Fichier et dossier non visible dans le dur

valentin_the_best · Décembre 16, 2008, 10:57

bonjours,voila:
depuis quelque moi je travaillé avec avast comme anti-virus,et un jours j’ai eu un déclique d’essayer Kaspersky.(jusque la ma vie et belle :p)un jours je lance tranquillement un skan,et la surprise,je découvre 1 dossier cacher dans mon c: .invisible quand je visite mon disque dur,kaspersky me détecte un trogen,j’ouvre le dossier et la je trouve toute mes photo,vidéo et autre (courrier,facture…).la version de kaspersky et une version d’essai et a expiré depuis.mais le dossier et introuvable,même en enlevant tout cache de dossier et autre via windows.

tout d’abord j’ai peur car un trojen (si je ne me trompe pas)et une passerelle envoyé par un hacker pour qu’il puisse accédé a mon pc.
mais j’ai aussi peur pour mes donnée personnel (QUI ON ÉTAIT DOUBLE CAR IL SON TJ DANS LEUR DOSSIER D’ORIGINE).même si c’est des photo de famille et d’amis pendant diverse fête et anniversaire,je n’aimerai pas retrouvé des photo de moi ou ma famille sur le net…

j’aimerai que vous m’aidiez a trouvé et détruire se fichier,et aussi a supprimé le trojen et empêcher d’autre éventuelle agression “viral”.(et si possible aussi supprimé celui qui ma fait sa :p:p lol)

merci d’avance +++

goldorak59 · Décembre 16, 2008, 11:02

Salut ,

Commence par sa:

==>Télécharge random’s system information tool (RSIT) et enregistre le sur ton bureau.

==>Double clique sur RSIT.exe pour lancer l’outil.

==>Clique sur ’ continue ’ à l’écran Disclaimer.

==>Si l’outil HIjackThis (version à jour) n’est pas présent ou non détecté sur l’ordinateur,RSIT le téléchargera et tu devras accepter la licence.

==>Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports
( log.txt & info.txt )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

valentin_the_best · Décembre 16, 2008, 11:08

merci.je vais assayé ++

Logfile of random's system information tool 1.04 (written by random/random) Run by marie et nino at 2008-12-16 23:07:18 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 80 GB (42%) free of 191 GB Total RAM: 2047 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:07:19, on 16/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\marie et nino\Bureau\RSIT(2).exe
C:\Program Files\trend micro\marie et nino.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.ircdown.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM…\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM…\Run: [VirtualDrive] “C:\Program Files\FarStone\VirtualDrive\VDTask.exe” /AutoRestore
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\daemon.exe” -autorun
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: A4Proxy.lnk = C:\Program Files\A4Proxy\A4Proxy.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: RivaTuner.lnk = C:\Program Files\RivaTuner v2.09\RivaTuner.exe
O8 - Extra context menu item: &Windows Live Search - C:\Program… Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com…
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra ‘Tools’ menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - www.update.microsoft.com…
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

–
End of file - 7165 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{6F282B65-56BF-4BD1-A8B2-A4449A05863D}]
GamesBar - C:\Program Files\GamesBar\oberontb.dll [2007-06-19 380928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d’aide de l’Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{6F282B65-56BF-4BD1-A8B2-A4449A05863D} - GamesBar - C:\Program Files\GamesBar\oberontb.dll [2007-06-19 380928]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-10-14 863688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“SoundMan”=C:\WINDOWS\SOUNDMAN.EXE [2006-11-17 577536]
“SunJavaUpdateSched”=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
“”= []
“VirtualDrive”=C:\Program Files\FarStone\VirtualDrive\VDTask.exe [2007-03-19 254007]
“Adobe Reader Speed Launcher”=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
“NvCplDaemon”=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
“nwiz”=nwiz.exe /install []
“NvMediaCenter”=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
“avast!”=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-18 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
“MsnMsgr”=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
“DAEMON Tools Lite”=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus XtremeG]
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPPrivacy]
C:\Program Files\IP Privacy\IP Privacy.exe [2008-07-14 999424]

