Sujet Précédent Sujet Suivant

Problèmes persistants

Résolu/Fermé
the-real-abcisse Messages postés 31 Date d'inscription mardi 12 août 2008 Statut Membre Dernière intervention 11 mai 2009 - 12 août 2008 à 19:57
the-real-abcisse Messages postés 31 Date d'inscription mardi 12 août 2008 Statut Membre Dernière intervention 11 mai 2009 - 18 août 2008 à 19:38
Bonjour,
j'avais plusieurs problèmes avec mon ordinateur et j'avais décidé de m'en débarrasser en le formatant. j'ai conserver ce que je trouvait important sur mon disque dur externe... mais voilà que les problèmes sont revenus

au début tout allait très bien mis à part des page internet de CID qui s'ouvrait toutes seules. ensuite, ça c'est mis à empirer. XP antivirus s'était installé tout seul à partir d'une page internet qui s'était ouverte également seule alors que personne ne surveillait l'ordinateur, mais je l'ai suprimer... je ne serais vraiment pas surpris que le problème vienne des fichiers à mon frère que nous avons conserver... nous avons McAffe site advisor et nous somme plutôt prudent et nous avons également registry mechanic, ainsi que nod 32, bien que celui-si est périmé... et qu'on ne réussit pas à changer cela... je ne vois pas trop comment l'ordinateur pourait être infecté si ce n'est à cause de quelque chose que mon frère n'aurait pas du conserver...

j'espère que vous pourez m'aider, j'envoie un scan fait par HijackThis puisque j'ai souvent vu que c'était demandé :

Logfile of HijackThis v1.99.1
Scan saved at 13:44:56, on 2008-08-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0007)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Parkour\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [lphcnjlj0e78n] C:\WINDOWS\system32\lphcnjlj0e78n.exe
O4 - HKLM\..\Run: [2c73a985] rundll32.exe "C:\WINDOWS\system32\hfmsqtft.dll",b
O4 - HKLM\..\Run: [SMrhcjjlj0e78n] C:\Program Files\rhcjjlj0e78n\rhcjjlj0e78n.exe
O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\htm surf.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [plan acid] C:\DOCUME~1\Parkour\APPLIC~1\PLATFO~1\Filmmoretest.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1215571495059&h=3d225501e6ee214487604a2c6a3e99d9/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

26 réponses

  • 1
  • 2
Réponse 1 / 26
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 291
12 août 2008 à 20:01
Salut,

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt
0
Réponse 2 / 26
Zangetsu Messages postés 1002 Date d'inscription dimanche 9 septembre 2007 Statut Membre Dernière intervention 5 février 2015 86
12 août 2008 à 20:54
Destrio : Dommage, tu aurais dû lui demander de faire un log hijackthis en mode sans échec en même temps. Parce qu'il devra le faire de toute facon.
0
Réponse 3 / 26
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 291
12 août 2008 à 21:10
Qu'est-ce tu racontes ???
0
Réponse 4 / 26
Zangetsu Messages postés 1002 Date d'inscription dimanche 9 septembre 2007 Statut Membre Dernière intervention 5 février 2015 86
12 août 2008 à 22:45
Non rien je me suis gourer avec autre chose. Sorry sorry.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 26
the-real-abcisse Messages postés 31 Date d'inscription mardi 12 août 2008 Statut Membre Dernière intervention 11 mai 2009 1
13 août 2008 à 01:44
quand je tentais d'installer ComboFix.exe, une erreur se produisait et ça ne marchait pas, j'ai donc opter pour la solution de Mido2 dont on ne voit pas les réponses sur cette page, je ne sais pourquoi...
0
Réponse 6 / 26
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 291
13 août 2008 à 01:45
Quelle erreur ?
0
Réponse 7 / 26
the-real-abcisse Messages postés 31 Date d'inscription mardi 12 août 2008 Statut Membre Dernière intervention 11 mai 2009 1
13 août 2008 à 01:51
à la toute fin, ça disait que je ne pouvait pas renommer (le nom fufichier + d'autre chose) pour la même chose (le nom fufichier + d'autre chose) mais avec ça : [1] inclu à la fin du nom :? ça disait que je devais réessayer
0
Réponse 8 / 26
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 291
13 août 2008 à 01:56
Redémarre, télécharge ComboFix et relance-le.
0
Réponse 9 / 26
the-real-abcisse Messages postés 31 Date d'inscription mardi 12 août 2008 Statut Membre Dernière intervention 11 mai 2009 1
13 août 2008 à 02:04
dès demain... là je vais manger et après, c'est ma soeur qui va prendre l'ordi :( ...
0
Réponse 10 / 26
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 291
13 août 2008 à 02:06
Ok.
0
Réponse 11 / 26
the-real-abcisse Messages postés 31 Date d'inscription mardi 12 août 2008 Statut Membre Dernière intervention 11 mai 2009 1
14 août 2008 à 10:21
voilà le rapport :

ComboFix 08-08-13.02 - Parkour 2008-08-14 4:08:18.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.567 [GMT -4:00]
Endroit: C:\Documents and Settings\Parkour\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active


[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\Parkour\Application Data\rhcjjlj0e78n
C:\WINDOWS\BM2f409a19.txt
C:\WINDOWS\BM2f409a19.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\2.tmp
C:\WINDOWS\system32\acmxqxgs.dll
C:\WINDOWS\system32\aqiiqeyt.dll
C:\WINDOWS\system32\ategwpnl.dll
C:\WINDOWS\system32\awtQgfDv.dll
C:\WINDOWS\system32\awtsPJBS.dll
C:\WINDOWS\system32\biktjtwh.dll
C:\WINDOWS\system32\blphcnjlj0e78n.scr
C:\WINDOWS\system32\cvdibmur.dll
C:\WINDOWS\system32\cxltbkly.dll
C:\WINDOWS\system32\ddcCVLdE.dll
C:\WINDOWS\system32\dnmbhe.dll
C:\WINDOWS\system32\fopuxlms.ini
C:\WINDOWS\system32\geBtQhEV.dll
C:\WINDOWS\system32\guglqb.dll
C:\WINDOWS\system32\haicjhru.dll
C:\WINDOWS\system32\jumfalmx.ini
C:\WINDOWS\system32\kfeveids.dll
C:\WINDOWS\system32\lphcnjlj0e78n.exe
C:\WINDOWS\system32\lqfsiicj.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nwsitofo.dll
C:\WINDOWS\system32\onndjyfa.ini
C:\WINDOWS\system32\pphcnjlj0e78n.exe
C:\WINDOWS\system32\qltulgws.dll
C:\WINDOWS\system32\qqzgmx.dll
C:\WINDOWS\system32\rrcrmb.dll
C:\WINDOWS\system32\siaxrxex.dll
C:\WINDOWS\system32\skwylxfw.ini
C:\WINDOWS\system32\smlxupof.dll
C:\WINDOWS\system32\ssqOgebc.dll
C:\WINDOWS\system32\sysrest32.exe
C:\WINDOWS\system32\tftqsmfh.ini
C:\WINDOWS\system32\tvoaywmf.dll
C:\WINDOWS\system32\vDfgQtwa.ini
C:\WINDOWS\system32\vDfgQtwa.ini2
C:\WINDOWS\system32\vuwcewuj.dll
C:\WINDOWS\system32\wfxlywks.dll
C:\WINDOWS\system32\wsxblp.dll
C:\WINDOWS\system32\wxufxdvs.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-14 to 2008-08-14 ))))))))))))))))))))))))))))))))))))
.

