|12:09] C:\Program Files\Fichiers communs\Adobe
    [09/12/2007|12:34] C:\Program Files\Fichiers communs\Ahead
    [08/12/2008|18:22] C:\Program Files\Fichiers communs\Apple
    [11/09/2007|12:42] C:\Program Files\Fichiers communs\ArcSoft
    [27/09/2007|22:33] C:\Program Files\Fichiers communs\BOONTY Shared
    [05/05/2008|09:58] C:\Program Files\Fichiers communs\DESIGNER
    [02/02/2008|01:33] C:\Program Files\Fichiers communs\Hewlett-Packard
    [02/02/2008|01:39] C:\Program Files\Fichiers communs\HP
    [07/09/2007|01:36] C:\Program Files\Fichiers communs\InstallShield
    [07/09/2007|01:36] C:\Program Files\Fichiers communs\Java
    [17/12/2008|14:28] C:\Program Files\Fichiers communs\Microsoft Shared
    [07/09/2007|00:53] C:\Program Files\Fichiers communs\MSSoap
    [07/09/2007|02:43] C:\Program Files\Fichiers communs\ODBC
    [07/09/2007|00:53] C:\Program Files\Fichiers communs\Services
    [08/03/2008|20:13] C:\Program Files\Fichiers communs\Skype
    [07/09/2007|01:34] C:\Program Files\Fichiers communs\Sonic Shared
    [07/09/2007|02:43] C:\Program Files\Fichiers communs\SpeechEngines
    [07/09/2007|01:34] C:\Program Files\Fichiers communs\SureThing Shared
    [11/12/2008|16:11] C:\Program Files\Fichiers communs\Symantec Shared
    [18/12/2008|10:36] C:\Program Files\Fichiers communs\System
    [07/09/2007|01:35] C:\Program Files\Fichiers communs\TiVo Shared
    [17/12/2008|14:18] C:\Program Files\Fichiers communs\Windows Live
    [07/03/2008|23:25] C:\Program Files\Fichiers communs\WindowsLiveInstaller
    [24/08/2008|18:59] C:\Program Files\Fichiers communs\Wise Installation Wizard

    --------------------\\ Process

    ( 59 Processes )

    iexplore.exe ~ [PID:3520]
    iexplore.exe ~ [PID:2800]

    --------------------\\ Recherche avec S_Lop

    C:\DOCUME~1\Evelyne\APPLIC~1\OOZEDE~1

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf\Exit Copy.exe
    C:\DOCUME~1\Evelyne\APPLIC~1\oozede~1
    C:\Program Files\oozede~1
    C:\DOCUME~1\Evelyne\Cookies\evelyne@advertising[1].txt
    C:\DOCUME~1\Evelyne\Cookies\evelyne@advertising[3].txt
    C:\DOCUME~1\Evelyne\Cookies\evelyne@banner.cotedazurpalace[2].txt
    C:\DOCUME~1\Evelyne\Cookies\evelyne@cotedazurpalace[1].txt
    C:\DOCUME~1\Evelyne\Cookies\evelyne@www.cotedazurpalace[1].txt
    C:\DOCUME~1\Evelyne\Cookies\evelyne@adopt.euroclick[2].txt
    C:\WINDOWS\Tasks\A738181791A38C5B.job

    --------------------\\ Verification du Registre

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WAITAXISDEAF]
    "DisplayName"="CiD Help"
    "UninstallString"="C:\\DOCUME~1\\Evelyne\\APPLIC~1\\OOZEDE~1\\Burn base.exe -uninstall"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Proc Deaf Delete Peak"="C:\\Documents and Settings\\All Users\\Application Data\\file joy proc deaf\\Exit Copy.exe"

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-19 17:37:56
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    [F:7][D:1]-> C:\DOCUME~1\Evelyne\LOCALS~1\Temp
    [F:125][D:0]-> C:\DOCUME~1\Evelyne\Cookies
    [F:2][D:0]-> C:\DOCUME~1\Evelyne\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 19/12/2008|17:39 - Option : [1]

    --------------------\\ Fin du rapport a 17:39:41
    0
  14. gen-hackman
     
    Bonsoir pour avancer :

    /!\ Déconnecte-toi et ferme toutes applications en cours /!\

    Double-clique sur AD-Remover pour le lancer : au menu principal, choisis l'option B.

