[ Resolu ] Cheval de troie =) - Sécurité - Virus
Ceci répond-il à votre question ? Oui | Non
Se connecter | Inscription
 

Ajouter une réponse



 Mot :   Pseudo :  
 
Bas de page
Auteur
 Sujet : [ Resolu ] Cheval de troie =)
 
aurerily
Profil : IDNaute
Plus d'informations
n°315117
13-06-2008 à 13:52:41

Bonjour  :) Heu il y a un cheval de troie dans l'ordinateur de mon père qui est détecté par son antivirus AVG mais impossible de le supprimer. Je ne pense pas qu'il y ai que cela comme virus  :sweat:   ...  
Quelqu'un pourrait-il m'aider?
Merci beaucoup d'avance


Message édité par aurerily le 16-06-2008 à 19:09:22
Liens

Angeldark
Profil : Helper
Plus d'informations
n°315135
13-06-2008 à 15:38:19

Bonjour,
 
Tu as l'emplacement ?


---------------
Prévention & Protection|Les logiciels gratuits|L'homme  du FLCCF
aurerily
Profil : IDNaute
Plus d'informations
n°315165
13-06-2008 à 19:14:28

Oui C:\Windows\System32\rqRLdEut.dll

aurerily
Profil : IDNaute
Plus d'informations
n°315167
13-06-2008 à 19:19:29

Mais quand je veux le supprimer bien entendu cela ne marche pas. Manuellement mais aussi avec l'antivirus actuel qui est AVG. J'aivais installé Antivir Avira mais il affichait des detections sans arrets et n'arrivait pas à le supprimer ou le mettre en quarantaine donc je l'ai desinstallé pour le moment.

Angeldark
Profil : Helper
Plus d'informations
n°315238
14-06-2008 à 11:15:41

Bonjour,
 
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
 
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
 

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
 
AIDE : Tuto en images sur MBAM


---------------
Prévention & Protection|Les logiciels gratuits|L'homme  du FLCCF
aurerily
Profil : IDNaute
Plus d'informations
n°315283
14-06-2008 à 13:31:07

J'ai bien téléchargé le logiciel et il est en train d'analyser l'ordinateur. Par contre il m'a tout de suite demandé d'analyser sans redemarer ... Donc je l'ai fait . J'espere que cela ne posera pas de problème.  
Je posterais le rapport d'erreur dès que c'est terminé. Pour le moment il y a 32 éléments infectés et AVG en detecte toujours. Dois-je désactiver AVG antivirus ??

aurerily
Profil : IDNaute
Plus d'informations
n°315292
14-06-2008 à 14:50:48

Malwarebytes' Anti-Malware 1.17
Version de la base de données: 846
 
14:28:43 14/06/2008
mbam-log-6-14-2008 (14-28-43).txt
 
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 156584
Temps écoulé: 27 minute(s), 8 second(s)
 
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 57
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 75
 
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
 
Module(s) mémoire infecté(s):
C:\Windows\System32\rqRLdEut.dll (Trojan.Vundo) -> Unloaded module successfully.
 
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{df72002c-25d4-430a-ae88-17b7100b2ecf} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{df72002c-25d4-430a-ae88-17b7100b2ecf} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f3aef888-a3e2-44eb-bd85-f0c85ba7673f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f3aef888-a3e2-44eb-bd85-f0c85ba7673f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\msvps.msvpsapp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{069e8b19-0eac-45d6-a5b3-a10ff9b69f4c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{069e8b19-0eac-45d6-a5b3-a10ff9b69f4c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b3dce744-06c7-4c09-b99d-f54254c0954f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ea8279e1-f6b8-495a-8c6a-cb47bd8356d1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c7ccfdab-ccb0-46ad-8bf9-45aff6c7b742} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7bafe909-2f2d-4da0-a398-d22458caf3dc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c93db567-3f35-408f-8de6-2b570db6a5a0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\pcsd (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\pcsd (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qtvglped.bvtp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qtvglped.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f3aef888-a3e2-44eb-bd85-f0c85ba7673f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\Wallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6699a9e1 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6699a9e1 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\omlbpkaw (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\pmsoarbf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrldeut -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrldeut  -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
 
Dossier(s) infecté(s):
C:\Windows\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\SpywareIsolator (Rogue.Spywareisolator) -> Quarantined and deleted successfully.
C:\Windows\system32smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Philippe\AppData\Roaming\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Users\Philippe\Desktopvirii (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
 
