virus downloader.swizzor

Bonjour, Avg me détecte une tonne de virus Downloader.swizzor. Ils sont dans ma quarantaine.. mais comment puis-je faire pour les effacer de mon ordinateurs?! Merci de m'aider!!

Répondre

Inscrivez-vous ou connectez-vous pour masquer ceci.

Bonjour,

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

Voilà Pour le rapport! Merci

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:04, on 2008-03-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
R3 - URLSearchHook: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CE770CE-22B9-79B8-29F6-F48CF7BADA8D} - C:\DOCUME~1\PROPRI~1\APPLIC~1\elseaxis\Vcmeta.exe (file missing)
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Forfait sécurité d'affaires\pkR.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Fichiers communs\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Fichiers communs\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\motivebrowser.exe" /hidden
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UniMessenger] C:\Program Files\UNI2\UNI2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Stupid Data Dart Wave] C:\Documents and Settings\All Users\Application Data\flag ace stupid data\Math Heck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [bows anti] C:\DOCUME~1\PROPRI~1\APPLIC~1\GRIMLO~1\Balmacidshow.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolb [...] xdm491YYCA
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v [...] b53083.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://rimmel.ai-media.com/save/makeover.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/n [...] 0.0.15.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.ya [...] 040510.cab
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagam [...] b53083.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v [...] b53083.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr [...] NPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v [...] b53083.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/control [...] oader2.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-C [...] E_UNO1.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/d [...] 0.0.55.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagam [...] b53083.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/s [...] Plugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramew [...] b53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://sympatico.zone.msn.com/binf [...] b53852.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload [...] .0.10.cab?
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 13159 bytes

Répondre à mwawie

:hello:

Télécharge Lop S&D.exe ( d’ Eric 71 & Angeldark ) sur ton bureau. ~>Tuto<~

Double-clique dessus pour lancer l'installation
Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
Séléctionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
Patiente jusqu'à la fin du scan
Poste le rapport généré ( C:\lopR.txt )

(Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

-----------------------[ Lop S&D 4.0.5 XP/Vista ]----------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Propri‚taire ] [ "C:\Lop SD" ]
[ 2008-03-10 | 12:40:15,59 ] [ PC : NOM-HJDQZRZHIWG ]
[ MAJ : 09-03-2008 | 22:50 ]

-------------[ Listing des dossiers dans Application Data ]------------

[2008-01-18|21:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
[2008-01-18|21:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
[2007-07-06|14:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2008-01-18|21:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[2006-11-10|12:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2007-12-24|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
[2007-09-18|20:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7(2)
[2007-09-18|19:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bell
[2007-09-07|10:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bell Canada
[2007-01-03|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[2005-03-07|10:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOWS 16 JUGS FORD
[2003-08-05|14:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[2007-12-28|11:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\does mfcd amok play
[2005-08-31|22:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FaxCtr
[2008-02-24|21:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data
[2006-09-28|09:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Freedom
[2007-06-29|18:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Friends Games
[2007-09-07|09:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2007-12-24|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[2007-12-19|18:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HipSoft
[2007-01-01|22:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\iWin
[2006-07-04|19:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
[2006-01-05|20:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Anti-Virus Personal
[2007-01-03|19:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[2006-07-25|13:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[2007-03-09|21:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2007-08-19|21:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[2007-08-20|13:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MotiveSysIDs
[2005-11-20|13:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[2007-07-10|18:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Games
[2007-07-11|16:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[2007-06-22|23:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap
[2008-01-21|20:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[2005-06-12|16:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[2007-04-08|20:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
[2003-08-05|19:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[2007-09-18|20:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SharedProperties.xml
[2005-09-02|20:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sierra
[2006-09-10|21:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[2007-01-03|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SugarGames
[2005-03-06|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[2007-12-19|19:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[2007-03-04|20:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[2007-08-19|20:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Two Idol Wave Flag
[2006-09-06|20:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[2005-10-22|11:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2007-11-21|11:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[2007-10-03|15:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[2005-03-05|19:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
[2005-03-05|19:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
[2003-08-05|20:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[2003-08-05|14:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[2003-08-05|19:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[2003-08-05|20:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust
[2007-12-11|22:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[2003-08-05|20:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
[2003-08-05|20:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
[2003-08-07|20:17] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[2007-09-19|10:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
[2007-09-19|10:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
[2007-09-19|10:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
[2005-09-17|14:38] C:\DOCUME~1\LOCALS~1\APPLIC~1\HbTools
[2006-01-20|21:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
[2007-12-24|12:29] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[2007-12-28|13:37] C:\DOCUME~1\LOCALS~1\APPLIC~1\ShopperReports

[2003-08-05|19:39] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
[2003-08-05|19:39] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
[2007-12-24|12:29] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[2008-02-18|12:27] C:\DOCUME~1\PROPRI~1\APPLIC~1\.
[2008-02-18|12:27] C:\DOCUME~1\PROPRI~1\APPLIC~1\..
[2008-01-15|18:32] C:\DOCUME~1\PROPRI~1\APPLIC~1\Adobe
[2007-07-06|14:01] C:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeUM
[2007-01-19|21:44] C:\DOCUME~1\PROPRI~1\APPLIC~1\Apple Computer
[2007-06-03|20:16] C:\DOCUME~1\PROPRI~1\APPLIC~1\ArcSoft
[2008-03-10|06:53] C:\DOCUME~1\PROPRI~1\APPLIC~1\AVG7
[2007-01-20|22:08] C:\DOCUME~1\PROPRI~1\APPLIC~1\AVSMedia
[2007-09-18|19:15] C:\DOCUME~1\PROPRI~1\APPLIC~1\Bell
[2007-09-07|10:01] C:\DOCUME~1\PROPRI~1\APPLIC~1\Bell Canada
[2008-02-11|22:29] C:\DOCUME~1\PROPRI~1\APPLIC~1\BitTorrent
[2007-07-19|20:29] C:\DOCUME~1\PROPRI~1\APPLIC~1\BSplayer
[2007-03-22|16:19] C:\DOCUME~1\PROPRI~1\APPLIC~1\BSplayer Pro
[2007-09-19|10:32] C:\DOCUME~1\PROPRI~1\APPLIC~1\CampaignStore.xml
[2007-08-03|22:07] C:\DOCUME~1\PROPRI~1\APPLIC~1\Chicken Chase
[2007-09-18|20:12] C:\DOCUME~1\PROPRI~1\APPLIC~1\client_gateway.log
[2007-09-19|10:32] C:\DOCUME~1\PROPRI~1\APPLIC~1\ConfigurationStore.xml
[2007-12-28|21:07] C:\DOCUME~1\PROPRI~1\APPLIC~1\DAEMON Tools
[2003-08-05|14:30] C:\DOCUME~1\PROPRI~1\APPLIC~1\desktop.ini
[2007-04-15|16:57] C:\DOCUME~1\PROPRI~1\APPLIC~1\DivX
[2007-09-19|10:32] C:\DOCUME~1\PROPRI~1\APPLIC~1\EventStore.xml
[2005-09-01|11:23] C:\DOCUME~1\PROPRI~1\APPLIC~1\FaxCtr
[2006-10-09|10:56] C:\DOCUME~1\PROPRI~1\APPLIC~1\FunWebProducts
[2007-01-18|19:51] C:\DOCUME~1\PROPRI~1\APPLIC~1\Gaijin Ent
[2006-10-17|20:14] C:\DOCUME~1\PROPRI~1\APPLIC~1\Google
[2008-02-24|21:46] C:\DOCUME~1\PROPRI~1\APPLIC~1\grimloudmeal
[2007-12-28|11:28] C:\DOCUME~1\PROPRI~1\APPLIC~1\Grisoft
[2005-07-25|11:25] C:\DOCUME~1\PROPRI~1\APPLIC~1\Help
[2007-12-12|17:34] C:\DOCUME~1\PROPRI~1\APPLIC~1\Home Sweet Home
[2003-08-05|19:37] C:\DOCUME~1\PROPRI~1\APPLIC~1\Identities
[2007-07-07|01:12] C:\DOCUME~1\PROPRI~1\APPLIC~1\IMVU
[2007-09-18|20:05] C:\DOCUME~1\PROPRI~1\APPLIC~1\InstallShield
[2005-03-25|14:04] C:\DOCUME~1\PROPRI~1\APPLIC~1\InterVideo
[2007-01-01|22:39] C:\DOCUME~1\PROPRI~1\APPLIC~1\iWin
[2007-12-08|17:55] C:\DOCUME~1\PROPRI~1\APPLIC~1\Jane s Hotel
[2006-08-28|19:46] C:\DOCUME~1\PROPRI~1\APPLIC~1\LANCITE
[2005-05-01|20:54] C:\DOCUME~1\PROPRI~1\APPLIC~1\Macromedia
[2007-01-16|22:20] C:\DOCUME~1\PROPRI~1\APPLIC~1\MessengerSkinner
[2007-12-24|12:29] C:\DOCUME~1\PROPRI~1\APPLIC~1\Microsoft
[2005-08-16|18:53] C:\DOCUME~1\PROPRI~1\APPLIC~1\Microsoft Web Folders
[2006-06-30|10:11] C:\DOCUME~1\PROPRI~1\APPLIC~1\Mozilla
[2006-04-14|23:38] C:\DOCUME~1\PROPRI~1\APPLIC~1\MSN6
[2006-05-27|09:58] C:\DOCUME~1\PROPRI~1\APPLIC~1\MSNInstaller
[2007-06-02|22:21] C:\DOCUME~1\PROPRI~1\APPLIC~1\MysteryStudio
[2007-03-27|17:24] C:\DOCUME~1\PROPRI~1\APPLIC~1\Oberon Media
[2007-07-11|16:34] C:\DOCUME~1\PROPRI~1\APPLIC~1\PlayFirst
[2003-08-05|20:44] C:\DOCUME~1\PROPRI~1\APPLIC~1\SampleView
[2007-12-28|15:25] C:\DOCUME~1\PROPRI~1\APPLIC~1\SecuROM
[2005-09-02|20:27] C:\DOCUME~1\PROPRI~1\APPLIC~1\Sierra
[2007-09-18|20:09] C:\DOCUME~1\PROPRI~1\APPLIC~1\SoftwareDetectionScripts
[2007-09-19|10:32] C:\DOCUME~1\PROPRI~1\APPLIC~1\SoftwarePackageStore.xml
[2005-03-07|20:52] C:\DOCUME~1\PROPRI~1\APPLIC~1\Sonic
[2006-09-10|21:57] C:\DOCUME~1\PROPRI~1\APPLIC~1\Sony Corporation
[2006-07-22|15:48] C:\DOCUME~1\PROPRI~1\APPLIC~1\Sun
[2003-08-07|20:17] C:\DOCUME~1\PROPRI~1\APPLIC~1\Symantec
[2005-03-06|22:25] C:\DOCUME~1\PROPRI~1\APPLIC~1\Template
[2005-11-09|18:58] C:\DOCUME~1\PROPRI~1\APPLIC~1\Thalia
[2006-10-20|23:51] C:\DOCUME~1\PROPRI~1\APPLIC~1\Trevoli
[2007-04-06|08:51] C:\DOCUME~1\PROPRI~1\APPLIC~1\Ulead Systems
[2007-09-19|10:32] C:\DOCUME~1\PROPRI~1\APPLIC~1\UpdateStore.xml
[2007-04-05|20:30] C:\DOCUME~1\PROPRI~1\APPLIC~1\vlc
[2007-03-11|19:31] C:\DOCUME~1\PROPRI~1\APPLIC~1\Wildfire
[2006-08-07|22:17] C:\DOCUME~1\PROPRI~1\APPLIC~1\yahoo!

