|
|
Auteur
|
Message
|
1
2
|
|
|
|
Bonjour à tous !
J'ai téléchargé une vidéo, et lors du lancement on m'a demandé d'installer un codec, je télécharge le fichier demandé (codec.exe) et lors de l'installation, mon antivirus s'affole (Avast) et me dit que je suis attaqué, je supprime donc les fichiers et depuis mon PC est lent, les publicités ont été remplacées par des publicité contre des anti spywares, et des fenêtres intanpestives s'ouvre régulièrement et je peux plus naviguer sur certains site !
Je tourne sous Vista 32 bits !
Merci de votre aide !
-->Message édité par thelame le 19/05/2008 22:47:26<--
|
|
|
|
|
Bonjour
- Télécharge HiJackThis de Merijn sur ton bureau.
- Double-clic sur HijackThis
- Génère un rapport en suivant ces indications :
- Exécute le et clique sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note
- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller
|
|
|
|
|
Merci de répondre si vite, alors voilà le rapport : 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:20:21, on 15/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Dofus\dofus.dll
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\poste\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.121.124.125 eu.logon.worldofwarcraft.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8D082AF8-71D9-435E-BD05-02DA4D4644D9} - C:\Windows\system32\ssqQjHbC.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qoMcbYPJ.dll,#1
O4 - HKLM\..\Run: [liesplatform] "C:\ProgramData\ViewDashDash.lvd39j7"
O4 - HKLM\..\Run: [dog about manager team] "C:\ProgramData\Ping idle delete.foptx"
O4 - HKLM\..\Run: [1aaa79b9] rundll32.exe "C:\Windows\system32\bckfyhyv.dll",b
O4 - HKLM\..\Run: [BM19994a25] Rundll32.exe "C:\Windows\system32\swfqptnd.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\Windows\system32\pr2akt6c.exe
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
--
End of file - 8381 bytes
-->Message édité par thelame le 15/05/2008 15:08:45<--
|
|
|
|
|
Télécharger combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
/*\ Désactivation des comptes utilisateurs/*\
* Désactiver le contrôle des comptes utilisateurs (on le réactivera à la fin de la désinfection) :
* Aller dans démarrer puis panneau de configuration
* Double Cliquer sur l'icône Comptes d'utilisateurs
* Cliquer ensuite sur désactiver et valider
* Désactive tes protections antivirus antispyware
* Ferme toutes les fenetres et applications en cours.
Redémarre en mode sans échec
* Clic droit sur combofix.exe => exécuter en tant qu'admnistrateur.
* Il va te poser une question :Appuie sur 1 et entrer pour lancer le scan.
* Quand le scan sera terminé, enregistre le rapport et redémarre en mode normal.
* Copie/Colle le rapport sur le forum situé ici C:\Combofix.txt.
Copie/colle un nouveau rapport HiJackThis avec.
-->Message édité par Laddy le 15/05/2008 15:41:55<--
|
|
|
|
|
Alors, le rapport ComboFix :
ComboFix 08-05-12.1 - poste 2008-05-15 15:54:12.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1302 [GMT 2:00]
Endroit: C:\Users\poste\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\System32\CbHjQqss.ini
C:\Windows\System32\CbHjQqss.ini2
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\pac.txt
C:\Windows\system32\vyhyfkcb.ini
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier cr‚‚ dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 13:58 --------- d-----w C:\Users\poste\AppData\Roaming\DNA
2008-05-15 13:49 --------- d-----w C:\Users\poste\AppData\Roaming\StarOffice8
2008-05-14 20:12 --------- d-----w C:\Program Files\avisplit
2008-05-14 20:02 --------- d-----w C:\ProgramData\Google Updater
2008-05-14 16:28 --------- d-----w C:\Users\poste\AppData\Roaming\LimeWire
2008-05-14 16:26 --------- d-----w C:\ProgramData\globalheartbits
2008-05-14 16:26 --------- d-----w C:\ProgramData\Drv Audio Dog About
2008-05-14 16:26 --------- d-----w C:\Program Files\globalheartbits
2008-05-14 11:38 --------- d-----w C:\Program Files\winvi
2008-05-12 16:37 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-04-28 09:36 --------- d-----w C:\ProgramData\TrackMania
2008-04-23 14:44 --------- d-----w C:\Program Files\NuonSoft
2008-04-21 19:17 --------- d-----w C:\Program Files\Audacity
2008-04-21 19:00 --------- d-----w C:\Users\VV.PC-de-poste\AppData\Roaming\BitTorrent
2008-04-21 17:02 --------- d-----w C:\Users\poste\AppData\Roaming\Winamp
2008-04-21 16:28 --------- d-----w C:\Program Files\Winamp
2008-04-21 09:23 --------- d-----w C:\Program Files\TmNationsForever
2008-04-20 14:55 --------- d-----w C:\Program Files\SpacialAudio
2008-04-20 14:54 --------- d-----w C:\Program Files\wamp
2008-04-20 14:48 --------- d-----w C:\Program Files\Dofus
2008-04-19 17:01 --------- d-----w C:\Program Files\World of Warcraft
2008-04-19 15:48 --------- d-----w C:\Users\VV.PC-de-poste\AppData\Roaming\Apple Computer
2008-04-11 15:29 --------- d-----w C:\Program Files\Picasa2
2008-04-10 11:41 --------- d-----w C:\Program Files\Windows Mail
2008-04-08 16:48 --------- d-----w C:\Users\poste\AppData\Roaming\BitTorrent
2008-04-07 16:23 --------- d-----w C:\Program Files\SmartVD 3.3.0
2008-03-24 21:00 --------- d-----w C:\Users\VV.PC-de-poste\AppData\Roaming\Pro Cycling Manager 2007
2008-03-21 17:39 --------- d-----w C:\ProgramData\WLInstaller
2008-03-17 17:08 --------- d-----w C:\Program Files\Java
2008-03-16 19:17 --------- d-----w C:\Program Files\Counter-Strike 1.6
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-11-26 17:09 174 --sha-w C:\Program Files\desktop.ini
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D082AF8-71D9-435E-BD05-02DA4D4644D9}]
2008-05-14 13:43 369664 --a------ C:\Windows\system32\ssqQjHbC.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-26 19:20 68856]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 20:41 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 11:13 289088]
"WinUpdater"="C:\Program Files\winvi\update.exe" [ ]
"WebSUpdater"="C:\Program Files\winvi\wupda.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-26 18:07 1006264]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 06:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 06:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 06:28 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-26 19:22 185632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-11-24 21:20 622592]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 15:51 65536]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 01:43 67488]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"MSServer"="C:\Windows\system32\yayaWPIY.dll" [2008-05-14 13:38 28672]
"liesplatform"="C:\ProgramData\ViewDashDash.k029cr" [2008-05-15 15:50 122896]
"dog about manager team"="C:\ProgramData\Ping idle delete.foptx" [2008-05-14 18:26 114704]
"1aaa79b9"="C:\Windows\system32\bckfyhyv.dll" [2008-05-15 09:38 94272]
"BM19994a25"="C:\Windows\system32\swfqptnd.dll" [2008-05-15 09:25 108096]
C:\Users\Croline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
StarOffice 8.lnk - C:\Program Files\Sun\StarOffice 8\program\quickstart.exe [2007-08-17 23:58:18 122880]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-26 19:20:24 125624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{2D21F137-3A44-43F1-B095-02B766F7D0DD}"= C:\Windows\system32\yayaWPIY.dll [2008-05-14 13:38 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1047431041-2997388824-3800971646-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{8D33FB13-3F98-43A1-AE72-EAAF1CB0D71A}C:\\program files\\dawn of war\\dawn of war - dark crusade\\darkcrusade.exe"= UDP:C:\program files\dawn of war\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"UDP Query User{3989F443-8F8C-47C2-B697-DCE4028307B1}C:\\program files\\dawn of war\\dawn of war - dark crusade\\darkcrusade.exe"= TCP:C:\program files\dawn of war\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"{EC849F38-2091-4395-A8C9-252DC0958C0F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{063D3940-3964-4F6C-8A85-F83C1207B929}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{C48A82D2-0BF8-4E86-97C0-65C247DB20FA}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{7C9C91E2-FB7B-42D4-BC71-1F3DBBBAAD18}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{EC702D35-CAF3-4D5E-937F-0C5040E9654B}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{49DB6BA2-C368-404D-B4CF-9E06631CE96E}C:\\program files\\psp media server\\psp media.exe"= UDP:C:\program files\psp media server\psp media.exe:PSP MEDIA SERVER
"UDP Query User{48C2A096-FD45-48F4-81C4-9540D962FC5E}C:\\program files\\psp media server\\psp media.exe"= TCP:C:\program files\psp media server\psp media.exe:PSP MEDIA SERVER
"TCP Query User{ACCCCB68-A03D-48E2-8548-9453709B0125}C:\\program files\\ankama games\\dofus\\dofus.exe"= UDP:C:\program files\ankama games\dofus\dofus.exe:Dofus Client