C:\Documents and Settings\marie et nino\Menu Démarrer\Programmes\Démarrage
A4Proxy.lnk - C:\Program Files\A4Proxy\A4Proxy.exe
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
RivaTuner.lnk - C:\Program Files\RivaTuner v2.09\RivaTuner.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\SYSTEM32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 240128]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“NoDispBackgroundPage”=1
“NoDispScrSavPage”=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDriveTypeAutoRun”=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDriveAutoRun”=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“C:\Program Files\A4Proxy\A4Proxy.exe”=“C:\Program Files\A4Proxy\A4Proxy.exe::Disabled:Anonymity 4 Proxy Application"
“C:\WINDOWS\system32\sessmgr.exe”="C:\WINDOWS\system32\sessmgr.exe::Disabled:@xpsp2res.dll,-22019”
“C:\WINDOWS\Network Diagnostic\xpnetdiag.exe”=“C:\WINDOWS\Network Diagnostic\xpnetdiag.exe::Disabled:@xpsp3res.dll,-20000"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Disabled:Windows Live Messenger”
“C:\Program Files\Windows Live\Messenger\livecall.exe”=“C:\Program Files\Windows Live\Messenger\livecall.exe::Disabled:Windows Live Messenger (Phone)"
“C:\Program Files\Messenger\msmsgs.exe”="C:\Program Files\Messenger\msmsgs.exe::Disabled:Windows Messenger”
“C:\Documents and Settings\marie et nino\Bureau\remote-trial\Master.exe”=“C:\Documents and Settings\marie et nino\Bureau\remote-trial\Master.exe::Disabled:Master"
“C:\WINDOWS\system32\dplaysvr.exe”="C:\WINDOWS\system32\dplaysvr.exe::Disabled:Microsoft DirectPlay Helper”
“C:\Documents and Settings\marie et nino\Bureau\Stronghold Crusader sur Ace\Stronghold Crusader.exe”=“C:\Documents and Settings\marie et nino\Bureau\Stronghold Crusader sur Ace\Stronghold Crusader.exe::Enabled:Stronghold Crusader"
“C:\Program Files\GameSpy Arcade\Aphex.exe”="C:\Program Files\GameSpy Arcade\Aphex.exe::Enabled:GameSpy Arcade”
“C:\Program Files\Sierra\FEARCombat\fpupdate.exe”=“C:\Program Files\Sierra\FEARCombat\fpupdate.exe::Enabled:fpupdate"
“C:\Program Files\Sierra\FEARCombat\FEARMP.exe”="C:\Program Files\Sierra\FEARCombat\FEARMP.exe::Enabled:FEAR Combat”
“C:\Program Files\Shareaza\Shareaza.exe”=“C:\Program Files\Shareaza\Shareaza.exe::Enabled:Shareaza Ultimate File Sharing"
“C:\Program Files\THQ\Company of Heroes\RelicCOH.exe”="C:\Program Files\THQ\Company of Heroes\RelicCOH.exe::Enabled:RelicCOH”
“C:\Program Files\IP Privacy\IP Privacy.exe”=“C:\Program Files\IP Privacy\IP Privacy.exe::Enabled:IP Privacy"
“C:\Program Files\uTorrent\uTorrent.exe”="C:\Program Files\uTorrent\uTorrent.exe::Enabled:µTorrent”
“C:\WINDOWS\system32\PnkBstrA.exe”=“C:\WINDOWS\system32\PnkBstrA.exe::Enabled:PnkBstrA"
“C:\WINDOWS\system32\PnkBstrB.exe”="C:\WINDOWS\system32\PnkBstrB.exe::Enabled:PnkBstrB”
“C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe”=“C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe::Enabled:Call of Duty® 4 - Modern Warfare™ "
“C:\Program Files\Qtracker\qtracker.exe”="C:\Program Files\Qtracker\qtracker.exe::Enabled:Qtracker”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=“C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger"
“C:\Program Files\Windows Live\Messenger\livecall.exe”="C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)”

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{6a449407-6ad7-11dd-b8e1-001b11151692}]
shell\Auto\command - J:\Start.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

