je deviens dingue.... foutu malware
Dernière réponse : dans Sécurité
salut tout le monde je pense kil ya du avoir au mois 500 000 post sur ce sujet mais bon g chopé plusieurs virus et comme je crois que chaque situation est différente je post mon résultat d'highjackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:04:53, on 10/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe
C:\Program Files\aawservice.exe
E:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Office12\GrooveMonitor.exe
E:\Program Files\Windows Defender\MSASCui.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Veoh Networks\Veoh\VeohClient.exe
E:\Documents and Settings\verbal king\Application Data\Adobe\Player.exe
E:\Program Files\MySpace\IM\MySpaceIM.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
E:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Piratrax\piratrax.exe
E:\Program Files\NETGEAR\WN121T\wn121t.exe
E:\Program Files\MySpace\IM\MySpaceIM.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Hotspot Shield\bin\openvpnas.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\PVSW\Bin\WGE_SRV.EXE
E:\WINDOWS\system32\svchost.exe
E:\PVSW\BIN\W3dbsmgr.EXE
E:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
E:\Program Files\QuickTime\QuickTimePlayer.exe
E:\DOCUME~1\VERBAL~1\LOCALS~1\Temp\sft_ver1.1454.0.exe
C:\divers\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://fr.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - E:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - E:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HControl] E:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [dog about manager team] E:\Documents and Settings\All Users\Application Data\Drv Audio Dog About\nurb type.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [amva] E:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [Netlog 24] "E:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe"
O4 - HKCU\..\Run: [Veoh] "E:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [] E:\Documents and Settings\verbal king\Application Data\Adobe\Player.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [That Inside] E:\DOCUME~1\VERBAL~1\APPLIC~1\1SIGN0~1\Skip mfcd.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [MySpaceIM] E:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Piratrax] C:\Program Files\Piratrax\piratrax_launch.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [VeohPlugin] "E:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WN121T Smart Wizard.lnk = E:\Program Files\NETGEAR\WN121T\wn121t.exe
O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - E:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - E:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: EBP - Pervasive.SQL Workgroup (Pervasive.SQL Workgroup) - Unknown owner - E:\PVSW\Bin\WGE_SRV.EXE
--
End of file - 10837 bytes
quelqu'un pourrais il m'aider ???
merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:04:53, on 10/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe
C:\Program Files\aawservice.exe
E:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Office12\GrooveMonitor.exe
E:\Program Files\Windows Defender\MSASCui.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Veoh Networks\Veoh\VeohClient.exe
E:\Documents and Settings\verbal king\Application Data\Adobe\Player.exe
E:\Program Files\MySpace\IM\MySpaceIM.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
E:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Piratrax\piratrax.exe
E:\Program Files\NETGEAR\WN121T\wn121t.exe
E:\Program Files\MySpace\IM\MySpaceIM.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Hotspot Shield\bin\openvpnas.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\PVSW\Bin\WGE_SRV.EXE
E:\WINDOWS\system32\svchost.exe
E:\PVSW\BIN\W3dbsmgr.EXE
E:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
E:\Program Files\QuickTime\QuickTimePlayer.exe
E:\DOCUME~1\VERBAL~1\LOCALS~1\Temp\sft_ver1.1454.0.exe
C:\divers\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://fr.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - E:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - E:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HControl] E:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [dog about manager team] E:\Documents and Settings\All Users\Application Data\Drv Audio Dog About\nurb type.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [amva] E:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [Netlog 24] "E:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe"
O4 - HKCU\..\Run: [Veoh] "E:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [] E:\Documents and Settings\verbal king\Application Data\Adobe\Player.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [That Inside] E:\DOCUME~1\VERBAL~1\APPLIC~1\1SIGN0~1\Skip mfcd.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [MySpaceIM] E:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Piratrax] C:\Program Files\Piratrax\piratrax_launch.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [VeohPlugin] "E:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WN121T Smart Wizard.lnk = E:\Program Files\NETGEAR\WN121T\wn121t.exe
O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - E:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - E:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: EBP - Pervasive.SQL Workgroup (Pervasive.SQL Workgroup) - Unknown owner - E:\PVSW\Bin\WGE_SRV.EXE
--
End of file - 10837 bytes
quelqu'un pourrais il m'aider ???
merci
Autres pages sur : deviens dingue foutu malware
Lassé par la pub ? Créez un compte
bonsoir
Télécharge Lop S&D.exe sur ton bureau
Double-clique dessus pour lancer l'installation
Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
Sélectionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
Patiente jusqu'à la fin du scan
Poste le rapport généré ( C:\lopR.txt )
( Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
Télécharge Lop S&D.exe sur ton bureau
( Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
ok g fais la manip ca me donne ca:
--------------------\\ Lop S&D 4.2.4-5 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : AMD Turion(tm) 64 X2 Mobile Technology TL-56 )
BIOS : Default System BIOS
USER : verbal king ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081010-0] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total : 178 Go Free : 77 Go
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total : 7 Go Free : 0 Go
F:\ (CD or DVD)
G:\ (CD or DVD) - UDF - Total : 3 Go Free : 0 Go
"E:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [1] ( 11/10/2008|19:20 )
--------------------\\ Listing des dossiers dans APPLIC~1
[22/03/2008|16:27] E:\DOCUME~1\ALLUSE~1\APPLIC~1\{8258CAB4-1BAF-4288-81DD-E6AA50824656}
[18/09/2008|12:36] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[08/03/2008|02:35] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[08/03/2008|02:36] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[01/07/2008|02:27] E:\DOCUME~1\ALLUSE~1\APPLIC~1\DAEMON Tools Pro
[02/03/2008|15:13] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[18/09/2008|10:35] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Drv Audio Dog About
[22/03/2008|16:27] E:\DOCUME~1\ALLUSE~1\APPLIC~1\EBP
[21/03/2008|02:46] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[02/07/2008|23:50] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[14/09/2008|21:00] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[30/09/2008|15:07] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[21/03/2008|02:45] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Mozilla
[10/06/2008|02:27] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[17/09/2008|21:13] E:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[13/05/2008|02:58] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[15/07/2008|00:23] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Propellerhead Software
[11/10/2008|14:13] E:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[01/04/2008|02:56] E:\DOCUME~1\ALLUSE~1\APPLIC~1\uPlayMe
[02/03/2008|15:09] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[07/04/2008|13:55] E:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
[14/09/2008|20:54] E:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[03/04/2008|21:31] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
[05/04/2008|14:15] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[28/02/2008|23:03] E:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[28/02/2008|23:03] E:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[08/09/2008|13:42] E:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[01/10/2008|19:23] E:\DOCUME~1\VERBAL~1\APPLIC~1\1 SIGN 01
[08/10/2008|01:06] E:\DOCUME~1\VERBAL~1\APPLIC~1\Adobe
[20/03/2008|21:46] E:\DOCUME~1\VERBAL~1\APPLIC~1\AdobeUM
[23/04/2008|19:50] E:\DOCUME~1\VERBAL~1\APPLIC~1\Apple Computer
[01/04/2008|02:56] E:\DOCUME~1\VERBAL~1\APPLIC~1\com.uplayme.airclient.9B472EFF9A3BAE26509EDFEDD3D8214233BACDB1.1
[27/09/2008|05:28] E:\DOCUME~1\VERBAL~1\APPLIC~1\Computer Aces
[27/09/2008|05:54] E:\DOCUME~1\VERBAL~1\APPLIC~1\CoreFTP
[01/07/2008|02:27] E:\DOCUME~1\VERBAL~1\APPLIC~1\DAEMON Tools Pro
[19/08/2008|02:18] E:\DOCUME~1\VERBAL~1\APPLIC~1\dvdcss
[22/03/2008|16:27] E:\DOCUME~1\VERBAL~1\APPLIC~1\EBP
[11/06/2008|03:35] E:\DOCUME~1\VERBAL~1\APPLIC~1\FileZilla
[07/10/2008|01:03] E:\DOCUME~1\VERBAL~1\APPLIC~1\Flickr
[28/02/2008|23:13] E:\DOCUME~1\VERBAL~1\APPLIC~1\Identities
[08/03/2008|21:26] E:\DOCUME~1\VERBAL~1\APPLIC~1\Macromedia
[30/09/2008|23:08] E:\DOCUME~1\VERBAL~1\APPLIC~1\Microsoft
[26/05/2008|21:06] E:\DOCUME~1\VERBAL~1\APPLIC~1\Move Networks
[10/03/2008|00:51] E:\DOCUME~1\VERBAL~1\APPLIC~1\Mozilla
[03/08/2008|17:19] E:\DOCUME~1\VERBAL~1\APPLIC~1\MySpace
[29/04/2008|17:35] E:\DOCUME~1\VERBAL~1\APPLIC~1\Nero
[15/07/2008|00:23] E:\DOCUME~1\VERBAL~1\APPLIC~1\Propellerhead Software
[22/09/2008|20:01] E:\DOCUME~1\VERBAL~1\APPLIC~1\Publish Providers
[02/03/2008|21:42] E:\DOCUME~1\VERBAL~1\APPLIC~1\Real
[02/08/2008|00:12] E:\DOCUME~1\VERBAL~1\APPLIC~1\ShoppingReport
[23/09/2008|00:34] E:\DOCUME~1\VERBAL~1\APPLIC~1\Sony
[03/04/2008|20:34] E:\DOCUME~1\VERBAL~1\APPLIC~1\Sun
[07/08/2008|17:46] E:\DOCUME~1\VERBAL~1\APPLIC~1\U3
[06/06/2008|10:48] E:\DOCUME~1\VERBAL~1\APPLIC~1\vlc
[15/03/2008|00:50] E:\DOCUME~1\VERBAL~1\APPLIC~1\WinRAR
[05/04/2008|14:15] E:\DOCUME~1\VERBAL~1\APPLIC~1\Yahoo!
--------------------\\ Tâches planifiées dans E:\WINDOWS\tasks
[11/10/2008 18:00][--ah-----] E:\WINDOWS\tasks\A92EEAC4906561CC.job
[11/10/2008 18:44][--a------] E:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[11/10/2008 02:14][--ah-----] E:\WINDOWS\tasks\MP Scheduled Scan.job
[10/10/2008 22:10][--a------] E:\WINDOWS\tasks\AppleSoftwareUpdate.job
[10/10/2008 21:54][--ah-----] E:\WINDOWS\tasks\SA.DAT
[05/08/2004 14:00][-r-h-----] E:\WINDOWS\tasks\desktop.ini
( A92EEAC4906561CC.job )=( e:\docume~1\verbal~1\applic~1\1sign0~1\boobflapdoes.exe )
--------------------\\ Listing des dossiers dans E:\Program Files
[18/09/2008|10:34] E:\Program Files\1 SIGN 01
[11/09/2008|02:07] E:\Program Files\Adobe
[08/03/2008|02:36] E:\Program Files\Apple Software Update
[25/04/2008|11:17] E:\Program Files\AVI Codec Pack
[08/03/2008|02:36] E:\Program Files\Bonjour
[28/02/2008|23:00] E:\Program Files\ComPlus Applications
[29/02/2008|01:09] E:\Program Files\DIFX
[29/02/2008|03:13] E:\Program Files\DivX
[17/07/2008|05:24] E:\Program Files\East West
[25/03/2008|20:56] E:\Program Files\EBP
[11/07/2008|23:02] E:\Program Files\Fichiers communs
[10/06/2008|22:44] E:\Program Files\FileZilla FTP Client
[18/07/2008|21:55] E:\Program Files\FriendBlasterPro
[08/05/2008|22:17] E:\Program Files\Hotspot Shield
[20/07/2008|22:29] E:\Program Files\Image-Line
[02/08/2008|01:47] E:\Program Files\InstallShield Installation Information
[14/08/2008|03:01] E:\Program Files\Internet Explorer
[12/03/2008|13:22] E:\Program Files\iPod
[01/04/2008|02:56] E:\Program Files\iTunes
[21/03/2008|23:56] E:\Program Files\Java
[14/08/2008|03:05] E:\Program Files\Messenger
[28/02/2008|23:04] E:\Program Files\microsoft frontpage