"UDP Query User{DC868178-1E25-468D-9F89-14EC0F9FB61E}C:\\program files\\ankama games\\dofus\\dofus.exe"= TCP:C:\program files\ankama games\dofus\dofus.exe:Dofus Client
"{36D74453-83D8-48EC-B30D-85AD0B26F6FA}"= UDP:C:\Program Files\accessoires\LimeWire\LimeWire.exe:LimeWire
"{02879DA3-BB34-4EA7-BD95-8C17C1A7F263}"= TCP:C:\Program Files\accessoires\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{1793572C-5E58-466B-A1F0-6B0F8A778916}C:\\program files\\accessoires\\emule\\emule.exe"= UDP:C:\program files\accessoires\emule\emule.exe:eMule
"UDP Query User{1E422B9D-AC85-435D-9DD2-2FCFD1E2FA19}C:\\program files\\accessoires\\emule\\emule.exe"= TCP:C:\program files\accessoires\emule\emule.exe:eMule
"TCP Query User{618929AF-FF82-4C88-ADA3-27384552DD00}C:\\program files\\accessoires\\psp media server\\psp media.exe"= UDP:C:\program files\accessoires\psp media server\psp media.exe:PSP MEDIA SERVER
"UDP Query User{26D0AF12-BE93-4C18-9BC0-741D69784105}C:\\program files\\accessoires\\psp media server\\psp media.exe"= TCP:C:\program files\accessoires\psp media server\psp media.exe:PSP MEDIA SERVER
"TCP Query User{A972C60D-ADA9-422E-A122-308DB2228EB5}C:\\program files\\jeux\\ankama games\\dofus\\dofus.exe"= UDP:C:\program files\jeux\ankama games\dofus\dofus.exe:Dofus Client
"UDP Query User{6637B843-F257-42A6-ACCE-A56DF8F658C3}C:\\program files\\jeux\\ankama games\\dofus\\dofus.exe"= TCP:C:\program files\jeux\ankama games\dofus\dofus.exe:Dofus Client
"{4DBA79E5-EC8F-4BE9-9147-B674A531DCD0}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{8113A858-A419-4384-8352-BE6FB2DCD776}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{A01B7E25-2AB5-458B-A5AB-036E2B9CC490}"= UDP:C:\Program Files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{D9DD58E6-1CC7-424B-A27E-F50809FC411D}"= TCP:C:\Program Files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{85670CB0-94C5-4E5D-BC9C-51E5D4CC8E96}"= UDP:C:\Program Files\Cyanide\Pro Cycling Manager 2007\PCM.exe:Pro Cycling Manager 2007
"{7355D290-F7F8-4FEA-9799-315B2D2833B4}"= TCP:C:\Program Files\Cyanide\Pro Cycling Manager 2007\PCM.exe:Pro Cycling Manager 2007
"TCP Query User{2C3E725D-6F65-4053-A78C-F418E119E3E6}C:\\program files\\world of warcraft\\repair.exe"= UDP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query User{2A0BE706-95FD-4263-92BA-012099E720E3}C:\\program files\\world of warcraft\\repair.exe"= TCP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"{976F7A40-F1C1-4BF2-A614-2FE14E16C9FD}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{00821909-7AE6-4179-B447-7C0F8AEC1B11}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{B63D7C3A-208D-405C-A0BE-813BE09EF117}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{B0F8B3A3-9D62-4A11-8CF0-938231AFD41B}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{65F5A10D-E0C9-48A2-9E52-850C6FF3B808}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{1D4A69CE-2A26-4BC5-8A63-69F93DDBC32C}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{1D6522F2-473A-45C3-B121-DF3CB8AD50FA}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{8297F28D-17F9-45F3-8F23-57A4352C17A2}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{3AAA9528-C475-4FD2-ADE7-B662CE1786B2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{59D8843D-A105-4A13-9E51-3F893090A65E}C:\\program files\\bt softphone 2\\btsoftphone2.exe"= UDP:C:\program files\bt softphone 2\btsoftphone2.exe:BTSoftphone2
"UDP Query User{15C2888A-A256-466F-AB4B-A6097AD6B3B1}C:\\program files\\bt softphone 2\\btsoftphone2.exe"= TCP:C:\program files\bt softphone 2\btsoftphone2.exe:BTSoftphone2
"TCP Query User{FB72C0F1-70A5-49F5-B18C-E4AC21F49887}C:\\program files\\counter-strike 1.6\\hl.exe"= UDP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"UDP Query User{7383C585-EA68-4252-94EB-C4B48DC2EEFD}C:\\program files\\counter-strike 1.6\\hl.exe"= TCP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"TCP Query User{CC2C32C9-D605-46EA-B743-763BBB979DE9}C:\\program files\\counter-strike source\\hl2.exe"= UDP:C:\program files\counter-strike source\hl2.exe:hl2
"UDP Query User{1167E0E1-5C29-483B-9076-9E19F49CC900}C:\\program files\\counter-strike source\\hl2.exe"= TCP:C:\program files\counter-strike source\hl2.exe:hl2
"{C4CB6616-C574-4B9A-9BFE-03E4B1E5EA37}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{D021261C-A7D6-42A1-9493-D87F3416584D}C:\\program files\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= UDP:C:\program files\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
"UDP Query User{CBBA8731-5EA3-465C-8154-0A1441EB3C7A}C:\\program files\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= TCP:C:\program files\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
"TCP Query User{55168DA2-C928-4998-A61B-A88262FD48FA}C:\\program files\\spacialaudio\\sambc\\sambc.exe"= UDP:C:\program files\spacialaudio\sambc\sambc.exe:SAMBC
"UDP Query User{C4462B3B-DC9A-426A-883E-3D53AEF1EB37}C:\\program files\\spacialaudio\\sambc\\sambc.exe"= TCP:C:\program files\spacialaudio\sambc\sambc.exe:SAMBC
"TCP Query User{58646BF1-B0C9-4E96-BDD9-6BB4D36B6F50}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{4B6D66F7-9970-4D5E-883D-FA5736548523}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{EE1CD527-C5F7-4351-A372-307E1725BFBF}C:\\program files\\bitdownload\\bitdownload.exe"= UDP:C:\program files\bitdownload\bitdownload.exe:BitDownload
"UDP Query User{2584A056-64F2-46B6-9C8F-77E156F060FB}C:\\program files\\bitdownload\\bitdownload.exe"= TCP:C:\program files\bitdownload\bitdownload.exe:BitDownload
"TCP Query User{1A77085A-853F-4FAF-9125-0B4121F22290}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C9A7EF70-1A04-4452-844B-CAF7823F3D0A}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R0 pe3akt6c;Cycling Manager 2007 Environment Driver (pe3akt6c);C:\Windows\system32\drivers\pe3akt6c.sys [2007-09-28 12:06]
R0 pf2akt6c;Cycling Manager 2007 File System Driver (pf2akt6c);C:\Windows\system32\drivers\pf2akt6c.sys [2007-09-28 12:05]
R0 ps7akt6c;Cycling Manager 2007 Synchronization Driver (ps7akt6c);C:\Windows\system32\drivers\ps7akt6c.sys [2007-09-28 12:05]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-12 18:36]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-12 18:37]
S2 pr2akt6c;Cycling Manager 2007 Drivers Auto Removal (pr2akt6c);C:\Windows\system32\pr2akt6c.exe svc []
S3 wampapache;wampapache;"C:\Program Files\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;"C:\Program Files\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe" wampmysqld []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d56d9c5-eaaa-11dc-8849-001d601f25f1}]
\shell\Setup\command - setup.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-15 14:00:01 C:\Windows\Tasks\User_Feed_Synchronization-{637E6FB4-FECE-4082-8361-AA5222AAA4FC}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-05-15 14:00:01 C:\Windows\Tasks\User_Feed_Synchronization-{6C8A7FFE-92B9-4DDD-8967-42E01E622EF6}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-05-15 14:00:01 C:\Windows\Tasks\User_Feed_Synchronization-{90A6E74E-723E-4C11-9A91-66C3BECAF1DD}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 15:59:57
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\Windows\system32\winlogon.exe
-> C:\Windows\system32\yayaWPIY.dll
PROCESS: C:\Windows\Explorer.exe
-> C:\Windows\system32\bckfyhyv.dll
-> C:\Windows\system32\swfqptnd.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-15 16:04:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-15 14:04:14
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
229 --- E O F --- 2008-05-09 18:37:30
=====================================
Et le rapport HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:08:32, on 15/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Explorer.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\poste\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\yayaWPIY.dll,#1
O4 - HKLM\..\Run: [liesplatform] "C:\ProgramData\ViewDashDash.k029cr"
O4 - HKLM\..\Run: [dog about manager team] "C:\ProgramData\Ping idle delete.foptx"
O4 - HKLM\..\Run: [1aaa79b9] rundll32.exe "C:\Windows\system32\bckfyhyv.dll",b
O4 - HKLM\..\Run: [BM19994a25] Rundll32.exe "C:\Windows\system32\swfqptnd.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\Windows\system32\pr2akt6c.exe
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
--
End of file - 7425 bytes
Voilà, apparemment le trojan a disparu, plus de pub remplacé, les sites remarche, merci beaucoup !
|
|
|
|
|
Certes mais la désinfection n'est pas du tout terminée. Ne pars pas trop vite 
|
|
|
|
|
Enfait non, il n'est pas encore parti ! 
|
|
|
|
|
Non tout n'est pas encore désinfecté
il reste encore des fichiers non supprimés
Télécharge Lop S&D de Angeldark et Eric71 sur ton bureau.
