trojan w32.myzor FK@yf [ Résolu] (merci à Sham_Rock) - Sécurité - Virus
TomsGuide.com : 700 000 inscrits répondent à toutes vos questions high-tech et informatique.
Pour obtenir de l'aide, inscrivez-vous gratuitement !
 

Ajouter une réponse



Mot :   Pseudo :  
 
Bas de page
Auteur
 Sujet : trojan w32.myzor FK@yf [ Résolu] (merci à Sham_Rock)
 
legui31
Profil : IDNaute
Plus d'informations
n°275799
23-01-2008 à 14:10:11

depuis hier soir jai un message ki safiche en me disan ke le virus w32.myzor FK@yf est dans mon ordi comment faire pour el suprimer svp aidez moi


Message édité par legui31 le 25-01-2008 à 00:37:40
Liens sponsorisés


Inscrivez-vous ou connectez-vous pour masquer ceci.

Sham_Rock
<@_@>
Profil : Helper
Plus d'informations
n°275804
23-01-2008 à 14:14:44

bonjour
évite le sms stp
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2


---------------
Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
legui31
Profil : IDNaute
Plus d'informations
n°275805
23-01-2008 à 14:18:23

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:11:52, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\services.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Video Add-on\icmntr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Fichiers communs\AOL\1186962922\ee\AOLSoftware.exe
C:\PROGRA~1\FICHIE~1\NETTOY~1\GDCcw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\NettoyeurDePC\GDC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Bureau\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - C:\Program Files\Video Add-on\isfmdl.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb123\Dealio.dll
O2 - BHO: 100% Free Five Hundred Toolbar Helper - {6EA24EAD-2E33-43C3-B023-05FC1BA3C152} - C:\Program Files\100% Free Five Hundred Toolbar\v3.2.0.0\100%_Free_Five_Hundred_Toolbar.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - C:\Program Files\Helper\1201041858.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: 100% Free Five Hundred Toolbar - {73FB038C-943C-47EC-A324-635635F796D2} - C:\Program Files\100% Free Five Hundred Toolbar\v3.2.0.0\100%_Free_Five_Hundred_Toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb123\Dealio.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: IE Custom Tools - {C4DFA6F3-1245-41E5-8E60-7D31427F01B3} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1186962922\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [memo site kind that] C:\Documents and Settings\All Users\Application Data\Grid Blue Memo Site\loud free.exe
O4 - HKLM\..\Run: [rtasks] C:\Program Files\AntivirusFiable\rtasks.exe
O4 - HKLM\..\Run: [NettoyeurDePC] "C:\Program Files\NettoyeurDePC\GDC.exe"
O4 - HKLM\..\Run: [gdccw] "C:\PROGRA~1\FICHIE~1\NETTOY~1\GDCcw.exe" -start
O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk Trial\topdesk.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [mess atom] C:\DOCUME~1\User\APPLIC~1\SHOWBA~1\Ball Two.exe
O4 - HKCU\..\Run: [NettoyeurDePC] C:\Program Files\NettoyeurDePC\GDC.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b
O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\User\Application Data\Dealio\kb123\res\DealioSearch.html
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?fba3a27700a45daa7a75382f0bfc27f
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?fba3a27700a45daa7a75382f0bfc27f
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb123\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb123\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O22 - SharedTaskScheduler: aposiopetic - {91316323-2ad5-4794-9589-52a2eaa60a68} - C:\WINDOWS\system32\shlahsd.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13827 bytes


merci de me rendre service et désolé pour le language sms

Sham_Rock
<@_@>
Profil : Helper
Plus d'informations
n°275806
23-01-2008 à 14:21:46

pas de soucis :)

~Télécharge SmitfraudFix

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

~Dezippe la totalité de l'archive SmitfraudFix.zip
Recherche:
~Double clique sur SmitfraudFix.cmd
~Sélectionne 1 et presse Entrée dans le menu pour créer un rapport des fichiers responsables de l'infection. Le rapport se trouve à la racine du disque système C:\rapport.txt
~Poste ce rapport.
process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


---------------
Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
legui31
Profil : IDNaute
Plus d'informations
n°275810
23-01-2008 à 14:26:35

SmitFraudFix v2.274

Rapport fait à 14:25:25,65, 23/01/2008
Executé à partir de C:\Documents and Settings\User\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\services.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Video Add-on\icmntr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Fichiers communs\AOL\1186962922\ee\AOLSoftware.exe
C:\PROGRA~1\FICHIE~1\NETTOY~1\GDCcw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\NettoyeurDePC\GDC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\User\Favoris

C:\DOCUME~1\User\Favoris\Online Security Test.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Helper\ PRESENT !
C:\Program Files\Video Add-on\ PRESENT !
C:\Program Files\VirusProtect 3.9\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{91316323-2ad5-4794-9589-52a2eaa60a68}"="aposiopetic"

