Rapport hijackthis
Dernière réponse : dans Sécurité
Bonsoir à tous,
mon ordinateur a été récemment infecté parce que mon internet fonctionne vraiment mal en plus de toutes cette pubs fatigantes. En plus, mon antivirus est loin d'être efficace, donc je fais appel à vous.
Voici le rapport hijackthis:
------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:59:14, on 2008-07-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {4976A827-D801-4AA1-969F-458BBA182329} - C:\WINDOWS\system32\mlJcyxvT.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {12a3220e-c91e-6938-cc24-96121aef0a37} - {73a0fea1-2169-42cc-8396-e19ce0223a21} - C:\WINDOWS\system32\wsqdoh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {C6EA321D-EE5F-4ED5-B1FF-3A87F9D81ABF} - C:\WINDOWS\system32\xxywXPHB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [3c7d4ed0] rundll32.exe "C:\WINDOWS\system32\qcegrkjj.dll",b
O4 - HKLM\..\Run: [BM3f4e7d4c] Rundll32.exe "C:\WINDOWS\system32\vaikgjsb.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA1270] command /c del "C:\WINDOWS\system32\mlJcyxvT.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4065] cmd /c del "C:\WINDOWS\system32\mlJcyxvT.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7634] command /c del "C:\WINDOWS\system32\vaikgjsb.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7671] cmd /c del "C:\WINDOWS\system32\vaikgjsb.dll_old"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O20 - Winlogon Notify: winowl32 - C:\WINDOWS\SYSTEM32\winowl32.dll
O20 - Winlogon Notify: xxywXPHB - C:\WINDOWS\SYSTEM32\xxywXPHB.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 8360 bytes
-------------------------------------------------------------------------------------
Merci de me donner un coup de main.
mon ordinateur a été récemment infecté parce que mon internet fonctionne vraiment mal en plus de toutes cette pubs fatigantes. En plus, mon antivirus est loin d'être efficace, donc je fais appel à vous.
Voici le rapport hijackthis:
------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:59:14, on 2008-07-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {4976A827-D801-4AA1-969F-458BBA182329} - C:\WINDOWS\system32\mlJcyxvT.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {12a3220e-c91e-6938-cc24-96121aef0a37} - {73a0fea1-2169-42cc-8396-e19ce0223a21} - C:\WINDOWS\system32\wsqdoh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {C6EA321D-EE5F-4ED5-B1FF-3A87F9D81ABF} - C:\WINDOWS\system32\xxywXPHB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [3c7d4ed0] rundll32.exe "C:\WINDOWS\system32\qcegrkjj.dll",b
O4 - HKLM\..\Run: [BM3f4e7d4c] Rundll32.exe "C:\WINDOWS\system32\vaikgjsb.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA1270] command /c del "C:\WINDOWS\system32\mlJcyxvT.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4065] cmd /c del "C:\WINDOWS\system32\mlJcyxvT.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7634] command /c del "C:\WINDOWS\system32\vaikgjsb.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7671] cmd /c del "C:\WINDOWS\system32\vaikgjsb.dll_old"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O20 - Winlogon Notify: winowl32 - C:\WINDOWS\SYSTEM32\winowl32.dll
O20 - Winlogon Notify: xxywXPHB - C:\WINDOWS\SYSTEM32\xxywXPHB.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 8360 bytes
-------------------------------------------------------------------------------------
Merci de me donner un coup de main.
Autres pages sur : rapport hijackthis
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge ComboFix (de sUBs) sur ton Bureau.
Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique sur ComboFix.exe.
Accepte la licence en cliquant sur Oui.
Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
Aide : Comment utiliser ComboFix.
Télécharge ComboFix (de sUBs) sur ton Bureau.
Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
Aide : Comment utiliser ComboFix.
ComboFix 08-07-07.3 - Jason 2008-07-08 6:50:02.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1585 [GMT -4:00]
Endroit: C:\Documents and Settings\Jason\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ddcdBTlK.dll
C:\WINDOWS\system32\efcYSMgf.dll
C:\WINDOWS\system32\geBrQGyW.dll
C:\WINDOWS\system32\hgGvvuTn.dll
C:\WINDOWS\system32\igxbmqte.ini
C:\WINDOWS\system32\IjiPrtwa.ini
C:\WINDOWS\system32\IjiPrtwa.ini2
C:\WINDOWS\system32\iygldn.dll
C:\WINDOWS\system32\jjkrgecq.ini
C:\WINDOWS\system32\ltcpxmxm.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nnnoLDsq.dll
C:\WINDOWS\system32\pbwjdeyx.dll
C:\WINDOWS\system32\qcegrkjj.dll
C:\WINDOWS\system32\TvxycJlm.ini
C:\WINDOWS\system32\TvxycJlm.ini2
C:\WINDOWS\system32\winowl32.dll
C:\WINDOWS\system32\wsqdoh.dll
C:\WINDOWS\system32\xecvhovn.dll
C:\WINDOWS\system32\xxywXPHB.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-08 to 2008-07-08 ))))))))))))))))))))))))))))))))))))
.
2008-07-08 06:54 . 2008-07-08 06:54 <REP> d-------- C:\WINDOWS\system32\xircom
2008-07-08 06:54 . 2008-07-08 06:54 <REP> d-------- C:\Program Files\microsoft frontpage
2008-07-08 06:31 . 2008-07-08 06:31 318,976 --------- C:\WINDOWS\system32\awtrPijI.dll_old
2008-07-07 20:07 . 2008-07-07 20:07 <REP> d-------- C:\Program Files\Trend Micro
2008-07-07 19:57 . 2008-07-08 06:43 269 --a------ C:\WINDOWS\wininit.ini
2008-07-07 14:59 . 2008-07-07 19:58 110,419 --a------ C:\WINDOWS\BM3f4e7d4c.xml
2008-07-07 10:27 . 2008-07-07 10:31 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-07 10:20 . 2004-08-03 22:58 5,376 --a------ C:\WINDOWS\system32\MSPCLOCK.sys
2008-07-06 20:31 . 2008-07-06 20:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-07-06 16:13 . 2008-07-06 16:13 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2008-07-06 09:17 . 2008-07-06 09:17 <REP> d-------- C:\Program Files\directx
2008-07-06 09:17 . 2000-12-14 20:05 299,520 --a------ C:\WINDOWS\uninst.exe
2008-07-06 08:08 . 2008-07-06 08:08 <REP> d-------- C:\Drivers
2008-07-06 08:08 . 2001-11-05 09:23 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys
2008-07-06 08:08 . 2002-10-15 22:41 102,220 --a------ C:\WINDOWS\system32\drivers\sonypvs1.sys
2008-07-06 08:08 . 2001-07-03 20:33 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL
2008-07-06 08:08 . 2001-11-05 09:23 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys
2008-07-06 08:08 . 2001-11-05 09:23 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys
2008-07-06 08:08 . 2001-07-03 20:39 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2008-07-06 08:06 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-01 07:21 . 2008-07-01 07:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-06-26 17:21 . 2008-06-26 17:27 <REP> d-------- C:\Program Files\Garmin
2008-06-26 17:01 . 2008-06-26 17:01 <REP> d-------- C:\Documents and Settings\Jason\Application Data\Canon
2008-06-24 10:45 . 2008-06-24 10:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ConeXware
2008-06-12 06:28 . 2008-06-12 06:34 <REP> d-------- C:\Documents and Settings\Jason\Application Data\IBP
2008-06-11 06:23 . 2008-06-14 13:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 06:23 . 2008-06-14 13:59 272,768 --------- C:\WINDOWS\system32\DllCache\bthport.sys
2008-06-10 07:17 . 2008-06-10 07:17 <REP> d-------- C:\Program Files\Web CEO
2008-06-10 07:17 . 2000-01-24 06:01 453,632 --a------ C:\WINDOWS\system32\stdvcl40.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-08 10:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-08 10:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-07 00:45 --------- d-----w C:\Documents and Settings\Jason\Application Data\LimeWire
2008-07-06 20:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-06 20:14 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-06 12:48 --------- d-----w C:\Program Files\Macromedia
2008-07-06 12:44 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
2008-06-29 22:01 --------- d-----w C:\Program Files\World of Warcraft
2008-06-13 10:40 --------- d-----w C:\Program Files\Opera
2008-06-10 04:56 --------- d-----w C:\Program Files\Microsoft Works
2008-06-05 11:41 --------- d-----w C:\Program Files\Google
2008-05-24 18:48 --------- d-----w C:\Program Files\roller coaster
2008-05-23 13:11 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-20 16:05 --------- d-----w C:\Program Files\FusionSoft DVD Player XP
2008-05-15 02:37 --------- d-----w C:\Program Files\Fichiers communs\snpstd
2008-05-15 00:05 --------- d-----w C:\Documents and Settings\Jason\Application Data\AdobeUM
2008-05-13 02:18 --------- d-----w C:\Program Files\Maxis
2008-05-13 00:34 --------- d-----w C:\Program Files\Java
2008-05-12 01:59 --------- d-----w C:\Program Files\AZ-Facturation
2008-05-08 14:45 --------- d-----w C:\Program Files\UltraISO
2008-05-08 14:45 --------- d-----w C:\Program Files\Fichiers communs\EZB Systems
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\DllCache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\DllCache\quartz.dll
2008-04-24 02:16 3,591,680 ------w C:\WINDOWS\system32\DllCache\mshtml.dll
2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\DllCache\ie4uinit.exe
2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\DllCache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\DllCache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\DllCache\ieakui.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-05 07:41 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 09:43 7630848]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 09:43 86016]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-15 19:41 163840]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 20:51 233472]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 07:42 176128]
"LifeChat"="C:\Program Files\Microsoft LifeChat\LifeChat.exe" [2007-01-26 14:31 259440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2005-10-11 13:54 339968]
"nwiz"="nwiz.exe" [2006-08-11 09:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 11:28 16126464 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-04-04 13:22 1822720 C:\WINDOWS\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 17:09 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Visicom Media\\FTP Expert 3\\ftpxpert3.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 19:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 19:16]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-07-03 07:06]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6184fce7-13b7-11dd-b079-00e0291d7c04}]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6184fce8-13b7-11dd-b079-00e0291d7c04}]
\Shell\AutoRun\command - F:\setupSNK.exe
.
- - - - ORPHANS REMOVED - - - -
BHO-{4976A827-D801-4AA1-969F-458BBA182329} - C:\WINDOWS\system32\mlJcyxvT.dll
BHO-{AD382550-7A97-41A9-9AAF-7D8EFB5C0B75} - C:\WINDOWS\system32\awtrPijI.dll
HKLM-Run-3c7d4ed0 - C:\WINDOWS\system32\qcegrkjj.dll
HKLM-Run-BM3f4e7d4c - C:\WINDOWS\system32\ltcpxmxm.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 06:55:06
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-08 6:58:11 - machine was rebooted [Jason]
ComboFix-quarantined-files.txt 2008-07-08 10:58:09
Pre-Run: 40,933,662,720 octets libres
Post-Run: 41,568,329,728 octets libres
171 --- E O F --- 2008-06-21 04:49:08
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1585 [GMT -4:00]
Endroit: C:\Documents and Settings\Jason\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ddcdBTlK.dll
C:\WINDOWS\system32\efcYSMgf.dll
C:\WINDOWS\system32\geBrQGyW.dll
C:\WINDOWS\system32\hgGvvuTn.dll
C:\WINDOWS\system32\igxbmqte.ini
C:\WINDOWS\system32\IjiPrtwa.ini
C:\WINDOWS\system32\IjiPrtwa.ini2
C:\WINDOWS\system32\iygldn.dll
C:\WINDOWS\system32\jjkrgecq.ini
C:\WINDOWS\system32\ltcpxmxm.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nnnoLDsq.dll
C:\WINDOWS\system32\pbwjdeyx.dll
C:\WINDOWS\system32\qcegrkjj.dll
C:\WINDOWS\system32\TvxycJlm.ini
C:\WINDOWS\system32\TvxycJlm.ini2
C:\WINDOWS\system32\winowl32.dll
C:\WINDOWS\system32\wsqdoh.dll
C:\WINDOWS\system32\xecvhovn.dll
C:\WINDOWS\system32\xxywXPHB.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-08 to 2008-07-08 ))))))))))))))))))))))))))))))))))))
.