Double-clique dessus pour lancer l'installation
Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
Séléctionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
Patiente jusqu'à la fin du scan
Poste le rapport généré ( C:\lopR.txt )
(Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
|
|
|
|
|
-----------------------[ Lop S&D 4.2.0-8 XP/Vista ]---------------------
[ Windows 'Longhorn' (NT 6.0) Workstation Build 6000 ]
[ USER : poste ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 15/05/2008 | 17:22:36.51 ] [ PC : PC-DE-POSTE ]
[ MAJ : 11-05-2008 | 18:25 ]
[ UAC => 0 ]
-------------[ Listing des dossiers dans Application Data ]------------
[09/01/2008|16:15] C:\Users\poste\AppData\Roaming\Adobe\Adobe Photoshop CS3
[09/01/2008|16:14] C:\Users\poste\AppData\Roaming\Adobe\Online Services
[29/12/2007|16:22] C:\Users\poste\AppData\Roaming\Adobe\Plugins
[25/12/2007|11:11] C:\Users\poste\AppData\Roaming\Adobe\CameraRaw
[25/12/2007|11:09] C:\Users\poste\AppData\Roaming\Adobe\Color
[25/12/2007|11:09] C:\Users\poste\AppData\Roaming\Adobe\Adobe PDF
[25/12/2007|10:41] C:\Users\poste\AppData\Roaming\Adobe\Photoshop Elements
[20/12/2007|22:22] C:\Users\poste\AppData\Roaming\Adobe\Linguistics
[18/12/2007|18:53] C:\Users\poste\AppData\Roaming\Adobe\Acrobat
[05/12/2007|19:51] C:\Users\poste\AppData\Roaming\Adobe\Flash Player
[05/03/2008|18:34] C:\Users\poste\AppData\Roaming\Apple Computer\iTunes
[08/04/2008|18:48] C:\Users\poste\AppData\Roaming\BitTorrent\resume.dat
[08/04/2008|18:48] C:\Users\poste\AppData\Roaming\BitTorrent\dht.dat
[08/04/2008|18:48] C:\Users\poste\AppData\Roaming\BitTorrent\settings.dat
[08/04/2008|18:42] C:\Users\poste\AppData\Roaming\BitTorrent\resume.dat.old
[08/04/2008|18:31] C:\Users\poste\AppData\Roaming\BitTorrent\Papa Roach -To_Be_Loved_1.zip.torrent
[09/03/2008|14:47] C:\Users\poste\AppData\Roaming\BitTorrent\dht.dat.old
[09/03/2008|14:47] C:\Users\poste\AppData\Roaming\BitTorrent\settings.dat.old
[09/03/2008|14:40] C:\Users\poste\AppData\Roaming\BitTorrent\xxx fr-la cambrioleuse-clara morgane.avi.torrent
[19/02/2008|19:17] C:\Users\poste\AppData\Roaming\BitTorrent\Simple_Plan_-_Simple_Plan-[2008]-[WwW.DivxTotal.CoM].rar.torrent
[19/02/2008|19:16] C:\Users\poste\AppData\Roaming\BitTorrent\Simple Plan - Simple Plan (2008) - Punk Rock [www.torrentazos.com].rar.torrent
[19/02/2008|19:13] C:\Users\poste\AppData\Roaming\BitTorrent\Simple Plan - Simple Plan - 2008.1.torrent
[19/02/2008|18:21] C:\Users\poste\AppData\Roaming\BitTorrent\Simple Plan - Simple Plan - 2008.torrent
[12/02/2008|18:40] C:\Users\poste\AppData\Roaming\BitTorrent\Simple Plan - Simple Plan.torrent
[12/02/2008|18:37] C:\Users\poste\AppData\Roaming\BitTorrent\bittorrent.lng
[12/02/2008|18:34] C:\Users\poste\AppData\Roaming\BitTorrent\Simple Plan - Simple Plan-torrentlounge.com.torrent
[02/12/2007|12:55] C:\Users\poste\AppData\Roaming\Brother\PrtDrv
[02/03/2008|21:24] C:\Users\poste\AppData\Roaming\BT\BT Softphone 2
[04/02/2008|20:00] C:\Users\poste\AppData\Roaming\DesktopPlayer\data.xml
[29/12/2007|19:25] C:\Users\poste\AppData\Roaming\DesktopPlayer\ini.xml
[23/03/2007|16:48] C:\Users\poste\AppData\Roaming\DesktopPlayer\presets.dll
[10/08/2005|10:36] C:\Users\poste\AppData\Roaming\DesktopPlayer\Nevada Tan Player.scr
[15/05/2008|17:19] C:\Users\poste\AppData\Roaming\DNA\resume.dat
[15/05/2008|17:19] C:\Users\poste\AppData\Roaming\DNA\settings.dat
[15/05/2008|17:09] C:\Users\poste\AppData\Roaming\DNA\resume.dat.old
[15/05/2008|16:47] C:\Users\poste\AppData\Roaming\DNA\dht.dat
[15/05/2008|16:47] C:\Users\poste\AppData\Roaming\DNA\settings.dat.old
[15/05/2008|16:43] C:\Users\poste\AppData\Roaming\DNA\dht.dat.old
[09/03/2008|14:59] C:\Users\poste\AppData\Roaming\eMule\config
[15/12/2007|15:42] C:\Users\poste\AppData\Roaming\Google\GoogleEarth
[09/02/2008|23:50] C:\Users\poste\AppData\Roaming\gtk-2.0\gtkfilechooser.ini
[26/11/2007|17:26] C:\Users\poste\AppData\Roaming\Identities\{29417EF4-825C-4316-A632-37B2AACCCEE6}
[26/11/2007|17:31] C:\Users\poste\AppData\Roaming\InstallShield\ISEngine12.0
[14/05/2008|19:37] C:\Users\poste\AppData\Roaming\LimeWire\ttrees.cache
[14/05/2008|19:37] C:\Users\poste\AppData\Roaming\LimeWire\ttroot.cache
[14/05/2008|19:37] C:\Users\poste\AppData\Roaming\LimeWire\library.dat
[14/05/2008|19:37] C:\Users\poste\AppData\Roaming\LimeWire\spam.dat
[14/05/2008|19:37] C:\Users\poste\AppData\Roaming\LimeWire\filters.props
[14/05/2008|19:37] C:\Users\poste\AppData\Roaming\LimeWire\questions.props
[14/05/2008|19:37] C:\Users\poste\AppData\Roaming\LimeWire\tables.props
[14/05/2008|19:37] C:\Users\poste\AppData\Roaming\LimeWire\installation.props
[14/05/2008|19:37] C:\Users\poste\AppData\Roaming\LimeWire\mojito.props
[14/05/2008|19:37] C:\Users\poste\AppData\Roaming\LimeWire\limewire.props
[14/05/2008|19:37] C:\Users\poste\AppData\Roaming\LimeWire\gnutella.net
[14/05/2008|19:03] C:\Users\poste\AppData\Roaming\LimeWire\createtimes.cache
[14/05/2008|18:28] C:\Users\poste\AppData\Roaming\LimeWire\fileurns.cache
[14/05/2008|17:52] C:\Users\poste\AppData\Roaming\LimeWire\.AppSpecialShare
[14/05/2008|13:34] C:\Users\poste\AppData\Roaming\LimeWire\version.xml
[14/05/2008|13:30] C:\Users\poste\AppData\Roaming\LimeWire\simpp.xml
[11/01/2008|19:21] C:\Users\poste\AppData\Roaming\LimeWire\.NetworkShare
[15/12/2007|20:55] C:\Users\poste\AppData\Roaming\LimeWire\414splashfree.png
[14/12/2007|20:43] C:\Users\poste\AppData\Roaming\LimeWire\responses.cache
[14/12/2007|20:37] C:\Users\poste\AppData\Roaming\LimeWire\fileurns.bak
[14/12/2007|20:36] C:\Users\poste\AppData\Roaming\LimeWire\xml
[14/12/2007|20:36] C:\Users\poste\AppData\Roaming\LimeWire\themes
[04/04/2008|17:25] C:\Users\poste\AppData\Roaming\Macromedia\Flash Player
[12/12/2007|15:31] C:\Users\poste\AppData\Roaming\Media Player Classic\default.mpcpl
[15/05/2008|09:25] C:\Users\poste\AppData\Roaming\Microsoft\Windows Photo Gallery
[19/02/2008|19:42] C:\Users\poste\AppData\Roaming\Microsoft\MSN Messenger
[27/01/2008|19:52] C:\Users\poste\AppData\Roaming\Microsoft\MMC
[20/12/2007|20:07] C:\Users\poste\AppData\Roaming\Microsoft\Speech
[12/12/2007|18:28] C:\Users\poste\AppData\Roaming\Microsoft\Internet Explorer
[11/12/2007|21:21] C:\Users\poste\AppData\Roaming\Microsoft\IdentityCRL
[03/12/2007|20:26] C:\Users\poste\AppData\Roaming\Microsoft\eHome
