Je peux pas ouvrir les disque locaux
Résolu/Fermé
helen19
Messages postés
131
Date d'inscription
samedi 21 juin 2008
Statut
Membre
Dernière intervention
15 avril 2011
-
24 oct. 2008 à 19:51
Utilisateur anonyme - 28 oct. 2008 à 18:20
Utilisateur anonyme - 28 oct. 2008 à 18:20
A voir également:
- Je peux pas ouvrir les disque locaux
- Cloner disque dur - Guide
- Defragmenter disque dur - Guide
- Ouvrir fichier .bin - Guide
- Comment ouvrir un fichier epub ? - Guide
- Ouvrir fichier rar - Guide
29 réponses
Utilisateur anonyme
24 oct. 2008 à 20:16
24 oct. 2008 à 20:16
Salut,
Telecharge UsbFix sur ton bureau
--> Lance l installation avec les parametres par default
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci UsbFix sur ton bureau
--> Le pc va redémarer
-->Apres redémarrage post le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Telecharge UsbFix sur ton bureau
--> Lance l installation avec les parametres par default
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci UsbFix sur ton bureau
--> Le pc va redémarer
-->Apres redémarrage post le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
helen19
Messages postés
131
Date d'inscription
samedi 21 juin 2008
Statut
Membre
Dernière intervention
15 avril 2011
1
24 oct. 2008 à 20:27
24 oct. 2008 à 20:27
le probleme n'est pas sur les disque dur externe et les clés USB mmais dans les disque local c/: D/: et le E/:
helen19
Messages postés
131
Date d'inscription
samedi 21 juin 2008
Statut
Membre
Dernière intervention
15 avril 2011
1
24 oct. 2008 à 20:33
24 oct. 2008 à 20:33
comment branché le c/: et D/:E/:
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
24 oct. 2008 à 20:35
24 oct. 2008 à 20:35
branche tes clé usb et disque externes c d et e sont deja branché .. et passe usbfix
helen19
Messages postés
131
Date d'inscription
samedi 21 juin 2008
Statut
Membre
Dernière intervention
15 avril 2011
1
24 oct. 2008 à 20:45
24 oct. 2008 à 20:45
c ok
voici le repport
-------------- UsbFix V2.395 ---------------
* User : Administrateur - ORDINATEUR
* Outils mis a jours le 20/10/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 19:40:05 le Fri 10/24/2008
* Windows Xp - Internet Explorer 7.0.5730.13
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\ADMINI~1.ORD\LOCALS~1\Temp\1.tmp\b2e.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
D: - Lecteur fixe
E: - Lecteur fixe
F: - Lecteur de CD-ROM
+- Contenu de l'autorun : C:\autorun.inf
;LSLr9o35Ado8ropkHkk5DdwO3ZlAid3lAwswoiapd0rjDald0n3Dlja1Kw3iD2k1DKKjeL20kwAeawqwaslkia4q
[AutoRun]
;so34fsAs55A04O744LwaLKdL12qaoAwsDaK4ek
open=xih9.cmd
;i831AA5XorkjDoipwfKSCkaa04qAlZ083eiwoKwDe3SAaDikF1rlIkafJLD79JKJed3ida3ka1jw3cwscw45rl4
shell\open\Command=xih9.cmd
;eLC8aw4cIaSwkiei1ww7sXdwq2sqnLJfojAf4kdd220dSLAiis0q0r4lkOa
shell\open\Default=1
;dKaAlsw2awoCDke5l2DaLeko9Z57drlwk3Kjs09li1jLeki1Lfla7sj
shell\explore\Command=xih9.cmd
;
+- Contenu de l'autorun : D:\autorun.inf
;LSLr9o35Ado8ropkHkk5DdwO3ZlAid3lAwswoiapd0rjDald0n3Dlja1Kw3iD2k1DKKjeL20kwAeawqwaslkia4q
[AutoRun]
;so34fsAs55A04O744LwaLKdL12qaoAwsDaK4ek
open=xih9.cmd
;i831AA5XorkjDoipwfKSCkaa04qAlZ083eiwoKwDe3SAaDikF1rlIkafJLD79JKJed3ida3ka1jw3cwscw45rl4
shell\open\Command=xih9.cmd
;eLC8aw4cIaSwkiei1ww7sXdwq2sqnLJfojAf4kdd220dSLAiis0q0r4lkOa
shell\open\Default=1
;dKaAlsw2awoCDke5l2DaLeko9Z57drlwk3Kjs09li1jLeki1Lfla7sj
shell\explore\Command=xih9.cmd
;
+- Contenu de l'autorun : E:\autorun.inf
;LSLr9o35Ado8ropkHkk5DdwO3ZlAid3lAwswoiapd0rjDald0n3Dlja1Kw3iD2k1DKKjeL20kwAeawqwaslkia4q
[AutoRun]
;so34fsAs55A04O744LwaLKdL12qaoAwsDaK4ek
open=xih9.cmd
;i831AA5XorkjDoipwfKSCkaa04qAlZ083eiwoKwDe3SAaDikF1rlIkafJLD79JKJed3ida3ka1jw3cwscw45rl4
shell\open\Command=xih9.cmd
;eLC8aw4cIaSwkiei1ww7sXdwq2sqnLJfojAf4kdd220dSLAiis0q0r4lkOa
shell\open\Default=1
;dKaAlsw2awoCDke5l2DaLeko9Z57drlwk3Kjs09li1jLeki1Lfla7sj
shell\explore\Command=xih9.cmd
;
--------------- [ Registre / Startup ] ----------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
RemoteControl REG_SZ "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
LanguageShortcut REG_SZ "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
VTTimer REG_SZ VTTimer.exe
VTTrayp REG_SZ VTtrayp.exe
SoundMan REG_SZ SOUNDMAN.EXE
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
fssui REG_SZ "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
MyWebSearch Plugin REG_SZ rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
My Web Search Bar Search Scope Monitor REG_SZ "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
Part browse safe hold REG_SZ C:\Documents and Settings\All Users\Application Data\Audio 4 part browse\Once Hope.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
RocketDock REG_SZ "C:\Program Files\RocketDock\RocketDock.exe"
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Yahoo! Pager REG_SZ "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
view mode REG_SZ C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\JUNKGR~1\Meta Acid.exe
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
--------------- [ Registre / Mountpoint2 ] ----------------
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4a75976-445c-11dd-8e6b-00142ac49b6d}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1844237615-839522115-906573251-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4a75976-445c-11dd-8e6b-00142ac49b6d}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4a75977-445c-11dd-8e6b-00142ac49b6d}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1844237615-839522115-906573251-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4a75977-445c-11dd-8e6b-00142ac49b6d}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4a75977-445c-11dd-8e6b-00142ac49b6d}\Shell\explore\Command
Supprimé ! - HKEY_USERS\S-1-5-21-1844237615-839522115-906573251-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4a75977-445c-11dd-8e6b-00142ac49b6d}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4a75977-445c-11dd-8e6b-00142ac49b6d}\Shell\open\Command
Supprimé ! - HKEY_USERS\S-1-5-21-1844237615-839522115-906573251-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4a75977-445c-11dd-8e6b-00142ac49b6d}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7cee940-27d6-11dd-8df4-00142ac49b6d}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1844237615-839522115-906573251-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7cee940-27d6-11dd-8df4-00142ac49b6d}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7cee940-27d6-11dd-8df4-00142ac49b6d}\Shell\explore\Command
