778 utilisateurs connectés
Redirection GO.google.com
vanvg
le 10 décembre 2008 à 21h19
Bonjour,
Donc voilà mon problème.
Lorsque je fais des recherches sur Google (mais aussi sur Yahoo!), il y a une redirection sur un site go.google/yahoo qui m'amène sur de la pub.
Est-ce que vous savez comment arrêter ça??
Merci de vos réponses.
Donc voilà mon problème.
Lorsque je fais des recherches sur Google (mais aussi sur Yahoo!), il y a une redirection sur un site go.google/yahoo qui m'amène sur de la pub.
Est-ce que vous savez comment arrêter ça??
Merci de vos réponses.
répondre
naheulbeuk
le 10 décembre 2008 à 23h22
bonsoir,
Télécharge ComboFix (créé par sUBs) sur ton Bureau
Démarre en mode sans échec : http://forum.telecharger.01net.com/telecharger/virus_et_assimiles/failles_de_(...)
Double clique combofix.exe.
Le scan va démarrer, laisse toi guider.
ComboFix redémarrera ton PC
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Télécharge ComboFix (créé par sUBs) sur ton Bureau
Démarre en mode sans échec : http://forum.telecharger.01net.com/telecharger/virus_et_assimiles/failles_de_(...)
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
vanvg
le 12 décembre 2008 à 09h08
Bonjour,
Merci pour ta réponse.
J'ai juste un problème, le lien ne marche, j'ai fait des recherches sur internet mais j'ai rien trouvé...
Merci
Merci pour ta réponse.
J'ai juste un problème, le lien ne marche, j'ai fait des recherches sur internet mais j'ai rien trouvé...
Merci
naheulbeuk
le 12 décembre 2008 à 09h38
si il marche mais ton infectin t'empèche d'y accéder
http://www.site-naheulbeuk.com/cbf.exe
http://www.site-naheulbeuk.com/cbf.exe
-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
vanvg
le 12 décembre 2008 à 16h57
Merci ;-)
ComboFix 08-12-11.04 - Evan 2008-12-12 14:00:45.1 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.278 [GMT 1:00]
[B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B]
.
Les fichiers ci-dessous ont été désactivés pendant l'exécution:
c:\windows\system32\nepimari.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Evan\Application Data\SEEKMOREMETA
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\axchpsab.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\bcqhwskz.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\Book Readme 64.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\Default Bolt Move Ace.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\gvfnnfjg.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\gycsviup.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\kaomgmri.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\nvbsptqp.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\plfiyedr.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\qakaumif.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\Two wma.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\vzlaihqz.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\wfzonbjk.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\wlgwtxfe.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\xrwrrhme.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\xtceisha.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\xxvmhqis.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\ybcicaix.exe
c:\program files\WhenUSearch
c:\program files\WhenUSearch\search.dll
c:\windows\IE4 Error Log.txt
c:\windows\system32\abivapuk.ini
c:\windows\system32\bivayuye.dll
c:\windows\system32\dejufedu.dll
c:\windows\system32\doriyubi.dll
c:\windows\system32\dotipiwu.dll
c:\windows\system32\Drivers\TDSSiyncuuxn.sys
c:\windows\system32\drivers\TDSSpqlt.sys
c:\windows\system32\dudumese.dll
c:\windows\system32\egukayir.ini
c:\windows\system32\ejigoreg.ini
c:\windows\system32\emewigig.ini
c:\windows\system32\etokegiy.ini
c:\windows\system32\fefirifu.dll
c:\windows\system32\gerogije.dll
c:\windows\system32\gigiweme.dll
c:\windows\system32\gokuteho.dll
c:\windows\system32\govuyoni.dll
c:\windows\system32\gumapoke.dll.vir
c:\windows\system32\hozegupo.dll
c:\windows\system32\ibuyirod.ini
c:\windows\system32\imagavis.ini
c:\windows\system32\iritinar.ini
c:\windows\system32\irudulim.ini
c:\windows\system32\kiwayoro.dll
c:\windows\system32\kulofepo.dll
c:\windows\system32\kupaviba.dll
c:\windows\system32\larihisu.dll
c:\windows\system32\lehelojo.dll
c:\windows\system32\mibewoja.dll
c:\windows\system32\migunugo.dll
c:\windows\system32\miluduri.dll
c:\windows\system32\mosigahe.dll
c:\windows\system32\nehamubu.dll
c:\windows\system32\nepimari.dll
c:\windows\system32\onowowov.ini
c:\windows\system32\opefoluk.ini
c:\windows\system32\oroyawik.ini
c:\windows\system32\pojogije.dll
c:\windows\system32\popefuha.dll
c:\windows\system32\ranitiri.dll
c:\windows\system32\rewutoha.dll
c:\windows\system32\riyakuge.dll
c:\windows\system32\sapayuse.dll
c:\windows\system32\sekanawo.dll
c:\windows\system32\sivagami.dll
c:\windows\system32\sosazeri.dll
c:\windows\system32\suvogemi.dll.vir
c:\windows\system32\TDSSbrsr.dll
c:\windows\system32\TDSSddlqmtum.dll
c:\windows\system32\TDSSgnomywky.dat
c:\windows\system32\TDSSgpqourxf.dll
c:\windows\system32\TDSSiklxxmlw.dll
c:\windows\system32\TDSSketyulju.log
c:\windows\system32\TDSSlxwp.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSoiqh.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSrhym.log
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSsihc.dll
c:\windows\system32\TDSStjqkjvfo.dll
c:\windows\system32\TDSStkdu.log
c:\windows\system32\TDSSxfum.dll
c:\windows\system32\TDSSxmdjelcw.dll
c:\windows\system32\ubumahen.ini
c:\windows\system32\ubumahen.ini2
c:\windows\system32\ubumahen.tmp
c:\windows\system32\ufirifef.ini
c:\windows\system32\ukowumoj.ini
c:\windows\system32\uregedet.ini
c:\windows\system32\vajozesi.dll
c:\windows\system32\veregofu.dll
c:\windows\system32\vowowono.dll
c:\windows\system32\wukaripa.dll
c:\windows\system32\yedejava.dll
c:\windows\system32\yigekote.dll
c:\windows\system32\yopalimi.dll
c:\windows\system32\zaregabi.dll
c:\windows\system32\zerakede.dll
----- BITS: Il y a peut-être des sites infectés -----
hxxp://netsupport2.sunrise.ch
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-12 au 2008-12-12 ))))))))))))))))))))))))))))))))))))
.
2008-12-12 13:22 . 2008-12-12 13:22 <REP> d-------- c:\program files\ESET
2008-12-12 09:19 . 2008-12-12 09:19 <REP> d-------- c:\program files\AxBx
2008-12-11 13:06 . 2008-12-11 13:06 <REP> d-------- c:\program files\SEEKMOREMETA
2008-12-05 17:06 . 2008-12-05 17:06 <REP> d-------- c:\program files\Microsoft SQL Server
2008-12-05 17:04 . 2008-12-05 17:04 156 --a------ c:\windows\system32\b5ff1e1e-8c81-45a5-9e24-b9357b0ac975.3.lrf
2008-12-05 17:01 . 2008-12-05 17:01 <REP> d-------- c:\program files\Media Bonza
2008-12-05 16:55 . 2008-12-05 17:31 <REP> d-------- C:\Radit31
2008-12-03 17:28 . 2008-12-03 17:28 <REP> d-------- c:\documents and settings\All Users\Application Data\SupportSoft
2008-12-03 17:21 . 2008-12-05 16:18 <REP> d-------- c:\program files\Sunrise
2008-11-23 18:52 . 2008-11-23 18:52 1,409 --a------ c:\windows\system32\tmpD5563.FOT
2008-11-23 18:52 . 2008-11-23 18:52 1,409 --a------ c:\windows\system32\tmpBB563.FOT
2008-11-19 18:37 . 2008-11-27 18:05 <REP> d-------- c:\documents and settings\Evan\Application Data\NCH Swift Sound
2008-11-19 18:37 . 2008-11-19 18:37 <REP> d-------- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-11-18 19:17 . 2008-11-18 19:17 1,409 --a------ c:\windows\system32\tmpBCB4C.FOT
2008-11-18 19:17 . 2008-11-18 19:17 1,409 --a------ c:\windows\system32\tmp6AC4C.FOT
2008-11-16 13:31 . 2008-11-27 18:06 <REP> d-------- c:\program files\SpacialAudio
2008-11-16 13:31 . 2008-11-16 13:31 <REP> d-------- c:\program files\Firebird
2008-11-16 13:31 . 2005-09-23 00:05 548,864 --a------ c:\windows\system32\msvcp80.dll
2008-11-15 13:32 . 2008-11-15 13:32 <REP> d-------- c:\documents and settings\All Users\Application Data\RapidSolution
2008-11-15 13:23 . 2008-11-15 13:23 3,026 --a------ c:\windows\system32\drivers\hwinterface.sys
2008-11-15 13:02 . 2008-11-15 13:08 <REP> d-------- c:\program files\StationPlaylist
2008-11-15 10:35 . 2008-11-15 10:52 <REP> d-------- c:\program files\Webcamfirst
2008-11-15 10:16 . 2008-11-15 10:16 <REP> d-------- c:\documents and settings\All Users\Application Data\CyberLink
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 08:12 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-10 11:28 --------- d-----w c:\program files\ComptaOne
2008-12-09 15:00 --------- d-----w c:\program files\Fichiers communs\Real
2008-12-05 16:34 --------- d-----w c:\program files\Fichiers communs\Apple
2008-12-05 15:25 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-05 15:22 --------- d-----w c:\program files\Winamp
2008-12-03 11:23 --------- d-----w c:\program files\Common Files
2008-11-30 19:13 --------- d-----w c:\program files\Zattoo
2008-11-29 21:53 --------- d-----w c:\program files\Windows Live
2008-11-29 21:49 --------- d-----w c:\program files\SHOUTcast
2008-11-29 21:44 --------- d-----w c:\program files\Hot Jingle Player
2008-11-29 21:42 --------- d-----w c:\program files\Windows Live Toolbar
2008-11-28 16:49 --------- d-----w c:\program files\Icecast2 Win32
2008-11-28 16:27 --------- d-----w c:\program files\Winamp Toolbar
2008-11-27 17:19 --------- d-----w c:\documents and settings\All Users\Application Data\Book Slow Axis Web
2008-11-27 17:07 --------- d-----w c:\program files\OneStep
2008-11-16 12:19 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-15 10:03 --------- d-----w c:\program files\VeriSign
2008-11-15 10:01 --------- d-----w c:\program files\Capturino 1.4
2008-11-09 09:18 --------- d-----w c:\program files\TomTom DesktopSuite
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 10:27 --------- d-----w c:\program files\My Easy Cartoucheur v2.0
2008-03-28 09:15 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-02-18 20:03 284 ----a-w c:\documents and settings\Darrell\Application Data\ViewerApp.dat
2007-02-17 15:59 284 ----a-w c:\documents and settings\Evan\Application Data\ViewerApp.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"$Volumouse$"="c:\program files\Volumouse\volumouse.exe" [2007-11-23 30208]
"Google Update"="c:\documents and settings\Evan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-01 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"axis web cake second"="c:\documents and settings\All Users\Application Data\Book Slow Axis Web\Fork Wave.exe" [2008-12-12 5067776]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2005-09-28 172544]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
c:\documents and settings\Evan\Menu D‚marrer\Programmes\D‚marrage\
Sowieso (vocabulaire).lnk - c:\program files\SoWieSo (entraŒnement au vocabulaire)\index.htm [2003-12-14 4361]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\WINDOWS\\system32\\ntvdm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Zattoo\\Zattoo2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwuSchd2.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
S1 hwinterface;hwinterface;c:\windows\system32\Drivers\hwinterface.sys [2008-11-15 3026]
S2 Icecast-trunk;Icecast-trunk Streaming Media Server;"c:\program files\Icecast2 Win32\icecastService.exe" "c:\program files\Icecast2 Win32" [2008-10-11 417792]
S2 sprtsvc_sunrise;SupportSoft Sprocket Service (sunrise);c:\program files\Sunrise\bin\sprtsvc.exe /service /p sunrise []
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2006-06-12 215040]
S3 SQ931;USB 2.0 Video Camera;c:\windows\system32\Drivers\Capt931a.sys []
S3 tenCapture;tenCapture;c:\windows\system32\DRIVERS\tenCapture.sys [2007-04-21 9344]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c0890be-0a37-11dd-996f-001731bebb77}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9737ce12-620f-11dd-9a57-001731bebb77}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97e9b0da-eb3a-11da-a8bc-003005b2b4c7}]
\Shell\AutoRun\command - J:\setupSNK.exe
.
Contenu du dossier 'Tâches planifiées'
2008-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-12-12 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Evan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 17:22]
2008-12-11 c:\windows\Tasks\Paint.job
- c:\windows\system32\mspaint.exe [2004-08-05 13:00]
2007-07-31 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
- c:\program files\RegistrySmart\RegistrySmart.exe []
2007-07-31 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
- c:\program files\RegistrySmart []
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{fc3b8600-5f76-4503-8daf-6171e4d5bd1d} - c:\windows\system32\vajozesi.dll
HKCU-Run-Yahoo! Pager - :~c:\program files\Yahoo!\Messenger\ypager.exe
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKCU-Run-SweetIM - c:\program files\Macrogaming\SweetIM\SweetIM.exe
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-Bait Close - \Two wma.exe
HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\HOMERunner.exe
HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-EoEngine - (no file)
HKLM-Run-EoNet - (no file)
SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\nepimari.dll
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ch/ig?hl=fr
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 3.81\AMVConverter\grab.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 3.81\MediaManager\grab.html
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
c:\windows\Downloaded Program Files\Rawflow.ocx - O16 -: {029FDBA6-3547-11D7-AA4C-0050BF051A00}
hxxp://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
FF - ProfilePath - c:\documents and settings\Evan\Application Data\Mozilla\Firefox\Profiles\huzy3vgy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocat(...)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch/
FF - plugin: c:\documents and settings\Evan\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-12 14:17:23
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-12-12 14:21:28 - La machine a redémarré [Evan]
ComboFix-quarantined-files.txt 2008-12-12 13:20:50
Avant-CF: 55,766,188,032 octets libres
Après-CF: 61,047,263,232 octets libres
300 --- E O F --- 2008-11-13 11:49:14
ComboFix 08-12-11.04 - Evan 2008-12-12 14:00:45.1 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.278 [GMT 1:00]
[B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B]
.
Les fichiers ci-dessous ont été désactivés pendant l'exécution:
c:\windows\system32\nepimari.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Evan\Application Data\SEEKMOREMETA
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\axchpsab.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\bcqhwskz.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\Book Readme 64.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\Default Bolt Move Ace.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\gvfnnfjg.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\gycsviup.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\kaomgmri.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\nvbsptqp.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\plfiyedr.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\qakaumif.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\Two wma.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\vzlaihqz.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\wfzonbjk.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\wlgwtxfe.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\xrwrrhme.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\xtceisha.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\xxvmhqis.exe
c:\documents and settings\Evan\Application Data\SEEKMOREMETA\ybcicaix.exe
c:\program files\WhenUSearch
c:\program files\WhenUSearch\search.dll
c:\windows\IE4 Error Log.txt
c:\windows\system32\abivapuk.ini
c:\windows\system32\bivayuye.dll
c:\windows\system32\dejufedu.dll
c:\windows\system32\doriyubi.dll
c:\windows\system32\dotipiwu.dll
c:\windows\system32\Drivers\TDSSiyncuuxn.sys
c:\windows\system32\drivers\TDSSpqlt.sys
c:\windows\system32\dudumese.dll
c:\windows\system32\egukayir.ini
c:\windows\system32\ejigoreg.ini
c:\windows\system32\emewigig.ini
c:\windows\system32\etokegiy.ini
c:\windows\system32\fefirifu.dll
c:\windows\system32\gerogije.dll
c:\windows\system32\gigiweme.dll
c:\windows\system32\gokuteho.dll
c:\windows\system32\govuyoni.dll
c:\windows\system32\gumapoke.dll.vir
c:\windows\system32\hozegupo.dll
c:\windows\system32\ibuyirod.ini
c:\windows\system32\imagavis.ini
c:\windows\system32\iritinar.ini
c:\windows\system32\irudulim.ini
c:\windows\system32\kiwayoro.dll
c:\windows\system32\kulofepo.dll
c:\windows\system32\kupaviba.dll
c:\windows\system32\larihisu.dll
c:\windows\system32\lehelojo.dll
c:\windows\system32\mibewoja.dll
c:\windows\system32\migunugo.dll
c:\windows\system32\miluduri.dll
c:\windows\system32\mosigahe.dll
c:\windows\system32\nehamubu.dll
c:\windows\system32\nepimari.dll
c:\windows\system32\onowowov.ini
c:\windows\system32\opefoluk.ini
c:\windows\system32\oroyawik.ini
c:\windows\system32\pojogije.dll
c:\windows\system32\popefuha.dll
c:\windows\system32\ranitiri.dll
c:\windows\system32\rewutoha.dll
c:\windows\system32\riyakuge.dll
c:\windows\system32\sapayuse.dll
c:\windows\system32\sekanawo.dll
c:\windows\system32\sivagami.dll
c:\windows\system32\sosazeri.dll
c:\windows\system32\suvogemi.dll.vir
c:\windows\system32\TDSSbrsr.dll
c:\windows\system32\TDSSddlqmtum.dll
c:\windows\system32\TDSSgnomywky.dat
c:\windows\system32\TDSSgpqourxf.dll
c:\windows\system32\TDSSiklxxmlw.dll
c:\windows\system32\TDSSketyulju.log
c:\windows\system32\TDSSlxwp.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSoiqh.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSrhym.log
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSsihc.dll
c:\windows\system32\TDSStjqkjvfo.dll
c:\windows\system32\TDSStkdu.log
c:\windows\system32\TDSSxfum.dll
c:\windows\system32\TDSSxmdjelcw.dll
c:\windows\system32\ubumahen.ini
c:\windows\system32\ubumahen.ini2
c:\windows\system32\ubumahen.tmp
c:\windows\system32\ufirifef.ini
c:\windows\system32\ukowumoj.ini
c:\windows\system32\uregedet.ini
c:\windows\system32\vajozesi.dll
c:\windows\system32\veregofu.dll
c:\windows\system32\vowowono.dll
c:\windows\system32\wukaripa.dll
c:\windows\system32\yedejava.dll
c:\windows\system32\yigekote.dll
c:\windows\system32\yopalimi.dll
c:\windows\system32\zaregabi.dll
c:\windows\system32\zerakede.dll
----- BITS: Il y a peut-être des sites infectés -----
hxxp://netsupport2.sunrise.ch
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-12 au 2008-12-12 ))))))))))))))))))))))))))))))))))))
.