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[2008-03-10 12:00][--ah-----] C:\WINDOWS\tasks\A8B5843C91923AA4.job
[2008-02-26 00:49][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2002-08-30 15:00][-rah-----] C:\WINDOWS\tasks\desktop.ini
[2008-03-10 06:49][--ah-----] C:\WINDOWS\tasks\SA.DAT

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[2008-03-10|12:30] C:\Program Files\.
[2008-03-10|12:30] C:\Program Files\..
[2006-05-22|10:21] C:\Program Files\Abbyy FineReader 6.0 Sprint
[2007-09-14|10:38] C:\Program Files\Activision Value
[2007-02-11|17:47] C:\Program Files\Adobe
[2007-10-12|10:06] C:\Program Files\Adverts
[2007-04-05|20:44] C:\Program Files\AOL Games
[2008-01-18|21:00] C:\Program Files\Apple Software Update
[2007-01-20|22:04] C:\Program Files\AVSMedia
[2003-08-05|20:45] C:\Program Files\BackWeb
[2007-09-19|10:35] C:\Program Files\Bell
[2007-09-16|21:26] C:\Program Files\BitComet
[2007-12-23|14:01] C:\Program Files\BitTorrent
[2007-12-19|18:39] C:\Program Files\Boonty
[2007-12-19|18:36] C:\Program Files\BoontyGames
[2007-12-28|14:43] C:\Program Files\Common Files
[2003-08-05|20:45] C:\Program Files\Compaq Connections
[2007-09-18|20:05] C:\Program Files\ComPlus Applications
[2007-05-18|14:01] C:\Program Files\Corel
[2005-08-25|20:00] C:\Program Files\CreataCard
[2007-06-03|15:11] C:\Program Files\DivX
[2007-12-26|18:14] C:\Program Files\DomPlayer
[2007-12-29|00:00] C:\Program Files\EA GAMES
[2007-07-06|14:11] C:\Program Files\Easy Internet signup
[2005-12-23|16:14] C:\Program Files\Eidos
[2007-03-04|23:16] C:\Program Files\Eidos Interactive
[2007-11-21|23:55] C:\Program Files\eMule
[2006-09-23|18:29] C:\Program Files\eRightSoft
[2005-10-05|18:24] C:\Program Files\EZFace
[2007-12-28|11:18] C:\Program Files\Fichiers communs
[2006-11-06|23:38] C:\Program Files\FunWebProducts
[2005-06-08|12:36] C:\Program Files\GameSpy Arcade
[2007-03-05|11:31] C:\Program Files\Global Star Software
[2007-09-07|09:58] C:\Program Files\Google
[2008-02-24|21:45] C:\Program Files\grimloudmeal
[2007-12-28|11:20] C:\Program Files\Grisoft
[2007-09-18|20:05] C:\Program Files\Grisoft(2)
[2007-06-26|18:23] C:\Program Files\Hasbro Interactive
[2007-07-14|19:51] C:\Program Files\iMesh Applications
[2007-09-18|19:54] C:\Program Files\INSTALL.LOG
[2007-09-18|20:05] C:\Program Files\InstallShield Installation Information
[2005-03-25|14:04] C:\Program Files\InterActual
[2008-02-12|22:12] C:\Program Files\Internet Explorer
[2003-08-05|20:37] C:\Program Files\InterVideo
[2006-11-10|12:29] C:\Program Files\iPod
[2006-11-10|12:30] C:\Program Files\iTunes
[2006-07-22|15:44] C:\Program Files\Java
[2003-08-05|20:51] C:\Program Files\Java Web Start
[2005-03-23|21:20] C:\Program Files\Kazaa
[2007-06-03|15:11] C:\Program Files\Legacy Interactive
[2007-05-25|16:29] C:\Program Files\Lexmark 2300 Series
[2005-08-31|22:36] C:\Program Files\Lexmark Fax Solutions
[2008-02-18|12:30] C:\Program Files\LimeWire
[2005-07-14|22:18] C:\Program Files\Logitech
[2008-02-28|21:35] C:\Program Files\Lx_cats
[2007-08-05|20:27] C:\Program Files\Maxis
[2005-04-12|17:20] C:\Program Files\Messenger
[2007-12-23|00:56] C:\Program Files\Messenger Plus! Live
[2006-12-30|18:47] C:\Program Files\MessengerPlus! 3
[2007-01-17|08:53] C:\Program Files\MessengerSkinner
[2007-04-06|08:51] C:\Program Files\Micrografx
[2007-11-21|22:00] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2003-08-05|20:35] C:\Program Files\Microsoft Encarta
[2005-08-16|18:53] C:\Program Files\microsoft frontpage
[2006-02-18|22:39] C:\Program Files\Microsoft Games
[2005-07-14|22:18] C:\Program Files\Microsoft NetShow
[2005-08-16|18:53] C:\Program Files\Microsoft Office
[2005-03-18|13:33] C:\Program Files\Microsoft Reference
[2007-11-21|11:41] C:\Program Files\Microsoft SQL Server Compact Edition
[2005-07-25|11:25] C:\Program Files\Microsoft Works
[2007-09-19|10:11] C:\Program Files\mIRC
[2005-04-10|20:51] C:\Program Files\Movie Maker
[2008-03-10|09:36] C:\Program Files\Mozilla Firefox
[2007-07-06|13:45] C:\Program Files\MSECACHE
[2005-12-26|20:43] C:\Program Files\MSN
[2005-03-06|20:53] C:\Program Files\MSN Apps
[2007-12-28|12:31] C:\Program Files\MSN Games
[2003-08-05|19:34] C:\Program Files\MSN Gaming Zone
[2007-12-23|00:56] C:\Program Files\MSN Messenger
[2006-11-17|21:06] C:\Program Files\MSXML 4.0
[2003-08-05|20:36] C:\Program Files\MUSICMATCH
[2006-08-24|14:58] C:\Program Files\MyWebSearch
[2005-07-14|22:18] C:\Program Files\NetMeeting
[2007-06-12|22:31] C:\Program Files\Outlook Express
[2007-12-27|15:28] C:\Program Files\Panda Security
[2007-09-18|20:04] C:\Program Files\Panda Software
[2007-09-18|20:04] C:\Program Files\PC-Doctor for Windows
[2006-10-20|23:47] C:\Program Files\Photo Finale
[2006-11-10|12:28] C:\Program Files\QuickTime
[2003-08-05|20:34] C:\Program Files\RecordNow!
[2007-06-03|20:07] C:\Program Files\SanDisk
[2003-08-05|20:52] C:\Program Files\Services en ligne
[2007-04-06|08:51] C:\Program Files\Sierra
[2007-09-18|20:04] C:\Program Files\SmartAudioConverter
[2006-09-10|21:08] C:\Program Files\Sony
[2006-10-17|18:55] C:\Program Files\SureThing
[2005-03-06|17:34] C:\Program Files\Symantec
[2005-10-11|19:25] C:\Program Files\Thalia
[2007-07-03|20:50] C:\Program Files\The Three Musketeers
[2008-03-10|12:30] C:\Program Files\Trend Micro
[2007-03-04|20:53] C:\Program Files\Trymedia
[2006-09-06|20:15] C:\Program Files\Ulead Systems
[2003-08-05|19:40] C:\Program Files\Uninstall Information
[2007-04-05|20:28] C:\Program Files\VideoLAN
[2006-09-13|19:17] C:\Program Files\Webteh
[2007-01-03|19:20] C:\Program Files\WildTangent
[2007-07-06|13:46] C:\Program Files\Windows Installer Clean Up
[2005-10-22|11:06] C:\Program Files\Windows Journal Viewer
[2008-02-27|22:02] C:\Program Files\Windows Live
[2007-11-21|11:43] C:\Program Files\Windows Live Favorites
[2007-11-21|11:43] C:\Program Files\Windows Live Toolbar
[2007-12-28|12:37] C:\Program Files\Windows Media Connect 2
[2007-11-22|00:17] C:\Program Files\Windows Media Player
[2005-04-10|20:49] C:\Program Files\Windows NT
[2005-03-06|19:37] C:\Program Files\WindowsUpdate
[2006-04-23|09:44] C:\Program Files\WinZip
[2003-08-05|19:37] C:\Program Files\xerox
[2006-08-07|22:14] C:\Program Files\Yahoo!
[2005-08-13|17:32] C:\Program Files\ZJChat

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[2007-12-28|11:18] C:\Program Files\Fichiers communs\.
[2007-12-28|11:18] C:\Program Files\Fichiers communs\..
[2007-02-11|17:47] C:\Program Files\Fichiers communs\Adobe
[2005-03-16|19:19] C:\Program Files\Fichiers communs\AOL
[2007-06-03|20:09] C:\Program Files\Fichiers communs\ArcSoft
[2007-04-05|20:27] C:\Program Files\Fichiers communs\AVSMedia
[2007-01-03|19:40] C:\Program Files\Fichiers communs\BOONTY Shared
[2007-05-18|14:01] C:\Program Files\Fichiers communs\Corel
[2005-08-16|18:54] C:\Program Files\Fichiers communs\Designer
[2006-05-04|19:20] C:\Program Files\Fichiers communs\InstallShield
[2006-07-22|15:42] C:\Program Files\Fichiers communs\Java
[2005-07-14|22:18] C:\Program Files\Fichiers communs\Logitech
[2007-01-03|20:45] C:\Program Files\Fichiers communs\Macrovision Shared
[2007-11-21|11:38] C:\Program Files\Fichiers communs\Microsoft Shared
[2007-08-19|21:12] C:\Program Files\Fichiers communs\Motive
[2003-08-05|19:35] C:\Program Files\Fichiers communs\MSSoap
[2003-08-05|14:30] C:\Program Files\Fichiers communs\ODBC
[2006-01-05|20:54] C:\Program Files\Fichiers communs\Panda Software
[2005-12-29|13:12] C:\Program Files\Fichiers communs\Real
[2007-09-20|10:27] C:\Program Files\Fichiers communs\Sandlot Shared
[2005-03-05|19:47] C:\Program Files\Fichiers communs\Services
[2003-08-05|20:34] C:\Program Files\Fichiers communs\Sonic
[2006-09-10|21:04] C:\Program Files\Fichiers communs\Sony Shared
[2003-08-05|14:30] C:\Program Files\Fichiers communs\SpeechEngines
[2006-10-17|18:55] C:\Program Files\Fichiers communs\SureThing Shared
[2005-03-06|17:35] C:\Program Files\Fichiers communs\Symantec Shared
[2007-06-12|22:31] C:\Program Files\Fichiers communs\System
[2005-10-11|19:25] C:\Program Files\Fichiers communs\Thalia Shared
[2006-09-06|20:02] C:\Program Files\Fichiers communs\Ulead Systems
[2007-11-21|11:38] C:\Program Files\Fichiers communs\WindowsLiveInstaller

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data
C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\Math Heck.exe
C:\Program Files\Adverts
C:\Program Files\DomPlayer
C:\WINDOWS\Tasks\A8B5843C91923AA4.job

----------------------[ Verification du Registre ]----------------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Stupid Data Dart Wave"="C:\\Documents and Settings\\All Users\\Application Data\\flag ace stupid data\\Math Heck.exe"

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts MODIFIE

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

-> 72 ( 70 ## added by CiD )

/!\ 1 Not 127.0.0.1 !!

----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 12:41:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

C:\WINDOWS\pack.epk
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\gwapapa_navps.dat
C:\WINDOWS\system32\gwapapa_nav.dat
C:\WINDOWS\system32\gwapapa.dat
! EGDACCESS !