Supprimé ! - HKEY_USERS\S-1-5-21-1844237615-839522115-906573251-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7cee940-27d6-11dd-8df4-00142ac49b6d}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7cee940-27d6-11dd-8df4-00142ac49b6d}\Shell\open\Command
Supprimé ! - HKEY_USERS\S-1-5-21-1844237615-839522115-906573251-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7cee940-27d6-11dd-8df4-00142ac49b6d}\Shell\open\Command
--------------- [ Nettoyage des disques ] ----------------
Supprimé ! - C:\autorun.inf
Supprimé ! - D:\autorun.inf
Supprimé ! - E:\autorun.inf
--------------- ! Fin du rapport ! ----------------
voici le repport
-------------- UsbFix V2.395 ---------------
* User : Administrateur - ORDINATEUR
* Outils mis a jours le 20/10/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 19:40:05 le Fri 10/24/2008
* Windows Xp - Internet Explorer 7.0.5730.13
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\ADMINI~1.ORD\LOCALS~1\Temp\1.tmp\b2e.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
D: - Lecteur fixe
E: - Lecteur fixe
F: - Lecteur de CD-ROM
+- Contenu de l'autorun : C:\autorun.inf
;LSLr9o35Ado8ropkHkk5DdwO3ZlAid3lAwswoiapd0rjDald0n3Dlja1Kw3iD2k1DKKjeL20kwAeawqwaslkia4q
[AutoRun]
;so34fsAs55A04O744LwaLKdL12qaoAwsDaK4ek
open=xih9.cmd
;i831AA5XorkjDoipwfKSCkaa04qAlZ083eiwoKwDe3SAaDikF1rlIkafJLD79JKJed3ida3ka1jw3cwscw45rl4
shell\open\Command=xih9.cmd
;eLC8aw4cIaSwkiei1ww7sXdwq2sqnLJfojAf4kdd220dSLAiis0q0r4lkOa
shell\open\Default=1
;dKaAlsw2awoCDke5l2DaLeko9Z57drlwk3Kjs09li1jLeki1Lfla7sj
shell\explore\Command=xih9.cmd
;
+- Contenu de l'autorun : D:\autorun.inf
;LSLr9o35Ado8ropkHkk5DdwO3ZlAid3lAwswoiapd0rjDald0n3Dlja1Kw3iD2k1DKKjeL20kwAeawqwaslkia4q
[AutoRun]
;so34fsAs55A04O744LwaLKdL12qaoAwsDaK4ek
open=xih9.cmd
;i831AA5XorkjDoipwfKSCkaa04qAlZ083eiwoKwDe3SAaDikF1rlIkafJLD79JKJed3ida3ka1jw3cwscw45rl4
shell\open\Command=xih9.cmd
;eLC8aw4cIaSwkiei1ww7sXdwq2sqnLJfojAf4kdd220dSLAiis0q0r4lkOa
shell\open\Default=1
;dKaAlsw2awoCDke5l2DaLeko9Z57drlwk3Kjs09li1jLeki1Lfla7sj
shell\explore\Command=xih9.cmd
;
+- Contenu de l'autorun : E:\autorun.inf
;LSLr9o35Ado8ropkHkk5DdwO3ZlAid3lAwswoiapd0rjDald0n3Dlja1Kw3iD2k1DKKjeL20kwAeawqwaslkia4q
[AutoRun]
;so34fsAs55A04O744LwaLKdL12qaoAwsDaK4ek
open=xih9.cmd
;i831AA5XorkjDoipwfKSCkaa04qAlZ083eiwoKwDe3SAaDikF1rlIkafJLD79JKJed3ida3ka1jw3cwscw45rl4
shell\open\Command=xih9.cmd
;eLC8aw4cIaSwkiei1ww7sXdwq2sqnLJfojAf4kdd220dSLAiis0q0r4lkOa
shell\open\Default=1
;dKaAlsw2awoCDke5l2DaLeko9Z57drlwk3Kjs09li1jLeki1Lfla7sj
shell\explore\Command=xih9.cmd
;
--------------- [ Registre / Startup ] ----------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
RemoteControl REG_SZ "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
LanguageShortcut REG_SZ "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
VTTimer REG_SZ VTTimer.exe
VTTrayp REG_SZ VTtrayp.exe
SoundMan REG_SZ SOUNDMAN.EXE
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
fssui REG_SZ "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
MyWebSearch Plugin REG_SZ rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
My Web Search Bar Search Scope Monitor REG_SZ "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
Part browse safe hold REG_SZ C:\Documents and Settings\All Users\Application Data\Audio 4 part browse\Once Hope.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
RocketDock REG_SZ "C:\Program Files\RocketDock\RocketDock.exe"
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Yahoo! Pager REG_SZ "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
view mode REG_SZ C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\JUNKGR~1\Meta Acid.exe
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
--------------- [ Registre / Mountpoint2 ] ----------------
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4a75976-445c-11dd-8e6b-00142ac49b6d}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1844237615-839522115-906573251-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4a75976-445c-11dd-8e6b-00142ac49b6d}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4a75977-445c-11dd-8e6b-00142ac49b6d}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1844237615-839522115-906573251-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4a75977-445c-11dd-8e6b-00142ac49b6d}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4a75977-445c-11dd-8e6b-00142ac49b6d}\Shell\explore\Command
Supprimé ! - HKEY_USERS\S-1-5-21-1844237615-839522115-906573251-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4a75977-445c-11dd-8e6b-00142ac49b6d}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4a75977-445c-11dd-8e6b-00142ac49b6d}\Shell\open\Command
Supprimé ! - HKEY_USERS\S-1-5-21-1844237615-839522115-906573251-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4a75977-445c-11dd-8e6b-00142ac49b6d}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7cee940-27d6-11dd-8df4-00142ac49b6d}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1844237615-839522115-906573251-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7cee940-27d6-11dd-8df4-00142ac49b6d}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7cee940-27d6-11dd-8df4-00142ac49b6d}\Shell\explore\Command
Supprimé ! - HKEY_USERS\S-1-5-21-1844237615-839522115-906573251-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7cee940-27d6-11dd-8df4-00142ac49b6d}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7cee940-27d6-11dd-8df4-00142ac49b6d}\Shell\open\Command
Supprimé ! - HKEY_USERS\S-1-5-21-1844237615-839522115-906573251-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7cee940-27d6-11dd-8df4-00142ac49b6d}\Shell\open\Command
--------------- [ Nettoyage des disques ] ----------------
Supprimé ! - C:\autorun.inf
Supprimé ! - D:\autorun.inf
Supprimé ! - E:\autorun.inf
--------------- ! Fin du rapport ! ----------------
Utilisateur anonyme
24 oct. 2008 à 20:47
24 oct. 2008 à 20:47
Telecharge malwarebytes
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
PS : les rapport sont aussi rangé dans l onglet rapport/log
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
PS : les rapport sont aussi rangé dans l onglet rapport/log
helen19
Messages postés
131
Date d'inscription
samedi 21 juin 2008
Statut
Membre
Dernière intervention
15 avril 2011
1
24 oct. 2008 à 22:08
24 oct. 2008 à 22:08
le voila
Malwarebytes' Anti-Malware 1.20
Version de la base de données: 947
Windows 5.1.2600 Service Pack 2
20:57:03 24-10-2008
mbam-log-10-24-2008 (20-57-03).txt