2008-12-12 13:22 . 2008-12-12 13:22 <REP> d-------- c:\program files\ESET
2008-12-12 09:19 . 2008-12-12 09:19 <REP> d-------- c:\program files\AxBx
2008-12-11 13:06 . 2008-12-11 13:06 <REP> d-------- c:\program files\SEEKMOREMETA
2008-12-05 17:06 . 2008-12-05 17:06 <REP> d-------- c:\program files\Microsoft SQL Server
2008-12-05 17:04 . 2008-12-05 17:04 156 --a------ c:\windows\system32\b5ff1e1e-8c81-45a5-9e24-b9357b0ac975.3.lrf
2008-12-05 17:01 . 2008-12-05 17:01 <REP> d-------- c:\program files\Media Bonza
2008-12-05 16:55 . 2008-12-05 17:31 <REP> d-------- C:\Radit31
2008-12-03 17:28 . 2008-12-03 17:28 <REP> d-------- c:\documents and settings\All Users\Application Data\SupportSoft
2008-12-03 17:21 . 2008-12-05 16:18 <REP> d-------- c:\program files\Sunrise
2008-11-23 18:52 . 2008-11-23 18:52 1,409 --a------ c:\windows\system32\tmpD5563.FOT
2008-11-23 18:52 . 2008-11-23 18:52 1,409 --a------ c:\windows\system32\tmpBB563.FOT
2008-11-19 18:37 . 2008-11-27 18:05 <REP> d-------- c:\documents and settings\Evan\Application Data\NCH Swift Sound
2008-11-19 18:37 . 2008-11-19 18:37 <REP> d-------- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-11-18 19:17 . 2008-11-18 19:17 1,409 --a------ c:\windows\system32\tmpBCB4C.FOT
2008-11-18 19:17 . 2008-11-18 19:17 1,409 --a------ c:\windows\system32\tmp6AC4C.FOT
2008-11-16 13:31 . 2008-11-27 18:06 <REP> d-------- c:\program files\SpacialAudio
2008-11-16 13:31 . 2008-11-16 13:31 <REP> d-------- c:\program files\Firebird
2008-11-16 13:31 . 2005-09-23 00:05 548,864 --a------ c:\windows\system32\msvcp80.dll
2008-11-15 13:32 . 2008-11-15 13:32 <REP> d-------- c:\documents and settings\All Users\Application Data\RapidSolution
2008-11-15 13:23 . 2008-11-15 13:23 3,026 --a------ c:\windows\system32\drivers\hwinterface.sys
2008-11-15 13:02 . 2008-11-15 13:08 <REP> d-------- c:\program files\StationPlaylist
2008-11-15 10:35 . 2008-11-15 10:52 <REP> d-------- c:\program files\Webcamfirst
2008-11-15 10:16 . 2008-11-15 10:16 <REP> d-------- c:\documents and settings\All Users\Application Data\CyberLink
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 08:12 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-10 11:28 --------- d-----w c:\program files\ComptaOne
2008-12-09 15:00 --------- d-----w c:\program files\Fichiers communs\Real
2008-12-05 16:34 --------- d-----w c:\program files\Fichiers communs\Apple
2008-12-05 15:25 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-05 15:22 --------- d-----w c:\program files\Winamp
2008-12-03 11:23 --------- d-----w c:\program files\Common Files
2008-11-30 19:13 --------- d-----w c:\program files\Zattoo
2008-11-29 21:53 --------- d-----w c:\program files\Windows Live
2008-11-29 21:49 --------- d-----w c:\program files\SHOUTcast
2008-11-29 21:44 --------- d-----w c:\program files\Hot Jingle Player
2008-11-29 21:42 --------- d-----w c:\program files\Windows Live Toolbar
2008-11-28 16:49 --------- d-----w c:\program files\Icecast2 Win32
2008-11-28 16:27 --------- d-----w c:\program files\Winamp Toolbar
2008-11-27 17:19 --------- d-----w c:\documents and settings\All Users\Application Data\Book Slow Axis Web
2008-11-27 17:07 --------- d-----w c:\program files\OneStep
2008-11-16 12:19 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-15 10:03 --------- d-----w c:\program files\VeriSign
2008-11-15 10:01 --------- d-----w c:\program files\Capturino 1.4
2008-11-09 09:18 --------- d-----w c:\program files\TomTom DesktopSuite
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 10:27 --------- d-----w c:\program files\My Easy Cartoucheur v2.0
2008-03-28 09:15 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-02-18 20:03 284 ----a-w c:\documents and settings\Darrell\Application Data\ViewerApp.dat
2007-02-17 15:59 284 ----a-w c:\documents and settings\Evan\Application Data\ViewerApp.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"$Volumouse$"="c:\program files\Volumouse\volumouse.exe" [2007-11-23 30208]
"Google Update"="c:\documents and settings\Evan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-01 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"axis web cake second"="c:\documents and settings\All Users\Application Data\Book Slow Axis Web\Fork Wave.exe" [2008-12-12 5067776]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2005-09-28 172544]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
c:\documents and settings\Evan\Menu D‚marrer\Programmes\D‚marrage\
Sowieso (vocabulaire).lnk - c:\program files\SoWieSo (entraŒnement au vocabulaire)\index.htm [2003-12-14 4361]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\WINDOWS\\system32\\ntvdm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Zattoo\\Zattoo2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwuSchd2.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
S1 hwinterface;hwinterface;c:\windows\system32\Drivers\hwinterface.sys [2008-11-15 3026]
S2 Icecast-trunk;Icecast-trunk Streaming Media Server;"c:\program files\Icecast2 Win32\icecastService.exe" "c:\program files\Icecast2 Win32" [2008-10-11 417792]
S2 sprtsvc_sunrise;SupportSoft Sprocket Service (sunrise);c:\program files\Sunrise\bin\sprtsvc.exe /service /p sunrise []
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2006-06-12 215040]
S3 SQ931;USB 2.0 Video Camera;c:\windows\system32\Drivers\Capt931a.sys []
S3 tenCapture;tenCapture;c:\windows\system32\DRIVERS\tenCapture.sys [2007-04-21 9344]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c0890be-0a37-11dd-996f-001731bebb77}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9737ce12-620f-11dd-9a57-001731bebb77}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97e9b0da-eb3a-11da-a8bc-003005b2b4c7}]
\Shell\AutoRun\command - J:\setupSNK.exe
.
Contenu du dossier 'Tâches planifiées'
2008-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-12-12 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Evan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 17:22]
2008-12-11 c:\windows\Tasks\Paint.job
- c:\windows\system32\mspaint.exe [2004-08-05 13:00]
2007-07-31 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
- c:\program files\RegistrySmart\RegistrySmart.exe []
2007-07-31 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
- c:\program files\RegistrySmart []
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{fc3b8600-5f76-4503-8daf-6171e4d5bd1d} - c:\windows\system32\vajozesi.dll
HKCU-Run-Yahoo! Pager - :~c:\program files\Yahoo!\Messenger\ypager.exe
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKCU-Run-SweetIM - c:\program files\Macrogaming\SweetIM\SweetIM.exe
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-Bait Close - \Two wma.exe
HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\HOMERunner.exe
HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-EoEngine - (no file)
HKLM-Run-EoNet - (no file)
SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\nepimari.dll
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ch/ig?hl=fr
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 3.81\AMVConverter\grab.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 3.81\MediaManager\grab.html
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
c:\windows\Downloaded Program Files\Rawflow.ocx - O16 -: {029FDBA6-3547-11D7-AA4C-0050BF051A00}
hxxp://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
FF - ProfilePath - c:\documents and settings\Evan\Application Data\Mozilla\Firefox\Profiles\huzy3vgy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocat(...)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch/
FF - plugin: c:\documents and settings\Evan\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-12 14:17:23
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-12-12 14:21:28 - La machine a redémarré [Evan]
ComboFix-quarantined-files.txt 2008-12-12 13:20:50
Avant-CF: 55,766,188,032 octets libres
Après-CF: 61,047,263,232 octets libres
300 --- E O F --- 2008-11-13 11:49:14
naheulbeuk
le 12 décembre 2008 à 17h21
combofix a bien bossé
Passe un coup de MalwareBytes (scan complet) et nettoie tout ce qu'il trouve
Aide : http://www.site-naheulbeuk.com/malwarebytes.php
Post moi le rapport généré à la fin dans ta prochaine réponse
Passe un coup de MalwareBytes (scan complet) et nettoie tout ce qu'il trouve
Aide : http://www.site-naheulbeuk.com/malwarebytes.php
Post moi le rapport généré à la fin dans ta prochaine réponse
-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
vanvg
le 13 décembre 2008 à 11h20
Merci beaucoup pour ton aide!!!!
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1496
Windows 5.1.2600 Service Pack 2
13-12-2008 11:11:32
mbam-log-2008-12-13 (11-11-32).txt
Type de recherche: Examen complet
Eléments examinés: 65283
Temps écoulé: 1 heure(s), 9 minute(s), 21 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 5
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 8
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 13
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\nusayuta.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\femigegi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yatewefa.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\nomajuzu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\loganoye.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc3b8600-5f76-4503-8daf-6171e4d5bd1d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fc3b8600-5f76-4503-8daf-6171e4d5bd1d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fc3b8600-5f76-4503-8daf-6171e4d5bd1d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pozusenuku (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpma39027d8 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\nusayuta.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\nusayuta.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\nusayuta.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\nomajuzu.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\nomajuzu.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\loganoye.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\loganoye.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\loganoye.dll -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\bowagina.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anigawob.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yatewefa.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\nomajuzu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\femigegi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nusayuta.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\loganoye.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fagometo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vetaweyo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zuhenawu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Darrell\Local Settings\Temporary Internet Files\Content.IE5\SDMZGD2R\style[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\eoRezo (Rogue.Eorezo) -> Delete on reboot.
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1496
Windows 5.1.2600 Service Pack 2
13-12-2008 11:11:32
mbam-log-2008-12-13 (11-11-32).txt
Type de recherche: Examen complet
Eléments examinés: 65283
Temps écoulé: 1 heure(s), 9 minute(s), 21 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 5
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 8
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 13
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\nusayuta.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\femigegi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yatewefa.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\nomajuzu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\loganoye.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc3b8600-5f76-4503-8daf-6171e4d5bd1d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fc3b8600-5f76-4503-8daf-6171e4d5bd1d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fc3b8600-5f76-4503-8daf-6171e4d5bd1d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pozusenuku (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpma39027d8 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\nusayuta.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\nusayuta.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\nusayuta.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\nomajuzu.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\nomajuzu.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\loganoye.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\loganoye.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\loganoye.dll -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\bowagina.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anigawob.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yatewefa.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\nomajuzu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\femigegi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nusayuta.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\loganoye.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fagometo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vetaweyo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zuhenawu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Darrell\Local Settings\Temporary Internet Files\Content.IE5\SDMZGD2R\style[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\eoRezo (Rogue.Eorezo) -> Delete on reboot.
naheulbeuk
le 13 décembre 2008 à 11h45
tu as redémarré pour que malwarebytes finisse son job ?
sinon fais-le
Télécharge HijackThis
Guide d'utilisation : http://www.site-naheulbeuk.com/hijackthis.php
Clique alors sur "Do a system scan and save a logfile"
Le scan se fait très rapidement, puis un bloc-note apparaît
(le "logfile")
Dans ce bloc-note, va dans "Edition", puis "Selectionner Tout",
le texte est alors séléctionné, retourne dans "Edition" toujours
en laissant le texte séléctionné, et clique sur copier.
Colle le contenu ici dans ta prochaine réponse !
sinon fais-le
Télécharge HijackThis
Guide d'utilisation : http://www.site-naheulbeuk.com/hijackthis.php
Clique alors sur "Do a system scan and save a logfile"
Le scan se fait très rapidement, puis un bloc-note apparaît
(le "logfile")
Dans ce bloc-note, va dans "Edition", puis "Selectionner Tout",
le texte est alors séléctionné, retourne dans "Edition" toujours
en laissant le texte séléctionné, et clique sur copier.
Colle le contenu ici dans ta prochaine réponse !
-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
vanvg
le 13 décembre 2008 à 18h42
J'ai redémarré mais il me semble que c^était le premier rapport (où je l'ai pas fais)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:40:03, on 13-12-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Icecast2 Win32\icecastService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Volumouse\volumouse.exe
C:\Documents and Settings\Evan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Evan\Local Settings\temp\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/ig?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [axis web cake second] C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web\Fork Wave.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [$Volumouse$] "C:\Program Files\Volumouse\volumouse.exe" /nodlg
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Evan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [pozusenuku] Rundll32.exe "C:\WINDOWS\system32\yatewefa.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [pozusenuku] Rundll32.exe "C:\WINDOWS\system32\yatewefa.dll",s (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Sowieso (vocabulaire).lnk = ?
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.81\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.81\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CH/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: ,
O23 - Service: Icecast-trunk Streaming Media Server (Icecast-trunk) - Unknown owner - C:\Program Files\Icecast2 Win32\icecastService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (sunrise) (sprtsvc_sunrise) - SupportSoft, Inc. - C:\Program Files\Sunrise\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - Unknown owner - C:\Program Files\Fichiers communs\SupportSoft\bin\ssrc.exe (file missing)
O23 - Service: USBest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Evan/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
--
End of file - 6986 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:40:03, on 13-12-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Icecast2 Win32\icecastService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Volumouse\volumouse.exe
C:\Documents and Settings\Evan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Evan\Local Settings\temp\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/ig?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [axis web cake second] C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web\Fork Wave.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [$Volumouse$] "C:\Program Files\Volumouse\volumouse.exe" /nodlg
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Evan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [pozusenuku] Rundll32.exe "C:\WINDOWS\system32\yatewefa.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [pozusenuku] Rundll32.exe "C:\WINDOWS\system32\yatewefa.dll",s (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Sowieso (vocabulaire).lnk = ?
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.81\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.81\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CH/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: ,
O23 - Service: Icecast-trunk Streaming Media Server (Icecast-trunk) - Unknown owner - C:\Program Files\Icecast2 Win32\icecastService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (sunrise) (sprtsvc_sunrise) - SupportSoft, Inc. - C:\Program Files\Sunrise\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - Unknown owner - C:\Program Files\Fichiers communs\SupportSoft\bin\ssrc.exe (file missing)
O23 - Service: USBest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Evan/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
--
End of file - 6986 bytes
naheulbeuk
le 13 décembre 2008 à 20h43
re, t'es infecté par lop aussi 
Télécharge Lop S&D de Angeldark et Eric71 sur ton bureau.
Double-clique dessus pour lancer l'installation
Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
Séléctionne la langue souhaitée, puis choisis l'Option 1 ( Recherche )
Patiente jusqu'à la fin du scan
Poste le rapport généré ( C:\lopR.txt )
( Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide).
Télécharge Lop S&D de Angeldark et Eric71 sur ton bureau.
( Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide).