/!\ [Fich:6707][Doss:105] C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
/!\ [Fich:245][Doss:0] C:\DOCUME~1\PROPRI~1\Cookies
/!\ [Fich:3515][Doss:15] C:\DOCUME~1\PROPRI~1\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 12:43:41,58 ]----------------------

Répondre à mwawie

Re,

Relance Lop S&D

Choisis cette fois ci l'Option 2 ( Suppression )

Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré ( C:\lopR.txt )

(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

-----------------------[ Lop S&D 4.0.5 XP/Vista ]----------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Propri‚taire ] [ "C:\Lop SD" ]
[ 2008-03-10 | 18:05:54,97 ] [ PC : NOM-HJDQZRZHIWG ]
[ MAJ : 09-03-2008 | 22:50 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

Echec ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\Math Heck.exe
Supprimé! - C:\WINDOWS\Tasks\A8B5843C91923AA4.job
Echec ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data
Supprimé! - C:\Program Files\Adverts
Supprimé! - C:\Program Files\DomPlayer
Restauré! - Fichier Hosts

\\\\\\\\\\\\\\\\\\\\\\\\\\\ DEUXIEME PASSAGE ///////////////////////////

Echec ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\Math Heck.exe
Echec ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Supprimé! - C:\Program Files\Boonty
Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Boonty
Supprimé! - C:\Program Files\BoontyGames
Supprimé! - C:\Program Files\MyWebSearch

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

-------------[ Listing des dossiers dans Application Data ]------------

[2008-03-10|18:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
[2008-03-10|18:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
[2007-07-06|14:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2008-01-18|21:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[2006-11-10|12:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2007-12-24|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
[2007-09-18|20:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7(2)
[2007-09-18|19:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bell
[2007-09-07|10:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bell Canada
[2005-03-07|10:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOWS 16 JUGS FORD
[2003-08-05|14:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[2007-12-28|11:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\does mfcd amok play
[2005-08-31|22:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FaxCtr
[2008-02-24|21:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data
[2006-09-28|09:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Freedom
[2007-06-29|18:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Friends Games
[2007-09-07|09:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2007-12-24|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[2007-12-19|18:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HipSoft
[2007-01-01|22:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\iWin
[2006-07-04|19:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
[2006-01-05|20:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Anti-Virus Personal
[2007-01-03|19:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[2006-07-25|13:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[2007-03-09|21:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2007-08-19|21:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[2007-08-20|13:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MotiveSysIDs
[2005-11-20|13:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[2007-07-10|18:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Games
[2007-07-11|16:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[2007-06-22|23:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap
[2008-01-21|20:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[2005-06-12|16:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[2007-04-08|20:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
[2003-08-05|19:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[2007-09-18|20:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SharedProperties.xml
[2005-09-02|20:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sierra
[2006-09-10|21:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[2007-01-03|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SugarGames
[2005-03-06|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[2007-12-19|19:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[2007-03-04|20:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[2007-08-19|20:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Two Idol Wave Flag
[2006-09-06|20:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[2005-10-22|11:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2007-11-21|11:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[2007-10-03|15:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[2005-03-05|19:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
[2005-03-05|19:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
[2003-08-05|20:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[2003-08-05|14:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[2003-08-05|19:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[2003-08-05|20:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust
[2007-12-11|22:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[2003-08-05|20:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
[2003-08-05|20:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
[2003-08-07|20:17] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[2007-09-19|10:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
[2007-09-19|10:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
[2007-09-19|10:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
[2005-09-17|14:38] C:\DOCUME~1\LOCALS~1\APPLIC~1\HbTools
[2006-01-20|21:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
[2007-12-24|12:29] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[2007-12-28|13:37] C:\DOCUME~1\LOCALS~1\APPLIC~1\ShopperReports

[2003-08-05|19:39] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
[2003-08-05|19:39] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
[2007-12-24|12:29] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[2008-02-18|12:27] C:\DOCUME~1\PROPRI~1\APPLIC~1\.
[2008-02-18|12:27] C:\DOCUME~1\PROPRI~1\APPLIC~1\..
[2008-01-15|18:32] C:\DOCUME~1\PROPRI~1\APPLIC~1\Adobe
[2007-07-06|14:01] C:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeUM
[2007-01-19|21:44] C:\DOCUME~1\PROPRI~1\APPLIC~1\Apple Computer
[2007-06-03|20:16] C:\DOCUME~1\PROPRI~1\APPLIC~1\ArcSoft
[2008-03-10|06:53] C:\DOCUME~1\PROPRI~1\APPLIC~1\AVG7
[2007-01-20|22:08] C:\DOCUME~1\PROPRI~1\APPLIC~1\AVSMedia
[2007-09-18|19:15] C:\DOCUME~1\PROPRI~1\APPLIC~1\Bell
[2007-09-07|10:01] C:\DOCUME~1\PROPRI~1\APPLIC~1\Bell Canada
[2008-02-11|22:29] C:\DOCUME~1\PROPRI~1\APPLIC~1\BitTorrent
[2007-07-19|20:29] C:\DOCUME~1\PROPRI~1\APPLIC~1\BSplayer
[2007-03-22|16:19] C:\DOCUME~1\PROPRI~1\APPLIC~1\BSplayer Pro
[2007-09-19|10:32] C:\DOCUME~1\PROPRI~1\APPLIC~1\CampaignStore.xml
[2007-08-03|22:07] C:\DOCUME~1\PROPRI~1\APPLIC~1\Chicken Chase
[2007-09-18|20:12] C:\DOCUME~1\PROPRI~1\APPLIC~1\client_gateway.log
[2007-09-19|10:32] C:\DOCUME~1\PROPRI~1\APPLIC~1\ConfigurationStore.xml
[2007-12-28|21:07] C:\DOCUME~1\PROPRI~1\APPLIC~1\DAEMON Tools
[2003-08-05|14:30] C:\DOCUME~1\PROPRI~1\APPLIC~1\desktop.ini
[2007-04-15|16:57] C:\DOCUME~1\PROPRI~1\APPLIC~1\DivX
[2007-09-19|10:32] C:\DOCUME~1\PROPRI~1\APPLIC~1\EventStore.xml
[2005-09-01|11:23] C:\DOCUME~1\PROPRI~1\APPLIC~1\FaxCtr
[2006-10-09|10:56] C:\DOCUME~1\PROPRI~1\APPLIC~1\FunWebProducts
[2007-01-18|19:51] C:\DOCUME~1\PROPRI~1\APPLIC~1\Gaijin Ent
[2006-10-17|20:14] C:\DOCUME~1\PROPRI~1\APPLIC~1\Google
[2008-02-24|21:46] C:\DOCUME~1\PROPRI~1\APPLIC~1\grimloudmeal
[2007-12-28|11:28] C:\DOCUME~1\PROPRI~1\APPLIC~1\Grisoft
[2005-07-25|11:25] C:\DOCUME~1\PROPRI~1\APPLIC~1\Help
[2007-12-12|17:34] C:\DOCUME~1\PROPRI~1\APPLIC~1\Home Sweet Home
[2003-08-05|19:37] C:\DOCUME~1\PROPRI~1\APPLIC~1\Identities
[2007-07-07|01:12] C:\DOCUME~1\PROPRI~1\APPLIC~1\IMVU
[2007-09-18|20:05] C:\DOCUME~1\PROPRI~1\APPLIC~1\InstallShield
[2005-03-25|14:04] C:\DOCUME~1\PROPRI~1\APPLIC~1\InterVideo
[2007-01-01|22:39] C:\DOCUME~1\PROPRI~1\APPLIC~1\iWin
[2007-12-08|17:55] C:\DOCUME~1\PROPRI~1\APPLIC~1\Jane s Hotel
[2006-08-28|19:46] C:\DOCUME~1\PROPRI~1\APPLIC~1\LANCITE
[2005-05-01|20:54] C:\DOCUME~1\PROPRI~1\APPLIC~1\Macromedia
[2007-01-16|22:20] C:\DOCUME~1\PROPRI~1\APPLIC~1\MessengerSkinner
[2007-12-24|12:29] C:\DOCUME~1\PROPRI~1\APPLIC~1\Microsoft
[2005-08-16|18:53] C:\DOCUME~1\PROPRI~1\APPLIC~1\Microsoft Web Folders
[2006-06-30|10:11] C:\DOCUME~1\PROPRI~1\APPLIC~1\Mozilla
[2006-04-14|23:38] C:\DOCUME~1\PROPRI~1\APPLIC~1\MSN6
[2006-05-27|09:58] C:\DOCUME~1\PROPRI~1\APPLIC~1\MSNInstaller
[2007-06-02|22:21] C:\DOCUME~1\PROPRI~1\APPLIC~1\MysteryStudio
[2007-03-27|17:24] C:\DOCUME~1\PROPRI~1\APPLIC~1\Oberon Media
[2007-07-11|16:34] C:\DOCUME~1\PROPRI~1\APPLIC~1\PlayFirst
[2003-08-05|20:44] C:\DOCUME~1\PROPRI~1\APPLIC~1\SampleView
[2007-12-28|15:25] C:\DOCUME~1\PROPRI~1\APPLIC~1\SecuROM
[2005-09-02|20:27] C:\DOCUME~1\PROPRI~1\APPLIC~1\Sierra
[2007-09-18|20:09] C:\DOCUME~1\PROPRI~1\APPLIC~1\SoftwareDetectionScripts
[2007-09-19|10:32] C:\DOCUME~1\PROPRI~1\APPLIC~1\SoftwarePackageStore.xml
[2005-03-07|20:52] C:\DOCUME~1\PROPRI~1\APPLIC~1\Sonic
[2006-09-10|21:57] C:\DOCUME~1\PROPRI~1\APPLIC~1\Sony Corporation
[2006-07-22|15:48] C:\DOCUME~1\PROPRI~1\APPLIC~1\Sun
[2003-08-07|20:17] C:\DOCUME~1\PROPRI~1\APPLIC~1\Symantec
[2005-03-06|22:25] C:\DOCUME~1\PROPRI~1\APPLIC~1\Template
[2005-11-09|18:58] C:\DOCUME~1\PROPRI~1\APPLIC~1\Thalia
[2006-10-20|23:51] C:\DOCUME~1\PROPRI~1\APPLIC~1\Trevoli
[2007-04-06|08:51] C:\DOCUME~1\PROPRI~1\APPLIC~1\Ulead Systems
[2007-09-19|10:32] C:\DOCUME~1\PROPRI~1\APPLIC~1\UpdateStore.xml
[2007-04-05|20:30] C:\DOCUME~1\PROPRI~1\APPLIC~1\vlc
[2007-03-11|19:31] C:\DOCUME~1\PROPRI~1\APPLIC~1\Wildfire
[2006-08-07|22:17] C:\DOCUME~1\PROPRI~1\APPLIC~1\yahoo!

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[2008-02-26 00:49][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2002-08-30 15:00][-rah-----] C:\WINDOWS\tasks\desktop.ini
[2008-03-10 06:49][--ah-----] C:\WINDOWS\tasks\SA.DAT