[14/09/2008|20:57] E:\Program Files\Microsoft SQL Server Compact Edition
[24/06/2008|13:49] E:\Program Files\Microsoft Visual Studio
[24/06/2008|13:50] E:\Program Files\Microsoft Works
[28/02/2008|23:01] E:\Program Files\Movie Maker
[11/10/2008|19:18] E:\Program Files\Mozilla Firefox
[01/08/2008|22:30] E:\Program Files\Mp3 Song Plays Increaser
[24/06/2008|13:50] E:\Program Files\MSBuild
[07/09/2008|22:06] E:\Program Files\MSECache
[20/09/2008|23:21] E:\Program Files\MSN
[28/02/2008|23:00] E:\Program Files\MSN Gaming Zone
[18/05/2008|20:14] E:\Program Files\mst software
[01/05/2008|11:22] E:\Program Files\MSXML 4.0
[03/08/2008|17:19] E:\Program Files\MySpace
[29/02/2008|13:36] E:\Program Files\NETGEAR
[15/09/2008|18:53] E:\Program Files\NetMeeting
[17/09/2008|21:13] E:\Program Files\NOS
[28/02/2008|23:00] E:\Program Files\Online Services
[03/03/2008|04:04] E:\Program Files\Outlook Express
[10/10/2008|23:57] E:\Program Files\PCHealthCenter
[08/03/2008|02:36] E:\Program Files\QuickTime
[02/03/2008|21:38] E:\Program Files\Real
[28/02/2008|23:02] E:\Program Files\Services en ligne
[07/07/2008|14:11] E:\Program Files\ShoppingReport
[22/09/2008|19:40] E:\Program Files\Sony
[21/03/2008|23:56] E:\Program Files\Sun
[28/02/2008|23:13] E:\Program Files\Uninstall Information
[08/10/2008|22:47] E:\Program Files\Veoh Networks
[22/09/2008|19:35] E:\Program Files\Vstplugins
[03/08/2008|17:34] E:\Program Files\Windows Defender
[16/09/2008|03:01] E:\Program Files\Windows Live
[14/09/2008|20:57] E:\Program Files\Windows Live Favorites
[14/09/2008|20:57] E:\Program Files\Windows Live Toolbar
[02/03/2008|15:11] E:\Program Files\Windows Media Connect 2
[01/04/2008|02:56] E:\Program Files\Windows Media Player
[28/02/2008|23:00] E:\Program Files\Windows NT
[28/02/2008|23:02] E:\Program Files\WindowsUpdate
[15/03/2008|00:49] E:\Program Files\WinRAR
[28/02/2008|23:04] E:\Program Files\xerox
[02/03/2008|15:34] E:\Program Files\Xvid
[03/04/2008|21:31] E:\Program Files\Yahoo!
[22/03/2008|00:00] E:\Program Files\Your Freedom
--------------------\\ Listing des dossiers dans E:\Program Files\Fichiers communs
[18/09/2008|12:36] E:\Program Files\Fichiers communs\Adobe
[08/03/2008|02:35] E:\Program Files\Fichiers communs\Apple
[11/07/2008|23:02] E:\Program Files\Fichiers communs\debugmode
[24/06/2008|13:49] E:\Program Files\Fichiers communs\DESIGNER
[22/03/2008|16:27] E:\Program Files\Fichiers communs\EBP
[01/07/2008|10:41] E:\Program Files\Fichiers communs\EZB Systems
[29/02/2008|00:55] E:\Program Files\Fichiers communs\InstallShield
[21/03/2008|23:49] E:\Program Files\Fichiers communs\Java
[22/09/2008|19:33] E:\Program Files\Fichiers communs\Microsoft Shared
[28/02/2008|23:01] E:\Program Files\Fichiers communs\MSSoap
[28/02/2008|23:41] E:\Program Files\Fichiers communs\ODBC
[21/03/2008|01:09] E:\Program Files\Fichiers communs\Pervasive Software Shared
[02/03/2008|21:38] E:\Program Files\Fichiers communs\Real
[28/02/2008|23:01] E:\Program Files\Fichiers communs\Services
[28/02/2008|23:41] E:\Program Files\Fichiers communs\SpeechEngines
[24/06/2008|13:46] E:\Program Files\Fichiers communs\System
[08/03/2008|21:24] E:\Program Files\Fichiers communs\WindowsLiveInstaller
[02/07/2008|23:44] E:\Program Files\Fichiers communs\Wise Installation Wizard
[02/03/2008|21:38] E:\Program Files\Fichiers communs\xing shared
--------------------\\ Process
( 55 Processes )
iexplore.exe ~ [PID:660]
iexplore.exe ~ [PID:1268]
iexplore.exe ~ [PID:556]
--------------------\\ Recherche avec S_Lop
E:\DOCUME~1\VERBAL~1\APPLIC~1\1SIGN0~1
E:\DOCUME~1\VERBAL~1\APPLIC~1\1SIGN0~1\boob flap does.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1SIGN0~1\dfwrvzfp.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1SIGN0~1\ewcopdng.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1SIGN0~1\ghsqpdvl.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1SIGN0~1\gkokqksp.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1SIGN0~1\Skip mfcd.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1SIGN0~1\zgixbtcp.exe
--------------------\\ Recherche de Fichiers / Dossiers Lop
E:\DOCUME~1\ALLUSE~1\APPLIC~1\Drv Audio Dog About
E:\DOCUME~1\ALLUSE~1\APPLIC~1\Drv Audio Dog About\nurb type.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1
E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\boob flap does.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\dfwrvzfp.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\ewcopdng.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\ghsqpdvl.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\gkokqksp.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\Skip mfcd.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\zgixbtcp.exe
E:\Program Files\1sign0~1
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@inside.winzix[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adultfriendfinder[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adultfriendfinder[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adultfriendfinder[3].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@advertising[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adin.bigpoint[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@bigpoint[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@fr1.darkorbit.bigpoint[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@banner.casinoking[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@casinoking[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@banner.cotedazurpalace[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@banner.cotedazurpalace[3].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@cotedazurpalace[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@cotedazurpalace[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@www.cotedazurpalace[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adopt.euroclick[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adopt.euroclick[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@sr2.livemediasrv[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@pacificpoker[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@pacificpoker[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@pacificpoker[3].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@partypoker[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@partypoker[3].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@32vegas[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@32vegas[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@banner.32vegas[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@www.vegasaffiliates[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@www.lop[1].txt