2008-08-14 00:47 . 2008-08-14 04:14 109,150 --a------ C:\WINDOWS\system32\drivers\27730c3d.sys
2008-08-13 22:12 . 2008-08-13 22:12 2,048 --a------ C:\WINDOWS\system32\vyvaymam.exe
2008-08-12 21:58 . 2008-08-12 21:58 2,048 --a------ C:\WINDOWS\system32\ikqyrfda.exe
2008-08-12 19:28 . 2008-08-12 19:35 <REP> d-------- C:\Program Files\Lopxp
2008-08-12 19:27 . 2008-08-12 19:27 <REP> d-------- C:\Program Files\Trend Micro
2008-08-12 10:32 . 2008-08-12 10:32 <REP> d-------- C:\Program Files\PLATFORM REMOTE
2008-08-11 22:19 . 2008-08-12 11:16 94,208 --a------ C:\WINDOWS\system32\23.tmp
2008-08-11 21:57 . 2008-08-11 21:57 2,048 --a------ C:\WINDOWS\system32\wdfjvwig.exe
2008-08-10 21:56 . 2008-08-10 21:56 2,048 --a------ C:\WINDOWS\system32\alnpbbrf.exe
2008-08-10 18:14 . 2008-08-11 22:28 325 --a------ C:\WINDOWS\wininit.ini
2008-08-10 15:53 . 2008-08-10 15:53 90,112 --------- C:\WINDOWS\system32\btkedqwy.dll_old
2008-08-10 03:05 . 2008-08-10 23:07 <REP> d-------- C:\Program Files\MagicISO
2008-08-10 02:37 . 2008-08-10 02:37 <REP> d-------- C:\Documents and Settings\Parkour\Application Data\DAEMON Tools Pro
2008-08-10 02:37 . 2008-08-10 02:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-08-10 02:34 . 2008-08-10 02:39 <REP> d-------- C:\Program Files\DAEMON Tools Pro
2008-08-10 02:32 . 2008-08-10 02:32 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-08-09 00:01 . 2008-08-09 00:01 <REP> d-------- C:\Documents and Settings\Parkour\Application Data\InstallShield
2008-08-08 23:56 . 2008-08-08 23:56 <REP> d-------- C:\Program Files\Fichiers communs\InterVideo
2008-08-08 23:56 . 2008-08-08 23:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InterVideo
2008-08-08 23:56 . 2007-03-06 11:58 210,456 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-08-08 23:56 . 2007-03-06 11:58 206,360 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-08-08 23:56 . 2007-03-06 11:58 198,168 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-08-08 23:56 . 2007-03-06 11:58 198,168 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-08-08 23:56 . 2007-03-06 11:58 194,072 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-08-08 23:56 . 2007-03-06 11:58 26,136 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-08-08 11:53 . 2008-08-08 11:53 244 --ah----- C:\sqmnoopt15.sqm
2008-08-08 11:53 . 2008-08-08 11:53 232 --ah----- C:\sqmdata15.sqm
2008-08-08 10:11 . 2008-08-08 10:11 244 --ah----- C:\sqmnoopt14.sqm
2008-08-08 10:11 . 2008-08-08 10:11 232 --ah----- C:\sqmdata14.sqm
2008-08-06 21:09 . 2008-08-06 21:09 <REP> d-------- C:\Documents and Settings\Parkour\Application Data\fltk.org
2008-08-06 20:02 . 2008-08-09 14:42 1,204 --a------ C:\WINDOWS\system32\LexFiles.usr
2008-08-06 20:02 . 2008-08-06 20:02 709 --a------ C:\WINDOWS\LMAAX2DD.ini
2008-08-06 20:01 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-08-06 20:01 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-08-06 15:47 . 2008-08-06 15:47 <REP> d-------- C:\Program Files\ImTOO
2008-08-06 15:20 . 2008-08-07 11:29 <REP> d-------- C:\Program Files\iTunes
2008-08-06 15:20 . 2008-08-06 15:20 <REP> d-------- C:\Program Files\iPod
2008-08-06 15:20 . 2008-08-14 03:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-06 15:20 . 2008-08-06 15:20 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-04 23:01 . 2008-08-04 23:01 <REP> d-------- C:\Documents and Settings\Parkour\Application Data\Media Player Classic
2008-08-04 18:31 . 2008-08-04 18:31 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-08-04 18:31 . 2004-10-14 08:33 2,024,448 --a------ C:\WINDOWS\system32\divx.dll
2008-08-01 13:29 . 2004-08-03 23:10 49,024 --a------ C:\WINDOWS\system32\drivers\mstape.sys
2008-08-01 13:29 . 2004-08-03 23:10 49,024 --a--c--- C:\WINDOWS\system32\dllcache\mstape.sys
2008-08-01 13:29 . 2004-08-03 23:10 13,696 --a------ C:\WINDOWS\system32\drivers\avcstrm.sys
2008-08-01 13:29 . 2004-08-03 23:10 13,696 --a--c--- C:\WINDOWS\system32\dllcache\avcstrm.sys
2008-07-26 16:21 . 2008-07-26 16:21 <REP> d-------- C:\Program Files\Best MIDI to MP3
2008-07-26 16:21 . 2008-07-26 16:21 452,166 --a------ C:\mmm.wav
2008-07-24 21:25 . 2008-07-24 21:25 244 --ah----- C:\sqmnoopt13.sqm
2008-07-24 21:25 . 2008-07-24 21:25 232 --ah----- C:\sqmdata13.sqm
2008-07-24 21:24 . 2008-07-24 21:24 268 --ah----- C:\sqmdata12.sqm
2008-07-24 21:24 . 2008-07-24 21:24 268 --ah----- C:\sqmdata11.sqm
2008-07-24 21:24 . 2008-07-24 21:24 244 --ah----- C:\sqmnoopt12.sqm
2008-07-24 21:24 . 2008-07-24 21:24 244 --ah----- C:\sqmnoopt11.sqm
2008-07-24 12:19 . 2008-07-24 12:19 268 --ah----- C:\sqmdata10.sqm
2008-07-24 12:19 . 2008-07-24 12:19 244 --ah----- C:\sqmnoopt10.sqm
2008-07-23 11:54 . 2008-07-23 11:54 244 --ah----- C:\sqmnoopt09.sqm
2008-07-23 11:54 . 2008-07-23 11:54 244 --ah----- C:\sqmnoopt08.sqm
2008-07-23 11:54 . 2008-07-23 11:54 232 --ah----- C:\sqmdata09.sqm
2008-07-23 11:54 . 2008-07-23 11:54 232 --ah----- C:\sqmdata08.sqm
2008-07-23 08:44 . 2008-07-23 08:44 244 --ah----- C:\sqmnoopt07.sqm
2008-07-23 08:44 . 2008-07-23 08:44 232 --ah----- C:\sqmdata07.sqm
2008-07-22 15:21 . 2008-07-22 15:21 244 --ah----- C:\sqmnoopt06.sqm
2008-07-22 15:21 . 2008-07-22 15:21 232 --ah----- C:\sqmdata06.sqm
2008-07-22 11:44 . 2008-07-22 11:44 244 --ah----- C:\sqmnoopt05.sqm
2008-07-22 11:44 . 2008-07-22 11:44 232 --ah----- C:\sqmdata05.sqm
2008-07-17 13:29 . 2008-07-17 13:30 <REP> d-------- C:\Program Files\Shareaza
2008-07-17 13:29 . 2008-07-17 13:29 <REP> d-------- C:\Documents and Settings\Parkour\Application Data\Shareaza
2008-07-14 20:08 . 2008-07-14 20:08 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-07-14 20:07 . 2008-07-15 12:54 <REP> d-------- C:\Program Files\NOS
2008-07-14 20:07 . 2008-07-15 12:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 14:34 --------- d-----w C:\Documents and Settings\Parkour\Application Data\PLATFORM REMOTE
2008-08-12 14:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\third lies itch ford
2008-08-12 02:38 --------- d-----w C:\Documents and Settings\Parkour\Application Data\uTorrent
2008-08-12 02:25 --------- d-----w C:\Program Files\Unlocker
2008-08-10 23:39 --------- d-----w C:\Documents and Settings\Parkour\Application Data\LimeWire
2008-08-09 04:19 --------- d-----w C:\Documents and Settings\Parkour\Application Data\Ulead Systems
2008-08-09 03:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-09 03:55 --------- d-----w C:\Program Files\Ulead Systems
2008-08-09 03:55 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
2008-08-09 03:55 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-08-07 16:53 --------- d-----w C:\Program Files\Google
2008-08-06 19:15 --------- d-----w C:\Program Files\Apple Software Update
2008-08-05 20:23 --------- d-----w C:\Documents and Settings\Parkour\Application Data\SiteAdvisor
2008-07-30 15:06 23 ----a-w C:\Documents and Settings\Parkour\jagex_runescape_preferences.dat
2008-07-28 05:55 --------- d-----w C:\Documents and Settings\Parkour\Application Data\Apple Computer
2008-07-24 01:11 --------- d-----w C:\Program Files\ESET
2008-07-14 03:11 --------- d-----w C:\Program Files\Stellar Phoenix Windows Data Recovery
2008-07-13 18:21 --------- d-----w C:\Program Files\CrossLoop
2008-07-13 02:28 --------- d-----w C:\Program Files\PC Inspector File Recovery
2008-07-13 02:14 4,924,063 ----a-w C:\Program Files\pc-inspector_pc_inspector_4.0_francais_11048.rar
2008-07-12 01:58 6,113,439 ----a-w C:\Program Files\pc-inspector_pc_inspector_4.0_francais_11048.exe
2008-07-11 18:20 --------- d-----w C:\Program Files\Cheat Engine
2008-07-11 17:28 4,046,155 ----a-w C:\Program Files\CheatEngine53.exe
2008-07-10 01:42 1,495,112 ----a-w C:\Program Files\install_flash_player.exe
2008-07-10 01:05 --------- d-----w C:\Program Files\Guitar Pro 5
2008-07-10 01:04 --------- d-----w C:\Program Files\QuickTime
2008-07-10 01:04 --------- d-----w C:\Program Files\Bonjour
2008-07-10 01:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-10 01:03 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-07-10 01:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-07-09 06:41 --------- d-----w C:\Program Files\PowerISO
2008-07-09 05:59 --------- d-----w C:\Program Files\uTorrent
2008-07-09 05:04 --------- d-----w C:\Documents and Settings\Parkour\Application Data\Sony Corporation
2008-07-09 04:58 --------- d-----w C:\Program Files\Sony
2008-07-09 04:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-07-09 03:51 --------- d-----w C:\Program Files\Microsoft LifeCam
2008-07-09 03:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-07-09 03:19 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-07-09 03:19 --------- d-----w C:\Program Files\Circle Developement
2008-07-09 02:44 --------- d-----w C:\Program Files\Java
2008-07-09 02:43 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-07-09 01:42 --------- d-----w C:\Program Files\Safari
2008-07-09 01:42 --------- d-----w C:\Program Files\GP5
2008-07-09 01:41 --------- d-----w C:\Program Files\DVDVideoSoft
2008-07-09 01:41 --------- d-----w C:\Program Files\Audacity
2008-07-08 16:06 --------- d-----w C:\Program Files\ImpôtRapide
2008-07-08 16:03 --------- d-----w C:\Program Files\LimeWire
2008-07-08 16:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-07-08 15:44 --------- d-----w C:\Program Files\Sony Setup
2008-07-08 15:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-07-08 15:34 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-08 15:11 --------- d-----w C:\Program Files\Fichiers communs\SONY Digital Images
2008-07-08 15:09 --------- d-----w C:\Program Files\SmartSound Software
2008-07-08 15:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-07-08 15:08 --------- d-----w C:\Program Files\Windows Media Components
2008-07-08 15:05 --------- d-----w C:\Program Files\D-Tools
2008-07-08 13:15 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-08 04:57 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-08 04:02 --------- d-----w C:\Program Files\SiteAdvisor
2008-07-08 04:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Acronis
2008-07-08 04:01 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-07-08 04:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-07-08 04:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-08 03:38 --------- d-----w C:\Program Files\Windows Live
2008-07-08 03:26 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-08 03:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-08 03:13 4,780,368 ----a-w C:\Program Files\MsgPlusLive-460.exe
2008-07-08 03:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-08 03:08 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-08 03:05 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-07-08 02:39 99,776 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2008-07-08 02:39 388,000 ----a-w C:\WINDOWS\system32\drivers\timntr.sys
2008-07-08 02:39 32,288 ----a-w C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-07-08 02:39 --------- d-----w C:\Program Files\Fichiers communs\Acronis
2008-07-08 02:39 --------- d-----w C:\Program Files\Acronis
2008-07-08 02:31 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-07-08 02:31 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-07-08 02:31 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2008-07-08 02:24 --------- d-----w C:\Program Files\Webroot
2008-07-08 02:24 --------- d-----w C:\Program Files\Fichiers communs\Webroot Shared
2008-07-08 02:24 --------- d-----w C:\Documents and Settings\Parkour\Application Data\Webroot
2008-07-08 02:21 --------- d-----w C:\Documents and Settings\Parkour\Application Data\Nero
2008-07-08 02:20 --------- d-----w C:\Program Files\Fichiers communs\Nero
2008-07-08 02:19 --------- d-----w C:\Program Files\Nero
2008-07-08 02:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-07-08 01:56 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-08 01:44 --------- d-----w C:\Program Files\Lexmark_HostCD
2008-07-08 01:44 --------- d-----w C:\Program Files\Lexmark
2008-07-08 01:38 --------- d-----w C:\Program Files\Sigmatel
2008-07-08 01:38 --------- d-----w C:\Program Files\Realtek
2008-07-08 01:28 --------- d-----w C:\Program Files\Intel
2008-07-08 01:02 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-08 01:01 --------- d-----w C:\Program Files\Services en ligne
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-08 22:46 171448]
"plan acid"="C:\DOCUME~1\Parkour\APPLIC~1\PLATFO~1\Filmmoretest.exe" [2008-08-12 10:32 496128]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-06-22 08:45 133576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-12 00:43 7630848]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-12 00:43 86016]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-07-07 22:31 949376]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [2006-07-06 13:52 1126497]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe" [2006-07-06 13:55 1868040]
"Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2006-07-05 20:40 126976]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2006-10-02 15:09 35928]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-06-16 04:52 167936]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 13:55 341232]
"Itch ford four knob"="C:\Documents and Settings\All Users\Application Data\third lies itch ford\htm surf.exe" [2008-08-14 04:15 2496512]
"nwiz"="nwiz.exe" [2006-08-12 00:43 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.VP31"= vp31vfw.dll
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LMabcoms.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-08-14 C:\WINDOWS\Tasks\AB01852F918A3B37.job
- c:\docume~1\parkour\applic~1\platfo~1\Mix Bib Bolt.exe [2008-08-12 10:34]