Fichier(s) infecté(s):
C:\Windows\System32\rqRLdEut.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\tuEdLRqr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\tuEdLRqr.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Philippe\AppData\Local\Temp\eydaapdh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Windows\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Windows\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\SpywareIsolator\alarm.wav (Rogue.Spywareisolator) -> Quarantined and deleted successfully.
C:\Program Files\SpywareIsolator\click.wav (Rogue.Spywareisolator) -> Quarantined and deleted successfully.
C:\Program Files\SpywareIsolator\dbinfo (Rogue.Spywareisolator) -> Quarantined and deleted successfully.
C:\Program Files\SpywareIsolator\success.wav (Rogue.Spywareisolator) -> Quarantined and deleted successfully.
C:\Windows\system32smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Philippe\AppData\Roaming\PC-Cleaner\log.dat (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Users\Philippe\AppData\Roaming\PC-Cleaner\settings.dat (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Users\Philippe\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Philippe\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Philippe\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Philippe\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Philippe\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32akttzn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32anticipator.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32awtoolb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32bdn.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32bsva-egihsg52.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32dpcproxy.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32emesx.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32h@tkeysh@@k.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32hoproxy.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32hxiwlgpm.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32hxiwlgpm.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32medup012.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32medup020.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32msgp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32msnbho.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32mssecu.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32msvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32mtr2.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32mwin32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32netode.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32newsd32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32ps1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32psof1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32psoft1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32regc64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32regm64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32Rundl1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32sncntr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32ssurf022.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32ssvchost.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32ssvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32sysreq.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32taack.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32taack.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32temp#01.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32thun.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32thun32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32VBIEWER.OCX (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32vbsys2.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32vcatchpi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32winlogonpc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32WINWGPX.EXE (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

aurerily
Profil : IDNaute
Plus d'informations
n°315293
14-06-2008 à 14:52:18

Je refais une analyse et il ne detecte plus rien mais AVG si et cette fois ce sont des dossier differents sur systeme32 comme sur common file ou MSAgent : jamais les meme donc je n'ai pas vraiment le temps de noter.

Angeldark
Profil : Helper
Plus d'informations
n°315309
14-06-2008 à 15:19:57

Re,
 
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2


---------------
Prévention & Protection|Les logiciels gratuits|L'homme  du FLCCF
aurerily
Profil : IDNaute
Plus d'informations
n°315397
15-06-2008 à 12:30:05

Voila le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:17, on 15/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Philippe\Desktop\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =  
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =  
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =  
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {2ABD4117-8CF1-4A41-930B-9391E8C2DE6C} - C:\Windows\system32\rqRLdEut.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: qtvglped - {74E5E4E8-79DD-49AC-B64B-E74822D5F3CD} - C:\Windows\qtvglped.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [6699a9e1] rundll32.exe "C:\Users\Philippe\AppData\Local\Temp\vodcsmnu.dll",b
O4 - HKLM\..\Policies\Explorer\Run: [kyJE7WP9eX] C:\ProgramData\erulsvqh\wjatgxcp.exe
O4 - HKLM\..\Policies\Explorer\Run: [mQJOQ0190y] C:\ProgramData\erulsvqh\wjatgxcp.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:  
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/ [...] DP-1.1.cab
O21 - SSODL: WinDrv - {64aa26b6-5a6c-438b-bd93-23061cf38bd8} - C:\Windows\Resources\WinDrv.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\Windows\system32\ezNTSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
 
--
End of file - 9293 bytes

Angeldark
Profil : Helper
Plus d'informations
n°315398
15-06-2008 à 12:31:10

Re,
 
Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
 

  • Télécharge ComboFix (sUBs) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.


AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer


---------------
Prévention & Protection|Les logiciels gratuits|L'homme  du FLCCF
aurerily
Profil : IDNaute
Plus d'informations
n°315418
15-06-2008 à 12:46:46

ComboFix 08-06-12.2 - Philippe 2008-06-15 12:36:05.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6001.1.1252.1.1036.18.1082 [GMT 2:00]
Endroit: C:\Users\Philippe\Desktop\ComboFix.exe
 * Création d'un nouveau point de restauration
.
 
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\Users\Philippe\AppData\Local\bwkiuidy.dat
C:\Users\Philippe\AppData\Local\bwkiuidy_nav.dat
C:\Users\Philippe\AppData\Local\bwkiuidy_navps.dat
C:\Windows\Fonts\CALIBRIB.TTF
C:\Windows\system32\otftdipy.ini
C:\Windows\system32\qlhjkmrc.ini
C:\Windows\system32\xdaqjcik.ini
C:\Windows\Web\def.htm
 
.
(((((((((((((((((((((((((((((   Fichiers cr‚‚s 2008-05-15 to 2008-06-15  ))))))))))))))))))))))))))))))))))))
.
 