Type de recherche: Examen complet (A:\|C:\|D:\|E:\|)
Eléments examinés: 86995
Temps écoulé: 37 minute(s), 12 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 19
Fichier(s) infecté(s): 82
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\001112C9 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00114469 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00114822.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00115764.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0011602E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00116DDA.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00117B47 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0013F3F8.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0013F669.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0014052E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0014079F.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\xih9.cmd (Trojan.Agent) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.20
Version de la base de données: 947
Windows 5.1.2600 Service Pack 2
20:57:03 24-10-2008
mbam-log-10-24-2008 (20-57-03).txt
Type de recherche: Examen complet (A:\|C:\|D:\|E:\|)
Eléments examinés: 86995
Temps écoulé: 37 minute(s), 12 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 19
Fichier(s) infecté(s): 82
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\001112C9 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00114469 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00114822.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00115764.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0011602E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00116DDA.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00117B47 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0013F3F8.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0013F669.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0014052E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0014079F.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\xih9.cmd (Trojan.Agent) -> Quarantined and deleted successfully.
Utilisateur anonyme
24 oct. 2008 à 22:19
24 oct. 2008 à 22:19
réouvre malewarebyte
va sur quarantaine
supprime tout
ensuite tes disques dont encore infecté
usbfix a été mis a jours
désinstal le depuis le panneau de configuration / ajout et suppresseion de programmes
ensuite réinstal le et refais le scan :
Telecharge UsbFix sur ton bureau
--> Lance l installation avec les parametres par default
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci UsbFix sur ton bureau
--> Le pc va redémarer
-->Apres redémarrage post le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
va sur quarantaine
supprime tout
ensuite tes disques dont encore infecté
usbfix a été mis a jours
désinstal le depuis le panneau de configuration / ajout et suppresseion de programmes
ensuite réinstal le et refais le scan :
Telecharge UsbFix sur ton bureau
--> Lance l installation avec les parametres par default
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci UsbFix sur ton bureau
--> Le pc va redémarer
-->Apres redémarrage post le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
helen19
Messages postés
131
Date d'inscription
samedi 21 juin 2008
Statut
Membre
Dernière intervention
15 avril 2011
1
24 oct. 2008 à 22:38
24 oct. 2008 à 22:38
-------------- UsbFix V2.395 ---------------
* User : Administrateur - ORDINATEUR
* Outils mis a jours le 20/10/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 21:36:38 le Fri 10/24/2008
* Windows Xp - Internet Explorer 7.0.5730.13
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\DOCUME~1\ADMINI~1.ORD\LOCALS~1\Temp\1.tmp\b2e.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
D: - Lecteur fixe
E: - Lecteur fixe
F: - Lecteur de CD-ROM
--------------- [ Registre / Startup ] ----------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
RemoteControl REG_SZ "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
LanguageShortcut REG_SZ "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
VTTimer REG_SZ VTTimer.exe
VTTrayp REG_SZ VTtrayp.exe
SoundMan REG_SZ SOUNDMAN.EXE
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
fssui REG_SZ "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
Part browse safe hold REG_SZ C:\Documents and Settings\All Users\Application Data\Audio 4 part browse\Once Hope.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
RocketDock REG_SZ "C:\Program Files\RocketDock\RocketDock.exe"
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Yahoo! Pager REG_SZ "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
view mode REG_SZ C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\JUNKGR~1\Meta Acid.exe
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
--------------- [ Registre / Mountpoint2 ] ----------------
-> Recherche négative.
--------------- [ Nettoyage des disques ] ----------------
Supprimé ! - D:\xih9.cmd
Supprimé ! - E:\xih9.cmd
--------------- ! Fin du rapport ! ----------------
* User : Administrateur - ORDINATEUR
* Outils mis a jours le 20/10/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 21:36:38 le Fri 10/24/2008
* Windows Xp - Internet Explorer 7.0.5730.13
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\DOCUME~1\ADMINI~1.ORD\LOCALS~1\Temp\1.tmp\b2e.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
D: - Lecteur fixe
E: - Lecteur fixe
F: - Lecteur de CD-ROM
--------------- [ Registre / Startup ] ----------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
RemoteControl REG_SZ "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
LanguageShortcut REG_SZ "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
VTTimer REG_SZ VTTimer.exe
VTTrayp REG_SZ VTtrayp.exe
SoundMan REG_SZ SOUNDMAN.EXE
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
fssui REG_SZ "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
Part browse safe hold REG_SZ C:\Documents and Settings\All Users\Application Data\Audio 4 part browse\Once Hope.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
RocketDock REG_SZ "C:\Program Files\RocketDock\RocketDock.exe"
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Yahoo! Pager REG_SZ "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
view mode REG_SZ C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\JUNKGR~1\Meta Acid.exe
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
--------------- [ Registre / Mountpoint2 ] ----------------
-> Recherche négative.