-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
vanvg
le 13 décembre 2008 à 21h05
Voilà: Merci encore de ton aide
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : AMD Sempron(tm) Processor 3000+ )
BIOS : BIOS Date: 05/05/06 16:12:58 Ver: 08.00.12
USER : Evan ( Administrator )
BOOT : Normal boot
Firewall : Norton Internet Worm Protection 2006 (Not Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:56 Go)
D:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 13-12-2008|21:00 )
--------------------\\ Listing des dossiers dans APPLIC~1
[08-10-2008|18:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[25-09-2007|16:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\4D
[21-04-2008|13:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[12-07-2007|12:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[12-07-2007|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[27-11-2008|18:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web
[07-05-2007|15:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\cablecom
[15-11-2008|10:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[10-10-2007|16:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[11-05-2008|08:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[04-02-2007|18:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[10-08-2007|18:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
[12-12-2008|18:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[31-07-2007|09:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[17-03-2008|18:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[29-04-2007|16:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[17-06-2007|12:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MotiveSysIDs
[10-09-2007|15:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Mozilla
[05-02-2007|17:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir
[21-07-2008|07:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MySQL
[19-11-2008|18:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
[30-07-2007|06:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
[10-08-2007|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[29-01-2007|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[15-11-2008|13:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\RapidSolution
[12-06-2006|06:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[21-07-2008|08:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[06-09-2007|16:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[28-09-2008|14:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
[03-12-2008|17:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SupportSoft
[28-06-2007|15:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[16-11-2008|13:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[04-08-2008|11:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
[09-04-2007|17:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[11-10-2008|10:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Winamp Toolbar
[17-05-2007|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[17-05-2007|18:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[17-03-2008|17:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[07-09-2007|11:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Xenocode
[12-03-2008|11:18] C:\DOCUME~1\Amadou\APPLIC~1\Adobe
[12-03-2008|10:56] C:\DOCUME~1\Amadou\APPLIC~1\Google
[07-02-2007|16:30] C:\DOCUME~1\Amadou\APPLIC~1\HP
[12-06-2006|06:49] C:\DOCUME~1\Amadou\APPLIC~1\Identities
[12-06-2006|06:49] C:\DOCUME~1\Amadou\APPLIC~1\Macromedia
[12-03-2008|10:56] C:\DOCUME~1\Amadou\APPLIC~1\Microsoft
[29-06-2008|09:07] C:\DOCUME~1\Amadou\APPLIC~1\Mozilla
[17-03-2008|21:00] C:\DOCUME~1\Amadou\APPLIC~1\Real
[12-03-2008|10:53] C:\DOCUME~1\Amadou\APPLIC~1\Sun
[12-03-2008|10:51] C:\DOCUME~1\Amadou\APPLIC~1\Talkback
[05-06-2008|17:41] C:\DOCUME~1\Amadou\APPLIC~1\TOSHIBA
[09-09-2008|16:48] C:\DOCUME~1\BBD540~1\APPLIC~1\Adobe
[11-09-2007|19:01] C:\DOCUME~1\BBD540~1\APPLIC~1\Google
[04-02-2007|18:33] C:\DOCUME~1\BBD540~1\APPLIC~1\HP
[12-06-2006|06:49] C:\DOCUME~1\BBD540~1\APPLIC~1\Identities
[22-05-2007|19:26] C:\DOCUME~1\BBD540~1\APPLIC~1\InterVideo
[23-06-2007|09:54] C:\DOCUME~1\BBD540~1\APPLIC~1\ItsLabel
[12-06-2006|06:49] C:\DOCUME~1\BBD540~1\APPLIC~1\Macromedia
[23-06-2007|09:57] C:\DOCUME~1\BBD540~1\APPLIC~1\Microsoft
[09-09-2008|16:47] C:\DOCUME~1\BBD540~1\APPLIC~1\Mozilla
[01-06-2007|17:15] C:\DOCUME~1\BBD540~1\APPLIC~1\MSNInstaller
[08-03-2008|08:43] C:\DOCUME~1\BBD540~1\APPLIC~1\Real
[01-06-2007|17:14] C:\DOCUME~1\BBD540~1\APPLIC~1\Seven Zip
[26-10-2007|11:59] C:\DOCUME~1\BBD540~1\APPLIC~1\Talkback
[11-05-2008|17:05] C:\DOCUME~1\Darrell\APPLIC~1\Adobe
[24-02-2007|20:10] C:\DOCUME~1\Darrell\APPLIC~1\AdobeUM
[14-07-2007|09:11] C:\DOCUME~1\Darrell\APPLIC~1\Apple Computer
[28-08-2007|06:45] C:\DOCUME~1\Darrell\APPLIC~1\EoRezo
[10-07-2007|19:46] C:\DOCUME~1\Darrell\APPLIC~1\Google
[08-02-2007|19:39] C:\DOCUME~1\Darrell\APPLIC~1\HP
[12-06-2006|06:49] C:\DOCUME~1\Darrell\APPLIC~1\Identities
[29-01-2007|18:14] C:\DOCUME~1\Darrell\APPLIC~1\InterVideo
[23-06-2007|08:51] C:\DOCUME~1\Darrell\APPLIC~1\ItsLabel
[12-06-2006|06:49] C:\DOCUME~1\Darrell\APPLIC~1\Macromedia
[17-06-2007|17:45] C:\DOCUME~1\Darrell\APPLIC~1\Microsoft
[21-09-2008|19:40] C:\DOCUME~1\Darrell\APPLIC~1\Mozilla
[11-08-2007|18:16] C:\DOCUME~1\Darrell\APPLIC~1\PC Suite
[15-11-2008|14:36] C:\DOCUME~1\Darrell\APPLIC~1\Real
[10-07-2007|20:07] C:\DOCUME~1\Darrell\APPLIC~1\Sun
[07-10-2007|19:16] C:\DOCUME~1\Darrell\APPLIC~1\Talkback
[11-05-2008|17:03] C:\DOCUME~1\Darrell\APPLIC~1\TOSHIBA
[12-06-2006|06:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[12-06-2006|06:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[12-06-2006|06:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[20-04-2008|12:57] C:\DOCUME~1\Evan\APPLIC~1\Adobe
[14-06-2007|15:12] C:\DOCUME~1\Evan\APPLIC~1\AdobeAUM
[08-07-2007|07:57] C:\DOCUME~1\Evan\APPLIC~1\AdobeUM
[17-07-2007|15:21] C:\DOCUME~1\Evan\APPLIC~1\Apple Computer
[28-04-2008|20:26] C:\DOCUME~1\Evan\APPLIC~1\Audacity
[28-08-2007|16:28] C:\DOCUME~1\Evan\APPLIC~1\EoRezo
[14-06-2007|19:43] C:\DOCUME~1\Evan\APPLIC~1\F-Secure
[12-07-2008|18:49] C:\DOCUME~1\Evan\APPLIC~1\GetRightToGo
[01-07-2007|15:20] C:\DOCUME~1\Evan\APPLIC~1\Google
[06-07-2007|18:42] C:\DOCUME~1\Evan\APPLIC~1\gtk-2.0
[03-03-2007|18:13] C:\DOCUME~1\Evan\APPLIC~1\Help
[13-02-2007|19:23] C:\DOCUME~1\Evan\APPLIC~1\HP
[03-10-2007|19:41] C:\DOCUME~1\Evan\APPLIC~1\Identities
[20-08-2007|12:29] C:\DOCUME~1\Evan\APPLIC~1\Image Zone Express
[01-02-2007|08:40] C:\DOCUME~1\Evan\APPLIC~1\InterTrust
[06-07-2007|17:33] C:\DOCUME~1\Evan\APPLIC~1\InterVideo
[14-06-2007|16:44] C:\DOCUME~1\Evan\APPLIC~1\ispnews
[22-06-2007|14:31] C:\DOCUME~1\Evan\APPLIC~1\ItsLabel
[25-04-2007|17:32] C:\DOCUME~1\Evan\APPLIC~1\Leadertech
[30-04-2008|19:41] C:\DOCUME~1\Evan\APPLIC~1\LG Electronics
[20-04-2008|12:57] C:\DOCUME~1\Evan\APPLIC~1\Macromedia
[12-12-2008|18:02] C:\DOCUME~1\Evan\APPLIC~1\Malwarebytes
[07-06-2008|14:13] C:\DOCUME~1\Evan\APPLIC~1\Microsoft
[17-05-2007|18:56] C:\DOCUME~1\Evan\APPLIC~1\Motive
[10-09-2007|15:57] C:\DOCUME~1\Evan\APPLIC~1\Mozilla
[14-04-2008|20:36] C:\DOCUME~1\Evan\APPLIC~1\MP-Manager
[27-11-2008|18:05] C:\DOCUME~1\Evan\APPLIC~1\NCH Swift Sound
[20-04-2008|17:22] C:\DOCUME~1\Evan\APPLIC~1\NetMedia Providers
[10-08-2007|18:48] C:\DOCUME~1\Evan\APPLIC~1\Nokia
[18-03-2008|11:52] C:\DOCUME~1\Evan\APPLIC~1\Oniton
[10-08-2007|18:45] C:\DOCUME~1\Evan\APPLIC~1\PC Suite
[20-08-2007|12:27] C:\DOCUME~1\Evan\APPLIC~1\Preclick
[20-04-2008|17:22] C:\DOCUME~1\Evan\APPLIC~1\Publish Providers
[09-12-2008|16:00] C:\DOCUME~1\Evan\APPLIC~1\Real
[07-05-2007|15:03] C:\DOCUME~1\Evan\APPLIC~1\Seven Zip
[21-07-2008|07:00] C:\DOCUME~1\Evan\APPLIC~1\skypePM
[20-04-2008|17:22] C:\DOCUME~1\Evan\APPLIC~1\Sony
[06-07-2007|16:59] C:\DOCUME~1\Evan\APPLIC~1\Sun
[10-09-2007|15:57] C:\DOCUME~1\Evan\APPLIC~1\Talkback
[18-03-2008|19:42] C:\DOCUME~1\Evan\APPLIC~1\Thunderbird
[04-08-2008|11:30] C:\DOCUME~1\Evan\APPLIC~1\TomTom
[06-05-2008|17:05] C:\DOCUME~1\Evan\APPLIC~1\TOSHIBA
[09-04-2007|17:34] C:\DOCUME~1\Evan\APPLIC~1\Ulead Systems
[29-01-2007|16:11] C:\DOCUME~1\Evan\APPLIC~1\Yahoo! Messenger
[14-07-2007|10:11] C:\DOCUME~1\Evan\APPLIC~1\YourScreen
[19-05-2008|15:46] C:\DOCUME~1\INVIT~1\APPLIC~1\Adobe
[19-09-2007|13:53] C:\DOCUME~1\INVIT~1\APPLIC~1\Apple Computer
[09-07-2007|16:57] C:\DOCUME~1\INVIT~1\APPLIC~1\Google
[16-02-2007|20:33] C:\DOCUME~1\INVIT~1\APPLIC~1\HP
[12-06-2006|06:49] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities
[12-06-2006|06:49] C:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia
[21-09-2007|17:57] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft
[07-08-2008|16:50] C:\DOCUME~1\INVIT~1\APPLIC~1\Mozilla
[07-10-2007|21:24] C:\DOCUME~1\INVIT~1\APPLIC~1\Real
[20-09-2007|16:13] C:\DOCUME~1\INVIT~1\APPLIC~1\Sun
[30-09-2007|17:35] C:\DOCUME~1\INVIT~1\APPLIC~1\Talkback
[19-05-2008|15:27] C:\DOCUME~1\INVIT~1\APPLIC~1\TOSHIBA
[17-07-2007|13:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[20-09-2008|19:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla
[12-06-2006|06:49] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[05-05-2008|19:17] C:\DOCUME~1\Sonia\APPLIC~1\Adobe
[28-10-2007|17:02] C:\DOCUME~1\Sonia\APPLIC~1\AdobeUM
[23-06-2007|08:06] C:\DOCUME~1\Sonia\APPLIC~1\EoRezo
[16-07-2007|16:35] C:\DOCUME~1\Sonia\APPLIC~1\Google
[13-08-2007|09:30] C:\DOCUME~1\Sonia\APPLIC~1\HP
[12-06-2006|06:49] C:\DOCUME~1\Sonia\APPLIC~1\Identities
[14-06-2007|15:57] C:\DOCUME~1\Sonia\APPLIC~1\ispnews
[23-06-2007|07:59] C:\DOCUME~1\Sonia\APPLIC~1\ItsLabel
[12-06-2006|06:49] C:\DOCUME~1\Sonia\APPLIC~1\Macromedia
[25-10-2007|16:09] C:\DOCUME~1\Sonia\APPLIC~1\Microsoft
[02-07-2008|08:49] C:\DOCUME~1\Sonia\APPLIC~1\Mozilla
[13-08-2007|08:49] C:\DOCUME~1\Sonia\APPLIC~1\PC Suite
[09-04-2008|15:34] C:\DOCUME~1\Sonia\APPLIC~1\Real
[14-06-2007|15:46] C:\DOCUME~1\Sonia\APPLIC~1\Seven Zip
[25-10-2007|16:09] C:\DOCUME~1\Sonia\APPLIC~1\Sun
[02-10-2007|18:59] C:\DOCUME~1\Sonia\APPLIC~1\Talkback
[15-07-2008|15:40] C:\DOCUME~1\Sonia\APPLIC~1\Thunderbird
[14-05-2008|20:05] C:\DOCUME~1\Sonia\APPLIC~1\TOSHIBA
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[13-12-2008 18:22][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
[21-11-2008 12:34][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[13-12-2008 18:09][--a------] C:\WINDOWS\tasks\Paint.job
[31-07-2007 09:09][--a------] C:\WINDOWS\tasks\RegistrySmart Scheduled Scan.job
[05-08-2004 13:00][-rah-----] C:\WINDOWS\tasks\desktop.ini
[13-12-2008 12:50][--ah-----] C:\WINDOWS\tasks\SA.DAT
--------------------\\ Listing des dossiers dans C:\Program Files
[07-03-2008|21:32] C:\Program Files\A123 AVI MPEG WMV ASF MOV FLV to 3GP Converter
[04-08-2008|05:20] C:\Program Files\Adobe
[17-06-2007|15:39] C:\Program Files\AKVIS
[29-06-2007|15:09] C:\Program Files\Alwil Software
[08-10-2008|18:44] C:\Program Files\Apple Software Update
[30-09-2007|17:43] C:\Program Files\AtomixMP3
[02-06-2008|15:55] C:\Program Files\Audacity
[17-06-2007|11:16] C:\Program Files\cablecom
[23-06-2007|10:11] C:\Program Files\Cablecom Assistant
[15-11-2008|11:01] C:\Program Files\Capturino 1.4
[03-12-2008|12:23] C:\Program Files\Common Files
[24-05-2006|11:49] C:\Program Files\ComPlus Applications
[10-12-2008|12:28] C:\Program Files\ComptaOne
[12-06-2006|06:51] C:\Program Files\CONEXANT
[06-08-2007|06:56] C:\Program Files\Cybercorder
[14-09-2007|20:05] C:\Program Files\Dactylo
[12-07-2007|11:43] C:\Program Files\deo
[10-08-2007|18:38] C:\Program Files\DIFX
[30-09-2007|17:46] C:\Program Files\DivX
[01-06-2007|17:55] C:\Program Files\DV Series
[28-08-2007|16:28] C:\Program Files\eoRezo
[12-12-2008|13:22] C:\Program Files\ESET
[12-12-2008|14:03] C:\Program Files\Fichiers communs
[16-11-2008|13:31] C:\Program Files\Firebird
[10-06-2008|18:03] C:\Program Files\Free Audio Pack
[07-03-2008|21:44] C:\Program Files\Free FLV Converter
[14-07-2007|10:06] C:\Program Files\Free Offers from Freeze.com
[14-07-2007|10:07] C:\Program Files\Freeze.com
[22-04-2008|15:45] C:\Program Files\GE.SOFT
[10-05-2008|20:36] C:\Program Files\Geneatique2007
[28-05-2008|18:47] C:\Program Files\GMixon
[26-06-2008|10:57] C:\Program Files\GoodOk YouTube FLV to AVI 3GP MP4 WMV ASF Converter
[15-06-2008|10:12] C:\Program Files\Google
[26-05-2008|17:08] C:\Program Files\Hewlett-Packard
[29-11-2008|22:44] C:\Program Files\Hot Jingle Player
[10-06-2008|17:42] C:\Program Files\HotPotatoes6
[19-05-2008|19:17] C:\Program Files\HP
[28-11-2008|17:49] C:\Program Files\Icecast2 Win32
[04-08-2007|10:11] C:\Program Files\Illustrate
[05-12-2008|16:25] C:\Program Files\InstallShield Installation Information
[01-06-2007|18:28] C:\Program Files\InterActual
[16-10-2008|09:21] C:\Program Files\Internet Explorer
[08-10-2008|18:53] C:\Program Files\iPod
[08-10-2008|18:54] C:\Program Files\iTunes
[06-07-2007|16:58] C:\Program Files\Java
[30-04-2008|19:39] C:\Program Files\LG Electronics
[23-06-2007|11:20] C:\Program Files\Macrogaming
[12-12-2008|18:02] C:\Program Files\Malwarebytes' Anti-Malware
[10-05-2008|21:12] C:\Program Files\McDonaldsDragons
[05-12-2008|17:01] C:\Program Files\Media Bonza
[09-12-2008|16:11] C:\Program Files\Messenger
[14-06-2007|20:20] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[12-06-2006|06:51] C:\Program Files\microsoft frontpage
[29-11-2008|22:58] C:\Program Files\Microsoft Office
[05-12-2008|17:06] C:\Program Files\Microsoft SQL Server
[17-02-2007|17:18] C:\Program Files\Microsoft Visual Studio
[05-07-2007|06:49] C:\Program Files\Microsoft Works
[17-02-2007|17:17] C:\Program Files\Microsoft.NET
[30-12-2007|11:15] C:\Program Files\Mindscape
[23-06-2007|10:10] C:\Program Files\Motive
[12-06-2006|06:51] C:\Program Files\Movie Maker
[13-12-2008|20:05] C:\Program Files\Mozilla Firefox
[13-12-2008|13:45] C:\Program Files\Mozilla Thunderbird
[13-02-2007|19:54] C:\Program Files\MP3 Player Product Tools
[13-02-2007|19:56] C:\Program Files\MP3 Player Utilities
[14-06-2007|16:47] C:\Program Files\MP3 Remix
[07-06-2008|14:09] C:\Program Files\MSECache
[01-06-2007|17:15] C:\Program Files\MSN
[12-06-2006|06:51] C:\Program Files\MSN Gaming Zone
[14-06-2007|20:19] C:\Program Files\MSXML 4.0
[16-10-2008|11:27] C:\Program Files\My Easy Cartoucheur v2.0
[25-10-2007|16:33] C:\Program Files\NetMeeting
[15-08-2007|18:34] C:\Program Files\Nokia
[12-06-2006|06:51] C:\Program Files\Online Services
[17-06-2007|11:16] C:\Program Files\Outlook Express
[10-08-2007|18:38] C:\Program Files\PC Connectivity Solution
[04-07-2008|18:51] C:\Program Files\Personal Voice Changer Driver
[31-07-2007|09:07] C:\Program Files\Phototool
[08-10-2008|18:49] C:\Program Files\QuickTime
[20-01-2007|20:58] C:\Program Files\Raccourcis de programmes
[30-09-2007|11:03] C:\Program Files\Real
[11-07-2007|19:24] C:\Program Files\RM-X Player V4.2
[11-12-2008|13:06] C:\Program Files\SEEKMOREMETA
[01-03-2007|09:19] C:\Program Files\Services en ligne
[29-11-2008|22:49] C:\Program Files\SHOUTcast
[21-06-2007|16:21] C:\Program Files\SM
[07-03-2008|21:34] C:\Program Files\Smallvideosoft
[26-06-2008|10:51] C:\Program Files\Sony
[17-08-2007|15:09] C:\Program Files\Sony Ericsson
[20-04-2008|17:15] C:\Program Files\Sony Setup
[27-09-2008|21:59] C:\Program Files\SoWieSo (entraŒnement au vocabulaire)
[27-11-2008|18:06] C:\Program Files\SpacialAudio
[06-09-2007|16:33] C:\Program Files\Spybot - Search & Destroy
[31-07-2007|09:03] C:\Program Files\SpywareBlaster
[15-11-2008|13:08] C:\Program Files\StationPlaylist
[05-12-2008|16:18] C:\Program Files\Sunrise
[28-06-2007|15:59] C:\Program Files\Symantec
[09-11-2008|10:18] C:\Program Files\TomTom DesktopSuite
[26-05-2008|17:00] C:\Program Files\U.R.Celeb
[09-04-2007|17:31] C:\Program Files\Ulead Systems
[24-05-2006|11:49] C:\Program Files\Uninstall Information
[15-11-2008|11:03] C:\Program Files\VeriSign
[15-08-2007|18:31] C:\Program Files\VirtualDJ
[06-04-2008|11:53] C:\Program Files\Volumouse
[15-11-2008|10:52] C:\Program Files\Webcamfirst
[05-12-2008|16:22] C:\Program Files\Winamp
[28-11-2008|17:27] C:\Program Files\Winamp Toolbar
[29-11-2008|22:53] C:\Program Files\Windows Live
[29-11-2008|22:42] C:\Program Files\Windows Live Toolbar
[23-07-2007|18:41] C:\Program Files\Windows Media Connect 2
[23-07-2007|18:54] C:\Program Files\Windows Media Player
[12-06-2006|06:51] C:\Program Files\Windows NT
[24-05-2006|11:49] C:\Program Files\WindowsUpdate
[12-06-2006|06:51] C:\Program Files\xerox
[04-07-2007|18:40] C:\Program Files\Yahoo!