    Coche à l'écran de sélection :
    http://sd-1.archive-host.com/membres/up/16506160323759868/Capturer-ADR.JPG

    Suppression Boonty/BoontyGames (Si trouvé)
    Suppression Eorezo (Si trouvé)
    Suppression Everest Poker (Si trouvé)
    Suppression Funwebproduct/MyWay/MyWebsearch (Si trouvé)
    Suppression Messenger Skinner (Si trouvé)
    Suppression Sweetim (Si trouvé)

    Puis choisis S, le programme va travailler.

    Poste le rapport qui apparaît à la fin.

    (Le rapport est sauvegardé aussi sous C:\Ad-report.log)

    /!\ Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide) /!\

    Note :

    "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...)


    0
  15. 5Chanur Messages postés 23 Statut Membre
     
    Voici le nouveau rapport

    --------- Logfile of AD-Remover 1.0.7.8 by C_XX ---------

    *** Limited to ***

    Boonty/BoontyGames
    Eorezo
    Everest Poker
    Funwebproduct/MyWay/MyWebsearch
    It's TV
    Sweetim

    ******************

    # START at: 18:32:18 | Ven 19/12/2008 | Microsoft® Windows XP™ SP2 (v5.1.2600)
    # BOOT MODE: Normal

    # OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

    # PC: EVELYNE-59CAD7C | USER: Evelyne ( Current user is an administrator)

    # DRIVE(S):
    - C:\ (File System: NTFS)
    - D:\ (File System: CDFS)

    # Internet Explorer v6.0.2900.2180

    --------- [ RUNNING PROCESSES: 54 ] ---------

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\EoRezo\EoEngine.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ntvdm.exe

    -----------------------------------

    (!) ---- IE start pages reset

    +-----------------------| Boonty/Boonty Games Elements Deleted :

    "HKEY_CURRENT_USER\SOFTWARE\Boonty"
    "HKEY_LOCAL_MACHINE\Software\Boonty"
    .
    [27/09/2007 22:33|d--------] C:\Program Files\Boonty
    [27/09/2007 22:33|d--------] C:\Program Files\BoontyGames
    [27/09/2007 22:33|d--------] C:\Program Files\Fichiers communs\BOONTY Shared
    [27/09/2007 22:33|d--------] C:\Documents and Settings\All Users\Application Data\BOONTY

    +-----------------------| Eorezo Elements Deleted :

    "HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
    "HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
    "HKEY_CURRENT_USER\SOFTWARE\EoRezo"
    "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
    "HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\EoRezoBHO.DLL"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "EoEngine"
    .
    [06/11/2008 17:50|d--------] C:\Program Files\EoRezo
    [19/12/2008 18:23|d--------] C:\Documents and Settings\Evelyne\Application Data\EoRezo
    /!\ NOT DELETED - [19/12/2008 05:39|--a------] C:\WINDOWS\Prefetch\EOENGI~1.PF
    [16/12/2008 05:53|--a------] C:\DOCUME~1\Evelyne\Cookies\EV90B8~1.TXT
    [13/12/2008 03:42|--a------] C:\DOCUME~1\Evelyne\Cookies\EVDC9A~1.TXT
    [17/11/2008 02:39|--a------] C:\DOCUME~1\Evelyne\Cookies\EV8914~1.TXT
    [12/11/2008 18:16|--a------] C:\DOCUME~1\Evelyne\Cookies\EVELYN~4.TXT

    +-----------------------| Everest Poker Elements Deleted :

    .

    +-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

    .

    +-----------------------| It's TV Elements Deleted :

    .

    +-----------------------| Sweetim Elements Deleted :

    .

    (!) ---- Temp files deleted.
    (!) ---- Recycle bin emptied in all drives.

    ************* /!\ File(s)/Folder(s) Not Deleted /!\ *************

    "C:\WINDOWS\Prefetch\EOENGINE.EXE-020B3EA2.pf"

    Second run ...

    "C:\WINDOWS\Prefetch\EOENGINE.EXE-020B3EA2.pf" - RESIST !

