High-Tech Santé Médecine Droit-Finances

Test

Netbook HP mini 110

Rechercher : dans
Par :

Virus inconnu ?

Dernière réponse le 16 sep 2008 à 10:03:22 nenesse67, le 14 sep 2008 à 19:09:12 
 Signaler ce message aux modérateurs

Bonjour,

Un message me demandant d'insataller WINDOWS XP 2008 apparaît a chaque démarrage de windows, ainsi qu'un fond d'ecran me précisant que mon pc portable est infecté par plusieurs virus.

J'ai effectué un rapport avec HIJACKTHGIS que je poste ci-dessous :

Pouvez-vous m'apporter votre aide pour supprimer ce virus ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:56, on 2008-09-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\lotus\notes\nslsvice.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\tp4serv.exe
C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe
C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Neuf\Widget Neuf\9widget.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\Program Files\NettGain1200 Client\NGSpawner.exe
C:\Program Files\NettGain1200 Client\NettGain1200_C.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\Iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tryba0.tryba.com/portailRH.nsf
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gunder25:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://www.ma-terrasse.*;http://mertzwi3.*;http://tryba0.*;h­ttp://www.stockfenetres.*;http://172.16.24.*;http://gunder24­.*;http://gunder53.*;http://gunder27.*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Install5G] D:\Install.exe /SI=1
O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe"
O4 - HKLM\..\Run: [Easy PDF Creator] C:\Program Files\Easy PDF Creator\EasyPDFCreator.exe
O4 - HKLM\..\Run: [Proc Deaf Delete Peak] C:\Documents and Settings\All Users\Application Data\file joy proc deaf\extra noun.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lphcelmj0e549] C:\WINDOWS\system32\lphcelmj0e549.exe
O4 - HKLM\..\Run: [inrhcalmj0e549] C:\Documents and Settings\nnessigh\Local Settings\temp\.tt1D9.tmp.exe /CR=5F8C0875B49BA02BB503A8EC828A17BC0776CE5CFC737FE4FE89B7C3D24F45BB38ACBE7228E0BC2C46190542B233640B72F62611A2A5C6C8B4AB8C71E98AE9AC93424B019A0E2506941878206F40C12092
O4 - HKCU\..\Run: [internet regs] C:\DOCUME~1\nnessigh\APPLIC~1\STOPVC~1\Uplicensejunk.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S249.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Widget Neuf] "C:\Program Files\Neuf\Widget Neuf\9widget.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\nnessigh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: NettGain1200 Client.lnk = C:\Program Files\NettGain1200 Client\NGSpawner.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .qt: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tryba.com
O17 - HKLM\Software\..\Telephony: DomainName = tryba.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tryba.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tryba.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Fonction Commande à distance de Client Access Express (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Ouverture de session unique de Lotus Notes (Lotus Notes Single Logon) - IBM Corp - C:\Program Files\lotus\notes\nslsvice.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Visionsoft Audit On Demand Service (vsAOD) - Visionsoft Limited - C:\WINDOWS\vsAOD.Exe
O23 - Service: VNC Server (winvnc) - AT&T Research Labs Cambridge - C:\Program Files\ORL\VNC\WinVNC.Exe
End of file - 13000 bytes

Configuration: Windows XP
Internet Explorer 7.0

Meilleures réponses pour « Virus inconnu ? » dans :
Virus et Malwares ... Le truc pour les éliminer Voir
[Virus] Que faire quand on est infecté ? VoirSi vous savez ou vous pensez être infecté par un virus Si vous savez ou vous pensez être infecté par un virus, il faut s'en occuper le plus rapidement possible car l'infection peut inviter d'autres infections dans votre PC et votre système risque...
[Virus] System Volume Information VoirSommaire Explications Exemple Supprimer un virus logé dans le dossier System Volume Information sous Windows XP Informations supplémentaires Explications Le dossier System Volume Information est utilisé par Windows XP pour...
Télécharger AVG Anti-Virus Voir
Télécharger Kaspersky Anti-Virus Voir
Télécharger Clean Virus MSN VoirLes virus se rencontrent dorénavant un peu partout sur le net par tous les moyens imaginables. Après les mails virosés, maintenant ils s'attaquent à la messagerie instantanée. Clean Virus MSN est un outil qui détecte automatiquement les virus qui...
Virus - Introduction aux virus VoirVirus Un virus est un petit programme informatique situé dans le corps d'un autre, qui, lorsqu'on l'exécute, se charge en mémoire et exécute les instructions que son auteur a programmé. La définition d'un virus pourrait être la suivante : « Tout...
Utilitaires de désinfection des principaux virus et vers VoirQu'est-ce qu'un kit de désinfection ? Un kit de désinfection est un petit exécutable dont le but est de nettoyer une machine infectée par un virus particulier. Chaque kit de désinfection est donc uniquement capable d'éradiquer un type de virus...
Posez votre question Répondre

1

sKe69, le 14 sep 2008 à 19:37:51

Salut,

pas mal de bestioles sur le PC ... Et pas d'antivirus !


Commences par ceci :

Télécharges SmitfraudFix (de S!Ri, balltrap34 et moe31 ) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Installes le soft sur ton bureau ( et pas ailleurs! ) .

!! Déconnectes toi, fermes toute tes applications et désactives tes défenses ( anti-virus ,anti-spyware,...) le temps de la manipe !!


Tuto ( aide ) : http://siri.urz.free.fr/Fix/SmitfraudFix.php

Utilisation ---> option 1 / Recherche :
Double cliques sur l'icône "Smitfraudfix.exe" et sélectionnes 1 (et pas sur autre chose sans notre accord !) pour créer un rapport des fichiers responsables de l'infection.

Postes le rapport ( "rapport.txt" qui se trouve sous C\: ) et attends la suite ...

(Attention : "process.exe", un composant de l'outil, est détecté par certains antivirus comme étant un "RiskTool". Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité.)
Rien ne sert de courir .... Non, ça sert à rien ...    ---sKe---
"Baby, I'm going on an airplane, And I don't know if I'll be back again."
IMPORTANT : ne vous croyez pas tiré d'affaire
tant qu'on ne vous l'a pas dit !

   
Répondre à sKe69

2

nenesse67, le 15 sep 2008 à 00:30:20

Bonsoir,

Merci pour votre aide et désolé pour le retard !

Voic le rapport de smitfraudfix :

SmitFraudFix v2.350

Rapport fait à 0:22:03.33, 2008-09-15
Executé à partir de C:\Documents and Settings\nnessigh\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\lotus\notes\nslsvice.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\vsAOD.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ORL\VNC\WinVNC.Exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\tp4serv.exe
C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe
C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\lphcelmj0e549.exe
C:\Documents and Settings\nnessigh\Local Settings\temp\.tt1D9.tmp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Neuf\Widget Neuf\9widget.exe
C:\Documents and Settings\nnessigh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\TEMP\IM2FFE.EXE
C:\Documents and Settings\nnessigh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\NettGain1200 Client\NGSpawner.exe
C:\Program Files\NettGain1200 Client\NettGain1200_C.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\OfficeScan Client\TSC.EXE
C:\WINDOWS\System32\imapi.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\NclInstaller.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\tdssservers.dat détecté, utilisez un scanner de Rootkit
C:\WINDOWS\system32\tdssadw.dll détecté, utilisez un scanner de Rootkit
C:\WINDOWS\system32\tdssinit.dll détecté, utilisez un scanner de Rootkit
C:\WINDOWS\system32\tdssl.dll détecté, utilisez un scanner de Rootkit
C:\WINDOWS\system32\tdsslog.dll détecté, utilisez un scanner de Rootkit
C:\WINDOWS\system32\tdssmain.dll détecté, utilisez un scanner de Rootkit
C:\WINDOWS\system32\drivers\tdssserv.sys détecté, utilisez un scanner de Rootkit
C:\WINDOWS\system32\drivers\svchost.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\nnessigh


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\nnessigh\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\nnessigh\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
"Startup"="MCPSystemStartup"


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 2200BG Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 172.16.16.49
DNS Server Search Order: 172.16.20.27

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B824B3D6-B6B0-401B-8060-8EF70B625FBD}: DhcpNameServer=172.16.16.49 172.16.20.27
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B824B3D6-B6B0-401B-8060-8EF70B625FBD}: DhcpNameServer=172.16.16.49 172.16.20.27
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B824B3D6-B6B0-401B-8060-8EF70B625FBD}: DhcpNameServer=172.16.16.49 172.16.20.27


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

   
Répondre à nenesse67

3

sKe69, le 15 sep 2008 à 00:43:54

Salut,

Pas de prb ... =)

Suite de la manipe ( nettoyage ), fais exactement ce qui suit :

* Impératif : Redémarrer l'ordinateur en mode sans échec .
Comment aller en Mode sans échec
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
( ps : n'oublies pas , en mode sans échec , pas de connexion ! Donc copies ou imprimes bien les info ci-dessous ...)

*Double click sur SmitfraudFix.exe

* Sélectionnes 2 et presses "Entrée" dans le menu pour supprimer les fichiers responsables de l'infection.

-> Si besion :
* A la question: Voulez-vous nettoyer le registre ? répondre O (oui) et presser Entrée afin de débloquer le fond d'écran et supprimer les clés de registre de l'infection.

( Le correctif déterminera si le fichier wininet.dll est infecté.)

* A la question: "Corriger le fichier infecté ?" répondre O (oui) et presser Entrée
pour remplacer le fichier corrompu.

* Un redémarrage sera peut être nécessaire pour terminer la procédure de nettoyage ( sinon fais le manuellement )

Le rapport se trouve à la racine de C\:
(dans le fichier "rapport.txt")

Postes moi ce dernier rapport accompagné, dans la même réponse, d'un nouveau rapport
hijackthis ( fais en mode normal ) et attends les instructions ...
Rien ne sert de courir .... Non, ça sert à rien ...    ---sKe---
"Baby, I'm going on an airplane, And I don't know if I'll be back again."
IMPORTANT : ne vous croyez pas tiré d'affaire
tant qu'on ne vous l'a pas dit !