======List of files/folders created in the last 1 months======

2008-12-16 23:04:28 ----D---- C:\Program Files\trend micro
2008-12-16 23:04:25 ----D---- C:\rsit
2008-12-16 22:25:36 ----D---- C:\Documents and Settings\marie et nino\Application Data\WinRAR
2008-12-16 21:37:24 ----D---- C:\Program Files\WinRAR
2008-12-16 12:19:34 ----D---- C:\Documents and Settings\All Users\Application Data\NevoSoft Games
2008-12-15 21:06:15 ----D---- C:\Documents and Settings\marie et nino\Application Data\EnchantedCavern
2008-12-15 18:24:15 ----D---- C:\Documents and Settings\marie et nino\Application Data\Meridian93
2008-12-15 11:03:08 ----D---- C:\Documents and Settings\All Users\Application Data\FlyWheelGames
2008-12-14 18:32:02 ----D---- C:\Documents and Settings\marie et nino\Application Data\SecretIslandEng
2008-12-11 23:03:54 ----HDC---- C:\WINDOWS$NtUninstallKB955839$
2008-12-11 23:02:26 ----HDC---- C:\WINDOWS$NtUninstallKB952069_WM9$
2008-12-11 23:02:22 ----HDC---- C:\WINDOWS$NtUninstallKB954600$
2008-12-11 23:02:13 ----HDC---- C:\WINDOWS$NtUninstallKB956802$
2008-12-11 21:06:05 ----D---- C:\Documents and Settings\marie et nino\Application Data\Qtracker
2008-12-03 20:54:19 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-12-03 20:54:19 ----A---- C:\WINDOWS\system32\x3daudio1_2.dll
2008-12-03 20:54:18 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-12-03 20:54:18 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-12-03 20:54:18 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-12-03 20:54:17 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-12-03 20:54:17 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-12-03 20:54:15 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-12-03 20:54:15 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-12-03 20:54:14 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-12-03 20:54:13 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-12-03 20:54:13 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-12-03 20:54:13 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-12-03 20:54:12 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-12-03 20:54:12 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-12-03 20:54:12 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-12-03 20:53:00 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-12-03 20:52:59 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2008-12-03 20:52:58 ----A---- C:\WINDOWS\game.ini
2008-12-03 20:44:42 ----D---- C:\Program Files\Activision
2008-11-30 13:46:42 ----D---- C:\Program Files\uTorrent
2008-11-30 13:46:40 ----D---- C:\Documents and Settings\marie et nino\Application Data\uTorrent
2008-11-28 19:39:49 ----D---- C:\Program Files\IP Privacy
2008-11-18 17:42:03 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-11-17 20:57:46 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