    +-----------------------| ADDED SCAN :

    +---------- Scanning prefs.js ... ( # Mozilla User Preferences )

    ...\w9ttrjpv.default\prefs.js :

    ~~~~ Mozilla FireFox version 3.0.5 ~~~~

    Start Page : "http://lo.st#home"

    +----------+

    +--[HKEY_CURRENT_USER\..\Run]

    BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} REG_SZ "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe

    +--[HKEY_LOCAL_MACHINE\..\Run]

    IMJPMIG8.1 REG_SZ "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    SoundMAXPnP REG_SZ C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    SoundMAX REG_SZ C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    Apoint REG_SZ C:\Program Files\Apoint2K\Apoint.exe
    IgfxTray REG_SZ C:\WINDOWS\system32\igfxtray.exe
    HotKeysCmds REG_SZ C:\WINDOWS\system32\hkcmd.exe
    Cpqset REG_SZ C:\Program Files\HPQ\Default Settings\cpqset.exe
    eabconfg.cpl REG_SZ C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    hpWirelessAssistant REG_SZ C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    Microsoft Works Update Detection REG_SZ C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    BluetoothAuthenticationAgent REG_SZ rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
    MSPY2002 REG_SZ C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    AGRSMMSG REG_SZ AGRSMMSG.exe
    HP Software Update REG_SZ C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    Proc Deaf Delete Peak REG_SZ C:\Documents and Settings\All Users\Application Data\file joy proc deaf\Exit Copy.exe
    QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
    AppleSyncNotifier REG_SZ C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    IMEKRMIG6.1 REG_SZ C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    c8f15057 REG_SZ rundll32.exe "C:\WINDOWS\system32\fobuyuru.dll",b

    +--[HKEY_USERS\.DEFAULT\..\Run]

    +--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

    Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

    +--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

    Start Page : hxxp://fr.msn.com/

    +---------------------------------------------------------------------------+

    - "C:\AD-report-Clean-19.12.2008.log" (~8398 bytes)

    - "C:\AD-report-Scan-19.12.2008.log" (~12586 bytes)

    # END at: 18:34:40 | 19/12/2008 - Time elapsed: 2 minutes, 21 seconds

    +---------------------------------------------------------------------------+
    +------------------------------- [ E.O.F - 159 lines ]
    +---------------------------------------------------------------------------+
    0
  16. gen-hackman
     
    ok ensuite :

    Telecharge maintenant FindyKill sur ton bureau :

    http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

    --> Lance l installation avec les parametres par default

    --> Fais un clic droit sur le raccourci FindyKill sur ton bureau

    --> Choisi executer en tant qu administrateur

    --> Au menu principal,choisi l option 1 (Recherche)

    --> Post le rapport FindyKill.txt

    Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
    0
  17. 5Chanur Messages postés 23 Statut Membre
     
    voici le rapport
    ----------------- FindyKill V4.709 ------------------

    * User : Evelyne - EVELYNE-59CAD7C
    * Emplacement : C:\Program Files\FindyKill
    * Outils Mis a jours le 10/12/08 par Chiquitine29
    * Recherche effectuée à 20:41:47 le 19/12/2008
    * Windows XP - Internet Explorer 6.0.2900.2180

    ((((((((((((((((( *** Recherche *** ))))))))))))))))))

    --------------- [ Processus actifs ] ----------------

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\WINDOWS\system32\WISPTIS.EXE
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe

    --------------- [ Fichiers/Dossiers infectieux ] ----------------

    »»»» Presence des fichiers dans C:

    »»»» Presence des fichiers dans C:\WINDOWS

    »»»» Presence des fichiers dans C:\WINDOWS\Prefetch

    »»»» Presence des fichiers dans C:\WINDOWS\system32

    »»»» Presence des fichiers dans C:\WINDOWS\system32\config\systemprofile\AppData\Roaming

    »»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

    »»»» Presence des fichiers dans C:\Documents and Settings\Evelyne\Application Data

    »»»» Presence des fichiers dans C:\DOCUME~1\Evelyne\LOCALS~1\Temp

    »»»» Presence des fichiers dans C:\Documents and Settings\Evelyne\Local Settings\Temporary Internet Files\Content.IE5