2008-06-14 18:39 . 2008-06-14 18:43 <REP> d-------- C:\Users\All Users\fssg
2008-06-14 18:39 . 2008-06-14 18:43 <REP> d-------- C:\ProgramData\fssg
2008-06-14 13:49 . 2008-06-14 15:01 293,896,106 --a------ C:\Windows\MEMORY.DMP
2008-06-14 13:25 . 2008-06-14 13:25 <REP> d-------- C:\Users\Philippe\AppData\Roaming\Malwarebytes
2008-06-14 13:25 . 2008-06-14 13:25 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-06-14 13:25 . 2008-06-14 13:25 <REP> d-------- C:\ProgramData\Malwarebytes
2008-06-14 13:25 . 2008-06-14 13:51 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-14 13:25 . 2008-06-10 19:02 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-06-14 13:25 . 2008-06-10 19:02 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-06-13 13:47 . 2008-04-25 04:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-13 13:47 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-13 13:47 . 2008-04-25 06:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-13 13:47 . 2008-05-10 03:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-05-29 21:34 . 2008-05-29 21:34 244 --ah----- C:\sqmnoopt06.sqm
2008-05-29 21:34 . 2008-05-29 21:34 232 --ah----- C:\sqmdata06.sqm
2008-05-28 16:25 . 2008-05-28 16:25 0 --a------ C:\DFRD94F.tmp
2008-05-28 15:19 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 15:19 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-17 17:02 . 2008-05-17 17:02 129 --a------ C:\Windows\System32\MRT.INI
2008-05-16 21:02 . 2008-05-16 21:02 182 --a------ C:\Windows\wininit.ini
 
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 17:02 --------- d-----w C:\Program Files\Norton Internet Security
2008-06-14 16:53 --------- d-----w C:\Program Files\Symantec
2008-06-14 16:40 --------- d-----w C:\ProgramData\avg7
2008-06-13 15:07 --------- d-----w C:\Program Files\Windows Mail
2008-06-13 11:35 --------- d-----w C:\Users\Philippe\AppData\Roaming\AVG7
2008-06-10 15:13 260 ----a-w C:\Users\Philippe\AppData\Roaming\wklnhst.dat
2008-05-15 14:17 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-01 19:31 --------- d-----w C:\ProgramData\GamesBar
2008-05-01 12:51 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-05-01 12:47 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-23 21:01 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-23 21:01 --------- d-----w C:\Program Files\Common Files\Real
2008-04-19 14:33 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-19 14:33 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-19 11:02 --------- d-----w C:\ProgramData\erulsvqh
2008-04-18 17:40 --------- d-----w C:\Users\Philippe\AppData\Roaming\Talkback
2008-04-18 17:38 --------- d-----w C:\Program Files\Google
2008-04-18 17:06 --------- d-----w C:\Program Files\a-squared Free
2008-04-18 11:02 --------- d-----w C:\ProgramData\Avira
2008-04-18 09:49 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-04-18 09:46 --------- d-----w C:\Program Files\Yahoo!
2008-04-18 08:55 --------- d-----w C:\Program Files\Trend Micro
2008-04-17 20:02 174 --sha-w C:\Program Files\desktop.ini
2008-04-17 19:56 --------- d-----w C:\Program Files\Windows Journal
2008-04-17 19:56 --------- d-----w C:\Program Files\Windows Defender
2008-04-17 19:56 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-17 19:56 --------- d-----w C:\Program Files\Windows Calendar
2008-04-17 16:11 --------- d-----w C:\Program Files\Real
2008-04-16 09:25 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-14 11:02 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-14 11:02 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-14 11:02 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
 
(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ABD4117-8CF1-4A41-930B-9391E8C2DE6C}]
2008-04-16 15:19 271424 --a------ C:\Windows\system32\rqRLdEut.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{74E5E4E8-79DD-49AC-B64B-E74822D5F3CD}"= "C:\Windows\qtvglped.dll" [ ]
 
[HKEY_CLASSES_ROOT\clsid\{74e5e4e8-79dd-49ac-b64b-e74822d5f3cd}]
[HKEY_CLASSES_ROOT\qtvglped.1]
[HKEY_CLASSES_ROOT\TypeLib\{C93DB567-3F35-408F-8DE6-2B570DB6A5A0}]
[HKEY_CLASSES_ROOT\qtvglped]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 15:42 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 12:59 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 17:38 4390912 C:\Windows\RtHDVCpl.exe]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 15:59 115816]
"IS CfgWiz"="c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2007-01-12 12:28 431752]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14 155648]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19 69632]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-23 23:00 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 21:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 21:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 21:15 81920]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-06-10 19:02 1183352]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
 
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"kyJE7WP9eX"= C:\ProgramData\erulsvqh\wjatgxcp.exe
"mQJOQ0190y"= C:\ProgramData\erulsvqh\wjatgxcp.exe
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)
 
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"= C:\Windows\system32\EZUPBH~1.DLL [2007-11-25 00:24 49152]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WinDrv"= {64aa26b6-5a6c-438b-bd93-23061cf38bd8} - C:\Windows\Resources\WinDrv.dll [ ]
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security c