2008-08-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{5A9D4ED1-8A36-49C1-AC3B-86076BD6DDB8} - C:\Documents and Settings\Parkour\Local Settings\Temporary Internet Files\Content.IE5\OV2A2796\3077htsbdjyf[1].dll
HKLM-Run-lphcnjlj0e78n - C:\WINDOWS\system32\lphcnjlj0e78n.exe
HKLM-Run-SMrhcjjlj0e78n - C:\Program Files\rhcjjlj0e78n\rhcjjlj0e78n.exe
HKLM-Run-sysrest32.exe - C:\WINDOWS\system32\sysrest32.exe
HKLM-Run-2c73a985 - C:\WINDOWS\system32\smlxupof.dll
HKLM-Run-BM2f409a19 - C:\WINDOWS\system32\lqfsiicj.dll
HKLM-Run-SigmatelSysTrayApp - sttray.exe
HKLM-Run-RegistryMechanic - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.ca/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-14 04:13:58
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\27730c3d]
"ImagePath"="\SystemRoot\System32\drivers\27730c3d.sys"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\Crypserv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-14 4:17:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-14 08:17:31

Pre-Run: 4,326,277,120 octets libres
Post-Run: 4,650,131,456 octets libres

351 --- E O F --- 2008-07-25 16:56:46
0
Réponse 12 / 26
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 291
14 août 2008 à 16:19
- Télécharge et installe MalwareByte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

- Mets-le à jour

- Redémarre en mode sans échec (Recommandé) :
https://www.malekal.com/demarrer-windows-mode-sans-echec/

- Choisis ta session habituelle

- Fais un scan complet avec MalwareByte's Anti-Malware

- Supprime tout ce que le logiciel trouve, enregistre le rapport

- Redémarre en mode normal et poste le rapport ici

Tutorial :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
0
Réponse 13 / 26
the-real-abcisse Messages postés 31 Date d'inscription mardi 12 août 2008 Statut Membre Dernière intervention 11 mai 2009 1
18 août 2008 à 07:06
désolé si j'ai été long à répondre, mais mon ordinateur ne voulait même plus s'ouvrir, mais j'ai finalement réussi... j'ai fait ce que tu as demandé, mais je crois qu'il reste encore des indésirable sur mon ordi, puisqu'il y a toujours des pages internet qui s'ouvre toute seule... je dit ça comme ça... bon voilà le rapport :

Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1062
Windows 5.1.2600 Service Pack 2

00:53:48 2008-08-18
mbam-log-08-18-2008 (00-53-48).txt

Type de recherche: Examen complet (C:\|F:\|)
Eléments examinés: 117290
Temps écoulé: 3 hour(s), 1 minute(s), 57 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 64

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcjjlj0e78n (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcjjlj0e78n (Rogue.Multiple) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\WINDOWS\system32\acmxqxgs.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\aqiiqeyt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ategwpnl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\awtQgfDv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\awtsPJBS.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\biktjtwh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\cvdibmur.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\cxltbkly.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcCVLdE.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\dnmbhe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\geBtQhEV.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\guglqb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\haicjhru.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\kfeveids.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\lqfsiicj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\nwsitofo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\qltulgws.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\qqzgmx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\rrcrmb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\siaxrxex.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\smlxupof.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqOgebc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\tvoaywmf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vuwcewuj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\wfxlywks.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\wsxblp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\wxufxdvs.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C6839F27-3BBE-4702-97ED-269971EE5BB9}\RP1\A0000016.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C6839F27-3BBE-4702-97ED-269971EE5BB9}\RP1\A0000029.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C6839F27-3BBE-4702-97ED-269971EE5BB9}\RP2\A0003045.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C6839F27-3BBE-4702-97ED-269971EE5BB9}\RP2\A0004091.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C6839F27-3BBE-4702-97ED-269971EE5BB9}\RP3\A0004116.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C6839F27-3BBE-4702-97ED-269971EE5BB9}\RP3\A0004117.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C6839F27-3BBE-4702-97ED-269971EE5BB9}\RP3\A0004118.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C6839F27-3BBE-4702-97ED-269971EE5BB9}\RP3\A0004119.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C6839F27-3BBE-4702-97ED-269971EE5BB9}\RP3\A0004120.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C6839F27-3BBE-4702-97ED-269971EE5BB9}\RP3\A0004121.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C6839F27-3BBE-4702-97ED-269971EE5BB9}\RP3\A0004122.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C6839F27-3BBE-4702-97ED-269971EE5BB9}\RP3\A0004123.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C6839F27-3BBE-4702-97ED-269971EE5BB9}\RP3\A0004124.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C6839F27-3BBE-4702-97ED-269971EE5BB9}\RP3\A0004125.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C6839F27-3BBE-4702-97ED-269971EE5BB9}\RP3\A0004126.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C6839F27-3BBE-4702-97ED-269971EE5BB9}\RP3\A0004127.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C6839F27-3BBE-4702-97ED-269971EE5BB9}\RP3\A0004128.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C6839F27-3BBE-4702-97ED-269971EE5BB9}\RP3\A0004129.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C6839F27-3BBE-4702-97ED-269971EE5BB9}\RP3\A0004130.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C6839F27-3BBE-4702-97ED-269971EE5BB9}\RP3\A0004131.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C6839F27-3BBE-4702-97ED-269971EE5BB9}\RP3\A0004132.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C6839F27-3BBE-4702-97ED-269971EE5BB9}\RP3\A0004133.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C6839F27-3BBE-4702-97ED-269971EE5BB9}\RP3\A0004134.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C6839F27-3BBE-4702-97ED-269971EE5BB9}\RP3\A0004135.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C6839F27-3BBE-4702-97ED-269971EE5BB9}\RP3\A0004136.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C6839F27-3BBE-4702-97ED-269971EE5BB9}\RP3\A0004137.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C6839F27-3BBE-4702-97ED-269971EE5BB9}\RP3\A0004138.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C6839F27-3BBE-4702-97ED-269971EE5BB9}\RP3\A0004139.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C6839F27-3BBE-4702-97ED-269971EE5BB9}\RP3\A0004140.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C6839F27-3BBE-4702-97ED-269971EE5BB9}\RP3\A0004141.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C6839F27-3BBE-4702-97ED-269971EE5BB9}\RP3\A0004142.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\alnpbbrf.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\btkedqwy.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ikqyrfda.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vyvaymam.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wdfjvwig.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Parkour\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
0
Réponse 14 / 26
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 291
18 août 2008 à 16:56
T'es infecté par Lop/Swizzor, cette infection affiche des pubs CID.