======List of files/folders modified in the last 1 months======

2008-12-16 23:04:49 ----D---- C:\WINDOWS\Prefetch
2008-12-16 23:04:28 ----RD---- C:\Program Files
2008-12-16 22:42:24 ----D---- C:\Documents and Settings\All Users\Application Data\GamesBar
2008-12-16 22:33:48 ----D---- C:\Program Files\Mozilla Firefox
2008-12-16 22:30:04 ----D---- C:\WINDOWS\Temp
2008-12-16 22:28:13 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-16 22:25:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-16 22:25:06 ----D---- C:\WINDOWS\system32\Restore
2008-12-16 22:24:48 ----RASH---- C:\boot.ini
2008-12-16 22:24:48 ----A---- C:\WINDOWS\win.ini
2008-12-16 22:24:48 ----A---- C:\WINDOWS\system.ini
2008-12-16 12:56:10 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-16 12:17:53 ----D---- C:\Program Files\Oberon Media
2008-12-16 12:17:53 ----D---- C:\Program Files\Gamenext
2008-12-15 22:17:59 ----A---- C:\WINDOWS\w32dasm8.ini
2008-12-15 21:06:05 ----D---- C:\Documents and Settings\marie et nino\Application Data\Zylom
2008-12-15 21:06:05 ----D---- C:\Documents and Settings\marie et nino\Application Data\Identities
2008-12-15 21:05:32 ----D---- C:\Program Files\Zylom Games
2008-12-15 09:59:51 ----D---- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
2008-12-14 17:29:27 ----D---- C:\Program Files\GamesBar
2008-12-12 21:27:45 ----D---- C:\WINDOWS
2008-12-12 21:23:11 ----D---- C:\WINDOWS\system32
2008-12-11 23:03:56 ----HD---- C:\WINDOWS\inf
2008-12-11 23:03:51 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 23:03:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-11 23:03:44 ----D---- C:\Program Files\Internet Explorer
2008-12-11 23:03:35 ----D---- C:\WINDOWS\ie7updates
2008-12-11 23:03:32 ----HD---- C:\WINDOWS$hf_mig$
2008-12-10 00:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-03 21:03:27 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-03 21:02:19 ----SHD---- C:\WINDOWS\Installer
2008-12-03 20:54:20 ----D---- C:\WINDOWS\system32\DirectX
2008-12-03 20:53:19 ----D---- C:\WINDOWS\system32\drivers
2008-12-03 20:52:59 ----D---- C:\WINDOWS\system32\LogFiles
2008-11-28 19:21:21 ----D---- C:\Program Files\A4Proxy
2008-11-23 13:40:02 ----D---- C:\données
2008-11-18 17:32:58 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-17 20:51:43 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-18 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-18 110160]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-18 50864]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-18 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-18 94032]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-03-08 4027840]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-18 23152]
R3 fcdabus;fcdabus; C:\WINDOWS\system32\DRIVERS\fcdabus.sys [2007-03-02 17840]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-28 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S2 NVR0FLASHDev;NVR0FLASHDev; ??\C:\WINDOWS\nvflash.sys []
S3 A5AGU;D-Link USB Wireless Network Adapter Service; C:\WINDOWS\System32\DRIVERS\A5AGU.sys [2006-09-29 347648]
S3 a61ti466;a61ti466; C:\WINDOWS\system32\drivers\a61ti466.sys []
S3 tapavpn;Steganos Anonym VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapavpn.sys [2007-10-19 24320]
S3 usbprint;Classe d’imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-18 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-18 155160]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-12-03 66872]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-18 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-18 352920]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

mais je n'est que "log" qui s'affiche

valentin_the_best · Décembre 16, 2008, 11:13

-----------\ ToolBar S&D 1.2.6 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon™ 64 Processor 3400+ )
BIOS : BIOS Date: 06/19/05 11:24:11 Ver: 08.00.12
USER : marie et nino ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1290 [VPS 081216-0] 4.8.1290 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:186 Go (Free:77 Go)
D:\ (CD or DVD)
H:\ (CD or DVD)
J:\ (CD or DVD)
K:\ (CD or DVD)
L:\ (CD or DVD)

“C:\ToolBar SD” ( MAJ : 04-12-2008|20:40 )
Option : [1] ( 16/12/2008|23:11 )