    Found ! [31/08/2007 16:40] - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\7B5560BB781B40259A06350E9B643B6E_more.jpg
    Found ! [11/09/2007 17:54] - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg
    Found ! [30/12/2007 23:13] - C:\Program Files\TrackMania Nations ESWC\GameData\Cache\8f3eb24f_Any%5cAdvertisement%5cTMXDown.jpg
    Found ! [30/12/2007 23:13] - C:\Program Files\TrackMania Nations ESWC\GameData\Cache\8f3eb24f_Any%5cAdvertisement%5cTMXDown.jpg.loc

    --------------- [ Registre / Startup ] ----------------

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    SoundMAXPnP=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    SoundMAX=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    Apoint=C:\Program Files\Apoint2K\Apoint.exe
    IgfxTray=C:\WINDOWS\system32\igfxtray.exe
    HotKeysCmds=C:\WINDOWS\system32\hkcmd.exe
    Cpqset=C:\Program Files\HPQ\Default Settings\cpqset.exe
    eabconfg.cpl=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    hpWirelessAssistant=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    Microsoft Works Update Detection=C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    BluetoothAuthenticationAgent=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
    MSPY2002=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    AGRSMMSG=AGRSMMSG.exe
    HP Software Update=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    Proc Deaf Delete Peak=C:\Documents and Settings\All Users\Application Data\file joy proc deaf\Exit Copy.exe
    QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
    iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
    AppleSyncNotifier=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    IMEKRMIG6.1=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    c8f15057=rundll32.exe "C:\WINDOWS\system32\fobuyuru.dll",b

    [HKEY_CURRENT_USER\software\local appwizard-generated applications\DestComp]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\hpqqpawp]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\hprbui]

    --------------- [ Registre / Clés infectieuses ] ----------------

    --------------- [ Etat / Services ] ----------------

    +- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

    Ndisuio - Type de démarrage = 3

    EapHost - Type de démarrage = 3

    Ip6Fw - Type de démarrage = 3

    SharedAccess - Type de démarrage = 2

    /!\ wuauserv - Type de démarrage = 4

    wscsvc - Type de démarrage = 2

    --------------- [ Recherche dans supports amovibles] ----------------

    +- Informations :

    C: - Lecteur fixe

    D: - Lecteur de CD-ROM

    +- Contenu de l'autorun : D:\autorun.inf

    [AutoRun]
    open=setup.exe
    icon=setup.exe,0

    +- presence des fichiers :

    Found ! [05/08/2004 13:00][-r-------] - D:\autorun.inf

    --------------- [ Registre / Mountpoint2 ] ----------------

    -> Not found !

    ------------------- ! Fin du rapport ! --------------------
    0
  18. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    relance lop sd puis
    * Choisis cette fois ci l'Option 2 (Suppression)
    * Ne ferme pas la fenêtre lors de la suppression !
    * Poste le rapport généré (C:\lopR.txt)

    (Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

    ______________________

    Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Clique Continue à l'écran Disclaimer.

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    0
  19. gen-hackman
     
    salut.....et findy2....non??? :

    Ndisuio - Type de démarrage = 3

    EapHost - Type de démarrage = 3

    Ip6Fw - Type de démarrage = 3

    SharedAccess - Type de démarrage = 2

    /!\ wuauserv - Type de démarrage = 4

    wscsvc - Type de démarrage = 2

    0
  20. 5Chanur Messages postés 23 Statut Membre
     
    Bonjour voici les rapports demandés

    --------------------\\ Lop S&D 4.2.4-9c XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.73GHz )
    BIOS : Ver 1.00PARTTBLX
    USER : Evelyne ( Administrator )
    BOOT : Normal boot
    Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
    Firewall : Norton Internet Worm Protection 2005 (Activated)
    C:\ (Local Disk) - NTFS - Total:74 Go (Free:32 Go)
    D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

    "C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
    Option : [2] ( 20/12/2008|13:35 )