E:\WINDOWS\Tasks\A92EEAC4906561CC.job
--------------------\\ Verification du Registre
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\deafaimpoll]
"DisplayName"="CiD Help"
"UninstallString"="E:\\DOCUME~1\\VERBAL~1\\APPLIC~1\\1SIGN0~1\\Skip mfcd.exe -uninstall"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"That Inside"="E:\\DOCUME~1\\VERBAL~1\\APPLIC~1\\1SIGN0~1\\Skip mfcd.exe"
"That Inside"="E:\\DOCUME~1\\VERBAL~1\\APPLIC~1\\1SIGN0~1\\Skip mfcd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dog about manager team"="E:\\Documents and Settings\\All Users\\Application Data\\Drv Audio Dog About\\nurb type.exe"
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-11 19:21:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 2
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:381][D:21]-> E:\DOCUME~1\VERBAL~1\LOCALS~1\Temp
[F:274][D:0]-> E:\DOCUME~1\VERBAL~1\Cookies
[F:1740][D:15]-> E:\DOCUME~1\VERBAL~1\LOCALS~1\TEMPOR~1\content.IE5
1 - "E:\Lop SD\LopR_1.txt" - 11/10/2008|19:22 - Option : [1]
--------------------\\ Fin du rapport a 19:22:44
j'apprécie ton aide
--------------------\\ Lop S&D 4.2.4-5 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : AMD Turion(tm) 64 X2 Mobile Technology TL-56 )
BIOS : Default System BIOS
USER : verbal king ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081010-0] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total : 178 Go Free : 77 Go
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total : 7 Go Free : 0 Go
F:\ (CD or DVD)
G:\ (CD or DVD) - UDF - Total : 3 Go Free : 0 Go
"E:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [1] ( 11/10/2008|19:20 )
--------------------\\ Listing des dossiers dans APPLIC~1
[22/03/2008|16:27] E:\DOCUME~1\ALLUSE~1\APPLIC~1\{8258CAB4-1BAF-4288-81DD-E6AA50824656}
[18/09/2008|12:36] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[08/03/2008|02:35] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[08/03/2008|02:36] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[01/07/2008|02:27] E:\DOCUME~1\ALLUSE~1\APPLIC~1\DAEMON Tools Pro
[02/03/2008|15:13] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[18/09/2008|10:35] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Drv Audio Dog About
[22/03/2008|16:27] E:\DOCUME~1\ALLUSE~1\APPLIC~1\EBP
[21/03/2008|02:46] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[02/07/2008|23:50] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[14/09/2008|21:00] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[30/09/2008|15:07] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[21/03/2008|02:45] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Mozilla
[10/06/2008|02:27] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[17/09/2008|21:13] E:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[13/05/2008|02:58] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[15/07/2008|00:23] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Propellerhead Software
[11/10/2008|14:13] E:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[01/04/2008|02:56] E:\DOCUME~1\ALLUSE~1\APPLIC~1\uPlayMe
[02/03/2008|15:09] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[07/04/2008|13:55] E:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
[14/09/2008|20:54] E:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[03/04/2008|21:31] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
[05/04/2008|14:15] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[28/02/2008|23:03] E:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[28/02/2008|23:03] E:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[08/09/2008|13:42] E:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[01/10/2008|19:23] E:\DOCUME~1\VERBAL~1\APPLIC~1\1 SIGN 01
[08/10/2008|01:06] E:\DOCUME~1\VERBAL~1\APPLIC~1\Adobe
[20/03/2008|21:46] E:\DOCUME~1\VERBAL~1\APPLIC~1\AdobeUM
[23/04/2008|19:50] E:\DOCUME~1\VERBAL~1\APPLIC~1\Apple Computer
[01/04/2008|02:56] E:\DOCUME~1\VERBAL~1\APPLIC~1\com.uplayme.airclient.9B472EFF9A3BAE26509EDFEDD3D8214233BACDB1.1
[27/09/2008|05:28] E:\DOCUME~1\VERBAL~1\APPLIC~1\Computer Aces
[27/09/2008|05:54] E:\DOCUME~1\VERBAL~1\APPLIC~1\CoreFTP
[01/07/2008|02:27] E:\DOCUME~1\VERBAL~1\APPLIC~1\DAEMON Tools Pro
[19/08/2008|02:18] E:\DOCUME~1\VERBAL~1\APPLIC~1\dvdcss
[22/03/2008|16:27] E:\DOCUME~1\VERBAL~1\APPLIC~1\EBP
[11/06/2008|03:35] E:\DOCUME~1\VERBAL~1\APPLIC~1\FileZilla
[07/10/2008|01:03] E:\DOCUME~1\VERBAL~1\APPLIC~1\Flickr
[28/02/2008|23:13] E:\DOCUME~1\VERBAL~1\APPLIC~1\Identities
[08/03/2008|21:26] E:\DOCUME~1\VERBAL~1\APPLIC~1\Macromedia
[30/09/2008|23:08] E:\DOCUME~1\VERBAL~1\APPLIC~1\Microsoft
[26/05/2008|21:06] E:\DOCUME~1\VERBAL~1\APPLIC~1\Move Networks
[10/03/2008|00:51] E:\DOCUME~1\VERBAL~1\APPLIC~1\Mozilla
[03/08/2008|17:19] E:\DOCUME~1\VERBAL~1\APPLIC~1\MySpace
[29/04/2008|17:35] E:\DOCUME~1\VERBAL~1\APPLIC~1\Nero
[15/07/2008|00:23] E:\DOCUME~1\VERBAL~1\APPLIC~1\Propellerhead Software
[22/09/2008|20:01] E:\DOCUME~1\VERBAL~1\APPLIC~1\Publish Providers
[02/03/2008|21:42] E:\DOCUME~1\VERBAL~1\APPLIC~1\Real
[02/08/2008|00:12] E:\DOCUME~1\VERBAL~1\APPLIC~1\ShoppingReport
[23/09/2008|00:34] E:\DOCUME~1\VERBAL~1\APPLIC~1\Sony
[03/04/2008|20:34] E:\DOCUME~1\VERBAL~1\APPLIC~1\Sun
[07/08/2008|17:46] E:\DOCUME~1\VERBAL~1\APPLIC~1\U3
[06/06/2008|10:48] E:\DOCUME~1\VERBAL~1\APPLIC~1\vlc
[15/03/2008|00:50] E:\DOCUME~1\VERBAL~1\APPLIC~1\WinRAR
[05/04/2008|14:15] E:\DOCUME~1\VERBAL~1\APPLIC~1\Yahoo!