[14-07-2007|10:21] C:\Program Files\YourScreen
[06-07-2008|18:19] C:\Program Files\ZaraSoft
[30-11-2008|20:13] C:\Program Files\Zattoo
[06-07-2007|17:26] C:\Program Files\Zero G Registry
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[21-04-2008|13:35] C:\Program Files\Fichiers communs\Adobe
[05-12-2008|17:34] C:\Program Files\Fichiers communs\Apple
[24-05-2008|14:43] C:\Program Files\Fichiers communs\Borland Shared
[23-09-2007|15:40] C:\Program Files\Fichiers communs\C-CHANNEL
[17-02-2007|17:18] C:\Program Files\Fichiers communs\DESIGNER
[04-02-2007|18:00] C:\Program Files\Fichiers communs\Hewlett-Packard
[29-01-2007|16:46] C:\Program Files\Fichiers communs\InstallShield
[29-01-2007|17:50] C:\Program Files\Fichiers communs\InterVideo
[06-07-2007|16:57] C:\Program Files\Fichiers communs\Java
[06-09-2008|07:25] C:\Program Files\Fichiers communs\Microsoft Shared
[29-04-2007|16:33] C:\Program Files\Fichiers communs\Motive
[12-06-2006|06:51] C:\Program Files\Fichiers communs\MSSoap
[15-08-2007|18:34] C:\Program Files\Fichiers communs\Nokia
[12-06-2006|06:51] C:\Program Files\Fichiers communs\ODBC
[09-12-2008|16:00] C:\Program Files\Fichiers communs\Real
[12-06-2006|06:51] C:\Program Files\Fichiers communs\Services
[12-06-2006|06:51] C:\Program Files\Fichiers communs\SpeechEngines
[28-06-2007|15:59] C:\Program Files\Fichiers communs\Symantec Shared
[15-11-2008|11:02] C:\Program Files\Fichiers communs\System
[09-04-2007|17:31] C:\Program Files\Fichiers communs\Ulead Systems
[17-03-2008|18:01] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 38 Processes )
iexplore.exe ~ [PID:2644]
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web\Fork Wave.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web\multi rule.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web\STOP HTM.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web\Third Amen.exe
C:\DOCUME~1\Evan\Cookies\evan@adserver.advertstream[1].txt
C:\DOCUME~1\Evan\Cookies\evan@advertstream[2].txt
C:\DOCUME~1\Evan\Cookies\evan@d2.advertserve[1].txt
C:\DOCUME~1\Evan\Cookies\evan@www.adserver5[2].txt
C:\DOCUME~1\Evan\Cookies\evan@adultfriendfinder[1].txt
C:\DOCUME~1\Evan\Cookies\evan@advertising.marketnetwork[1].txt
C:\DOCUME~1\Evan\Cookies\evan@adex.bigpoint[1].txt
C:\DOCUME~1\Evan\Cookies\evan@adin.bigpoint[2].txt
C:\DOCUME~1\Evan\Cookies\evan@bigpoint[1].txt
C:\DOCUME~1\Evan\Cookies\evan@fr1.seafight.bigpoint[1].txt
C:\DOCUME~1\Evan\Cookies\evan@adopt.euroclick[2].txt
C:\DOCUME~1\Evan\Cookies\evan@pacificpoker[1].txt
C:\DOCUME~1\Evan\Cookies\evan@partypoker[1].txt
C:\DOCUME~1\Evan\Cookies\evan@fr1.seafight.bigpoint[1].txt
C:\DOCUME~1\Evan\Cookies\evan@888[1].txt
C:\DOCUME~1\Evan\Cookies\evan@888[3].txt
--------------------\\ Verification du Registre
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"axis web cake second"="C:\\Documents and Settings\\All Users\\Application Data\\Book Slow Axis Web\\Fork Wave.exe"
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 21:01:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
--------------------\\ ROOTKIT !!
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys]
[F:17][D:9]-> C:\DOCUME~1\Evan\LOCALS~1\Temp
[F:1812][D:0]-> C:\DOCUME~1\Evan\Cookies
[F:169][D:4]-> C:\DOCUME~1\Evan\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 13-12-2008|21:03 - Option : [1]
--------------------\\ Fin du rapport a 21:03:30
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : AMD Sempron(tm) Processor 3000+ )
BIOS : BIOS Date: 05/05/06 16:12:58 Ver: 08.00.12
USER : Evan ( Administrator )
BOOT : Normal boot
Firewall : Norton Internet Worm Protection 2006 (Not Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:56 Go)
D:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 13-12-2008|21:00 )
--------------------\\ Listing des dossiers dans APPLIC~1
[08-10-2008|18:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[25-09-2007|16:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\4D
[21-04-2008|13:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[12-07-2007|12:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[12-07-2007|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[27-11-2008|18:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web
[07-05-2007|15:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\cablecom
[15-11-2008|10:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[10-10-2007|16:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[11-05-2008|08:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[04-02-2007|18:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[10-08-2007|18:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
[12-12-2008|18:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[31-07-2007|09:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[17-03-2008|18:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[29-04-2007|16:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[17-06-2007|12:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MotiveSysIDs
[10-09-2007|15:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Mozilla
[05-02-2007|17:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir
[21-07-2008|07:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MySQL
[19-11-2008|18:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
[30-07-2007|06:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
[10-08-2007|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[29-01-2007|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[15-11-2008|13:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\RapidSolution
[12-06-2006|06:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[21-07-2008|08:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[06-09-2007|16:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[28-09-2008|14:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
[03-12-2008|17:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SupportSoft
[28-06-2007|15:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[16-11-2008|13:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[04-08-2008|11:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
[09-04-2007|17:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[11-10-2008|10:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Winamp Toolbar
[17-05-2007|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[17-05-2007|18:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[17-03-2008|17:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[07-09-2007|11:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Xenocode
[12-03-2008|11:18] C:\DOCUME~1\Amadou\APPLIC~1\Adobe
[12-03-2008|10:56] C:\DOCUME~1\Amadou\APPLIC~1\Google
[07-02-2007|16:30] C:\DOCUME~1\Amadou\APPLIC~1\HP
[12-06-2006|06:49] C:\DOCUME~1\Amadou\APPLIC~1\Identities
[12-06-2006|06:49] C:\DOCUME~1\Amadou\APPLIC~1\Macromedia
[12-03-2008|10:56] C:\DOCUME~1\Amadou\APPLIC~1\Microsoft
[29-06-2008|09:07] C:\DOCUME~1\Amadou\APPLIC~1\Mozilla
[17-03-2008|21:00] C:\DOCUME~1\Amadou\APPLIC~1\Real
[12-03-2008|10:53] C:\DOCUME~1\Amadou\APPLIC~1\Sun
[12-03-2008|10:51] C:\DOCUME~1\Amadou\APPLIC~1\Talkback
[05-06-2008|17:41] C:\DOCUME~1\Amadou\APPLIC~1\TOSHIBA
[09-09-2008|16:48] C:\DOCUME~1\BBD540~1\APPLIC~1\Adobe
[11-09-2007|19:01] C:\DOCUME~1\BBD540~1\APPLIC~1\Google
[04-02-2007|18:33] C:\DOCUME~1\BBD540~1\APPLIC~1\HP
[12-06-2006|06:49] C:\DOCUME~1\BBD540~1\APPLIC~1\Identities
[22-05-2007|19:26] C:\DOCUME~1\BBD540~1\APPLIC~1\InterVideo
[23-06-2007|09:54] C:\DOCUME~1\BBD540~1\APPLIC~1\ItsLabel
[12-06-2006|06:49] C:\DOCUME~1\BBD540~1\APPLIC~1\Macromedia
[23-06-2007|09:57] C:\DOCUME~1\BBD540~1\APPLIC~1\Microsoft
[09-09-2008|16:47] C:\DOCUME~1\BBD540~1\APPLIC~1\Mozilla
[01-06-2007|17:15] C:\DOCUME~1\BBD540~1\APPLIC~1\MSNInstaller
[08-03-2008|08:43] C:\DOCUME~1\BBD540~1\APPLIC~1\Real
[01-06-2007|17:14] C:\DOCUME~1\BBD540~1\APPLIC~1\Seven Zip
[26-10-2007|11:59] C:\DOCUME~1\BBD540~1\APPLIC~1\Talkback
[11-05-2008|17:05] C:\DOCUME~1\Darrell\APPLIC~1\Adobe
[24-02-2007|20:10] C:\DOCUME~1\Darrell\APPLIC~1\AdobeUM
[14-07-2007|09:11] C:\DOCUME~1\Darrell\APPLIC~1\Apple Computer
[28-08-2007|06:45] C:\DOCUME~1\Darrell\APPLIC~1\EoRezo
[10-07-2007|19:46] C:\DOCUME~1\Darrell\APPLIC~1\Google
[08-02-2007|19:39] C:\DOCUME~1\Darrell\APPLIC~1\HP
[12-06-2006|06:49] C:\DOCUME~1\Darrell\APPLIC~1\Identities
[29-01-2007|18:14] C:\DOCUME~1\Darrell\APPLIC~1\InterVideo
[23-06-2007|08:51] C:\DOCUME~1\Darrell\APPLIC~1\ItsLabel
[12-06-2006|06:49] C:\DOCUME~1\Darrell\APPLIC~1\Macromedia
[17-06-2007|17:45] C:\DOCUME~1\Darrell\APPLIC~1\Microsoft
[21-09-2008|19:40] C:\DOCUME~1\Darrell\APPLIC~1\Mozilla
[11-08-2007|18:16] C:\DOCUME~1\Darrell\APPLIC~1\PC Suite
[15-11-2008|14:36] C:\DOCUME~1\Darrell\APPLIC~1\Real
[10-07-2007|20:07] C:\DOCUME~1\Darrell\APPLIC~1\Sun
[07-10-2007|19:16] C:\DOCUME~1\Darrell\APPLIC~1\Talkback
[11-05-2008|17:03] C:\DOCUME~1\Darrell\APPLIC~1\TOSHIBA
[12-06-2006|06:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[12-06-2006|06:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[12-06-2006|06:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[20-04-2008|12:57] C:\DOCUME~1\Evan\APPLIC~1\Adobe
[14-06-2007|15:12] C:\DOCUME~1\Evan\APPLIC~1\AdobeAUM
[08-07-2007|07:57] C:\DOCUME~1\Evan\APPLIC~1\AdobeUM
[17-07-2007|15:21] C:\DOCUME~1\Evan\APPLIC~1\Apple Computer
[28-04-2008|20:26] C:\DOCUME~1\Evan\APPLIC~1\Audacity
[28-08-2007|16:28] C:\DOCUME~1\Evan\APPLIC~1\EoRezo
[14-06-2007|19:43] C:\DOCUME~1\Evan\APPLIC~1\F-Secure
[12-07-2008|18:49] C:\DOCUME~1\Evan\APPLIC~1\GetRightToGo
[01-07-2007|15:20] C:\DOCUME~1\Evan\APPLIC~1\Google
[06-07-2007|18:42] C:\DOCUME~1\Evan\APPLIC~1\gtk-2.0
[03-03-2007|18:13] C:\DOCUME~1\Evan\APPLIC~1\Help
[13-02-2007|19:23] C:\DOCUME~1\Evan\APPLIC~1\HP
[03-10-2007|19:41] C:\DOCUME~1\Evan\APPLIC~1\Identities
[20-08-2007|12:29] C:\DOCUME~1\Evan\APPLIC~1\Image Zone Express
[01-02-2007|08:40] C:\DOCUME~1\Evan\APPLIC~1\InterTrust
[06-07-2007|17:33] C:\DOCUME~1\Evan\APPLIC~1\InterVideo
[14-06-2007|16:44] C:\DOCUME~1\Evan\APPLIC~1\ispnews
[22-06-2007|14:31] C:\DOCUME~1\Evan\APPLIC~1\ItsLabel
[25-04-2007|17:32] C:\DOCUME~1\Evan\APPLIC~1\Leadertech
[30-04-2008|19:41] C:\DOCUME~1\Evan\APPLIC~1\LG Electronics
[20-04-2008|12:57] C:\DOCUME~1\Evan\APPLIC~1\Macromedia
[12-12-2008|18:02] C:\DOCUME~1\Evan\APPLIC~1\Malwarebytes
[07-06-2008|14:13] C:\DOCUME~1\Evan\APPLIC~1\Microsoft
[17-05-2007|18:56] C:\DOCUME~1\Evan\APPLIC~1\Motive
[10-09-2007|15:57] C:\DOCUME~1\Evan\APPLIC~1\Mozilla
[14-04-2008|20:36] C:\DOCUME~1\Evan\APPLIC~1\MP-Manager
[27-11-2008|18:05] C:\DOCUME~1\Evan\APPLIC~1\NCH Swift Sound
[20-04-2008|17:22] C:\DOCUME~1\Evan\APPLIC~1\NetMedia Providers
[10-08-2007|18:48] C:\DOCUME~1\Evan\APPLIC~1\Nokia
[18-03-2008|11:52] C:\DOCUME~1\Evan\APPLIC~1\Oniton
[10-08-2007|18:45] C:\DOCUME~1\Evan\APPLIC~1\PC Suite
[20-08-2007|12:27] C:\DOCUME~1\Evan\APPLIC~1\Preclick
[20-04-2008|17:22] C:\DOCUME~1\Evan\APPLIC~1\Publish Providers
[09-12-2008|16:00] C:\DOCUME~1\Evan\APPLIC~1\Real
[07-05-2007|15:03] C:\DOCUME~1\Evan\APPLIC~1\Seven Zip
[21-07-2008|07:00] C:\DOCUME~1\Evan\APPLIC~1\skypePM
[20-04-2008|17:22] C:\DOCUME~1\Evan\APPLIC~1\Sony
[06-07-2007|16:59] C:\DOCUME~1\Evan\APPLIC~1\Sun
[10-09-2007|15:57] C:\DOCUME~1\Evan\APPLIC~1\Talkback
[18-03-2008|19:42] C:\DOCUME~1\Evan\APPLIC~1\Thunderbird
[04-08-2008|11:30] C:\DOCUME~1\Evan\APPLIC~1\TomTom
[06-05-2008|17:05] C:\DOCUME~1\Evan\APPLIC~1\TOSHIBA
[09-04-2007|17:34] C:\DOCUME~1\Evan\APPLIC~1\Ulead Systems
[29-01-2007|16:11] C:\DOCUME~1\Evan\APPLIC~1\Yahoo! Messenger
[14-07-2007|10:11] C:\DOCUME~1\Evan\APPLIC~1\YourScreen
[19-05-2008|15:46] C:\DOCUME~1\INVIT~1\APPLIC~1\Adobe
[19-09-2007|13:53] C:\DOCUME~1\INVIT~1\APPLIC~1\Apple Computer
[09-07-2007|16:57] C:\DOCUME~1\INVIT~1\APPLIC~1\Google
[16-02-2007|20:33] C:\DOCUME~1\INVIT~1\APPLIC~1\HP