--------------- [ Nettoyage des disques ] ----------------
Supprimé ! - D:\xih9.cmd
Supprimé ! - E:\xih9.cmd
--------------- ! Fin du rapport ! ----------------
Utilisateur anonyme
24 oct. 2008 à 22:42
24 oct. 2008 à 22:42
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
helen19
Messages postés
131
Date d'inscription
samedi 21 juin 2008
Statut
Membre
Dernière intervention
15 avril 2011
1
24 oct. 2008 à 22:47
24 oct. 2008 à 22:47
-----------\\ ToolBar S&D 1.2.3 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : Default System BIOS
USER : Administrateur ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total : 29 Go Free : 15 Go
D:\ (Local Disk) - NTFS - Total : 19 Go Free : 15 Go
E:\ (Local Disk) - NTFS - Total : 25 Go Free : 17 Go
F:\ (CD or DVD) - CDFS - Total : 0 Go Free : 0 Go
"C:\ToolBar SD" ( MAJ : 23-10-2008|0:25 )
Option : [1] ( Fri 10/24/2008|21:46 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\DOCUME~1\ADMINI~1.ORD\Cookies\administrateur@alot[2].txt
C:\DOCUME~1\ADMINI~1.ORD\Cookies\administrateur@h.alot[1].txt
C:\DOCUME~1\ADMINI~1.ORD\Cookies\administrateur@search.alot[2].txt
C:\DOCUME~1\ADMINI~1.ORD\Cookies\administrateur@try.alot[1].txt
C:\Program Files\AskTBar
C:\Program Files\AskTBar\bar
C:\Program Files\AskTBar\PopSwatr
C:\Program Files\AskTBar\SrchAstt
C:\DOCUME~1\ADMINI~1\APPLIC~1\FunWebProducts
C:\DOCUME~1\ADMINI~1\APPLIC~1\FunWebProducts\Data
C:\Program Files\Fun Web Products
C:\Program Files\Fun Web Products\MSNMessenger
C:\DOCUME~1\ADMINI~1.ORD\Cookies\administrateur@myway[1].txt
C:\DOCUME~1\ADMINI~1.ORD\Cookies\administrateur@mywebsearch[2].txt
C:\Program Files\Internet Explorer\msimg32.dll
C:\DOCUME~1\ADMINI~1.ORD\LOCALS~1\Temp\nsmBC.tmp
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://home.sweetim.com/"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://home.sweetim.com/"
"Search Bar"="http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - Fri 10/24/2008|21:47 - Option : [1]
-----------\\ Fin du rapport a 21:47:43.65
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : Default System BIOS
USER : Administrateur ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total : 29 Go Free : 15 Go
D:\ (Local Disk) - NTFS - Total : 19 Go Free : 15 Go
E:\ (Local Disk) - NTFS - Total : 25 Go Free : 17 Go
F:\ (CD or DVD) - CDFS - Total : 0 Go Free : 0 Go
"C:\ToolBar SD" ( MAJ : 23-10-2008|0:25 )
Option : [1] ( Fri 10/24/2008|21:46 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\DOCUME~1\ADMINI~1.ORD\Cookies\administrateur@alot[2].txt
C:\DOCUME~1\ADMINI~1.ORD\Cookies\administrateur@h.alot[1].txt
C:\DOCUME~1\ADMINI~1.ORD\Cookies\administrateur@search.alot[2].txt
C:\DOCUME~1\ADMINI~1.ORD\Cookies\administrateur@try.alot[1].txt
C:\Program Files\AskTBar
C:\Program Files\AskTBar\bar
C:\Program Files\AskTBar\PopSwatr
C:\Program Files\AskTBar\SrchAstt
C:\DOCUME~1\ADMINI~1\APPLIC~1\FunWebProducts
C:\DOCUME~1\ADMINI~1\APPLIC~1\FunWebProducts\Data
C:\Program Files\Fun Web Products
C:\Program Files\Fun Web Products\MSNMessenger
C:\DOCUME~1\ADMINI~1.ORD\Cookies\administrateur@myway[1].txt
C:\DOCUME~1\ADMINI~1.ORD\Cookies\administrateur@mywebsearch[2].txt
C:\Program Files\Internet Explorer\msimg32.dll
C:\DOCUME~1\ADMINI~1.ORD\LOCALS~1\Temp\nsmBC.tmp
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://home.sweetim.com/"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://home.sweetim.com/"
"Search Bar"="http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - Fri 10/24/2008|21:47 - Option : [1]
-----------\\ Fin du rapport a 21:47:43.65
Utilisateur anonyme
24 oct. 2008 à 22:48
24 oct. 2008 à 22:48
Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.
NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.
NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
helen19
Messages postés
131
Date d'inscription
samedi 21 juin 2008
Statut
Membre
Dernière intervention
15 avril 2011
1
24 oct. 2008 à 23:04
24 oct. 2008 à 23:04
pardon g pa compri
Utilisateur anonyme
24 oct. 2008 à 23:16
24 oct. 2008 à 23:16
réouvre toolbar S&D et choisi l option 2 puis post le rapport
helen19
Messages postés
131
Date d'inscription
samedi 21 juin 2008
Statut
Membre
Dernière intervention
15 avril 2011
1
26 oct. 2008 à 14:37
26 oct. 2008 à 14:37
voici
-----------\\ ToolBar S&D 1.2.3 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : Default System BIOS
USER : Administrateur ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total : 29 Go Free : 14 Go
D:\ (Local Disk) - NTFS - Total : 19 Go Free : 15 Go
E:\ (Local Disk) - NTFS - Total : 25 Go Free : 17 Go
F:\ (CD or DVD) - CDFS - Total : 0 Go Free : 0 Go
"C:\ToolBar SD" ( MAJ : 23-10-2008|0:25 )
Option : [2] ( Sun 10/26/2008|13:32 )
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://home.sweetim.com"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
"Search Bar"="http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - Fri 10/24/2008|21:47 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - Fri 10/24/2008|21:54 - Option : [2]
3 - "C:\ToolBar SD\TB_3.txt" - Sun 10/26/2008|13:34 - Option : [2]
-----------\\ Fin du rapport a 13:34:23.90
-----------\\ ToolBar S&D 1.2.3 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : Default System BIOS
USER : Administrateur ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total : 29 Go Free : 14 Go
D:\ (Local Disk) - NTFS - Total : 19 Go Free : 15 Go
E:\ (Local Disk) - NTFS - Total : 25 Go Free : 17 Go
F:\ (CD or DVD) - CDFS - Total : 0 Go Free : 0 Go
"C:\ToolBar SD" ( MAJ : 23-10-2008|0:25 )
Option : [2] ( Sun 10/26/2008|13:32 )
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://home.sweetim.com"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
"Search Bar"="http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - Fri 10/24/2008|21:47 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - Fri 10/24/2008|21:54 - Option : [2]
3 - "C:\ToolBar SD\TB_3.txt" - Sun 10/26/2008|13:34 - Option : [2]
-----------\\ Fin du rapport a 13:34:23.90
Utilisateur anonyme
26 oct. 2008 à 17:30
26 oct. 2008 à 17:30
Télécharge HijackThis (outils de dignostic) ici :
-> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
-> ftp://ftp.commentcamarche.com/download/HJTInstall.exe
-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
-> Clique sur Install ensuite sur I Accept
-> Clique sur Do a scan system and save log file
-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
-> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
-> ftp://ftp.commentcamarche.com/download/HJTInstall.exe
-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
-> Clique sur Install ensuite sur I Accept
-> Clique sur Do a scan system and save log file
-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
helen19
Messages postés
131
Date d'inscription
samedi 21 juin 2008
Statut
Membre
Dernière intervention
15 avril 2011
1
28 oct. 2008 à 13:57
28 oct. 2008 à 13:57
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:51:41, on 28-10-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Live\Contrôle parental\fssui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Part browse safe hold] C:\Documents and Settings\All Users\Application Data\Audio 4 part browse\hole eq.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [view mode] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\JUNKGR~1\Meta Acid.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8D09974-7E85-49A9-8F21-4206814B159A}: NameServer = 208.67.222.222 193.55.10.102
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