-----------\ Recherche de Fichiers / Dossiers …

C:\Program Files\DAEMON Tools Toolbar
C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT
C:\Program Files\DAEMON Tools Toolbar\Resources
C:\Program Files\DAEMON Tools Toolbar\uninst.exe
C:\Program Files\DAEMON Tools Toolbar_DTLite.xml
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\chrome
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\chrome.manifest
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\install.rdf
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\chrome\dttoolbar.jar
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.xpt
C:\Program Files\DAEMON Tools Toolbar\Resources\about.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\AboutWindow.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\as.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\as.png
C:\Program Files\DAEMON Tools Toolbar\Resources\astro.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\b1.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\b1.png
C:\Program Files\DAEMON Tools Toolbar\Resources\BurnImage.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\buy.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\cond000.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond001.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond003.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond004.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond005.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond006.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond007.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond008.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond009.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond010.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond011.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond019.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond020.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond021.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond022.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond023.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond024.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond025.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond026.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond037.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond038.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond039.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond040.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond041.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond046.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond048.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond050.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond051.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond052.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond053.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond054.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond055.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond056.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond057.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond058.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond059.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond060.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond061.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond062.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond063.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond064.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond065.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond066.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond067.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond068.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond069.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond075.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond076.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond077.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond078.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond079.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond080.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond084.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond085.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond086.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond087.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond088.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond089.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond090.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond091.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond092.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond093.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond094.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond095.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond108.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond109.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond110.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond111.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond112.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond113.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond120.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond121.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond122.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond126.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond127.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond128.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond129.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond130.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond131.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond132.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond133.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond134.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond135.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond136.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond137.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond138.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond140.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond141.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond142.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond143.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond148.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond149.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond152.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond154.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond155.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond156.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond157.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\Config.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\d.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\d2.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\daemon.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\ds.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dsearch.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dt.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\DTPro.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Dwnl.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\emulation.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\features.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\gd.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\genre.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\globe.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\GrabImage.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\hb.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\hb.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\help.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\ip.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\lang.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\lingvo.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\m.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\mail.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_disable.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_disable.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRadioConfig.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRadioStation.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuTr.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\next.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\next_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\next_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\next_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\none.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\none_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\noW.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\op.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\play.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\play.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\play_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\play_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\play_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\pragma.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\prev.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prev_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prev_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prev_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prod.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Radio.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBg.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBgMask.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDisp.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDisp_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioError.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioError_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioSmallDisp.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioSmallDisp_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioWait.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioWait_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Rss.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Rss1.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\rssClose.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\rssL.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\rssOpen.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\size.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\size_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\skins.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\spt.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\stop.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\stop.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\stop_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\stop_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\stop_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\SupportRequest.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\time.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\TitleIcon.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\toolbar.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\trans.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_disable.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\u.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\vol.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_back.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_dott.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_dott_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wb.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m42.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m43.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wi.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi0.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi1.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi10.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi11.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi12.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi13.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi2.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi3.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi4.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi5.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi6.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi7.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi8.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi9.ico
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-23-06-31-39
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-23-06-31-39.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-15-18-10-31
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-15-18-10-31.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-15-18-10-41
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-15-18-10-41.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\7_wonders_treasures_of_seven16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\about.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\action.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\arcade.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\big_city_adventure_sydney16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\buy.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\cards.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\deals.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\death_nile16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\diner_dash_flo_through_time16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\download.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\feedback.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\help.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\highlight.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jigsaw.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\luxor_quest_for_the_afterlife16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mahjong.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\multiplayer.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mygames.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\natalie_brooks16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\newGames.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\oberonconfig.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\obSearchHistory.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\partner.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\peggle_nights16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_off.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_on.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\puzzle.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\search.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\search_goog.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sendafriend.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sports.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\the_hidden_object_show16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\trial.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\uninstall.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\update.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\virtualvillagers16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\webgame.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-23-06-31-39\about.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-23-06-31-39\partner.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-15-18-10-31\about.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-15-18-10-31\feedback.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-15-18-10-31\help.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-15-18-10-31\partner.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-15-18-10-31\sendafriend.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-15-18-10-31\uninstall.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-15-18-10-31\update.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-15-18-10-41\partner.gif
C:\Program Files\GamesBar
C:\Program Files\GamesBar\Localization-French.ini
C:\Program Files\GamesBar\Localization2-French.ini
C:\Program Files\GamesBar\oberontb.dll
C:\Program Files\GamesBar\OBGet.exe
C:\Program Files\GamesBar\uninst.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\GamesBar

-----------\ […\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Local Page”=“C:\WINDOWS\system32\blank.htm”
“Start Page”=“http://www.ircdown.com/fr/index.php?rvs=hompag&d=79918971e=6144”
“Search Page”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch”
“Search Bar”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch”
“SearchMigratedDefaultURL”=“http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}”

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
“Default_Page_URL”=“http://go.microsoft.com/fwlink/?LinkId=69157”
“Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157”