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf\Exit Copy.exe
    Supprime! - C:\DOCUME~1\Evelyne\Cookies\evelyne@advertising[1].txt
    Supprime! - C:\DOCUME~1\Evelyne\Cookies\evelyne@advertising[3].txt
    Supprime! - C:\DOCUME~1\Evelyne\Cookies\evelyne@banner.cotedazurpalace[2].txt
    Supprime! - C:\DOCUME~1\Evelyne\Cookies\evelyne@cotedazurpalace[1].txt
    Supprime! - C:\DOCUME~1\Evelyne\Cookies\evelyne@www.cotedazurpalace[1].txt
    Supprime! - C:\DOCUME~1\Evelyne\Cookies\evelyne@adopt.euroclick[2].txt
    Supprime! - C:\WINDOWS\Tasks\A738181791A38C5B.job
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf
    Supprime! - C:\DOCUME~1\Evelyne\APPLIC~1\oozede~1
    Supprime! - C:\Program Files\oozede~1

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    --------------------\\ Listing des dossiers dans APPLIC~1

    [14/12/2008|14:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

    [08/12/2008|18:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    [06/06/2008|12:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [18/03/2008|09:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [18/03/2008|09:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [10/12/2008|18:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    [12/12/2008|00:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone
    [18/06/2008|22:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
    [07/09/2007|02:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [02/02/2008|01:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
    [08/12/2008|18:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
    [07/09/2007|01:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpqwmi
    [30/03/2008|13:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HPSSUPPLY
    [07/09/2007|01:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    [15/09/2007|00:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [17/12/2008|14:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [10/12/2008|06:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
    [20/01/2008|17:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\n7-89-o9-3r-4t-r9
    [07/09/2007|18:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
    [18/09/2007|21:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    [11/09/2007|17:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    [10/12/2008|18:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    [24/09/2007|18:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [07/03/2008|23:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    [20/01/2008|10:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

    [07/09/2007|00:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [23/02/2008|11:26] C:\DOCUME~1\Evelyne\APPLIC~1\Adobe
    [06/06/2008|12:06] C:\DOCUME~1\Evelyne\APPLIC~1\AdobeUM
    [12/06/2008|22:16] C:\DOCUME~1\Evelyne\APPLIC~1\Ahead
    [10/12/2008|18:18] C:\DOCUME~1\Evelyne\APPLIC~1\Apple Computer
    [07/04/2008|16:52] C:\DOCUME~1\Evelyne\APPLIC~1\ArcSoft
    [24/10/2007|13:31] C:\DOCUME~1\Evelyne\APPLIC~1\DeskSoft
    [12/06/2008|22:42] C:\DOCUME~1\Evelyne\APPLIC~1\dvdcss
    [14/09/2007|13:02] C:\DOCUME~1\Evelyne\APPLIC~1\FileZilla
    [20/01/2008|17:11] C:\DOCUME~1\Evelyne\APPLIC~1\GameHouse
    [09/02/2008|16:32] C:\DOCUME~1\Evelyne\APPLIC~1\Google
    [12/09/2007|13:08] C:\DOCUME~1\Evelyne\APPLIC~1\Help
    [02/02/2008|02:06] C:\DOCUME~1\Evelyne\APPLIC~1\HP
    [20/01/2008|10:58] C:\DOCUME~1\Evelyne\APPLIC~1\Identities
    [31/10/2008|00:41] C:\DOCUME~1\Evelyne\APPLIC~1\Image Zone Express
    [24/09/2007|18:26] C:\DOCUME~1\Evelyne\APPLIC~1\InstallShield
    [08/09/2007|20:44] C:\DOCUME~1\Evelyne\APPLIC~1\InterVideo
    [10/10/2007|09:37] C:\DOCUME~1\Evelyne\APPLIC~1\Leadertech
    [05/03/2008|18:54] C:\DOCUME~1\Evelyne\APPLIC~1\Macromedia
    [12/10/2008|16:46] C:\DOCUME~1\Evelyne\APPLIC~1\Microsoft
    [27/08/2008|16:11] C:\DOCUME~1\Evelyne\APPLIC~1\Mozilla
    [20/01/2008|16:52] C:\DOCUME~1\Evelyne\APPLIC~1\Mysteryville2
    [19/10/2008|16:11] C:\DOCUME~1\Evelyne\APPLIC~1\Printer Info Cache
    [09/03/2008|15:37] C:\DOCUME~1\Evelyne\APPLIC~1\Skype
    [09/03/2008|13:30] C:\DOCUME~1\Evelyne\APPLIC~1\skypePM
    [10/10/2007|09:37] C:\DOCUME~1\Evelyne\APPLIC~1\Sonic
    [08/09/2007|21:43] C:\DOCUME~1\Evelyne\APPLIC~1\Sun
    [07/09/2007|01:52] C:\DOCUME~1\Evelyne\APPLIC~1\Symantec
    [07/09/2007|02:01] C:\DOCUME~1\Evelyne\APPLIC~1\Talkback
    [08/09/2007|13:13] C:\DOCUME~1\Evelyne\APPLIC~1\TeamViewer
    [19/10/2007|13:18] C:\DOCUME~1\Evelyne\APPLIC~1\TribalWeb
    [07/09/2007|02:09] C:\DOCUME~1\Evelyne\APPLIC~1\vlc
    [24/10/2007|22:01] C:\DOCUME~1\Evelyne\APPLIC~1\VSO
    [05/05/2008|23:25] C:\DOCUME~1\Evelyne\APPLIC~1\Windows Desktop Search
    [08/09/2007|14:41] C:\DOCUME~1\Evelyne\APPLIC~1\WinRAR
    [20/01/2008|10:58] C:\DOCUME~1\Evelyne\APPLIC~1\Zylom