---> Télécharge Lop S&D sur ton Bureau
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
---> Double-clique dessus pour lancer l'installation
---> Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
---> Séléctionne la langue souhaitée, puis choisis l'option 1 (Recherche)
---> Patiente jusqu'à la fin du scan
---> Poste le rapport généré (C:\lopR.txt)

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

Si tu as un problème pour utiliser Lop S&D, regarde dans le tutorial :
http://bibou0007.com/outils-specifiques-f78/tutorial-lop-sd-t956.htm#11431
0
Réponse 15 / 26
the-real-abcisse Messages postés 31 Date d'inscription mardi 12 août 2008 Statut Membre Dernière intervention 11 mai 2009 1
18 août 2008 à 17:50
voilà le rapport :


--------------------\\ Lop S&D 4.2.3-0 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Parkour ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 2008-08-18 | 11:47:31 ] [ PC : RAPHCED (Proc:x86) ]
[ MAJ : 17-08-2008 | 01:58 ]

--------------------\\ Listing des dossiers dans APPLIC~1

[2008-07-08|00:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Acronis
[2008-07-14|20:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2008-07-09|21:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[2008-07-09|21:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2008-08-10|02:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DAEMON Tools Pro
[2008-07-07|16:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[2008-07-08|22:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2008-08-08|23:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InterVideo
[2008-08-17|21:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[2008-07-08|00:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[2008-07-08|23:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[2008-07-17|14:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2008-07-07|22:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[2008-07-15|12:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[2008-07-08|12:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[2008-08-04|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[2008-07-08|00:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
[2008-07-08|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc
[2008-07-09|00:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[2008-07-07|23:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[2008-07-08|11:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[2008-08-12|10:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\third lies itch ford
[2008-07-08|11:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[2008-07-07|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2008-07-07|23:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[2008-07-07|16:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[2008-07-07|21:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[2008-07-07|21:06] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[2008-07-08|00:01] C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor

[2008-07-07|21:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[2008-07-14|20:08] C:\DOCUME~1\Parkour\APPLIC~1\Adobe
[2008-07-28|01:55] C:\DOCUME~1\Parkour\APPLIC~1\Apple Computer
[2008-08-10|02:37] C:\DOCUME~1\Parkour\APPLIC~1\DAEMON Tools Pro
[2008-07-07|16:51] C:\DOCUME~1\Parkour\APPLIC~1\desktop.ini
[2008-08-06|21:09] C:\DOCUME~1\Parkour\APPLIC~1\fltk.org
[2008-08-07|12:55] C:\DOCUME~1\Parkour\APPLIC~1\Google
[2008-07-07|21:07] C:\DOCUME~1\Parkour\APPLIC~1\Identities
[2008-08-09|00:01] C:\DOCUME~1\Parkour\APPLIC~1\InstallShield
[2008-08-10|19:39] C:\DOCUME~1\Parkour\APPLIC~1\LimeWire
[2008-07-08|00:50] C:\DOCUME~1\Parkour\APPLIC~1\Macromedia
[2008-08-17|21:38] C:\DOCUME~1\Parkour\APPLIC~1\Malwarebytes
[2008-08-04|23:01] C:\DOCUME~1\Parkour\APPLIC~1\Media Player Classic
[2008-08-03|20:45] C:\DOCUME~1\Parkour\APPLIC~1\Microsoft
[2008-07-07|22:21] C:\DOCUME~1\Parkour\APPLIC~1\Nero
[2008-08-12|10:34] C:\DOCUME~1\Parkour\APPLIC~1\PLATFORM REMOTE
[2008-08-17|21:33] C:\DOCUME~1\Parkour\APPLIC~1\Real
[2008-07-17|13:29] C:\DOCUME~1\Parkour\APPLIC~1\Shareaza
[2008-08-05|16:23] C:\DOCUME~1\Parkour\APPLIC~1\SiteAdvisor
[2008-07-09|01:04] C:\DOCUME~1\Parkour\APPLIC~1\Sony Corporation
[2008-07-08|22:44] C:\DOCUME~1\Parkour\APPLIC~1\Sun
[2008-08-09|00:19] C:\DOCUME~1\Parkour\APPLIC~1\Ulead Systems
[2008-08-11|22:38] C:\DOCUME~1\Parkour\APPLIC~1\uTorrent
[2008-07-07|22:24] C:\DOCUME~1\Parkour\APPLIC~1\Webroot
[2008-07-07|22:24] C:\DOCUME~1\Parkour\APPLIC~1\WinRAR