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[2008-03-10|18:07] C:\Program Files\.
[2008-03-10|18:07] C:\Program Files\..
[2006-05-22|10:21] C:\Program Files\Abbyy FineReader 6.0 Sprint
[2007-09-14|10:38] C:\Program Files\Activision Value
[2007-02-11|17:47] C:\Program Files\Adobe
[2007-04-05|20:44] C:\Program Files\AOL Games
[2008-01-18|21:00] C:\Program Files\Apple Software Update
[2007-01-20|22:04] C:\Program Files\AVSMedia
[2003-08-05|20:45] C:\Program Files\BackWeb
[2007-09-19|10:35] C:\Program Files\Bell
[2007-09-16|21:26] C:\Program Files\BitComet
[2007-12-23|14:01] C:\Program Files\BitTorrent
[2007-12-28|14:43] C:\Program Files\Common Files
[2003-08-05|20:45] C:\Program Files\Compaq Connections
[2007-09-18|20:05] C:\Program Files\ComPlus Applications
[2007-05-18|14:01] C:\Program Files\Corel
[2005-08-25|20:00] C:\Program Files\CreataCard
[2007-06-03|15:11] C:\Program Files\DivX
[2007-12-29|00:00] C:\Program Files\EA GAMES
[2007-07-06|14:11] C:\Program Files\Easy Internet signup
[2005-12-23|16:14] C:\Program Files\Eidos
[2007-03-04|23:16] C:\Program Files\Eidos Interactive
[2007-11-21|23:55] C:\Program Files\eMule
[2006-09-23|18:29] C:\Program Files\eRightSoft
[2005-10-05|18:24] C:\Program Files\EZFace
[2007-12-28|11:18] C:\Program Files\Fichiers communs
[2006-11-06|23:38] C:\Program Files\FunWebProducts
[2005-06-08|12:36] C:\Program Files\GameSpy Arcade
[2007-03-05|11:31] C:\Program Files\Global Star Software
[2007-09-07|09:58] C:\Program Files\Google
[2008-02-24|21:45] C:\Program Files\grimloudmeal
[2007-12-28|11:20] C:\Program Files\Grisoft
[2007-09-18|20:05] C:\Program Files\Grisoft(2)
[2007-06-26|18:23] C:\Program Files\Hasbro Interactive
[2007-07-14|19:51] C:\Program Files\iMesh Applications
[2007-09-18|19:54] C:\Program Files\INSTALL.LOG
[2007-09-18|20:05] C:\Program Files\InstallShield Installation Information
[2005-03-25|14:04] C:\Program Files\InterActual
[2008-02-12|22:12] C:\Program Files\Internet Explorer
[2003-08-05|20:37] C:\Program Files\InterVideo
[2006-11-10|12:29] C:\Program Files\iPod
[2006-11-10|12:30] C:\Program Files\iTunes
[2006-07-22|15:44] C:\Program Files\Java
[2003-08-05|20:51] C:\Program Files\Java Web Start
[2005-03-23|21:20] C:\Program Files\Kazaa
[2007-06-03|15:11] C:\Program Files\Legacy Interactive
[2007-05-25|16:29] C:\Program Files\Lexmark 2300 Series
[2005-08-31|22:36] C:\Program Files\Lexmark Fax Solutions
[2008-02-18|12:30] C:\Program Files\LimeWire
[2005-07-14|22:18] C:\Program Files\Logitech
[2008-02-28|21:35] C:\Program Files\Lx_cats
[2007-08-05|20:27] C:\Program Files\Maxis
[2005-04-12|17:20] C:\Program Files\Messenger
[2007-12-23|00:56] C:\Program Files\Messenger Plus! Live
[2006-12-30|18:47] C:\Program Files\MessengerPlus! 3
[2007-01-17|08:53] C:\Program Files\MessengerSkinner
[2007-04-06|08:51] C:\Program Files\Micrografx
[2007-11-21|22:00] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2003-08-05|20:35] C:\Program Files\Microsoft Encarta
[2005-08-16|18:53] C:\Program Files\microsoft frontpage
[2006-02-18|22:39] C:\Program Files\Microsoft Games
[2005-07-14|22:18] C:\Program Files\Microsoft NetShow
[2005-08-16|18:53] C:\Program Files\Microsoft Office
[2005-03-18|13:33] C:\Program Files\Microsoft Reference
[2007-11-21|11:41] C:\Program Files\Microsoft SQL Server Compact Edition
[2005-07-25|11:25] C:\Program Files\Microsoft Works
[2007-09-19|10:11] C:\Program Files\mIRC
[2005-04-10|20:51] C:\Program Files\Movie Maker
[2008-03-10|09:36] C:\Program Files\Mozilla Firefox
[2007-07-06|13:45] C:\Program Files\MSECACHE
[2005-12-26|20:43] C:\Program Files\MSN
[2005-03-06|20:53] C:\Program Files\MSN Apps
[2007-12-28|12:31] C:\Program Files\MSN Games
[2003-08-05|19:34] C:\Program Files\MSN Gaming Zone
[2007-12-23|00:56] C:\Program Files\MSN Messenger
[2006-11-17|21:06] C:\Program Files\MSXML 4.0
[2003-08-05|20:36] C:\Program Files\MUSICMATCH
[2005-07-14|22:18] C:\Program Files\NetMeeting
[2007-06-12|22:31] C:\Program Files\Outlook Express
[2007-12-27|15:28] C:\Program Files\Panda Security
[2007-09-18|20:04] C:\Program Files\Panda Software
[2007-09-18|20:04] C:\Program Files\PC-Doctor for Windows
[2006-10-20|23:47] C:\Program Files\Photo Finale
[2006-11-10|12:28] C:\Program Files\QuickTime
[2003-08-05|20:34] C:\Program Files\RecordNow!
[2007-06-03|20:07] C:\Program Files\SanDisk
[2003-08-05|20:52] C:\Program Files\Services en ligne
[2007-04-06|08:51] C:\Program Files\Sierra
[2007-09-18|20:04] C:\Program Files\SmartAudioConverter
[2006-09-10|21:08] C:\Program Files\Sony
[2006-10-17|18:55] C:\Program Files\SureThing
[2005-03-06|17:34] C:\Program Files\Symantec
[2005-10-11|19:25] C:\Program Files\Thalia
[2007-07-03|20:50] C:\Program Files\The Three Musketeers
[2008-03-10|12:30] C:\Program Files\Trend Micro
[2007-03-04|20:53] C:\Program Files\Trymedia
[2006-09-06|20:15] C:\Program Files\Ulead Systems
[2003-08-05|19:40] C:\Program Files\Uninstall Information
[2007-04-05|20:28] C:\Program Files\VideoLAN
[2006-09-13|19:17] C:\Program Files\Webteh
[2007-01-03|19:20] C:\Program Files\WildTangent
[2007-07-06|13:46] C:\Program Files\Windows Installer Clean Up
[2005-10-22|11:06] C:\Program Files\Windows Journal Viewer
[2008-02-27|22:02] C:\Program Files\Windows Live
[2007-11-21|11:43] C:\Program Files\Windows Live Favorites
[2007-11-21|11:43] C:\Program Files\Windows Live Toolbar
[2007-12-28|12:37] C:\Program Files\Windows Media Connect 2
[2007-11-22|00:17] C:\Program Files\Windows Media Player
[2005-04-10|20:49] C:\Program Files\Windows NT
[2005-03-06|19:37] C:\Program Files\WindowsUpdate
[2006-04-23|09:44] C:\Program Files\WinZip
[2003-08-05|19:37] C:\Program Files\xerox
[2006-08-07|22:14] C:\Program Files\Yahoo!
[2005-08-13|17:32] C:\Program Files\ZJChat

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[2007-12-28|11:18] C:\Program Files\Fichiers communs\.
[2007-12-28|11:18] C:\Program Files\Fichiers communs\..
[2007-02-11|17:47] C:\Program Files\Fichiers communs\Adobe
[2005-03-16|19:19] C:\Program Files\Fichiers communs\AOL
[2007-06-03|20:09] C:\Program Files\Fichiers communs\ArcSoft
[2007-04-05|20:27] C:\Program Files\Fichiers communs\AVSMedia
[2007-01-03|19:40] C:\Program Files\Fichiers communs\BOONTY Shared
[2007-05-18|14:01] C:\Program Files\Fichiers communs\Corel
[2005-08-16|18:54] C:\Program Files\Fichiers communs\Designer
[2006-05-04|19:20] C:\Program Files\Fichiers communs\InstallShield
[2006-07-22|15:42] C:\Program Files\Fichiers communs\Java
[2005-07-14|22:18] C:\Program Files\Fichiers communs\Logitech
[2007-01-03|20:45] C:\Program Files\Fichiers communs\Macrovision Shared
[2007-11-21|11:38] C:\Program Files\Fichiers communs\Microsoft Shared
[2007-08-19|21:12] C:\Program Files\Fichiers communs\Motive
[2003-08-05|19:35] C:\Program Files\Fichiers communs\MSSoap
[2003-08-05|14:30] C:\Program Files\Fichiers communs\ODBC
[2006-01-05|20:54] C:\Program Files\Fichiers communs\Panda Software
[2005-12-29|13:12] C:\Program Files\Fichiers communs\Real
[2007-09-20|10:27] C:\Program Files\Fichiers communs\Sandlot Shared
[2005-03-05|19:47] C:\Program Files\Fichiers communs\Services
[2003-08-05|20:34] C:\Program Files\Fichiers communs\Sonic
[2006-09-10|21:04] C:\Program Files\Fichiers communs\Sony Shared
[2003-08-05|14:30] C:\Program Files\Fichiers communs\SpeechEngines
[2006-10-17|18:55] C:\Program Files\Fichiers communs\SureThing Shared
[2005-03-06|17:35] C:\Program Files\Fichiers communs\Symantec Shared
[2007-06-12|22:31] C:\Program Files\Fichiers communs\System
[2005-10-11|19:25] C:\Program Files\Fichiers communs\Thalia Shared
[2006-09-06|20:02] C:\Program Files\Fichiers communs\Ulead Systems
[2007-11-21|11:38] C:\Program Files\Fichiers communs\WindowsLiveInstaller

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data
C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\Math Heck.exe

----------------------[ Verification du Registre ]----------------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE

----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 18:09:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

C:\WINDOWS\pack.epk
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\gwapapa_navps.dat
C:\WINDOWS\system32\gwapapa_nav.dat
C:\WINDOWS\system32\gwapapa.dat
! EGDACCESS !

/!\ [Fich:6710][Doss:105] C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
/!\ [Fich:241][Doss:0] C:\DOCUME~1\PROPRI~1\Cookies
/!\ [Fich:3922][Doss:15] C:\DOCUME~1\PROPRI~1\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 18:15:23,64 ]----------------------

Répondre à mwawie

:hello:

Refais un LopS&D option 2 et poste-moi le rapport :super:

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

-----------------------[ Lop S&D 4.0.5 XP/Vista ]----------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Propri‚taire ] [ "C:\Lop SD" ]
[ 2008-03-11 | 12:47:48,18 ] [ PC : NOM-HJDQZRZHIWG ]
[ MAJ : 09-03-2008 | 22:50 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\Math Heck.exe
Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

-------------[ Listing des dossiers dans Application Data ]------------

[2008-03-11|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
[2008-03-11|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
[2007-07-06|14:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2008-01-18|21:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[2006-11-10|12:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2007-12-24|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
[2007-09-18|20:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7(2)
[2007-09-18|19:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bell
[2007-09-07|10:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bell Canada
[2005-03-07|10:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOWS 16 JUGS FORD
[2003-08-05|14:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[2007-12-28|11:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\does mfcd amok play
[2005-08-31|22:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FaxCtr
[2006-09-28|09:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Freedom
[2007-06-29|18:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Friends Games
[2007-09-07|09:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2007-12-24|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[2007-12-19|18:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HipSoft
[2007-01-01|22:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\iWin
[2006-07-04|19:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
[2006-01-05|20:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Anti-Virus Personal
[2007-01-03|19:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[2006-07-25|13:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[2007-03-09|21:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2007-08-19|21:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[2007-08-20|13:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MotiveSysIDs
[2005-11-20|13:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[2007-07-10|18:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Games
[2007-07-11|16:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[2007-06-22|23:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap
[2008-01-21|20:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[2005-06-12|16:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[2007-04-08|20:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
[2003-08-05|19:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[2007-09-18|20:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SharedProperties.xml
[2005-09-02|20:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sierra
[2006-09-10|21:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[2007-01-03|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SugarGames
[2005-03-06|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[2007-12-19|19:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[2007-03-04|20:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[2007-08-19|20:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Two Idol Wave Flag
[2006-09-06|20:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[2005-10-22|11:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2007-11-21|11:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[2007-10-03|15:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[2005-03-05|19:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
[2005-03-05|19:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
[2003-08-05|20:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[2003-08-05|14:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[2003-08-05|19:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[2003-08-05|20:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust
[2007-12-11|22:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[2003-08-05|20:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
[2003-08-05|20:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
[2003-08-07|20:17] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[2007-09-19|10:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
[2007-09-19|10:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
[2007-09-19|10:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
[2005-09-17|14:38] C:\DOCUME~1\LOCALS~1\APPLIC~1\HbTools
[2006-01-20|21:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
[2007-12-24|12:29] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[2007-12-28|13:37] C:\DOCUME~1\LOCALS~1\APPLIC~1\ShopperReports