[12-06-2006|06:49] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities
[12-06-2006|06:49] C:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia
[21-09-2007|17:57] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft
[07-08-2008|16:50] C:\DOCUME~1\INVIT~1\APPLIC~1\Mozilla
[07-10-2007|21:24] C:\DOCUME~1\INVIT~1\APPLIC~1\Real
[20-09-2007|16:13] C:\DOCUME~1\INVIT~1\APPLIC~1\Sun
[30-09-2007|17:35] C:\DOCUME~1\INVIT~1\APPLIC~1\Talkback
[19-05-2008|15:27] C:\DOCUME~1\INVIT~1\APPLIC~1\TOSHIBA
[17-07-2007|13:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[20-09-2008|19:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla
[12-06-2006|06:49] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[05-05-2008|19:17] C:\DOCUME~1\Sonia\APPLIC~1\Adobe
[28-10-2007|17:02] C:\DOCUME~1\Sonia\APPLIC~1\AdobeUM
[23-06-2007|08:06] C:\DOCUME~1\Sonia\APPLIC~1\EoRezo
[16-07-2007|16:35] C:\DOCUME~1\Sonia\APPLIC~1\Google
[13-08-2007|09:30] C:\DOCUME~1\Sonia\APPLIC~1\HP
[12-06-2006|06:49] C:\DOCUME~1\Sonia\APPLIC~1\Identities
[14-06-2007|15:57] C:\DOCUME~1\Sonia\APPLIC~1\ispnews
[23-06-2007|07:59] C:\DOCUME~1\Sonia\APPLIC~1\ItsLabel
[12-06-2006|06:49] C:\DOCUME~1\Sonia\APPLIC~1\Macromedia
[25-10-2007|16:09] C:\DOCUME~1\Sonia\APPLIC~1\Microsoft
[02-07-2008|08:49] C:\DOCUME~1\Sonia\APPLIC~1\Mozilla
[13-08-2007|08:49] C:\DOCUME~1\Sonia\APPLIC~1\PC Suite
[09-04-2008|15:34] C:\DOCUME~1\Sonia\APPLIC~1\Real
[14-06-2007|15:46] C:\DOCUME~1\Sonia\APPLIC~1\Seven Zip
[25-10-2007|16:09] C:\DOCUME~1\Sonia\APPLIC~1\Sun
[02-10-2007|18:59] C:\DOCUME~1\Sonia\APPLIC~1\Talkback
[15-07-2008|15:40] C:\DOCUME~1\Sonia\APPLIC~1\Thunderbird
[14-05-2008|20:05] C:\DOCUME~1\Sonia\APPLIC~1\TOSHIBA
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[13-12-2008 18:22][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
[21-11-2008 12:34][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[13-12-2008 18:09][--a------] C:\WINDOWS\tasks\Paint.job
[31-07-2007 09:09][--a------] C:\WINDOWS\tasks\RegistrySmart Scheduled Scan.job
[05-08-2004 13:00][-rah-----] C:\WINDOWS\tasks\desktop.ini
[13-12-2008 12:50][--ah-----] C:\WINDOWS\tasks\SA.DAT
--------------------\\ Listing des dossiers dans C:\Program Files
[07-03-2008|21:32] C:\Program Files\A123 AVI MPEG WMV ASF MOV FLV to 3GP Converter
[04-08-2008|05:20] C:\Program Files\Adobe
[17-06-2007|15:39] C:\Program Files\AKVIS
[29-06-2007|15:09] C:\Program Files\Alwil Software
[08-10-2008|18:44] C:\Program Files\Apple Software Update
[30-09-2007|17:43] C:\Program Files\AtomixMP3
[02-06-2008|15:55] C:\Program Files\Audacity
[17-06-2007|11:16] C:\Program Files\cablecom
[23-06-2007|10:11] C:\Program Files\Cablecom Assistant
[15-11-2008|11:01] C:\Program Files\Capturino 1.4
[03-12-2008|12:23] C:\Program Files\Common Files
[24-05-2006|11:49] C:\Program Files\ComPlus Applications
[10-12-2008|12:28] C:\Program Files\ComptaOne
[12-06-2006|06:51] C:\Program Files\CONEXANT
[06-08-2007|06:56] C:\Program Files\Cybercorder
[14-09-2007|20:05] C:\Program Files\Dactylo
[12-07-2007|11:43] C:\Program Files\deo
[10-08-2007|18:38] C:\Program Files\DIFX
[30-09-2007|17:46] C:\Program Files\DivX
[01-06-2007|17:55] C:\Program Files\DV Series
[28-08-2007|16:28] C:\Program Files\eoRezo
[12-12-2008|13:22] C:\Program Files\ESET
[12-12-2008|14:03] C:\Program Files\Fichiers communs
[16-11-2008|13:31] C:\Program Files\Firebird
[10-06-2008|18:03] C:\Program Files\Free Audio Pack
[07-03-2008|21:44] C:\Program Files\Free FLV Converter
[14-07-2007|10:06] C:\Program Files\Free Offers from Freeze.com
[14-07-2007|10:07] C:\Program Files\Freeze.com
[22-04-2008|15:45] C:\Program Files\GE.SOFT
[10-05-2008|20:36] C:\Program Files\Geneatique2007
[28-05-2008|18:47] C:\Program Files\GMixon
[26-06-2008|10:57] C:\Program Files\GoodOk YouTube FLV to AVI 3GP MP4 WMV ASF Converter
[15-06-2008|10:12] C:\Program Files\Google
[26-05-2008|17:08] C:\Program Files\Hewlett-Packard
[29-11-2008|22:44] C:\Program Files\Hot Jingle Player
[10-06-2008|17:42] C:\Program Files\HotPotatoes6
[19-05-2008|19:17] C:\Program Files\HP
[28-11-2008|17:49] C:\Program Files\Icecast2 Win32
[04-08-2007|10:11] C:\Program Files\Illustrate
[05-12-2008|16:25] C:\Program Files\InstallShield Installation Information
[01-06-2007|18:28] C:\Program Files\InterActual
[16-10-2008|09:21] C:\Program Files\Internet Explorer
[08-10-2008|18:53] C:\Program Files\iPod
[08-10-2008|18:54] C:\Program Files\iTunes
[06-07-2007|16:58] C:\Program Files\Java
[30-04-2008|19:39] C:\Program Files\LG Electronics
[23-06-2007|11:20] C:\Program Files\Macrogaming
[12-12-2008|18:02] C:\Program Files\Malwarebytes' Anti-Malware
[10-05-2008|21:12] C:\Program Files\McDonaldsDragons
[05-12-2008|17:01] C:\Program Files\Media Bonza
[09-12-2008|16:11] C:\Program Files\Messenger
[14-06-2007|20:20] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[12-06-2006|06:51] C:\Program Files\microsoft frontpage
[29-11-2008|22:58] C:\Program Files\Microsoft Office
[05-12-2008|17:06] C:\Program Files\Microsoft SQL Server
[17-02-2007|17:18] C:\Program Files\Microsoft Visual Studio
[05-07-2007|06:49] C:\Program Files\Microsoft Works
[17-02-2007|17:17] C:\Program Files\Microsoft.NET
[30-12-2007|11:15] C:\Program Files\Mindscape
[23-06-2007|10:10] C:\Program Files\Motive
[12-06-2006|06:51] C:\Program Files\Movie Maker
[13-12-2008|20:05] C:\Program Files\Mozilla Firefox
[13-12-2008|13:45] C:\Program Files\Mozilla Thunderbird
[13-02-2007|19:54] C:\Program Files\MP3 Player Product Tools
[13-02-2007|19:56] C:\Program Files\MP3 Player Utilities
[14-06-2007|16:47] C:\Program Files\MP3 Remix
[07-06-2008|14:09] C:\Program Files\MSECache
[01-06-2007|17:15] C:\Program Files\MSN
[12-06-2006|06:51] C:\Program Files\MSN Gaming Zone
[14-06-2007|20:19] C:\Program Files\MSXML 4.0
[16-10-2008|11:27] C:\Program Files\My Easy Cartoucheur v2.0
[25-10-2007|16:33] C:\Program Files\NetMeeting
[15-08-2007|18:34] C:\Program Files\Nokia
[12-06-2006|06:51] C:\Program Files\Online Services
[17-06-2007|11:16] C:\Program Files\Outlook Express
[10-08-2007|18:38] C:\Program Files\PC Connectivity Solution
[04-07-2008|18:51] C:\Program Files\Personal Voice Changer Driver
[31-07-2007|09:07] C:\Program Files\Phototool
[08-10-2008|18:49] C:\Program Files\QuickTime
[20-01-2007|20:58] C:\Program Files\Raccourcis de programmes
[30-09-2007|11:03] C:\Program Files\Real
[11-07-2007|19:24] C:\Program Files\RM-X Player V4.2
[11-12-2008|13:06] C:\Program Files\SEEKMOREMETA
[01-03-2007|09:19] C:\Program Files\Services en ligne
[29-11-2008|22:49] C:\Program Files\SHOUTcast
[21-06-2007|16:21] C:\Program Files\SM
[07-03-2008|21:34] C:\Program Files\Smallvideosoft
[26-06-2008|10:51] C:\Program Files\Sony
[17-08-2007|15:09] C:\Program Files\Sony Ericsson
[20-04-2008|17:15] C:\Program Files\Sony Setup
[27-09-2008|21:59] C:\Program Files\SoWieSo (entraŒnement au vocabulaire)
[27-11-2008|18:06] C:\Program Files\SpacialAudio
[06-09-2007|16:33] C:\Program Files\Spybot - Search & Destroy
[31-07-2007|09:03] C:\Program Files\SpywareBlaster
[15-11-2008|13:08] C:\Program Files\StationPlaylist
[05-12-2008|16:18] C:\Program Files\Sunrise
[28-06-2007|15:59] C:\Program Files\Symantec
[09-11-2008|10:18] C:\Program Files\TomTom DesktopSuite
[26-05-2008|17:00] C:\Program Files\U.R.Celeb
[09-04-2007|17:31] C:\Program Files\Ulead Systems
[24-05-2006|11:49] C:\Program Files\Uninstall Information
[15-11-2008|11:03] C:\Program Files\VeriSign
[15-08-2007|18:31] C:\Program Files\VirtualDJ
[06-04-2008|11:53] C:\Program Files\Volumouse
[15-11-2008|10:52] C:\Program Files\Webcamfirst
[05-12-2008|16:22] C:\Program Files\Winamp
[28-11-2008|17:27] C:\Program Files\Winamp Toolbar
[29-11-2008|22:53] C:\Program Files\Windows Live
[29-11-2008|22:42] C:\Program Files\Windows Live Toolbar
[23-07-2007|18:41] C:\Program Files\Windows Media Connect 2
[23-07-2007|18:54] C:\Program Files\Windows Media Player
[12-06-2006|06:51] C:\Program Files\Windows NT
[24-05-2006|11:49] C:\Program Files\WindowsUpdate
[12-06-2006|06:51] C:\Program Files\xerox
[04-07-2007|18:40] C:\Program Files\Yahoo!
[14-07-2007|10:21] C:\Program Files\YourScreen
[06-07-2008|18:19] C:\Program Files\ZaraSoft
[30-11-2008|20:13] C:\Program Files\Zattoo
[06-07-2007|17:26] C:\Program Files\Zero G Registry
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[21-04-2008|13:35] C:\Program Files\Fichiers communs\Adobe
[05-12-2008|17:34] C:\Program Files\Fichiers communs\Apple
[24-05-2008|14:43] C:\Program Files\Fichiers communs\Borland Shared
[23-09-2007|15:40] C:\Program Files\Fichiers communs\C-CHANNEL
[17-02-2007|17:18] C:\Program Files\Fichiers communs\DESIGNER
[04-02-2007|18:00] C:\Program Files\Fichiers communs\Hewlett-Packard
[29-01-2007|16:46] C:\Program Files\Fichiers communs\InstallShield
[29-01-2007|17:50] C:\Program Files\Fichiers communs\InterVideo
[06-07-2007|16:57] C:\Program Files\Fichiers communs\Java
[06-09-2008|07:25] C:\Program Files\Fichiers communs\Microsoft Shared
[29-04-2007|16:33] C:\Program Files\Fichiers communs\Motive
[12-06-2006|06:51] C:\Program Files\Fichiers communs\MSSoap
[15-08-2007|18:34] C:\Program Files\Fichiers communs\Nokia
[12-06-2006|06:51] C:\Program Files\Fichiers communs\ODBC
[09-12-2008|16:00] C:\Program Files\Fichiers communs\Real
[12-06-2006|06:51] C:\Program Files\Fichiers communs\Services
[12-06-2006|06:51] C:\Program Files\Fichiers communs\SpeechEngines
[28-06-2007|15:59] C:\Program Files\Fichiers communs\Symantec Shared
[15-11-2008|11:02] C:\Program Files\Fichiers communs\System
[09-04-2007|17:31] C:\Program Files\Fichiers communs\Ulead Systems
[17-03-2008|18:01] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 38 Processes )
iexplore.exe ~ [PID:2644]
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web\Fork Wave.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web\multi rule.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web\STOP HTM.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web\Third Amen.exe
C:\DOCUME~1\Evan\Cookies\evan@adserver.advertstream[1].txt
C:\DOCUME~1\Evan\Cookies\evan@advertstream[2].txt
C:\DOCUME~1\Evan\Cookies\evan@d2.advertserve[1].txt
C:\DOCUME~1\Evan\Cookies\evan@www.adserver5[2].txt
C:\DOCUME~1\Evan\Cookies\evan@adultfriendfinder[1].txt
C:\DOCUME~1\Evan\Cookies\evan@advertising.marketnetwork[1].txt
C:\DOCUME~1\Evan\Cookies\evan@adex.bigpoint[1].txt
C:\DOCUME~1\Evan\Cookies\evan@adin.bigpoint[2].txt
C:\DOCUME~1\Evan\Cookies\evan@bigpoint[1].txt
C:\DOCUME~1\Evan\Cookies\evan@fr1.seafight.bigpoint[1].txt
C:\DOCUME~1\Evan\Cookies\evan@adopt.euroclick[2].txt
C:\DOCUME~1\Evan\Cookies\evan@pacificpoker[1].txt
C:\DOCUME~1\Evan\Cookies\evan@partypoker[1].txt
C:\DOCUME~1\Evan\Cookies\evan@fr1.seafight.bigpoint[1].txt
C:\DOCUME~1\Evan\Cookies\evan@888[1].txt
C:\DOCUME~1\Evan\Cookies\evan@888[3].txt
--------------------\\ Verification du Registre
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"axis web cake second"="C:\\Documents and Settings\\All Users\\Application Data\\Book Slow Axis Web\\Fork Wave.exe"
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 21:01:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
--------------------\\ ROOTKIT !!
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys]
[F:17][D:9]-> C:\DOCUME~1\Evan\LOCALS~1\Temp
[F:1812][D:0]-> C:\DOCUME~1\Evan\Cookies
[F:169][D:4]-> C:\DOCUME~1\Evan\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 13-12-2008|21:03 - Option : [1]
--------------------\\ Fin du rapport a 21:03:30
naheulbeuk
le 14 décembre 2008 à 00h14
re,
Relance Lop S&D
Choisis cette fois ci l'Option 2 ( Suppression )
Ne ferme pas la fenêtre lors de la suppression !
Poste le rapport généré ( C:\lopR.txt )
(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
Relance Lop S&D
(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
vanvg
le 14 décembre 2008 à 12h56
Voilà!!!