    [08/12/2008|18:19] C:\DOCUME~1\LOCALS~1\APPLIC~1\agi
    [24/10/2008|20:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [10/01/2008|03:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\Symantec

    [08/12/2008|18:19] C:\DOCUME~1\NETWOR~1\APPLIC~1\agi
    [07/09/2007|00:59] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [18/12/2008 19:57][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [20/12/2008 13:19][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [04/12/2007|20:15] C:\Program Files\Adobe
    [19/12/2008|18:35] C:\Program Files\Ad-remover
    [07/09/2007|01:04] C:\Program Files\Analog Devices
    [07/09/2007|01:13] C:\Program Files\Apoint2K
    [15/10/2008|17:23] C:\Program Files\Apple Software Update
    [17/06/2008|21:18] C:\Program Files\ArcSoft
    [10/12/2008|18:23] C:\Program Files\Avira
    [08/06/2008|12:06] C:\Program Files\BarreDeSurf
    [15/10/2008|17:12] C:\Program Files\Bonjour
    [02/12/2008|17:23] C:\Program Files\Citrix
    [15/10/2008|08:38] C:\Program Files\Come2PlayK2P
    [07/09/2007|00:52] C:\Program Files\ComPlus Applications
    [15/10/2008|08:38] C:\Program Files\Conduit
    [17/06/2008|21:36] C:\Program Files\Digital Video
    [08/09/2007|12:06] C:\Program Files\DynGate
    [09/02/2008|16:26] C:\Program Files\EFI
    [12/12/2008|00:27] C:\Program Files\eMule
    [19/12/2008|18:33] C:\Program Files\Fichiers communs
    [19/06/2008|14:24] C:\Program Files\FileZilla
    [19/12/2008|20:43] C:\Program Files\FindyKill
    [29/03/2008|23:57] C:\Program Files\FlashGet
    [02/07/2008|19:55] C:\Program Files\Free PDF2Fax
    [27/07/2008|02:12] C:\Program Files\Free.fr
    [07/09/2007|02:15] C:\Program Files\freeBrowser
    [31/01/2008|21:50] C:\Program Files\GameHouse
    [06/03/2008|09:19] C:\Program Files\Google
    [08/09/2007|13:14] C:\Program Files\Gravity
    [11/09/2007|12:39] C:\Program Files\Hercules
    [02/02/2008|01:35] C:\Program Files\Hewlett-Packard
    [24/08/2008|18:30] C:\Program Files\Hp
    [28/12/2007|02:41] C:\Program Files\HPQ
    [24/08/2008|18:59] C:\Program Files\IKEA HomePlanner
    [17/10/2008|01:43] C:\Program Files\InstallShield Installation Information
    [28/12/2007|02:35] C:\Program Files\Intel
    [18/12/2008|18:07] C:\Program Files\Internet Explorer
    [07/09/2007|01:24] C:\Program Files\InterVideo
    [08/12/2008|18:22] C:\Program Files\iPod
    [08/12/2008|18:23] C:\Program Files\iTunes
    [24/08/2008|18:33] C:\Program Files\Java
    [19/11/2008|17:23] C:\Program Files\Kiwee Toolbar
    [03/12/2007|15:18] C:\Program Files\Ma‹do Production
    [17/10/2008|01:44] C:\Program Files\Messenger
    [17/10/2008|17:39] C:\Program Files\Messenger Plus! Live
    [12/01/2008|15:53] C:\Program Files\Micro Application
    [17/12/2008|14:34] C:\Program Files\Microsoft
    [07/09/2007|00:56] C:\Program Files\microsoft frontpage
    [05/05/2008|09:58] C:\Program Files\Microsoft Office
    [17/12/2008|14:33] C:\Program Files\Microsoft Office Outlook Connector
    [11/09/2007|12:30] C:\Program Files\Microsoft Picture It! 7
    [17/12/2008|14:34] C:\Program Files\Microsoft Silverlight
    [17/12/2008|14:31] C:\Program Files\Microsoft SQL Server Compact Edition