2008-07-08 06:54 . 2008-07-08 06:54 <REP> d-------- C:\WINDOWS\system32\xircom
2008-07-08 06:54 . 2008-07-08 06:54 <REP> d-------- C:\Program Files\microsoft frontpage
2008-07-08 06:31 . 2008-07-08 06:31 318,976 --------- C:\WINDOWS\system32\awtrPijI.dll_old
2008-07-07 20:07 . 2008-07-07 20:07 <REP> d-------- C:\Program Files\Trend Micro
2008-07-07 19:57 . 2008-07-08 06:43 269 --a------ C:\WINDOWS\wininit.ini
2008-07-07 14:59 . 2008-07-07 19:58 110,419 --a------ C:\WINDOWS\BM3f4e7d4c.xml
2008-07-07 10:27 . 2008-07-07 10:31 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-07 10:20 . 2004-08-03 22:58 5,376 --a------ C:\WINDOWS\system32\MSPCLOCK.sys
2008-07-06 20:31 . 2008-07-06 20:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-07-06 16:13 . 2008-07-06 16:13 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2008-07-06 09:17 . 2008-07-06 09:17 <REP> d-------- C:\Program Files\directx
2008-07-06 09:17 . 2000-12-14 20:05 299,520 --a------ C:\WINDOWS\uninst.exe
2008-07-06 08:08 . 2008-07-06 08:08 <REP> d-------- C:\Drivers
2008-07-06 08:08 . 2001-11-05 09:23 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys
2008-07-06 08:08 . 2002-10-15 22:41 102,220 --a------ C:\WINDOWS\system32\drivers\sonypvs1.sys
2008-07-06 08:08 . 2001-07-03 20:33 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL
2008-07-06 08:08 . 2001-11-05 09:23 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys
2008-07-06 08:08 . 2001-11-05 09:23 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys
2008-07-06 08:08 . 2001-07-03 20:39 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2008-07-06 08:06 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-01 07:21 . 2008-07-01 07:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-06-26 17:21 . 2008-06-26 17:27 <REP> d-------- C:\Program Files\Garmin
2008-06-26 17:01 . 2008-06-26 17:01 <REP> d-------- C:\Documents and Settings\Jason\Application Data\Canon
2008-06-24 10:45 . 2008-06-24 10:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ConeXware
2008-06-12 06:28 . 2008-06-12 06:34 <REP> d-------- C:\Documents and Settings\Jason\Application Data\IBP
2008-06-11 06:23 . 2008-06-14 13:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 06:23 . 2008-06-14 13:59 272,768 --------- C:\WINDOWS\system32\DllCache\bthport.sys
2008-06-10 07:17 . 2008-06-10 07:17 <REP> d-------- C:\Program Files\Web CEO
2008-06-10 07:17 . 2000-01-24 06:01 453,632 --a------ C:\WINDOWS\system32\stdvcl40.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-08 10:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-08 10:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-07 00:45 --------- d-----w C:\Documents and Settings\Jason\Application Data\LimeWire
2008-07-06 20:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-06 20:14 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-06 12:48 --------- d-----w C:\Program Files\Macromedia
2008-07-06 12:44 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
2008-06-29 22:01 --------- d-----w C:\Program Files\World of Warcraft
2008-06-13 10:40 --------- d-----w C:\Program Files\Opera
2008-06-10 04:56 --------- d-----w C:\Program Files\Microsoft Works
2008-06-05 11:41 --------- d-----w C:\Program Files\Google
2008-05-24 18:48 --------- d-----w C:\Program Files\roller coaster
2008-05-23 13:11 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-20 16:05 --------- d-----w C:\Program Files\FusionSoft DVD Player XP
2008-05-15 02:37 --------- d-----w C:\Program Files\Fichiers communs\snpstd
2008-05-15 00:05 --------- d-----w C:\Documents and Settings\Jason\Application Data\AdobeUM
2008-05-13 02:18 --------- d-----w C:\Program Files\Maxis
2008-05-13 00:34 --------- d-----w C:\Program Files\Java
2008-05-12 01:59 --------- d-----w C:\Program Files\AZ-Facturation
2008-05-08 14:45 --------- d-----w C:\Program Files\UltraISO
2008-05-08 14:45 --------- d-----w C:\Program Files\Fichiers communs\EZB Systems
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\DllCache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\DllCache\quartz.dll
2008-04-24 02:16 3,591,680 ------w C:\WINDOWS\system32\DllCache\mshtml.dll
2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\DllCache\ie4uinit.exe
2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\DllCache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\DllCache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\DllCache\ieakui.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-05 07:41 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 09:43 7630848]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 09:43 86016]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-15 19:41 163840]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 20:51 233472]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 07:42 176128]
"LifeChat"="C:\Program Files\Microsoft LifeChat\LifeChat.exe" [2007-01-26 14:31 259440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2005-10-11 13:54 339968]
"nwiz"="nwiz.exe" [2006-08-11 09:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 11:28 16126464 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-04-04 13:22 1822720 C:\WINDOWS\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 17:09 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Visicom Media\\FTP Expert 3\\ftpxpert3.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 19:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 19:16]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-07-03 07:06]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6184fce7-13b7-11dd-b079-00e0291d7c04}]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6184fce8-13b7-11dd-b079-00e0291d7c04}]
\Shell\AutoRun\command - F:\setupSNK.exe
.
- - - - ORPHANS REMOVED - - - -
BHO-{4976A827-D801-4AA1-969F-458BBA182329} - C:\WINDOWS\system32\mlJcyxvT.dll
BHO-{AD382550-7A97-41A9-9AAF-7D8EFB5C0B75} - C:\WINDOWS\system32\awtrPijI.dll
HKLM-Run-3c7d4ed0 - C:\WINDOWS\system32\qcegrkjj.dll
HKLM-Run-BM3f4e7d4c - C:\WINDOWS\system32\ltcpxmxm.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 06:55:06
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-08 6:58:11 - machine was rebooted [Jason]
ComboFix-quarantined-files.txt 2008-07-08 10:58:09
Pre-Run: 40,933,662,720 octets libres
Post-Run: 41,568,329,728 octets libres
171 --- E O F --- 2008-06-21 04:49:08
Re,
Sélectionne l'intégralité du cadre ci-dessous :
Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport ComboFix.txt.
S'il n'y a pas de rédémarrage, poste quand même le rapport.
Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Enregistre le sous sur ton bureau sous le nom de CFScript.txt
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :
![]()
Cela va relancer Combofix.
ComboFix créera ces fichiers sur ton Bureau :
- Un fichier zippé nommé Submit [Date Time].zip
- Un second fichier nommé - CF-Submit.htm
ComboFix peut exiger un redémarrage pour compléter son travail. Accepte.
Lorsque l'outil aura terminé, un rapport ComboFix.log apparaîtra à l'écran.
Une nouvelle fenêtre avec invite "Submit Files for further analysis" s'ouvrira. Clique "OK"
Ton navigateur se lancera automatiquement avec le fichier CF-Submit.htm et une fenêtre s'ouvrira :
- Clique sur le bouton "Browse"("Parcourir") et navigue vers le fichier
Submit [Date Time].zip qui est sur ton Bureau.
- Clique sur le fichier afin de le sélectionner.
Soumets le fichier en cliquant "OK"
Lorsque cette opération sera complétée, tu peux supprimer ces deux fichiers qui se trouvent sur ton Bureau.
Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
**********
- Poste de travail/outils/option des dossiers/affichage/afficher les fichiers et dossiers cachés/Appliquer - - > OK
- Poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d’exploitation/Appliquer - - > OK
- Poste de travail/outils/option des dossiers/affichage/décocher masquer les extensions dont le type est connu/Appliquer - - > OK
Tu recoches ces options après !
Fais analyser ce(s) fichier(s) sur ce site >> Virustotal <<
Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier : F:\setupSNK.exe
Clique maintenant sur Envoyer le fichier.
Poste le rapport (De Fichier *** reçu le *** jusqu’à SHA1 : ***)
Sélectionne l'intégralité du cadre ci-dessous :
Collect::
C:\WINDOWS\BM3f4e7d4c.xml
File::
C:\WINDOWS\system32\awtrPijI.dll_old
C:\WINDOWS\BM3f4e7d4c.xml
File::
C:\WINDOWS\system32\awtrPijI.dll_old
Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport ComboFix.txt.
S'il n'y a pas de rédémarrage, poste quand même le rapport.
- Un fichier zippé nommé Submit [Date Time].zip
- Un second fichier nommé - CF-Submit.htm
- Clique sur le bouton "Browse"("Parcourir") et navigue vers le fichier
Submit [Date Time].zip qui est sur ton Bureau.
- Clique sur le fichier afin de le sélectionner.
Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
**********
- Poste de travail/outils/option des dossiers/affichage/afficher les fichiers et dossiers cachés/Appliquer - - > OK
- Poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d’exploitation/Appliquer - - > OK
- Poste de travail/outils/option des dossiers/affichage/décocher masquer les extensions dont le type est connu/Appliquer - - > OK
Tu recoches ces options après !
Fais analyser ce(s) fichier(s) sur ce site >> Virustotal <<
ComboFix 08-07-07.3 - Jason 2008-07-08 10:03:15.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.2.1036.18.1568 [GMT -4:00]
Endroit: C:\Documents and Settings\Jason\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jason\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\WINDOWS\system32\awtrPijI.dll_old
.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-08 to 2008-07-08 ))))))))))))))))))))))))))))))))))))
.
2008-07-08 06:54 . 2008-07-08 06:54 <REP> d-------- C:\WINDOWS\system32\xircom
2008-07-08 06:54 . 2008-07-08 06:54 <REP> d-------- C:\Program Files\microsoft frontpage
2008-07-07 20:07 . 2008-07-07 20:07 <REP> d-------- C:\Program Files\Trend Micro
2008-07-07 19:57 . 2008-07-08 06:43 269 --a------ C:\WINDOWS\wininit.ini
2008-07-07 10:27 . 2008-07-07 10:31 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-07 10:20 . 2004-08-03 22:58 5,376 --a------ C:\WINDOWS\system32\MSPCLOCK.sys
2008-07-06 20:31 . 2008-07-06 20:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-07-06 16:13 . 2008-07-06 16:13 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2008-07-06 09:17 . 2008-07-06 09:17 <REP> d-------- C:\Program Files\directx
2008-07-06 09:17 . 2000-12-14 20:05 299,520 --a------ C:\WINDOWS\uninst.exe
2008-07-06 08:08 . 2008-07-06 08:08 <REP> d-------- C:\Drivers
2008-07-06 08:08 . 2001-11-05 09:23 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys
2008-07-06 08:08 . 2002-10-15 22:41 102,220 --a------ C:\WINDOWS\system32\drivers\sonypvs1.sys
2008-07-06 08:08 . 2001-07-03 20:33 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL
2008-07-06 08:08 . 2001-11-05 09:23 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys
2008-07-06 08:08 . 2001-11-05 09:23 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys
2008-07-06 08:08 . 2001-07-03 20:39 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2008-07-06 08:06 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-01 07:21 . 2008-07-01 07:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-06-26 17:21 . 2008-06-26 17:27 <REP> d-------- C:\Program Files\Garmin
2008-06-26 17:01 . 2008-06-26 17:01 <REP> d-------- C:\Documents and Settings\Jason\Application Data\Canon
2008-06-24 10:45 . 2008-06-24 10:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ConeXware
2008-06-12 06:28 . 2008-06-12 06:34 <REP> d-------- C:\Documents and Settings\Jason\Application Data\IBP
2008-06-11 06:23 . 2008-06-14 13:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 06:23 . 2008-06-14 13:59 272,768 --------- C:\WINDOWS\system32\DllCache\bthport.sys
2008-06-10 07:17 . 2008-06-10 07:17 <REP> d-------- C:\Program Files\Web CEO
2008-06-10 07:17 . 2000-01-24 06:01 453,632 --a------ C:\WINDOWS\system32\stdvcl40.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-08 10:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-08 10:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-07 00:45 --------- d-----w C:\Documents and Settings\Jason\Application Data\LimeWire
2008-07-06 20:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-06 20:14 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-06 12:48 --------- d-----w C:\Program Files\Macromedia
2008-07-06 12:44 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
2008-06-29 22:01 --------- d-----w C:\Program Files\World of Warcraft
2008-06-13 10:40 --------- d-----w C:\Program Files\Opera
2008-06-10 04:56 --------- d-----w C:\Program Files\Microsoft Works
2008-06-05 11:41 --------- d-----w C:\Program Files\Google
2008-05-24 18:48 --------- d-----w C:\Program Files\roller coaster
2008-05-23 13:11 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-20 16:05 --------- d-----w C:\Program Files\FusionSoft DVD Player XP
2008-05-15 02:37 --------- d-----w C:\Program Files\Fichiers communs\snpstd
2008-05-15 00:05 --------- d-----w C:\Documents and Settings\Jason\Application Data\AdobeUM
2008-05-13 02:18 --------- d-----w C:\Program Files\Maxis
2008-05-13 00:34 --------- d-----w C:\Program Files\Java
2008-05-12 01:59 --------- d-----w C:\Program Files\AZ-Facturation
2008-05-08 14:45 --------- d-----w C:\Program Files\UltraISO
2008-05-08 14:45 --------- d-----w C:\Program Files\Fichiers communs\EZB Systems
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\DllCache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\DllCache\quartz.dll
2008-04-24 02:16 3,591,680 ------w C:\WINDOWS\system32\DllCache\mshtml.dll
2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\DllCache\ie4uinit.exe
2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\DllCache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\DllCache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\DllCache\ieakui.dll
.