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[2008-08-18 02:00][--ah-----] C:\WINDOWS\tasks\AB01852F918A3B37.job
[2008-08-11 17:06][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008-08-18 11:42][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2001-09-28 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( AB01852F918A3B37.job )=( c:\docume~1\parkour\applic~1\platfo~1\MixBibBolt.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[2008-07-07|22:39] C:\Program Files\Acronis
[2008-07-14|20:08] C:\Program Files\Adobe
[2008-08-06|15:15] C:\Program Files\Apple Software Update
[2008-07-08|21:41] C:\Program Files\Audacity
[2008-07-26|16:21] C:\Program Files\Best MIDI to MP3
[2008-07-09|21:04] C:\Program Files\Bonjour
[2008-07-11|14:20] C:\Program Files\Cheat Engine
[2008-07-11|13:28] C:\Program Files\CheatEngine53.exe
[2008-07-08|23:19] C:\Program Files\Circle Developement
[2008-07-07|20:59] C:\Program Files\ComPlus Applications
[2008-07-13|14:21] C:\Program Files\CrossLoop
[2008-08-10|02:39] C:\Program Files\DAEMON Tools Pro
[2008-07-08|11:05] C:\Program Files\D-Tools
[2008-07-08|21:41] C:\Program Files\DVDVideoSoft
[2008-07-23|21:11] C:\Program Files\ESET
[2008-08-14|04:10] C:\Program Files\Fichiers communs
[2008-08-07|12:53] C:\Program Files\Google
[2008-07-08|21:42] C:\Program Files\GP5
[2008-07-09|21:05] C:\Program Files\Guitar Pro 5
[2008-07-08|12:06] C:\Program Files\Imp“tRapide
[2008-08-06|15:47] C:\Program Files\ImTOO
[2008-07-09|21:42] C:\Program Files\install_flash_player.exe
[2008-08-08|23:56] C:\Program Files\InstallShield Installation Information
[2008-07-07|21:28] C:\Program Files\Intel
[2008-07-08|09:09] C:\Program Files\Internet Explorer
[2008-08-06|15:20] C:\Program Files\iPod
[2008-08-07|11:29] C:\Program Files\iTunes
[2008-07-08|22:44] C:\Program Files\Java
[2008-08-04|18:31] C:\Program Files\K-Lite Codec Pack
[2008-07-07|21:44] C:\Program Files\Lexmark
[2008-07-07|21:44] C:\Program Files\Lexmark_HostCD
[2008-07-08|12:03] C:\Program Files\LimeWire
[2008-08-12|19:35] C:\Program Files\Lopxp
[2008-08-10|23:07] C:\Program Files\MagicISO
[2008-08-17|21:42] C:\Program Files\Malwarebytes' Anti-Malware
[2008-08-15|03:02] C:\Program Files\Messenger
[2008-07-08|23:19] C:\Program Files\Messenger Plus! Live
[2008-07-07|21:02] C:\Program Files\microsoft frontpage
[2008-07-08|23:51] C:\Program Files\Microsoft LifeCam
[2008-07-08|09:15] C:\Program Files\Microsoft Office
[2008-07-08|09:15] C:\Program Files\Microsoft.NET
[2008-07-07|21:15] C:\Program Files\Movie Maker
[2008-07-07|23:13] C:\Program Files\MsgPlusLive-460.exe
[2008-07-07|20:58] C:\Program Files\MSN
[2008-07-07|20:59] C:\Program Files\MSN Gaming Zone
[2008-07-08|00:57] C:\Program Files\MSXML 4.0
[2008-07-07|22:19] C:\Program Files\Nero
[2008-07-07|21:13] C:\Program Files\NetMeeting
[2008-07-15|12:54] C:\Program Files\NOS
[2008-07-07|20:59] C:\Program Files\Online Services
[2008-07-08|01:00] C:\Program Files\Outlook Express
[2008-07-12|22:28] C:\Program Files\PC Inspector File Recovery
[2008-07-11|21:58] C:\Program Files\pc-inspector_pc_inspector_4.0_francais_11048.exe
[2008-07-12|22:14] C:\Program Files\pc-inspector_pc_inspector_4.0_francais_11048.rar
[2008-08-12|10:32] C:\Program Files\PLATFORM REMOTE
[2008-07-09|02:41] C:\Program Files\PowerISO
[2008-07-09|21:04] C:\Program Files\QuickTime
[2008-07-07|21:38] C:\Program Files\Realtek
[2008-08-18|00:56] C:\Program Files\Registry Mechanic
[2008-07-08|21:42] C:\Program Files\Safari
[2008-07-07|21:01] C:\Program Files\Services en ligne
[2008-07-17|13:30] C:\Program Files\Shareaza
[2008-07-07|21:38] C:\Program Files\Sigmatel
[2008-07-08|00:02] C:\Program Files\SiteAdvisor
[2008-07-08|11:09] C:\Program Files\SmartSound Software
[2008-07-09|00:58] C:\Program Files\Sony
[2008-07-08|11:44] C:\Program Files\Sony Setup
[2008-07-07|23:08] C:\Program Files\Spybot - Search & Destroy
[2008-07-13|23:11] C:\Program Files\Stellar Phoenix Windows Data Recovery
[2008-08-12|19:27] C:\Program Files\Trend Micro
[2008-08-08|23:55] C:\Program Files\Ulead Systems
[2008-07-07|21:07] C:\Program Files\Uninstall Information
[2008-08-11|22:25] C:\Program Files\Unlocker
[2008-07-09|01:59] C:\Program Files\uTorrent
[2008-07-07|22:24] C:\Program Files\Webroot
[2008-07-07|23:38] C:\Program Files\Windows Live
[2008-07-08|11:08] C:\Program Files\Windows Media Components
[2008-07-07|21:56] C:\Program Files\Windows Media Connect 2
[2008-07-08|09:47] C:\Program Files\Windows Media Player
[2008-07-07|21:13] C:\Program Files\Windows NT
[2008-07-07|21:01] C:\Program Files\WindowsUpdate
[2008-07-07|21:49] C:\Program Files\WinRAR
[2008-07-07|21:02] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[2008-07-07|22:39] C:\Program Files\Fichiers communs\Acronis
[2008-07-14|20:08] C:\Program Files\Fichiers communs\Adobe
[2008-07-09|21:03] C:\Program Files\Fichiers communs\Apple
[2008-07-08|09:15] C:\Program Files\Fichiers communs\DESIGNER
[2008-08-08|23:55] C:\Program Files\Fichiers communs\InstallShield
[2008-08-08|23:56] C:\Program Files\Fichiers communs\InterVideo
[2008-07-08|22:43] C:\Program Files\Fichiers communs\Java
[2008-08-08|23:53] C:\Program Files\Fichiers communs\Microsoft Shared
[2008-07-07|21:00] C:\Program Files\Fichiers communs\MSSoap
[2008-07-07|22:20] C:\Program Files\Fichiers communs\Nero
[2008-07-07|16:51] C:\Program Files\Fichiers communs\ODBC
[2008-07-07|21:00] C:\Program Files\Fichiers communs\Services
[2008-07-08|11:11] C:\Program Files\Fichiers communs\SONY Digital Images
[2008-07-07|16:51] C:\Program Files\Fichiers communs\SpeechEngines
[2008-07-08|09:15] C:\Program Files\Fichiers communs\System
[2008-08-08|23:55] C:\Program Files\Fichiers communs\Ulead Systems
[2008-07-07|22:24] C:\Program Files\Fichiers communs\Webroot Shared
[2008-07-07|23:26] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 53 Processus )

iexplore.exe ~ [PID:1504] ~ [Threads:13]
iexplore.exe ~ [PID:1840] ~ [Threads:7]
iexplore.exe ~ [PID:4092] ~ [Threads:25]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\third lies itch ford
C:\DOCUME~1\ALLUSE~1\APPLIC~1\third lies itch ford\htm surf.exe
C:\DOCUME~1\Parkour\APPLIC~1\platfo~1
C:\DOCUME~1\Parkour\APPLIC~1\platfo~1\azgohsol.exe
C:\DOCUME~1\Parkour\APPLIC~1\platfo~1\Filmmoretest.exe
C:\DOCUME~1\Parkour\APPLIC~1\platfo~1\Mix Bib Bolt.exe
C:\DOCUME~1\Parkour\APPLIC~1\platfo~1\mnakwjqe.exe
C:\DOCUME~1\Parkour\APPLIC~1\platfo~1\MOVEBOOBCLOSESLOW.exe
C:\DOCUME~1\Parkour\APPLIC~1\platfo~1\wexhwkqp.exe
C:\Program Files\platfo~1
C:\Program Files\Circle Developement
C:\Program Files\Circle Developement\Uninstall.exe
C:\DOCUME~1\Parkour\Cookies\parkour@ad.byronadvertising[1].txt
C:\DOCUME~1\Parkour\Cookies\parkour@advertising[1].txt
C:\DOCUME~1\Parkour\Cookies\parkour@adin.bigpoint[2].txt
C:\DOCUME~1\Parkour\Cookies\parkour@bigpoint[1].txt
C:\DOCUME~1\Parkour\Cookies\parkour@fr.seafight.bigpoint[2].txt
C:\DOCUME~1\Parkour\Cookies\parkour@us.xblaster.bigpoint[2].txt
C:\DOCUME~1\Parkour\Cookies\parkour@adopt.euroclick[1].txt
C:\DOCUME~1\Parkour\Cookies\parkour@partypoker[1].txt
C:\DOCUME~1\Parkour\Cookies\parkour@fr.seafight.bigpoint[2].txt
C:\WINDOWS\Tasks\AB01852F918A3B37.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"plan acid"="C:\\DOCUME~1\\Parkour\\APPLIC~1\\PLATFO~1\\Filmmoretest.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Itch ford four knob"="C:\\Documents and Settings\\All Users\\Application Data\\third lies itch ford\\htm surf.exe"

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 11:48:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Parkour\Application Data\uTorrent\Daemon Tools Pro V4.10.0215 + Crack [App][www.zonatorrent.com].rar.torrent
C:\DOCUME~1\Parkour\Recent\Daemon_Tools_Pro_V4.10.0215___Crack_[App].3881309.TPB.lnk


[F:84][D:11]-> C:\DOCUME~1\Parkour\LOCALS~1\Temp
[F:445][D:0]-> C:\DOCUME~1\Parkour\Cookies
[F:2380][D:5]-> C:\DOCUME~1\Parkour\LOCALS~1\TEMPOR~1\content.IE5

--------------------\\ Fin du rapport a 11:49:20,95
0
Réponse 16 / 26
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 291
18 août 2008 à 17:52
---> Relance Lop S&D
---> Choisis cette fois-ci l'option 2 (Suppression)
---> Ne ferme pas la fenêtre lors de la suppression !
---> Poste le rapport généré (C:\lopR.txt)

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
0
Réponse 17 / 26
the-real-abcisse Messages postés 31 Date d'inscription mardi 12 août 2008 Statut Membre Dernière intervention 11 mai 2009 1
18 août 2008 à 18:08
--------------------\\ Lop S&D 4.2.3-0 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Parkour ] [ "C:\Lop SD" ] [ Selection : 2 ]
[ 2008-08-18 | 12:04:20 ] [ PC : RAPHCED (Proc:x86) ]
[ MAJ : 17-08-2008 | 01:58 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\third lies itch ford\htm surf.exe
Supprime! - C:\DOCUME~1\Parkour\APPLIC~1\platfo~1\azgohsol.exe
Supprime! - C:\DOCUME~1\Parkour\APPLIC~1\platfo~1\Filmmoretest.exe
Supprime! - C:\DOCUME~1\Parkour\APPLIC~1\platfo~1\Mix Bib Bolt.exe
Supprime! - C:\DOCUME~1\Parkour\APPLIC~1\platfo~1\mnakwjqe.exe
Supprime! - C:\DOCUME~1\Parkour\APPLIC~1\platfo~1\MOVEBOOBCLOSESLOW.exe
Supprime! - C:\DOCUME~1\Parkour\APPLIC~1\platfo~1\wexhwkqp.exe
Supprime! - C:\Program Files\Circle Developement\Uninstall.exe
Supprime! - C:\DOCUME~1\Parkour\Cookies\parkour@ad.byronadvertising[1].txt
Supprime! - C:\DOCUME~1\Parkour\Cookies\parkour@advertising[1].txt
Supprime! - C:\DOCUME~1\Parkour\Cookies\parkour@adin.bigpoint[2].txt
Supprime! - C:\DOCUME~1\Parkour\Cookies\parkour@bigpoint[1].txt
Supprime! - C:\DOCUME~1\Parkour\Cookies\parkour@fr.seafight.bigpoint[2].txt
Supprime! - C:\DOCUME~1\Parkour\Cookies\parkour@us.xblaster.bigpoint[2].txt
Supprime! - C:\DOCUME~1\Parkour\Cookies\parkour@adopt.euroclick[1].txt
Supprime! - C:\DOCUME~1\Parkour\Cookies\parkour@partypoker[1].txt
Supprime! - C:\WINDOWS\Tasks\AB01852F918A3B37.job
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\third lies itch ford
Supprime! - C:\DOCUME~1\Parkour\APPLIC~1\platfo~1
Supprime! - C:\Program Files\platfo~1
Supprime! - C:\Program Files\Circle Developement