[02/12/2007|22:03] C:\Users\poste\AppData\Roaming\Microsoft\HTML Help
[26/11/2007|17:31] C:\Users\poste\AppData\Roaming\Microsoft\Crypto
[26/11/2007|17:27] C:\Users\poste\AppData\Roaming\Microsoft\Windows
[26/11/2007|17:26] C:\Users\poste\AppData\Roaming\Microsoft\SystemCertificates
[26/11/2007|17:26] C:\Users\poste\AppData\Roaming\Microsoft\Protect
[26/11/2007|17:26] C:\Users\poste\AppData\Roaming\Microsoft\Credentials
[14/05/2008|18:26] C:\Users\poste\AppData\Roaming\Mozilla\Firefox
[29/12/2007|15:27] C:\Users\poste\AppData\Roaming\Pro Cycling Manager 2007\Pro Cycling Manager 2007.log
[29/12/2007|15:27] C:\Users\poste\AppData\Roaming\Pro Cycling Manager 2007\RAD
[29/12/2007|15:27] C:\Users\poste\AppData\Roaming\Pro Cycling Manager 2007\Local.cdb
[29/12/2007|15:27] C:\Users\poste\AppData\Roaming\Pro Cycling Manager 2007\Local.cdb~
[29/12/2007|12:42] C:\Users\poste\AppData\Roaming\Pro Cycling Manager 2007\Temp
[29/12/2007|12:38] C:\Users\poste\AppData\Roaming\Pro Cycling Manager 2007\Cache
[29/12/2007|12:38] C:\Users\poste\AppData\Roaming\Pro Cycling Manager 2007\HDCacheConf.xml
[29/12/2007|12:38] C:\Users\poste\AppData\Roaming\Pro Cycling Manager 2007\Config
[28/09/2007|12:26] C:\Users\poste\AppData\Roaming\Pro Cycling Manager 2007\OriginalLocal.cdb
[13/12/2007|19:58] C:\Users\poste\AppData\Roaming\Real\RealMediaSDK
[02/12/2007|21:20] C:\Users\poste\AppData\Roaming\Real\RealPlayer
[27/11/2007|11:03] C:\Users\poste\AppData\Roaming\Real\Msg
[26/11/2007|19:22] C:\Users\poste\AppData\Roaming\Real\rnadmin
[12/03/2008|14:32] C:\Users\poste\AppData\Roaming\Skinux\BTSoftphone2
[02/12/2007|21:05] C:\Users\poste\AppData\Roaming\StarOffice8\user
[14/01/2008|00:05] C:\Users\poste\AppData\Roaming\STOIK\videopak2
[05/12/2007|16:27] C:\Users\poste\AppData\Roaming\Talkback\MozillaOrg
[15/05/2008|12:38] C:\Users\poste\AppData\Roaming\Winamp\studio.xnf
[15/05/2008|12:38] C:\Users\poste\AppData\Roaming\Winamp\winamp.ini
[15/05/2008|12:38] C:\Users\poste\AppData\Roaming\Winamp\winamp.m3u
[15/05/2008|12:38] C:\Users\poste\AppData\Roaming\Winamp\Winamp.m3u8
[21/04/2008|18:29] C:\Users\poste\AppData\Roaming\Winamp\Plugins
[21/04/2008|18:28] C:\Users\poste\AppData\Roaming\Winamp\Winamp.q1
[10/03/2008|22:14] C:\Users\poste\AppData\Roaming\Winamp\links.xml
[14/09/2005|21:17] C:\Users\poste\AppData\Roaming\Winamp\demo.mp3
----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------
[15/05/2008 17:20][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{6C8A7FFE-92B9-4DDD-8967-42E01E622EF6}.job
[15/05/2008 17:20][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{637E6FB4-FECE-4082-8361-AA5222AAA4FC}.job
[15/05/2008 17:20][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{90A6E74E-723E-4C11-9A91-66C3BECAF1DD}.job
[15/05/2008 16:49][--ah-----] C:\Windows\tasks\SA.DAT
[15/05/2008 16:48][--a------] C:\Windows\tasks\SCHEDLGU.TXT
------[ Listing des dossiers dans C:\ProgramData ]------
[10/02/2008|18:42] C:\ProgramData\Adobe
[18/02/2008|18:49] C:\ProgramData\Apple
[18/02/2008|18:53] C:\ProgramData\Apple Computer
[02/11/2006|15:02] C:\ProgramData\Application Data
[15/05/2008|17:10] C:\ProgramData\BM19994a25.txt
[15/05/2008|17:11] C:\ProgramData\BM19994a25.xml
[02/12/2007|12:48] C:\ProgramData\Brother
[02/03/2008|21:23] C:\ProgramData\BT
[26/11/2007|17:24] C:\ProgramData\Bureau
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[14/05/2008|18:26] C:\ProgramData\Drv Audio Dog About
[27/12/2007|19:35] C:\ProgramData\DVD Shrink
[09/03/2008|14:54] C:\ProgramData\eMule
[26/11/2007|17:24] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[25/12/2007|11:06] C:\ProgramData\FLEXnet
[14/05/2008|18:26] C:\ProgramData\globalheartbits
[05/12/2007|16:27] C:\ProgramData\Google
[14/05/2008|22:02] C:\ProgramData\Google Updater
[26/11/2007|17:24] C:\ProgramData\Menu D‚marrer
[02/12/2007|22:03] C:\ProgramData\Microsoft
[26/11/2007|17:24] C:\ProgramData\ModŠles
[05/12/2007|19:11] C:\ProgramData\Motive
[26/11/2007|19:21] C:\ProgramData\Mozilla
[26/12/2007|13:32] C:\ProgramData\ntuser.pol
[27/11/2007|11:03] C:\ProgramData\NVIDIA
[14/05/2008|18:26] C:\ProgramData\Ping idle delete.foptx
[22/02/2008|17:25] C:\ProgramData\pixelStorm
[15/05/2008|16:49] C:\ProgramData\pskt.ini
[02/11/2006|15:02] C:\ProgramData\Start Menu
[02/11/2006|15:02] C:\ProgramData\Templates
[28/04/2008|11:36] C:\ProgramData\TrackMania
[14/05/2008|21:22] C:\ProgramData\ViewDashDash.1mtnw
[14/05/2008|21:00] C:\ProgramData\ViewDashDash.38fpqx0
[14/05/2008|22:50] C:\ProgramData\ViewDashDash.3drmqs
[14/05/2008|18:26] C:\ProgramData\ViewDashDash.3vtln
[14/05/2008|18:26] C:\ProgramData\ViewDashDash.6utu6dm
[15/05/2008|14:23] C:\ProgramData\ViewDashDash.91mwx
[14/05/2008|20:38] C:\ProgramData\ViewDashDash.9sdc4
[14/05/2008|19:32] C:\ProgramData\ViewDashDash.ahujs
[14/05/2008|22:28] C:\ProgramData\ViewDashDash.ai7ei9
[14/05/2008|20:16] C:\ProgramData\ViewDashDash.bykg9
[15/05/2008|14:45] C:\ProgramData\ViewDashDash.flgm0
[15/05/2008|15:50] C:\ProgramData\ViewDashDash.k029cr
[15/05/2008|14:01] C:\ProgramData\ViewDashDash.lvd39j7
[14/05/2008|19:10] C:\ProgramData\ViewDashDash.mimn9dh
[14/05/2008|22:06] C:\ProgramData\ViewDashDash.ouqjiit
[15/05/2008|12:53] C:\ProgramData\ViewDashDash.rtc5y4i
[14/05/2008|21:44] C:\ProgramData\ViewDashDash.te0gpsp
[15/05/2008|13:23] C:\ProgramData\ViewDashDash.tiq2y
[14/05/2008|18:48] C:\ProgramData\ViewDashDash.vfc18
[15/05/2008|15:07] C:\ProgramData\ViewDashDash.vzfxux
[14/05/2008|19:54] C:\ProgramData\ViewDashDash.wmwlw
[15/05/2008|15:28] C:\ProgramData\ViewDashDash.xwyp3z
[14/05/2008|23:12] C:\ProgramData\ViewDashDash.ygtru4g
[15/05/2008|17:11] C:\ProgramData\ViewDashDash.ypkjq
[21/03/2008|19:39] C:\ProgramData\WLInstaller
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[09/02/2008|12:50] C:\Program Files\.gimp-2.4
[24/12/2007|22:53] C:\Program Files\accessoires
[10/02/2008|18:42] C:\Program Files\Adobe
[05/12/2007|19:43] C:\Program Files\Alwil Software
[26/11/2007|17:46] C:\Program Files\Analog Devices
[09/02/2008|12:10] C:\Program Files\AnimGif
[20/02/2008|18:35] C:\Program Files\Ankama
[18/02/2008|18:50] C:\Program Files\Apple Software Update
[21/04/2008|21:17] C:\Program Files\Audacity
[14/05/2008|22:12] C:\Program Files\avisplit
[14/01/2008|19:41] C:\Program Files\AviSynth 2.5
[12/02/2008|18:38] C:\Program Files\BitTorrent
[18/02/2008|18:52] C:\Program Files\Bonjour