--------------------\ Recherche d’autres infections

--------------------\ Cracks & Keygens …

C:\DOCUME~1\MARIEE~1\Bureau\val ne pas touch?\jeux\Age of Empires II sur Ace\age2_x1\Cracking_Age2x_German3.txt
C:\DOCUME~1\MARIEE~1\Bureau\val ne pas touch?\jeux\Stronghold Crusader sur Ace\gm\cracks.gm1
C:\DOCUME~1\MARIEE~1\Local Settings\Temp\R?pertoire temporaire 3 pour Windows_XP_SP1_Service_Pack_Crack-1.zip
C:\DOCUME~1\MARIEE~1\Local Settings\Temp\R?pertoire temporaire 3 pour Windows_XP_SP1_Service_Pack_Crack-1.zip\windows_xp_sp1_Service_pack_crack
C:\DOCUME~1\MARIEE~1\Local Settings\Temp\R?pertoire temporaire 3 pour Windows_XP_SP1_Service_Pack_Crack-1.zip\windows_xp_sp1_Service_pack_crack\WindowsXP Product Key Viewer.exe
C:\DOCUME~1\MARIEE~1\Mes documents\Shareaza Downloads\Metadata\heroes 3.Crack.All.Version.zip.xml

1 - “C:\ToolBar SD\TB_1.txt” - 16/12/2008|23:11 - Option : [1]

-----------\ Fin du rapport a 23:11:56,75

voila

goldorak59 · Décembre 16, 2008, 11:21

Re,

Fais ceci maintenant :

Nettoyage avec ToolBar S&D :

!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!
Relances Toolbar-S&D en double-cliquant sur le raccourci.

Tapes sur l’option 2 ( “nettoyage” ) puis tapes sur “Entrée”.

Note : Ne touches à rien lors de la suppression !!

Un rapport sera généré à la fin du processus : postes son contenu dans ta prochaine réponse

1- Télécharges OTMoveIt3 (de Old_Timer) sur ton Bureau.

oldtimer.geekstogo.com…

! Déconnectes toi et fermes toute tes applications en cours !

Double cliques sur “OTMoveIt3.exe” pour ouvrir le prg .
Puis copies ce qui se trouve en citation ci-dessous,

[b]
:Processes
explorer.exe

:Files
C:\DOCUME~1\MARIEE~1\Bureau\val ne pas touch?\jeux\Age of Empires II sur Ace\age2_x1\Cracking_Age2x_German3.txt
C:\DOCUME~1\MARIEE~1\Bureau\val ne pas touch?\jeux\Stronghold Crusader sur Ace\gm\cracks.gm1
C:\DOCUME~1\MARIEE~1\Local Settings\Temp\R?pertoire temporaire 3 pour Windows_XP_SP1_Service_Pack_Crack-1.zip
C:\DOCUME~1\MARIEE~1\Local Settings\Temp\R?pertoire temporaire 3 pour Windows_XP_SP1_Service_Pack_Crack-1.zip\windows_xp_sp1_Service_pack_crack
C:\DOCUME~1\MARIEE~1\Local Settings\Temp\R?pertoire temporaire 3 pour Windows_XP_SP1_Service_Pack_Crack-1.zip\windows_xp_sp1_Service_pack_crack\WindowsXP Product Key Viewer.exe
C:\DOCUME~1\MARIEE~1\Mes documents\Shareaza Downloads\Metadata\heroes 3.Crack.All.Version.zip.xml

:Commands
[purity]
[emptytemp]
[start explorer]
[reboot] [/b]

et colles le dans le cadre de gauche de OTMoveIt3 :
Paste Instructions for items to be moved.
(ne touche à rien d’autre !)

-> cliques sur MoveIt! pour lancer la suppression.
-> laisses travailler l’outil …

( Note : ton bureau va disparaitre puis réapparaitre, c’est normal .)

–>Postes le contenu du rapport qui se trouve dans le dossier “C:_OTMoveIt\MovedFiles”
( " xxxx2008_xxxxxx.log " où les “x” correspondent au jour et à l’heure de l’utilisation ).

—> Télécharge CCleaner (N’installe pas la Yahoo Toolbar) :
CCLEANER

—> Lance-le. Va dans “Options” puis “Avancé”, tu décoches la case “Effacer uniquement les fichiers etc…”. Tu vas dans “Nettoyeur”, tu fais “Analyse”. Une fois terminé, tu lances le nettoyage. Puis tu vas dans “Registre”, tu fais “Chercher des erreurs”. Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.