   
Répondre à sKe69

4

sKe69, le 15 sep 2008 à 01:15:23

Re,

A demain pour la suite ...

Bonne nuit .... =) Rien ne sert de courir .... Non, ça sert à rien ...    ---sK­e---
"Baby, I'm going on an airplane, And I don't know if I'll be back again."
IMPORTANT : ne vous croyez pas tiré d'affaire
tant qu'on ne vous l'a pas dit !

   
Répondre à sKe69

5

nenesse67, le 15 sep 2008 à 22:47:16

Salut,


Me revoila j'ai effectué les manip que tu m'a conseillé et voici ci dessous le rapport smitfraudfix + hijackthis :

dans l'attente des tes conseils


SmitFraudFix v2.350

Rapport fait à 22:24:51.03, 2008-09-15
Executé à partir de C:\Documents and Settings\nnessigh\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/100 VE Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 172.16.16.49
DNS Server Search Order: 172.16.20.27

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B824B3D6-B6B0-401B-8060-8EF70B625FBD}: DhcpNameServer=172.16.16.49 172.16.20.27
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B824B3D6-B6B0-401B-8060-8EF70B625FBD}: DhcpNameServer=172.16.16.49 172.16.20.27
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B824B3D6-B6B0-401B-8060-8EF70B625FBD}: DhcpNameServer=172.16.16.49 172.16.20.27
HKLM\SYSTEM\CS2\Services\Tcpip\..\{ECB9E99A-F195-49F6-A9C3-68A78D132B4C}: DhcpNameServer=172.16.20.27
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=172.16.20.27


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
"Startup"="MCPSystemStartup"


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:43:46, on 2008-09-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\lotus\notes\nslsvice.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\tp4serv.exe
C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\vsAOD.Exe
C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\lphcelmj0e549.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\ORL\VNC\WinVNC.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Neuf\Widget Neuf\9widget.exe
C:\Documents and Settings\nnessigh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\NettGain1200 Client\NGSpawner.exe
C:\Program Files\NettGain1200 Client\NettGain1200_C.exe
C:\WINDOWS\TEMP\JJ4FFE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gunder25:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://www.ma-terrasse.*;http://mertzwi3.*;http://tryba0.*;http://www.stockfenetres.*;http://172.16.24.*;http://gunder24.*;http://gunder53.*;http://gunder27.*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Install5G] D:\Install.exe /SI=1
O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe"
O4 - HKLM\..\Run: [Easy PDF Creator] C:\Program Files\Easy PDF Creator\EasyPDFCreator.exe
O4 - HKLM\..\Run: [Proc Deaf Delete Peak] C:\Documents and Settings\All Users\Application Data\file joy proc deaf\extra noun.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lphcelmj0e549] C:\WINDOWS\system32\lphcelmj0e549.exe
O4 - HKLM\..\Run: [inrhcalmj0e549] C:\Documents and Settings\nnessigh\Local Settings\temp\.tt1D9.tmp.exe /CR=5F8C0875B49BA02BB503A8EC828A17BC0776CE5CFC737FE4FE89B7C3D24F45BB38ACBE7228E0BC2C46190542B233640B72F62611A2A5C6C8B4AB8C71E98AE9AC93424B019A0E2506941878206F40C12092
O4 - HKCU\..\Run: [internet regs] C:\DOCUME~1\nnessigh\APPLIC~1\STOPVC~1\Uplicensejunk.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S249.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Widget Neuf] "C:\Program Files\Neuf\Widget Neuf\9widget.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\nnessigh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: NettGain1200 Client.lnk = C:\Program Files\NettGain1200 Client\NGSpawner.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .qt: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tryba.com
O17 - HKLM\Software\..\Telephony: DomainName = tryba.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tryba.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tryba.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Fonction Commande à distance de Client Access Express (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Ouverture de session unique de Lotus Notes (Lotus Notes Single Logon) - IBM Corp - C:\Program Files\lotus\notes\nslsvice.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Visionsoft Audit On Demand Service (vsAOD) - Visionsoft Limited - C:\WINDOWS\vsAOD.Exe
O23 - Service: VNC Server (winvnc) - AT&T Research Labs Cambridge - C:\Program Files\ORL\VNC\WinVNC.Exe
End of file - 13294 bytes

   
Répondre à nenesse67

6

sKe69, le 15 sep 2008 à 22:54:16

Salut ,


la suite :

Télécharges SDFix sur ton bureau :
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe.

--->Double-cliques sur SDFix.exe et choisis "Install" .

( tuto ici : http://www.malekal.com/tutorial_SDFix.php )

Puis une fois l'installe faite ,
Impératif : redémarres en mode sans échec .
Comment aller en Mode sans échec :
1) Redémarres ton ordi
2) Tapotes la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )

( ps : n'oublies pas , en mode sans échec , pas de connexion ! Donc copies ou imprimes bien les info ci-dessous ...)

Ouvres le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double cliques sur RunThis.bat pour lancer le script.
--->Tapes Y pour lancer le script ...
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
presses une touche pour redémarrer quand il te le sera demandé .

Le PC va mettre du temps avant de démarrer ( c'est normale ), après le chargement du Bureau presses une touche lorsque "Finished" s'affiche .

Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier C:\SDFix sous le nom "Report.txt".
Postes ce dernier dans ta prochaine réponse accompagné d'un nouveau rapport Hijakcthis pour analyse ...
Rien ne sert de courir .... Non, ça sert à rien ...    ---sKe---
"Baby, I'm going on an airplane, And I don't know if I'll be back again."
IMPORTANT : ne vous croyez pas tiré d'affaire
tant qu'on ne vous l'a pas dit !

   
Répondre à sKe69

7

Sacabouffe, le 16 sep 2008 à 00:35:19

Salut
Voilà le message de nenesse67 qui restait coincé.

Voici les rapports demandés après la manip qui s'est bien déroulé :



[b]SDFix: Version 1.225 /b
Run by nnessigh on 2008-09-15 at 23:55

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services /b:


Restoring Default Security Values
Restoring Default Hosts File
Restoring Default Desktop Wallpaper
Restoring Default ScreenSaver value

Rebooting


[b]Checking Files /b:

Trojan Files Found:

C:\WINDOWS\system32\lphcelmj0e549.ex­e - Deleted
C:\WINDOWS\system32\phcelmj0e549.bmp­ - Deleted
C:\WINDOWS\system32\blphcelmj0e549.s­cr - Deleted
C:\DOCUME~1\nnessigh\LOCALS~1\Temp\.­tt1.tmp - Deleted
C:\DOCUME~1\nnessigh\LOCALS~1\Temp\.­tt10.tmp - Deleted
C:\DOCUME~1\nnessigh\LOCALS~1\Temp\.­tt1.tmp.vbs - Deleted
C:\WINDOWS\s32.txt - Deleted
C:\WINDOWS\system32\drivers\tdssserv­.sys - Deleted
C:\WINDOWS\system32\tdssadw.dll - Deleted
C:\WINDOWS\system32\tdssinit.dll - Deleted
C:\WINDOWS\system32\tdssl.dll - Deleted
C:\WINDOWS\system32\tdsslog.dll - Deleted
C:\WINDOWS\system32\tdssmain.dll - Deleted
C:\WINDOWS\system32\tdssserf.dll - Deleted
C:\WINDOWS\system32\tdssservers.dat - Deleted



Folder C:\Documents and Settings\nnessigh\Application Data\Macromedia\Flash Player\macromedia.com\support\flashp­layer\sys\#w*w.redtube.­com - Removed


Removing Temp Files

[b]ADS Check /b:



[b]Final Check /b:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 00:15:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a94139462]
"001b5937e64a"=hex:18,2d,e2,bb,15,25,42,ea,2d,85,de,cb,7d,9f,aa,cf
"001a8a9eabcf"=hex:af,d5,8f,eb,89,73,3e,c2,48,b5,7e,55,55,fd,4d,d3
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:f2dcff4b
"s2"=dword:495bade3
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:e3,3e,05,2a,f9,8a,67,d7,a3,f1,66,d1,eb,d9,45,34,7c,6e,48,59,b2,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a94139462]
"001b5937e64a"=hex:18,2d,e2,bb,15,25,42,ea,2d,85,de,cb,7d,9f,aa,cf
"001a8a9eabcf"=hex:af,d5,8f,eb,89,73,3e,c2,48,b5,7e,55,55,fd,4d,d3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:e3,3e,05,2a,f9,8a,67,d7,a3,f1,66,d1,eb,d9,45,34,7c,6e,48,59,b2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services /b:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Sierra Wireless Inc\\3G Watcher\\SwiApiMux.exe"="C:\\Program Files\\Sierra Wireless Inc\\3G Watcher\\SwiApiMux.exe:*:Enabled:SwiApiMux"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Enabled:Pando Application"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Disabled:Football Manager 2008"
"C:\\Program Files\\NettGain1200 Client\\NettGain1200_C.exe"="C:\\Program Files\\NettGain1200 Client\\NettGain1200_C.exe:*:Enabled:NettGain1200_C"
"C:\\Program Files\\Neuf\\Media Center\\httpd\\httpd.exe"="C:\\Program Files\\Neuf\\Media Center\\httpd\\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)"
"C:\\WINDOWS\\system32\\drivers\\svchost.exe"="C:\\WINDOWS\\system32\\drivers\\svchost.exe:*:Disabled:svchost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\WINDOWS\\vsAOD.Exe"="C:\\WINDOWS\\vsAOD.Exe:*:Enabled:Visionsoft Audit on Demand Service"
"C:\\Program Files\\NettGain1200 Client\\NettGain1200_C.exe"="C:\\Program Files\\NettGain1200 Client\\NettGain1200_C.exe:*:Disabled:NettGain1200_C"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Neuf\\Media Center\\httpd\\httpd.exe"="C:\\Program Files\\Neuf\\Media Center\\httpd\\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="C:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "

[b]Remaining Files /b:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes /b:

Sun 12 Mar 2006 10,311,680 ..SH. --- "C:\Program Files\AVIConverter\mencoder.exe"
Wed 4 Aug 2004 1,028,096 ...H. --- "C:\WINDOWS\system32\mfc42.dll"
Wed 4 Aug 2004 54,784 ...H. --- "C:\WINDOWS\system32\msvcirt.dll"
Tue 28 Aug 2001 565,760 ...H. --- "C:\WINDOWS\system32\msvcp50.dll"
Wed 4 Aug 2004 413,696 ...H. --- "C:\WINDOWS\system32\msvcp60.dll"
Wed 4 Aug 2004 343,040 ...H. --- "C:\WINDOWS\system32\msvcrt.dll"
Tue 28 Aug 2001 253,952 ...H. --- "C:\WINDOWS\system32\msvcrt20.dll"
Tue 3 Aug 2004 61,440 ...H. --- "C:\WINDOWS\system32\msvcrt40.dll"
Wed 16 Nov 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 26 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 28 Oct 2007 20,233,232 A..H. --- "C:\Documents and Settings\A.T. WIN\Local Settings\temp\BITA.tmp"
Tue 23 Oct 2007 6,838 A..H. --- "C:\Program Files\Microsoft Office\Office\Gestionnaire Office\Off1.tmp"
Thu 30 Nov 2006 87,040 A..H. --- "C:\Documents and Settings\nnessigh\Bureau\CONCESSIONNAIRES\LOP\~WRL1634.tmp"
Wed 22 Nov 2006 84,480 A..H. --- "C:\Documents and Settings\nnessigh\Bureau\CONCESSIONNAIRES\LOP\~WRL1935.tmp"
Fri 10 Jun 2005 894,464 A..H. --- "C:\Documents and Settings\nnessigh\Mes documents\DIVERS RESEAU\Fiches et autres docs li‚s au stage\~WRL1011.tmp"
Mon 20 Jun 2005 864,768 A..H. --- "C:\Documents and Settings\nnessigh\Mes documents\DIVERS RESEAU\Fiches et autres docs li‚s au stage\~WRL1101.tmp"
Thu 16 Jun 2005 1,312,256 A..H. --- "C:\Documents and Settings\nnessigh\Mes documents\DIVERS RESEAU\Fiches et autres docs li‚s au stage\~WRL1518.tmp"
Tue 27 Feb 2007 1,644,032 ...H. --- "C:\Documents and Settings\nnessigh\Mes documents\DIVERS RESEAU\Fiches et autres docs li‚s au stage\~WRL1778.tmp"
Thu 16 Jun 2005 1,307,136 A..H. --- "C:\Documents and Settings\nnessigh\Mes documents\DIVERS RESEAU\Fiches et autres docs li‚s au stage\~WRL2142.tmp"
Fri 10 Jun 2005 894,464 A..H. --- "C:\Documents and Settings\nnessigh\Mes documents\DIVERS RESEAU\Fiches et autres docs li‚s au stage\~WRL3542.tmp"
Thu 16 Jun 2005 1,572,352 A..H. --- "C:\Documents and Settings\nnessigh\Mes documents\DIVERS RESEAU\Fiches et autres docs li‚s au stage\~WRL3876.tmp"
Wed 16 Nov 2005 4,348 ...H. --- "C:\Documents and Settings\nnessigh\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Sun 18 Nov 2007 20 A..H. --- "C:\Documents and Settings\nnessigh\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Sun 18 Nov 2007 400 A.SH. --- "C:\Documents and Settings\nnessigh\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Fri 24 Dec 2004 25,600 A..H. --- "C:\Documents and Settings\nnessigh\Mes documents\PERSO\candidature mail\~WRL0002.tmp"
Tue 19 Oct 2004 26,112 A..H. --- "C:\Documents and Settings\nnessigh\Mes documents\PERSO\candidature mail\~WRL0970.tmp"
Wed 29 Jun 2005 2,518,528 A..H. --- "C:\Documents and Settings\nnessigh\Mes documents\DIVERS RESEAU\B.A.O ISO\BOITE A OUTIL\~WRL1240.tmp"
Fri 22 Jul 2005 3,117,568 A..H. --- "C:\Documents and Settings\nnessigh\Mes documents\DIVERS RESEAU\B.A.O ISO\BOITE A OUTIL\DOSSIER FINAL\~WRL0441.tmp"
Thu 7 Jul 2005 2,914,304 A..H. --- "C:\Documents and Settings\nnessigh\Mes documents\DIVERS RESEAU\B.A.O ISO\BOITE A OUTIL\DOSSIER FINAL\~WRL0456.tmp"
Thu 7 Jul 2005 2,887,680 A..H. --- "C:\Documents and Settings\nnessigh\Mes documents\DIVERS RESEAU\B.A.O ISO\BOITE A OUTIL\DOSSIER FINAL\~WRL0844.tmp"
Wed 6 Jul 2005 2,904,064 A..H. --- "C:\Documents and Settings\nnessigh\Mes documents\DIVERS RESEAU\B.A.O ISO\BOITE A OUTIL\DOSSIER FINAL\~WRL1665.tmp"
Thu 7 Jul 2005 2,897,920 A..H. --- "C:\Documents and Settings\nnessigh\Mes documents\DIVERS RESEAU\B.A.O ISO\BOITE A OUTIL\DOSSIER FINAL\~WRL2443.tmp"
Thu 7 Jul 2005 2,898,944 A..H. --- "C:\Documents and Settings\nnessigh\Mes documents\DIVERS RESEAU\B.A.O ISO\BOITE A OUTIL\DOSSIER FINAL\~WRL2660.tmp"
Thu 7 Jul 2005 2,899,456 A..H. --- "C:\Documents and Settings\nnessigh\Mes documents\DIVERS RESEAU\B.A.O ISO\BOITE A OUTIL\DOSSIER FINAL\~WRL3579.tmp"
Thu 7 Jul 2005 2,887,168 A..H. --- "C:\Documents and Settings\nnessigh\Mes documents\DIVERS RESEAU\B.A.O ISO\BOITE A OUTIL\DOSSIER FINAL\~WRL3767.tmp"
Thu 7 Jul 2005 2,891,776 A..H. --- "C:\Documents and Settings\nnessigh\Mes documents\DIVERS RESEAU\B.A.O ISO\BOITE A OUTIL\DOSSIER FINAL\~WRL4023.tmp"

[b]Finished!/b



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:23:33, on 2008-09-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\lotus\notes\nslsvice.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\vsAOD.Exe
C:\Program Files\ORL\VNC\WinVNC.Exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\MTEF18.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\tp4serv.exe
C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe
C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Neuf\Widget Neuf\9widget.exe
C:\Documents and Settings\nnessigh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\NettGain1200 Client\NGSpawner.exe
C:\Program Files\NettGain1200 Client\NettGain1200_C.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gunder25:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://www.ma-terrasse.*;http://mertzwi3.*;http://tryba0.*;http://www.stockfenetres.*;http://172.16.24.*;http://gunder24.*;http://gunder53.*;http://gunder27.*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Install5G] D:\Install.exe /SI=1
O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe"
O4 - HKLM\..\Run: [Easy PDF Creator] C:\Program Files\Easy PDF Creator\EasyPDFCreator.exe
O4 - HKLM\..\Run: [Proc Deaf Delete Peak] C:\Documents and Settings\All Users\Application Data\file joy proc deaf\extra noun.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [internet regs] C:\DOCUME~1\nnessigh\APPLIC~1\STOPVC~1\Uplicensejunk.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S249.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Widget Neuf] "C:\Program Files\Neuf\Widget Neuf\9widget.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\nnessigh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: NettGain1200 Client.lnk = C:\Program Files\NettGain1200 Client\NGSpawner.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .qt: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tryba.com
O17 - HKLM\Software\..\Telephony: DomainName = tryba.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tryba.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tryba.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com,tryba.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Fonction Commande à distance de Client Access Express (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Ouverture de session unique de Lotus Notes (Lotus Notes Single Logon) - IBM Corp - C:\Program Files\lotus\notes\nslsvice.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Visionsoft Audit On Demand Service (vsAOD) - Visionsoft Limited - C:\WINDOWS\vsAOD.Exe
O23 - Service: VNC Server (winvnc) - AT&T Research Labs Cambridge - C:\Program Files\ORL\VNC\WinVNC.Exe

--
End of file - 12794 bytes

Bonne continuation ;-) Thought I heard a rumbling, calling to my name
Two hundred million guns are loaded, Satan cries "Take aim!"

   
Répondre à Sacabouffe

8

sKe69, le 16 sep 2008 à 01:04:12

Merci Sacabouffe ... =)

Donc on continue dans l'ordre :

1- Ouvre le bloc-notes (menu démarrer/accessoire/bloc-note) et fais un copier/coller de ce qui est en citation en gras ci-dessous :

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSs­erv]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv]­


Sauvegarder le document sur ton bureau :
Vas sur "fichier"/"enregistrer sous" :
--->Nom du fichier, tu tapes : fix.reg
Type de fichier, tu choisis : "tous les fichiers"
cliques sur "enregistrer"

!! Déconnectes toi et fermes toute tes applications en cours !!

Doubles clique sur fix.reg qui est sur ton bureau => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"


2- Télécharges : - CCleaner
http://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corrigé ton registre .Lors de l'installation, avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 première.
Une fois le prg instalé et lancé, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures"( Par la suite, laisse-le avec ses réglages par défaut. C'est tout ).

Un tuto ( aide ):
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

---> Utilisation:
! déconnectes toi et fermes toutes applications en cours !
* vas dans "nettoyeur" : fait analyse puis nettoyage
* vas dans "registre" : fait chercher les erreurs et réparer ( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) .

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )


3-Vas dans panneau de config/"ajout et suppression de prg" .
Regardes dans la liste si tu trouves un prg comme : " CID Help ", "Circle Developement" ou
"Adverts" --->si ils s'y trouvent , supprimes les .