[02/12/2007|16:25] C:\Program Files\Brother
[02/03/2008|21:23] C:\Program Files\BT Softphone 2
[26/02/2008|22:14] C:\Program Files\Club-Internet
[18/02/2008|18:49] C:\Program Files\Common Files
[16/03/2008|21:17] C:\Program Files\Counter-Strike 1.6
[05/03/2008|14:06] C:\Program Files\Counter-Strike Source
[28/12/2007|19:34] C:\Program Files\Cyanide
[26/11/2007|19:09] C:\Program Files\desktop.ini
[09/03/2008|14:33] C:\Program Files\DivX
[12/02/2008|18:33] C:\Program Files\DNA
[20/04/2008|16:48] C:\Program Files\Dofus
[27/12/2007|19:13] C:\Program Files\DVD Shrink
[09/03/2008|14:53] C:\Program Files\eMule
[26/11/2007|17:24] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[09/02/2008|12:42] C:\Program Files\Gimp Pack Mode
[14/05/2008|18:26] C:\Program Files\globalheartbits
[26/11/2007|19:22] C:\Program Files\Google
[23/01/2008|16:12] C:\Program Files\Gpotato.eu
[14/01/2008|00:04] C:\Program Files\InstallShield Installation Information
[21/12/2007|09:31] C:\Program Files\Internet
[10/04/2008|13:41] C:\Program Files\Internet Explorer
[18/02/2008|18:54] C:\Program Files\iPod
[18/02/2008|18:54] C:\Program Files\iTunes
[17/03/2008|19:08] C:\Program Files\Java
[19/12/2007|23:13] C:\Program Files\Jeux
[05/02/2008|19:00] C:\Program Files\Kimbo
[05/02/2008|19:02] C:\Program Files\kimbo2
[11/01/2008|19:21] C:\Program Files\LimeWire
[15/05/2008|13:06] C:\Program Files\Mozilla Firefox
[02/11/2006|14:37] C:\Program Files\MSBuild
[02/11/2006|14:37] C:\Program Files\MSN
[29/12/2007|19:27] C:\Program Files\Nevada Tan Player
[23/04/2008|16:44] C:\Program Files\NuonSoft
[05/02/2008|19:03] C:\Program Files\Ogrest
[11/04/2008|17:29] C:\Program Files\Picasa2
[25/12/2007|22:13] C:\Program Files\pspvideo9
[18/02/2008|18:52] C:\Program Files\QuickTime
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[14/01/2008|19:43] C:\Program Files\Ripp-it_AM
[23/01/2008|18:43] C:\Program Files\Riva
[22/01/2008|20:01] C:\Program Files\SEUCDaS
[07/04/2008|18:23] C:\Program Files\SmartVD 3.3.0
[07/01/2008|19:12] C:\Program Files\Sony
[20/04/2008|16:55] C:\Program Files\SpacialAudio
[14/01/2008|00:04] C:\Program Files\STOIK Imaging
[26/11/2007|19:26] C:\Program Files\Sun
[21/04/2008|11:23] C:\Program Files\TmNationsForever
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[14/01/2008|18:40] C:\Program Files\VirtualDubMOD
[20/04/2008|16:54] C:\Program Files\wamp
[21/04/2008|18:28] C:\Program Files\Winamp
[26/11/2007|19:06] C:\Program Files\Windows Calendar
[02/11/2006|14:42] C:\Program Files\Windows Collaboration
[26/11/2007|19:06] C:\Program Files\Windows Defender
[02/11/2006|14:42] C:\Program Files\Windows Journal
[21/12/2007|18:26] C:\Program Files\Windows Live
[10/04/2008|13:41] C:\Program Files\Windows Mail
[26/11/2007|19:06] C:\Program Files\Windows Media Player
[26/11/2007|17:24] C:\Program Files\Windows NT
[02/11/2006|14:42] C:\Program Files\Windows Photo Gallery
[18/02/2008|14:18] C:\Program Files\Windows Sidebar
[20/04/2008|16:46] C:\Program Files\WinRAR
[14/05/2008|13:38] C:\Program Files\winvi
[19/04/2008|19:01] C:\Program Files\World of Warcraft
------[ Listing des dossiers dans C:\Program Files\Common Files ]------
[10/02/2008|18:42] C:\Program Files\Common Files\Adobe
[18/02/2008|18:49] C:\Program Files\Common Files\Apple
[06/12/2007|18:43] C:\Program Files\Common Files\Blizzard Entertainment
[24/01/2008|17:03] C:\Program Files\Common Files\INCA Shared
[14/01/2008|00:03] C:\Program Files\Common Files\InstallShield
[12/12/2007|16:10] C:\Program Files\Common Files\Internet Explorer
[26/11/2007|19:26] C:\Program Files\Common Files\Java
[25/12/2007|10:40] C:\Program Files\Common Files\Macrovision Shared
[28/12/2007|19:36] C:\Program Files\Common Files\microsoft shared
[26/11/2007|19:22] C:\Program Files\Common Files\Real
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[23/01/2008|18:43] C:\Program Files\Common Files\SWF Studio
[26/11/2007|19:06] C:\Program Files\Common Files\System
[11/12/2007|21:20] C:\Program Files\Common Files\WindowsLiveInstaller
[26/11/2007|19:22] C:\Program Files\Common Files\xing shared
---------------------------[ Process ]--------------------------
... 76
iexplore.exe ~ [3416]
iexplore.exe ~ [3468]
----------------------[ Recherche avec S_Lop ]---------------------
C:\ProgramData\Ping idle delete.foptx
C:\ProgramData\Ping idle delete.foptx
C:\ProgramData\GLOBAL~1
C:\ProgramData\GLOBAL~1\Bias Roam.exe
C:\ProgramData\GLOBAL~1\soesnwmu.exe
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Bitdownload
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Bitdownload\BitDownload Downloads.lnk
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Bitdownload\BitDownload Uninstall.lnk
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Bitdownload\BitDownload.lnk
C:\Windows\Prefetch\BITDOWNLOAD SETUP.EXE-EAE5FCE1.pf
----------------------[ Verification du Registre ]----------------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Iso keep store]
"DisplayName"="CiD Help"
"UninstallString"="C:\\PROGRA~2\\GLOBAL~1\\Bias Roam.exe -uninstall"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 17:23:04
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
C:\Windows\system32\BLoWDcfe.ini2
C:\Windows\system32\CbHjQqss.ini2
! VUNDO Possible !
=> C:\Users\poste\AppData\Roaming\Microsoft\Windows\Recent\Pirater,Hacker,Cracker,Trouver Un Mot De Passe Prizee Allopass Astuce Pr Gagner Des Kamas Sur Dofus.lnk
=> C:\Users\poste\AppData\Roaming\Microsoft\Windows\Recent\SAM.Broadcaster.v4.2.2.Incl.Crack-TSRH.rar.lnk
=> C:\Users\poste\AppData\Roaming\Microsoft\Windows\Recent\[0] Comment Cracker Un Compte Dofus!! Gratuit, Rapide Et Simple.lnk
=> C:\ProgramData\Adobe\Photoshop Elements\6.0\Locale\fr_FR\Photo Creations Metadata\backgrounds\Cracked Paint.xml
=> C:\ProgramData\Adobe\Photoshop Elements\6.0\Photo Creations\backgrounds\Cracked Paint.jpg
/!\ [Fich:34][Doss:3] C:\Users\poste\AppData\Local\Temp
/!\ [Fich:88][Doss:1] C:\Users\poste\AppData\Roaming\MICROS~1\Windows\Cookies
/!\ [Fich:163][Doss:4] C:\Users\poste\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[ UAC => 1 ]
--------------------[ Fin du rapport a 17:23:39.23 ]----------------------
|
|
|
|
|
C'est bisard, parfois des sites qui fonctionnais ne fonctionne plus et inversement, si non les pubs sont toujours remplacés...