--------------------\\ Tâches planifiées dans E:\WINDOWS\tasks
[11/10/2008 18:00][--ah-----] E:\WINDOWS\tasks\A92EEAC4906561CC.job
[11/10/2008 18:44][--a------] E:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[11/10/2008 02:14][--ah-----] E:\WINDOWS\tasks\MP Scheduled Scan.job
[10/10/2008 22:10][--a------] E:\WINDOWS\tasks\AppleSoftwareUpdate.job
[10/10/2008 21:54][--ah-----] E:\WINDOWS\tasks\SA.DAT
[05/08/2004 14:00][-r-h-----] E:\WINDOWS\tasks\desktop.ini
( A92EEAC4906561CC.job )=( e:\docume~1\verbal~1\applic~1\1sign0~1\boobflapdoes.exe )
--------------------\\ Listing des dossiers dans E:\Program Files
[18/09/2008|10:34] E:\Program Files\1 SIGN 01
[11/09/2008|02:07] E:\Program Files\Adobe
[08/03/2008|02:36] E:\Program Files\Apple Software Update
[25/04/2008|11:17] E:\Program Files\AVI Codec Pack
[08/03/2008|02:36] E:\Program Files\Bonjour
[28/02/2008|23:00] E:\Program Files\ComPlus Applications
[29/02/2008|01:09] E:\Program Files\DIFX
[29/02/2008|03:13] E:\Program Files\DivX
[17/07/2008|05:24] E:\Program Files\East West
[25/03/2008|20:56] E:\Program Files\EBP
[11/07/2008|23:02] E:\Program Files\Fichiers communs
[10/06/2008|22:44] E:\Program Files\FileZilla FTP Client
[18/07/2008|21:55] E:\Program Files\FriendBlasterPro
[08/05/2008|22:17] E:\Program Files\Hotspot Shield
[20/07/2008|22:29] E:\Program Files\Image-Line
[02/08/2008|01:47] E:\Program Files\InstallShield Installation Information
[14/08/2008|03:01] E:\Program Files\Internet Explorer
[12/03/2008|13:22] E:\Program Files\iPod
[01/04/2008|02:56] E:\Program Files\iTunes
[21/03/2008|23:56] E:\Program Files\Java
[14/08/2008|03:05] E:\Program Files\Messenger
[28/02/2008|23:04] E:\Program Files\microsoft frontpage
[14/09/2008|20:57] E:\Program Files\Microsoft SQL Server Compact Edition
[24/06/2008|13:49] E:\Program Files\Microsoft Visual Studio
[24/06/2008|13:50] E:\Program Files\Microsoft Works
[28/02/2008|23:01] E:\Program Files\Movie Maker
[11/10/2008|19:18] E:\Program Files\Mozilla Firefox
[01/08/2008|22:30] E:\Program Files\Mp3 Song Plays Increaser
[24/06/2008|13:50] E:\Program Files\MSBuild
[07/09/2008|22:06] E:\Program Files\MSECache
[20/09/2008|23:21] E:\Program Files\MSN
[28/02/2008|23:00] E:\Program Files\MSN Gaming Zone
[18/05/2008|20:14] E:\Program Files\mst software
[01/05/2008|11:22] E:\Program Files\MSXML 4.0
[03/08/2008|17:19] E:\Program Files\MySpace
[29/02/2008|13:36] E:\Program Files\NETGEAR
[15/09/2008|18:53] E:\Program Files\NetMeeting
[17/09/2008|21:13] E:\Program Files\NOS
[28/02/2008|23:00] E:\Program Files\Online Services
[03/03/2008|04:04] E:\Program Files\Outlook Express
[10/10/2008|23:57] E:\Program Files\PCHealthCenter
[08/03/2008|02:36] E:\Program Files\QuickTime
[02/03/2008|21:38] E:\Program Files\Real
[28/02/2008|23:02] E:\Program Files\Services en ligne
[07/07/2008|14:11] E:\Program Files\ShoppingReport
[22/09/2008|19:40] E:\Program Files\Sony
[21/03/2008|23:56] E:\Program Files\Sun
[28/02/2008|23:13] E:\Program Files\Uninstall Information
[08/10/2008|22:47] E:\Program Files\Veoh Networks
[22/09/2008|19:35] E:\Program Files\Vstplugins
[03/08/2008|17:34] E:\Program Files\Windows Defender
[16/09/2008|03:01] E:\Program Files\Windows Live
[14/09/2008|20:57] E:\Program Files\Windows Live Favorites
[14/09/2008|20:57] E:\Program Files\Windows Live Toolbar
[02/03/2008|15:11] E:\Program Files\Windows Media Connect 2
[01/04/2008|02:56] E:\Program Files\Windows Media Player
[28/02/2008|23:00] E:\Program Files\Windows NT
[28/02/2008|23:02] E:\Program Files\WindowsUpdate
[15/03/2008|00:49] E:\Program Files\WinRAR
[28/02/2008|23:04] E:\Program Files\xerox
[02/03/2008|15:34] E:\Program Files\Xvid
[03/04/2008|21:31] E:\Program Files\Yahoo!