[2003-08-05|19:39] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
[2003-08-05|19:39] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
[2007-12-24|12:29] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[2008-02-18|12:27] C:\DOCUME~1\PROPRI~1\APPLIC~1\.
[2008-02-18|12:27] C:\DOCUME~1\PROPRI~1\APPLIC~1\..
[2008-01-15|18:32] C:\DOCUME~1\PROPRI~1\APPLIC~1\Adobe
[2007-07-06|14:01] C:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeUM
[2007-01-19|21:44] C:\DOCUME~1\PROPRI~1\APPLIC~1\Apple Computer
[2007-06-03|20:16] C:\DOCUME~1\PROPRI~1\APPLIC~1\ArcSoft
[2008-03-10|23:00] C:\DOCUME~1\PROPRI~1\APPLIC~1\AVG7
[2007-01-20|22:08] C:\DOCUME~1\PROPRI~1\APPLIC~1\AVSMedia
[2007-09-18|19:15] C:\DOCUME~1\PROPRI~1\APPLIC~1\Bell
[2007-09-07|10:01] C:\DOCUME~1\PROPRI~1\APPLIC~1\Bell Canada
[2008-02-11|22:29] C:\DOCUME~1\PROPRI~1\APPLIC~1\BitTorrent
[2007-07-19|20:29] C:\DOCUME~1\PROPRI~1\APPLIC~1\BSplayer
[2007-03-22|16:19] C:\DOCUME~1\PROPRI~1\APPLIC~1\BSplayer Pro
[2007-09-19|10:32] C:\DOCUME~1\PROPRI~1\APPLIC~1\CampaignStore.xml
[2007-08-03|22:07] C:\DOCUME~1\PROPRI~1\APPLIC~1\Chicken Chase
[2007-09-18|20:12] C:\DOCUME~1\PROPRI~1\APPLIC~1\client_gateway.log
[2007-09-19|10:32] C:\DOCUME~1\PROPRI~1\APPLIC~1\ConfigurationStore.xml
[2007-12-28|21:07] C:\DOCUME~1\PROPRI~1\APPLIC~1\DAEMON Tools
[2003-08-05|14:30] C:\DOCUME~1\PROPRI~1\APPLIC~1\desktop.ini
[2007-04-15|16:57] C:\DOCUME~1\PROPRI~1\APPLIC~1\DivX
[2007-09-19|10:32] C:\DOCUME~1\PROPRI~1\APPLIC~1\EventStore.xml
[2005-09-01|11:23] C:\DOCUME~1\PROPRI~1\APPLIC~1\FaxCtr
[2006-10-09|10:56] C:\DOCUME~1\PROPRI~1\APPLIC~1\FunWebProducts
[2007-01-18|19:51] C:\DOCUME~1\PROPRI~1\APPLIC~1\Gaijin Ent
[2006-10-17|20:14] C:\DOCUME~1\PROPRI~1\APPLIC~1\Google
[2008-02-24|21:46] C:\DOCUME~1\PROPRI~1\APPLIC~1\grimloudmeal
[2007-12-28|11:28] C:\DOCUME~1\PROPRI~1\APPLIC~1\Grisoft
[2005-07-25|11:25] C:\DOCUME~1\PROPRI~1\APPLIC~1\Help
[2007-12-12|17:34] C:\DOCUME~1\PROPRI~1\APPLIC~1\Home Sweet Home
[2003-08-05|19:37] C:\DOCUME~1\PROPRI~1\APPLIC~1\Identities
[2007-07-07|01:12] C:\DOCUME~1\PROPRI~1\APPLIC~1\IMVU
[2007-09-18|20:05] C:\DOCUME~1\PROPRI~1\APPLIC~1\InstallShield
[2005-03-25|14:04] C:\DOCUME~1\PROPRI~1\APPLIC~1\InterVideo
[2007-01-01|22:39] C:\DOCUME~1\PROPRI~1\APPLIC~1\iWin
[2007-12-08|17:55] C:\DOCUME~1\PROPRI~1\APPLIC~1\Jane s Hotel
[2006-08-28|19:46] C:\DOCUME~1\PROPRI~1\APPLIC~1\LANCITE
[2005-05-01|20:54] C:\DOCUME~1\PROPRI~1\APPLIC~1\Macromedia
[2007-01-16|22:20] C:\DOCUME~1\PROPRI~1\APPLIC~1\MessengerSkinner
[2007-12-24|12:29] C:\DOCUME~1\PROPRI~1\APPLIC~1\Microsoft
[2005-08-16|18:53] C:\DOCUME~1\PROPRI~1\APPLIC~1\Microsoft Web Folders
[2006-06-30|10:11] C:\DOCUME~1\PROPRI~1\APPLIC~1\Mozilla
[2006-04-14|23:38] C:\DOCUME~1\PROPRI~1\APPLIC~1\MSN6
[2006-05-27|09:58] C:\DOCUME~1\PROPRI~1\APPLIC~1\MSNInstaller
[2007-06-02|22:21] C:\DOCUME~1\PROPRI~1\APPLIC~1\MysteryStudio
[2007-03-27|17:24] C:\DOCUME~1\PROPRI~1\APPLIC~1\Oberon Media
[2007-07-11|16:34] C:\DOCUME~1\PROPRI~1\APPLIC~1\PlayFirst
[2003-08-05|20:44] C:\DOCUME~1\PROPRI~1\APPLIC~1\SampleView
[2007-12-28|15:25] C:\DOCUME~1\PROPRI~1\APPLIC~1\SecuROM
[2005-09-02|20:27] C:\DOCUME~1\PROPRI~1\APPLIC~1\Sierra
[2007-09-18|20:09] C:\DOCUME~1\PROPRI~1\APPLIC~1\SoftwareDetectionScripts
[2007-09-19|10:32] C:\DOCUME~1\PROPRI~1\APPLIC~1\SoftwarePackageStore.xml
[2005-03-07|20:52] C:\DOCUME~1\PROPRI~1\APPLIC~1\Sonic
[2006-09-10|21:57] C:\DOCUME~1\PROPRI~1\APPLIC~1\Sony Corporation
[2006-07-22|15:48] C:\DOCUME~1\PROPRI~1\APPLIC~1\Sun
[2003-08-07|20:17] C:\DOCUME~1\PROPRI~1\APPLIC~1\Symantec
[2005-03-06|22:25] C:\DOCUME~1\PROPRI~1\APPLIC~1\Template
[2005-11-09|18:58] C:\DOCUME~1\PROPRI~1\APPLIC~1\Thalia
[2006-10-20|23:51] C:\DOCUME~1\PROPRI~1\APPLIC~1\Trevoli
[2007-04-06|08:51] C:\DOCUME~1\PROPRI~1\APPLIC~1\Ulead Systems
[2007-09-19|10:32] C:\DOCUME~1\PROPRI~1\APPLIC~1\UpdateStore.xml
[2007-04-05|20:30] C:\DOCUME~1\PROPRI~1\APPLIC~1\vlc
[2007-03-11|19:31] C:\DOCUME~1\PROPRI~1\APPLIC~1\Wildfire
[2006-08-07|22:17] C:\DOCUME~1\PROPRI~1\APPLIC~1\yahoo!

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[2008-03-10 23:48][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2002-08-30 15:00][-rah-----] C:\WINDOWS\tasks\desktop.ini
[2008-03-10 06:49][--ah-----] C:\WINDOWS\tasks\SA.DAT

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[2008-03-10|18:07] C:\Program Files\.
[2008-03-10|18:07] C:\Program Files\..
[2006-05-22|10:21] C:\Program Files\Abbyy FineReader 6.0 Sprint
[2007-09-14|10:38] C:\Program Files\Activision Value
[2007-02-11|17:47] C:\Program Files\Adobe
[2007-04-05|20:44] C:\Program Files\AOL Games
[2008-01-18|21:00] C:\Program Files\Apple Software Update
[2007-01-20|22:04] C:\Program Files\AVSMedia
[2003-08-05|20:45] C:\Program Files\BackWeb
[2007-09-19|10:35] C:\Program Files\Bell
[2007-09-16|21:26] C:\Program Files\BitComet
[2007-12-23|14:01] C:\Program Files\BitTorrent
[2007-12-28|14:43] C:\Program Files\Common Files
[2003-08-05|20:45] C:\Program Files\Compaq Connections
[2007-09-18|20:05] C:\Program Files\ComPlus Applications
[2007-05-18|14:01] C:\Program Files\Corel
[2005-08-25|20:00] C:\Program Files\CreataCard
[2007-06-03|15:11] C:\Program Files\DivX
[2007-12-29|00:00] C:\Program Files\EA GAMES
[2007-07-06|14:11] C:\Program Files\Easy Internet signup
[2005-12-23|16:14] C:\Program Files\Eidos
[2007-03-04|23:16] C:\Program Files\Eidos Interactive
[2007-11-21|23:55] C:\Program Files\eMule
[2006-09-23|18:29] C:\Program Files\eRightSoft
[2005-10-05|18:24] C:\Program Files\EZFace
[2007-12-28|11:18] C:\Program Files\Fichiers communs
[2006-11-06|23:38] C:\Program Files\FunWebProducts
[2005-06-08|12:36] C:\Program Files\GameSpy Arcade
[2007-03-05|11:31] C:\Program Files\Global Star Software
[2007-09-07|09:58] C:\Program Files\Google
[2008-02-24|21:45] C:\Program Files\grimloudmeal
[2007-12-28|11:20] C:\Program Files\Grisoft
[2007-09-18|20:05] C:\Program Files\Grisoft(2)
[2007-06-26|18:23] C:\Program Files\Hasbro Interactive
[2007-07-14|19:51] C:\Program Files\iMesh Applications
[2007-09-18|19:54] C:\Program Files\INSTALL.LOG
[2007-09-18|20:05] C:\Program Files\InstallShield Installation Information
[2005-03-25|14:04] C:\Program Files\InterActual
[2008-02-12|22:12] C:\Program Files\Internet Explorer
[2003-08-05|20:37] C:\Program Files\InterVideo
[2006-11-10|12:29] C:\Program Files\iPod
[2006-11-10|12:30] C:\Program Files\iTunes
[2006-07-22|15:44] C:\Program Files\Java
[2003-08-05|20:51] C:\Program Files\Java Web Start
[2005-03-23|21:20] C:\Program Files\Kazaa
[2007-06-03|15:11] C:\Program Files\Legacy Interactive
[2007-05-25|16:29] C:\Program Files\Lexmark 2300 Series
[2005-08-31|22:36] C:\Program Files\Lexmark Fax Solutions
[2008-02-18|12:30] C:\Program Files\LimeWire
[2005-07-14|22:18] C:\Program Files\Logitech
[2008-02-28|21:35] C:\Program Files\Lx_cats
[2007-08-05|20:27] C:\Program Files\Maxis
[2005-04-12|17:20] C:\Program Files\Messenger
[2007-12-23|00:56] C:\Program Files\Messenger Plus! Live
[2006-12-30|18:47] C:\Program Files\MessengerPlus! 3
[2007-01-17|08:53] C:\Program Files\MessengerSkinner
[2007-04-06|08:51] C:\Program Files\Micrografx
[2007-11-21|22:00] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2003-08-05|20:35] C:\Program Files\Microsoft Encarta
[2005-08-16|18:53] C:\Program Files\microsoft frontpage
[2006-02-18|22:39] C:\Program Files\Microsoft Games
[2005-07-14|22:18] C:\Program Files\Microsoft NetShow
[2005-08-16|18:53] C:\Program Files\Microsoft Office
[2005-03-18|13:33] C:\Program Files\Microsoft Reference
[2007-11-21|11:41] C:\Program Files\Microsoft SQL Server Compact Edition
[2005-07-25|11:25] C:\Program Files\Microsoft Works
[2007-09-19|10:11] C:\Program Files\mIRC
[2005-04-10|20:51] C:\Program Files\Movie Maker
[2008-03-11|12:45] C:\Program Files\Mozilla Firefox
[2007-07-06|13:45] C:\Program Files\MSECACHE
[2005-12-26|20:43] C:\Program Files\MSN
[2005-03-06|20:53] C:\Program Files\MSN Apps
[2007-12-28|12:31] C:\Program Files\MSN Games
[2003-08-05|19:34] C:\Program Files\MSN Gaming Zone
[2007-12-23|00:56] C:\Program Files\MSN Messenger
[2006-11-17|21:06] C:\Program Files\MSXML 4.0
[2003-08-05|20:36] C:\Program Files\MUSICMATCH
[2005-07-14|22:18] C:\Program Files\NetMeeting
[2007-06-12|22:31] C:\Program Files\Outlook Express
[2007-12-27|15:28] C:\Program Files\Panda Security
[2007-09-18|20:04] C:\Program Files\Panda Software
[2007-09-18|20:04] C:\Program Files\PC-Doctor for Windows
[2006-10-20|23:47] C:\Program Files\Photo Finale
[2006-11-10|12:28] C:\Program Files\QuickTime
[2003-08-05|20:34] C:\Program Files\RecordNow!
[2007-06-03|20:07] C:\Program Files\SanDisk
[2003-08-05|20:52] C:\Program Files\Services en ligne
[2007-04-06|08:51] C:\Program Files\Sierra
[2007-09-18|20:04] C:\Program Files\SmartAudioConverter
[2006-09-10|21:08] C:\Program Files\Sony
[2006-10-17|18:55] C:\Program Files\SureThing
[2005-03-06|17:34] C:\Program Files\Symantec
[2005-10-11|19:25] C:\Program Files\Thalia
[2007-07-03|20:50] C:\Program Files\The Three Musketeers
[2008-03-10|12:30] C:\Program Files\Trend Micro
[2007-03-04|20:53] C:\Program Files\Trymedia
[2006-09-06|20:15] C:\Program Files\Ulead Systems
[2003-08-05|19:40] C:\Program Files\Uninstall Information
[2007-04-05|20:28] C:\Program Files\VideoLAN
[2006-09-13|19:17] C:\Program Files\Webteh
[2007-01-03|19:20] C:\Program Files\WildTangent
[2007-07-06|13:46] C:\Program Files\Windows Installer Clean Up
[2005-10-22|11:06] C:\Program Files\Windows Journal Viewer
[2008-02-27|22:02] C:\Program Files\Windows Live
[2007-11-21|11:43] C:\Program Files\Windows Live Favorites
[2007-11-21|11:43] C:\Program Files\Windows Live Toolbar
[2007-12-28|12:37] C:\Program Files\Windows Media Connect 2
[2007-11-22|00:17] C:\Program Files\Windows Media Player
[2005-04-10|20:49] C:\Program Files\Windows NT
[2005-03-06|19:37] C:\Program Files\WindowsUpdate
[2006-04-23|09:44] C:\Program Files\WinZip
[2003-08-05|19:37] C:\Program Files\xerox
[2006-08-07|22:14] C:\Program Files\Yahoo!
[2005-08-13|17:32] C:\Program Files\ZJChat