-->Message édité par thelame le 15/05/2008 19:25:32<--
|
|
|
|
|
|
En attendant le retour de Laddy, passe à l'option 2 de LOPS&D et poste le rapport.
|
|
|
|
|
-----------------------[ Lop S&D 4.2.0-8 XP/Vista ]---------------------
[ Windows 'Longhorn' (NT 6.0) Workstation Build 6000 ]
[ USER : poste ] [ "C:\Lop SD" ] [ Selection : 2 ]
[ 15/05/2008 | 19:32:30.87 ] [ PC : PC-DE-POSTE ]
[ MAJ : 11-05-2008 | 18:25 ]
[ UAC => 0 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////
Supprimé! - C:\Windows\Prefetch\BITDOWNLOAD SETUP.EXE-EAE5FCE1.pf
Supprimé! - C:\ProgramData\Ping idle delete.foptx
Supprimé! - C:\ProgramData\GLOBAL~1\Bias Roam.exe
Supprimé! - C:\ProgramData\GLOBAL~1\soesnwmu.exe
Supprimé! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Bitdownload
Supprimé! - C:\ProgramData\GLOBAL~1
//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
-------------[ Listing des dossiers dans Application Data ]------------
[09/01/2008|16:15] C:\Users\poste\AppData\Roaming\Adobe\Adobe Photoshop CS3
[09/01/2008|16:14] C:\Users\poste\AppData\Roaming\Adobe\Online Services
[29/12/2007|16:22] C:\Users\poste\AppData\Roaming\Adobe\Plugins
[25/12/2007|11:11] C:\Users\poste\AppData\Roaming\Adobe\CameraRaw
[25/12/2007|11:09] C:\Users\poste\AppData\Roaming\Adobe\Color
[25/12/2007|11:09] C:\Users\poste\AppData\Roaming\Adobe\Adobe PDF
[25/12/2007|10:41] C:\Users\poste\AppData\Roaming\Adobe\Photoshop Elements
[20/12/2007|22:22] C:\Users\poste\AppData\Roaming\Adobe\Linguistics
[18/12/2007|18:53] C:\Users\poste\AppData\Roaming\Adobe\Acrobat
[05/12/2007|19:51] C:\Users\poste\AppData\Roaming\Adobe\Flash Player
[05/03/2008|18:34] C:\Users\poste\AppData\Roaming\Apple Computer\iTunes
[15/05/2008|17:56] C:\Users\poste\AppData\Roaming\BitTorrent\resume.dat
[15/05/2008|17:56] C:\Users\poste\AppData\Roaming\BitTorrent\dht.dat
[15/05/2008|17:56] C:\Users\poste\AppData\Roaming\BitTorrent\settings.dat
[08/04/2008|18:48] C:\Users\poste\AppData\Roaming\BitTorrent\resume.dat.old
[08/04/2008|18:48] C:\Users\poste\AppData\Roaming\BitTorrent\dht.dat.old
[08/04/2008|18:48] C:\Users\poste\AppData\Roaming\BitTorrent\settings.dat.old
[08/04/2008|18:31] C:\Users\poste\AppData\Roaming\BitTorrent\Papa Roach -To_Be_Loved_1.zip.torrent
[19/02/2008|19:17] C:\Users\poste\AppData\Roaming\BitTorrent\Simple_Plan_-_Simple_Plan-[2008]-[WwW.DivxTotal.CoM].rar.torrent
[19/02/2008|19:16] C:\Users\poste\AppData\Roaming\BitTorrent\Simple Plan - Simple Plan (2008) - Punk Rock [www.torrentazos.com].rar.torrent
[19/02/2008|19:13] C:\Users\poste\AppData\Roaming\BitTorrent\Simple Plan - Simple Plan - 2008.1.torrent
[19/02/2008|18:21] C:\Users\poste\AppData\Roaming\BitTorrent\Simple Plan - Simple Plan - 2008.torrent
[12/02/2008|18:40] C:\Users\poste\AppData\Roaming\BitTorrent\Simple Plan - Simple Plan.torrent
[12/02/2008|18:37] C:\Users\poste\AppData\Roaming\BitTorrent\bittorrent.lng
[12/02/2008|18:34] C:\Users\poste\AppData\Roaming\BitTorrent\Simple Plan - Simple Plan-torrentlounge.com.torrent
[02/12/2007|12:55] C:\Users\poste\AppData\Roaming\Brother\PrtDrv
[02/03/2008|21:24] C:\Users\poste\AppData\Roaming\BT\BT Softphone 2
[04/02/2008|20:00] C:\Users\poste\AppData\Roaming\DesktopPlayer\data.xml
[29/12/2007|19:25] C:\Users\poste\AppData\Roaming\DesktopPlayer\ini.xml
[23/03/2007|16:48] C:\Users\poste\AppData\Roaming\DesktopPlayer\presets.dll
[10/08/2005|10:36] C:\Users\poste\AppData\Roaming\DesktopPlayer\Nevada Tan Player.scr
[15/05/2008|19:29] C:\Users\poste\AppData\Roaming\DNA\dht.dat
[15/05/2008|19:29] C:\Users\poste\AppData\Roaming\DNA\resume.dat
[15/05/2008|19:29] C:\Users\poste\AppData\Roaming\DNA\settings.dat
[15/05/2008|19:19] C:\Users\poste\AppData\Roaming\DNA\resume.dat.old
[15/05/2008|19:19] C:\Users\poste\AppData\Roaming\DNA\settings.dat.old
[15/05/2008|16:47] C:\Users\poste\AppData\Roaming\DNA\dht.dat.old
[09/03/2008|14:59] C:\Users\poste\AppData\Roaming\eMule\config
[15/12/2007|15:42] C:\Users\poste\AppData\Roaming\Google\GoogleEarth
[09/02/2008|23:50] C:\Users\poste\AppData\Roaming\gtk-2.0\gtkfilechooser.ini
[26/11/2007|17:26] C:\Users\poste\AppData\Roaming\Identities\{29417EF4-825C-4316-A632-37B2AACCCEE6}
[26/11/2007|17:31] C:\Users\poste\AppData\Roaming\InstallShield\ISEngine12.0
[15/05/2008|19:28] C:\Users\poste\AppData\Roaming\LimeWire\library.dat
[15/05/2008|19:25] C:\Users\poste\AppData\Roaming\LimeWire\filters.props
[15/05/2008|19:25] C:\Users\poste\AppData\Roaming\LimeWire\questions.props
[15/05/2008|19:25] C:\Users\poste\AppData\Roaming\LimeWire\tables.props
[15/05/2008|19:25] C:\Users\poste\AppData\Roaming\LimeWire\installation.props
[15/05/2008|19:25] C:\Users\poste\AppData\Roaming\LimeWire\mojito.props
[15/05/2008|19:25] C:\Users\poste\AppData\Roaming\LimeWire\limewire.props
[15/05/2008|18:38] C:\Users\poste\AppData\Roaming\LimeWire\createtimes.cache
[15/05/2008|18:35] C:\Users\poste\AppData\Roaming\LimeWire\fileurns.cache
[14/05/2008|19:37] C:\Users\poste\AppData\Roaming\LimeWire\ttrees.cache
[14/05/2008|19:37] C:\Users\poste\AppData\Roaming\LimeWire\ttroot.cache
[14/05/2008|19:37] C:\Users\poste\AppData\Roaming\LimeWire\spam.dat
[14/05/2008|19:37] C:\Users\poste\AppData\Roaming\LimeWire\gnutella.net
[14/05/2008|17:52] C:\Users\poste\AppData\Roaming\LimeWire\.AppSpecialShare
[14/05/2008|13:34] C:\Users\poste\AppData\Roaming\LimeWire\version.xml
[14/05/2008|13:30] C:\Users\poste\AppData\Roaming\LimeWire\simpp.xml
[11/01/2008|19:21] C:\Users\poste\AppData\Roaming\LimeWire\.NetworkShare
[15/12/2007|20:55] C:\Users\poste\AppData\Roaming\LimeWire\414splashfree.png
[14/12/2007|20:43] C:\Users\poste\AppData\Roaming\LimeWire\responses.cache
[14/12/2007|20:37] C:\Users\poste\AppData\Roaming\LimeWire\fileurns.bak
[14/12/2007|20:36] C:\Users\poste\AppData\Roaming\LimeWire\xml
[14/12/2007|20:36] C:\Users\poste\AppData\Roaming\LimeWire\themes
[04/04/2008|17:25] C:\Users\poste\AppData\Roaming\Macromedia\Flash Player
[12/12/2007|15:31] C:\Users\poste\AppData\Roaming\Media Player Classic\default.mpcpl
[15/05/2008|09:25] C:\Users\poste\AppData\Roaming\Microsoft\Windows Photo Gallery
[19/02/2008|19:42] C:\Users\poste\AppData\Roaming\Microsoft\MSN Messenger
[27/01/2008|19:52] C:\Users\poste\AppData\Roaming\Microsoft\MMC
[20/12/2007|20:07] C:\Users\poste\AppData\Roaming\Microsoft\Speech