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[2008-07-08|00:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Acronis
[2008-07-14|20:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2008-07-09|21:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[2008-07-09|21:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2008-08-10|02:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DAEMON Tools Pro
[2008-07-07|16:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[2008-07-08|22:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2008-08-08|23:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InterVideo
[2008-08-17|21:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[2008-07-08|00:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[2008-07-08|23:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[2008-07-17|14:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2008-07-07|22:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[2008-07-15|12:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[2008-07-08|12:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[2008-08-04|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[2008-07-08|00:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
[2008-07-08|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc
[2008-07-09|00:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[2008-07-07|23:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[2008-07-08|11:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[2008-07-08|11:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[2008-07-07|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2008-07-07|23:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[2008-07-07|16:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[2008-07-07|21:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[2008-07-07|21:06] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[2008-07-08|00:01] C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor

[2008-07-07|21:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[2008-07-14|20:08] C:\DOCUME~1\Parkour\APPLIC~1\Adobe
[2008-07-28|01:55] C:\DOCUME~1\Parkour\APPLIC~1\Apple Computer
[2008-08-10|02:37] C:\DOCUME~1\Parkour\APPLIC~1\DAEMON Tools Pro
[2008-07-07|16:51] C:\DOCUME~1\Parkour\APPLIC~1\desktop.ini
[2008-08-06|21:09] C:\DOCUME~1\Parkour\APPLIC~1\fltk.org
[2008-08-07|12:55] C:\DOCUME~1\Parkour\APPLIC~1\Google
[2008-07-07|21:07] C:\DOCUME~1\Parkour\APPLIC~1\Identities
[2008-08-09|00:01] C:\DOCUME~1\Parkour\APPLIC~1\InstallShield
[2008-08-10|19:39] C:\DOCUME~1\Parkour\APPLIC~1\LimeWire
[2008-07-08|00:50] C:\DOCUME~1\Parkour\APPLIC~1\Macromedia
[2008-08-17|21:38] C:\DOCUME~1\Parkour\APPLIC~1\Malwarebytes
[2008-08-04|23:01] C:\DOCUME~1\Parkour\APPLIC~1\Media Player Classic
[2008-08-03|20:45] C:\DOCUME~1\Parkour\APPLIC~1\Microsoft
[2008-07-07|22:21] C:\DOCUME~1\Parkour\APPLIC~1\Nero
[2008-08-17|21:33] C:\DOCUME~1\Parkour\APPLIC~1\Real
[2008-07-17|13:29] C:\DOCUME~1\Parkour\APPLIC~1\Shareaza
[2008-08-05|16:23] C:\DOCUME~1\Parkour\APPLIC~1\SiteAdvisor
[2008-07-09|01:04] C:\DOCUME~1\Parkour\APPLIC~1\Sony Corporation
[2008-07-08|22:44] C:\DOCUME~1\Parkour\APPLIC~1\Sun
[2008-08-09|00:19] C:\DOCUME~1\Parkour\APPLIC~1\Ulead Systems
[2008-08-11|22:38] C:\DOCUME~1\Parkour\APPLIC~1\uTorrent
[2008-07-07|22:24] C:\DOCUME~1\Parkour\APPLIC~1\Webroot
[2008-07-07|22:24] C:\DOCUME~1\Parkour\APPLIC~1\WinRAR

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[2008-08-11 17:06][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008-08-18 11:42][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2001-09-28 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[2008-07-07|22:39] C:\Program Files\Acronis
[2008-07-14|20:08] C:\Program Files\Adobe
[2008-08-06|15:15] C:\Program Files\Apple Software Update
[2008-07-08|21:41] C:\Program Files\Audacity
[2008-07-26|16:21] C:\Program Files\Best MIDI to MP3
[2008-07-09|21:04] C:\Program Files\Bonjour
[2008-07-11|14:20] C:\Program Files\Cheat Engine
[2008-07-11|13:28] C:\Program Files\CheatEngine53.exe
[2008-07-07|20:59] C:\Program Files\ComPlus Applications
[2008-07-13|14:21] C:\Program Files\CrossLoop
[2008-08-10|02:39] C:\Program Files\DAEMON Tools Pro
[2008-07-08|11:05] C:\Program Files\D-Tools
[2008-07-08|21:41] C:\Program Files\DVDVideoSoft
[2008-07-23|21:11] C:\Program Files\ESET
[2008-08-14|04:10] C:\Program Files\Fichiers communs
[2008-08-07|12:53] C:\Program Files\Google
[2008-07-08|21:42] C:\Program Files\GP5
[2008-07-09|21:05] C:\Program Files\Guitar Pro 5
[2008-07-08|12:06] C:\Program Files\Imp“tRapide
[2008-08-06|15:47] C:\Program Files\ImTOO
[2008-07-09|21:42] C:\Program Files\install_flash_player.exe
[2008-08-08|23:56] C:\Program Files\InstallShield Installation Information
[2008-07-07|21:28] C:\Program Files\Intel
[2008-07-08|09:09] C:\Program Files\Internet Explorer
[2008-08-06|15:20] C:\Program Files\iPod
[2008-08-07|11:29] C:\Program Files\iTunes
[2008-07-08|22:44] C:\Program Files\Java
[2008-08-04|18:31] C:\Program Files\K-Lite Codec Pack
[2008-07-07|21:44] C:\Program Files\Lexmark
[2008-07-07|21:44] C:\Program Files\Lexmark_HostCD
[2008-07-08|12:03] C:\Program Files\LimeWire
[2008-08-12|19:35] C:\Program Files\Lopxp
[2008-08-10|23:07] C:\Program Files\MagicISO
[2008-08-17|21:42] C:\Program Files\Malwarebytes' Anti-Malware
[2008-08-15|03:02] C:\Program Files\Messenger
[2008-07-08|23:19] C:\Program Files\Messenger Plus! Live
[2008-07-07|21:02] C:\Program Files\microsoft frontpage
[2008-07-08|23:51] C:\Program Files\Microsoft LifeCam
[2008-07-08|09:15] C:\Program Files\Microsoft Office
[2008-07-08|09:15] C:\Program Files\Microsoft.NET
[2008-07-07|21:15] C:\Program Files\Movie Maker
[2008-07-07|23:13] C:\Program Files\MsgPlusLive-460.exe
[2008-07-07|20:58] C:\Program Files\MSN
[2008-07-07|20:59] C:\Program Files\MSN Gaming Zone
[2008-07-08|00:57] C:\Program Files\MSXML 4.0
[2008-07-07|22:19] C:\Program Files\Nero
[2008-07-07|21:13] C:\Program Files\NetMeeting
[2008-07-15|12:54] C:\Program Files\NOS
[2008-07-07|20:59] C:\Program Files\Online Services
[2008-07-08|01:00] C:\Program Files\Outlook Express
[2008-07-12|22:28] C:\Program Files\PC Inspector File Recovery
[2008-07-11|21:58] C:\Program Files\pc-inspector_pc_inspector_4.0_francais_11048.exe
[2008-07-12|22:14] C:\Program Files\pc-inspector_pc_inspector_4.0_francais_11048.rar
[2008-07-09|02:41] C:\Program Files\PowerISO
[2008-07-09|21:04] C:\Program Files\QuickTime
[2008-07-07|21:38] C:\Program Files\Realtek
[2008-08-18|00:56] C:\Program Files\Registry Mechanic
[2008-07-08|21:42] C:\Program Files\Safari
[2008-07-07|21:01] C:\Program Files\Services en ligne
[2008-07-17|13:30] C:\Program Files\Shareaza
[2008-07-07|21:38] C:\Program Files\Sigmatel
[2008-07-08|00:02] C:\Program Files\SiteAdvisor
[2008-07-08|11:09] C:\Program Files\SmartSound Software
[2008-07-09|00:58] C:\Program Files\Sony
[2008-07-08|11:44] C:\Program Files\Sony Setup
[2008-07-07|23:08] C:\Program Files\Spybot - Search & Destroy
[2008-07-13|23:11] C:\Program Files\Stellar Phoenix Windows Data Recovery
[2008-08-12|19:27] C:\Program Files\Trend Micro
[2008-08-08|23:55] C:\Program Files\Ulead Systems
[2008-07-07|21:07] C:\Program Files\Uninstall Information
[2008-08-11|22:25] C:\Program Files\Unlocker
[2008-07-09|01:59] C:\Program Files\uTorrent
[2008-07-07|22:24] C:\Program Files\Webroot
[2008-07-07|23:38] C:\Program Files\Windows Live
[2008-07-08|11:08] C:\Program Files\Windows Media Components
[2008-07-07|21:56] C:\Program Files\Windows Media Connect 2
[2008-07-08|09:47] C:\Program Files\Windows Media Player
[2008-07-07|21:13] C:\Program Files\Windows NT
[2008-07-07|21:01] C:\Program Files\WindowsUpdate
[2008-07-07|21:49] C:\Program Files\WinRAR
[2008-07-07|21:02] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[2008-07-07|22:39] C:\Program Files\Fichiers communs\Acronis
[2008-07-14|20:08] C:\Program Files\Fichiers communs\Adobe
[2008-07-09|21:03] C:\Program Files\Fichiers communs\Apple
[2008-07-08|09:15] C:\Program Files\Fichiers communs\DESIGNER
[2008-08-08|23:55] C:\Program Files\Fichiers communs\InstallShield
[2008-08-08|23:56] C:\Program Files\Fichiers communs\InterVideo
[2008-07-08|22:43] C:\Program Files\Fichiers communs\Java
[2008-08-08|23:53] C:\Program Files\Fichiers communs\Microsoft Shared
[2008-07-07|21:00] C:\Program Files\Fichiers communs\MSSoap
[2008-07-07|22:20] C:\Program Files\Fichiers communs\Nero
[2008-07-07|16:51] C:\Program Files\Fichiers communs\ODBC
[2008-07-07|21:00] C:\Program Files\Fichiers communs\Services
[2008-07-08|11:11] C:\Program Files\Fichiers communs\SONY Digital Images
[2008-07-07|16:51] C:\Program Files\Fichiers communs\SpeechEngines
[2008-07-08|09:15] C:\Program Files\Fichiers communs\System
[2008-08-08|23:55] C:\Program Files\Fichiers communs\Ulead Systems
[2008-07-07|22:24] C:\Program Files\Fichiers communs\Webroot Shared
[2008-07-07|23:26] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 49 Processus )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 12:05:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Parkour\Application Data\uTorrent\Daemon Tools Pro V4.10.0215 + Crack [App][www.zonatorrent.com].rar.torrent
C:\DOCUME~1\Parkour\Recent\Daemon_Tools_Pro_V4.10.0215___Crack_[App].3881309.TPB.lnk