Scan saved at 13:51:41, on 28-10-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Live\Contrôle parental\fssui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Part browse safe hold] C:\Documents and Settings\All Users\Application Data\Audio 4 part browse\hole eq.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [view mode] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\JUNKGR~1\Meta Acid.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8D09974-7E85-49A9-8F21-4206814B159A}: NameServer = 208.67.222.222 193.55.10.102
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
Utilisateur anonyme
28 oct. 2008 à 16:06
28 oct. 2008 à 16:06
de rien helene,
encore une infection visible:
télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
encore une infection visible:
télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
helen19
Messages postés
131
Date d'inscription
samedi 21 juin 2008
Statut
Membre
Dernière intervention
15 avril 2011
1
28 oct. 2008 à 16:30
28 oct. 2008 à 16:30
--------------------\\ Lop S&D 4.2.4-8 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : Default System BIOS
USER : Administrateur ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:29 Go (Free:14 Go)
D:\ (Local Disk) - NTFS - Total:19 Go (Free:15 Go)
E:\ (Local Disk) - NTFS - Total:25 Go (Free:17 Go)
F:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 27-10-2008|09:15 )
Option : [1] ( Tue 10/28/2008|16:25 )
--------------------\\ Listing des dossiers dans APPLIC~1
[07/22/2008|06:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\<REP> Adobe
[07/08/2008|01:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\<REP> Ahead
[06/17/2008|09:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\<REP> Google
[06/27/2008|09:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\<REP> Identities
[08/29/2008|08:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\<REP> junkgramfour
[09/03/2008|12:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\<REP> LimeWire
[06/08/2008|03:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\<REP> Macromedia
[07/12/2008|06:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\<REP> Malwarebytes
[05/20/2008|12:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\<REP> Media Player Classic
[07/05/2008|10:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\<REP> Microsoft
[07/12/2008|02:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\<REP> Nero
[06/20/2008|12:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\<REP> Real
[07/27/2008|03:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\<REP> skypePM
[06/09/2008|03:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\<REP> Sun
[06/20/2008|12:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\<REP> Yahoo!
[06/27/2008|09:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\<REP> Zylom
[09/17/2008|11:14] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> Adobe
[09/13/2008|11:09] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> Ahead
[09/27/2008|09:11] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> blg
[09/27/2008|10:19] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> Camfrog
[10/03/2008|12:06] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> Games
[09/08/2008|12:57] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> Google
[09/08/2008|12:51] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> Identities
[10/26/2008|06:44] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> junkgramfour
[10/28/2008|04:15] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> LimeWire
[09/08/2008|02:01] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> Macromedia
[09/18/2008|10:32] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> Malwarebytes
[09/17/2008|09:12] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> Media Player Classic
[09/30/2008|12:04] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> Meridian93
[10/23/2008|07:34] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> Microsoft
[10/03/2008|01:54] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> PlayFirst
[09/14/2008|11:18] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> Sun
[10/10/2008|06:32] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> U3
[10/12/2008|03:13] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> Yahoo!
[07/12/2008|01:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Adobe
[07/08/2008|01:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Ahead
[10/26/2008|06:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Audio 4 part browse
[05/23/2008|08:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Avira
[10/05/2008|08:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> BigFishGamesCache
[09/27/2008|09:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> blg
[05/26/2008|06:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> CyberLink
[07/07/2008|03:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Downloaded Installations
[09/23/2008|08:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> EscapeTheMuseum
[06/17/2008|09:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Google
[06/20/2008|03:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Grisoft
[06/17/2008|08:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Kaspersky Lab Setup Files
[07/12/2008|06:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Malwarebytes
[07/22/2008|02:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Messenger Plus!
[08/16/2008|10:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Microsoft
[07/12/2008|07:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Nero
[10/03/2008|01:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> PlayFirst
[08/29/2008|11:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Skype
[10/03/2008|03:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> TEMP
[05/24/2008|05:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Windows Genuine Advantage
[09/06/2008|09:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> WLInstaller
[06/20/2008|12:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Yahoo!
[07/19/2008|09:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Yahoo! Companion
[06/27/2008|09:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Zylom
[05/18/2008|04:46] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<REP> Microsoft
[05/18/2008|04:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\<REP> Microsoft
[06/12/2008|05:49] C:\DOCUME~1\NETWOR~1\APPLIC~1\<REP> Microsoft
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[10/28/2008 04:00 PM][--ah-----] C:\WINDOWS\tasks\AA59150B918E8A83.job
[10/28/2008 03:30 PM][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[04/13/2007 04:52 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini
[10/28/2008 12:37 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
( AA59150B918E8A83.job )=( c:\docume~1\admini~1.ord\applic~1\junkgr~1\wmastupididol.exe )
--------------------\\ Listing des dossiers dans C:\Program Files
[07/12/2008|01:58] C:\Program Files\<REP> Adobe
[07/31/2008|03:49] C:\Program Files\<REP> Ahead
[07/22/2008|02:57] C:\Program Files\<REP> Alwil Software
[05/23/2008|08:19] C:\Program Files\<REP> Avira
[10/02/2008|04:06] C:\Program Files\<REP> BearShare Applications
[09/23/2008|10:59] C:\Program Files\<REP> bfgclient
[09/28/2008|08:51] C:\Program Files\<REP> Camfrog
[07/19/2008|08:55] C:\Program Files\<REP> CCleaner
[10/15/2008|04:43] C:\Program Files\<REP> Circle Developement
[05/18/2008|04:43] C:\Program Files\<REP> ComPlus Applications
[05/18/2008|04:55] C:\Program Files\<REP> CyberLink
[05/22/2008|09:28] C:\Program Files\<REP> EasyPHP 2.0b1
[05/18/2008|04:56] C:\Program Files\<REP> FairStars Audio Converter
[09/10/2008|10:39] C:\Program Files\<REP> Fichiers communs
[06/17/2008|09:44] C:\Program Files\<REP> Google