Refait un rsit.

merci

valentin_the_best · Décembre 16, 2008, 11:28

-----------\ ToolBar S&D 1.2.6 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon™ 64 Processor 3400+ )
BIOS : BIOS Date: 06/19/05 11:24:11 Ver: 08.00.12
USER : marie et nino ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1290 [VPS 081216-0] 4.8.1290 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:186 Go (Free:77 Go)
D:\ (CD or DVD)
H:\ (CD or DVD)
J:\ (CD or DVD)
K:\ (CD or DVD)
L:\ (CD or DVD)

“C:\ToolBar SD” ( MAJ : 04-12-2008|20:40 )
Option : [2] ( 16/12/2008|23:22 )

-----------\ SUPPRESSION

Supprime! - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
Echec ! - C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT
Supprime! - C:\Program Files\DAEMON Tools Toolbar\Resources
Supprime! - C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Supprime! - C:\Program Files\DAEMON Tools Toolbar_DTLite.xml
Supprime! - C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-23-06-31-39
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-23-06-31-39.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-15-18-10-31
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-15-18-10-31.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-15-18-10-41
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-15-18-10-41.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\7_wonders_treasures_of_seven16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\about.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\action.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\arcade.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\big_city_adventure_sydney16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\buy.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\cards.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\deals.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\death_nile16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\diner_dash_flo_through_time16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\download.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\feedback.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\help.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\highlight.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jigsaw.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\luxor_quest_for_the_afterlife16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mahjong.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\multiplayer.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mygames.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\natalie_brooks16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\newGames.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\oberonconfig.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\obSearchHistory.dat
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\partner.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\peggle_nights16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_off.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_on.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\puzzle.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\search.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\search_goog.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sendafriend.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sports.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\the_hidden_object_show16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\trial.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\uninstall.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\update.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\virtualvillagers16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\webgame.gif
Supprime! - C:\Program Files\GamesBar\Localization-French.ini
Supprime! - C:\Program Files\GamesBar\Localization2-French.ini
Supprime! - C:\Program Files\GamesBar\oberontb.dll
Supprime! - C:\Program Files\GamesBar\OBGet.exe
Supprime! - C:\Program Files\GamesBar\uninst.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\GamesBar
Supprime! - C:\Program Files\DAEMON Tools Toolbar
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
Supprime! - C:\Program Files\GamesBar

-----------\ Recherche de Fichiers / Dossiers …

-----------\ […\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Local Page”=“C:\WINDOWS\system32\blank.htm”
“Start Page”=“http://www.ircdown.com/fr/index.php?rvs=hompag&d=79918971e=6144”
“Search Page”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch”
“Search Bar”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch”
“SearchMigratedDefaultURL”=“http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}”

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
“Default_Page_URL”=“http://go.microsoft.com/fwlink/?LinkId=69157”
“Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Start Page”=“http://www.msn.com/”

--------------------\ Recherche d’autres infections

--------------------\ Cracks & Keygens …

C:\DOCUME~1\MARIEE~1\Bureau\val ne pas touch?\jeux\Age of Empires II sur Ace\age2_x1\Cracking_Age2x_German3.txt
C:\DOCUME~1\MARIEE~1\Bureau\val ne pas touch?\jeux\Stronghold Crusader sur Ace\gm\cracks.gm1
C:\DOCUME~1\MARIEE~1\Local Settings\Temp\R?pertoire temporaire 3 pour Windows_XP_SP1_Service_Pack_Crack-1.zip
C:\DOCUME~1\MARIEE~1\Local Settings\Temp\R?pertoire temporaire 3 pour Windows_XP_SP1_Service_Pack_Crack-1.zip\windows_xp_sp1_Service_pack_crack
C:\DOCUME~1\MARIEE~1\Local Settings\Temp\R?pertoire temporaire 3 pour Windows_XP_SP1_Service_Pack_Crack-1.zip\windows_xp_sp1_Service_pack_crack\WindowsXP Product Key Viewer.exe
C:\DOCUME~1\MARIEE~1\Mes documents\Shareaza Downloads\Metadata\heroes 3.Crack.All.Version.zip.xml