[F:91][D:11]-> C:\DOCUME~1\Parkour\LOCALS~1\Temp
[F:436][D:0]-> C:\DOCUME~1\Parkour\Cookies
[F:2405][D:6]-> C:\DOCUME~1\Parkour\LOCALS~1\TEMPOR~1\content.IE5

--------------------\\ Fin du rapport a 12:06:01,18
0
Réponse 18 / 26
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 291
18 août 2008 à 18:10
Tu peux désinstaller Lop S&D, je te prépare une procédure.
0
Réponse 19 / 26
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 291
18 août 2008 à 18:40
---> Télécharge le fichier CFScript et enregistre-le sur ton bureau :
http://www.megaupload.com/fr/?d=45SOS8CQ

---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
0
Réponse 20 / 26
the-real-abcisse Messages postés 31 Date d'inscription mardi 12 août 2008 Statut Membre Dernière intervention 11 mai 2009 1
18 août 2008 à 19:02
ComboFix 08-08-13.02 - Parkour 2008-08-18 12:50:22.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.676 [GMT -4:00]
Endroit: C:\DOCUME~1\Parkour\Bureau\ComboFix.exe
Command switches used :: C:\DOCUME~1\Parkour\Bureau\CFScript[1].txt
* Création d'un nouveau point de restauration
* Resident AV is active


[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\LMAAX2DD.ini
C:\WINDOWS\system32\alnpbbrf.exe
C:\WINDOWS\system32\btkedqwy.dll_old
C:\WINDOWS\System32\drivers\27730c3d.sys
C:\WINDOWS\system32\ikqyrfda.exe
C:\WINDOWS\system32\vyvaymam.exe
C:\WINDOWS\system32\wdfjvwig.exe
C:\WINDOWS\Tasks\AB01852F918A3B37.job
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Lopxp
C:\Program Files\Lopxp\cid.txt
C:\Program Files\Lopxp\Fix\FixAppD.dat
C:\Program Files\Lopxp\Fix\Fixjob.dat
C:\Program Files\Lopxp\Fix\FixPfiles.dat
C:\Program Files\Lopxp\Fix\Regfix.dat
C:\Program Files\Lopxp\Fix\SuspPfiles.dat
C:\Program Files\Lopxp\Fix\TempList.dat
C:\Program Files\Lopxp\Lopxp.bat
C:\Program Files\Lopxp\tools\CiDfind.vbs
C:\Program Files\Lopxp\tools\Disable_Wsh.reg
C:\Program Files\Lopxp\tools\Enable_Wsh.reg
C:\Program Files\Lopxp\tools\ListMe.cmd
C:\Program Files\Lopxp\tools\lsTasks.exe
C:\Program Files\Lopxp\tools\P2PFix.reg
C:\Program Files\Lopxp\tools\P2PPatt.dat
C:\Program Files\Lopxp\tools\Patt1.dat
C:\Program Files\Lopxp\tools\Patt2.dat
C:\Program Files\Lopxp\tools\pv.exe
C:\Program Files\Lopxp\tools\Str.exe
C:\Program Files\Lopxp\tools\swreg.exe
C:\Program Files\Lopxp\tools\vfind.exe
C:\Program Files\Lopxp\tools\whitelist.dat
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\WINDOWS\LMAAX2DD.ini
C:\WINDOWS\System32\drivers\27730c3d.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_27730c3d


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-18 to 2008-08-18 ))))))))))))))))))))))))))))))))))))
.

2008-08-18 11:46 . 2008-08-18 12:16 <REP> d-------- C:\Lop SD
2008-08-17 21:38 . 2008-08-17 21:42 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-17 21:38 . 2008-08-17 21:38 <REP> d-------- C:\Documents and Settings\Parkour\Application Data\Malwarebytes
2008-08-17 21:38 . 2008-08-17 21:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-17 21:38 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-17 21:38 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-14 15:11 . 2008-05-01 10:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-12 19:27 . 2008-08-12 19:27 <REP> d-------- C:\Program Files\Trend Micro
2008-08-11 22:19 . 2008-08-12 11:16 94,208 --a------ C:\WINDOWS\system32\23.tmp
2008-08-10 18:14 . 2008-08-11 22:28 325 --a------ C:\WINDOWS\wininit.ini
2008-08-10 03:05 . 2008-08-10 23:07 <REP> d-------- C:\Program Files\MagicISO
2008-08-10 02:37 . 2008-08-10 02:37 <REP> d-------- C:\Documents and Settings\Parkour\Application Data\DAEMON Tools Pro
2008-08-10 02:37 . 2008-08-10 02:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-08-10 02:34 . 2008-08-10 02:39 <REP> d-------- C:\Program Files\DAEMON Tools Pro
2008-08-10 02:32 . 2008-08-10 02:32 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-08-09 00:01 . 2008-08-09 00:01 <REP> d-------- C:\Documents and Settings\Parkour\Application Data\InstallShield
2008-08-08 23:56 . 2008-08-08 23:56 <REP> d-------- C:\Program Files\Fichiers communs\InterVideo
2008-08-08 23:56 . 2008-08-08 23:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InterVideo
2008-08-08 23:56 . 2007-03-06 11:58 210,456 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-08-08 23:56 . 2007-03-06 11:58 206,360 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-08-08 23:56 . 2007-03-06 11:58 198,168 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-08-08 23:56 . 2007-03-06 11:58 198,168 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-08-08 23:56 . 2007-03-06 11:58 194,072 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-08-08 23:56 . 2007-03-06 11:58 26,136 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-08-06 21:09 . 2008-08-06 21:09 <REP> d-------- C:\Documents and Settings\Parkour\Application Data\fltk.org
2008-08-06 20:02 . 2008-08-09 14:42 1,204 --a------ C:\WINDOWS\system32\LexFiles.usr
2008-08-06 20:01 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-08-06 20:01 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-08-06 15:47 . 2008-08-06 15:47 <REP> d-------- C:\Program Files\ImTOO
2008-08-06 15:20 . 2008-08-07 11:29 <REP> d-------- C:\Program Files\iTunes
2008-08-06 15:20 . 2008-08-06 15:20 <REP> d-------- C:\Program Files\iPod
2008-08-06 15:20 . 2008-08-18 11:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-06 15:20 . 2008-08-06 15:20 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-04 23:01 . 2008-08-04 23:01 <REP> d-------- C:\Documents and Settings\Parkour\Application Data\Media Player Classic
2008-08-04 18:31 . 2008-08-04 18:31 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-08-04 18:31 . 2004-10-14 08:33 2,024,448 --a------ C:\WINDOWS\system32\divx.dll
2008-08-01 13:29 . 2004-08-03 23:10 49,024 --a------ C:\WINDOWS\system32\drivers\mstape.sys
2008-08-01 13:29 . 2004-08-03 23:10 49,024 --a--c--- C:\WINDOWS\system32\dllcache\mstape.sys
2008-08-01 13:29 . 2004-08-03 23:10 13,696 --a------ C:\WINDOWS\system32\drivers\avcstrm.sys
2008-08-01 13:29 . 2004-08-03 23:10 13,696 --a--c--- C:\WINDOWS\system32\dllcache\avcstrm.sys
2008-07-26 16:21 . 2008-07-26 16:21 <REP> d-------- C:\Program Files\Best MIDI to MP3
2008-07-26 16:21 . 2008-07-26 16:21 452,166 --a------ C:\mmm.wav

