Bonjour je suis infecté par quelques virus et chevals de troie mais je ne sais pas m'en débarasser.J'ai fait un scan avec ClamWin Free Antivirus et il ma détecté :
-win32:Tipa(Cryp)
-win32:Trojan-gen(other)
win32sBot-k(Trj)
Je ne sait pas si ils sont dangereux et comment s'en débarasser, c'est pourquoi je suis venu sur ce forum.

Bonjour,

Tu as l'emplacement ?

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

J'ai deja le rapport de ClamWin Free Antivirus :
Scan Started Fri Aug 29 17:17:51 2008

-------------------------------------------------------------------------------



C:\Program Files\Ashampoo\Ashampoo Burning Studio 8\unins000.exe: Trojan.Downloader-52290 FOUND

C:\Program Files\CDBurnerXP\unins000.exe: Trojan.Downloader-52290 FOUND

C:\Users\Lucas\AppData\Local\Mozilla\Firefox\Profiles\7nwnbreo.default\Cache\F59E1B58d01: Adware.Casino-17 FOUND

C:\Users\Lucas\Desktop\Everest Poker.exe: Adware.Casino-17 FOUND

C:\Users\Lucas\Desktop\Installation\daemon4301-lite.exe: Trojan.Zlob-7844 FOUND



--------------------------------------

Completed

--------------------------------------

Ce ne sont pas des infections.

et c'est quoi alors ??

Des fausses alertes.

C:\Program Files\Ashampoo\Ashampoo Burning Studio 8\unins000.exe >> gravure
C:\Program Files\CDBurnerXP >> idem
C:\Users\Lucas\Desktop\Everest Poker.exe >> poker
C:\Users\Lucas\Desktop\Installation\daemon4301-lite.exe >> Deamon Tools

Tu peux juste faire Firefox >> Outils >> Effacer mes traces >> Garde juste cache puis valide

voila au cas le rapport de hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:39, on 31/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.mini15.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Pinnacle Streaming Server.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Lucas\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/re [...] dfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Users\Lucas\Music\musique\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8501 bytes

Re,

Il y a une toolbar.

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

• Lance l'installation du programme en exécutant le fichier téléchargé.
• Double-clique maintenant sur le raccourci de Toolbar-S&D.
• Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
• Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
• Poste le rapport généré. (C:\TB.txt)

-----------\\ ToolBar S&D 1.1.6 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz )
BIOS : Default System BIOS
USER : Lucas ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Activated)
Firewall : Norton Internet Security 2007 (Not Activated)

"C:\ToolBar SD" ( MAJ : 30-08-2008|00:19 )
Option : [1] ( 02/09/2008|16:28 )

[ UAC => 0 ]

-----------\\ Recherche de Fichiers / Dossiers ...