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[2007-12-28|11:18] C:\Program Files\Fichiers communs\.
[2007-12-28|11:18] C:\Program Files\Fichiers communs\..
[2007-02-11|17:47] C:\Program Files\Fichiers communs\Adobe
[2005-03-16|19:19] C:\Program Files\Fichiers communs\AOL
[2007-06-03|20:09] C:\Program Files\Fichiers communs\ArcSoft
[2007-04-05|20:27] C:\Program Files\Fichiers communs\AVSMedia
[2007-01-03|19:40] C:\Program Files\Fichiers communs\BOONTY Shared
[2007-05-18|14:01] C:\Program Files\Fichiers communs\Corel
[2005-08-16|18:54] C:\Program Files\Fichiers communs\Designer
[2006-05-04|19:20] C:\Program Files\Fichiers communs\InstallShield
[2006-07-22|15:42] C:\Program Files\Fichiers communs\Java
[2005-07-14|22:18] C:\Program Files\Fichiers communs\Logitech
[2007-01-03|20:45] C:\Program Files\Fichiers communs\Macrovision Shared
[2007-11-21|11:38] C:\Program Files\Fichiers communs\Microsoft Shared
[2007-08-19|21:12] C:\Program Files\Fichiers communs\Motive
[2003-08-05|19:35] C:\Program Files\Fichiers communs\MSSoap
[2003-08-05|14:30] C:\Program Files\Fichiers communs\ODBC
[2006-01-05|20:54] C:\Program Files\Fichiers communs\Panda Software
[2005-12-29|13:12] C:\Program Files\Fichiers communs\Real
[2007-09-20|10:27] C:\Program Files\Fichiers communs\Sandlot Shared
[2005-03-05|19:47] C:\Program Files\Fichiers communs\Services
[2003-08-05|20:34] C:\Program Files\Fichiers communs\Sonic
[2006-09-10|21:04] C:\Program Files\Fichiers communs\Sony Shared
[2003-08-05|14:30] C:\Program Files\Fichiers communs\SpeechEngines
[2006-10-17|18:55] C:\Program Files\Fichiers communs\SureThing Shared
[2005-03-06|17:35] C:\Program Files\Fichiers communs\Symantec Shared
[2007-06-12|22:31] C:\Program Files\Fichiers communs\System
[2005-10-11|19:25] C:\Program Files\Fichiers communs\Thalia Shared
[2006-09-06|20:02] C:\Program Files\Fichiers communs\Ulead Systems
[2007-11-21|11:38] C:\Program Files\Fichiers communs\WindowsLiveInstaller

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

Aucun fichier / dossier Lop trouvé !

----------------------[ Verification du Registre ]----------------------

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE

----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-11 12:55:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

C:\WINDOWS\pack.epk
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\gwapapa_navps.dat
C:\WINDOWS\system32\gwapapa_nav.dat
C:\WINDOWS\system32\gwapapa.dat
! EGDACCESS !

/!\ [Fich:6374][Doss:106] C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
/!\ [Fich:241][Doss:0] C:\DOCUME~1\PROPRI~1\Cookies
/!\ [Fich:4400][Doss:15] C:\DOCUME~1\PROPRI~1\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 13:00:52,81 ]----------------------

Répondre à mwawie

Re,

1) Si tu es sous vista, fais d'abord ça / sinon passe de suite à l’étape suivante :

Désactive l'UAC ( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ...
et valide par OK , il te sera demandé de redémarrer, fais le )

2) Télécharge Navilog1 de IL-MAFIOSO : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Selon l’antivirus que tu utilises navilog1 peut être détecté comme virus !!!
Dans ce cas-là désactive le pendant le téléchargement et le scan!!!!

Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le bloc note va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le bloc note.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

Search Navipromo version 3.5.0 commencé le 2008-03-11 à 14:22:03,06

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 04.03.2008 à 17h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans C:\WINDOWS ***

*** Recherche dossiers dans C:\Program Files ***

C:\Program Files\MessengerSkinner trouvé !

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

*** Recherche dossiers dans "C:\Documents and Settings\Propriétaire\applic~1" ***

...\MessengerSkinner trouvé !

*** Recherche dossiers dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Propriétaire\menudm~1\progra~1" ***

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" *

*** Recherche fichiers ***

C:\WINDOWS\pack.epk trouvé !
C:\WINDOWS\system32\nvs2.inf trouvé !

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :

gwapapa.dat trouvé !
gwapapa_nav.dat trouvé !
gwapapa_navps.dat trouvé !

* Dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !

4)Recherche fichiers connus :

*** Analyse terminée le 2008-03-11 à 15:40:14,21 ***

Répondre à mwawie

je fais quoi ensuite avec mes virus?!

Répondre à mwawie

:hello:

1) Double clique sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider.
Au menu principal, choisis 2 et valide.

Le fix va t'informer qu'il va alors redémarrer ton PC
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuie sur une touche comme demandé.
(si ton PC ne redémarre pas automatiquement, fais le toi même)
Au redémarrage de ton PC, choisis ta session habituelle.

Patiente jusqu'au message :
*** Nettoyage Termine le ..... ***
Le bloc note va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver
Referme le bloc note. Ton bureau va réapparaître

PS:Si ton bureau ne réapparaît pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tape explorer et valide. Cela te fera apparaître ton bureau

2) Vas dans Démarrer/panneau de configuration/options internet
- onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés", mais regarde ailleurs :
electronic-group
egroup
Montorgueil
VIP
"Sunny Day Design Ltd"
ooo <<Favorit>>
Favorit

Tu les supprimes.

3) Redémarre normalement et poste le rapport cleannavi.txt

4) Poste un nouveau rapport hijackthis :super:

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

Clean Navipromo version 3.5.0 commencé le 2008-03-12 à 19:48:06,01

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 04.03.2008 à 17h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS

*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans C:\WINDOWS\System32 *

* Suppression dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" *

*** Suppression dossiers dans C:\WINDOWS ***

*** Suppression dossiers dans C:\Program Files ***

C:\Program Files\MessengerSkinner ...suppression...
C:\Program Files\MessengerSkinner supprimé !

*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

*** Suppression dossiers dans "C:\Documents and Settings\Propriétaire\applic~1" ***

...\MessengerSkinner ...suppression...
...\MessengerSkinner supprimé !

*** Suppression dossiers dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\Propriétaire\menudm~1\progra~1" ***

*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

*** Suppression fichiers ***

C:\WINDOWS\pack.epk supprimé !
C:\WINDOWS\system32\nvs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Propri‚taire\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans C:\WINDOWS\system32 *

gwapapa.dat trouvé !
Copie gwapapa.dat réalisée avec succès !
gwapapa.dat !!ERREUR SUPPRESSION!!

gwapapa_nav.dat trouvé !
Copie gwapapa_nav.dat réalisée avec succès !
gwapapa_nav.dat supprimé !

gwapapa_navps.dat trouvé !
Copie gwapapa_navps.dat réalisée avec succès !
gwapapa_navps.dat supprimé !

* Dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" *

*** Sauvegarde du Registre vers dossier Backupnavi ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !

*** Nettoyage terminé le 2008-03-12 à 20:01:00,28 ***

Répondre à mwawie

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:48:44, on 2008-03-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
R3 - URLSearchHook: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CE770CE-22B9-79B8-29F6-F48CF7BADA8D} - C:\DOCUME~1\PROPRI~1\APPLIC~1\elseaxis\Vcmeta.exe (file missing)
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Forfait sécurité d'affaires\pkR.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Fichiers communs\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Fichiers communs\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\motivebrowser.exe" /hidden
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UniMessenger] C:\Program Files\UNI2\UNI2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [bows anti] C:\DOCUME~1\PROPRI~1\APPLIC~1\GRIMLO~1\Balmacidshow.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolb [...] xdm491YYCA
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v [...] b53083.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://rimmel.ai-media.com/save/makeover.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/n [...] 0.0.15.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.ya [...] 040510.cab
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagam [...] b53083.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v [...] b53083.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr [...] NPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v [...] b53083.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/control [...] oader2.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-C [...] E_UNO1.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/d [...] 0.0.55.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagam [...] b53083.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/s [...] Plugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramew [...] b53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://sympatico.zone.msn.com/binf [...] b53852.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload [...] .0.10.cab?
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 12793 bytes

Répondre à mwawie

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:48:44, on 2008-03-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
R3 - URLSearchHook: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CE770CE-22B9-79B8-29F6-F48CF7BADA8D} - C:\DOCUME~1\PROPRI~1\APPLIC~1\elseaxis\Vcmeta.exe (file missing)
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Forfait sécurité d'affaires\pkR.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Fichiers communs\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Fichiers communs\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\motivebrowser.exe" /hidden
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UniMessenger] C:\Program Files\UNI2\UNI2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [bows anti] C:\DOCUME~1\PROPRI~1\APPLIC~1\GRIMLO~1\Balmacidshow.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolb [...] xdm491YYCA
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v [...] b53083.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://rimmel.ai-media.com/save/makeover.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/n [...] 0.0.15.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.ya [...] 040510.cab
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagam [...] b53083.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v [...] b53083.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr [...] NPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v [...] b53083.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/control [...] oader2.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-C [...] E_UNO1.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/d [...] 0.0.55.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagam [...] b53083.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/s [...] Plugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramew [...] b53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://sympatico.zone.msn.com/binf [...] b53852.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload [...] .0.10.cab?
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 12793 bytes

Répondre à mwawie

:hello:

Télécharge lopxpMH2.zip:

http://www.alt-shift-return.org/In [...] pxpMH2.zip

* Dézippe-le (clic droit >> Extraire ici) et double clique sur le fichier lopxpMH.bat.
* Poste le contenu du rapport qui va s'ouvrir

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

Rapport lopxpMH2 version 2.0 fait à 11:48:42,18 le 2008-03-13
C:\Documents and Settings\Propriétaire\Bureau\lopxpMH2

******************************************
## Répertoires Application Data

Le volume dans le lecteur C s'appelle PRESARIO
Le numéro de série du volume est 74B9-E639