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 02:38 --------- d-----w C:\Documents and Settings\Parkour\Application Data\uTorrent
2008-08-12 02:25 --------- d-----w C:\Program Files\Unlocker
2008-08-10 23:39 --------- d-----w C:\Documents and Settings\Parkour\Application Data\LimeWire
2008-08-09 04:19 --------- d-----w C:\Documents and Settings\Parkour\Application Data\Ulead Systems
2008-08-09 03:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-09 03:55 --------- d-----w C:\Program Files\Ulead Systems
2008-08-09 03:55 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
2008-08-09 03:55 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-08-07 16:53 --------- d-----w C:\Program Files\Google
2008-08-06 19:15 --------- d-----w C:\Program Files\Apple Software Update
2008-08-05 20:23 --------- d-----w C:\Documents and Settings\Parkour\Application Data\SiteAdvisor
2008-07-30 15:06 23 ----a-w C:\Documents and Settings\Parkour\jagex_runescape_preferences.dat
2008-07-28 05:55 --------- d-----w C:\Documents and Settings\Parkour\Application Data\Apple Computer
2008-07-24 01:11 --------- d-----w C:\Program Files\ESET
2008-07-17 17:30 --------- d-----w C:\Program Files\Shareaza
2008-07-17 17:29 --------- d-----w C:\Documents and Settings\Parkour\Application Data\Shareaza
2008-07-15 16:54 --------- d-----w C:\Program Files\NOS
2008-07-15 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-07-15 00:08 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-14 03:11 --------- d-----w C:\Program Files\Stellar Phoenix Windows Data Recovery
2008-07-13 18:21 --------- d-----w C:\Program Files\CrossLoop
2008-07-13 02:28 --------- d-----w C:\Program Files\PC Inspector File Recovery
2008-07-13 02:14 4,924,063 ----a-w C:\Program Files\pc-inspector_pc_inspector_4.0_francais_11048.rar
2008-07-12 01:58 6,113,439 ----a-w C:\Program Files\pc-inspector_pc_inspector_4.0_francais_11048.exe
2008-07-11 18:20 --------- d-----w C:\Program Files\Cheat Engine
2008-07-11 17:28 4,046,155 ----a-w C:\Program Files\CheatEngine53.exe
2008-07-10 01:42 1,495,112 ----a-w C:\Program Files\install_flash_player.exe
2008-07-10 01:05 --------- d-----w C:\Program Files\Guitar Pro 5
2008-07-10 01:04 --------- d-----w C:\Program Files\QuickTime
2008-07-10 01:04 --------- d-----w C:\Program Files\Bonjour
2008-07-10 01:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-10 01:03 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-07-10 01:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-07-09 06:41 --------- d-----w C:\Program Files\PowerISO
2008-07-09 05:59 --------- d-----w C:\Program Files\uTorrent
2008-07-09 05:04 --------- d-----w C:\Documents and Settings\Parkour\Application Data\Sony Corporation
2008-07-09 04:58 --------- d-----w C:\Program Files\Sony
2008-07-09 04:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-07-09 03:51 --------- d-----w C:\Program Files\Microsoft LifeCam
2008-07-09 03:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-07-09 03:19 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-07-09 02:44 --------- d-----w C:\Program Files\Java
2008-07-09 02:43 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-07-09 01:42 --------- d-----w C:\Program Files\Safari
2008-07-09 01:42 --------- d-----w C:\Program Files\GP5
2008-07-09 01:41 --------- d-----w C:\Program Files\DVDVideoSoft
2008-07-09 01:41 --------- d-----w C:\Program Files\Audacity
2008-07-08 16:06 --------- d-----w C:\Program Files\ImpôtRapide
2008-07-08 16:03 --------- d-----w C:\Program Files\LimeWire
2008-07-08 16:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-07-08 15:44 --------- d-----w C:\Program Files\Sony Setup
2008-07-08 15:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-07-08 15:34 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-08 15:11 --------- d-----w C:\Program Files\Fichiers communs\SONY Digital Images
2008-07-08 15:09 --------- d-----w C:\Program Files\SmartSound Software
2008-07-08 15:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-07-08 15:08 --------- d-----w C:\Program Files\Windows Media Components
2008-07-08 15:05 --------- d-----w C:\Program Files\D-Tools
2008-07-08 13:15 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-08 04:57 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-08 04:02 --------- d-----w C:\Program Files\SiteAdvisor
2008-07-08 04:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Acronis
2008-07-08 04:01 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-07-08 04:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-07-08 04:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-08 03:38 --------- d-----w C:\Program Files\Windows Live
2008-07-08 03:26 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-08 03:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-08 03:13 4,780,368 ----a-w C:\Program Files\MsgPlusLive-460.exe
2008-07-08 03:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-08 03:08 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-08 03:05 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-07-08 02:39 99,776 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2008-07-08 02:39 388,000 ----a-w C:\WINDOWS\system32\drivers\timntr.sys
2008-07-08 02:39 32,288 ----a-w C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-07-08 02:39 --------- d-----w C:\Program Files\Fichiers communs\Acronis
2008-07-08 02:39 --------- d-----w C:\Program Files\Acronis
2008-07-08 02:31 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-07-08 02:31 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-07-08 02:31 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2008-07-08 02:24 --------- d-----w C:\Program Files\Webroot
2008-07-08 02:24 --------- d-----w C:\Program Files\Fichiers communs\Webroot Shared
2008-07-08 02:24 --------- d-----w C:\Documents and Settings\Parkour\Application Data\Webroot
2008-07-08 02:21 --------- d-----w C:\Documents and Settings\Parkour\Application Data\Nero
2008-07-08 02:20 --------- d-----w C:\Program Files\Fichiers communs\Nero
2008-07-08 02:19 --------- d-----w C:\Program Files\Nero
2008-07-08 02:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-07-08 01:56 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-08 01:44 --------- d-----w C:\Program Files\Lexmark_HostCD
2008-07-08 01:44 --------- d-----w C:\Program Files\Lexmark
2008-07-08 01:38 --------- d-----w C:\Program Files\Sigmatel
2008-07-08 01:38 --------- d-----w C:\Program Files\Realtek
2008-07-08 01:28 --------- d-----w C:\Program Files\Intel
2008-07-08 01:02 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-08 01:01 --------- d-----w C:\Program Files\Services en ligne
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
.

((((((((((((((((((((((((((((( snapshot@2008-08-14_ 4.17.02.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-07 20:18:27 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll
+ 2008-07-07 20:28:20 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2008-07-07 20:24:11 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:26 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:29 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-07-14 11:03:00 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
+ 2008-07-11 12:42:28 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
+ 2008-07-11 12:51:51 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
+ 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\updspapi.dll
+ 2008-06-24 16:30:27 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP2QFE\mscms.dll
+ 2008-06-24 16:44:02 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3GDR\mscms.dll
+ 2008-06-24 16:53:52 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\updspapi.dll
- 2008-07-11 09:02:48 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-08-15 07:01:03 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-07-11 09:02:48 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-08-15 07:01:03 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-07-11 09:02:48 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-08-15 07:01:03 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-07-11 09:02:48 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-08-15 07:01:03 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-07-11 09:02:48 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-08-15 07:01:03 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-07-11 09:02:48 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-08-15 07:01:03 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-07-11 09:02:48 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-08-15 07:01:03 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-07-11 09:02:48 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-08-15 07:01:04 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-07-11 09:02:48 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-08-15 07:01:03 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-07-11 09:02:48 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-08-15 07:01:03 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-07-11 09:02:48 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-08-15 07:01:04 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-07-11 09:02:48 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-08-15 07:01:03 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-07-11 09:02:48 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-08-15 07:01:03 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-07-07 20:31:48 253,952 -c----w C:\WINDOWS\system32\dllcache\es.dll
- 2007-08-21 06:17:23 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:51:06 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2008-06-24 16:23:56 74,240 -c----w C:\WINDOWS\system32\dllcache\mscms.dll
- 2007-08-21 06:17:23 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2008-04-11 18:51:06 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-08-05 18:11:01 15,888,504 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-11-30 12:39:29 18,296 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-03-27 09:24:20 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2008-07-14 11:09:18 62,976 ------w C:\WINDOWS\system32\tzchange.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-08 22:46 171448]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-06-22 08:45 133576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-12 00:43 7630848]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-12 00:43 86016]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-07-07 22:31 949376]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [2006-07-06 13:52 1126497]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe" [2006-07-06 13:55 1868040]
"Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2006-07-05 20:40 126976]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2006-10-02 15:09 35928]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-06-16 04:52 167936]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 13:55 341232]
"nwiz"="nwiz.exe" [2006-08-12 00:43 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.VP31"= vp31vfw.dll
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LMabcoms.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-08-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 12:53:23
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\Crypserv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dwwin.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-18 12:56:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-18 16:56:36
ComboFix2.txt 2008-08-14 08:17:38

Pre-Run: 4,415,336,448 octets libres
Post-Run: 4,507,197,440 octets libres

389
0

Discussions similaires

ERREUR 0x80070643
StellaChris -
brucine -

1 réponse
erreur 0x80070643
bacala59 -
User75 -

41 réponses
erreur mise a jour windows 10
Utilisateur anonyme -
mass -

8 réponses
Problème mise a jour Windows 10 erreur 0x80070643.
PCbuilder -
maditours -

28 réponses
Les mises a jour windows échouent, que faire ?
Zyfoxgz -
1finis -

22 réponses