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Dealio
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\CONTENT\dealiotoolbarplugin.js
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\CONTENT\dealiotoolbarplugin.xul
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\LOCALE\EN-US\dealio.dtd
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\LOCALE\EN-US\dealio.properties
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio.ico
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealiotoolbarplugin.css
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_large.png
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_small.png
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_winxp_act.ico
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_winxp_hot.ico
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_win_act.bmp
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_win_act.ico
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_win_hot.bmp
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_win_hot.ico
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\search_dealio.bmp
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\DealioFF.dll
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\DealioProtocol.js
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\IFBHODealio.idl
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\IFBHODealio.xpt
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\IFBHODealioHelperEngine.idl
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\IFBHODealioHelperEngine.xpt
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\IFDealioHelperPreferences.idl
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\IFDealioHelperPreferences.xpt
C:\Program Files\Dealio
C:\Program Files\Dealio\DealioAU.exe
C:\Program Files\Dealio\kb127
C:\Program Files\Dealio\SearchSettingsKit.exe
C:\Users\Public\Desktop\Piolet.lnk
C:\Windows\Prefetch\PIOLET.EXE-E51AEA20.pf
C:\Windows\Prefetch\PIOLET_TOOLBAR_UNINSTALLER_71-7A4D8A2E.pf
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Piolet
C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\Cookies\lucas@ads.piolet[2].txt
C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\Cookies\lucas@piolet[2].txt
C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\Cookies\lucas@piolet[3].txt
C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\Cookies\lucas@www.piolet[2].txt
C:\Program Files\Piolet
C:\Program Files\Piolet\BGCheck.exe
C:\Program Files\Piolet\BGCheck.jpg
C:\Program Files\Piolet\BGCheck.sw2
C:\Program Files\Piolet\Cache.dat
C:\Program Files\Piolet\contacts.dat
C:\Program Files\Piolet\contactsR.dat
C:\Program Files\Piolet\default.m3u
C:\Program Files\Piolet\DOWNLD2.DAT
C:\Program Files\Piolet\downloads.dat
C:\Program Files\Piolet\EBCRYPT.DLL
C:\Program Files\Piolet\fmod.dll
C:\Program Files\Piolet\fmod_dsp_lowpass.dll
C:\Program Files\Piolet\loading.gif
C:\Program Files\Piolet\loading.htm
C:\Program Files\Piolet\msha256.dll
C:\Program Files\Piolet\My Shared Folder
C:\Program Files\Piolet\MyFiles3.dat
C:\Program Files\Piolet\MyFiles3.dat.lst
C:\Program Files\Piolet\MyFiles3.dat.vts
C:\Program Files\Piolet\NCTAudioBurner.dll
C:\Program Files\Piolet\NCTAudioFile.dll
C:\Program Files\Piolet\NCTAudioInformation.dll
C:\Program Files\Piolet\NCTAudioPlayer.DLL
C:\Program Files\Piolet\NCTAudioVisualization.dll
C:\Program Files\Piolet\NCTWMAFile.dll
C:\Program Files\Piolet\NetworkCache0.dat
C:\Program Files\Piolet\NetworkCache1.dat
C:\Program Files\Piolet\NetworkCache2.dat
C:\Program Files\Piolet\NetworkCache3.dat
C:\Program Files\Piolet\NetworkCache4.dat
C:\Program Files\Piolet\NetworkCache5.dat
C:\Program Files\Piolet\NetworkCache6.dat
C:\Program Files\Piolet\NetworkCache7.dat
C:\Program Files\Piolet\Piolet.exe
C:\Program Files\Piolet\Piolet.exe.Manifest
C:\Program Files\Piolet\Settings.ini
C:\Program Files\Piolet\SmartUI2.ocx
C:\Program Files\Piolet\Softwrap.dll
C:\Program Files\Piolet\SSubTmr6.dll
C:\Program Files\Piolet\uninstall.exe
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.js
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.xul
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.dtd
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.properties
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\SearchSettingsFF.dll
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Bar"="http://www.google.com/ie"
"SEARCH PAGE"="http://www.google.com"
"SearchMigratedDefaultURL"="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}"
"Start Page"="http://google.mini15.com"
"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://fr.fr.acer.yahoo.com"
"Start Page"="http://fr.fr.acer.yahoo.com"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\Lucas\AppData\Local\Temp\WellPhone_1.6.1.1_crack.torrent
C:\Users\Lucas\AppData\Roaming\BitTorrent\BF2142_NO-CD-CRACK+OnlinePatch.zip.torrent
C:\Users\Lucas\image\rap\Fat Joe feat. Lil' Wayne - Crack House (87).mp3.jpg


[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 02/09/2008|16:29 - Option : [1]

-----------\\ Fin du rapport a 16:29:00.67

Re,

Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

-----------\\ ToolBar S&D 1.1.6 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz )
BIOS : Default System BIOS
USER : Lucas ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Activated)
Firewall : Norton Internet Security 2007 (Not Activated)

"C:\ToolBar SD" ( MAJ : 30-08-2008|00:19 )
Option : [2] ( 02/09/2008|17:52 )

[ UAC => 1 ]