    [05/05/2008|09:58] C:\Program Files\Microsoft Visual Studio
    [05/05/2008|09:52] C:\Program Files\Microsoft Visual Studio 8
    [05/05/2008|09:59] C:\Program Files\Microsoft Works
    [05/05/2008|09:56] C:\Program Files\Microsoft.NET
    [18/12/2008|10:37] C:\Program Files\Movie Maker
    [20/12/2008|13:26] C:\Program Files\Mozilla Firefox
    [05/05/2008|09:58] C:\Program Files\MSBuild
    [17/05/2008|16:33] C:\Program Files\MSN
    [07/09/2007|00:51] C:\Program Files\MSN Gaming Zone
    [04/10/2008|17:04] C:\Program Files\MSXML 4.0
    [18/10/2008|00:40] C:\Program Files\MyFreeTV
    [29/01/2008|21:32] C:\Program Files\Mysteryville
    [20/01/2008|19:14] C:\Program Files\Mysteryville 2
    [29/01/2008|12:16] C:\Program Files\Mysteryville Deluxe
    [09/12/2007|12:34] C:\Program Files\Nero
    [18/12/2008|10:36] C:\Program Files\NetMeeting
    [11/12/2008|15:59] C:\Program Files\Norton AntiVirus
    [07/09/2007|00:51] C:\Program Files\Online Services
    [18/12/2008|10:36] C:\Program Files\Outlook Express
    [06/05/2008|21:36] C:\Program Files\PCStitch 7
    [02/07/2008|20:07] C:\Program Files\PDFCreator
    [19/10/2008|19:43] C:\Program Files\PhotoFiltre
    [21/01/2008|20:25] C:\Program Files\PHP
    [29/01/2008|12:14] C:\Program Files\PopCap Games
    [08/12/2008|18:22] C:\Program Files\QuickTime
    [12/06/2008|18:59] C:\Program Files\RADVideo
    [20/01/2008|16:48] C:\Program Files\ReflexiveArcade
    [24/02/2008|00:05] C:\Program Files\RegCleaner
    [08/12/2008|18:19] C:\Program Files\Safari
    [16/10/2008|22:05] C:\Program Files\SAGEM
    [12/12/2008|00:19] C:\Program Files\Secured IE
    [12/12/2008|00:18] C:\Program Files\securedie
    [07/09/2007|00:54] C:\Program Files\Services en ligne
    [20/12/2007|13:24] C:\Program Files\Skyline
    [08/03/2008|20:13] C:\Program Files\Skype
    [07/09/2007|01:34] C:\Program Files\Sonic
    [24/08/2008|18:33] C:\Program Files\Sun
    [11/12/2008|16:11] C:\Program Files\Symantec
    [03/06/2008|03:47] C:\Program Files\Tales of Pirates Online
    [08/09/2007|12:05] C:\Program Files\TeamViewer
    [18/09/2007|21:35] C:\Program Files\Toshiba
    [13/01/2008|02:26] C:\Program Files\TrackMania Nations ESWC
    [18/12/2008|15:23] C:\Program Files\Trend Micro
    [27/09/2007|21:44] C:\Program Files\TribalWeb
    [07/09/2007|01:03] C:\Program Files\Uninstall Information
    [16/10/2008|22:28] C:\Program Files\VideoLAN
    [18/06/2008|22:37] C:\Program Files\VirginMega
    [14/10/2007|22:10] C:\Program Files\VSO
    [05/05/2008|10:16] C:\Program Files\Windows Desktop Search
    [17/12/2008|14:33] C:\Program Files\Windows Live
    [17/12/2008|14:28] C:\Program Files\Windows Live SkyDrive
    [18/10/2007|22:13] C:\Program Files\Windows Media Connect 2
    [18/12/2008|10:41] C:\Program Files\Windows Media Player
    [18/12/2008|10:31] C:\Program Files\Windows NT
    [07/09/2007|00:54] C:\Program Files\WindowsUpdate
    [08/09/2007|12:11] C:\Program Files\WinRAR
    [07/09/2007|00:56] C:\Program Files\xerox
    [16/10/2008|22:04] C:\Program Files\Zero G Registry
    [29/01/2008|21:28] C:\Program Files\Zylom Games