4-Télécharges Lop S&D :
http://eric.71.mespages.googlepages.com/LopSD.exe

Déconnetes toi et fermes toutes tes applications en cours .

Double cliques sur sur l'.exe que tu viens de télécharger pour lancer l'installe .

Une fois l'installation faite, cliques sur le raccourci pour lancer l'outil .

Là,laisses toi guider:
--->choisis l'option 1 (recherche) et valides.

(Tu ne fais pas l'option de nettoyage ( 2 ou 3) ).

Une fois le scan terminer ,le Bloc-Notes contenant le rapport va s'ouvrir.
Postes ce rapport dans ta prochaine réponse pour analyse ....
Rien ne sert de courir .... Non, ça sert à rien ...    ---sKe---
"Baby, I'm going on an airplane, And I don't know if I'll be back again."
IMPORTANT : ne vous croyez pas tiré d'affaire
tant qu'on ne vous l'a pas dit !

   
Répondre à sKe69

9

nenesse67, le 16 sep 2008 à 09:55:24

BONJOUR

VOICI LE RAPPORT DEMANDE/


--------------------\\ Lop S&D 4.2.4-3 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.70GHz )
BIOS : Phoenix FirstBIOS(tm) Notebook Pro Version 2.0 for IBM ThinkPad
USER : nnessigh ( Not Administrator ! )
BOOT : Normal boot
Antivirus : Trend Micro OfficeScan Client 7.0 (Activated)
Firewall : Trend Micro OfficeScan Enterprise Client Firewall 7.3 (Not Activated)
C:\ (Local Disk) - NTFS - Total : 37 Go Free : 5 Go
D:\ (CD or DVD) - CDFS - Total : 0 Go Free : 0 Go
E:\ (USB) - FAT32 - Total : 7631 Mo Free : 5 Go

"C:\Lop SD" ( MAJ : 14-09-2008|22:40 )
Option : [1] ( 2008-09-16| 9:51 )

--------------------\\ Listing des dossiers dans APPLIC~1

[2008-06-20|22:13] C:\DOCUME~1\ATAA63~1.WIN\APPLIC~1\Adobe
[2004-06-08|14:58] C:\DOCUME~1\ATAA63~1.WIN\APPLIC~1\AdobeUM
[2008-09-14|16:53] C:\DOCUME~1\ATAA63~1.WIN\APPLIC~1\DivX
[2006-11-26|17:21] C:\DOCUME~1\ATAA63~1.WIN\APPLIC~1\Dossier de téléchargement Share-to-Web
[2007-12-16|23:31] C:\DOCUME~1\ATAA63~1.WIN\APPLIC~1\Grisoft
[2003-02-25|18:19] C:\DOCUME~1\ATAA63~1.WIN\APPLIC~1\Identities
[2004-05-29|03:18] C:\DOCUME~1\ATAA63~1.WIN\APPLIC~1\Macromedia
[2008-06-20|19:42] C:\DOCUME~1\ATAA63~1.WIN\APPLIC~1\Microsoft
[2008-06-19|20:46] C:\DOCUME~1\ATAA63~1.WIN\APPLIC~1\PC Suite
[2008-06-20|19:26] C:\DOCUME~1\ATAA63~1.WIN\APPLIC~1\Real
[2007-07-23|13:44] C:\DOCUME~1\ATAA63~1.WIN\APPLIC~1\Sierra Wireless
[2006-12-27|21:38] C:\DOCUME~1\ATAA63~1.WIN\APPLIC~1\Sonic
[2008-06-19|20:48] C:\DOCUME~1\ATAA63~1.WIN\APPLIC~1\Sports Interactive
[2004-03-31|23:04] C:\DOCUME~1\ATAA63~1.WIN\APPLIC~1\Symantec
[2006-12-26|14:28] C:\DOCUME~1\ATAA63~1.WIN\APPLIC~1\vlc

[2005-09-30|23:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[2004-11-17|18:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeUM
[2006-12-11|12:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\Dossier de téléchargement Share-to-Web
[2003-02-25|18:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[2006-03-12|14:38] C:\DOCUME~1\ADMINI~1\APPLIC~1\Kazaa Lite
[2006-01-18|18:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Leadertech
[2004-05-29|03:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[2005-11-10|20:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[2006-03-14|15:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\NewSoft
[2007-02-19|12:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[2006-03-14|15:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\ScanSoft
[2007-07-16|10:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sierra Wireless
[2006-01-18|18:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
[2004-03-31|23:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

[2004-06-03|10:00] C:\DOCUME~1\ADMINI~1.TRY\APPLIC~1\Adobe
[2003-02-25|18:19] C:\DOCUME~1\ADMINI~1.TRY\APPLIC~1\Identities
[2004-05-29|03:18] C:\DOCUME~1\ADMINI~1.TRY\APPLIC~1\Macromedia
[2005-09-30|18:56] C:\DOCUME~1\ADMINI~1.TRY\APPLIC~1\Microsoft
[2004-03-31|23:08] C:\DOCUME~1\ADMINI~1.TRY\APPLIC~1\Sonic
[2004-03-31|23:04] C:\DOCUME~1\ADMINI~1.TRY\APPLIC~1\Symantec

[2008-03-22|13:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2007-01-04|22:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2008-05-31|13:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[2008-04-07|12:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth
[2006-04-20|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[2008-04-13|14:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON
[2007-12-16|23:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[2007-05-14|09:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IBM
[2008-05-31|13:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
[2008-07-13|10:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[2007-12-17|10:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[2008-05-31|00:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2008-05-31|13:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
[2008-07-05|14:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[2005-12-16|19:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[2003-02-25|18:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[2006-06-08|09:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[2008-04-25|21:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[2006-03-14|15:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
[2006-03-14|15:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
[2004-03-31|23:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Support.com
[2004-05-28|08:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[2007-12-13|20:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[2006-10-14|01:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[2008-04-13|15:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[2006-01-09|10:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Visionsoft
[2007-11-20|12:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[2004-06-03|10:00] C:\DOCUME~1\cmeyer\APPLIC~1\Adobe
[2003-02-25|18:19] C:\DOCUME~1\cmeyer\APPLIC~1\Identities
[2004-05-29|03:18] C:\DOCUME~1\cmeyer\APPLIC~1\Macromedia
[2007-07-23|13:51] C:\DOCUME~1\cmeyer\APPLIC~1\Microsoft
[2007-07-23|13:52] C:\DOCUME~1\cmeyer\APPLIC~1\Sierra Wireless
[2004-03-31|23:08] C:\DOCUME~1\cmeyer\APPLIC~1\Sonic
[2004-03-31|23:04] C:\DOCUME~1\cmeyer\APPLIC~1\Symantec

[2004-06-03|10:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[2003-02-25|18:19] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[2004-05-29|03:18] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[2004-09-23|03:18] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[2004-03-31|23:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
[2004-03-31|23:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[2004-06-03|10:00] C:\DOCUME~1\fdp\APPLIC~1\Adobe
[2007-04-30|16:33] C:\DOCUME~1\fdp\APPLIC~1\AdobeUM
[2007-05-05|16:22] C:\DOCUME~1\fdp\APPLIC~1\Help
[2003-02-25|18:19] C:\DOCUME~1\fdp\APPLIC~1\Identities
[2004-05-29|03:18] C:\DOCUME~1\fdp\APPLIC~1\Macromedia
[2007-05-02|11:22] C:\DOCUME~1\fdp\APPLIC~1\Microsoft
[2007-05-11|20:40] C:\DOCUME~1\fdp\APPLIC~1\Real
[2004-03-31|23:08] C:\DOCUME~1\fdp\APPLIC~1\Sonic
[2004-03-31|23:04] C:\DOCUME~1\fdp\APPLIC~1\Symantec
[2007-04-27|18:43] C:\DOCUME~1\fdp\APPLIC~1\vlc

[2006-08-28|10:49] C:\DOCUME~1\LOCALS~1\APPLIC~1\Corel
[2006-08-28|09:39] C:\DOCUME~1\LOCALS~1\APPLIC~1\Identities
[2007-11-21|17:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[2006-08-28|09:39] C:\DOCUME~1\LOCALS~1\APPLIC~1\Sonic