((((((((((((((((((((((((((((( snapshot@2008-07-08_ 6.58.02.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-08 10:54:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-08 14:00:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-08 14:00:36 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_484.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-05 07:41 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 09:43 7630848]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 09:43 86016]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-15 19:41 163840]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 20:51 233472]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 07:42 176128]
"LifeChat"="C:\Program Files\Microsoft LifeChat\LifeChat.exe" [2007-01-26 14:31 259440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2005-10-11 13:54 339968]
"nwiz"="nwiz.exe" [2006-08-11 09:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 11:28 16126464 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-04-04 13:22 1822720 C:\WINDOWS\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 17:09 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-17 19:17:42 110592]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Visicom Media\\FTP Expert 3\\ftpxpert3.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 19:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 19:16]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-07-03 07:06]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6184fce7-13b7-11dd-b079-00e0291d7c04}]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6184fce8-13b7-11dd-b079-00e0291d7c04}]
\Shell\AutoRun\command - F:\setupSNK.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 10:04:48
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-07-08 10:05:24
ComboFix-quarantined-files.txt 2008-07-08 14:05:20
ComboFix2.txt 2008-07-08 13:57:47
ComboFix3.txt 2008-07-08 13:55:36
ComboFix4.txt 2008-07-08 10:58:12
Pre-Run: 41,512,034,304 octets libres
Post-Run: 41,505,165,312 octets libres
139 --- E O F --- 2008-06-21 04:49:08
Microsoft Windows XP Professionnel 5.1.2600.2.1252.2.1036.18.1568 [GMT -4:00]
Endroit: C:\Documents and Settings\Jason\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jason\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\WINDOWS\system32\awtrPijI.dll_old
.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-08 to 2008-07-08 ))))))))))))))))))))))))))))))))))))
.
2008-07-08 06:54 . 2008-07-08 06:54 <REP> d-------- C:\WINDOWS\system32\xircom
2008-07-08 06:54 . 2008-07-08 06:54 <REP> d-------- C:\Program Files\microsoft frontpage
2008-07-07 20:07 . 2008-07-07 20:07 <REP> d-------- C:\Program Files\Trend Micro
2008-07-07 19:57 . 2008-07-08 06:43 269 --a------ C:\WINDOWS\wininit.ini
2008-07-07 10:27 . 2008-07-07 10:31 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-07 10:20 . 2004-08-03 22:58 5,376 --a------ C:\WINDOWS\system32\MSPCLOCK.sys
2008-07-06 20:31 . 2008-07-06 20:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-07-06 16:13 . 2008-07-06 16:13 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2008-07-06 09:17 . 2008-07-06 09:17 <REP> d-------- C:\Program Files\directx
2008-07-06 09:17 . 2000-12-14 20:05 299,520 --a------ C:\WINDOWS\uninst.exe
2008-07-06 08:08 . 2008-07-06 08:08 <REP> d-------- C:\Drivers
2008-07-06 08:08 . 2001-11-05 09:23 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys
2008-07-06 08:08 . 2002-10-15 22:41 102,220 --a------ C:\WINDOWS\system32\drivers\sonypvs1.sys
2008-07-06 08:08 . 2001-07-03 20:33 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL
2008-07-06 08:08 . 2001-11-05 09:23 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys
2008-07-06 08:08 . 2001-11-05 09:23 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys
2008-07-06 08:08 . 2001-07-03 20:39 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2008-07-06 08:06 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-01 07:21 . 2008-07-01 07:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-06-26 17:21 . 2008-06-26 17:27 <REP> d-------- C:\Program Files\Garmin
2008-06-26 17:01 . 2008-06-26 17:01 <REP> d-------- C:\Documents and Settings\Jason\Application Data\Canon
2008-06-24 10:45 . 2008-06-24 10:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ConeXware
2008-06-12 06:28 . 2008-06-12 06:34 <REP> d-------- C:\Documents and Settings\Jason\Application Data\IBP
2008-06-11 06:23 . 2008-06-14 13:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 06:23 . 2008-06-14 13:59 272,768 --------- C:\WINDOWS\system32\DllCache\bthport.sys
2008-06-10 07:17 . 2008-06-10 07:17 <REP> d-------- C:\Program Files\Web CEO
2008-06-10 07:17 . 2000-01-24 06:01 453,632 --a------ C:\WINDOWS\system32\stdvcl40.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-08 10:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-08 10:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-07 00:45 --------- d-----w C:\Documents and Settings\Jason\Application Data\LimeWire
2008-07-06 20:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-06 20:14 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-06 12:48 --------- d-----w C:\Program Files\Macromedia
2008-07-06 12:44 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
2008-06-29 22:01 --------- d-----w C:\Program Files\World of Warcraft
2008-06-13 10:40 --------- d-----w C:\Program Files\Opera
2008-06-10 04:56 --------- d-----w C:\Program Files\Microsoft Works
2008-06-05 11:41 --------- d-----w C:\Program Files\Google
2008-05-24 18:48 --------- d-----w C:\Program Files\roller coaster
2008-05-23 13:11 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-20 16:05 --------- d-----w C:\Program Files\FusionSoft DVD Player XP
2008-05-15 02:37 --------- d-----w C:\Program Files\Fichiers communs\snpstd
2008-05-15 00:05 --------- d-----w C:\Documents and Settings\Jason\Application Data\AdobeUM
2008-05-13 02:18 --------- d-----w C:\Program Files\Maxis
2008-05-13 00:34 --------- d-----w C:\Program Files\Java
2008-05-12 01:59 --------- d-----w C:\Program Files\AZ-Facturation
2008-05-08 14:45 --------- d-----w C:\Program Files\UltraISO
2008-05-08 14:45 --------- d-----w C:\Program Files\Fichiers communs\EZB Systems
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\DllCache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\DllCache\quartz.dll
2008-04-24 02:16 3,591,680 ------w C:\WINDOWS\system32\DllCache\mshtml.dll
2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\DllCache\ie4uinit.exe
2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\DllCache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\DllCache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\DllCache\ieakui.dll
.
((((((((((((((((((((((((((((( snapshot@2008-07-08_ 6.58.02.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-08 10:54:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-08 14:00:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-08 14:00:36 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_484.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-05 07:41 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 09:43 7630848]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 09:43 86016]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-15 19:41 163840]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 20:51 233472]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 07:42 176128]
"LifeChat"="C:\Program Files\Microsoft LifeChat\LifeChat.exe" [2007-01-26 14:31 259440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2005-10-11 13:54 339968]
"nwiz"="nwiz.exe" [2006-08-11 09:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 11:28 16126464 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-04-04 13:22 1822720 C:\WINDOWS\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 17:09 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-17 19:17:42 110592]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Visicom Media\\FTP Expert 3\\ftpxpert3.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 19:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 19:16]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-07-03 07:06]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6184fce7-13b7-11dd-b079-00e0291d7c04}]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6184fce8-13b7-11dd-b079-00e0291d7c04}]
\Shell\AutoRun\command - F:\setupSNK.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 10:04:48
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-07-08 10:05:24
ComboFix-quarantined-files.txt 2008-07-08 14:05:20
ComboFix2.txt 2008-07-08 13:57:47
ComboFix3.txt 2008-07-08 13:55:36
ComboFix4.txt 2008-07-08 10:58:12
Pre-Run: 41,512,034,304 octets libres
Post-Run: 41,505,165,312 octets libres
139 --- E O F --- 2008-06-21 04:49:08
Je tiens à te dire que j'ai suivi les étapes, toutefois lorsque mon navigateur s'est lancé automatiquement avec le fichier CF-Submit.htm, j'ai cliquer sur afficher le contenu bloqué parce que je voulais être sûr que tout fonctionne bien. Et bien ça pas été le cas, ça m'a afficher une page d'erreur sans possiblilité de faire précédent, donc je n'ai pas pu envoyé le fichier et suivre le reste des étapes.
On va vérifier s'il n 'y a pas des restes ![:)]( ":)")
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées :
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
[#FF0000]Aide : Comment utiliser MBAM.
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Une fois l'installation et la mise à jour effectuées :
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
[#FF0000]Aide : Comment utiliser MBAM.
J'étais plus infecté que je pensais ![:ouch:]( ":ouch:")
------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.20
Version de la base de données: 933
Windows 5.1.2600 Service Pack 2
21:07:07 2008-07-08
mbam-log-7-8-2008 (21-07-07).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 99893
Temps écoulé: 1 hour(s), 29 minute(s), 22 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 17
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcdBTlK.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\efcYSMgf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\geBrQGyW.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hgGvvuTn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnoLDsq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\xxywXPHB.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{33A174E2-A65A-49E6-B361-C932B30BF4AA}\RP169\A0023475.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{33A174E2-A65A-49E6-B361-C932B30BF4AA}\RP169\A0025533.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{33A174E2-A65A-49E6-B361-C932B30BF4AA}\RP169\A0025534.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{33A174E2-A65A-49E6-B361-C932B30BF4AA}\RP169\A0025535.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{33A174E2-A65A-49E6-B361-C932B30BF4AA}\RP169\A0025536.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{33A174E2-A65A-49E6-B361-C932B30BF4AA}\RP170\A0025596.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{33A174E2-A65A-49E6-B361-C932B30BF4AA}\RP170\A0025597.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{33A174E2-A65A-49E6-B361-C932B30BF4AA}\RP170\A0025598.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{33A174E2-A65A-49E6-B361-C932B30BF4AA}\RP170\A0025599.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{33A174E2-A65A-49E6-B361-C932B30BF4AA}\RP170\A0025602.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{33A174E2-A65A-49E6-B361-C932B30BF4AA}\RP170\A0025607.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.20
Version de la base de données: 933
Windows 5.1.2600 Service Pack 2
21:07:07 2008-07-08
mbam-log-7-8-2008 (21-07-07).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 99893
Temps écoulé: 1 hour(s), 29 minute(s), 22 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 17
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcdBTlK.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\efcYSMgf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\geBrQGyW.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hgGvvuTn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnoLDsq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\xxywXPHB.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{33A174E2-A65A-49E6-B361-C932B30BF4AA}\RP169\A0023475.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{33A174E2-A65A-49E6-B361-C932B30BF4AA}\RP169\A0025533.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{33A174E2-A65A-49E6-B361-C932B30BF4AA}\RP169\A0025534.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{33A174E2-A65A-49E6-B361-C932B30BF4AA}\RP169\A0025535.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{33A174E2-A65A-49E6-B361-C932B30BF4AA}\RP169\A0025536.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{33A174E2-A65A-49E6-B361-C932B30BF4AA}\RP170\A0025596.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{33A174E2-A65A-49E6-B361-C932B30BF4AA}\RP170\A0025597.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{33A174E2-A65A-49E6-B361-C932B30BF4AA}\RP170\A0025598.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{33A174E2-A65A-49E6-B361-C932B30BF4AA}\RP170\A0025599.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{33A174E2-A65A-49E6-B361-C932B30BF4AA}\RP170\A0025602.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{33A174E2-A65A-49E6-B361-C932B30BF4AA}\RP170\A0025607.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:59:05, on 2008-07-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6976 bytes
Scan saved at 06:59:05, on 2008-07-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6976 bytes
Re,
Désinstalle via Ajout/Suppression de Programmes (si présents) :
Avast!
Télécharge et exécute : http://www.avast.com/eng/avast-uninstall-utility.html
Télécharge Ccleaner sur ton Bureau.
Clique sur download the latest version.
Installe-le en laissant seulement les options suivantes cochées :
- Ajouter un raccourci sur le Bureau.
- Contrôler automatiquement les mises à jour de CCleaner.
Lance le Nettoyage.
Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.
Aide : Comment utiliser CCleaner.
***************
Télécharge AntiVir sur ton Bureau.
Double clique sur l'exécutable téléchargé pour lancer l'installation.
A la fin de l'installation, clique sur Finish.
Ouvre Antivir, assure-toi qu’il soit bien à jour !
Dans l'onglet Local Protection, choisis Scanner.
Active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur).
Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur.
Poste moi le rapport généré : Pour cela, clique sur l'onglet Overview, puis choisis Reports, tu trouveras son rapport..
Note : Pour une éradication des menaces plus efficace, lance le scan en mode sans échec.
Pourquoi changer ? Avast vs Antivir.
Aide : Comment installer et utiliser AntiVir.
**************
Télécharge Clean (de Malekal) sur ton Bureau.
Dézippe le sur ton Bureau. Double-clic sur le dossier Clean qui vient d'apparaître.
Double-clic sur Clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
Poste le rapport qui se trouve ici : C:\rapport_clean.txt
Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
Aide : Comment utiliser Clean.