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [06/06/2008|12:09] C:\Program Files\Fichiers communs\Adobe
    [09/12/2007|12:34] C:\Program Files\Fichiers communs\Ahead
    [08/12/2008|18:22] C:\Program Files\Fichiers communs\Apple
    [11/09/2007|12:42] C:\Program Files\Fichiers communs\ArcSoft
    [05/05/2008|09:58] C:\Program Files\Fichiers communs\DESIGNER
    [02/02/2008|01:33] C:\Program Files\Fichiers communs\Hewlett-Packard
    [02/02/2008|01:39] C:\Program Files\Fichiers communs\HP
    [07/09/2007|01:36] C:\Program Files\Fichiers communs\InstallShield
    [07/09/2007|01:36] C:\Program Files\Fichiers communs\Java
    [17/12/2008|14:28] C:\Program Files\Fichiers communs\Microsoft Shared
    [07/09/2007|00:53] C:\Program Files\Fichiers communs\MSSoap
    [07/09/2007|02:43] C:\Program Files\Fichiers communs\ODBC
    [07/09/2007|00:53] C:\Program Files\Fichiers communs\Services
    [08/03/2008|20:13] C:\Program Files\Fichiers communs\Skype
    [07/09/2007|01:34] C:\Program Files\Fichiers communs\Sonic Shared
    [07/09/2007|02:43] C:\Program Files\Fichiers communs\SpeechEngines
    [07/09/2007|01:34] C:\Program Files\Fichiers communs\SureThing Shared
    [11/12/2008|16:11] C:\Program Files\Fichiers communs\Symantec Shared
    [18/12/2008|10:36] C:\Program Files\Fichiers communs\System
    [07/09/2007|01:35] C:\Program Files\Fichiers communs\TiVo Shared
    [17/12/2008|14:18] C:\Program Files\Fichiers communs\Windows Live
    [07/03/2008|23:25] C:\Program Files\Fichiers communs\WindowsLiveInstaller
    [24/08/2008|18:59] C:\Program Files\Fichiers communs\Wise Installation Wizard

    --------------------\\ Process

    ( 62 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-20 13:36:16
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    [F:142][D:13]-> C:\DOCUME~1\Evelyne\LOCALS~1\Temp
    [F:117][D:0]-> C:\DOCUME~1\Evelyne\Cookies
    [F:137][D:4]-> C:\DOCUME~1\Evelyne\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 19/12/2008|17:39 - Option : [1]
    2 - "C:\Lop SD\LopR_2.txt" - 20/12/2008|13:38 - Option : [2]

    --------------------\\ Fin du rapport a 13:38:37

    et enfin

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Evelyne at 2008-12-20 13:40:29
    Microsoft Windows XP Édition familiale Service Pack 2
    System drive C: has 34 GB (44%) free of 76 GB
    Total RAM: 1014 MB (44% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:40, on 20/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Evelyne\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Evelyne.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PrintMe - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - C:\Program Files\EFI\PrintMeToolbar\htpmcap.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCome.dll
    O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
    O3 - Toolbar: PrintMe - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - C:\Program Files\EFI\PrintMeToolbar\htpmcap.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCome.dll
    O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [c8f15057] rundll32.exe "C:\WINDOWS\system32\fobuyuru.dll",b
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    0
  • 1
  • 2
  • 3