[2003-02-25|18:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[2007-12-09|19:09] C:\DOCUME~1\nnessigh\APPLIC~1\.ABC
[2008-05-31|23:50] C:\DOCUME~1\nnessigh\APPLIC~1\AccurateRip
[2008-03-22|13:47] C:\DOCUME~1\nnessigh\APPLIC~1\Adobe
[2007-05-14|12:05] C:\DOCUME~1\nnessigh\APPLIC~1\AdobeUM
[2008-01-19|00:02] C:\DOCUME~1\nnessigh\APPLIC~1\AlauxSoft
[2008-05-31|13:05] C:\DOCUME~1\nnessigh\APPLIC~1\AVS4YOU
[2008-04-05|14:48] C:\DOCUME~1\nnessigh\APPLIC~1\CDBurnerXP_Soft
[2007-10-01|10:56] C:\DOCUME~1\nnessigh\APPLIC~1\Cimaware
[2006-06-01|14:44] C:\DOCUME~1\nnessigh\APPLIC~1\Corel
[2007-11-19|18:38] C:\DOCUME~1\nnessigh\APPLIC~1\DivX
[2008-06-30|22:21] C:\DOCUME~1\nnessigh\APPLIC~1\D-Jix Media
[2008-01-08|12:07] C:\DOCUME~1\nnessigh\APPLIC~1\dvdcss
[2008-04-13|15:32] C:\DOCUME~1\nnessigh\APPLIC~1\EPSON
[2008-02-09|21:27] C:\DOCUME~1\nnessigh\APPLIC~1\Google
[2007-12-16|23:22] C:\DOCUME~1\nnessigh\APPLIC~1\Grisoft
[2005-10-17|09:52] C:\DOCUME~1\nnessigh\APPLIC~1\Help
[2006-04-28|18:21] C:\DOCUME~1\nnessigh\APPLIC~1\IBM
[2003-02-25|18:19] C:\DOCUME~1\nnessigh\APPLIC~1\Identities
[2008-03-13|11:52] C:\DOCUME~1\nnessigh\APPLIC~1\InstallShield
[2005-11-17|22:53] C:\DOCUME~1\nnessigh\APPLIC~1\InterVideo
[2007-12-17|09:56] C:\DOCUME~1\nnessigh\APPLIC~1\Lavasoft
[2004-05-29|03:18] C:\DOCUME~1\nnessigh\APPLIC~1\Macromedia
[2008-01-02|02:00] C:\DOCUME~1\nnessigh\APPLIC~1\Microsoft
[2008-07-21|23:22] C:\DOCUME~1\nnessigh\APPLIC~1\Mozilla
[2008-06-09|14:37] C:\DOCUME~1\nnessigh\APPLIC~1\Nokia
[2008-06-01|00:00] C:\DOCUME~1\nnessigh\APPLIC~1\Nokia Multimedia Player
[2008-08-03|20:05] C:\DOCUME~1\nnessigh\APPLIC~1\PacificPoker
[2008-05-31|00:05] C:\DOCUME~1\nnessigh\APPLIC~1\PC Suite
[2007-01-06|14:40] C:\DOCUME~1\nnessigh\APPLIC~1\Real
[2006-06-08|09:25] C:\DOCUME~1\nnessigh\APPLIC~1\ScanSoft
[2008-05-17|23:05] C:\DOCUME~1\nnessigh\APPLIC~1\SecuROM
[2007-07-16|10:56] C:\DOCUME~1\nnessigh\APPLIC~1\Sierra Wireless
[2008-05-26|18:49] C:\DOCUME~1\nnessigh\APPLIC~1\Skype
[2008-05-25|16:21] C:\DOCUME~1\nnessigh\APPLIC~1\skypePM
[2007-11-08|19:09] C:\DOCUME~1\nnessigh\APPLIC~1\SodeaSoft
[2005-10-20|00:25] C:\DOCUME~1\nnessigh\APPLIC~1\Sonic
[2008-05-19|10:59] C:\DOCUME~1\nnessigh\APPLIC~1\Sports Interactive
[2007-12-27|18:58] C:\DOCUME~1\nnessigh\APPLIC~1\stop vc
[2008-02-09|15:45] C:\DOCUME~1\nnessigh\APPLIC~1\Sun
[2004-03-31|23:04] C:\DOCUME~1\nnessigh\APPLIC~1\Symantec
[2008-01-20|00:38] C:\DOCUME~1\nnessigh\APPLIC~1\TypingMaster7
[2008-06-09|10:07] C:\DOCUME~1\nnessigh\APPLIC~1\uTorrent
[2006-03-12|14:30] C:\DOCUME~1\nnessigh\APPLIC~1\vlc

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[2008-09-16 07:19][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
[2006-05-29 10:53][--a------] C:\WINDOWS\tasks\BMMTask.job
[2008-09-16 00:07][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2001-08-28 16:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[2004-09-23|23:28] C:\Program Files\3E
[2007-12-16|14:25] C:\Program Files\3wPlayer
[2008-05-18|12:06] C:\Program Files\Absolute Patience
[2005-09-30|23:07] C:\Program Files\Adobe
[2008-05-18|13:04] C:\Program Files\Alcohol Soft
[2006-08-23|12:54] C:\Program Files\Athan
[2004-03-31|22:58] C:\Program Files\ATI Technologies
[2007-09-08|19:40] C:\Program Files\AVIConverter
[2008-05-31|23:43] C:\Program Files\AVS4YOU
[2008-06-17|21:19] C:\Program Files\Boonty
[2008-08-04|12:23] C:\Program Files\bwin
[2007-12-04|10:28] C:\Program Files\C&E
[2005-09-30|22:45] C:\Program Files\CA
[2008-03-22|13:48] C:\Program Files\Canal
[2007-02-26|11:26] C:\Program Files\Canon
[2008-09-16|09:43] C:\Program Files\CCleaner
[2008-04-05|14:45] C:\Program Files\CDBurnerXP
[2007-10-01|10:59] C:\Program Files\Cimaware
[2007-02-19|12:48] C:\Program Files\Cisco Systems
[2004-03-31|22:51] C:\Program Files\Common Files
[2003-02-25|18:10] C:\Program Files\ComPlus Applications
[2008-01-19|00:02] C:\Program Files\Comptes et Budget Free V5.0
[2008-05-18|18:36] C:\Program Files\Conduit
[2004-09-23|04:53] C:\Program Files\CONEXANT
[2006-03-25|18:52] C:\Program Files\Data transfer
[2008-05-30|23:48] C:\Program Files\DIFX
[2004-09-23|04:54] C:\Program Files\Digital Line Detect
[2008-04-13|13:22] C:\Program Files\DivX
[2008-06-25|20:52] C:\Program Files\D-Jix
[2006-08-17|01:38] C:\Program Files\DV Cam
[2006-12-18|18:48] C:\Program Files\ELCIA
[2008-04-13|14:59] C:\Program Files\EPSON
[2008-09-08|22:45] C:\Program Files\Fichiers communs
[2008-05-18|18:36] C:\Program Files\free-downloads.net
[2008-03-22|14:10] C:\Program Files\Google
[2007-12-16|23:21] C:\Program Files\Grisoft
[2007-02-26|11:30] C:\Program Files\Hewlett-Packard
[2004-06-02|10:10] C:\Program Files\HighMAT CD Writing Wizard
[2004-11-17|17:19] C:\Program Files\IBM
[2004-03-31|23:08] C:\Program Files\IBM DLA
[2004-03-31|23:08] C:\Program Files\IBM RecordNow!
[2008-05-31|23:50] C:\Program Files\Illustrate
[2008-07-13|10:24] C:\Program Files\InstallShield Installation Information
[2004-03-31|22:57] C:\Program Files\Intel
[2005-09-30|22:43] C:\Program Files\Internet Explorer
[2004-03-31|23:07] C:\Program Files\InterVideo
[2006-02-12|02:39] C:\Program Files\Inventel
[2008-04-07|12:37] C:\Program Files\IVT Corporation
[2008-02-09|15:44] C:\Program Files\Java
[2007-12-17|10:15] C:\Program Files\Lavasoft
[2007-04-26|19:53] C:\Program Files\Lexmark Applications
[2007-04-26|19:54] C:\Program Files\Lexmark_HostCD
[2004-06-03|08:55] C:\Program Files\lotus
[2004-03-31|22:57] C:\Program Files\ltmoh
[2005-09-30|22:44] C:\Program Files\Messenger
[2007-08-11|20:11] C:\Program Files\Micro Application
[2003-02-25|18:14] C:\Program Files\microsoft frontpage
[2007-10-01|11:29] C:\Program Files\Microsoft Office
[2008-07-13|10:24] C:\Program Files\Mindscape
[2005-09-30|22:43] C:\Program Files\Movie Maker
[2008-09-16|09:34] C:\Program Files\Mozilla Firefox
[2008-05-18|00:05] C:\Program Files\mp3cd
[2003-02-25|18:10] C:\Program Files\MSN Gaming Zone
[2008-02-21|14:34] C:\Program Files\MSN Messenger
[2008-03-22|13:42] C:\Program Files\MSXML 6.0
[2008-03-22|14:13] C:\Program Files\Navilog1
[2005-09-30|22:40] C:\Program Files\NetMeeting
[2008-09-16|01:02] C:\Program Files\NettGain1200 Client
[2004-09-23|04:53] C:\Program Files\NetWaiting
[2008-06-17|20:26] C:\Program Files\Neuf
[2007-12-26|14:21] C:\Program Files\neuf_VOD
[2008-05-31|13:18] C:\Program Files\Nokia
[2006-11-02|16:56] C:\Program Files\Nouveau dossier
[2004-06-03|08:48] C:\Program Files\ORL
[2005-09-30|22:39] C:\Program Files\Outlook Express
[2008-08-03|20:05] C:\Program Files\PacificPoker
[2008-05-30|23:47] C:\Program Files\PC Connectivity Solution
[2007-10-01|11:00] C:\Program Files\PC Inspector File Recovery
[2004-03-31|23:17] C:\Program Files\PC-Doctor for Windows
[2008-09-10|15:36] C:\Program Files\PDFCreator
[2008-09-10|15:08] C:\Program Files\PDFCreator Toolbar
[2007-12-16|22:41] C:\Program Files\PokerStars.NET
[2005-10-10|11:28] C:\Program Files\PowerPoint Viewer
[2007-02-26|11:31] C:\Program Files\QuickTime
[2004-09-23|23:28] C:\Program Files\Rainbow Technologies
[2007-01-06|14:38] C:\Program Files\Real
[2007-10-01|10:54] C:\Program Files\Recovery for Word
[2006-11-20|12:19] C:\Program Files\SafeNet Sentinel
[2004-03-31|23:03] C:\Program Files\SBApps
[2006-03-14|15:22] C:\Program Files\ScanSoft
[2004-06-02|10:55] C:\Program Files\Services en ligne
[2007-07-16|10:40] C:\Program Files\Sierra Wireless Inc
[2008-04-25|21:59] C:\Program Files\Skype
[2008-03-22|14:13] C:\Program Files\SodeaSoft
[2008-07-13|10:25] C:\Program Files\SoftwarePassport
[2004-03-31|23:08] C:\Program Files\Sonic
[2005-11-30|13:44] C:\Program Files\Sowedoo Software
[2008-05-28|19:20] C:\Program Files\Sports Interactive
[2008-09-08|22:45] C:\Program Files\Stardock
[2004-06-05|12:12] C:\Program Files\Statistiques
[2004-06-08|10:44] C:\Program Files\Support.com
[2004-03-31|22:19] C:\Program Files\Synaptics
[2008-05-31|23:41] C:\Program Files\TallStick
[2004-03-31|22:53] C:\Program Files\ThinkPad
[2007-02-12|15:15] C:\Program Files\TomTom DesktopSuite
[2008-03-22|14:13] C:\Program Files\TomTom HOME
[2007-12-25|17:21] C:\Program Files\Trend Micro
[2007-12-13|20:30] C:\Program Files\Trojan Remover
[2005-11-14|13:04] C:\Program Files\Uninstall Information
[2008-03-01|21:32] C:\Program Files\Unlocker
[2008-05-17|23:17] C:\Program Files\uTorrent
[2006-03-12|14:14] C:\Program Files\VideoLAN
[2004-06-02|10:16] C:\Program Files\Windows Journal Viewer
[2007-11-19|21:59] C:\Program Files\Windows Media Connect 2
[2007-11-19|21:59] C:\Program Files\Windows Media Player
[2005-09-30|22:39] C:\Program Files\Windows NT
[2004-09-23|05:47] C:\Program Files\WindowsUpdate
[2006-01-07|02:20] C:\Program Files\WinRAR
[2005-10-10|11:27] C:\Program Files\WordView
[2003-02-25|18:14] C:\Program Files\xerox
[2008-06-30|22:20] C:\Program Files\Zero G Registry