[HKEY_CLASSES_ROOT\CLSID\{91316323-2ad5-4794-9589-52a2eaa60a68}\InProcServer32]
@="C:\WINDOWS\system32\shlahsd.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{91316323-2ad5-4794-9589-52a2eaa60a68}\InProcServer32]
@="C:\WINDOWS\system32\shlahsd.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte Fast Ethernet compatible VIA - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{70C967B2-8A3B-43B7-901B-37F88A58A5A2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{70C967B2-8A3B-43B7-901B-37F88A58A5A2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{70C967B2-8A3B-43B7-901B-37F88A58A5A2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Sham_Rock
<@_@>
Profil : Helper
Plus d'informations
n°275816
23-01-2008 à 14:39:55

re

~Redémarre l'ordinateur en mode sans échec (F8 au démarrage de l'ordinateur)
http://www.malekal.com/modesansechec.php

~Double clique sur SmitfraudFix.cmd
~Sélectionne 2 et presse Entrée dans le menu pour supprimer les fichiers responsables de l'infection.
~Réponds Oui (o) à toutes les questions.
Un redémarrage sera peut être nécessaire pour terminer la procédure de nettoyage.
~Poste le nouveau rapport.

ajoute un nouveau log hijackthis


---------------
Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
legui31
Profil : IDNaute
Plus d'informations
n°275820
23-01-2008 à 14:57:11

SmitFraudFix v2.274

Rapport fait à 14:51:09,93, 23/01/2008
Executé à partir de C:\Documents and Settings\User\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{91316323-2ad5-4794-9589-52a2eaa60a68}"="aposiopetic"

[HKEY_CLASSES_ROOT\CLSID\{91316323-2ad5-4794-9589-52a2eaa60a68}\InProcServer32]
@="C:\WINDOWS\system32\shlahsd.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{91316323-2ad5-4794-9589-52a2eaa60a68}\InProcServer32]
@="C:\WINDOWS\system32\shlahsd.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\shlahsd.dll -> Hoax.Win32.Renos.gen.o
C:\WINDOWS\system32\shlahsd.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url supprimé
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url supprimé
C:\DOCUME~1\User\Favoris\Online Security Test.url supprimé
C:\Program Files\Helper\ supprimé
C:\Program Files\Video Add-on\ supprimé
C:\Program Files\VirusProtect 3.9\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{70C967B2-8A3B-43B7-901B-37F88A58A5A2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{70C967B2-8A3B-43B7-901B-37F88A58A5A2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{70C967B2-8A3B-43B7-901B-37F88A58A5A2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


merci j'aurais jamais trouvé comment faire tout cela , c'est finit ou il faut encore installer ou faire d'autre chose ?

Sham_Rock
<@_@>
Profil : Helper
Plus d'informations
n°275837
23-01-2008 à 15:19:40

on continue :)

1

Télécharge Lop S&D.exe sur ton bureau

  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
  • Séléctionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré ( C:\lopR.txt )


( Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )


2

Télécharge BTFix de Bibi26.

  • Dézippe l'archive sur ton Bureau.
  • Ouvre le dossier BTFix.
  • Double clique sur BTFix.exe.
  • Clique sur Rechercher.
  • Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.


---------------
Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
legui31
Profil : IDNaute
Plus d'informations
n°275838
23-01-2008 à 15:23:20

Voici le rapport avec Lop :
-----------------------------[ Lop S&D 2.1.3 ]---------------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : User ] [ "C:\Program Files\Lop SD" ]
[ 23/01/2008 | 15:20:57,04 ] [ PC : USER-5887B793FA ]
[ MAJ : 23-01-2008 | 13:16 ]