Répertoire de C:\Documents and Settings\All Users\Application Data

2005-03-05 19:44 <REP> .
2005-03-05 19:44 <REP> ..
2007-07-06 14:03 <REP> Adobe
2008-01-18 21:00 <REP> Apple
2005-06-12 16:04 <REP> Apple Computer
2007-09-19 10:49 <REP> avg7
2007-09-18 17:56 <REP> avg7(2)
2007-09-07 10:07 <REP> Bell
2006-09-28 09:57 <REP> Bell Canada
2005-03-06 20:55 <REP> BOWS 16 JUGS FORD
2006-07-25 13:22 <REP> does mfcd amok play
2005-08-31 22:35 <REP> FaxCtr
2006-09-28 09:59 <REP> Freedom
2007-06-29 18:35 <REP> Friends Games
2006-10-16 22:01 <REP> Google
2007-12-24 12:37 <REP> Grisoft
2007-12-19 18:22 <REP> HipSoft
2007-01-01 22:39 <REP> iWin
2006-07-04 19:35 <REP> JollyBear
2006-01-05 20:56 <REP> Kaspersky Anti-Virus Personal
2007-01-03 19:38 <REP> Macrovision
2005-08-30 19:27 <REP> Messenger Plus!
2003-08-05 14:30 <REP> Microsoft
2007-08-19 21:12 <REP> Motive
2007-08-20 13:25 <REP> MotiveSysIDs
2005-11-20 13:26 <REP> MSN6
2007-07-10 18:38 <REP> Oberon Games
2007-06-22 23:39 <REP> PlayFirst
2007-06-22 23:29 <REP> PopCap
2005-06-12 16:04 <REP> QuickTime
2007-04-08 20:57 <REP> Sandlot Games
2003-08-05 19:41 <REP> SBSI
2005-09-02 20:25 <REP> Sierra
2006-09-10 21:05 <REP> Sony Corporation
2007-01-03 19:40 <REP> SugarGames
2003-08-07 20:17 <REP> Symantec
2007-06-22 23:01 <REP> TEMP
2006-06-22 16:48 <REP> Trymedia
2007-08-03 08:17 <REP> Two Idol Wave Flag
2006-09-06 20:01 <REP> Ulead Systems
2005-10-22 11:04 <REP> Windows Genuine Advantage
2007-11-21 11:34 <REP> WLInstaller
2007-10-03 15:33 <REP> Yahoo! Companion
2003-08-05 14:30 62 desktop.ini
2007-03-01 08:25 1 359 QTSBandwidthCache
2007-09-18 20:08 820 SharedProperties.xml
3 fichier(s) 2 241 octets
43 Rép(s) 39 820 615 680 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le numéro de série du volume est 74B9-E639

Répertoire de C:\Documents and Settings\Default User\Application Data

2005-03-05 19:44 <REP> .
2005-03-05 19:44 <REP> ..
2005-03-05 16:58 <REP> Adobe
2003-08-05 19:37 <REP> Identities
2005-03-05 16:58 <REP> InterTrust
2003-08-05 14:30 <REP> Microsoft
2005-03-05 16:58 <REP> SampleView
2005-03-05 16:58 <REP> Sonic
2005-03-05 16:58 <REP> Symantec
2003-08-05 14:30 62 desktop.ini
1 fichier(s) 62 octets
9 Rép(s) 39 820 615 680 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le numéro de série du volume est 74B9-E639

Répertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

2003-08-05 14:30 <REP> .
2003-08-05 14:30 <REP> ..
2005-03-05 16:58 <REP> Microsoft
2005-03-05 16:58 1 402 594 IconCache.db
1 fichier(s) 1 402 594 octets
3 Rép(s) 39 820 615 680 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le numéro de série du volume est 74B9-E639

Répertoire de C:\Documents and Settings\LocalService\Application Data

2003-08-05 19:39 <REP> .
2003-08-05 19:39 <REP> ..
2007-09-19 10:55 <REP> AVG7
2005-09-17 14:38 <REP> HbTools
2006-01-20 21:48 <REP> Help
2003-08-05 19:39 <REP> Microsoft
2005-09-17 14:38 <REP> ShopperReports
0 fichier(s) 0 octets
7 Rép(s) 39 820 611 584 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le numéro de série du volume est 74B9-E639

Répertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data

2003-08-05 19:39 <REP> .
2003-08-05 19:39 <REP> ..
2006-01-20 21:48 <REP> Help
2003-08-05 19:39 <REP> Microsoft
0 fichier(s) 0 octets
4 Rép(s) 39 820 611 584 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le numéro de série du volume est 74B9-E639

Répertoire de C:\Documents and Settings\NetworkService\Application Data

2003-08-05 19:39 <REP> .
2003-08-05 19:39 <REP> ..
2003-08-05 19:39 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 39 820 611 584 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le numéro de série du volume est 74B9-E639

Répertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data

2003-08-05 19:39 <REP> .
2003-08-05 19:39 <REP> ..
2008-01-22 00:50 <REP> Apple
2003-08-05 19:39 <REP> Microsoft
0 fichier(s) 0 octets
4 Rép(s) 39 820 611 584 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le numéro de série du volume est 74B9-E639

Répertoire de C:\Documents and Settings\Nouveau dossier

Le volume dans le lecteur C s'appelle PRESARIO
Le numéro de série du volume est 74B9-E639

Répertoire de C:\Documents and Settings\Propriétaire\Application Data

2005-03-05 19:44 <REP> .
2005-03-05 19:44 <REP> ..
2003-08-05 20:39 <REP> Adobe
2006-09-22 13:53 <REP> AdobeUM
2005-06-12 16:04 <REP> Apple Computer
2007-06-03 20:16 <REP> ArcSoft
2007-09-19 10:49 <REP> AVG7
2007-01-20 22:08 <REP> AVSMedia
2007-09-07 10:07 <REP> Bell
2006-09-28 09:55 <REP> Bell Canada
2007-11-25 23:53 <REP> BitTorrent
2006-11-01 19:38 <REP> BSplayer
2007-03-22 16:19 <REP> BSplayer Pro
2007-08-03 22:07 <REP> Chicken Chase
2007-12-28 20:56 <REP> DAEMON Tools
2007-04-15 16:57 <REP> DivX
2005-09-01 11:23 <REP> FaxCtr
2006-10-09 10:56 <REP> FunWebProducts
2007-01-18 19:51 <REP> Gaijin Ent
2006-05-04 19:22 <REP> Google
2005-03-06 20:55 <REP> grimloudmeal
2007-12-28 11:28 <REP> Grisoft
2005-07-25 11:25 <REP> Help
2007-12-12 17:34 <REP> Home Sweet Home
2003-08-05 19:40 <REP> Identities
2007-07-06 08:23 <REP> IMVU
2007-09-18 20:05 <REP> InstallShield
2005-03-25 14:04 <REP> InterVideo
2007-01-01 22:39 <REP> iWin
2007-12-08 17:55 <REP> Jane s Hotel
2006-08-28 19:46 <REP> LANCITE
2005-03-06 22:35 <REP> Macromedia
2003-08-05 19:40 <REP> Microsoft
2005-08-16 18:53 <REP> Microsoft Web Folders
2006-06-30 10:10 <REP> Mozilla
2005-11-20 13:26 <REP> MSN6
2006-05-27 09:58 <REP> MSNInstaller
2007-06-02 22:21 <REP> MysteryStudio
2007-03-27 17:24 <REP> Oberon Media
2007-06-22 23:39 <REP> PlayFirst
2003-08-05 20:44 <REP> SampleView
2007-12-28 15:25 <REP> SecuROM
2005-09-02 20:27 <REP> Sierra
2007-09-18 20:09 <REP> SoftwareDetectionScripts
2003-08-05 20:34 <REP> Sonic
2006-09-10 21:03 <REP> Sony Corporation
2006-07-22 15:48 <REP> Sun
2003-08-07 20:17 <REP> Symantec
2005-03-06 22:25 <REP> Template
2005-10-11 19:27 <REP> Thalia
2006-10-20 23:47 <REP> Trevoli
2006-09-06 20:10 <REP> Ulead Systems
2007-04-05 20:30 <REP> vlc
2007-03-11 18:18 <REP> Wildfire
2006-08-07 22:17 <REP> yahoo!
2007-09-18 20:11 475 CampaignStore.xml
2007-09-18 20:08 1 281 client_gateway.log
2007-09-18 20:08 376 ConfigurationStore.xml
2003-08-05 19:40 62 desktop.ini
2007-09-18 20:11 1 255 EventStore.xml
2007-09-18 20:08 376 SoftwarePackageStore.xml
2007-09-18 20:11 471 UpdateStore.xml
7 fichier(s) 4 296 octets
55 Rép(s) 39 820 607 488 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le numéro de série du volume est 74B9-E639

Répertoire de C:\Documents and Settings\Propriétaire\Local Settings\Application Data

2003-08-05 19:40 <REP> .
2003-08-05 19:40 <REP> ..
2006-09-14 18:41 <REP> Adobe
2008-01-18 21:01 <REP> Apple
2005-06-12 16:04 <REP> Apple Computer
2005-04-10 20:00 <REP> ApplicationHistory
2007-05-18 14:02 <REP> Corel
2006-04-09 13:10 <REP> Google
2005-07-25 11:25 <REP> Help
2005-03-11 14:15 <REP> Identities
2006-07-04 19:35 <REP> JollyBear
2003-08-05 19:40 <REP> Microsoft
2006-06-30 10:11 <REP> Mozilla
2007-12-19 18:16 <REP> Oberon Media
2005-03-06 18:41 <REP> Panda Software
2007-11-21 11:56 <REP> PCHealth
2006-09-22 18:38 <REP> WMTools Downloaded Files
2005-08-18 21:32 55 808 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2005-04-10 20:00 135 fusioncache.dat
2005-03-06 22:23 167 376 GDIPFONTCACHEV1.DAT
2008-03-12 20:00 4 461 gnc.exe
2003-08-05 19:54 4 282 802 IconCache.db
5 fichier(s) 4 510 582 octets
17 Rép(s) 39 820 607 488 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le numéro de série du volume est 74B9-E639

Répertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

2005-03-05 19:43 <REP> .
2005-03-05 19:43 <REP> ..
2005-03-05 17:02 <REP> Adobe
2003-08-05 19:38 <REP> Identities
2005-03-05 17:02 <REP> InterTrust
2003-08-05 19:38 <REP> Microsoft
2005-03-05 17:02 <REP> SampleView
2005-03-05 17:02 <REP> Sonic
2005-03-05 17:02 <REP> Symantec
2003-08-05 19:38 62 desktop.ini
1 fichier(s) 62 octets
9 Rép(s) 39 820 607 488 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le numéro de série du volume est 74B9-E639

Répertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

2003-08-05 19:38 <REP> .
2003-08-05 19:38 <REP> ..
2005-03-05 16:54 <REP> Microsoft
2005-03-05 17:02 1 402 594 IconCache.db
1 fichier(s) 1 402 594 octets
3 Rép(s) 39 820 607 488 octets libres

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
<7ŸcJvB‘'3Æ°/÷¨F ê <
0 b : C : \ P r o g r a m F i l e s \ A p p l e S o f t w a r e U p d a t e \ S o f t w a r e U p d a t e . e x e - t a s k S Y S T E M 0 Ø 0
******************************************
## Répertoires de C:\Program Files

Le volume dans le lecteur C s'appelle PRESARIO
Le numéro de série du volume est 74B9-E639