[06/22/2008|08:01] C:\Program Files\<REP> InstallShield Installation Information
[10/24/2008|08:52] C:\Program Files\<REP> Internet Explorer
[10/20/2008|03:36] C:\Program Files\<REP> iWin
[07/15/2008|02:46] C:\Program Files\<REP> Java
[10/26/2008|06:40] C:\Program Files\<REP> junkgramfour
[05/18/2008|04:53] C:\Program Files\<REP> K-Lite Codec Pack
[09/26/2008|01:40] C:\Program Files\<REP> LClock
[09/26/2008|01:40] C:\Program Files\<REP> LimeWire
[07/13/2008|09:09] C:\Program Files\<REP> Malwarebytes' Anti-Malware
[10/15/2008|04:43] C:\Program Files\<REP> Messenger Plus! Live
[05/18/2008|04:56] C:\Program Files\<REP> Microsoft Calculatrice Plus
[05/18/2008|04:49] C:\Program Files\<REP> microsoft frontpage
[05/24/2008|05:13] C:\Program Files\<REP> Microsoft Office
[06/09/2008|01:18] C:\Program Files\<REP> Microsoft SQL Server Compact Edition
[05/18/2008|04:44] C:\Program Files\<REP> Movie Maker
[05/18/2008|04:43] C:\Program Files\<REP> MSN Gaming Zone
[05/18/2008|04:44] C:\Program Files\<REP> NetMeeting
[06/12/2008|09:35] C:\Program Files\<REP> Outlook Express
[05/18/2008|04:56] C:\Program Files\<REP> PhotoFiltre
[05/18/2008|04:54] C:\Program Files\<REP> Real
[05/18/2008|04:47] C:\Program Files\<REP> RocketDock
[06/22/2008|08:00] C:\Program Files\<REP> Samsung
[07/15/2008|02:48] C:\Program Files\<REP> Sun
[05/18/2008|04:57] C:\Program Files\<REP> SuperTux
[10/23/2008|07:28] C:\Program Files\<REP> SweetIM
[05/18/2008|04:56] C:\Program Files\<REP> TaskSwitchXP
[10/28/2008|01:51] C:\Program Files\<REP> Trend Micro
[05/18/2008|04:56] C:\Program Files\<REP> UberIcon
[05/18/2008|04:57] C:\Program Files\<REP> Uninstall Information
[10/24/2008|08:36] C:\Program Files\<REP> UsbFix
[06/16/2008|02:05] C:\Program Files\<REP> Windows Live
[06/12/2008|03:36] C:\Program Files\<REP> Windows Live Favorites
[06/12/2008|03:38] C:\Program Files\<REP> Windows Live Toolbar
[06/28/2008|03:36] C:\Program Files\<REP> Windows Media Connect 2
[06/28/2008|03:37] C:\Program Files\<REP> Windows Media Player
[05/18/2008|04:42] C:\Program Files\<REP> Windows NT
[05/18/2008|04:45] C:\Program Files\<REP> WindowsUpdate
[05/18/2008|04:56] C:\Program Files\<REP> WinRAR
[07/19/2008|08:55] C:\Program Files\<REP> Yahoo!
[05/18/2008|04:57] C:\Program Files\<REP> Zamaan's Software
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[10/12/2008|06:02] C:\Program Files\Fichiers communs\<REP> Adobe
[07/12/2008|01:53] C:\Program Files\Fichiers communs\<REP> Adobe Systems Shared
[07/31/2008|03:44] C:\Program Files\Fichiers communs\<REP> Ahead
[05/24/2008|05:13] C:\Program Files\Fichiers communs\<REP> DESIGNER
[06/22/2008|07:59] C:\Program Files\Fichiers communs\<REP> InstallShield
[05/18/2008|04:54] C:\Program Files\Fichiers communs\<REP> Java
[08/16/2008|10:10] C:\Program Files\Fichiers communs\<REP> Microsoft Shared
[05/18/2008|04:44] C:\Program Files\Fichiers communs\<REP> MSSoap
[07/31/2008|03:48] C:\Program Files\Fichiers communs\<REP> Nero
[05/18/2008|06:39] C:\Program Files\Fichiers communs\<REP> ODBC
[06/20/2008|12:05] C:\Program Files\Fichiers communs\<REP> Real
[05/18/2008|04:44] C:\Program Files\Fichiers communs\<REP> Services
[05/18/2008|06:39] C:\Program Files\Fichiers communs\<REP> SpeechEngines
[06/12/2008|09:35] C:\Program Files\Fichiers communs\<REP> System
[06/09/2008|12:59] C:\Program Files\Fichiers communs\<REP> WindowsLiveInstaller
[09/10/2008|10:39] C:\Program Files\Fichiers communs\<REP> Wise Installation Wizard
--------------------\\ Process
( 48 Processes )
IEXPLORE.EXE ~ [PID:2256]
IEXPLORE.EXE ~ [PID:2636]
IEXPLORE.EXE ~ [PID:2648]
IEXPLORE.EXE ~ [PID:2156]
--------------------\\ Recherche avec S_Lop
C:\DOCUME~1\ADMINI~1.ORD\LOCALS~1\Temp\bis4.exe
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Audio 4 part browse
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Audio 4 part browse\hole eq.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\junkgr~1
C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\junkgr~1
C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\junkgr~1\asgislsj.exe
C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\junkgr~1\cpudpgha.exe
C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\junkgr~1\evehzmlt.exe
C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\junkgr~1\Meta Acid.exe
C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\junkgr~1\psorgswq.exe
C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\junkgr~1\up amen name obj.exe
C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\junkgr~1\wmastupididol.exe
C:\Program Files\junkgr~1
C:\DOCUME~1\ADMINI~1.ORD\LOCALS~1\Temp\msgpl_d93a.tmp
C:\DOCUME~1\ADMINI~1.ORD\LOCALS~1\Temp\nsb7.tmp
C:\DOCUME~1\ADMINI~1.ORD\LOCALS~1\Temp\nsg1D.tmp
C:\DOCUME~1\ADMINI~1.ORD\LOCALS~1\Temp\nsh21.tmp
C:\DOCUME~1\ADMINI~1.ORD\LOCALS~1\Temp\nsi9.tmp
C:\DOCUME~1\ADMINI~1.ORD\LOCALS~1\Temp\nsmBC.tmp.exe
C:\Program Files\Circle Developement
C:\Program Files\Circle Developement\Uninstall.exe
C:\DOCUME~1\ADMINI~1.ORD\Cookies\administrateur@advertstream[1].txt
C:\DOCUME~1\ADMINI~1.ORD\Cookies\administrateur@advertising[2].txt
C:\DOCUME~1\ADMINI~1.ORD\Cookies\administrateur@adopt.euroclick[2].txt
C:\DOCUME~1\ADMINI~1.ORD\Cookies\administrateur@www.lop[1].txt
C:\WINDOWS\Tasks\AA59150B918E8A83.job
--------------------\\ Verification du Registre
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"view mode"="C:\\DOCUME~1\\ADMINI~1.ORD\\APPLIC~1\\JUNKGR~1\\Meta Acid.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Part browse safe hold"="C:\\Documents and Settings\\All Users\\Application Data\\Audio 4 part browse\\hole eq.exe"
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-28 16:27:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:984][D:25]-> C:\DOCUME~1\ADMINI~1.ORD\LOCALS~1\Temp
[F:765][D:0]-> C:\DOCUME~1\ADMINI~1.ORD\Cookies
[F:1229][D:161]-> C:\DOCUME~1\ADMINI~1.ORD\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - Tue 10/28/2008|16:30 - Option : [1]
--------------------\\ Fin du rapport a 16:30:50
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : Default System BIOS
USER : Administrateur ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:29 Go (Free:14 Go)
D:\ (Local Disk) - NTFS - Total:19 Go (Free:15 Go)
E:\ (Local Disk) - NTFS - Total:25 Go (Free:17 Go)
F:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 27-10-2008|09:15 )
Option : [1] ( Tue 10/28/2008|16:25 )
--------------------\\ Listing des dossiers dans APPLIC~1
[07/22/2008|06:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\<REP> Adobe
[07/08/2008|01:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\<REP> Ahead
[06/17/2008|09:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\<REP> Google
[06/27/2008|09:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\<REP> Identities
[08/29/2008|08:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\<REP> junkgramfour
[09/03/2008|12:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\<REP> LimeWire
[06/08/2008|03:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\<REP> Macromedia
[07/12/2008|06:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\<REP> Malwarebytes
[05/20/2008|12:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\<REP> Media Player Classic
[07/05/2008|10:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\<REP> Microsoft
[07/12/2008|02:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\<REP> Nero
[06/20/2008|12:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\<REP> Real
[07/27/2008|03:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\<REP> skypePM
[06/09/2008|03:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\<REP> Sun
[06/20/2008|12:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\<REP> Yahoo!