[12/12/2007|18:28] C:\Users\poste\AppData\Roaming\Microsoft\Internet Explorer
[11/12/2007|21:21] C:\Users\poste\AppData\Roaming\Microsoft\IdentityCRL
[03/12/2007|20:26] C:\Users\poste\AppData\Roaming\Microsoft\eHome
[02/12/2007|22:03] C:\Users\poste\AppData\Roaming\Microsoft\HTML Help
[26/11/2007|17:31] C:\Users\poste\AppData\Roaming\Microsoft\Crypto
[26/11/2007|17:27] C:\Users\poste\AppData\Roaming\Microsoft\Windows
[26/11/2007|17:26] C:\Users\poste\AppData\Roaming\Microsoft\SystemCertificates
[26/11/2007|17:26] C:\Users\poste\AppData\Roaming\Microsoft\Protect
[26/11/2007|17:26] C:\Users\poste\AppData\Roaming\Microsoft\Credentials
[14/05/2008|18:26] C:\Users\poste\AppData\Roaming\Mozilla\Firefox
[29/12/2007|15:27] C:\Users\poste\AppData\Roaming\Pro Cycling Manager 2007\Pro Cycling Manager 2007.log
[29/12/2007|15:27] C:\Users\poste\AppData\Roaming\Pro Cycling Manager 2007\RAD
[29/12/2007|15:27] C:\Users\poste\AppData\Roaming\Pro Cycling Manager 2007\Local.cdb
[29/12/2007|15:27] C:\Users\poste\AppData\Roaming\Pro Cycling Manager 2007\Local.cdb~
[29/12/2007|12:42] C:\Users\poste\AppData\Roaming\Pro Cycling Manager 2007\Temp
[29/12/2007|12:38] C:\Users\poste\AppData\Roaming\Pro Cycling Manager 2007\Cache
[29/12/2007|12:38] C:\Users\poste\AppData\Roaming\Pro Cycling Manager 2007\HDCacheConf.xml
[29/12/2007|12:38] C:\Users\poste\AppData\Roaming\Pro Cycling Manager 2007\Config
[28/09/2007|12:26] C:\Users\poste\AppData\Roaming\Pro Cycling Manager 2007\OriginalLocal.cdb
[13/12/2007|19:58] C:\Users\poste\AppData\Roaming\Real\RealMediaSDK
[02/12/2007|21:20] C:\Users\poste\AppData\Roaming\Real\RealPlayer
[27/11/2007|11:03] C:\Users\poste\AppData\Roaming\Real\Msg
[26/11/2007|19:22] C:\Users\poste\AppData\Roaming\Real\rnadmin
[12/03/2008|14:32] C:\Users\poste\AppData\Roaming\Skinux\BTSoftphone2
[02/12/2007|21:05] C:\Users\poste\AppData\Roaming\StarOffice8\user
[14/01/2008|00:05] C:\Users\poste\AppData\Roaming\STOIK\videopak2
[05/12/2007|16:27] C:\Users\poste\AppData\Roaming\Talkback\MozillaOrg
[15/05/2008|12:38] C:\Users\poste\AppData\Roaming\Winamp\studio.xnf
[15/05/2008|12:38] C:\Users\poste\AppData\Roaming\Winamp\winamp.ini
[15/05/2008|12:38] C:\Users\poste\AppData\Roaming\Winamp\winamp.m3u
[15/05/2008|12:38] C:\Users\poste\AppData\Roaming\Winamp\Winamp.m3u8
[21/04/2008|18:29] C:\Users\poste\AppData\Roaming\Winamp\Plugins
[21/04/2008|18:28] C:\Users\poste\AppData\Roaming\Winamp\Winamp.q1
[10/03/2008|22:14] C:\Users\poste\AppData\Roaming\Winamp\links.xml
[14/09/2005|21:17] C:\Users\poste\AppData\Roaming\Winamp\demo.mp3
----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------
[15/05/2008 19:25][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{6C8A7FFE-92B9-4DDD-8967-42E01E622EF6}.job
[15/05/2008 19:25][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{637E6FB4-FECE-4082-8361-AA5222AAA4FC}.job
[15/05/2008 19:25][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{90A6E74E-723E-4C11-9A91-66C3BECAF1DD}.job
[15/05/2008 19:30][--ah-----] C:\Windows\tasks\SA.DAT
[15/05/2008 19:29][--a------] C:\Windows\tasks\SCHEDLGU.TXT
------[ Listing des dossiers dans C:\ProgramData ]------
[10/02/2008|18:42] C:\ProgramData\Adobe
[18/02/2008|18:49] C:\ProgramData\Apple
[18/02/2008|18:53] C:\ProgramData\Apple Computer
[02/11/2006|15:02] C:\ProgramData\Application Data
[15/05/2008|19:32] C:\ProgramData\BM19994a25.txt
[15/05/2008|19:15] C:\ProgramData\BM19994a25.xml
[02/12/2007|12:48] C:\ProgramData\Brother
[02/03/2008|21:23] C:\ProgramData\BT
[26/11/2007|17:24] C:\ProgramData\Bureau
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[14/05/2008|18:26] C:\ProgramData\Drv Audio Dog About
[27/12/2007|19:35] C:\ProgramData\DVD Shrink
[09/03/2008|14:54] C:\ProgramData\eMule
[26/11/2007|17:24] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[25/12/2007|11:06] C:\ProgramData\FLEXnet
[05/12/2007|16:27] C:\ProgramData\Google
[14/05/2008|22:02] C:\ProgramData\Google Updater
[26/11/2007|17:24] C:\ProgramData\Menu D‚marrer
[02/12/2007|22:03] C:\ProgramData\Microsoft
[26/11/2007|17:24] C:\ProgramData\ModŠles
[05/12/2007|19:11] C:\ProgramData\Motive
[26/11/2007|19:21] C:\ProgramData\Mozilla
[26/12/2007|13:32] C:\ProgramData\ntuser.pol
[27/11/2007|11:03] C:\ProgramData\NVIDIA
[22/02/2008|17:25] C:\ProgramData\pixelStorm
[15/05/2008|19:31] C:\ProgramData\pskt.ini
[02/11/2006|15:02] C:\ProgramData\Start Menu
[02/11/2006|15:02] C:\ProgramData\Templates
[28/04/2008|11:36] C:\ProgramData\TrackMania
[15/05/2008|19:22] C:\ProgramData\ViewDashDash.0gy322w
[14/05/2008|21:22] C:\ProgramData\ViewDashDash.1mtnw
[14/05/2008|21:00] C:\ProgramData\ViewDashDash.38fpqx0
[14/05/2008|22:50] C:\ProgramData\ViewDashDash.3drmqs
[14/05/2008|18:26] C:\ProgramData\ViewDashDash.3vtln
[14/05/2008|18:26] C:\ProgramData\ViewDashDash.6utu6dm
[15/05/2008|14:23] C:\ProgramData\ViewDashDash.91mwx
[14/05/2008|20:38] C:\ProgramData\ViewDashDash.9sdc4
[14/05/2008|19:32] C:\ProgramData\ViewDashDash.ahujs
[14/05/2008|22:28] C:\ProgramData\ViewDashDash.ai7ei9
[14/05/2008|20:16] C:\ProgramData\ViewDashDash.bykg9
[15/05/2008|14:45] C:\ProgramData\ViewDashDash.flgm0
[15/05/2008|18:38] C:\ProgramData\ViewDashDash.hyt0y
[15/05/2008|17:33] C:\ProgramData\ViewDashDash.jc05rto
[15/05/2008|15:50] C:\ProgramData\ViewDashDash.k029cr
[15/05/2008|17:54] C:\ProgramData\ViewDashDash.k79e52i
[15/05/2008|18:16] C:\ProgramData\ViewDashDash.kxn6x
[15/05/2008|14:01] C:\ProgramData\ViewDashDash.lvd39j7
[14/05/2008|19:10] C:\ProgramData\ViewDashDash.mimn9dh
[14/05/2008|22:06] C:\ProgramData\ViewDashDash.ouqjiit
[15/05/2008|12:53] C:\ProgramData\ViewDashDash.rtc5y4i
[14/05/2008|21:44] C:\ProgramData\ViewDashDash.te0gpsp
[15/05/2008|13:23] C:\ProgramData\ViewDashDash.tiq2y
[14/05/2008|18:48] C:\ProgramData\ViewDashDash.vfc18
[15/05/2008|15:07] C:\ProgramData\ViewDashDash.vzfxux
[15/05/2008|19:00] C:\ProgramData\ViewDashDash.wd2za4
[14/05/2008|19:54] C:\ProgramData\ViewDashDash.wmwlw
[15/05/2008|15:28] C:\ProgramData\ViewDashDash.xwyp3z
[14/05/2008|23:12] C:\ProgramData\ViewDashDash.ygtru4g
[15/05/2008|17:11] C:\ProgramData\ViewDashDash.ypkjq
[21/03/2008|19:39] C:\ProgramData\WLInstaller
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[09/02/2008|12:50] C:\Program Files\.gimp-2.4
[24/12/2007|22:53] C:\Program Files\accessoires