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[2007-05-14|09:16] C:\Program Files\Fichiers communs\Adobe
[2008-03-22|13:46] C:\Program Files\Fichiers communs\Adobe AIR
[2008-05-31|23:43] C:\Program Files\Fichiers communs\AVSMedia
[2007-02-19|12:48] C:\Program Files\Fichiers communs\Deterministic Networks
[2007-11-27|12:12] C:\Program Files\Fichiers communs\ELCIA
[2006-11-26|17:20] C:\Program Files\Fichiers communs\Hewlett-Packard
[2006-06-01|11:02] C:\Program Files\Fichiers communs\InstallShield
[2008-02-09|15:41] C:\Program Files\Fichiers communs\Java
[2008-05-31|13:04] C:\Program Files\Fichiers communs\Microsoft Shared
[2006-10-18|20:29] C:\Program Files\Fichiers communs\MimarSinan
[2003-02-25|18:11] C:\Program Files\Fichiers communs\MSSoap
[2008-05-31|13:17] C:\Program Files\Fichiers communs\Nokia
[2003-02-25|18:05] C:\Program Files\Fichiers communs\ODBC
[2008-05-30|23:49] C:\Program Files\Fichiers communs\PCSuite
[2007-01-06|14:38] C:\Program Files\Fichiers communs\Real
[2006-11-20|12:19] C:\Program Files\Fichiers communs\SafeNet Sentinel
[2006-03-14|15:23] C:\Program Files\Fichiers communs\ScanSoft Shared
[2003-02-25|18:11] C:\Program Files\Fichiers communs\Services
[2008-04-25|21:59] C:\Program Files\Fichiers communs\Skype
[2004-03-31|23:08] C:\Program Files\Fichiers communs\Sonic
[2005-11-30|13:44] C:\Program Files\Fichiers communs\Sowedoo Shared
[2003-02-25|18:05] C:\Program Files\Fichiers communs\SpeechEngines
[2008-09-08|22:45] C:\Program Files\Fichiers communs\stardock
[2004-03-31|23:08] C:\Program Files\Fichiers communs\SureThing Shared
[2005-09-30|22:39] C:\Program Files\Fichiers communs\System
[2007-12-17|10:13] C:\Program Files\Fichiers communs\Wise Installation Wizard
[2007-01-06|14:38] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 54 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\nnessigh\LOCALS~1\Temp\nsq55.tmp
C:\Program Files\3wPlayer

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 09:52:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ ROOTKIT !!

Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Services\tdssserv]
Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\tdssserv]
Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKLM\..\ControlSet001\Services\tdssserv]
Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\tdssserv]
Rootkit Tibs ! .. [HKLM\..\ControlSet002\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKLM\..\ControlSet002\Services\tdssserv]
Rootkit Tibs ! .. [HKLM\..\ControlSet002\Enum\Root\tdssserv]

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\nnessigh\Application Data\uTorrent\Football_Manager_2008.CRACK-HATRED.torrent
C:\DOCUME~1\nnessigh\Mes documents\DesktopX V.3.2\Stardock.DesktopX.Professional.v3.0.Incl.Keymaker-ZWT\keygen.exe
C:\DOCUME~1\nnessigh\Mes documents\Downloads\Football_Manager_2008.CRACK-HATRED
C:\DOCUME~1\nnessigh\Mes documents\Downloads\Football_Manager_2008.CRACK-HATRED\HATRED.rar
C:\DOCUME~1\nnessigh\Mes documents\Downloads\Football_Manager_2008.CRACK-HATRED\shadowtorrents.url


[F:16][D:5]-> C:\DOCUME~1\nnessigh\LOCALS~1\Temp
[F:1][D:0]-> C:\DOCUME~1\nnessigh\Cookies
[F:1][D:0]-> C:\DOCUME~1\nnessigh\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 2008-09-16| 9:53 - Option : [1]

--------------------\\ Fin du rapport a 9:53:24

   
Répondre à nenesse67

10

nenesse67, le 16 sep 2008 à 09:55:51

BONJOUR

VOICI LE RAPPORT DEMANDE/


--------------------\\ Lop S&D 4.2.4-3 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.70GHz )
BIOS : Phoenix FirstBIOS(tm) Notebook Pro Version 2.0 for IBM ThinkPad
USER : nnessigh ( Not Administrator ! )
BOOT : Normal boot
Antivirus : Trend Micro OfficeScan Client 7.0 (Activated)
Firewall : Trend Micro OfficeScan Enterprise Client Firewall 7.3 (Not Activated)
C:\ (Local Disk) - NTFS - Total : 37 Go Free : 5 Go
D:\ (CD or DVD) - CDFS - Total : 0 Go Free : 0 Go
E:\ (USB) - FAT32 - Total : 7631 Mo Free : 5 Go

"C:\Lop SD" ( MAJ : 14-09-2008|22:40 )
Option : [1] ( 2008-09-16| 9:51 )

--------------------\\ Listing des dossiers dans APPLIC~1

[2008-06-20|22:13] C:\DOCUME~1\ATAA63~1.WIN\APPLIC~1\Adobe
[2004-06-08|14:58] C:\DOCUME~1\ATAA63~1.WIN\APPLIC~1\AdobeUM
[2008-09-14|16:53] C:\DOCUME~1\ATAA63~1.WIN\APPLIC~1\DivX
[2006-11-26|17:21] C:\DOCUME~1\ATAA63~1.WIN\APPLIC~1\Dossier de téléchargement Share-to-Web
[2007-12-16|23:31] C:\DOCUME~1\ATAA63~1.WIN\APPLIC~1\Grisoft
[2003-02-25|18:19] C:\DOCUME~1\ATAA63~1.WIN\APPLIC~1\Identities
[2004-05-29|03:18] C:\DOCUME~1\ATAA63~1.WIN\APPLIC~1\Macromedia
[2008-06-20|19:42] C:\DOCUME~1\ATAA63~1.WIN\APPLIC~1\Microsoft
[2008-06-19|20:46] C:\DOCUME~1\ATAA63~1.WIN\APPLIC~1\PC Suite
[2008-06-20|19:26] C:\DOCUME~1\ATAA63~1.WIN\APPLIC~1\Real
[2007-07-23|13:44] C:\DOCUME~1\ATAA63~1.WIN\APPLIC~1\Sierra Wireless
[2006-12-27|21:38] C:\DOCUME~1\ATAA63~1.WIN\APPLIC~1\Sonic
[2008-06-19|20:48] C:\DOCUME~1\ATAA63~1.WIN\APPLIC~1\Sports Interactive
[2004-03-31|23:04] C:\DOCUME~1\ATAA63~1.WIN\APPLIC~1\Symantec
[2006-12-26|14:28] C:\DOCUME~1\ATAA63~1.WIN\APPLIC~1\vlc

[2005-09-30|23:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[2004-11-17|18:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeUM
[2006-12-11|12:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\Dossier de téléchargement Share-to-Web
[2003-02-25|18:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[2006-03-12|14:38] C:\DOCUME~1\ADMINI~1\APPLIC~1\Kazaa Lite
[2006-01-18|18:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Leadertech
[2004-05-29|03:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[2005-11-10|20:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[2006-03-14|15:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\NewSoft
[2007-02-19|12:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[2006-03-14|15:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\ScanSoft
[2007-07-16|10:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sierra Wireless
[2006-01-18|18:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
[2004-03-31|23:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

[2004-06-03|10:00] C:\DOCUME~1\ADMINI~1.TRY\APPLIC~1\Adobe
[2003-02-25|18:19] C:\DOCUME~1\ADMINI~1.TRY\APPLIC~1\Identities
[2004-05-29|03:18] C:\DOCUME~1\ADMINI~1.TRY\APPLIC~1\Macromedia
[2005-09-30|18:56] C:\DOCUME~1\ADMINI~1.TRY\APPLIC~1\Microsoft
[2004-03-31|23:08] C:\DOCUME~1\ADMINI~1.TRY\APPLIC~1\Sonic
[2004-03-31|23:04] C:\DOCUME~1\ADMINI~1.TRY\APPLIC~1\Symantec

[2008-03-22|13:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2007-01-04|22:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2008-05-31|13:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[2008-04-07|12:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth
[2006-04-20|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[2008-04-13|14:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON
[2007-12-16|23:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[2007-05-14|09:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IBM
[2008-05-31|13:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
[2008-07-13|10:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[2007-12-17|10:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[2008-05-31|00:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2008-05-31|13:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
[2008-07-05|14:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[2005-12-16|19:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[2003-02-25|18:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[2006-06-08|09:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[2008-04-25|21:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[2006-03-14|15:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
[2006-03-14|15:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
[2004-03-31|23:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Support.com
[2004-05-28|08:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[2007-12-13|20:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[2006-10-14|01:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[2008-04-13|15:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[2006-01-09|10:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Visionsoft
[2007-11-20|12:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[2004-06-03|10:00] C:\DOCUME~1\cmeyer\APPLIC~1\Adobe
[2003-02-25|18:19] C:\DOCUME~1\cmeyer\APPLIC~1\Identities
[2004-05-29|03:18] C:\DOCUME~1\cmeyer\APPLIC~1\Macromedia
[2007-07-23|13:51] C:\DOCUME~1\cmeyer\APPLIC~1\Microsoft
[2007-07-23|13:52] C:\DOCUME~1\cmeyer\APPLIC~1\Sierra Wireless
[2004-03-31|23:08] C:\DOCUME~1\cmeyer\APPLIC~1\Sonic
[2004-03-31|23:04] C:\DOCUME~1\cmeyer\APPLIC~1\Symantec