[06/27/2008|09:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\<REP> Zylom
[09/17/2008|11:14] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> Adobe
[09/13/2008|11:09] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> Ahead
[09/27/2008|09:11] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> blg
[09/27/2008|10:19] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> Camfrog
[10/03/2008|12:06] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> Games
[09/08/2008|12:57] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> Google
[09/08/2008|12:51] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> Identities
[10/26/2008|06:44] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> junkgramfour
[10/28/2008|04:15] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> LimeWire
[09/08/2008|02:01] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> Macromedia
[09/18/2008|10:32] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> Malwarebytes
[09/17/2008|09:12] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> Media Player Classic
[09/30/2008|12:04] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> Meridian93
[10/23/2008|07:34] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> Microsoft
[10/03/2008|01:54] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> PlayFirst
[09/14/2008|11:18] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> Sun
[10/10/2008|06:32] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> U3
[10/12/2008|03:13] C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\<REP> Yahoo!
[07/12/2008|01:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Adobe
[07/08/2008|01:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Ahead
[10/26/2008|06:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Audio 4 part browse
[05/23/2008|08:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Avira
[10/05/2008|08:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> BigFishGamesCache
[09/27/2008|09:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> blg
[05/26/2008|06:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> CyberLink
[07/07/2008|03:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Downloaded Installations
[09/23/2008|08:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> EscapeTheMuseum
[06/17/2008|09:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Google
[06/20/2008|03:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Grisoft
[06/17/2008|08:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Kaspersky Lab Setup Files
[07/12/2008|06:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Malwarebytes
[07/22/2008|02:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Messenger Plus!
[08/16/2008|10:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Microsoft
[07/12/2008|07:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Nero
[10/03/2008|01:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> PlayFirst
[08/29/2008|11:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Skype
[10/03/2008|03:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> TEMP
[05/24/2008|05:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Windows Genuine Advantage
[09/06/2008|09:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> WLInstaller
[06/20/2008|12:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Yahoo!
[07/19/2008|09:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Yahoo! Companion
[06/27/2008|09:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Zylom
[05/18/2008|04:46] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<REP> Microsoft
[05/18/2008|04:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\<REP> Microsoft
[06/12/2008|05:49] C:\DOCUME~1\NETWOR~1\APPLIC~1\<REP> Microsoft
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[10/28/2008 04:00 PM][--ah-----] C:\WINDOWS\tasks\AA59150B918E8A83.job
[10/28/2008 03:30 PM][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[04/13/2007 04:52 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini
[10/28/2008 12:37 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
( AA59150B918E8A83.job )=( c:\docume~1\admini~1.ord\applic~1\junkgr~1\wmastupididol.exe )
--------------------\\ Listing des dossiers dans C:\Program Files
[07/12/2008|01:58] C:\Program Files\<REP> Adobe
[07/31/2008|03:49] C:\Program Files\<REP> Ahead
[07/22/2008|02:57] C:\Program Files\<REP> Alwil Software
[05/23/2008|08:19] C:\Program Files\<REP> Avira
[10/02/2008|04:06] C:\Program Files\<REP> BearShare Applications
[09/23/2008|10:59] C:\Program Files\<REP> bfgclient
[09/28/2008|08:51] C:\Program Files\<REP> Camfrog
[07/19/2008|08:55] C:\Program Files\<REP> CCleaner
[10/15/2008|04:43] C:\Program Files\<REP> Circle Developement
[05/18/2008|04:43] C:\Program Files\<REP> ComPlus Applications
[05/18/2008|04:55] C:\Program Files\<REP> CyberLink
[05/22/2008|09:28] C:\Program Files\<REP> EasyPHP 2.0b1
[05/18/2008|04:56] C:\Program Files\<REP> FairStars Audio Converter
[09/10/2008|10:39] C:\Program Files\<REP> Fichiers communs
[06/17/2008|09:44] C:\Program Files\<REP> Google
[06/22/2008|08:01] C:\Program Files\<REP> InstallShield Installation Information
[10/24/2008|08:52] C:\Program Files\<REP> Internet Explorer
[10/20/2008|03:36] C:\Program Files\<REP> iWin
[07/15/2008|02:46] C:\Program Files\<REP> Java
[10/26/2008|06:40] C:\Program Files\<REP> junkgramfour
[05/18/2008|04:53] C:\Program Files\<REP> K-Lite Codec Pack
[09/26/2008|01:40] C:\Program Files\<REP> LClock
[09/26/2008|01:40] C:\Program Files\<REP> LimeWire