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : AMD Sempron(tm) Processor 3000+ )
BIOS : BIOS Date: 05/05/06 16:12:58 Ver: 08.00.12
USER : Evan ( Administrator )
BOOT : Normal boot
Firewall : Norton Internet Worm Protection 2006 (Not Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:56 Go)
D:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 14-12-2008|12:51 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web\Fork Wave.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web\multi rule.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web\STOP HTM.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web\Third Amen.exe
Supprime! - C:\DOCUME~1\Evan\Cookies\evan@adserver.advertstream[1].txt
Supprime! - C:\DOCUME~1\Evan\Cookies\evan@advertstream[2].txt
Supprime! - C:\DOCUME~1\Evan\Cookies\evan@d2.advertserve[1].txt
Supprime! - C:\DOCUME~1\Evan\Cookies\evan@www.adserver5[2].txt
Supprime! - C:\DOCUME~1\Evan\Cookies\evan@adultfriendfinder[1].txt
Supprime! - C:\DOCUME~1\Evan\Cookies\evan@advertising.marketnetwork[1].txt
Supprime! - C:\DOCUME~1\Evan\Cookies\evan@adex.bigpoint[1].txt
Supprime! - C:\DOCUME~1\Evan\Cookies\evan@adin.bigpoint[2].txt
Supprime! - C:\DOCUME~1\Evan\Cookies\evan@bigpoint[1].txt
Supprime! - C:\DOCUME~1\Evan\Cookies\evan@fr1.seafight.bigpoint[1].txt
Supprime! - C:\DOCUME~1\Evan\Cookies\evan@adopt.euroclick[2].txt
Supprime! - C:\DOCUME~1\Evan\Cookies\evan@pacificpoker[1].txt
Supprime! - C:\DOCUME~1\Evan\Cookies\evan@partypoker[1].txt
Supprime! - C:\DOCUME~1\Evan\Cookies\evan@888[1].txt
Supprime! - C:\DOCUME~1\Evan\Cookies\evan@888[3].txt
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans APPLIC~1
[08-10-2008|18:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[25-09-2007|16:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\4D
[21-04-2008|13:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[12-07-2007|12:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[12-07-2007|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[07-05-2007|15:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\cablecom
[15-11-2008|10:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[10-10-2007|16:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[11-05-2008|08:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[04-02-2007|18:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[10-08-2007|18:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
[12-12-2008|18:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[31-07-2007|09:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[17-03-2008|18:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[29-04-2007|16:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[17-06-2007|12:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MotiveSysIDs
[10-09-2007|15:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Mozilla
[05-02-2007|17:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir
[21-07-2008|07:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MySQL
[19-11-2008|18:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
[30-07-2007|06:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
[10-08-2007|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[29-01-2007|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[15-11-2008|13:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\RapidSolution
[12-06-2006|06:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[21-07-2008|08:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[06-09-2007|16:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[28-09-2008|14:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
[03-12-2008|17:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SupportSoft
[28-06-2007|15:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[16-11-2008|13:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[04-08-2008|11:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
[09-04-2007|17:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[11-10-2008|10:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Winamp Toolbar
[17-05-2007|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[17-05-2007|18:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[17-03-2008|17:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[07-09-2007|11:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Xenocode
[12-03-2008|11:18] C:\DOCUME~1\Amadou\APPLIC~1\Adobe
[12-03-2008|10:56] C:\DOCUME~1\Amadou\APPLIC~1\Google
[07-02-2007|16:30] C:\DOCUME~1\Amadou\APPLIC~1\HP
[12-06-2006|06:49] C:\DOCUME~1\Amadou\APPLIC~1\Identities
[12-06-2006|06:49] C:\DOCUME~1\Amadou\APPLIC~1\Macromedia
[12-03-2008|10:56] C:\DOCUME~1\Amadou\APPLIC~1\Microsoft
[29-06-2008|09:07] C:\DOCUME~1\Amadou\APPLIC~1\Mozilla
[17-03-2008|21:00] C:\DOCUME~1\Amadou\APPLIC~1\Real
[12-03-2008|10:53] C:\DOCUME~1\Amadou\APPLIC~1\Sun
[12-03-2008|10:51] C:\DOCUME~1\Amadou\APPLIC~1\Talkback
[05-06-2008|17:41] C:\DOCUME~1\Amadou\APPLIC~1\TOSHIBA
[09-09-2008|16:48] C:\DOCUME~1\BBD540~1\APPLIC~1\Adobe
[11-09-2007|19:01] C:\DOCUME~1\BBD540~1\APPLIC~1\Google
[04-02-2007|18:33] C:\DOCUME~1\BBD540~1\APPLIC~1\HP
[12-06-2006|06:49] C:\DOCUME~1\BBD540~1\APPLIC~1\Identities
[22-05-2007|19:26] C:\DOCUME~1\BBD540~1\APPLIC~1\InterVideo
[23-06-2007|09:54] C:\DOCUME~1\BBD540~1\APPLIC~1\ItsLabel
[12-06-2006|06:49] C:\DOCUME~1\BBD540~1\APPLIC~1\Macromedia
[23-06-2007|09:57] C:\DOCUME~1\BBD540~1\APPLIC~1\Microsoft
[09-09-2008|16:47] C:\DOCUME~1\BBD540~1\APPLIC~1\Mozilla
[01-06-2007|17:15] C:\DOCUME~1\BBD540~1\APPLIC~1\MSNInstaller
[08-03-2008|08:43] C:\DOCUME~1\BBD540~1\APPLIC~1\Real
[01-06-2007|17:14] C:\DOCUME~1\BBD540~1\APPLIC~1\Seven Zip
[26-10-2007|11:59] C:\DOCUME~1\BBD540~1\APPLIC~1\Talkback
[11-05-2008|17:05] C:\DOCUME~1\Darrell\APPLIC~1\Adobe
[24-02-2007|20:10] C:\DOCUME~1\Darrell\APPLIC~1\AdobeUM
[14-07-2007|09:11] C:\DOCUME~1\Darrell\APPLIC~1\Apple Computer
[28-08-2007|06:45] C:\DOCUME~1\Darrell\APPLIC~1\EoRezo
[10-07-2007|19:46] C:\DOCUME~1\Darrell\APPLIC~1\Google
[08-02-2007|19:39] C:\DOCUME~1\Darrell\APPLIC~1\HP
[12-06-2006|06:49] C:\DOCUME~1\Darrell\APPLIC~1\Identities
[29-01-2007|18:14] C:\DOCUME~1\Darrell\APPLIC~1\InterVideo
[23-06-2007|08:51] C:\DOCUME~1\Darrell\APPLIC~1\ItsLabel
[12-06-2006|06:49] C:\DOCUME~1\Darrell\APPLIC~1\Macromedia
[17-06-2007|17:45] C:\DOCUME~1\Darrell\APPLIC~1\Microsoft
[21-09-2008|19:40] C:\DOCUME~1\Darrell\APPLIC~1\Mozilla
[11-08-2007|18:16] C:\DOCUME~1\Darrell\APPLIC~1\PC Suite
[15-11-2008|14:36] C:\DOCUME~1\Darrell\APPLIC~1\Real
[10-07-2007|20:07] C:\DOCUME~1\Darrell\APPLIC~1\Sun
[07-10-2007|19:16] C:\DOCUME~1\Darrell\APPLIC~1\Talkback
[11-05-2008|17:03] C:\DOCUME~1\Darrell\APPLIC~1\TOSHIBA
[12-06-2006|06:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[12-06-2006|06:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[12-06-2006|06:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[20-04-2008|12:57] C:\DOCUME~1\Evan\APPLIC~1\Adobe
[14-06-2007|15:12] C:\DOCUME~1\Evan\APPLIC~1\AdobeAUM
[08-07-2007|07:57] C:\DOCUME~1\Evan\APPLIC~1\AdobeUM
[17-07-2007|15:21] C:\DOCUME~1\Evan\APPLIC~1\Apple Computer
[28-04-2008|20:26] C:\DOCUME~1\Evan\APPLIC~1\Audacity
[28-08-2007|16:28] C:\DOCUME~1\Evan\APPLIC~1\EoRezo
[14-06-2007|19:43] C:\DOCUME~1\Evan\APPLIC~1\F-Secure
[12-07-2008|18:49] C:\DOCUME~1\Evan\APPLIC~1\GetRightToGo
[01-07-2007|15:20] C:\DOCUME~1\Evan\APPLIC~1\Google
[06-07-2007|18:42] C:\DOCUME~1\Evan\APPLIC~1\gtk-2.0
[03-03-2007|18:13] C:\DOCUME~1\Evan\APPLIC~1\Help
[13-02-2007|19:23] C:\DOCUME~1\Evan\APPLIC~1\HP
[03-10-2007|19:41] C:\DOCUME~1\Evan\APPLIC~1\Identities
[20-08-2007|12:29] C:\DOCUME~1\Evan\APPLIC~1\Image Zone Express
[01-02-2007|08:40] C:\DOCUME~1\Evan\APPLIC~1\InterTrust
[06-07-2007|17:33] C:\DOCUME~1\Evan\APPLIC~1\InterVideo
[14-06-2007|16:44] C:\DOCUME~1\Evan\APPLIC~1\ispnews
[22-06-2007|14:31] C:\DOCUME~1\Evan\APPLIC~1\ItsLabel
[25-04-2007|17:32] C:\DOCUME~1\Evan\APPLIC~1\Leadertech
[30-04-2008|19:41] C:\DOCUME~1\Evan\APPLIC~1\LG Electronics
[20-04-2008|12:57] C:\DOCUME~1\Evan\APPLIC~1\Macromedia
[12-12-2008|18:02] C:\DOCUME~1\Evan\APPLIC~1\Malwarebytes
[07-06-2008|14:13] C:\DOCUME~1\Evan\APPLIC~1\Microsoft
[17-05-2007|18:56] C:\DOCUME~1\Evan\APPLIC~1\Motive
[10-09-2007|15:57] C:\DOCUME~1\Evan\APPLIC~1\Mozilla
[14-04-2008|20:36] C:\DOCUME~1\Evan\APPLIC~1\MP-Manager
[27-11-2008|18:05] C:\DOCUME~1\Evan\APPLIC~1\NCH Swift Sound
[20-04-2008|17:22] C:\DOCUME~1\Evan\APPLIC~1\NetMedia Providers
[10-08-2007|18:48] C:\DOCUME~1\Evan\APPLIC~1\Nokia
[18-03-2008|11:52] C:\DOCUME~1\Evan\APPLIC~1\Oniton
[10-08-2007|18:45] C:\DOCUME~1\Evan\APPLIC~1\PC Suite
[20-08-2007|12:27] C:\DOCUME~1\Evan\APPLIC~1\Preclick
[20-04-2008|17:22] C:\DOCUME~1\Evan\APPLIC~1\Publish Providers
[09-12-2008|16:00] C:\DOCUME~1\Evan\APPLIC~1\Real
[07-05-2007|15:03] C:\DOCUME~1\Evan\APPLIC~1\Seven Zip
[21-07-2008|07:00] C:\DOCUME~1\Evan\APPLIC~1\skypePM
[20-04-2008|17:22] C:\DOCUME~1\Evan\APPLIC~1\Sony
[06-07-2007|16:59] C:\DOCUME~1\Evan\APPLIC~1\Sun
[10-09-2007|15:57] C:\DOCUME~1\Evan\APPLIC~1\Talkback
[18-03-2008|19:42] C:\DOCUME~1\Evan\APPLIC~1\Thunderbird
[04-08-2008|11:30] C:\DOCUME~1\Evan\APPLIC~1\TomTom
[06-05-2008|17:05] C:\DOCUME~1\Evan\APPLIC~1\TOSHIBA
[09-04-2007|17:34] C:\DOCUME~1\Evan\APPLIC~1\Ulead Systems
[29-01-2007|16:11] C:\DOCUME~1\Evan\APPLIC~1\Yahoo! Messenger
[14-07-2007|10:11] C:\DOCUME~1\Evan\APPLIC~1\YourScreen
[19-05-2008|15:46] C:\DOCUME~1\INVIT~1\APPLIC~1\Adobe
[19-09-2007|13:53] C:\DOCUME~1\INVIT~1\APPLIC~1\Apple Computer
[09-07-2007|16:57] C:\DOCUME~1\INVIT~1\APPLIC~1\Google
[16-02-2007|20:33] C:\DOCUME~1\INVIT~1\APPLIC~1\HP
[12-06-2006|06:49] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities
[12-06-2006|06:49] C:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia
[21-09-2007|17:57] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft
[07-08-2008|16:50] C:\DOCUME~1\INVIT~1\APPLIC~1\Mozilla
[07-10-2007|21:24] C:\DOCUME~1\INVIT~1\APPLIC~1\Real
[20-09-2007|16:13] C:\DOCUME~1\INVIT~1\APPLIC~1\Sun
[30-09-2007|17:35] C:\DOCUME~1\INVIT~1\APPLIC~1\Talkback
[19-05-2008|15:27] C:\DOCUME~1\INVIT~1\APPLIC~1\TOSHIBA
[17-07-2007|13:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[20-09-2008|19:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla
[12-06-2006|06:49] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[05-05-2008|19:17] C:\DOCUME~1\Sonia\APPLIC~1\Adobe
[28-10-2007|17:02] C:\DOCUME~1\Sonia\APPLIC~1\AdobeUM
[23-06-2007|08:06] C:\DOCUME~1\Sonia\APPLIC~1\EoRezo
[16-07-2007|16:35] C:\DOCUME~1\Sonia\APPLIC~1\Google
[13-08-2007|09:30] C:\DOCUME~1\Sonia\APPLIC~1\HP
[12-06-2006|06:49] C:\DOCUME~1\Sonia\APPLIC~1\Identities
[14-06-2007|15:57] C:\DOCUME~1\Sonia\APPLIC~1\ispnews
[23-06-2007|07:59] C:\DOCUME~1\Sonia\APPLIC~1\ItsLabel
[12-06-2006|06:49] C:\DOCUME~1\Sonia\APPLIC~1\Macromedia
[25-10-2007|16:09] C:\DOCUME~1\Sonia\APPLIC~1\Microsoft
[02-07-2008|08:49] C:\DOCUME~1\Sonia\APPLIC~1\Mozilla
[13-08-2007|08:49] C:\DOCUME~1\Sonia\APPLIC~1\PC Suite
[09-04-2008|15:34] C:\DOCUME~1\Sonia\APPLIC~1\Real
[14-06-2007|15:46] C:\DOCUME~1\Sonia\APPLIC~1\Seven Zip
[25-10-2007|16:09] C:\DOCUME~1\Sonia\APPLIC~1\Sun
[02-10-2007|18:59] C:\DOCUME~1\Sonia\APPLIC~1\Talkback
[15-07-2008|15:40] C:\DOCUME~1\Sonia\APPLIC~1\Thunderbird
[14-05-2008|20:05] C:\DOCUME~1\Sonia\APPLIC~1\TOSHIBA
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[14-12-2008 12:44][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
[21-11-2008 12:34][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[13-12-2008 18:09][--a------] C:\WINDOWS\tasks\Paint.job
[31-07-2007 09:09][--a------] C:\WINDOWS\tasks\RegistrySmart Scheduled Scan.job
[05-08-2004 13:00][-rah-----] C:\WINDOWS\tasks\desktop.ini
[14-12-2008 12:34][--ah-----] C:\WINDOWS\tasks\SA.DAT
--------------------\\ Listing des dossiers dans C:\Program Files
[07-03-2008|21:32] C:\Program Files\A123 AVI MPEG WMV ASF MOV FLV to 3GP Converter
[04-08-2008|05:20] C:\Program Files\Adobe
[17-06-2007|15:39] C:\Program Files\AKVIS
[29-06-2007|15:09] C:\Program Files\Alwil Software
[08-10-2008|18:44] C:\Program Files\Apple Software Update
[30-09-2007|17:43] C:\Program Files\AtomixMP3
[02-06-2008|15:55] C:\Program Files\Audacity
[17-06-2007|11:16] C:\Program Files\cablecom
[23-06-2007|10:11] C:\Program Files\Cablecom Assistant
[15-11-2008|11:01] C:\Program Files\Capturino 1.4
[03-12-2008|12:23] C:\Program Files\Common Files
[24-05-2006|11:49] C:\Program Files\ComPlus Applications
[10-12-2008|12:28] C:\Program Files\ComptaOne
[12-06-2006|06:51] C:\Program Files\CONEXANT
[06-08-2007|06:56] C:\Program Files\Cybercorder
[14-09-2007|20:05] C:\Program Files\Dactylo
[12-07-2007|11:43] C:\Program Files\deo
[10-08-2007|18:38] C:\Program Files\DIFX
[30-09-2007|17:46] C:\Program Files\DivX
[01-06-2007|17:55] C:\Program Files\DV Series
[28-08-2007|16:28] C:\Program Files\eoRezo
[12-12-2008|13:22] C:\Program Files\ESET
[12-12-2008|14:03] C:\Program Files\Fichiers communs
[16-11-2008|13:31] C:\Program Files\Firebird
[10-06-2008|18:03] C:\Program Files\Free Audio Pack
[07-03-2008|21:44] C:\Program Files\Free FLV Converter
[14-07-2007|10:06] C:\Program Files\Free Offers from Freeze.com
[14-07-2007|10:07] C:\Program Files\Freeze.com
[22-04-2008|15:45] C:\Program Files\GE.SOFT
[10-05-2008|20:36] C:\Program Files\Geneatique2007
[28-05-2008|18:47] C:\Program Files\GMixon
[26-06-2008|10:57] C:\Program Files\GoodOk YouTube FLV to AVI 3GP MP4 WMV ASF Converter
[15-06-2008|10:12] C:\Program Files\Google
[26-05-2008|17:08] C:\Program Files\Hewlett-Packard
[29-11-2008|22:44] C:\Program Files\Hot Jingle Player
[10-06-2008|17:42] C:\Program Files\HotPotatoes6
[19-05-2008|19:17] C:\Program Files\HP
[28-11-2008|17:49] C:\Program Files\Icecast2 Win32
[04-08-2007|10:11] C:\Program Files\Illustrate
[05-12-2008|16:25] C:\Program Files\InstallShield Installation Information
[01-06-2007|18:28] C:\Program Files\InterActual
[16-10-2008|09:21] C:\Program Files\Internet Explorer
[08-10-2008|18:53] C:\Program Files\iPod
[08-10-2008|18:54] C:\Program Files\iTunes
[06-07-2007|16:58] C:\Program Files\Java
[30-04-2008|19:39] C:\Program Files\LG Electronics
[23-06-2007|11:20] C:\Program Files\Macrogaming
[12-12-2008|18:02] C:\Program Files\Malwarebytes' Anti-Malware
[10-05-2008|21:12] C:\Program Files\McDonaldsDragons
[05-12-2008|17:01] C:\Program Files\Media Bonza
[09-12-2008|16:11] C:\Program Files\Messenger
[14-06-2007|20:20] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[12-06-2006|06:51] C:\Program Files\microsoft frontpage
[29-11-2008|22:58] C:\Program Files\Microsoft Office
[05-12-2008|17:06] C:\Program Files\Microsoft SQL Server
[17-02-2007|17:18] C:\Program Files\Microsoft Visual Studio
[05-07-2007|06:49] C:\Program Files\Microsoft Works
[17-02-2007|17:17] C:\Program Files\Microsoft.NET
[30-12-2007|11:15] C:\Program Files\Mindscape
[23-06-2007|10:10] C:\Program Files\Motive
[12-06-2006|06:51] C:\Program Files\Movie Maker
[14-12-2008|12:46] C:\Program Files\Mozilla Firefox
[13-12-2008|17:25] C:\Program Files\Mozilla Thunderbird
[13-02-2007|19:54] C:\Program Files\MP3 Player Product Tools
[13-02-2007|19:56] C:\Program Files\MP3 Player Utilities
[14-06-2007|16:47] C:\Program Files\MP3 Remix
[07-06-2008|14:09] C:\Program Files\MSECache
[01-06-2007|17:15] C:\Program Files\MSN
[12-06-2006|06:51] C:\Program Files\MSN Gaming Zone
[14-06-2007|20:19] C:\Program Files\MSXML 4.0
[16-10-2008|11:27] C:\Program Files\My Easy Cartoucheur v2.0
[25-10-2007|16:33] C:\Program Files\NetMeeting
[15-08-2007|18:34] C:\Program Files\Nokia
[12-06-2006|06:51] C:\Program Files\Online Services
[17-06-2007|11:16] C:\Program Files\Outlook Express
[10-08-2007|18:38] C:\Program Files\PC Connectivity Solution
[04-07-2008|18:51] C:\Program Files\Personal Voice Changer Driver
[31-07-2007|09:07] C:\Program Files\Phototool
[08-10-2008|18:49] C:\Program Files\QuickTime
[20-01-2007|20:58] C:\Program Files\Raccourcis de programmes
[30-09-2007|11:03] C:\Program Files\Real
[11-07-2007|19:24] C:\Program Files\RM-X Player V4.2
[11-12-2008|13:06] C:\Program Files\SEEKMOREMETA
[01-03-2007|09:19] C:\Program Files\Services en ligne
[29-11-2008|22:49] C:\Program Files\SHOUTcast
[21-06-2007|16:21] C:\Program Files\SM
[07-03-2008|21:34] C:\Program Files\Smallvideosoft
[26-06-2008|10:51] C:\Program Files\Sony
[17-08-2007|15:09] C:\Program Files\Sony Ericsson
[20-04-2008|17:15] C:\Program Files\Sony Setup
[27-09-2008|21:59] C:\Program Files\SoWieSo (entraŒnement au vocabulaire)
[27-11-2008|18:06] C:\Program Files\SpacialAudio
[06-09-2007|16:33] C:\Program Files\Spybot - Search & Destroy
[31-07-2007|09:03] C:\Program Files\SpywareBlaster
[15-11-2008|13:08] C:\Program Files\StationPlaylist
[05-12-2008|16:18] C:\Program Files\Sunrise
[28-06-2007|15:59] C:\Program Files\Symantec
[09-11-2008|10:18] C:\Program Files\TomTom DesktopSuite
[26-05-2008|17:00] C:\Program Files\U.R.Celeb
[09-04-2007|17:31] C:\Program Files\Ulead Systems
[24-05-2006|11:49] C:\Program Files\Uninstall Information
[15-11-2008|11:03] C:\Program Files\VeriSign
[15-08-2007|18:31] C:\Program Files\VirtualDJ
[06-04-2008|11:53] C:\Program Files\Volumouse
[15-11-2008|10:52] C:\Program Files\Webcamfirst
[05-12-2008|16:22] C:\Program Files\Winamp
[28-11-2008|17:27] C:\Program Files\Winamp Toolbar
[29-11-2008|22:53] C:\Program Files\Windows Live
[29-11-2008|22:42] C:\Program Files\Windows Live Toolbar
[23-07-2007|18:41] C:\Program Files\Windows Media Connect 2
[23-07-2007|18:54] C:\Program Files\Windows Media Player
[12-06-2006|06:51] C:\Program Files\Windows NT
[24-05-2006|11:49] C:\Program Files\WindowsUpdate
[12-06-2006|06:51] C:\Program Files\xerox
[04-07-2007|18:40] C:\Program Files\Yahoo!