[22/03/2008|00:00] E:\Program Files\Your Freedom
--------------------\\ Listing des dossiers dans E:\Program Files\Fichiers communs
[18/09/2008|12:36] E:\Program Files\Fichiers communs\Adobe
[08/03/2008|02:35] E:\Program Files\Fichiers communs\Apple
[11/07/2008|23:02] E:\Program Files\Fichiers communs\debugmode
[24/06/2008|13:49] E:\Program Files\Fichiers communs\DESIGNER
[22/03/2008|16:27] E:\Program Files\Fichiers communs\EBP
[01/07/2008|10:41] E:\Program Files\Fichiers communs\EZB Systems
[29/02/2008|00:55] E:\Program Files\Fichiers communs\InstallShield
[21/03/2008|23:49] E:\Program Files\Fichiers communs\Java
[22/09/2008|19:33] E:\Program Files\Fichiers communs\Microsoft Shared
[28/02/2008|23:01] E:\Program Files\Fichiers communs\MSSoap
[28/02/2008|23:41] E:\Program Files\Fichiers communs\ODBC
[21/03/2008|01:09] E:\Program Files\Fichiers communs\Pervasive Software Shared
[02/03/2008|21:38] E:\Program Files\Fichiers communs\Real
[28/02/2008|23:01] E:\Program Files\Fichiers communs\Services
[28/02/2008|23:41] E:\Program Files\Fichiers communs\SpeechEngines
[24/06/2008|13:46] E:\Program Files\Fichiers communs\System
[08/03/2008|21:24] E:\Program Files\Fichiers communs\WindowsLiveInstaller
[02/07/2008|23:44] E:\Program Files\Fichiers communs\Wise Installation Wizard
[02/03/2008|21:38] E:\Program Files\Fichiers communs\xing shared
--------------------\\ Process
( 55 Processes )
iexplore.exe ~ [PID:660]
iexplore.exe ~ [PID:1268]
iexplore.exe ~ [PID:556]
--------------------\\ Recherche avec S_Lop
E:\DOCUME~1\VERBAL~1\APPLIC~1\1SIGN0~1
E:\DOCUME~1\VERBAL~1\APPLIC~1\1SIGN0~1\boob flap does.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1SIGN0~1\dfwrvzfp.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1SIGN0~1\ewcopdng.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1SIGN0~1\ghsqpdvl.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1SIGN0~1\gkokqksp.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1SIGN0~1\Skip mfcd.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1SIGN0~1\zgixbtcp.exe
--------------------\\ Recherche de Fichiers / Dossiers Lop
E:\DOCUME~1\ALLUSE~1\APPLIC~1\Drv Audio Dog About
E:\DOCUME~1\ALLUSE~1\APPLIC~1\Drv Audio Dog About\nurb type.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1
E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\boob flap does.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\dfwrvzfp.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\ewcopdng.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\ghsqpdvl.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\gkokqksp.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\Skip mfcd.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\zgixbtcp.exe
E:\Program Files\1sign0~1
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@inside.winzix[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adultfriendfinder[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adultfriendfinder[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adultfriendfinder[3].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@advertising[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adin.bigpoint[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@bigpoint[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@fr1.darkorbit.bigpoint[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@banner.casinoking[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@casinoking[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@banner.cotedazurpalace[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@banner.cotedazurpalace[3].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@cotedazurpalace[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@cotedazurpalace[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@www.cotedazurpalace[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adopt.euroclick[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adopt.euroclick[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@sr2.livemediasrv[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@pacificpoker[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@pacificpoker[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@pacificpoker[3].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@partypoker[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@partypoker[3].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@32vegas[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@32vegas[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@banner.32vegas[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@www.vegasaffiliates[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@www.lop[1].txt
E:\WINDOWS\Tasks\A92EEAC4906561CC.job
--------------------\\ Verification du Registre
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\deafaimpoll]
"DisplayName"="CiD Help"
"UninstallString"="E:\\DOCUME~1\\VERBAL~1\\APPLIC~1\\1SIGN0~1\\Skip mfcd.exe -uninstall"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"That Inside"="E:\\DOCUME~1\\VERBAL~1\\APPLIC~1\\1SIGN0~1\\Skip mfcd.exe"
"That Inside"="E:\\DOCUME~1\\VERBAL~1\\APPLIC~1\\1SIGN0~1\\Skip mfcd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dog about manager team"="E:\\Documents and Settings\\All Users\\Application Data\\Drv Audio Dog About\\nurb type.exe"
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-11 19:21:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 2
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:381][D:21]-> E:\DOCUME~1\VERBAL~1\LOCALS~1\Temp
[F:274][D:0]-> E:\DOCUME~1\VERBAL~1\Cookies
[F:1740][D:15]-> E:\DOCUME~1\VERBAL~1\LOCALS~1\TEMPOR~1\content.IE5
1 - "E:\Lop SD\LopR_1.txt" - 11/10/2008|19:22 - Option : [1]
--------------------\\ Fin du rapport a 19:22:44
j'apprécie ton aide
--------------------\\ Lop S&D 4.2.4-5 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : AMD Turion(tm) 64 X2 Mobile Technology TL-56 )
BIOS : Default System BIOS
USER : verbal king ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081011-0] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total : 178 Go Free : 77 Go
E:\ (Local Disk) - NTFS - Total : 7 Go Free : 0 Go
F:\ (CD or DVD)
G:\ (CD or DVD) - UDF - Total : 3 Go Free : 0 Go
"E:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [2] ( 12/10/2008| 0:58 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - E:\DOCUME~1\ALLUSE~1\APPLIC~1\Drv Audio Dog About\nurb type.exe
Supprime! - E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\boob flap does.exe
Supprime! - E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\dfwrvzfp.exe
Supprime! - E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\ewcopdng.exe
Supprime! - E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\ghsqpdvl.exe
Supprime! - E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\gkokqksp.exe
Supprime! - E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\Skip mfcd.exe
Supprime! - E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\zgixbtcp.exe
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@inside.winzix[1].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adultfriendfinder[1].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adultfriendfinder[2].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adultfriendfinder[3].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@advertising[2].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adin.bigpoint[2].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@bigpoint[1].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@fr1.darkorbit.bigpoint[1].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@banner.casinoking[2].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@casinoking[1].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@banner.cotedazurpalace[2].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@banner.cotedazurpalace[3].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@cotedazurpalace[1].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@cotedazurpalace[2].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@www.cotedazurpalace[1].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adopt.euroclick[1].txt