Répertoire de C:\Program Files

2008-03-12 19:59 <REP> .
2008-03-12 19:59 <REP> ..
2006-05-22 10:21 <REP> Abbyy FineReader 6.0 Sprint
2007-09-14 10:38 <REP> Activision Value
2007-02-11 17:47 <REP> Adobe
2007-04-05 20:44 <REP> AOL Games
2008-01-18 21:00 <REP> Apple Software Update
2007-01-20 22:04 <REP> AVSMedia
2003-08-05 20:45 <REP> BackWeb
2007-09-19 10:35 <REP> Bell
2007-09-16 21:26 <REP> BitComet
2008-03-11 01:20 <REP> BitTorrent
2007-12-28 14:43 <REP> Common Files
2003-08-05 20:45 <REP> Compaq Connections
2007-09-18 20:05 <REP> ComPlus Applications
2007-05-18 14:01 <REP> Corel
2005-08-25 20:00 <REP> CreataCard
2007-06-03 15:11 <REP> DivX
2007-12-29 00:00 <REP> EA GAMES
2007-07-06 14:11 <REP> Easy Internet signup
2005-12-23 16:14 <REP> Eidos
2007-03-04 23:16 <REP> Eidos Interactive
2007-11-21 23:55 <REP> eMule
2006-09-23 18:29 <REP> eRightSoft
2005-10-05 18:24 <REP> EZFace
2007-12-28 11:18 <REP> Fichiers communs
2006-11-06 23:38 <REP> FunWebProducts
2005-06-08 12:36 <REP> GameSpy Arcade
2007-03-05 11:31 <REP> Global Star Software
2007-09-07 09:58 <REP> Google
2008-02-24 21:45 <REP> grimloudmeal
2007-12-28 11:20 <REP> Grisoft
2007-09-18 20:05 <REP> Grisoft(2)
2007-06-26 18:23 <REP> Hasbro Interactive
2007-07-14 19:51 <REP> iMesh Applications
2007-09-18 19:54 1 256 INSTALL.LOG
2005-03-25 14:04 <REP> InterActual
2008-02-12 22:12 <REP> Internet Explorer
2003-08-05 20:37 <REP> InterVideo
2006-11-10 12:29 <REP> iPod
2006-11-10 12:30 <REP> iTunes
2006-07-22 15:44 <REP> Java
2003-08-05 20:51 <REP> Java Web Start
2005-03-23 21:20 <REP> Kazaa
2007-06-03 15:11 <REP> Legacy Interactive
2007-05-25 16:29 <REP> Lexmark 2300 Series
2005-08-31 22:36 <REP> Lexmark Fax Solutions
2008-02-18 12:30 <REP> LimeWire
2005-07-14 22:18 <REP> Logitech
2008-02-28 21:35 <REP> Lx_cats
2007-08-05 20:27 <REP> Maxis
2005-04-12 17:20 <REP> Messenger
2007-12-23 00:56 <REP> Messenger Plus! Live
2006-12-30 18:47 <REP> MessengerPlus! 3
2007-04-06 08:51 <REP> Micrografx
2007-11-21 22:00 <REP> Microsoft CAPICOM 2.1.0.2
2003-08-05 20:35 <REP> Microsoft Encarta
2005-08-16 18:53 <REP> microsoft frontpage
2006-02-18 22:39 <REP> Microsoft Games
2005-07-14 22:18 <REP> Microsoft NetShow
2005-08-16 18:53 <REP> Microsoft Office
2005-03-18 13:33 <REP> Microsoft Reference
2007-11-21 11:41 <REP> Microsoft SQL Server Compact Edition
2005-07-25 11:25 <REP> Microsoft Works
2007-09-19 10:11 <REP> mIRC
2005-04-10 20:51 <REP> Movie Maker
2008-03-13 11:45 <REP> Mozilla Firefox
2007-07-06 13:45 <REP> MSECACHE
2005-12-26 20:43 <REP> MSN
2005-03-06 20:53 <REP> MSN Apps
2007-12-28 12:31 <REP> MSN Games
2003-08-05 19:34 <REP> MSN Gaming Zone
2007-12-23 00:56 <REP> MSN Messenger
2006-11-17 21:06 <REP> MSXML 4.0
2003-08-05 20:36 <REP> MUSICMATCH
2008-03-12 20:01 <REP> Navilog1
2005-07-14 22:18 <REP> NetMeeting
2007-06-12 22:31 <REP> Outlook Express
2007-12-27 15:28 <REP> Panda Security
2007-09-18 20:04 <REP> Panda Software
2007-09-18 20:04 <REP> PC-Doctor for Windows
2006-10-20 23:47 <REP> Photo Finale
2006-11-10 12:28 <REP> QuickTime
2003-08-05 20:34 <REP> RecordNow!
2007-06-03 20:07 <REP> SanDisk
2003-08-05 20:52 <REP> Services en ligne
2007-04-06 08:51 <REP> Sierra
2007-09-18 20:04 <REP> SmartAudioConverter
2006-09-10 21:08 <REP> Sony
2006-10-17 18:55 <REP> SureThing
2005-03-06 17:34 <REP> Symantec
2005-10-11 19:25 <REP> Thalia
2007-07-03 20:50 <REP> The Three Musketeers
2008-03-10 12:30 <REP> Trend Micro
2007-03-04 20:53 <REP> Trymedia
2006-09-06 20:15 <REP> Ulead Systems
2007-04-05 20:28 <REP> VideoLAN
2006-09-13 19:17 <REP> Webteh
2007-01-03 19:20 <REP> WildTangent
2007-07-06 13:46 <REP> Windows Installer Clean Up
2005-10-22 11:06 <REP> Windows Journal Viewer
2008-02-27 22:02 <REP> Windows Live
2007-11-21 11:43 <REP> Windows Live Favorites
2007-11-21 11:43 <REP> Windows Live Toolbar
2007-12-28 12:37 <REP> Windows Media Connect 2
2007-11-22 00:17 <REP> Windows Media Player
2005-04-10 20:49 <REP> Windows NT
2006-04-23 09:44 <REP> WinZip
2003-08-05 19:37 <REP> xerox
2006-08-07 22:14 <REP> Yahoo!
2005-08-13 17:32 <REP> ZJChat
1 fichier(s) 1 256 octets
110 Rép(s) 39 820 595 200 octets libres

******************************************
## Popups autorisées

* Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
www.paroles.net REG_BINARY
www.bonus.com REG_BINARY
fderad.club.fr REG_BINARY
perso.wanadoo.fr REG_BINARY
64.246.54.26 REG_BINARY
api.gestionpub.com REG_BINARY
www.mariepierperreault.net REG_BINARY
www.lafermeadede.com REG_BINARY
*.hotbar.com REG_BINARY
*.validation.e-loreal.com REG_BINARY
www.atelier-mascarade.com REG_BINARY
damnedsoulmusic.cjb.net REG_BINARY
www.chez-chatonne.com REG_BINARY
www03.quizyourfriends.com REG_BINARY
mysearchnow.com REG_SZ
www.mysearchnow.com REG_SZ
www.allosponsor.com REG_BINARY
www.divxovore.com REG_BINARY
zonenxt.msn-int.com REG_BINARY
zonenxt.msn-ppe.com REG_BINARY
zone.msn.com REG_BINARY
netbios-wait.com REG_SZ
www.netbios-wait.com REG_SZ
searchweb2.com REG_SZ
www.searchweb2.com REG_SZ
host-domain-lookup.com REG_SZ
www.host-domain-lookup.com REG_SZ

* Mozilla Firefox (1 autorisé 2 interdit)

---------- C:\DOCUMENTS AND SETTINGS\PROPRITAIRE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2FC5T6HF.DEFAULT\HOSTPERM.1
host popup 1 www.jcapote.com
host popup 1 zone.msn.com

******************************************
## Registre

* [HKEY_CURRENT_USER\\Software\Microsoft\Internet Explorer\Main]
Search Bar REG_SZ http://www.microsoft.com/isapi/red [...] r=iesearch

* [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
bows anti REG_SZ C:\DOCUME~1\PROPRI~1\APPLIC~1\GRIMLO~1\Balmacidshow.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bows anti]
command REG_SZ C:\DOCUME~1\PROPRI~1\APPLIC~1\GRIMLO~1\Balmacidshow.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Stupid Data Dart Wave]
command REG_SZ C:\Documents and Settings\All Users\Application Data\flag ace stupid data\Hide Five.exe

******************************************
## Zones de sécurité

* HKCU Domains (4)

* P3P History (5)

******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"

*************** Fin du rapport ****************

Répondre à mwawie

1/ Créé un fichier Bloc Notes avec le texte qui se trouve dans l'espace ci-dessous (copie/colle) :

Citation :

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bows anti"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bows anti]
"command"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Stupid Data Dart Wave]
"command"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow]
"www.paroles.net"=-
"www.bonus.com"=-
"fderad.club.fr"=-
"perso.wanadoo.fr"=-
"64.246.54.26"=-
"api.gestionpub.com"=-
"www.mariepierperreault.net"=-
"www.lafermeadede.com"=-
"*.hotbar.com"=-
"*.validation.e-loreal.com"=-
"www.atelier-mascarade.com"=-
"damnedsoulmusic.cjb.net"=-
"www.chez-chatonne.com"=-
"www03.quizyourfriends.com"=-
"mysearchnow.com"=-
"www.mysearchnow.com"=-
"www.allosponsor.com"=-
"www.divxovore.com"=-
"zonenxt.msn-int.com"=-
"zonenxt.msn-ppe.com"=-
"zone.msn.com"=-
"netbios-wait.com"=-
"www.netbios-wait.com"=-
"searchweb2.com"=-
"www.searchweb2.com"=-
"host-domain-lookup.com"=-
"www.host-domain-lookup.com"=-

-Enregistrer ce fichier dans : Bureau
-Nom du fichier : fix.reg
-Type : tous les fichiers !!!
-cliquer sur Enregistrer
-quitter le Bloc Notes

Utilisation du fichier: fix.reg
- double cliquer sur le fichier (Bureau) / Accepter l'avertissement concernant la fusion / ne pas s'étonner de ne rien voir / valider le message disant que la fusion est terminée.

2/ Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.

Double-clique sur OTMoveIt.exe pour le lancer.
Assure toi que la case "Unregister Dll's and Ocx's" soit bien cochée !!!
Copie le texte qui se trouve dans l'encadré ci-dessous, et colle le dans le cadre de gauche de OTMoveIt nommé Paste List of Files/Folders to be moved.

Citation :

C:\DOCUME~1\PROPRI~1\APPLIC~1\GRIMLO~1\
C:\Documents and Settings\All Users\Application Data\flag ace stupid data\

Clique sur MoveIt! pour lancer la suppression.
Lorsque un résultat apparaît dans le cadre Results, clique sur Exit.
Redémarre ton PC

Dans ta future réponse, envoie le rapport de OTMoveIt situé sur C:\_OTMoveIt\MovedFiles.

3/ Poste un nouveau rapport hijackthis.

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

C:\DOCUME~1\PROPRI~1\APPLIC~1\GRIMLO~1 moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\flag ace stupid data\ not found.

Created on 03-13-2008 15:50:46

Répondre à mwawie

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:56:51, on 2008-03-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
R3 - URLSearchHook: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CE770CE-22B9-79B8-29F6-F48CF7BADA8D} - C:\DOCUME~1\PROPRI~1\APPLIC~1\elseaxis\Vcmeta.exe (file missing)
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Forfait sécurité d'affaires\pkR.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Fichiers communs\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Fichiers communs\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\motivebrowser.exe" /hidden
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UniMessenger] C:\Program Files\UNI2\UNI2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [bows anti] C:\DOCUME~1\PROPRI~1\APPLIC~1\GRIMLO~1\Balmacidshow.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolb [...] xdm491YYCA
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v [...] b53083.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://rimmel.ai-media.com/save/makeover.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/n [...] 0.0.15.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.ya [...] 040510.cab
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagam [...] b53083.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v [...] b53083.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr [...] NPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v [...] b53083.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/control [...] oader2.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-C [...] E_UNO1.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/d [...] 0.0.55.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagam [...] b53083.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/s [...] Plugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramew [...] b53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://sympatico.zone.msn.com/binf [...] b53852.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload [...] .0.10.cab?
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 12834 bytes

Répondre à mwawie

Re,

Télécharge BTFix (Bibi26).
Dézippe l'archive sur ton Bureau.

Ouvre le dossier BTFix.
Double clique sur BTFix.exe.
Clique sur Rechercher.
Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

BTFix 1.086 (par bibi26) - 13/03/2008 16:04:54 - Analyse
Lancé depuis C:\Documents and Settings\Propriétaire\Bureau\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés

- C:\WINDOWS\system32\f3PSSavr.scr
- C:\Program Files\FunWebProducts\
- C:\Program Files\MSN Messenger\RICHED20.dll
- C:\Documents and Settings\Propriétaire\Application Data\FunWebProducts\

---> Analyse terminée

Répondre à mwawie

Re,

Ouvre à nouveau BTFix.
Clique sur Nettoyer.
Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
Poste un nouveau rapport hijackthis.

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

Bonjour a tous
il ne faut donc pas supprimer (par AVG directement) ce virus de la quarantaine sans faire ces manipulations?
merci de vos réponses

Répondre à arnaud67

bonjour j'ai ce problème là j'ai fais tout ce qui était indiqué voici le rapport
d'avance merci

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:18, on 19/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\HP_Propriétaire.BOULOU\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deezer.com/fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Belkin Wireless G USB Adapter Client Utility.lnk = ?
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 8845 bytes

Répondre à boulou555

Forum Sécurité - Virus : virus downloader.swizzor