[07/13/2008|09:09] C:\Program Files\<REP> Malwarebytes' Anti-Malware
[10/15/2008|04:43] C:\Program Files\<REP> Messenger Plus! Live
[05/18/2008|04:56] C:\Program Files\<REP> Microsoft Calculatrice Plus
[05/18/2008|04:49] C:\Program Files\<REP> microsoft frontpage
[05/24/2008|05:13] C:\Program Files\<REP> Microsoft Office
[06/09/2008|01:18] C:\Program Files\<REP> Microsoft SQL Server Compact Edition
[05/18/2008|04:44] C:\Program Files\<REP> Movie Maker
[05/18/2008|04:43] C:\Program Files\<REP> MSN Gaming Zone
[05/18/2008|04:44] C:\Program Files\<REP> NetMeeting
[06/12/2008|09:35] C:\Program Files\<REP> Outlook Express
[05/18/2008|04:56] C:\Program Files\<REP> PhotoFiltre
[05/18/2008|04:54] C:\Program Files\<REP> Real
[05/18/2008|04:47] C:\Program Files\<REP> RocketDock
[06/22/2008|08:00] C:\Program Files\<REP> Samsung
[07/15/2008|02:48] C:\Program Files\<REP> Sun
[05/18/2008|04:57] C:\Program Files\<REP> SuperTux
[10/23/2008|07:28] C:\Program Files\<REP> SweetIM
[05/18/2008|04:56] C:\Program Files\<REP> TaskSwitchXP
[10/28/2008|01:51] C:\Program Files\<REP> Trend Micro
[05/18/2008|04:56] C:\Program Files\<REP> UberIcon
[05/18/2008|04:57] C:\Program Files\<REP> Uninstall Information
[10/24/2008|08:36] C:\Program Files\<REP> UsbFix
[06/16/2008|02:05] C:\Program Files\<REP> Windows Live
[06/12/2008|03:36] C:\Program Files\<REP> Windows Live Favorites
[06/12/2008|03:38] C:\Program Files\<REP> Windows Live Toolbar
[06/28/2008|03:36] C:\Program Files\<REP> Windows Media Connect 2
[06/28/2008|03:37] C:\Program Files\<REP> Windows Media Player
[05/18/2008|04:42] C:\Program Files\<REP> Windows NT
[05/18/2008|04:45] C:\Program Files\<REP> WindowsUpdate
[05/18/2008|04:56] C:\Program Files\<REP> WinRAR
[07/19/2008|08:55] C:\Program Files\<REP> Yahoo!
[05/18/2008|04:57] C:\Program Files\<REP> Zamaan's Software
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[10/12/2008|06:02] C:\Program Files\Fichiers communs\<REP> Adobe
[07/12/2008|01:53] C:\Program Files\Fichiers communs\<REP> Adobe Systems Shared
[07/31/2008|03:44] C:\Program Files\Fichiers communs\<REP> Ahead
[05/24/2008|05:13] C:\Program Files\Fichiers communs\<REP> DESIGNER
[06/22/2008|07:59] C:\Program Files\Fichiers communs\<REP> InstallShield
[05/18/2008|04:54] C:\Program Files\Fichiers communs\<REP> Java
[08/16/2008|10:10] C:\Program Files\Fichiers communs\<REP> Microsoft Shared
[05/18/2008|04:44] C:\Program Files\Fichiers communs\<REP> MSSoap
[07/31/2008|03:48] C:\Program Files\Fichiers communs\<REP> Nero
[05/18/2008|06:39] C:\Program Files\Fichiers communs\<REP> ODBC
[06/20/2008|12:05] C:\Program Files\Fichiers communs\<REP> Real
[05/18/2008|04:44] C:\Program Files\Fichiers communs\<REP> Services
[05/18/2008|06:39] C:\Program Files\Fichiers communs\<REP> SpeechEngines
[06/12/2008|09:35] C:\Program Files\Fichiers communs\<REP> System
[06/09/2008|12:59] C:\Program Files\Fichiers communs\<REP> WindowsLiveInstaller
[09/10/2008|10:39] C:\Program Files\Fichiers communs\<REP> Wise Installation Wizard
--------------------\\ Process
( 48 Processes )
IEXPLORE.EXE ~ [PID:2256]
IEXPLORE.EXE ~ [PID:2636]
IEXPLORE.EXE ~ [PID:2648]
IEXPLORE.EXE ~ [PID:2156]
--------------------\\ Recherche avec S_Lop
C:\DOCUME~1\ADMINI~1.ORD\LOCALS~1\Temp\bis4.exe
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Audio 4 part browse
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Audio 4 part browse\hole eq.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\junkgr~1
C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\junkgr~1
C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\junkgr~1\asgislsj.exe
C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\junkgr~1\cpudpgha.exe
C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\junkgr~1\evehzmlt.exe
C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\junkgr~1\Meta Acid.exe
C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\junkgr~1\psorgswq.exe
C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\junkgr~1\up amen name obj.exe
C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\junkgr~1\wmastupididol.exe
C:\Program Files\junkgr~1
C:\DOCUME~1\ADMINI~1.ORD\LOCALS~1\Temp\msgpl_d93a.tmp
C:\DOCUME~1\ADMINI~1.ORD\LOCALS~1\Temp\nsb7.tmp
C:\DOCUME~1\ADMINI~1.ORD\LOCALS~1\Temp\nsg1D.tmp
C:\DOCUME~1\ADMINI~1.ORD\LOCALS~1\Temp\nsh21.tmp
C:\DOCUME~1\ADMINI~1.ORD\LOCALS~1\Temp\nsi9.tmp
C:\DOCUME~1\ADMINI~1.ORD\LOCALS~1\Temp\nsmBC.tmp.exe
C:\Program Files\Circle Developement
C:\Program Files\Circle Developement\Uninstall.exe
C:\DOCUME~1\ADMINI~1.ORD\Cookies\administrateur@advertstream[1].txt
C:\DOCUME~1\ADMINI~1.ORD\Cookies\administrateur@advertising[2].txt
C:\DOCUME~1\ADMINI~1.ORD\Cookies\administrateur@adopt.euroclick[2].txt
C:\DOCUME~1\ADMINI~1.ORD\Cookies\administrateur@www.lop[1].txt
C:\WINDOWS\Tasks\AA59150B918E8A83.job
--------------------\\ Verification du Registre
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"view mode"="C:\\DOCUME~1\\ADMINI~1.ORD\\APPLIC~1\\JUNKGR~1\\Meta Acid.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Part browse safe hold"="C:\\Documents and Settings\\All Users\\Application Data\\Audio 4 part browse\\hole eq.exe"
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-28 16:27:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:984][D:25]-> C:\DOCUME~1\ADMINI~1.ORD\LOCALS~1\Temp
[F:765][D:0]-> C:\DOCUME~1\ADMINI~1.ORD\Cookies
[F:1229][D:161]-> C:\DOCUME~1\ADMINI~1.ORD\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - Tue 10/28/2008|16:30 - Option : [1]
--------------------\\ Fin du rapport a 16:30:50