Echec ! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adopt.euroclick[2].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@sr2.livemediasrv[1].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@pacificpoker[1].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@pacificpoker[2].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@pacificpoker[3].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@partypoker[2].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@partypoker[3].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@32vegas[1].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@32vegas[2].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@banner.32vegas[2].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@www.vegasaffiliates[1].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@www.lop[1].txt
Supprime! - E:\WINDOWS\Tasks\A92EEAC4906561CC.job
Supprime! - E:\DOCUME~1\ALLUSE~1\APPLIC~1\Drv Audio Dog About
Supprime! - E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1
Supprime! - E:\Program Files\1sign0~1
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ DEUXIEME PASSAGE
Echec ! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adopt.euroclick[2].txt
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans APPLIC~1
[22/03/2008|16:27] E:\DOCUME~1\ALLUSE~1\APPLIC~1\{8258CAB4-1BAF-4288-81DD-E6AA50824656}
[18/09/2008|12:36] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[08/03/2008|02:35] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[08/03/2008|02:36] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[01/07/2008|02:27] E:\DOCUME~1\ALLUSE~1\APPLIC~1\DAEMON Tools Pro
[02/03/2008|15:13] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[22/03/2008|16:27] E:\DOCUME~1\ALLUSE~1\APPLIC~1\EBP
[21/03/2008|02:46] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[02/07/2008|23:50] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[14/09/2008|21:00] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[30/09/2008|15:07] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[21/03/2008|02:45] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Mozilla
[10/06/2008|02:27] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[17/09/2008|21:13] E:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[13/05/2008|02:58] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[15/07/2008|00:23] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Propellerhead Software
[11/10/2008|14:13] E:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[01/04/2008|02:56] E:\DOCUME~1\ALLUSE~1\APPLIC~1\uPlayMe
[02/03/2008|15:09] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[07/04/2008|13:55] E:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
[14/09/2008|20:54] E:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[03/04/2008|21:31] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
[05/04/2008|14:15] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[28/02/2008|23:03] E:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[28/02/2008|23:03] E:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[08/09/2008|13:42] E:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[08/10/2008|01:06] E:\DOCUME~1\VERBAL~1\APPLIC~1\Adobe
[20/03/2008|21:46] E:\DOCUME~1\VERBAL~1\APPLIC~1\AdobeUM
[23/04/2008|19:50] E:\DOCUME~1\VERBAL~1\APPLIC~1\Apple Computer
[01/04/2008|02:56] E:\DOCUME~1\VERBAL~1\APPLIC~1\com.uplayme.airclient.9B472EFF9A3BAE26509EDFEDD3D8214233BACDB1.1
[27/09/2008|05:28] E:\DOCUME~1\VERBAL~1\APPLIC~1\Computer Aces
[27/09/2008|05:54] E:\DOCUME~1\VERBAL~1\APPLIC~1\CoreFTP
[01/07/2008|02:27] E:\DOCUME~1\VERBAL~1\APPLIC~1\DAEMON Tools Pro
[19/08/2008|02:18] E:\DOCUME~1\VERBAL~1\APPLIC~1\dvdcss
[22/03/2008|16:27] E:\DOCUME~1\VERBAL~1\APPLIC~1\EBP
[11/06/2008|03:35] E:\DOCUME~1\VERBAL~1\APPLIC~1\FileZilla
[07/10/2008|01:03] E:\DOCUME~1\VERBAL~1\APPLIC~1\Flickr
[28/02/2008|23:13] E:\DOCUME~1\VERBAL~1\APPLIC~1\Identities
[08/03/2008|21:26] E:\DOCUME~1\VERBAL~1\APPLIC~1\Macromedia
[30/09/2008|23:08] E:\DOCUME~1\VERBAL~1\APPLIC~1\Microsoft
[26/05/2008|21:06] E:\DOCUME~1\VERBAL~1\APPLIC~1\Move Networks
[10/03/2008|00:51] E:\DOCUME~1\VERBAL~1\APPLIC~1\Mozilla
[03/08/2008|17:19] E:\DOCUME~1\VERBAL~1\APPLIC~1\MySpace
[29/04/2008|17:35] E:\DOCUME~1\VERBAL~1\APPLIC~1\Nero
[15/07/2008|00:23] E:\DOCUME~1\VERBAL~1\APPLIC~1\Propellerhead Software
[22/09/2008|20:01] E:\DOCUME~1\VERBAL~1\APPLIC~1\Publish Providers
[02/03/2008|21:42] E:\DOCUME~1\VERBAL~1\APPLIC~1\Real
[02/08/2008|00:12] E:\DOCUME~1\VERBAL~1\APPLIC~1\ShoppingReport
[23/09/2008|00:34] E:\DOCUME~1\VERBAL~1\APPLIC~1\Sony
[03/04/2008|20:34] E:\DOCUME~1\VERBAL~1\APPLIC~1\Sun
[07/08/2008|17:46] E:\DOCUME~1\VERBAL~1\APPLIC~1\U3
[06/06/2008|10:48] E:\DOCUME~1\VERBAL~1\APPLIC~1\vlc
[15/03/2008|00:50] E:\DOCUME~1\VERBAL~1\APPLIC~1\WinRAR
[05/04/2008|14:15] E:\DOCUME~1\VERBAL~1\APPLIC~1\Yahoo!
--------------------\\ Tâches planifiées dans E:\WINDOWS\tasks
[12/10/2008 00:44][--a------] E:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[11/10/2008 02:14][--ah-----] E:\WINDOWS\tasks\MP Scheduled Scan.job
[10/10/2008 22:10][--a------] E:\WINDOWS\tasks\AppleSoftwareUpdate.job
[10/10/2008 21:54][--ah-----] E:\WINDOWS\tasks\SA.DAT
[05/08/2004 14:00][-r-h-----] E:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans E:\Program Files
[11/09/2008|02:07] E:\Program Files\Adobe
[08/03/2008|02:36] E:\Program Files\Apple Software Update
[25/04/2008|11:17] E:\Program Files\AVI Codec Pack
[08/03/2008|02:36] E:\Program Files\Bonjour
[28/02/2008|23:00] E:\Program Files\ComPlus Applications
[29/02/2008|01:09] E:\Program Files\DIFX
[29/02/2008|03:13] E:\Program Files\DivX
[17/07/2008|05:24] E:\Program Files\East West
[25/03/2008|20:56] E:\Program Files\EBP
[11/07/2008|23:02] E:\Program Files\Fichiers communs
[10/06/2008|22:44] E:\Program Files\FileZilla FTP Client
[18/07/2008|21:55] E:\Program Files\FriendBlasterPro
[08/05/2008|22:17] E:\Program Files\Hotspot Shield
[20/07/2008|22:29] E:\Program Files\Image-Line
[02/08/2008|01:47] E:\Program Files\InstallShield Installation Information
[14/08/2008|03:01] E:\Program Files\Internet Explorer
[12/03/2008|13:22] E:\Program Files\iPod
[01/04/2008|02:56] E:\Program Files\iTunes
[21/03/2008|23:56] E:\Program Files\Java
[14/08/2008|03:05] E:\Program Files\Messenger
[28/02/2008|23:04] E:\Program Files\microsoft frontpage
[14/09/2008|20:57] E:\Program Files\Microsoft SQL Server Compact Edition
[24/06/2008|13:49] E:\Program Files\Microsoft Visual Studio
[24/06/2008|13:50] E:\Program Files\Microsoft Works
[28/02/2008|23:01] E:\Program Files\Movie Maker
[12/10/2008|00:28] E:\Program Files\Mozilla Firefox
[01/08/2008|22:30] E:\Program Files\Mp3 Song Plays Increaser
[24/06/2008|13:50] E:\Program Files\MSBuild
[07/09/2008|22:06] E:\Program Files\MSECache
[20/09/2008|23:21] E:\Program Files\MSN
[28/02/2008|23:00] E:\Program Files\MSN Gaming Zone
[18/05/2008|20:14] E:\Program Files\mst software
[01/05/2008|11:22] E:\Program Files\MSXML 4.0
[03/08/2008|17:19] E:\Program Files\MySpace
[29/02/2008|13:36] E:\Program Files\NETGEAR
[15/09/2008|18:53] E:\Program Files\NetMeeting
[17/09/2008|21:13] E:\Program Files\NOS
[28/02/2008|23:00] E:\Program Files\Online Services
[03/03/2008|04:04] E:\Program Files\Outlook Express
[10/10/2008|23:57] E:\Program Files\PCHealthCenter
[08/03/2008|02:36] E:\Program Files\QuickTime
[02/03/2008|21:38] E:\Program Files\Real
[28/02/2008|23:02] E:\Program Files\Services en ligne
[07/07/2008|14:11] E:\Program Files\ShoppingReport
[22/09/2008|19:40] E:\Program Files\Sony
[21/03/2008|23:56] E:\Program Files\Sun
[28/02/2008|23:13] E:\Program Files\Uninstall Information
[08/10/2008|22:47] E:\Program Files\Veoh Networks
[22/09/2008|19:35] E:\Program Files\Vstplugins
[03/08/2008|17:34] E:\Program Files\Windows Defender
[16/09/2008|03:01] E:\Program Files\Windows Live
[14/09/2008|20:57] E:\Program Files\Windows Live Favorites
[14/09/2008|20:57] E:\Program Files\Windows Live Toolbar
[02/03/2008|15:11] E:\Program Files\Windows Media Connect 2
[01/04/2008|02:56] E:\Program Files\Windows Media Player
[28/02/2008|23:00] E:\Program Files\Windows NT
[28/02/2008|23:02] E:\Program Files\WindowsUpdate
[15/03/2008|00:49] E:\Program Files\WinRAR
[28/02/2008|23:04] E:\Program Files\xerox
[02/03/2008|15:34] E:\Program Files\Xvid
[03/04/2008|21:31] E:\Program Files\Yahoo!