[10/02/2008|18:42] C:\Program Files\Adobe
[05/12/2007|19:43] C:\Program Files\Alwil Software
[26/11/2007|17:46] C:\Program Files\Analog Devices
[09/02/2008|12:10] C:\Program Files\AnimGif
[20/02/2008|18:35] C:\Program Files\Ankama
[18/02/2008|18:50] C:\Program Files\Apple Software Update
[21/04/2008|21:17] C:\Program Files\Audacity
[14/05/2008|22:12] C:\Program Files\avisplit
[14/01/2008|19:41] C:\Program Files\AviSynth 2.5
[12/02/2008|18:38] C:\Program Files\BitTorrent
[18/02/2008|18:52] C:\Program Files\Bonjour
[02/12/2007|16:25] C:\Program Files\Brother
[02/03/2008|21:23] C:\Program Files\BT Softphone 2
[26/02/2008|22:14] C:\Program Files\Club-Internet
[18/02/2008|18:49] C:\Program Files\Common Files
[16/03/2008|21:17] C:\Program Files\Counter-Strike 1.6
[05/03/2008|14:06] C:\Program Files\Counter-Strike Source
[28/12/2007|19:34] C:\Program Files\Cyanide
[26/11/2007|19:09] C:\Program Files\desktop.ini
[09/03/2008|14:33] C:\Program Files\DivX
[12/02/2008|18:33] C:\Program Files\DNA
[20/04/2008|16:48] C:\Program Files\Dofus
[27/12/2007|19:13] C:\Program Files\DVD Shrink
[09/03/2008|14:53] C:\Program Files\eMule
[26/11/2007|17:24] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[09/02/2008|12:42] C:\Program Files\Gimp Pack Mode
[14/05/2008|18:26] C:\Program Files\globalheartbits
[26/11/2007|19:22] C:\Program Files\Google
[23/01/2008|16:12] C:\Program Files\Gpotato.eu
[14/01/2008|00:04] C:\Program Files\InstallShield Installation Information
[21/12/2007|09:31] C:\Program Files\Internet
[10/04/2008|13:41] C:\Program Files\Internet Explorer
[18/02/2008|18:54] C:\Program Files\iPod
[18/02/2008|18:54] C:\Program Files\iTunes
[17/03/2008|19:08] C:\Program Files\Java
[19/12/2007|23:13] C:\Program Files\Jeux
[05/02/2008|19:00] C:\Program Files\Kimbo
[05/02/2008|19:02] C:\Program Files\kimbo2
[11/01/2008|19:21] C:\Program Files\LimeWire
[15/05/2008|13:06] C:\Program Files\Mozilla Firefox
[02/11/2006|14:37] C:\Program Files\MSBuild
[02/11/2006|14:37] C:\Program Files\MSN
[29/12/2007|19:27] C:\Program Files\Nevada Tan Player
[23/04/2008|16:44] C:\Program Files\NuonSoft
[05/02/2008|19:03] C:\Program Files\Ogrest
[11/04/2008|17:29] C:\Program Files\Picasa2
[25/12/2007|22:13] C:\Program Files\pspvideo9
[18/02/2008|18:52] C:\Program Files\QuickTime
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[14/01/2008|19:43] C:\Program Files\Ripp-it_AM
[23/01/2008|18:43] C:\Program Files\Riva
[22/01/2008|20:01] C:\Program Files\SEUCDaS
[07/04/2008|18:23] C:\Program Files\SmartVD 3.3.0
[07/01/2008|19:12] C:\Program Files\Sony
[20/04/2008|16:55] C:\Program Files\SpacialAudio
[14/01/2008|00:04] C:\Program Files\STOIK Imaging
[26/11/2007|19:26] C:\Program Files\Sun
[21/04/2008|11:23] C:\Program Files\TmNationsForever
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[14/01/2008|18:40] C:\Program Files\VirtualDubMOD
[20/04/2008|16:54] C:\Program Files\wamp
[21/04/2008|18:28] C:\Program Files\Winamp
[26/11/2007|19:06] C:\Program Files\Windows Calendar
[02/11/2006|14:42] C:\Program Files\Windows Collaboration
[26/11/2007|19:06] C:\Program Files\Windows Defender
[02/11/2006|14:42] C:\Program Files\Windows Journal
[21/12/2007|18:26] C:\Program Files\Windows Live
[10/04/2008|13:41] C:\Program Files\Windows Mail
[26/11/2007|19:06] C:\Program Files\Windows Media Player
[26/11/2007|17:24] C:\Program Files\Windows NT
[02/11/2006|14:42] C:\Program Files\Windows Photo Gallery
[18/02/2008|14:18] C:\Program Files\Windows Sidebar
[20/04/2008|16:46] C:\Program Files\WinRAR
[14/05/2008|13:38] C:\Program Files\winvi
[19/04/2008|19:01] C:\Program Files\World of Warcraft
------[ Listing des dossiers dans C:\Program Files\Common Files ]------
[10/02/2008|18:42] C:\Program Files\Common Files\Adobe
[18/02/2008|18:49] C:\Program Files\Common Files\Apple
[06/12/2007|18:43] C:\Program Files\Common Files\Blizzard Entertainment
[24/01/2008|17:03] C:\Program Files\Common Files\INCA Shared
[14/01/2008|00:03] C:\Program Files\Common Files\InstallShield
[12/12/2007|16:10] C:\Program Files\Common Files\Internet Explorer
[26/11/2007|19:26] C:\Program Files\Common Files\Java
[25/12/2007|10:40] C:\Program Files\Common Files\Macrovision Shared
[28/12/2007|19:36] C:\Program Files\Common Files\microsoft shared
[26/11/2007|19:22] C:\Program Files\Common Files\Real
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[23/01/2008|18:43] C:\Program Files\Common Files\SWF Studio
[26/11/2007|19:06] C:\Program Files\Common Files\System
[11/12/2007|21:20] C:\Program Files\Common Files\WindowsLiveInstaller
[26/11/2007|19:22] C:\Program Files\Common Files\xing shared
---------------------------[ Process ]--------------------------
... 71
iexplore.exe ~ [1884]
iexplore.exe ~ [1848]
----------------------[ Recherche avec S_Lop ]---------------------
C:\Program Files\GLOBAL~1
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
Aucun fichier / dossier Lop trouvé !
----------------------[ Verification du Registre ]----------------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Iso keep store]
"DisplayName"="CiD Help"
"UninstallString"="C:\\PROGRA~2\\GLOBAL~1\\Bias Roam.exe -uninstall"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 19:34:16
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
C:\Windows\System32\wbem\Performance\WmiApRpl_new.h 3766 bytes
scan completed successfully
hidden processes: 0
hidden files: 1
--------------------[ Recherche d'autres infections ]---------------------
C:\Windows\system32\BLoWDcfe.ini2
C:\Windows\system32\CbHjQqss.ini2
! VUNDO Possible !
=> C:\Users\poste\AppData\Roaming\Microsoft\Windows\Recent\Pirater,Hacker,Cracker,Trouver Un Mot De Passe Prizee Allopass Astuce Pr Gagner Des Kamas Sur Dofus.lnk
=> C:\Users\poste\AppData\Roaming\Microsoft\Windows\Recent\SAM.Broadcaster.v4.2.2.Incl.Crack-TSRH.rar.lnk
=> C:\Users\poste\AppData\Roaming\Microsoft\Windows\Recent\[0] Comment Cracker Un Compte Dofus!! Gratuit, Rapide Et Simple.lnk
=> C:\ProgramData\Adobe\Photoshop Elements\6.0\Locale\fr_FR\Photo Creations Metadata\backgrounds\Cracked Paint.xml
=> C:\ProgramData\Adobe\Photoshop Elements\6.0\Photo Creations\backgrounds\Cracked Paint.jpg
/!\ [Fich:53][Doss:4] C:\Users\poste\AppData\Local\Temp
/!\ [Fich:90][Doss:1] C:\Users\poste\AppData\Roamin | | |