-----------\\ SUPPRESSION

Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Dealio
Supprime! - C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com
Supprime! - C:\Program Files\Dealio\DealioAU.exe
Supprime! - C:\Program Files\Dealio\kb127
Supprime! - C:\Program Files\Dealio\SearchSettingsKit.exe
Supprime! - C:\Users\Public\Desktop\Piolet.lnk
Supprime! - C:\Windows\Prefetch\PIOLET.EXE-E51AEA20.pf
Supprime! - C:\Windows\Prefetch\PIOLET_TOOLBAR_UNINSTALLER_71-7A4D8A2E.pf
Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Piolet
Supprime! - C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\Cookies\lucas@ads.piolet[2].txt
Supprime! - C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\Cookies\lucas@piolet[2].txt
Supprime! - C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\Cookies\lucas@piolet[3].txt
Supprime! - C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\Cookies\lucas@www.piolet[2].txt
Supprime! - C:\Program Files\Piolet\BGCheck.exe
Supprime! - C:\Program Files\Piolet\BGCheck.jpg
Supprime! - C:\Program Files\Piolet\BGCheck.sw2
Supprime! - C:\Program Files\Piolet\Cache.dat
Supprime! - C:\Program Files\Piolet\contacts.dat
Supprime! - C:\Program Files\Piolet\contactsR.dat
Supprime! - C:\Program Files\Piolet\default.m3u
Supprime! - C:\Program Files\Piolet\DOWNLD2.DAT
Supprime! - C:\Program Files\Piolet\downloads.dat
Supprime! - C:\Program Files\Piolet\EBCRYPT.DLL
Supprime! - C:\Program Files\Piolet\fmod.dll
Supprime! - C:\Program Files\Piolet\fmod_dsp_lowpass.dll
Supprime! - C:\Program Files\Piolet\loading.gif
Supprime! - C:\Program Files\Piolet\loading.htm
Supprime! - C:\Program Files\Piolet\msha256.dll
Supprime! - C:\Program Files\Piolet\My Shared Folder
Supprime! - C:\Program Files\Piolet\MyFiles3.dat
Supprime! - C:\Program Files\Piolet\MyFiles3.dat.lst
Supprime! - C:\Program Files\Piolet\MyFiles3.dat.vts
Supprime! - C:\Program Files\Piolet\NCTAudioBurner.dll
Supprime! - C:\Program Files\Piolet\NCTAudioFile.dll
Supprime! - C:\Program Files\Piolet\NCTAudioInformation.dll
Supprime! - C:\Program Files\Piolet\NCTAudioPlayer.DLL
Supprime! - C:\Program Files\Piolet\NCTAudioVisualization.dll
Supprime! - C:\Program Files\Piolet\NCTWMAFile.dll
Supprime! - C:\Program Files\Piolet\NetworkCache0.dat
Supprime! - C:\Program Files\Piolet\NetworkCache1.dat
Supprime! - C:\Program Files\Piolet\NetworkCache2.dat
Supprime! - C:\Program Files\Piolet\NetworkCache3.dat
Supprime! - C:\Program Files\Piolet\NetworkCache4.dat
Supprime! - C:\Program Files\Piolet\NetworkCache5.dat
Supprime! - C:\Program Files\Piolet\NetworkCache6.dat
Supprime! - C:\Program Files\Piolet\NetworkCache7.dat
Supprime! - C:\Program Files\Piolet\Piolet.exe
Supprime! - C:\Program Files\Piolet\Piolet.exe.Manifest
Supprime! - C:\Program Files\Piolet\Settings.ini
Supprime! - C:\Program Files\Piolet\SmartUI2.ocx
Supprime! - C:\Program Files\Piolet\Softwrap.dll
Supprime! - C:\Program Files\Piolet\SSubTmr6.dll
Supprime! - C:\Program Files\Piolet\uninstall.exe
Supprime! - C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
Supprime! - C:\Program Files\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\Program Files\Dealio
Supprime! - C:\Program Files\Piolet
Supprime! - C:\Program Files\Search Settings

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Bar"="http://www.google.com/ie"
"SEARCH PAGE"="http://www.google.com"
"SearchMigratedDefaultURL"="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}"
"Start Page"="http://google.mini15.com"
"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://fr.fr.acer.yahoo.com"
"Start Page"="http://www.msn.com/"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\Lucas\AppData\Local\Temp\WellPhone_1.6.1.1_crack.torrent
C:\Users\Lucas\AppData\Roaming\BitTorrent\BF2142_NO-CD-CRACK+OnlinePatch.zip.torrent
C:\Users\Lucas\image\rap\Fat Joe feat. Lil' Wayne - Crack House (87).mp3.jpg


[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 02/09/2008|16:29 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 02/09/2008|17:55 - Option : [2]

-----------\\ Fin du rapport a 17:55:08.77