1 - “C:\ToolBar SD\TB_1.txt” - 16/12/2008|23:11 - Option : [1]
2 - “C:\ToolBar SD\TB_2.txt” - 16/12/2008|23:23 - Option : [2]

-----------\ Fin du rapport a 23:23:43,59

========== PROCESSES ========== Process explorer.exe killed successfully. ========== FILES ========== File/Folder C:\DOCUME~1\MARIEE~1\Bureau\val ne pas touch?\jeux\Age of Empires II sur Ace\age2_x1\Cracking_Age2x_German3.txt not found. File/Folder C:\DOCUME~1\MARIEE~1\Bureau\val ne pas touch?\jeux\Stronghold Crusader sur Ace\gm\cracks.gm1 not found. C:\DOCUME~1\MARIEE~1\Local Settings\Temp\Répertoire temporaire 3 pour Windows_XP_SP1_Service_Pack_Crack-1.zip\windows_xp_sp1_Service_pack_crack moved successfully. C:\DOCUME~1\MARIEE~1\Local Settings\Temp\Répertoire temporaire 3 pour Windows_XP_SP1_Service_Pack_Crack-1.zip moved successfully. File/Folder C:\DOCUME~1\MARIEE~1\Local Settings\Temp\R?pertoire temporaire 3 pour Windows_XP_SP1_Service_Pack_Crack-1.zip\windows_xp_sp1_Service_pack_crack not found. File/Folder C:\DOCUME~1\MARIEE~1\Local Settings\Temp\R?pertoire temporaire 3 pour Windows_XP_SP1_Service_Pack_Crack-1.zip\windows_xp_sp1_Service_pack_crack\WindowsXP Product Key Viewer.exe not found. C:\DOCUME~1\MARIEE~1\Mes documents\Shareaza Downloads\Metadata\heroes 3.Crack.All.Version.zip.xml moved successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\MARIEE~1\LOCALS~1\Temp\etilqs_LHBPNodFQPGaxd5r6aU0 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\MARIEE~1\LOCALS~1\Temp\~DF6BF2.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\MARIEE~1\LOCALS~1\Temp\~DF6C08.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\MARIEE~1\LOCALS~1\Temp\~DF775B.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\MARIEE~1\LOCALS~1\Temp\~DF77C2.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_460.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\marie et nino\Local Settings\Application Data\Mozilla\Firefox\Profiles\aef4dui1.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\marie et nino\Local Settings\Application Data\Mozilla\Firefox\Profiles\aef4dui1.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\marie et nino\Local Settings\Application Data\Mozilla\Firefox\Profiles\aef4dui1.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\marie et nino\Local Settings\Application Data\Mozilla\Firefox\Profiles\aef4dui1.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\marie et nino\Local Settings\Application Data\Mozilla\Firefox\Profiles\aef4dui1.default\urlclassifier3.sqlite scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12162008_232547

goldorak59 · Décembre 16, 2008, 11:40

Re,

Peut tu me refaire un rsit STP.

merci

valentin_the_best · Décembre 16, 2008, 11:50

Logfile of random’s system information tool 1.04 (written by random/random)
Run by marie et nino at 2008-12-16 23:46:57
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 82 GB (43%) free of 191 GB
Total RAM: 2047 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:46:58, on 16/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Documents and Settings\marie et nino\Bureau\RSIT.exe
C:\Program Files\trend micro\marie et nino.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.ircdown.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM…\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM…\Run: [VirtualDrive] “C:\Program Files\FarStone\VirtualDrive\VDTask.exe” /AutoRestore
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\daemon.exe” -autorun
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: A4Proxy.lnk = C:\Program Files\A4Proxy\A4Proxy.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: RivaTuner.lnk = C:\Program Files\RivaTuner v2.09\RivaTuner.exe
O8 - Extra context menu item: &Windows Live Search - C:\Program… Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com…
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - www.update.microsoft.com…
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

–
End of file - 7013 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d’aide de l’Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fenêtres pop-up - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]