[2004-06-03|10:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[2003-02-25|18:19] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[2004-05-29|03:18] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[2004-09-23|03:18] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[2004-03-31|23:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
[2004-03-31|23:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[2004-06-03|10:00] C:\DOCUME~1\fdp\APPLIC~1\Adobe
[2007-04-30|16:33] C:\DOCUME~1\fdp\APPLIC~1\AdobeUM
[2007-05-05|16:22] C:\DOCUME~1\fdp\APPLIC~1\Help
[2003-02-25|18:19] C:\DOCUME~1\fdp\APPLIC~1\Identities
[2004-05-29|03:18] C:\DOCUME~1\fdp\APPLIC~1\Macromedia
[2007-05-02|11:22] C:\DOCUME~1\fdp\APPLIC~1\Microsoft
[2007-05-11|20:40] C:\DOCUME~1\fdp\APPLIC~1\Real
[2004-03-31|23:08] C:\DOCUME~1\fdp\APPLIC~1\Sonic
[2004-03-31|23:04] C:\DOCUME~1\fdp\APPLIC~1\Symantec
[2007-04-27|18:43] C:\DOCUME~1\fdp\APPLIC~1\vlc

[2006-08-28|10:49] C:\DOCUME~1\LOCALS~1\APPLIC~1\Corel
[2006-08-28|09:39] C:\DOCUME~1\LOCALS~1\APPLIC~1\Identities
[2007-11-21|17:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[2006-08-28|09:39] C:\DOCUME~1\LOCALS~1\APPLIC~1\Sonic

[2003-02-25|18:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[2007-12-09|19:09] C:\DOCUME~1\nnessigh\APPLIC~1\.ABC
[2008-05-31|23:50] C:\DOCUME~1\nnessigh\APPLIC~1\AccurateRip
[2008-03-22|13:47] C:\DOCUME~1\nnessigh\APPLIC~1\Adobe
[2007-05-14|12:05] C:\DOCUME~1\nnessigh\APPLIC~1\AdobeUM
[2008-01-19|00:02] C:\DOCUME~1\nnessigh\APPLIC~1\AlauxSoft
[2008-05-31|13:05] C:\DOCUME~1\nnessigh\APPLIC~1\AVS4YOU
[2008-04-05|14:48] C:\DOCUME~1\nnessigh\APPLIC~1\CDBurnerXP_Soft
[2007-10-01|10:56] C:\DOCUME~1\nnessigh\APPLIC~1\Cimaware
[2006-06-01|14:44] C:\DOCUME~1\nnessigh\APPLIC~1\Corel
[2007-11-19|18:38] C:\DOCUME~1\nnessigh\APPLIC~1\DivX
[2008-06-30|22:21] C:\DOCUME~1\nnessigh\APPLIC~1\D-Jix Media
[2008-01-08|12:07] C:\DOCUME~1\nnessigh\APPLIC~1\dvdcss
[2008-04-13|15:32] C:\DOCUME~1\nnessigh\APPLIC~1\EPSON
[2008-02-09|21:27] C:\DOCUME~1\nnessigh\APPLIC~1\Google
[2007-12-16|23:22] C:\DOCUME~1\nnessigh\APPLIC~1\Grisoft
[2005-10-17|09:52] C:\DOCUME~1\nnessigh\APPLIC~1\Help
[2006-04-28|18:21] C:\DOCUME~1\nnessigh\APPLIC~1\IBM
[2003-02-25|18:19] C:\DOCUME~1\nnessigh\APPLIC~1\Identities
[2008-03-13|11:52] C:\DOCUME~1\nnessigh\APPLIC~1\InstallShield
[2005-11-17|22:53] C:\DOCUME~1\nnessigh\APPLIC~1\InterVideo
[2007-12-17|09:56] C:\DOCUME~1\nnessigh\APPLIC~1\Lavasoft
[2004-05-29|03:18] C:\DOCUME~1\nnessigh\APPLIC~1\Macromedia
[2008-01-02|02:00] C:\DOCUME~1\nnessigh\APPLIC~1\Microsoft
[2008-07-21|23:22] C:\DOCUME~1\nnessigh\APPLIC~1\Mozilla
[2008-06-09|14:37] C:\DOCUME~1\nnessigh\APPLIC~1\Nokia
[2008-06-01|00:00] C:\DOCUME~1\nnessigh\APPLIC~1\Nokia Multimedia Player
[2008-08-03|20:05] C:\DOCUME~1\nnessigh\APPLIC~1\PacificPoker
[2008-05-31|00:05] C:\DOCUME~1\nnessigh\APPLIC~1\PC Suite
[2007-01-06|14:40] C:\DOCUME~1\nnessigh\APPLIC~1\Real
[2006-06-08|09:25] C:\DOCUME~1\nnessigh\APPLIC~1\ScanSoft
[2008-05-17|23:05] C:\DOCUME~1\nnessigh\APPLIC~1\SecuROM
[2007-07-16|10:56] C:\DOCUME~1\nnessigh\APPLIC~1\Sierra Wireless
[2008-05-26|18:49] C:\DOCUME~1\nnessigh\APPLIC~1\Skype
[2008-05-25|16:21] C:\DOCUME~1\nnessigh\APPLIC~1\skypePM
[2007-11-08|19:09] C:\DOCUME~1\nnessigh\APPLIC~1\SodeaSoft
[2005-10-20|00:25] C:\DOCUME~1\nnessigh\APPLIC~1\Sonic
[2008-05-19|10:59] C:\DOCUME~1\nnessigh\APPLIC~1\Sports Interactive
[2007-12-27|18:58] C:\DOCUME~1\nnessigh\APPLIC~1\stop vc
[2008-02-09|15:45] C:\DOCUME~1\nnessigh\APPLIC~1\Sun
[2004-03-31|23:04] C:\DOCUME~1\nnessigh\APPLIC~1\Symantec
[2008-01-20|00:38] C:\DOCUME~1\nnessigh\APPLIC~1\TypingMaster7
[2008-06-09|10:07] C:\DOCUME~1\nnessigh\APPLIC~1\uTorrent
[2006-03-12|14:30] C:\DOCUME~1\nnessigh\APPLIC~1\vlc