Désinstalle via Ajout/Suppression de Programmes (si présents) :
Télécharge et exécute : http://www.avast.com/eng/avast-uninstall-utility.html
Télécharge Ccleaner sur ton Bureau.
- Ajouter un raccourci sur le Bureau.
- Contrôler automatiquement les mises à jour de CCleaner.
Aide : Comment utiliser CCleaner.
***************
Télécharge AntiVir sur ton Bureau.
Note : Pour une éradication des menaces plus efficace, lance le scan en mode sans échec.
Pourquoi changer ? Avast vs Antivir.
Aide : Comment installer et utiliser AntiVir.
**************
Télécharge Clean (de Malekal) sur ton Bureau.
Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
Aide : Comment utiliser Clean.
Voici le rapport de l'antivirus AntiVir, j'ai des virus en quarantaine, est-ce que je les supprimes?
-----------------------------------------------------------------
Avira AntiVir Personal
Report file date: 9 juillet 2008 08:45
Scanning for 1398917 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Jason
Computer name: JASON-MAISON
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 15:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 14:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 14:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 14:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 16:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 2008-06-24 12:37:55
ANTIVIR2.VDF : 7.0.5.51 273408 Bytes 2008-07-04 12:37:58
ANTIVIR3.VDF : 7.0.5.79 272896 Bytes 2008-07-09 12:38:00
Engineversion : 8.1.0.64
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 15:58:21
AESCRIPT.DLL : 8.1.0.46 283002 Bytes 2008-07-09 12:38:18
AESCN.DLL : 8.1.0.22 119157 Bytes 2008-07-09 12:38:16
AERDL.DLL : 8.1.0.20 418165 Bytes 2008-07-09 12:38:15
AEPACK.DLL : 8.1.1.6 364918 Bytes 2008-07-09 12:38:13
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 2008-07-09 12:38:11
AEHEUR.DLL : 8.1.0.35 1298806 Bytes 2008-07-09 12:38:10
AEHELP.DLL : 8.1.0.15 115063 Bytes 2008-07-09 12:38:05
AEGEN.DLL : 8.1.0.29 307573 Bytes 2008-07-09 12:38:04
AEEMU.DLL : 8.1.0.6 430451 Bytes 2008-07-09 12:38:03
AECORE.DLL : 8.1.0.32 168311 Bytes 2008-07-09 12:38:01
AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 23:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 16:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 19:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 23:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 14:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 14:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 23:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 23:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 18:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 20:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 18:02:11
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 9 juillet 2008 08:45
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '32' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\C\WINDOWS\system32\awtrPijI.dll_old.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48e8cdf6.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\iygldn.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48dbcdf8.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ltcpxmxm.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48d7cdf4.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\pbwjdeyx.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48ebcde2.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\qcegrkjj.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48d9cde3.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\winowl32.dll.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[NOTE] The file was moved to '48e2cdea.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\wsqdoh.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48e5cdf4.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\xecvhovn.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48d7cde6.qua'!
End of the scan: 9 juillet 2008 10:50
Used time: 2:04:59 min
The scan has been done completely.
5640 Scanning directories
281691 Files were scanned
8 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
8 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
281683 Files not concerned
1296 Archives were scanned
1 Warnings
8 Notes
-----------------------------------------------------------------
Voici le rapport via le rootkit search:
-----------------------------------------------------------------
Avira AntiVir Personal
Report file date: 9 juillet 2008 10:58
Scanning for 1398917 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Jason
Computer name: JASON-MAISON
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 15:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 14:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 14:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 14:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 16:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 2008-06-24 12:37:55
ANTIVIR2.VDF : 7.0.5.51 273408 Bytes 2008-07-04 12:37:58
ANTIVIR3.VDF : 7.0.5.79 272896 Bytes 2008-07-09 12:38:00
Engineversion : 8.1.0.64
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 15:58:21
AESCRIPT.DLL : 8.1.0.46 283002 Bytes 2008-07-09 12:38:18
AESCN.DLL : 8.1.0.22 119157 Bytes 2008-07-09 12:38:16
AERDL.DLL : 8.1.0.20 418165 Bytes 2008-07-09 12:38:15
AEPACK.DLL : 8.1.1.6 364918 Bytes 2008-07-09 12:38:13
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 2008-07-09 12:38:11
AEHEUR.DLL : 8.1.0.35 1298806 Bytes 2008-07-09 12:38:10
AEHELP.DLL : 8.1.0.15 115063 Bytes 2008-07-09 12:38:05
AEGEN.DLL : 8.1.0.29 307573 Bytes 2008-07-09 12:38:04
AEEMU.DLL : 8.1.0.6 430451 Bytes 2008-07-09 12:38:03
AECORE.DLL : 8.1.0.32 168311 Bytes 2008-07-09 12:38:01
AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 23:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 16:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 19:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 23:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 14:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 14:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 23:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 23:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 18:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 20:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 18:02:11
Configuration settings for the scan:
Jobname..........................: Rootkit search
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\rootkit.avp
Logging..........................: high
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Scan memory......................: off
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Expanded search settings.........: 0x00300922
Start of the scan: 9 juillet 2008 10:58
Starting search for hidden objects.
The driver could not be initialized.
End of the scan: 9 juillet 2008 10:58
Used time: 00:11 min
The scan has been done completely.
0 Scanning directories
0 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
0 Files not concerned
0 Archives were scanned
0 Warnings
0 Notes
-----------------------------------------------------------------
Et voici le rapport de Clean:
-----------------------------------------------------------------
2008-07-09 a 11:07:51,56
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
"C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\BitDownload" FOUND
*** Fin du rapport !
-----------------------------------------------------------------
-----------------------------------------------------------------
Avira AntiVir Personal
Report file date: 9 juillet 2008 08:45
Scanning for 1398917 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Jason
Computer name: JASON-MAISON
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 15:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 14:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 14:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 14:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 16:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 2008-06-24 12:37:55
ANTIVIR2.VDF : 7.0.5.51 273408 Bytes 2008-07-04 12:37:58
ANTIVIR3.VDF : 7.0.5.79 272896 Bytes 2008-07-09 12:38:00
Engineversion : 8.1.0.64
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 15:58:21
AESCRIPT.DLL : 8.1.0.46 283002 Bytes 2008-07-09 12:38:18
AESCN.DLL : 8.1.0.22 119157 Bytes 2008-07-09 12:38:16
AERDL.DLL : 8.1.0.20 418165 Bytes 2008-07-09 12:38:15
AEPACK.DLL : 8.1.1.6 364918 Bytes 2008-07-09 12:38:13
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 2008-07-09 12:38:11
AEHEUR.DLL : 8.1.0.35 1298806 Bytes 2008-07-09 12:38:10
AEHELP.DLL : 8.1.0.15 115063 Bytes 2008-07-09 12:38:05
AEGEN.DLL : 8.1.0.29 307573 Bytes 2008-07-09 12:38:04
AEEMU.DLL : 8.1.0.6 430451 Bytes 2008-07-09 12:38:03
AECORE.DLL : 8.1.0.32 168311 Bytes 2008-07-09 12:38:01
AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 23:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 16:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 19:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 23:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 14:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 14:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 23:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 23:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 18:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 20:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 18:02:11
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 9 juillet 2008 08:45
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '32' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\C\WINDOWS\system32\awtrPijI.dll_old.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48e8cdf6.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\iygldn.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48dbcdf8.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ltcpxmxm.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48d7cdf4.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\pbwjdeyx.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48ebcde2.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\qcegrkjj.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48d9cde3.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\winowl32.dll.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[NOTE] The file was moved to '48e2cdea.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\wsqdoh.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48e5cdf4.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\xecvhovn.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48d7cde6.qua'!
End of the scan: 9 juillet 2008 10:50
Used time: 2:04:59 min
The scan has been done completely.
5640 Scanning directories
281691 Files were scanned
8 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
8 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
281683 Files not concerned
1296 Archives were scanned
1 Warnings
8 Notes
-----------------------------------------------------------------
Voici le rapport via le rootkit search:
-----------------------------------------------------------------
Avira AntiVir Personal
Report file date: 9 juillet 2008 10:58
Scanning for 1398917 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Jason
Computer name: JASON-MAISON
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 15:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 14:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 14:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 14:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 16:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 2008-06-24 12:37:55
ANTIVIR2.VDF : 7.0.5.51 273408 Bytes 2008-07-04 12:37:58
ANTIVIR3.VDF : 7.0.5.79 272896 Bytes 2008-07-09 12:38:00
Engineversion : 8.1.0.64
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 15:58:21
AESCRIPT.DLL : 8.1.0.46 283002 Bytes 2008-07-09 12:38:18
AESCN.DLL : 8.1.0.22 119157 Bytes 2008-07-09 12:38:16
AERDL.DLL : 8.1.0.20 418165 Bytes 2008-07-09 12:38:15
AEPACK.DLL : 8.1.1.6 364918 Bytes 2008-07-09 12:38:13
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 2008-07-09 12:38:11
AEHEUR.DLL : 8.1.0.35 1298806 Bytes 2008-07-09 12:38:10
AEHELP.DLL : 8.1.0.15 115063 Bytes 2008-07-09 12:38:05
AEGEN.DLL : 8.1.0.29 307573 Bytes 2008-07-09 12:38:04
AEEMU.DLL : 8.1.0.6 430451 Bytes 2008-07-09 12:38:03
AECORE.DLL : 8.1.0.32 168311 Bytes 2008-07-09 12:38:01
AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 23:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 16:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 19:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 23:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 14:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 14:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 23:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 23:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 18:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 20:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 18:02:11
Configuration settings for the scan:
Jobname..........................: Rootkit search
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\rootkit.avp
Logging..........................: high
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Scan memory......................: off
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Expanded search settings.........: 0x00300922
Start of the scan: 9 juillet 2008 10:58
Starting search for hidden objects.
The driver could not be initialized.
End of the scan: 9 juillet 2008 10:58
Used time: 00:11 min
The scan has been done completely.
0 Scanning directories
0 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
0 Files not concerned
0 Archives were scanned
0 Warnings
0 Notes
-----------------------------------------------------------------
Et voici le rapport de Clean:
-----------------------------------------------------------------
2008-07-09 a 11:07:51,56
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
"C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\BitDownload" FOUND
*** Fin du rapport !
-----------------------------------------------------------------
Tu peux les supprimer si tu veux ![:)]( ":)")
Ah peut-être une autre infection .. On va vérifier..
Télécharge Lop S&D.exe (d’ Eric 71) sur ton bureau.
Double-clique dessus pour lancer l'installation
Puis double-clique sur le raccourci Lop S&D présent sur ton bureau (Si tu es sous Vista, clique droit -> exécuter en tant qu'admin)
Séléctionne la langue souhaitée , puis choisis l'Option 1 (Recherche)
Patiente jusqu'à la fin du scan
Poste le rapport généré (C:\lopR.txt)
Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
Tapes explorer et valide. Cela te fera apparaitre ton bureau
Ah peut-être une autre infection .. On va vérifier..
Télécharge Lop S&D.exe (d’ Eric 71) sur ton bureau.
Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
Tapes explorer et valide. Cela te fera apparaitre ton bureau
-----------------------[ Lop S&D 4.2.2-1 XP/Vista ]---------------------
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Jason ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 2008-07-09 | 15:17:14,06 ] [ PC : JASON-MAISON ]
[ MAJ : 09-07-2008 | 21:02 ]
-------------[ Listing des dossiers dans Application Data ]-----------
[2008-07-06|09:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2008-07-06|20:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[2008-03-16|20:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
[2008-07-09|08:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[2008-06-24|10:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ConeXware
[2008-03-16|14:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[2008-03-25|10:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fast Warn Ooze Info
[2008-06-05|07:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2008-07-09|07:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[2008-07-06|08:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macromedia
[2008-07-01|07:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[2008-07-08|19:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[2008-04-13|23:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2008-03-16|21:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[2008-04-22|07:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[2008-07-09|08:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[2008-05-31|21:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2008-03-17|13:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[2008-03-16|14:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[2008-03-16|19:41] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[2008-07-06|20:25] C:\DOCUME~1\Jason\APPLIC~1\Adobe
[2008-05-14|20:05] C:\DOCUME~1\Jason\APPLIC~1\AdobeUM
[2008-03-28|16:26] C:\DOCUME~1\Jason\APPLIC~1\Blumentals
[2008-06-26|17:01] C:\DOCUME~1\Jason\APPLIC~1\Canon
[2008-03-16|14:27] C:\DOCUME~1\Jason\APPLIC~1\desktop.ini
[2008-03-17|00:21] C:\DOCUME~1\Jason\APPLIC~1\Google
[2008-06-12|06:34] C:\DOCUME~1\Jason\APPLIC~1\IBP
[2008-03-16|20:50] C:\DOCUME~1\Jason\APPLIC~1\Identities
[2008-07-06|20:45] C:\DOCUME~1\Jason\APPLIC~1\LimeWire
[2008-03-24|21:33] C:\DOCUME~1\Jason\APPLIC~1\Macromedia
[2008-07-08|19:12] C:\DOCUME~1\Jason\APPLIC~1\Malwarebytes
[2008-04-14|22:22] C:\DOCUME~1\Jason\APPLIC~1\Microsoft
[2008-06-30|11:59] C:\DOCUME~1\Jason\APPLIC~1\Mozilla
[2008-04-01|11:02] C:\DOCUME~1\Jason\APPLIC~1\Netscape
[2008-04-01|11:00] C:\DOCUME~1\Jason\APPLIC~1\Opera
[2008-04-19|11:18] C:\DOCUME~1\Jason\APPLIC~1\scriptocean
[2008-05-14|22:44] C:\DOCUME~1\Jason\APPLIC~1\Sun
[2008-03-20|13:28] C:\DOCUME~1\Jason\APPLIC~1\Visicom Media
[2008-03-16|20:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[2008-03-16|20:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]--------
[2008-07-09 11:01][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2002-08-30 08:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
---------------[ Listing des dossiers dans C:\Program Files ]----------
[2008-07-06|20:21] C:\Program Files\Adobe
[2008-03-16|20:40] C:\Program Files\Ahead
[2008-03-16|22:04] C:\Program Files\Alwil Software
[2008-07-09|08:36] C:\Program Files\Avira
[2008-05-11|21:59] C:\Program Files\AZ-Facturation
[2008-03-24|21:59] C:\Program Files\BitDownload
[2008-03-17|13:24] C:\Program Files\Canon
[2008-07-09|08:26] C:\Program Files\CCleaner
[2008-03-16|21:12] C:\Program Files\Common Files
[2008-03-16|19:35] C:\Program Files\ComPlus Applications
[2008-07-06|09:17] C:\Program Files\directx
[2008-03-28|16:33] C:\Program Files\EasyPHP1-8
[2008-07-06|16:13] C:\Program Files\Fichiers communs
[2008-05-20|12:05] C:\Program Files\FusionSoft DVD Player XP
[2008-06-26|17:27] C:\Program Files\Garmin
[2008-06-05|07:41] C:\Program Files\Google
[2008-03-17|07:47] C:\Program Files\Hewlett-Packard
[2008-03-17|07:46] C:\Program Files\HP
[2008-03-16|20:38] C:\Program Files\ICEOWS
[2008-07-06|16:33] C:\Program Files\InstallShield Installation Information
[2008-03-16|20:56] C:\Program Files\Intel
[2008-06-11|21:41] C:\Program Files\Internet Explorer
[2008-05-12|20:34] C:\Program Files\Java
[2008-03-24|21:48] C:\Program Files\LimeWire
[2008-07-06|08:48] C:\Program Files\Macromedia
[2008-07-08|19:12] C:\Program Files\Malwarebytes' Anti-Malware
[2008-05-12|22:18] C:\Program Files\Maxis
[2008-03-16|19:35] C:\Program Files\Messenger
[2008-07-08|06:54] C:\Program Files\microsoft frontpage
[2008-03-16|22:01] C:\Program Files\Microsoft IntelliPoint
[2008-03-17|13:38] C:\Program Files\Microsoft LifeChat
[2008-03-16|20:22] C:\Program Files\Microsoft Office
[2008-03-16|20:18] C:\Program Files\Microsoft Visual Studio
[2008-06-10|00:56] C:\Program Files\Microsoft Works
[2008-03-16|20:30] C:\Program Files\Microsoft.NET
[2008-03-16|19:37] C:\Program Files\Movie Maker
[2008-07-09|07:02] C:\Program Files\Mozilla Firefox
[2008-03-30|09:03] C:\Program Files\MSN
[2008-03-16|19:35] C:\Program Files\MSN Gaming Zone
[2008-03-18|00:07] C:\Program Files\MSXML 4.0
[2008-03-16|21:56] C:\Program Files\My Company Name
[2008-03-16|19:38] C:\Program Files\NetMeeting
[2008-04-01|11:02] C:\Program Files\Netscape
[2008-03-16|19:35] C:\Program Files\Online Services
[2008-06-13|06:40] C:\Program Files\Opera
[2008-03-17|08:09] C:\Program Files\Outlook Express
[2008-03-19|14:37] C:\Program Files\Realtek
[2008-05-24|14:48] C:\Program Files\roller coaster
[2008-04-19|11:21] C:\Program Files\Scriptocean
[2008-03-16|19:40] C:\Program Files\Services en ligne
[2008-03-25|09:36] C:\Program Files\Spybot - Search & Destroy
[2008-07-07|20:07] C:\Program Files\Trend Micro
[2008-05-08|10:45] C:\Program Files\UltraISO
[2008-03-16|20:50] C:\Program Files\Uninstall Information
[2008-03-20|13:28] C:\Program Files\Visicom Media
[2008-06-10|07:17] C:\Program Files\Web CEO
[2008-04-02|00:56] C:\Program Files\Western Digital Technologies
[2008-03-17|13:33] C:\Program Files\Windows Live
[2008-05-23|09:11] C:\Program Files\Windows Media Connect 2
[2008-05-23|09:11] C:\Program Files\Windows Media Player
[2008-03-16|19:34] C:\Program Files\Windows NT
[2008-03-16|19:40] C:\Program Files\WindowsUpdate
[2008-06-29|18:01] C:\Program Files\World of Warcraft
[2008-07-08|06:54] C:\Program Files\xerox
--[ Listing des dossiers dans C:\Program Files\Fichiers communs ]-
[2008-07-06|16:14] C:\Program Files\Fichiers communs\Adobe
[2008-07-06|16:13] C:\Program Files\Fichiers communs\Adobe Systems Shared
[2008-03-16|20:49] C:\Program Files\Fichiers communs\Ahead
[2008-03-16|21:57] C:\Program Files\Fichiers communs\Blizzard Entertainment
[2008-03-16|20:22] C:\Program Files\Fichiers communs\DESIGNER
[2008-05-08|10:45] C:\Program Files\Fichiers communs\EZB Systems
[2008-03-24|21:24] C:\Program Files\Fichiers communs\InstallShield
[2008-03-24|21:47] C:\Program Files\Fichiers communs\Java
[2008-07-06|08:44] C:\Program Files\Fichiers communs\Macromedia
[2008-06-10|00:56] C:\Program Files\Fichiers communs\Microsoft Shared
[2008-03-16|21:12] C:\Program Files\Fichiers communs\Motive
[2008-03-16|19:37] C:\Program Files\Fichiers communs\MSSoap
[2008-03-16|14:28] C:\Program Files\Fichiers communs\ODBC
[2008-03-16|19:38] C:\Program Files\Fichiers communs\Services
[2008-05-14|22:37] C:\Program Files\Fichiers communs\snpstd
[2008-03-16|14:28] C:\Program Files\Fichiers communs\SpeechEngines
[2008-03-17|08:09] C:\Program Files\Fichiers communs\System
[2008-03-17|13:32] C:\Program Files\Fichiers communs\WindowsLiveInstaller
---------------------------[ Process ]--------------------------
... 38
iexplore.exe ~ [1032]
iexplore.exe ~ [3912]
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]---------------
C:\Program Files\Bitdownload
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-09 15:17:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
=> C:\DOCUME~1\Jason\MESDOC~1\Download\FTP Expert 3.70.0 Fr + Crack.rar
=> C:\DOCUME~1\Jason\MESDOC~1\Download\Photoshop CS\crack
=> C:\DOCUME~1\Jason\MESDOC~1\Download\Photoshop CS\crack\adobelm.dll
=> C:\DOCUME~1\Jason\MESDOC~1\Download\Photoshop CS\crack\lisezmoi.txt
=> C:\DOCUME~1\Jason\MESDOC~1\Download\Photoshop CS\crack\tw10122.dat
=> C:\DOCUME~1\Jason\MESDOC~1\Web\WebInfini\webInfini\download\FTP Expert 3.70.0 Fr + Crack.rar
=> C:\DOCUME~1\Jason\MESDOC~1\Download\Adobe Illustrator CS2 + ssg keygen.zip
=> C:\DOCUME~1\Jason\MESDOC~1\Download\Adobe Illustrator CS2\_keygen
=> C:\DOCUME~1\Jason\MESDOC~1\Download\Adobe Illustrator CS2\_keygen\!!!see_now.mpg
=> C:\DOCUME~1\Jason\MESDOC~1\Download\Adobe Illustrator CS2\_keygen\keygen.exe
=> C:\DOCUME~1\Jason\MESDOC~1\Download\Adobe Illustrator CS2\_keygen\ssg.nfo
=> C:\DOCUME~1\Jason\MESDOC~1\Download\FTPExpert\Keygen FTP Expert 3.70.0.exe
=> C:\DOCUME~1\Jason\MESDOC~1\LimeWire\Incomplete\T-1200000000-Adobe Creative Suite 2 Premium (Photoshop CS2, Illustrator CS2, InDesign CS2, GoLive CS2, Acrobat 7.0 Professional, Version Cue CS2, Bridge, Stock Photos)(iso+keygen.rar
=> C:\DOCUME~1\Jason\MESDOC~1\Web\Adobe Creative Suite 2\_keygen
=> C:\DOCUME~1\Jason\MESDOC~1\Web\Adobe Creative Suite 2\Illustrator CS2\Adobe Illustrator CS2 + ssg keygen.zip
=> C:\DOCUME~1\Jason\MESDOC~1\Web\Adobe Creative Suite 2\_keygen\!!!see_now.mpg
=> C:\DOCUME~1\Jason\MESDOC~1\Web\Adobe Creative Suite 2\_keygen\keygen.exe
=> C:\DOCUME~1\Jason\MESDOC~1\Web\Adobe Creative Suite 2\_keygen\ssg.nfo
=> C:\Documents and Settings\Jason\Mes documents\Download\FTP Expert 3.70.0 Fr + Crack.rar
=> C:\Documents and Settings\Jason\Mes documents\Download\Photoshop CS\crack
=> C:\Documents and Settings\Jason\Mes documents\Download\Photoshop CS\crack\adobelm.dll
=> C:\Documents and Settings\Jason\Mes documents\Download\Photoshop CS\crack\lisezmoi.txt
=> C:\Documents and Settings\Jason\Mes documents\Download\Photoshop CS\crack\tw10122.dat
=> C:\Documents and Settings\Jason\Mes documents\Web\WebInfini\webInfini\download\FTP Expert 3.70.0 Fr + Crack.rar
=> C:\Documents and Settings\Jason\Mes documents\Download\Adobe Illustrator CS2 + ssg keygen.zip
=> C:\Documents and Settings\Jason\Mes documents\Download\Adobe Illustrator CS2\_keygen
=> C:\Documents and Settings\Jason\Mes documents\Download\Adobe Illustrator CS2\_keygen\!!!see_now.mpg
=> C:\Documents and Settings\Jason\Mes documents\Download\Adobe Illustrator CS2\_keygen\keygen.exe
=> C:\Documents and Settings\Jason\Mes documents\Download\Adobe Illustrator CS2\_keygen\ssg.nfo
=> C:\Documents and Settings\Jason\Mes documents\Download\FTPExpert\Keygen FTP Expert 3.70.0.exe
=> C:\Documents and Settings\Jason\Mes documents\LimeWire\Incomplete\T-1200000000-Adobe Creative Suite 2 Premium (Photoshop CS2, Illustrator CS2, InDesign CS2, GoLive CS2, Acrobat 7.0 Professional, Version Cue CS2, Bridge, Stock Photos)(iso+keygen.rar
=> C:\Documents and Settings\Jason\Mes documents\Web\Adobe Creative Suite 2\_keygen
=> C:\Documents and Settings\Jason\Mes documents\Web\Adobe Creative Suite 2\Illustrator CS2\Adobe Illustrator CS2 + ssg keygen.zip
=> C:\Documents and Settings\Jason\Mes documents\Web\Adobe Creative Suite 2\_keygen\!!!see_now.mpg
=> C:\Documents and Settings\Jason\Mes documents\Web\Adobe Creative Suite 2\_keygen\keygen.exe
=> C:\Documents and Settings\Jason\Mes documents\Web\Adobe Creative Suite 2\_keygen\ssg.nfo
[F:28][D:3]-> C:\DOCUME~1\Jason\LOCALS~1\Temp
[F:63][D:0]-> C:\DOCUME~1\Jason\Cookies
[F:1659][D:8]-> C:\DOCUME~1\Jason\LOCALS~1\TEMPOR~1\content.IE5