-------------[ Listing des dossiers dans Application Data ]------------

[19/07/2007|16:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\.
[19/07/2007|16:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\..
[19/07/2007|16:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[23/01/2008|14:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[18/01/2008|12:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
[18/01/2008|12:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
[15/09/2007|15:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[19/07/2007|16:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[16/01/2008|18:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Aliasworlds
[13/10/2007|17:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[13/08/2007|00:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
[26/07/2007|21:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[23/07/2007|21:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
[19/07/2007|16:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[26/11/2007|20:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[26/12/2007|13:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\element5
[28/08/2007|09:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Enc safe that grid
[21/07/2007|13:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[20/09/2007|23:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grid Blue Memo Site
[26/10/2007|14:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HipSoft
[05/09/2007|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
[13/01/2008|22:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
[13/08/2007|00:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macromedia
[22/09/2007|19:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[20/10/2007|12:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NannyMania
[11/01/2008|17:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OrbNetworks
[06/01/2008|16:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[19/01/2008|16:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[06/01/2008|17:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
[13/01/2008|18:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecretsOfOlympus
[29/08/2007|14:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
[22/01/2008|23:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[26/10/2007|19:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TERMINAL Studio
[13/08/2007|00:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[02/11/2007|19:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Winamp Toolbar
[23/07/2007|22:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[23/07/2007|16:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[22/09/2007|14:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[29/08/2007|14:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[19/07/2007|16:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
[19/07/2007|16:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
[19/07/2007|16:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[19/07/2007|15:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[19/07/2007|15:26] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
[19/07/2007|15:26] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
[19/07/2007|15:20] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[19/07/2007|15:26] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
[19/07/2007|15:26] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
[19/07/2007|15:20] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[22/01/2008|23:51] C:\DOCUME~1\User\APPLIC~1\.
[22/01/2008|23:51] C:\DOCUME~1\User\APPLIC~1\..
[17/01/2008|20:36] C:\DOCUME~1\User\APPLIC~1\Adobe
[26/12/2007|00:46] C:\DOCUME~1\User\APPLIC~1\AdobeUM
[20/09/2007|22:55] C:\DOCUME~1\User\APPLIC~1\AntivirusFiable
[13/10/2007|17:21] C:\DOCUME~1\User\APPLIC~1\AOL
[26/12/2007|13:49] C:\DOCUME~1\User\APPLIC~1\ArcSoft
[23/01/2008|13:57] C:\DOCUME~1\User\APPLIC~1\Corel
[29/09/2007|15:41] C:\DOCUME~1\User\APPLIC~1\Dealio
[19/07/2007|16:49] C:\DOCUME~1\User\APPLIC~1\desktop.ini
[11/01/2008|16:54] C:\DOCUME~1\User\APPLIC~1\EoRezo
[26/10/2007|12:39] C:\DOCUME~1\User\APPLIC~1\Gaijin Ent
[01/11/2007|22:51] C:\DOCUME~1\User\APPLIC~1\GetRightToGo
[04/10/2007|21:44] C:\DOCUME~1\User\APPLIC~1\Google
[26/12/2007|14:25] C:\DOCUME~1\User\APPLIC~1\Help
[18/01/2008|12:26] C:\DOCUME~1\User\APPLIC~1\Identities
[21/09/2007|17:06] C:\DOCUME~1\User\APPLIC~1\install_fr[1].exe
[21/09/2007|20:23] C:\DOCUME~1\User\APPLIC~1\installer_fr[1].exe
[30/11/2007|13:25] C:\DOCUME~1\User\APPLIC~1\Jane s Hotel
[13/01/2008|11:53] C:\DOCUME~1\User\APPLIC~1\LimeWire
[19/11/2007|13:32] C:\DOCUME~1\User\APPLIC~1\Macromedia
[08/12/2007|11:46] C:\DOCUME~1\User\APPLIC~1\Microsoft
[13/08/2007|00:50] C:\DOCUME~1\User\APPLIC~1\Mozilla
[19/07/2007|19:52] C:\DOCUME~1\User\APPLIC~1\MSNInstaller
[06/11/2007|22:13] C:\DOCUME~1\User\APPLIC~1\My Games
[21/09/2007|20:33] C:\DOCUME~1\User\APPLIC~1\NettoyeurDePC
[23/01/2008|14:55] C:\DOCUME~1\User\APPLIC~1\OpenOffice.org2
[06/01/2008|16:15] C:\DOCUME~1\User\APPLIC~1\PlayFirst
[21/09/2007|17:06] C:\DOCUME~1\User\APPLIC~1\ProtectionConue
[24/07/2007|17:22] C:\DOCUME~1\User\APPLIC~1\QuickZip45.ini
[30/09/2007|18:22] C:\DOCUME~1\User\APPLIC~1\Real
[21/07/2007|16:56] C:\DOCUME~1\User\APPLIC~1\Samsung
[21/10/2007|09:31] C:\DOCUME~1\User\APPLIC~1\Sandlot Games
[22/01/2008|20:44] C:\DOCUME~1\User\APPLIC~1\SecuROM
[20/09/2007|23:31] C:\DOCUME~1\User\APPLIC~1\Showbatwin
[27/08/2007|22:31] C:\DOCUME~1\User\APPLIC~1\Sun
[04/09/2007|13:57] C:\DOCUME~1\User\APPLIC~1\vlc
[02/11/2007|19:51] C:\DOCUME~1\User\APPLIC~1\Winamp
[24/07/2007|23:42] C:\DOCUME~1\User\APPLIC~1\WinRAR
[18/01/2008|12:26] C:\DOCUME~1\User\APPLIC~1\Zylom

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[23/01/2008 15:00][--ah-----] C:\WINDOWS\tasks\AB8DBCE9918A3251.job [--264--]
[23/01/2008 15:07][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job [--256--]