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[2008-09-16 07:19][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
[2006-05-29 10:53][--a------] C:\WINDOWS\tasks\BMMTask.job
[2008-09-16 00:07][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2001-08-28 16:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[2004-09-23|23:28] C:\Program Files\3E
[2007-12-16|14:25] C:\Program Files\3wPlayer
[2008-05-18|12:06] C:\Program Files\Absolute Patience
[2005-09-30|23:07] C:\Program Files\Adobe
[2008-05-18|13:04] C:\Program Files\Alcohol Soft
[2006-08-23|12:54] C:\Program Files\Athan
[2004-03-31|22:58] C:\Program Files\ATI Technologies
[2007-09-08|19:40] C:\Program Files\AVIConverter
[2008-05-31|23:43] C:\Program Files\AVS4YOU
[2008-06-17|21:19] C:\Program Files\Boonty
[2008-08-04|12:23] C:\Program Files\bwin
[2007-12-04|10:28] C:\Program Files\C&E
[2005-09-30|22:45] C:\Program Files\CA
[2008-03-22|13:48] C:\Program Files\Canal
[2007-02-26|11:26] C:\Program Files\Canon
[2008-09-16|09:43] C:\Program Files\CCleaner
[2008-04-05|14:45] C:\Program Files\CDBurnerXP
[2007-10-01|10:59] C:\Program Files\Cimaware
[2007-02-19|12:48] C:\Program Files\Cisco Systems
[2004-03-31|22:51] C:\Program Files\Common Files
[2003-02-25|18:10] C:\Program Files\ComPlus Applications
[2008-01-19|00:02] C:\Program Files\Comptes et Budget Free V5.0
[2008-05-18|18:36] C:\Program Files\Conduit
[2004-09-23|04:53] C:\Program Files\CONEXANT
[2006-03-25|18:52] C:\Program Files\Data transfer
[2008-05-30|23:48] C:\Program Files\DIFX
[2004-09-23|04:54] C:\Program Files\Digital Line Detect
[2008-04-13|13:22] C:\Program Files\DivX
[2008-06-25|20:52] C:\Program Files\D-Jix
[2006-08-17|01:38] C:\Program Files\DV Cam
[2006-12-18|18:48] C:\Program Files\ELCIA
[2008-04-13|14:59] C:\Program Files\EPSON
[2008-09-08|22:45] C:\Program Files\Fichiers communs
[2008-05-18|18:36] C:\Program Files\free-downloads.net
[2008-03-22|14:10] C:\Program Files\Google
[2007-12-16|23:21] C:\Program Files\Grisoft
[2007-02-26|11:30] C:\Program Files\Hewlett-Packard
[2004-06-02|10:10] C:\Program Files\HighMAT CD Writing Wizard
[2004-11-17|17:19] C:\Program Files\IBM
[2004-03-31|23:08] C:\Program Files\IBM DLA
[2004-03-31|23:08] C:\Program Files\IBM RecordNow!
[2008-05-31|23:50] C:\Program Files\Illustrate
[2008-07-13|10:24] C:\Program Files\InstallShield Installation Information
[2004-03-31|22:57] C:\Program Files\Intel
[2005-09-30|22:43] C:\Program Files\Internet Explorer
[2004-03-31|23:07] C:\Program Files\InterVideo
[2006-02-12|02:39] C:\Program Files\Inventel
[2008-04-07|12:37] C:\Program Files\IVT Corporation
[2008-02-09|15:44] C:\Program Files\Java
[2007-12-17|10:15] C:\Program Files\Lavasoft
[2007-04-26|19:53] C:\Program Files\Lexmark Applications
[2007-04-26|19:54] C:\Program Files\Lexmark_HostCD
[2004-06-03|08:55] C:\Program Files\lotus
[2004-03-31|22:57] C:\Program Files\ltmoh
[2005-09-30|22:44] C:\Program Files\Messenger
[2007-08-11|20:11] C:\Program Files\Micro Application
[2003-02-25|18:14] C:\Program Files\microsoft frontpage
[2007-10-01|11:29] C:\Program Files\Microsoft Office
[2008-07-13|10:24] C:\Program Files\Mindscape
[2005-09-30|22:43] C:\Program Files\Movie Maker
[2008-09-16|09:34] C:\Program Files\Mozilla Firefox
[2008-05-18|00:05] C:\Program Files\mp3cd
[2003-02-25|18:10] C:\Program Files\MSN Gaming Zone
[2008-02-21|14:34] C:\Program Files\MSN Messenger
[2008-03-22|13:42] C:\Program Files\MSXML 6.0
[2008-03-22|14:13] C:\Program Files\Navilog1
[2005-09-30|22:40] C:\Program Files\NetMeeting
[2008-09-16|01:02] C:\Program Files\NettGain1200 Client
[2004-09-23|04:53] C:\Program Files\NetWaiting
[2008-06-17|20:26] C:\Program Files\Neuf
[2007-12-26|14:21] C:\Program Files\neuf_VOD
[2008-05-31|13:18] C:\Program Files\Nokia
[2006-11-02|16:56] C:\Program Files\Nouveau dossier
[2004-06-03|08:48] C:\Program Files\ORL
[2005-09-30|22:39] C:\Program Files\Outlook Express
[2008-08-03|20:05] C:\Program Files\PacificPoker
[2008-05-30|23:47] C:\Program Files\PC Connectivity Solution
[2007-10-01|11:00] C:\Program Files\PC Inspector File Recovery
[2004-03-31|23:17] C:\Program Files\PC-Doctor for Windows
[2008-09-10|15:36] C:\Program Files\PDFCreator
[2008-09-10|15:08] C:\Program Files\PDFCreator Toolbar
[2007-12-16|22:41] C:\Program Files\PokerStars.NET
[2005-10-10|11:28] C:\Program Files\PowerPoint Viewer
[2007-02-26|11:31] C:\Program Files\QuickTime
[2004-09-23|23:28] C:\Program Files\Rainbow Technologies
[2007-01-06|14:38] C:\Program Files\Real
[2007-10-01|10:54] C:\Program Files\Recovery for Word
[2006-11-20|12:19] C:\Program Files\SafeNet Sentinel
[2004-03-31|23:03] C:\Program Files\SBApps
[2006-03-14|15:22] C:\Program Files\ScanSoft
[2004-06-02|10:55] C:\Program Files\Services en ligne
[2007-07-16|10:40] C:\Program Files\Sierra Wireless Inc
[2008-04-25|21:59] C:\Program Files\Skype
[2008-03-22|14:13] C:\Program Files\SodeaSoft
[2008-07-13|10:25] C:\Program Files\SoftwarePassport
[2004-03-31|23:08] C:\Program Files\Sonic
[2005-11-30|13:44] C:\Program Files\Sowedoo Software
[2008-05-28|19:20] C:\Program Files\Sports Interactive
[2008-09-08|22:45] C:\Program Files\Stardock
[2004-06-05|12:12] C:\Program Files\Statistiques
[2004-06-08|10:44] C:\Program Files\Support.com
[2004-03-31|22:19] C:\Program Files\Synaptics
[2008-05-31|23:41] C:\Program Files\TallStick
[2004-03-31|22:53] C:\Program Files\ThinkPad
[2007-02-12|15:15] C:\Program Files\TomTom DesktopSuite
[2008-03-22|14:13] C:\Program Files\TomTom HOME
[2007-12-25|17:21] C:\Program Files\Trend Micro
[2007-12-13|20:30] C:\Program Files\Trojan Remover
[2005-11-14|13:04] C:\Program Files\Uninstall Information
[2008-03-01|21:32] C:\Program Files\Unlocker
[2008-05-17|23:17] C:\Program Files\uTorrent
[2006-03-12|14:14] C:\Program Files\VideoLAN
[2004-06-02|10:16] C:\Program Files\Windows Journal Viewer
[2007-11-19|21:59] C:\Program Files\Windows Media Connect 2
[2007-11-19|21:59] C:\Program Files\Windows Media Player
[2005-09-30|22:39] C:\Program Files\Windows NT
[2004-09-23|05:47] C:\Program Files\WindowsUpdate
[2006-01-07|02:20] C:\Program Files\WinRAR
[2005-10-10|11:27] C:\Program Files\WordView
[2003-02-25|18:14] C:\Program Files\xerox
[2008-06-30|22:20] C:\Program Files\Zero G Registry

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[2007-05-14|09:16] C:\Program Files\Fichiers communs\Adobe
[2008-03-22|13:46] C:\Program Files\Fichiers communs\Adobe AIR
[2008-05-31|23:43] C:\Program Files\Fichiers communs\AVSMedia
[2007-02-19|12:48] C:\Program Files\Fichiers communs\Deterministic Networks
[2007-11-27|12:12] C:\Program Files\Fichiers communs\ELCIA
[2006-11-26|17:20] C:\Program Files\Fichiers communs\Hewlett-Packard
[2006-06-01|11:02] C:\Program Files\Fichiers communs\InstallShield
[2008-02-09|15:41] C:\Program Files\Fichiers communs\Java
[2008-05-31|13:04] C:\Program Files\Fichiers communs\Microsoft Shared
[2006-10-18|20:29] C:\Program Files\Fichiers communs\MimarSinan
[2003-02-25|18:11] C:\Program Files\Fichiers communs\MSSoap
[2008-05-31|13:17] C:\Program Files\Fichiers communs\Nokia
[2003-02-25|18:05] C:\Program Files\Fichiers communs\ODBC
[2008-05-30|23:49] C:\Program Files\Fichiers communs\PCSuite
[2007-01-06|14:38] C:\Program Files\Fichiers communs\Real
[2006-11-20|12:19] C:\Program Files\Fichiers communs\SafeNet Sentinel
[2006-03-14|15:23] C:\Program Files\Fichiers communs\ScanSoft Shared
[2003-02-25|18:11] C:\Program Files\Fichiers communs\Services
[2008-04-25|21:59] C:\Program Files\Fichiers communs\Skype
[2004-03-31|23:08] C:\Program Files\Fichiers communs\Sonic
[2005-11-30|13:44] C:\Program Files\Fichiers communs\Sowedoo Shared
[2003-02-25|18:05] C:\Program Files\Fichiers communs\SpeechEngines
[2008-09-08|22:45] C:\Program Files\Fichiers communs\stardock
[2004-03-31|23:08] C:\Program Files\Fichiers communs\SureThing Shared
[2005-09-30|22:39] C:\Program Files\Fichiers communs\System
[2007-12-17|10:13] C:\Program Files\Fichiers communs\Wise Installation Wizard
[2007-01-06|14:38] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 54 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\nnessigh\LOCALS~1\Temp\nsq55.tmp
C:\Program Files\3wPlayer

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 09:52:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ ROOTKIT !!

Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Services\tdssserv]
Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\tdssserv]
Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKLM\..\ControlSet001\Services\tdssserv]
Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\tdssserv]
Rootkit Tibs ! .. [HKLM\..\ControlSet002\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKLM\..\ControlSet002\Services\tdssserv]
Rootkit Tibs ! .. [HKLM\..\ControlSet002\Enum\Root\tdssserv]

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\nnessigh\Application Data\uTorrent\Football_Manager_2008.CRACK-HATRED.torrent
C:\DOCUME~1\nnessigh\Mes documents\DesktopX V.3.2\Stardock.DesktopX.Professional.v3.0.Incl.Keymaker-ZWT\keygen.exe
C:\DOCUME~1\nnessigh\Mes documents\Downloads\Football_Manager_2008.CRACK-HATRED
C:\DOCUME~1\nnessigh\Mes documents\Downloads\Football_Manager_2008.CRACK-HATRED\HATRED.rar
C:\DOCUME~1\nnessigh\Mes documents\Downloads\Football_Manager_2008.CRACK-HATRED\shadowtorrents.url


[F:16][D:5]-> C:\DOCUME~1\nnessigh\LOCALS~1\Temp
[F:1][D:0]-> C:\DOCUME~1\nnessigh\Cookies
[F:1][D:0]-> C:\DOCUME~1\nnessigh\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 2008-09-16| 9:53 - Option : [1]

--------------------\\ Fin du rapport a 9:53:24

   
Répondre à nenesse67

11

 sKe69, le 16 sep 2008 à 10:03:22
  • +1

Salut,

Très bien ....la suite :

Déconnetes toi et fermes toutes tes applications en cours .

Relances Lop S&D

--->choisis l'option 3 (Nettoyage) et valides.

Laisses l'outil travailler ...

Une fois le scan terminer ,le Bloc-Notes contenant le rapport va s'ouvrir.
Postes ce rapport dans ta prochaine réponse pour analyse + un nouveau rapport hijackthis ...
Rien ne sert de courir .... Non, ça sert à rien ...    ---sKe---
"Baby, I'm going on an airplane, And I don't know if I'll be back again."
IMPORTANT : ne vous croyez pas tiré d'affaire
tant qu'on ne vous l'a pas dit !

   
Répondre à sKe69
Posez votre question Répondre
Ils ont besoin de votre aide
Collection CommentÇaMarche.net