[22/03/2008|00:00] E:\Program Files\Your Freedom
--------------------\\ Listing des dossiers dans E:\Program Files\Fichiers communs
[18/09/2008|12:36] E:\Program Files\Fichiers communs\Adobe
[08/03/2008|02:35] E:\Program Files\Fichiers communs\Apple
[11/07/2008|23:02] E:\Program Files\Fichiers communs\debugmode
[24/06/2008|13:49] E:\Program Files\Fichiers communs\DESIGNER
[22/03/2008|16:27] E:\Program Files\Fichiers communs\EBP
[01/07/2008|10:41] E:\Program Files\Fichiers communs\EZB Systems
[29/02/2008|00:55] E:\Program Files\Fichiers communs\InstallShield
[21/03/2008|23:49] E:\Program Files\Fichiers communs\Java
[22/09/2008|19:33] E:\Program Files\Fichiers communs\Microsoft Shared
[28/02/2008|23:01] E:\Program Files\Fichiers communs\MSSoap
[28/02/2008|23:41] E:\Program Files\Fichiers communs\ODBC
[21/03/2008|01:09] E:\Program Files\Fichiers communs\Pervasive Software Shared
[02/03/2008|21:38] E:\Program Files\Fichiers communs\Real
[28/02/2008|23:01] E:\Program Files\Fichiers communs\Services
[28/02/2008|23:41] E:\Program Files\Fichiers communs\SpeechEngines
[24/06/2008|13:46] E:\Program Files\Fichiers communs\System
[08/03/2008|21:24] E:\Program Files\Fichiers communs\WindowsLiveInstaller
[02/07/2008|23:44] E:\Program Files\Fichiers communs\Wise Installation Wizard
[02/03/2008|21:38] E:\Program Files\Fichiers communs\xing shared
--------------------\\ Process
( 57 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adopt.euroclick[2].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 01:05:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 2
--------------------\\ Recherche d'autres infections
E:\WINDOWS\system32\CIOUtBeg.ini
E:\WINDOWS\system32\CIOUtBeg.ini2
==> VUNDO <==
[F:398][D:22]-> E:\DOCUME~1\VERBAL~1\LOCALS~1\Temp
[F:249][D:0]-> E:\DOCUME~1\VERBAL~1\Cookies
[F:1850][D:15]-> E:\DOCUME~1\VERBAL~1\LOCALS~1\TEMPOR~1\content.IE5
1 - "E:\Lop SD\LopR_1.txt" - 11/10/2008|19:22 - Option : [1]
2 - "E:\Lop SD\LopR_2.txt" - 12/10/2008| 1:07 - Option : [2]
--------------------\\ Fin du rapport a 1:07:55
plus le log hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:09:08, on 12/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe
C:\Program Files\aawservice.exe
E:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Office12\GrooveMonitor.exe
E:\Program Files\Windows Defender\MSASCui.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Documents and Settings\verbal king\Application Data\Adobe\Player.exe
E:\Program Files\MySpace\IM\MySpaceIM.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Piratrax\piratrax.exe
E:\Program Files\NETGEAR\WN121T\wn121t.exe
E:\Program Files\MySpace\IM\MySpaceIM.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Hotspot Shield\bin\openvpnas.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\PVSW\Bin\WGE_SRV.EXE
E:\WINDOWS\system32\svchost.exe
E:\PVSW\BIN\W3dbsmgr.EXE
E:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
E:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe
E:\DOCUME~1\VERBAL~1\LOCALS~1\Temp\Répertoire temporaire 8 pour musiCutter0.7.1_fr.zip\musiCutter.exe
C:\Program Files\CDArch52.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\system32\cmd.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
E:\WINDOWS\system32\cmd.exe
E:\WINDOWS\system32\NOTEPAD.EXE
C:\divers\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://fr.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - E:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - E:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HControl] E:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [b0799d90] rundll32.exe "E:\WINDOWS\system32\jxwbvygr.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [amva] E:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [Netlog 24] "E:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe"
O4 - HKCU\..\Run: [Veoh] "E:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [] E:\Documents and Settings\verbal king\Application Data\Adobe\Player.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [MySpaceIM] E:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Piratrax] C:\Program Files\Piratrax\piratrax_launch.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [VeohPlugin] "E:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WN121T Smart Wizard.lnk = E:\Program Files\NETGEAR\WN121T\wn121t.exe
O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: tsusdj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - E:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - E:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: EBP - Pervasive.SQL Workgroup (Pervasive.SQL Workgroup) - Unknown owner - E:\PVSW\Bin\WGE_SRV.EXE
--
End of file - 9563 bytes
merci
bonjour
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Lassé par la pub ? Créez un compte