[14-07-2007|10:21] C:\Program Files\YourScreen
[06-07-2008|18:19] C:\Program Files\ZaraSoft
[30-11-2008|20:13] C:\Program Files\Zattoo
[06-07-2007|17:26] C:\Program Files\Zero G Registry
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[21-04-2008|13:35] C:\Program Files\Fichiers communs\Adobe
[05-12-2008|17:34] C:\Program Files\Fichiers communs\Apple
[24-05-2008|14:43] C:\Program Files\Fichiers communs\Borland Shared
[23-09-2007|15:40] C:\Program Files\Fichiers communs\C-CHANNEL
[17-02-2007|17:18] C:\Program Files\Fichiers communs\DESIGNER
[04-02-2007|18:00] C:\Program Files\Fichiers communs\Hewlett-Packard
[29-01-2007|16:46] C:\Program Files\Fichiers communs\InstallShield
[29-01-2007|17:50] C:\Program Files\Fichiers communs\InterVideo
[06-07-2007|16:57] C:\Program Files\Fichiers communs\Java
[06-09-2008|07:25] C:\Program Files\Fichiers communs\Microsoft Shared
[29-04-2007|16:33] C:\Program Files\Fichiers communs\Motive
[12-06-2006|06:51] C:\Program Files\Fichiers communs\MSSoap
[15-08-2007|18:34] C:\Program Files\Fichiers communs\Nokia
[12-06-2006|06:51] C:\Program Files\Fichiers communs\ODBC
[09-12-2008|16:00] C:\Program Files\Fichiers communs\Real
[12-06-2006|06:51] C:\Program Files\Fichiers communs\Services
[12-06-2006|06:51] C:\Program Files\Fichiers communs\SpeechEngines
[28-06-2007|15:59] C:\Program Files\Fichiers communs\Symantec Shared
[15-11-2008|11:02] C:\Program Files\Fichiers communs\System
[09-04-2007|17:31] C:\Program Files\Fichiers communs\Ulead Systems
[17-03-2008|18:01] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 35 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 12:53:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
--------------------\\ ROOTKIT !!
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys]
[F:14][D:8]-> C:\DOCUME~1\Evan\LOCALS~1\Temp
[F:1797][D:0]-> C:\DOCUME~1\Evan\Cookies
[F:169][D:4]-> C:\DOCUME~1\Evan\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 13-12-2008|21:03 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 14-12-2008|12:55 - Option : [2]
--------------------\\ Fin du rapport a 12:55:39
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : AMD Sempron(tm) Processor 3000+ )
BIOS : BIOS Date: 05/05/06 16:12:58 Ver: 08.00.12
USER : Evan ( Administrator )
BOOT : Normal boot
Firewall : Norton Internet Worm Protection 2006 (Not Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:56 Go)
D:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 14-12-2008|12:51 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web\Fork Wave.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web\multi rule.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web\STOP HTM.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web\Third Amen.exe
Supprime! - C:\DOCUME~1\Evan\Cookies\evan@adserver.advertstream[1].txt
Supprime! - C:\DOCUME~1\Evan\Cookies\evan@advertstream[2].txt
Supprime! - C:\DOCUME~1\Evan\Cookies\evan@d2.advertserve[1].txt
Supprime! - C:\DOCUME~1\Evan\Cookies\evan@www.adserver5[2].txt
Supprime! - C:\DOCUME~1\Evan\Cookies\evan@adultfriendfinder[1].txt
Supprime! - C:\DOCUME~1\Evan\Cookies\evan@advertising.marketnetwork[1].txt
Supprime! - C:\DOCUME~1\Evan\Cookies\evan@adex.bigpoint[1].txt
Supprime! - C:\DOCUME~1\Evan\Cookies\evan@adin.bigpoint[2].txt
Supprime! - C:\DOCUME~1\Evan\Cookies\evan@bigpoint[1].txt
Supprime! - C:\DOCUME~1\Evan\Cookies\evan@fr1.seafight.bigpoint[1].txt
Supprime! - C:\DOCUME~1\Evan\Cookies\evan@adopt.euroclick[2].txt
Supprime! - C:\DOCUME~1\Evan\Cookies\evan@pacificpoker[1].txt
Supprime! - C:\DOCUME~1\Evan\Cookies\evan@partypoker[1].txt
Supprime! - C:\DOCUME~1\Evan\Cookies\evan@888[1].txt
Supprime! - C:\DOCUME~1\Evan\Cookies\evan@888[3].txt
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans APPLIC~1
[08-10-2008|18:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[25-09-2007|16:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\4D
[21-04-2008|13:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[12-07-2007|12:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[12-07-2007|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[07-05-2007|15:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\cablecom
[15-11-2008|10:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[10-10-2007|16:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[11-05-2008|08:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[04-02-2007|18:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[10-08-2007|18:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
[12-12-2008|18:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[31-07-2007|09:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[17-03-2008|18:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[29-04-2007|16:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[17-06-2007|12:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MotiveSysIDs
[10-09-2007|15:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Mozilla
[05-02-2007|17:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir
[21-07-2008|07:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MySQL
[19-11-2008|18:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
[30-07-2007|06:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
[10-08-2007|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[29-01-2007|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[15-11-2008|13:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\RapidSolution
[12-06-2006|06:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[21-07-2008|08:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[06-09-2007|16:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[28-09-2008|14:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
[03-12-2008|17:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SupportSoft
[28-06-2007|15:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[16-11-2008|13:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[04-08-2008|11:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
[09-04-2007|17:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[11-10-2008|10:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Winamp Toolbar
[17-05-2007|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[17-05-2007|18:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[17-03-2008|17:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[07-09-2007|11:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Xenocode
[12-03-2008|11:18] C:\DOCUME~1\Amadou\APPLIC~1\Adobe
[12-03-2008|10:56] C:\DOCUME~1\Amadou\APPLIC~1\Google
[07-02-2007|16:30] C:\DOCUME~1\Amadou\APPLIC~1\HP
[12-06-2006|06:49] C:\DOCUME~1\Amadou\APPLIC~1\Identities
[12-06-2006|06:49] C:\DOCUME~1\Amadou\APPLIC~1\Macromedia
[12-03-2008|10:56] C:\DOCUME~1\Amadou\APPLIC~1\Microsoft
[29-06-2008|09:07] C:\DOCUME~1\Amadou\APPLIC~1\Mozilla
[17-03-2008|21:00] C:\DOCUME~1\Amadou\APPLIC~1\Real
[12-03-2008|10:53] C:\DOCUME~1\Amadou\APPLIC~1\Sun
[12-03-2008|10:51] C:\DOCUME~1\Amadou\APPLIC~1\Talkback
[05-06-2008|17:41] C:\DOCUME~1\Amadou\APPLIC~1\TOSHIBA
[09-09-2008|16:48] C:\DOCUME~1\BBD540~1\APPLIC~1\Adobe
[11-09-2007|19:01] C:\DOCUME~1\BBD540~1\APPLIC~1\Google
[04-02-2007|18:33] C:\DOCUME~1\BBD540~1\APPLIC~1\HP
[12-06-2006|06:49] C:\DOCUME~1\BBD540~1\APPLIC~1\Identities
[22-05-2007|19:26] C:\DOCUME~1\BBD540~1\APPLIC~1\InterVideo
[23-06-2007|09:54] C:\DOCUME~1\BBD540~1\APPLIC~1\ItsLabel
[12-06-2006|06:49] C:\DOCUME~1\BBD540~1\APPLIC~1\Macromedia
[23-06-2007|09:57] C:\DOCUME~1\BBD540~1\APPLIC~1\Microsoft
[09-09-2008|16:47] C:\DOCUME~1\BBD540~1\APPLIC~1\Mozilla
[01-06-2007|17:15] C:\DOCUME~1\BBD540~1\APPLIC~1\MSNInstaller
[08-03-2008|08:43] C:\DOCUME~1\BBD540~1\APPLIC~1\Real
[01-06-2007|17:14] C:\DOCUME~1\BBD540~1\APPLIC~1\Seven Zip
[26-10-2007|11:59] C:\DOCUME~1\BBD540~1\APPLIC~1\Talkback
[11-05-2008|17:05] C:\DOCUME~1\Darrell\APPLIC~1\Adobe
[24-02-2007|20:10] C:\DOCUME~1\Darrell\APPLIC~1\AdobeUM
[14-07-2007|09:11] C:\DOCUME~1\Darrell\APPLIC~1\Apple Computer
[28-08-2007|06:45] C:\DOCUME~1\Darrell\APPLIC~1\EoRezo
[10-07-2007|19:46] C:\DOCUME~1\Darrell\APPLIC~1\Google
[08-02-2007|19:39] C:\DOCUME~1\Darrell\APPLIC~1\HP
[12-06-2006|06:49] C:\DOCUME~1\Darrell\APPLIC~1\Identities
[29-01-2007|18:14] C:\DOCUME~1\Darrell\APPLIC~1\InterVideo
[23-06-2007|08:51] C:\DOCUME~1\Darrell\APPLIC~1\ItsLabel
[12-06-2006|06:49] C:\DOCUME~1\Darrell\APPLIC~1\Macromedia
[17-06-2007|17:45] C:\DOCUME~1\Darrell\APPLIC~1\Microsoft
[21-09-2008|19:40] C:\DOCUME~1\Darrell\APPLIC~1\Mozilla
[11-08-2007|18:16] C:\DOCUME~1\Darrell\APPLIC~1\PC Suite
[15-11-2008|14:36] C:\DOCUME~1\Darrell\APPLIC~1\Real
[10-07-2007|20:07] C:\DOCUME~1\Darrell\APPLIC~1\Sun
[07-10-2007|19:16] C:\DOCUME~1\Darrell\APPLIC~1\Talkback
[11-05-2008|17:03] C:\DOCUME~1\Darrell\APPLIC~1\TOSHIBA
[12-06-2006|06:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[12-06-2006|06:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[12-06-2006|06:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[20-04-2008|12:57] C:\DOCUME~1\Evan\APPLIC~1\Adobe
[14-06-2007|15:12] C:\DOCUME~1\Evan\APPLIC~1\AdobeAUM
[08-07-2007|07:57] C:\DOCUME~1\Evan\APPLIC~1\AdobeUM
[17-07-2007|15:21] C:\DOCUME~1\Evan\APPLIC~1\Apple Computer
[28-04-2008|20:26] C:\DOCUME~1\Evan\APPLIC~1\Audacity
[28-08-2007|16:28] C:\DOCUME~1\Evan\APPLIC~1\EoRezo
[14-06-2007|19:43] C:\DOCUME~1\Evan\APPLIC~1\F-Secure
[12-07-2008|18:49] C:\DOCUME~1\Evan\APPLIC~1\GetRightToGo
[01-07-2007|15:20] C:\DOCUME~1\Evan\APPLIC~1\Google
[06-07-2007|18:42] C:\DOCUME~1\Evan\APPLIC~1\gtk-2.0
[03-03-2007|18:13] C:\DOCUME~1\Evan\APPLIC~1\Help
[13-02-2007|19:23] C:\DOCUME~1\Evan\APPLIC~1\HP
[03-10-2007|19:41] C:\DOCUME~1\Evan\APPLIC~1\Identities
[20-08-2007|12:29] C:\DOCUME~1\Evan\APPLIC~1\Image Zone Express
[01-02-2007|08:40] C:\DOCUME~1\Evan\APPLIC~1\InterTrust
[06-07-2007|17:33] C:\DOCUME~1\Evan\APPLIC~1\InterVideo
[14-06-2007|16:44] C:\DOCUME~1\Evan\APPLIC~1\ispnews
[22-06-2007|14:31] C:\DOCUME~1\Evan\APPLIC~1\ItsLabel
[25-04-2007|17:32] C:\DOCUME~1\Evan\APPLIC~1\Leadertech
[30-04-2008|19:41] C:\DOCUME~1\Evan\APPLIC~1\LG Electronics
[20-04-2008|12:57] C:\DOCUME~1\Evan\APPLIC~1\Macromedia
[12-12-2008|18:02] C:\DOCUME~1\Evan\APPLIC~1\Malwarebytes
[07-06-2008|14:13] C:\DOCUME~1\Evan\APPLIC~1\Microsoft
[17-05-2007|18:56] C:\DOCUME~1\Evan\APPLIC~1\Motive
[10-09-2007|15:57] C:\DOCUME~1\Evan\APPLIC~1\Mozilla
[14-04-2008|20:36] C:\DOCUME~1\Evan\APPLIC~1\MP-Manager
[27-11-2008|18:05] C:\DOCUME~1\Evan\APPLIC~1\NCH Swift Sound
[20-04-2008|17:22] C:\DOCUME~1\Evan\APPLIC~1\NetMedia Providers
[10-08-2007|18:48] C:\DOCUME~1\Evan\APPLIC~1\Nokia
[18-03-2008|11:52] C:\DOCUME~1\Evan\APPLIC~1\Oniton
[10-08-2007|18:45] C:\DOCUME~1\Evan\APPLIC~1\PC Suite
[20-08-2007|12:27] C:\DOCUME~1\Evan\APPLIC~1\Preclick
[20-04-2008|17:22] C:\DOCUME~1\Evan\APPLIC~1\Publish Providers
[09-12-2008|16:00] C:\DOCUME~1\Evan\APPLIC~1\Real
[07-05-2007|15:03] C:\DOCUME~1\Evan\APPLIC~1\Seven Zip
[21-07-2008|07:00] C:\DOCUME~1\Evan\APPLIC~1\skypePM
[20-04-2008|17:22] C:\DOCUME~1\Evan\APPLIC~1\Sony
[06-07-2007|16:59] C:\DOCUME~1\Evan\APPLIC~1\Sun
[10-09-2007|15:57] C:\DOCUME~1\Evan\APPLIC~1\Talkback
[18-03-2008|19:42] C:\DOCUME~1\Evan\APPLIC~1\Thunderbird
[04-08-2008|11:30] C:\DOCUME~1\Evan\APPLIC~1\TomTom
[06-05-2008|17:05] C:\DOCUME~1\Evan\APPLIC~1\TOSHIBA
[09-04-2007|17:34] C:\DOCUME~1\Evan\APPLIC~1\Ulead Systems
[29-01-2007|16:11] C:\DOCUME~1\Evan\APPLIC~1\Yahoo! Messenger
[14-07-2007|10:11] C:\DOCUME~1\Evan\APPLIC~1\YourScreen
[19-05-2008|15:46] C:\DOCUME~1\INVIT~1\APPLIC~1\Adobe
[19-09-2007|13:53] C:\DOCUME~1\INVIT~1\APPLIC~1\Apple Computer
[09-07-2007|16:57] C:\DOCUME~1\INVIT~1\APPLIC~1\Google
[16-02-2007|20:33] C:\DOCUME~1\INVIT~1\APPLIC~1\HP
[12-06-2006|06:49] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities
[12-06-2006|06:49] C:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia
[21-09-2007|17:57] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft
[07-08-2008|16:50] C:\DOCUME~1\INVIT~1\APPLIC~1\Mozilla
[07-10-2007|21:24] C:\DOCUME~1\INVIT~1\APPLIC~1\Real
[20-09-2007|16:13] C:\DOCUME~1\INVIT~1\APPLIC~1\Sun
[30-09-2007|17:35] C:\DOCUME~1\INVIT~1\APPLIC~1\Talkback
[19-05-2008|15:27] C:\DOCUME~1\INVIT~1\APPLIC~1\TOSHIBA
[17-07-2007|13:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[20-09-2008|19:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla
[12-06-2006|06:49] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[05-05-2008|19:17] C:\DOCUME~1\Sonia\APPLIC~1\Adobe
[28-10-2007|17:02] C:\DOCUME~1\Sonia\APPLIC~1\AdobeUM