--------------------[ Fin du rapport a 15:18:25,95 ]--------------------
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Jason ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 2008-07-09 | 15:17:14,06 ] [ PC : JASON-MAISON ]
[ MAJ : 09-07-2008 | 21:02 ]
-------------[ Listing des dossiers dans Application Data ]-----------
[2008-07-06|09:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2008-07-06|20:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[2008-03-16|20:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
[2008-07-09|08:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[2008-06-24|10:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ConeXware
[2008-03-16|14:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[2008-03-25|10:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fast Warn Ooze Info
[2008-06-05|07:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2008-07-09|07:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[2008-07-06|08:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macromedia
[2008-07-01|07:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[2008-07-08|19:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[2008-04-13|23:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2008-03-16|21:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[2008-04-22|07:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[2008-07-09|08:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[2008-05-31|21:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2008-03-17|13:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[2008-03-16|14:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[2008-03-16|19:41] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[2008-07-06|20:25] C:\DOCUME~1\Jason\APPLIC~1\Adobe
[2008-05-14|20:05] C:\DOCUME~1\Jason\APPLIC~1\AdobeUM
[2008-03-28|16:26] C:\DOCUME~1\Jason\APPLIC~1\Blumentals
[2008-06-26|17:01] C:\DOCUME~1\Jason\APPLIC~1\Canon
[2008-03-16|14:27] C:\DOCUME~1\Jason\APPLIC~1\desktop.ini
[2008-03-17|00:21] C:\DOCUME~1\Jason\APPLIC~1\Google
[2008-06-12|06:34] C:\DOCUME~1\Jason\APPLIC~1\IBP
[2008-03-16|20:50] C:\DOCUME~1\Jason\APPLIC~1\Identities
[2008-07-06|20:45] C:\DOCUME~1\Jason\APPLIC~1\LimeWire
[2008-03-24|21:33] C:\DOCUME~1\Jason\APPLIC~1\Macromedia
[2008-07-08|19:12] C:\DOCUME~1\Jason\APPLIC~1\Malwarebytes
[2008-04-14|22:22] C:\DOCUME~1\Jason\APPLIC~1\Microsoft
[2008-06-30|11:59] C:\DOCUME~1\Jason\APPLIC~1\Mozilla
[2008-04-01|11:02] C:\DOCUME~1\Jason\APPLIC~1\Netscape
[2008-04-01|11:00] C:\DOCUME~1\Jason\APPLIC~1\Opera
[2008-04-19|11:18] C:\DOCUME~1\Jason\APPLIC~1\scriptocean
[2008-05-14|22:44] C:\DOCUME~1\Jason\APPLIC~1\Sun
[2008-03-20|13:28] C:\DOCUME~1\Jason\APPLIC~1\Visicom Media
[2008-03-16|20:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[2008-03-16|20:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]--------
[2008-07-09 11:01][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2002-08-30 08:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
---------------[ Listing des dossiers dans C:\Program Files ]----------
[2008-07-06|20:21] C:\Program Files\Adobe
[2008-03-16|20:40] C:\Program Files\Ahead
[2008-03-16|22:04] C:\Program Files\Alwil Software
[2008-07-09|08:36] C:\Program Files\Avira
[2008-05-11|21:59] C:\Program Files\AZ-Facturation
[2008-03-24|21:59] C:\Program Files\BitDownload
[2008-03-17|13:24] C:\Program Files\Canon
[2008-07-09|08:26] C:\Program Files\CCleaner
[2008-03-16|21:12] C:\Program Files\Common Files
[2008-03-16|19:35] C:\Program Files\ComPlus Applications
[2008-07-06|09:17] C:\Program Files\directx
[2008-03-28|16:33] C:\Program Files\EasyPHP1-8
[2008-07-06|16:13] C:\Program Files\Fichiers communs
[2008-05-20|12:05] C:\Program Files\FusionSoft DVD Player XP
[2008-06-26|17:27] C:\Program Files\Garmin
[2008-06-05|07:41] C:\Program Files\Google
[2008-03-17|07:47] C:\Program Files\Hewlett-Packard
[2008-03-17|07:46] C:\Program Files\HP
[2008-03-16|20:38] C:\Program Files\ICEOWS
[2008-07-06|16:33] C:\Program Files\InstallShield Installation Information
[2008-03-16|20:56] C:\Program Files\Intel
[2008-06-11|21:41] C:\Program Files\Internet Explorer
[2008-05-12|20:34] C:\Program Files\Java
[2008-03-24|21:48] C:\Program Files\LimeWire
[2008-07-06|08:48] C:\Program Files\Macromedia
[2008-07-08|19:12] C:\Program Files\Malwarebytes' Anti-Malware
[2008-05-12|22:18] C:\Program Files\Maxis
[2008-03-16|19:35] C:\Program Files\Messenger
[2008-07-08|06:54] C:\Program Files\microsoft frontpage
[2008-03-16|22:01] C:\Program Files\Microsoft IntelliPoint
[2008-03-17|13:38] C:\Program Files\Microsoft LifeChat
[2008-03-16|20:22] C:\Program Files\Microsoft Office
[2008-03-16|20:18] C:\Program Files\Microsoft Visual Studio
[2008-06-10|00:56] C:\Program Files\Microsoft Works
[2008-03-16|20:30] C:\Program Files\Microsoft.NET
[2008-03-16|19:37] C:\Program Files\Movie Maker
[2008-07-09|07:02] C:\Program Files\Mozilla Firefox
[2008-03-30|09:03] C:\Program Files\MSN
[2008-03-16|19:35] C:\Program Files\MSN Gaming Zone
[2008-03-18|00:07] C:\Program Files\MSXML 4.0
[2008-03-16|21:56] C:\Program Files\My Company Name
[2008-03-16|19:38] C:\Program Files\NetMeeting
[2008-04-01|11:02] C:\Program Files\Netscape
[2008-03-16|19:35] C:\Program Files\Online Services
[2008-06-13|06:40] C:\Program Files\Opera
[2008-03-17|08:09] C:\Program Files\Outlook Express
[2008-03-19|14:37] C:\Program Files\Realtek
[2008-05-24|14:48] C:\Program Files\roller coaster
[2008-04-19|11:21] C:\Program Files\Scriptocean
[2008-03-16|19:40] C:\Program Files\Services en ligne
[2008-03-25|09:36] C:\Program Files\Spybot - Search & Destroy
[2008-07-07|20:07] C:\Program Files\Trend Micro
[2008-05-08|10:45] C:\Program Files\UltraISO
[2008-03-16|20:50] C:\Program Files\Uninstall Information
[2008-03-20|13:28] C:\Program Files\Visicom Media
[2008-06-10|07:17] C:\Program Files\Web CEO
[2008-04-02|00:56] C:\Program Files\Western Digital Technologies
[2008-03-17|13:33] C:\Program Files\Windows Live
[2008-05-23|09:11] C:\Program Files\Windows Media Connect 2
[2008-05-23|09:11] C:\Program Files\Windows Media Player
[2008-03-16|19:34] C:\Program Files\Windows NT
[2008-03-16|19:40] C:\Program Files\WindowsUpdate
[2008-06-29|18:01] C:\Program Files\World of Warcraft
[2008-07-08|06:54] C:\Program Files\xerox
--[ Listing des dossiers dans C:\Program Files\Fichiers communs ]-
[2008-07-06|16:14] C:\Program Files\Fichiers communs\Adobe
[2008-07-06|16:13] C:\Program Files\Fichiers communs\Adobe Systems Shared
[2008-03-16|20:49] C:\Program Files\Fichiers communs\Ahead
[2008-03-16|21:57] C:\Program Files\Fichiers communs\Blizzard Entertainment
[2008-03-16|20:22] C:\Program Files\Fichiers communs\DESIGNER
[2008-05-08|10:45] C:\Program Files\Fichiers communs\EZB Systems
[2008-03-24|21:24] C:\Program Files\Fichiers communs\InstallShield
[2008-03-24|21:47] C:\Program Files\Fichiers communs\Java
[2008-07-06|08:44] C:\Program Files\Fichiers communs\Macromedia
[2008-06-10|00:56] C:\Program Files\Fichiers communs\Microsoft Shared
[2008-03-16|21:12] C:\Program Files\Fichiers communs\Motive
[2008-03-16|19:37] C:\Program Files\Fichiers communs\MSSoap
[2008-03-16|14:28] C:\Program Files\Fichiers communs\ODBC
[2008-03-16|19:38] C:\Program Files\Fichiers communs\Services
[2008-05-14|22:37] C:\Program Files\Fichiers communs\snpstd
[2008-03-16|14:28] C:\Program Files\Fichiers communs\SpeechEngines
[2008-03-17|08:09] C:\Program Files\Fichiers communs\System
[2008-03-17|13:32] C:\Program Files\Fichiers communs\WindowsLiveInstaller
---------------------------[ Process ]--------------------------
... 38
iexplore.exe ~ [1032]
iexplore.exe ~ [3912]
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]---------------
C:\Program Files\Bitdownload
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-09 15:17:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
=> C:\DOCUME~1\Jason\MESDOC~1\Download\FTP Expert 3.70.0 Fr + Crack.rar
=> C:\DOCUME~1\Jason\MESDOC~1\Download\Photoshop CS\crack
=> C:\DOCUME~1\Jason\MESDOC~1\Download\Photoshop CS\crack\adobelm.dll
=> C:\DOCUME~1\Jason\MESDOC~1\Download\Photoshop CS\crack\lisezmoi.txt
=> C:\DOCUME~1\Jason\MESDOC~1\Download\Photoshop CS\crack\tw10122.dat
=> C:\DOCUME~1\Jason\MESDOC~1\Web\WebInfini\webInfini\download\FTP Expert 3.70.0 Fr + Crack.rar
=> C:\DOCUME~1\Jason\MESDOC~1\Download\Adobe Illustrator CS2 + ssg keygen.zip
=> C:\DOCUME~1\Jason\MESDOC~1\Download\Adobe Illustrator CS2\_keygen
=> C:\DOCUME~1\Jason\MESDOC~1\Download\Adobe Illustrator CS2\_keygen\!!!see_now.mpg
=> C:\DOCUME~1\Jason\MESDOC~1\Download\Adobe Illustrator CS2\_keygen\keygen.exe
=> C:\DOCUME~1\Jason\MESDOC~1\Download\Adobe Illustrator CS2\_keygen\ssg.nfo
=> C:\DOCUME~1\Jason\MESDOC~1\Download\FTPExpert\Keygen FTP Expert 3.70.0.exe
=> C:\DOCUME~1\Jason\MESDOC~1\LimeWire\Incomplete\T-1200000000-Adobe Creative Suite 2 Premium (Photoshop CS2, Illustrator CS2, InDesign CS2, GoLive CS2, Acrobat 7.0 Professional, Version Cue CS2, Bridge, Stock Photos)(iso+keygen.rar
=> C:\DOCUME~1\Jason\MESDOC~1\Web\Adobe Creative Suite 2\_keygen
=> C:\DOCUME~1\Jason\MESDOC~1\Web\Adobe Creative Suite 2\Illustrator CS2\Adobe Illustrator CS2 + ssg keygen.zip
=> C:\DOCUME~1\Jason\MESDOC~1\Web\Adobe Creative Suite 2\_keygen\!!!see_now.mpg
=> C:\DOCUME~1\Jason\MESDOC~1\Web\Adobe Creative Suite 2\_keygen\keygen.exe
=> C:\DOCUME~1\Jason\MESDOC~1\Web\Adobe Creative Suite 2\_keygen\ssg.nfo
=> C:\Documents and Settings\Jason\Mes documents\Download\FTP Expert 3.70.0 Fr + Crack.rar
=> C:\Documents and Settings\Jason\Mes documents\Download\Photoshop CS\crack
=> C:\Documents and Settings\Jason\Mes documents\Download\Photoshop CS\crack\adobelm.dll
=> C:\Documents and Settings\Jason\Mes documents\Download\Photoshop CS\crack\lisezmoi.txt
=> C:\Documents and Settings\Jason\Mes documents\Download\Photoshop CS\crack\tw10122.dat
=> C:\Documents and Settings\Jason\Mes documents\Web\WebInfini\webInfini\download\FTP Expert 3.70.0 Fr + Crack.rar
=> C:\Documents and Settings\Jason\Mes documents\Download\Adobe Illustrator CS2 + ssg keygen.zip
=> C:\Documents and Settings\Jason\Mes documents\Download\Adobe Illustrator CS2\_keygen
=> C:\Documents and Settings\Jason\Mes documents\Download\Adobe Illustrator CS2\_keygen\!!!see_now.mpg
=> C:\Documents and Settings\Jason\Mes documents\Download\Adobe Illustrator CS2\_keygen\keygen.exe
=> C:\Documents and Settings\Jason\Mes documents\Download\Adobe Illustrator CS2\_keygen\ssg.nfo
=> C:\Documents and Settings\Jason\Mes documents\Download\FTPExpert\Keygen FTP Expert 3.70.0.exe
=> C:\Documents and Settings\Jason\Mes documents\LimeWire\Incomplete\T-1200000000-Adobe Creative Suite 2 Premium (Photoshop CS2, Illustrator CS2, InDesign CS2, GoLive CS2, Acrobat 7.0 Professional, Version Cue CS2, Bridge, Stock Photos)(iso+keygen.rar
=> C:\Documents and Settings\Jason\Mes documents\Web\Adobe Creative Suite 2\_keygen
=> C:\Documents and Settings\Jason\Mes documents\Web\Adobe Creative Suite 2\Illustrator CS2\Adobe Illustrator CS2 + ssg keygen.zip
=> C:\Documents and Settings\Jason\Mes documents\Web\Adobe Creative Suite 2\_keygen\!!!see_now.mpg
=> C:\Documents and Settings\Jason\Mes documents\Web\Adobe Creative Suite 2\_keygen\keygen.exe
=> C:\Documents and Settings\Jason\Mes documents\Web\Adobe Creative Suite 2\_keygen\ssg.nfo
[F:28][D:3]-> C:\DOCUME~1\Jason\LOCALS~1\Temp
[F:63][D:0]-> C:\DOCUME~1\Jason\Cookies
[F:1659][D:8]-> C:\DOCUME~1\Jason\LOCALS~1\TEMPOR~1\content.IE5
--------------------[ Fin du rapport a 15:18:25,95 ]--------------------
Re,
Fais le ménage dans tes cracks ! Il y en a sûrement des infectieux !