[23-06-2007|08:06] C:\DOCUME~1\Sonia\APPLIC~1\EoRezo
[16-07-2007|16:35] C:\DOCUME~1\Sonia\APPLIC~1\Google
[13-08-2007|09:30] C:\DOCUME~1\Sonia\APPLIC~1\HP
[12-06-2006|06:49] C:\DOCUME~1\Sonia\APPLIC~1\Identities
[14-06-2007|15:57] C:\DOCUME~1\Sonia\APPLIC~1\ispnews
[23-06-2007|07:59] C:\DOCUME~1\Sonia\APPLIC~1\ItsLabel
[12-06-2006|06:49] C:\DOCUME~1\Sonia\APPLIC~1\Macromedia
[25-10-2007|16:09] C:\DOCUME~1\Sonia\APPLIC~1\Microsoft
[02-07-2008|08:49] C:\DOCUME~1\Sonia\APPLIC~1\Mozilla
[13-08-2007|08:49] C:\DOCUME~1\Sonia\APPLIC~1\PC Suite
[09-04-2008|15:34] C:\DOCUME~1\Sonia\APPLIC~1\Real
[14-06-2007|15:46] C:\DOCUME~1\Sonia\APPLIC~1\Seven Zip
[25-10-2007|16:09] C:\DOCUME~1\Sonia\APPLIC~1\Sun
[02-10-2007|18:59] C:\DOCUME~1\Sonia\APPLIC~1\Talkback
[15-07-2008|15:40] C:\DOCUME~1\Sonia\APPLIC~1\Thunderbird
[14-05-2008|20:05] C:\DOCUME~1\Sonia\APPLIC~1\TOSHIBA
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[14-12-2008 12:44][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
[21-11-2008 12:34][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[13-12-2008 18:09][--a------] C:\WINDOWS\tasks\Paint.job
[31-07-2007 09:09][--a------] C:\WINDOWS\tasks\RegistrySmart Scheduled Scan.job
[05-08-2004 13:00][-rah-----] C:\WINDOWS\tasks\desktop.ini
[14-12-2008 12:34][--ah-----] C:\WINDOWS\tasks\SA.DAT
--------------------\\ Listing des dossiers dans C:\Program Files
[07-03-2008|21:32] C:\Program Files\A123 AVI MPEG WMV ASF MOV FLV to 3GP Converter
[04-08-2008|05:20] C:\Program Files\Adobe
[17-06-2007|15:39] C:\Program Files\AKVIS
[29-06-2007|15:09] C:\Program Files\Alwil Software
[08-10-2008|18:44] C:\Program Files\Apple Software Update
[30-09-2007|17:43] C:\Program Files\AtomixMP3
[02-06-2008|15:55] C:\Program Files\Audacity
[17-06-2007|11:16] C:\Program Files\cablecom
[23-06-2007|10:11] C:\Program Files\Cablecom Assistant
[15-11-2008|11:01] C:\Program Files\Capturino 1.4
[03-12-2008|12:23] C:\Program Files\Common Files
[24-05-2006|11:49] C:\Program Files\ComPlus Applications
[10-12-2008|12:28] C:\Program Files\ComptaOne
[12-06-2006|06:51] C:\Program Files\CONEXANT
[06-08-2007|06:56] C:\Program Files\Cybercorder
[14-09-2007|20:05] C:\Program Files\Dactylo
[12-07-2007|11:43] C:\Program Files\deo
[10-08-2007|18:38] C:\Program Files\DIFX
[30-09-2007|17:46] C:\Program Files\DivX
[01-06-2007|17:55] C:\Program Files\DV Series
[28-08-2007|16:28] C:\Program Files\eoRezo
[12-12-2008|13:22] C:\Program Files\ESET
[12-12-2008|14:03] C:\Program Files\Fichiers communs
[16-11-2008|13:31] C:\Program Files\Firebird
[10-06-2008|18:03] C:\Program Files\Free Audio Pack
[07-03-2008|21:44] C:\Program Files\Free FLV Converter
[14-07-2007|10:06] C:\Program Files\Free Offers from Freeze.com
[14-07-2007|10:07] C:\Program Files\Freeze.com
[22-04-2008|15:45] C:\Program Files\GE.SOFT
[10-05-2008|20:36] C:\Program Files\Geneatique2007
[28-05-2008|18:47] C:\Program Files\GMixon
[26-06-2008|10:57] C:\Program Files\GoodOk YouTube FLV to AVI 3GP MP4 WMV ASF Converter
[15-06-2008|10:12] C:\Program Files\Google
[26-05-2008|17:08] C:\Program Files\Hewlett-Packard
[29-11-2008|22:44] C:\Program Files\Hot Jingle Player
[10-06-2008|17:42] C:\Program Files\HotPotatoes6
[19-05-2008|19:17] C:\Program Files\HP
[28-11-2008|17:49] C:\Program Files\Icecast2 Win32
[04-08-2007|10:11] C:\Program Files\Illustrate
[05-12-2008|16:25] C:\Program Files\InstallShield Installation Information
[01-06-2007|18:28] C:\Program Files\InterActual
[16-10-2008|09:21] C:\Program Files\Internet Explorer
[08-10-2008|18:53] C:\Program Files\iPod
[08-10-2008|18:54] C:\Program Files\iTunes
[06-07-2007|16:58] C:\Program Files\Java
[30-04-2008|19:39] C:\Program Files\LG Electronics
[23-06-2007|11:20] C:\Program Files\Macrogaming
[12-12-2008|18:02] C:\Program Files\Malwarebytes' Anti-Malware
[10-05-2008|21:12] C:\Program Files\McDonaldsDragons
[05-12-2008|17:01] C:\Program Files\Media Bonza
[09-12-2008|16:11] C:\Program Files\Messenger
[14-06-2007|20:20] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[12-06-2006|06:51] C:\Program Files\microsoft frontpage
[29-11-2008|22:58] C:\Program Files\Microsoft Office
[05-12-2008|17:06] C:\Program Files\Microsoft SQL Server
[17-02-2007|17:18] C:\Program Files\Microsoft Visual Studio
[05-07-2007|06:49] C:\Program Files\Microsoft Works
[17-02-2007|17:17] C:\Program Files\Microsoft.NET
[30-12-2007|11:15] C:\Program Files\Mindscape
[23-06-2007|10:10] C:\Program Files\Motive
[12-06-2006|06:51] C:\Program Files\Movie Maker
[14-12-2008|12:46] C:\Program Files\Mozilla Firefox
[13-12-2008|17:25] C:\Program Files\Mozilla Thunderbird
[13-02-2007|19:54] C:\Program Files\MP3 Player Product Tools
[13-02-2007|19:56] C:\Program Files\MP3 Player Utilities
[14-06-2007|16:47] C:\Program Files\MP3 Remix
[07-06-2008|14:09] C:\Program Files\MSECache
[01-06-2007|17:15] C:\Program Files\MSN
[12-06-2006|06:51] C:\Program Files\MSN Gaming Zone
[14-06-2007|20:19] C:\Program Files\MSXML 4.0
[16-10-2008|11:27] C:\Program Files\My Easy Cartoucheur v2.0
[25-10-2007|16:33] C:\Program Files\NetMeeting
[15-08-2007|18:34] C:\Program Files\Nokia
[12-06-2006|06:51] C:\Program Files\Online Services
[17-06-2007|11:16] C:\Program Files\Outlook Express
[10-08-2007|18:38] C:\Program Files\PC Connectivity Solution
[04-07-2008|18:51] C:\Program Files\Personal Voice Changer Driver
[31-07-2007|09:07] C:\Program Files\Phototool
[08-10-2008|18:49] C:\Program Files\QuickTime
[20-01-2007|20:58] C:\Program Files\Raccourcis de programmes
[30-09-2007|11:03] C:\Program Files\Real
[11-07-2007|19:24] C:\Program Files\RM-X Player V4.2
[11-12-2008|13:06] C:\Program Files\SEEKMOREMETA
[01-03-2007|09:19] C:\Program Files\Services en ligne
[29-11-2008|22:49] C:\Program Files\SHOUTcast
[21-06-2007|16:21] C:\Program Files\SM
[07-03-2008|21:34] C:\Program Files\Smallvideosoft
[26-06-2008|10:51] C:\Program Files\Sony
[17-08-2007|15:09] C:\Program Files\Sony Ericsson
[20-04-2008|17:15] C:\Program Files\Sony Setup
[27-09-2008|21:59] C:\Program Files\SoWieSo (entraŒnement au vocabulaire)
[27-11-2008|18:06] C:\Program Files\SpacialAudio
[06-09-2007|16:33] C:\Program Files\Spybot - Search & Destroy
[31-07-2007|09:03] C:\Program Files\SpywareBlaster
[15-11-2008|13:08] C:\Program Files\StationPlaylist
[05-12-2008|16:18] C:\Program Files\Sunrise
[28-06-2007|15:59] C:\Program Files\Symantec
[09-11-2008|10:18] C:\Program Files\TomTom DesktopSuite
[26-05-2008|17:00] C:\Program Files\U.R.Celeb
[09-04-2007|17:31] C:\Program Files\Ulead Systems
[24-05-2006|11:49] C:\Program Files\Uninstall Information
[15-11-2008|11:03] C:\Program Files\VeriSign
[15-08-2007|18:31] C:\Program Files\VirtualDJ
[06-04-2008|11:53] C:\Program Files\Volumouse
[15-11-2008|10:52] C:\Program Files\Webcamfirst
[05-12-2008|16:22] C:\Program Files\Winamp
[28-11-2008|17:27] C:\Program Files\Winamp Toolbar
[29-11-2008|22:53] C:\Program Files\Windows Live
[29-11-2008|22:42] C:\Program Files\Windows Live Toolbar
[23-07-2007|18:41] C:\Program Files\Windows Media Connect 2
[23-07-2007|18:54] C:\Program Files\Windows Media Player
[12-06-2006|06:51] C:\Program Files\Windows NT
[24-05-2006|11:49] C:\Program Files\WindowsUpdate
[12-06-2006|06:51] C:\Program Files\xerox
[04-07-2007|18:40] C:\Program Files\Yahoo!
[14-07-2007|10:21] C:\Program Files\YourScreen
[06-07-2008|18:19] C:\Program Files\ZaraSoft
[30-11-2008|20:13] C:\Program Files\Zattoo
[06-07-2007|17:26] C:\Program Files\Zero G Registry
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[21-04-2008|13:35] C:\Program Files\Fichiers communs\Adobe
[05-12-2008|17:34] C:\Program Files\Fichiers communs\Apple
[24-05-2008|14:43] C:\Program Files\Fichiers communs\Borland Shared
[23-09-2007|15:40] C:\Program Files\Fichiers communs\C-CHANNEL
[17-02-2007|17:18] C:\Program Files\Fichiers communs\DESIGNER
[04-02-2007|18:00] C:\Program Files\Fichiers communs\Hewlett-Packard
[29-01-2007|16:46] C:\Program Files\Fichiers communs\InstallShield
[29-01-2007|17:50] C:\Program Files\Fichiers communs\InterVideo
[06-07-2007|16:57] C:\Program Files\Fichiers communs\Java
[06-09-2008|07:25] C:\Program Files\Fichiers communs\Microsoft Shared
[29-04-2007|16:33] C:\Program Files\Fichiers communs\Motive
[12-06-2006|06:51] C:\Program Files\Fichiers communs\MSSoap
[15-08-2007|18:34] C:\Program Files\Fichiers communs\Nokia
[12-06-2006|06:51] C:\Program Files\Fichiers communs\ODBC
[09-12-2008|16:00] C:\Program Files\Fichiers communs\Real
[12-06-2006|06:51] C:\Program Files\Fichiers communs\Services
[12-06-2006|06:51] C:\Program Files\Fichiers communs\SpeechEngines
[28-06-2007|15:59] C:\Program Files\Fichiers communs\Symantec Shared
[15-11-2008|11:02] C:\Program Files\Fichiers communs\System
[09-04-2007|17:31] C:\Program Files\Fichiers communs\Ulead Systems
[17-03-2008|18:01] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 35 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 12:53:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
--------------------\\ ROOTKIT !!
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys]
[F:14][D:8]-> C:\DOCUME~1\Evan\LOCALS~1\Temp
[F:1797][D:0]-> C:\DOCUME~1\Evan\Cookies
[F:169][D:4]-> C:\DOCUME~1\Evan\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 13-12-2008|21:03 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 14-12-2008|12:55 - Option : [2]
--------------------\\ Fin du rapport a 12:55:39
naheulbeuk
le 14 décembre 2008 à 13h16
bonjour,
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Guide d'utilisation : http://www.site-naheulbeuk.com/sdfix.php
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
Redémarre ton ordinateur
Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
Choisis ton compte.
Déroule la liste des instructions ci-dessous :
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum.
N.B.:
- Le fichier SDFIX_README.htm (dans le dossier SDFix) contient la liste des malwares pris en compte par l'outil.
- Andy fait plusieurs mises à jour, souvent plus d'une par jour... N'hésitez donc pas à demander de télécharger une nouvelle version lorsque le nettoyage dure et que l'outil ne semble pas tout voir.
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Guide d'utilisation : http://www.site-naheulbeuk.com/sdfix.php
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
- Le fichier SDFIX_README.htm (dans le dossier SDFix) contient la liste des malwares pris en compte par l'outil.
- Andy fait plusieurs mises à jour, souvent plus d'une par jour... N'hésitez donc pas à demander de télécharger une nouvelle version lorsque le nettoyage dure et que l'outil ne semble pas tout voir.
-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
PRODUITS
- Portables |
- PC |
- Moniteurs |
- Photo / Vidéo |
- T.V. |
- Audio |
- GPS |
- Stockage |
- Téléphonie |
- autres catégories
TÉLÉCHARGER - LOGICIELS
- Windows & logiciels |
- Bureautique |
- Développement |
- Internet |
- Jeux |
- Loisirs |
- Multimédia |
- Personnaliser son pc |
- Sécurité |
- Utilitaires |
- Logiciels Linux |
- logiciels Mac
JEUX VIDÉOS
- jeux PC |
- Xbox |
- Playstation |
- Wii |
- PSP |
- DS |
- Action |
- Aventure |
- MMORPG |
- Sports |
- Simulation |
- Enfant |
- Soluces et astuces
LOISIRS
01NET PRO
- Réseaux et Internet |
- Programmation et développement |
- Logiciels d'entreprise |
- Systèmes d'exploitation en entreprise |
- Sécurité en entreprise |
- Entreprenariat |
- Emploi |
- Services PRO |
- Matériel PRO
AVIS ET COMMENTAIRES
- Les actualités de 01net. |
- Avis sur les jeux vidéos |
- Avis sur les produits |
- Avis sur les logiciels |
A PROPOS DE 01NET
publicité
Messages des modérateurs
Discussions les plus actives
- mon pc rame a mort j ai des pic de uc a 70 a 100 %
- virus ou anti-virus 360? comment s'en débarrasser, je galère
- PC extremement lent et msg d'erreur
- disque dur,amovible,interne ne s'ouvre plus en 2 clic(virus)
- Connection internet impossible causée par virus
- comment nettoyer mon ordinateur?
- [RESOLU] Avast, pare feu ... tous bloqués !!
- infecté par spyware-secure ? (résolu)
- macrovirus : W97/Thus.AD (résolu)
- virus et disfonctionnement
 |
 |
Application iPhone 01netpro
L’actualité Pro 24h/24, sur votre iPhone avec SAP.
|
 |
||
L'ORDINATEUR INDIVIDUEL
Le mensuel informatique qui vous informe et vous conseille.
Nous contacter
|
Charte de confiance
|
Voir notice légale
01net. - 01men - RMC - BFM Radio - BFM TV - TousLesPodcasts - 01informatique.fr - Association RMC-BFM
01net. - 01men - RMC - BFM Radio - BFM TV - TousLesPodcasts - 01informatique.fr - Association RMC-BFM
Tous droits réservés © 1999 - 2009 Internext - 01net.