Sélectionne entièrement l'encadré ci-dessous , puis clique droit Copier
Relance Lop S&D.
Choisis cette fois ci l'Option 4 (LopScript)
Une page blanche va s'ouvrir , clique droit dessus et choisis Coller
Ferme la page , il te sera demandé de l'enregistrer , clique sur [Enregistrer]
Ne ferme pas la fenêtre lors de la suppression !
Poste le rapport généré (C:\lopR.txt)
Fais le ménage dans tes cracks ! Il y en a sûrement des infectieux !
Sélectionne entièrement l'encadré ci-dessous , puis clique droit Copier
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fast Warn Ooze Info
Relance Lop S&D.
J'ai fais le ménage comme tu m'avais dit, toutefois il me reste FTP Expert mais c'est pas lui le problème, je l'ai depuis longtemps. Les autres étaient récents.
-----------------------[ Lop S&D 4.2.2-1 XP/Vista ]---------------------
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Jason ] [ "C:\Lop SD" ] [ Selection : 4 ]
[ 2008-07-10 | 6:59:54,14 ] [ PC : JASON-MAISON ]
[ MAJ : 09-07-2008 | 21:02 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ LopScript //////////////////////////////////
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fast Warn Ooze Info
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fast Warn Ooze Info
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////
Supprime! - C:\Program Files\Bitdownload
//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
-------------[ Listing des dossiers dans Application Data ]------------
[2008-07-06|09:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2008-03-16|20:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
[2008-07-09|08:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[2008-06-24|10:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ConeXware
[2008-03-16|14:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[2008-06-05|07:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2008-07-09|07:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[2008-07-06|08:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macromedia
[2008-07-01|07:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[2008-07-08|19:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[2008-04-13|23:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2008-03-16|21:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[2008-04-22|07:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[2008-07-09|08:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[2008-05-31|21:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2008-03-17|13:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[2008-03-16|14:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[2008-03-16|19:41] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[2008-07-10|00:13] C:\DOCUME~1\Jason\APPLIC~1\Adobe
[2008-05-14|20:05] C:\DOCUME~1\Jason\APPLIC~1\AdobeUM
[2008-03-28|16:26] C:\DOCUME~1\Jason\APPLIC~1\Blumentals
[2008-06-26|17:01] C:\DOCUME~1\Jason\APPLIC~1\Canon
[2008-03-16|14:27] C:\DOCUME~1\Jason\APPLIC~1\desktop.ini
[2008-03-17|00:21] C:\DOCUME~1\Jason\APPLIC~1\Google
[2008-06-12|06:34] C:\DOCUME~1\Jason\APPLIC~1\IBP
[2008-03-16|20:50] C:\DOCUME~1\Jason\APPLIC~1\Identities
[2008-07-06|20:45] C:\DOCUME~1\Jason\APPLIC~1\LimeWire
[2008-03-24|21:33] C:\DOCUME~1\Jason\APPLIC~1\Macromedia
[2008-07-08|19:12] C:\DOCUME~1\Jason\APPLIC~1\Malwarebytes
[2008-04-14|22:22] C:\DOCUME~1\Jason\APPLIC~1\Microsoft
[2008-06-30|11:59] C:\DOCUME~1\Jason\APPLIC~1\Mozilla
[2008-04-01|11:02] C:\DOCUME~1\Jason\APPLIC~1\Netscape
[2008-04-01|11:00] C:\DOCUME~1\Jason\APPLIC~1\Opera
[2008-04-19|11:18] C:\DOCUME~1\Jason\APPLIC~1\scriptocean
[2008-05-14|22:44] C:\DOCUME~1\Jason\APPLIC~1\Sun
[2008-03-20|13:28] C:\DOCUME~1\Jason\APPLIC~1\Visicom Media
[2008-03-16|20:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[2008-03-16|20:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[2008-07-10 06:48][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2002-08-30 08:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[2008-07-09|23:55] C:\Program Files\Adobe
[2008-03-16|20:40] C:\Program Files\Ahead
[2008-03-16|22:04] C:\Program Files\Alwil Software
[2008-07-09|08:36] C:\Program Files\Avira
[2008-05-11|21:59] C:\Program Files\AZ-Facturation
[2008-03-17|13:24] C:\Program Files\Canon
[2008-07-09|08:26] C:\Program Files\CCleaner
[2008-03-16|21:12] C:\Program Files\Common Files
[2008-03-16|19:35] C:\Program Files\ComPlus Applications
[2008-07-06|09:17] C:\Program Files\directx
[2008-03-28|16:33] C:\Program Files\EasyPHP1-8
[2008-07-10|00:13] C:\Program Files\Fichiers communs
[2008-05-20|12:05] C:\Program Files\FusionSoft DVD Player XP
[2008-06-26|17:27] C:\Program Files\Garmin
[2008-06-05|07:41] C:\Program Files\Google
[2008-03-17|07:47] C:\Program Files\Hewlett-Packard
[2008-03-17|07:46] C:\Program Files\HP
[2008-03-16|20:38] C:\Program Files\ICEOWS
[2008-07-06|16:33] C:\Program Files\InstallShield Installation Information
[2008-03-16|20:56] C:\Program Files\Intel
[2008-06-11|21:41] C:\Program Files\Internet Explorer
[2008-05-12|20:34] C:\Program Files\Java
[2008-03-24|21:48] C:\Program Files\LimeWire
[2008-07-06|08:48] C:\Program Files\Macromedia
[2008-07-08|19:12] C:\Program Files\Malwarebytes' Anti-Malware
[2008-05-12|22:18] C:\Program Files\Maxis
[2008-03-16|19:35] C:\Program Files\Messenger
[2008-07-08|06:54] C:\Program Files\microsoft frontpage
[2008-03-16|22:01] C:\Program Files\Microsoft IntelliPoint
[2008-03-17|13:38] C:\Program Files\Microsoft LifeChat
[2008-03-16|20:22] C:\Program Files\Microsoft Office
[2008-03-16|20:18] C:\Program Files\Microsoft Visual Studio
[2008-06-10|00:56] C:\Program Files\Microsoft Works
[2008-03-16|20:30] C:\Program Files\Microsoft.NET
[2008-03-16|19:37] C:\Program Files\Movie Maker
[2008-07-09|07:02] C:\Program Files\Mozilla Firefox
[2008-03-30|09:03] C:\Program Files\MSN
[2008-03-16|19:35] C:\Program Files\MSN Gaming Zone
[2008-03-18|00:07] C:\Program Files\MSXML 4.0
[2008-03-16|21:56] C:\Program Files\My Company Name
[2008-03-16|19:38] C:\Program Files\NetMeeting
[2008-04-01|11:02] C:\Program Files\Netscape
[2008-03-16|19:35] C:\Program Files\Online Services
[2008-06-13|06:40] C:\Program Files\Opera
[2008-03-17|08:09] C:\Program Files\Outlook Express
[2008-03-19|14:37] C:\Program Files\Realtek
[2008-05-24|14:48] C:\Program Files\roller coaster
[2008-04-19|11:21] C:\Program Files\Scriptocean
[2008-03-16|19:40] C:\Program Files\Services en ligne
[2008-03-25|09:36] C:\Program Files\Spybot - Search & Destroy
[2008-07-07|20:07] C:\Program Files\Trend Micro
[2008-05-08|10:45] C:\Program Files\UltraISO
[2008-03-16|20:50] C:\Program Files\Uninstall Information
[2008-03-20|13:28] C:\Program Files\Visicom Media
[2008-06-10|07:17] C:\Program Files\Web CEO
[2008-04-02|00:56] C:\Program Files\Western Digital Technologies
[2008-03-17|13:33] C:\Program Files\Windows Live
[2008-05-23|09:11] C:\Program Files\Windows Media Connect 2
[2008-05-23|09:11] C:\Program Files\Windows Media Player
[2008-03-16|19:34] C:\Program Files\Windows NT
[2008-03-16|19:40] C:\Program Files\WindowsUpdate
[2008-06-29|18:01] C:\Program Files\World of Warcraft
[2008-07-08|06:54] C:\Program Files\xerox
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
[2008-07-09|23:54] C:\Program Files\Fichiers communs\Adobe
[2008-03-16|20:49] C:\Program Files\Fichiers communs\Ahead
[2008-03-16|21:57] C:\Program Files\Fichiers communs\Blizzard Entertainment
[2008-03-16|20:22] C:\Program Files\Fichiers communs\DESIGNER
[2008-05-08|10:45] C:\Program Files\Fichiers communs\EZB Systems
[2008-03-24|21:24] C:\Program Files\Fichiers communs\InstallShield
[2008-03-24|21:47] C:\Program Files\Fichiers communs\Java
[2008-07-06|08:44] C:\Program Files\Fichiers communs\Macromedia
[2008-06-10|00:56] C:\Program Files\Fichiers communs\Microsoft Shared
[2008-03-16|21:12] C:\Program Files\Fichiers communs\Motive
[2008-03-16|19:37] C:\Program Files\Fichiers communs\MSSoap
[2008-03-16|14:28] C:\Program Files\Fichiers communs\ODBC
[2008-03-16|19:38] C:\Program Files\Fichiers communs\Services
[2008-05-14|22:37] C:\Program Files\Fichiers communs\snpstd
[2008-03-16|14:28] C:\Program Files\Fichiers communs\SpeechEngines
[2008-03-17|08:09] C:\Program Files\Fichiers communs\System
[2008-03-17|13:32] C:\Program Files\Fichiers communs\WindowsLiveInstaller
---------------------------[ Process ]--------------------------
... 36
... OK !
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
C:\DOCUME~1\Jason\Cookies\jason@adultfriendfinder[2].txt
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 07:00:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
=> C:\DOCUME~1\Jason\MESDOC~1\Download\FTP Expert 3.70.0 Fr + Crack.rar
=> C:\DOCUME~1\Jason\MESDOC~1\Web\WebInfini\webInfini\download\FTP Expert 3.70.0 Fr + Crack.rar
=> C:\DOCUME~1\Jason\MESDOC~1\Download\FTPExpert\Keygen FTP Expert 3.70.0.exe
=> C:\Documents and Settings\Jason\Mes documents\Download\FTP Expert 3.70.0 Fr + Crack.rar
=> C:\Documents and Settings\Jason\Mes documents\Web\WebInfini\webInfini\download\FTP Expert 3.70.0 Fr + Crack.rar
=> C:\Documents and Settings\Jason\Mes documents\Download\FTPExpert\Keygen FTP Expert 3.70.0.exe
[F:36][D:3]-> C:\DOCUME~1\Jason\LOCALS~1\Temp
[F:103][D:0]-> C:\DOCUME~1\Jason\Cookies
[F:5932][D:12]-> C:\DOCUME~1\Jason\LOCALS~1\TEMPOR~1\content.IE5
--------------------[ Fin du rapport a 7:01:19,53 ]----------------------
-----------------------[ Lop S&D 4.2.2-1 XP/Vista ]---------------------
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Jason ] [ "C:\Lop SD" ] [ Selection : 4 ]
[ 2008-07-10 | 6:59:54,14 ] [ PC : JASON-MAISON ]
[ MAJ : 09-07-2008 | 21:02 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ LopScript //////////////////////////////////
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fast Warn Ooze Info
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fast Warn Ooze Info
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////
Supprime! - C:\Program Files\Bitdownload
//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
-------------[ Listing des dossiers dans Application Data ]------------
[2008-07-06|09:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2008-03-16|20:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
[2008-07-09|08:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[2008-06-24|10:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ConeXware
[2008-03-16|14:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[2008-06-05|07:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2008-07-09|07:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[2008-07-06|08:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macromedia
[2008-07-01|07:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[2008-07-08|19:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[2008-04-13|23:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2008-03-16|21:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[2008-04-22|07:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[2008-07-09|08:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[2008-05-31|21:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2008-03-17|13:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[2008-03-16|14:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[2008-03-16|19:41] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[2008-07-10|00:13] C:\DOCUME~1\Jason\APPLIC~1\Adobe
[2008-05-14|20:05] C:\DOCUME~1\Jason\APPLIC~1\AdobeUM
[2008-03-28|16:26] C:\DOCUME~1\Jason\APPLIC~1\Blumentals
[2008-06-26|17:01] C:\DOCUME~1\Jason\APPLIC~1\Canon
[2008-03-16|14:27] C:\DOCUME~1\Jason\APPLIC~1\desktop.ini
[2008-03-17|00:21] C:\DOCUME~1\Jason\APPLIC~1\Google
[2008-06-12|06:34] C:\DOCUME~1\Jason\APPLIC~1\IBP
[2008-03-16|20:50] C:\DOCUME~1\Jason\APPLIC~1\Identities
[2008-07-06|20:45] C:\DOCUME~1\Jason\APPLIC~1\LimeWire
[2008-03-24|21:33] C:\DOCUME~1\Jason\APPLIC~1\Macromedia
[2008-07-08|19:12] C:\DOCUME~1\Jason\APPLIC~1\Malwarebytes
[2008-04-14|22:22] C:\DOCUME~1\Jason\APPLIC~1\Microsoft
[2008-06-30|11:59] C:\DOCUME~1\Jason\APPLIC~1\Mozilla
[2008-04-01|11:02] C:\DOCUME~1\Jason\APPLIC~1\Netscape
[2008-04-01|11:00] C:\DOCUME~1\Jason\APPLIC~1\Opera
[2008-04-19|11:18] C:\DOCUME~1\Jason\APPLIC~1\scriptocean
[2008-05-14|22:44] C:\DOCUME~1\Jason\APPLIC~1\Sun
[2008-03-20|13:28] C:\DOCUME~1\Jason\APPLIC~1\Visicom Media
[2008-03-16|20:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[2008-03-16|20:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[2008-07-10 06:48][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2002-08-30 08:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[2008-07-09|23:55] C:\Program Files\Adobe
[2008-03-16|20:40] C:\Program Files\Ahead
[2008-03-16|22:04] C:\Program Files\Alwil Software
[2008-07-09|08:36] C:\Program Files\Avira
[2008-05-11|21:59] C:\Program Files\AZ-Facturation
[2008-03-17|13:24] C:\Program Files\Canon
[2008-07-09|08:26] C:\Program Files\CCleaner
[2008-03-16|21:12] C:\Program Files\Common Files
[2008-03-16|19:35] C:\Program Files\ComPlus Applications
[2008-07-06|09:17] C:\Program Files\directx
[2008-03-28|16:33] C:\Program Files\EasyPHP1-8
[2008-07-10|00:13] C:\Program Files\Fichiers communs
[2008-05-20|12:05] C:\Program Files\FusionSoft DVD Player XP
[2008-06-26|17:27] C:\Program Files\Garmin
[2008-06-05|07:41] C:\Program Files\Google
[2008-03-17|07:47] C:\Program Files\Hewlett-Packard
[2008-03-17|07:46] C:\Program Files\HP
[2008-03-16|20:38] C:\Program Files\ICEOWS
[2008-07-06|16:33] C:\Program Files\InstallShield Installation Information
[2008-03-16|20:56] C:\Program Files\Intel
[2008-06-11|21:41] C:\Program Files\Internet Explorer
[2008-05-12|20:34] C:\Program Files\Java
[2008-03-24|21:48] C:\Program Files\LimeWire
[2008-07-06|08:48] C:\Program Files\Macromedia
[2008-07-08|19:12] C:\Program Files\Malwarebytes' Anti-Malware
[2008-05-12|22:18] C:\Program Files\Maxis
[2008-03-16|19:35] C:\Program Files\Messenger
[2008-07-08|06:54] C:\Program Files\microsoft frontpage
[2008-03-16|22:01] C:\Program Files\Microsoft IntelliPoint
[2008-03-17|13:38] C:\Program Files\Microsoft LifeChat
[2008-03-16|20:22] C:\Program Files\Microsoft Office
[2008-03-16|20:18] C:\Program Files\Microsoft Visual Studio
[2008-06-10|00:56] C:\Program Files\Microsoft Works
[2008-03-16|20:30] C:\Program Files\Microsoft.NET
[2008-03-16|19:37] C:\Program Files\Movie Maker
[2008-07-09|07:02] C:\Program Files\Mozilla Firefox
[2008-03-30|09:03] C:\Program Files\MSN
[2008-03-16|19:35] C:\Program Files\MSN Gaming Zone
[2008-03-18|00:07] C:\Program Files\MSXML 4.0
[2008-03-16|21:56] C:\Program Files\My Company Name
[2008-03-16|19:38] C:\Program Files\NetMeeting
[2008-04-01|11:02] C:\Program Files\Netscape
[2008-03-16|19:35] C:\Program Files\Online Services
[2008-06-13|06:40] C:\Program Files\Opera
[2008-03-17|08:09] C:\Program Files\Outlook Express
[2008-03-19|14:37] C:\Program Files\Realtek
[2008-05-24|14:48] C:\Program Files\roller coaster
[2008-04-19|11:21] C:\Program Files\Scriptocean
[2008-03-16|19:40] C:\Program Files\Services en ligne
[2008-03-25|09:36] C:\Program Files\Spybot - Search & Destroy
[2008-07-07|20:07] C:\Program Files\Trend Micro
[2008-05-08|10:45] C:\Program Files\UltraISO
[2008-03-16|20:50] C:\Program Files\Uninstall Information
[2008-03-20|13:28] C:\Program Files\Visicom Media
[2008-06-10|07:17] C:\Program Files\Web CEO
[2008-04-02|00:56] C:\Program Files\Western Digital Technologies
[2008-03-17|13:33] C:\Program Files\Windows Live
[2008-05-23|09:11] C:\Program Files\Windows Media Connect 2
[2008-05-23|09:11] C:\Program Files\Windows Media Player
[2008-03-16|19:34] C:\Program Files\Windows NT
[2008-03-16|19:40] C:\Program Files\WindowsUpdate
[2008-06-29|18:01] C:\Program Files\World of Warcraft
[2008-07-08|06:54] C:\Program Files\xerox
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
[2008-07-09|23:54] C:\Program Files\Fichiers communs\Adobe
[2008-03-16|20:49] C:\Program Files\Fichiers communs\Ahead
[2008-03-16|21:57] C:\Program Files\Fichiers communs\Blizzard Entertainment
[2008-03-16|20:22] C:\Program Files\Fichiers communs\DESIGNER
[2008-05-08|10:45] C:\Program Files\Fichiers communs\EZB Systems
[2008-03-24|21:24] C:\Program Files\Fichiers communs\InstallShield
[2008-03-24|21:47] C:\Program Files\Fichiers communs\Java
[2008-07-06|08:44] C:\Program Files\Fichiers communs\Macromedia
[2008-06-10|00:56] C:\Program Files\Fichiers communs\Microsoft Shared
[2008-03-16|21:12] C:\Program Files\Fichiers communs\Motive
[2008-03-16|19:37] C:\Program Files\Fichiers communs\MSSoap
[2008-03-16|14:28] C:\Program Files\Fichiers communs\ODBC
[2008-03-16|19:38] C:\Program Files\Fichiers communs\Services
[2008-05-14|22:37] C:\Program Files\Fichiers communs\snpstd
[2008-03-16|14:28] C:\Program Files\Fichiers communs\SpeechEngines
[2008-03-17|08:09] C:\Program Files\Fichiers communs\System
[2008-03-17|13:32] C:\Program Files\Fichiers communs\WindowsLiveInstaller
---------------------------[ Process ]--------------------------
... 36
... OK !
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
C:\DOCUME~1\Jason\Cookies\jason@adultfriendfinder[2].txt
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 07:00:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
=> C:\DOCUME~1\Jason\MESDOC~1\Download\FTP Expert 3.70.0 Fr + Crack.rar
=> C:\DOCUME~1\Jason\MESDOC~1\Web\WebInfini\webInfini\download\FTP Expert 3.70.0 Fr + Crack.rar
=> C:\DOCUME~1\Jason\MESDOC~1\Download\FTPExpert\Keygen FTP Expert 3.70.0.exe
=> C:\Documents and Settings\Jason\Mes documents\Download\FTP Expert 3.70.0 Fr + Crack.rar
=> C:\Documents and Settings\Jason\Mes documents\Web\WebInfini\webInfini\download\FTP Expert 3.70.0 Fr + Crack.rar
=> C:\Documents and Settings\Jason\Mes documents\Download\FTPExpert\Keygen FTP Expert 3.70.0.exe
[F:36][D:3]-> C:\DOCUME~1\Jason\LOCALS~1\Temp
[F:103][D:0]-> C:\DOCUME~1\Jason\Cookies
[F:5932][D:12]-> C:\DOCUME~1\Jason\LOCALS~1\TEMPOR~1\content.IE5
--------------------[ Fin du rapport a 7:01:19,53 ]----------------------
Re,
Supprime C:\WINDOWS\Downloaded Program Files\CONFLICT.1
=> C:\DOCUME~1\Jason\MESDOC~1\Web\WebInfini\webInfini\download\FTP Expert 3.70.0 Fr + Crack.rar
=> C:\DOCUME~1\Jason\MESDOC~1\Download\FTPExpert\Keygen FTP Expert 3.70.0.exe
=> C:\Documents and Settings\Jason\Mes documents\Download\FTP Expert 3.70.0 Fr + Crack.rar
=> C:\Documents and Settings\Jason\Mes documents\Web\WebInfini\webInfini\download\FTP Expert 3.70.0 Fr + Crack.rar
=> C:\Documents and Settings\Jason\Mes documents\Download\FTPExpert\Keygen FTP Expert 3.70.0.exe
Poste un nouveau rapport HIjackTHis.
Supprime C:\WINDOWS\Downloaded Program Files\CONFLICT.1
Citation :
=> C:\DOCUME~1\Jason\MESDOC~1\Download\FTP Expert 3.70.0 Fr + Crack.rar=> C:\DOCUME~1\Jason\MESDOC~1\Web\WebInfini\webInfini\download\FTP Expert 3.70.0 Fr + Crack.rar
=> C:\DOCUME~1\Jason\MESDOC~1\Download\FTPExpert\Keygen FTP Expert 3.70.0.exe
=> C:\Documents and Settings\Jason\Mes documents\Download\FTP Expert 3.70.0 Fr + Crack.rar
=> C:\Documents and Settings\Jason\Mes documents\Web\WebInfini\webInfini\download\FTP Expert 3.70.0 Fr + Crack.rar
=> C:\Documents and Settings\Jason\Mes documents\Download\FTPExpert\Keygen FTP Expert 3.70.0.exe
Poste un nouveau rapport HIjackTHis.
Fais ça et ressaie pour voir ?
- Poste de travail/outils/option des dossiers/affichage/cocher afficher les fichiers et dossiers cachés/Appliquer - - > OK
- Poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d’exploitation./Appliquer - - > OK
- Poste de travail/outils/option des dossiers/affichage/décocher masquer les extensions dont le type est connu/Appliquer - - > OK
N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important
- Poste de travail/outils/option des dossiers/affichage/cocher afficher les fichiers et dossiers cachés/Appliquer - - > OK
- Poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d’exploitation./Appliquer - - > OK
- Poste de travail/outils/option des dossiers/affichage/décocher masquer les extensions dont le type est connu/Appliquer - - > OK
N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:23, on 2008-07-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7167 bytes
Scan saved at 12:28:23, on 2008-07-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7167 bytes
Re,
Relance Hijackthis (clique droit -> lancer en tant qu'adminstrateur sous Vista), do a system scan only, coche ces lignes (si toujours présentes) :
Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
Puis Fix Checked !
Plus de soucis ?
Relance Hijackthis (clique droit -> lancer en tant qu'adminstrateur sous Vista), do a system scan only, coche ces lignes (si toujours présentes) :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
Puis Fix Checked !
Plus de soucis ?
Lassé par la pub ? Créez un compte
- Contenus similaires :
- Forum[RESOLU] Analyse Rapport HiJackThis
- ForumRapport hijackthis [résolu]
- ForumGros ralentissement (rapport hijackthis)
- ForumAide rapport Hijackthis/ vie privée
- ForumRapport hijackthis et tout ce qui va bien please help me!!!
- ForumBesoin d'aide avec le rapport HijackThis ! (Avira guard virus)
- ForumVirus insupprimables, constants... (avec rapport Hijackthis).
- ForumMon rapport hijackthis
- Forum[Résolu] Analyse rapport Hijackthis
- Voir plus
