Virus qui bloque certains sites web

big0bout

11 Juillet 2008 02:32:44

Bonjour à tous,

Mon ordinateur a attrapé un virus, je le crois bien, et cela a pour effet de m'empecher de faire des recherches par la barre d'outil de google par exemple. J'ai fait plusieurs scan avec AVG et ad-aware, mais rien d'utile n'a été trouver pour régler mon problème.

Voici le hijackthis de mon ordinateur:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:25:41, on 2008-07-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.infinit.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [Windows Media Player] C:\Documents and Settings\HP_Administrateur\rvvkmd.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CHIN PING PHONE PILE] C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\Error owns.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [f8129355] rundll32.exe "C:\WINDOWS\system32\xrhcnuch.dll",b
O4 - HKLM\..\Run: [BMfb21a0c9] Rundll32.exe "C:\WINDOWS\system32\uyeuoson.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [CopyDraw] C:\DOCUME~1\HP_ADM~1\APPLIC~1\BLUEBU~1\dentstupidanti.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.infinit.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://60.43.33.196/kxhcm10.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://82.176.73.20/home/SonySncRz30View.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://webcam1.ttu.ee/activex/AMC.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://128.97.43.214/activex/AMC.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10423 bytes

Merci beaucoup de votre aide, ce sera beaucoup apprécier.

Autres pages sur : virus bloque certains sites web

| Etre averti des réponses
| Alerter

Répondre à big0bout

nicornb

11 Juillet 2008 08:38:05

utilise ad-aware SE ( pas la version 2007-2008 ) elle sert a rien

Pour ceux qui arrive pu à avoir les updates de ad-aware SE

sur le site officiel elle y sont , je vous met le lien dowland ( mis à jour tout les 10 jours )

une fois le fichier zip récupéré décompressé le dans le dossier d' install

http://dlserver.download.lavasoft.com/public/defs.zip

| Alerter

Répondre à nicornb

XmichouX

11 Juillet 2008 11:05:39

Bonjour,

Plusieurs infections.

Télécharge MsnFix (de !aur3n7) sur ton Bureau.

Dézippe le sur ton bureau.

Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat. (L’extension bat peut ne pas apparaître)

Exécute l'option R.

Si l'infection est détectée, presse une touche pour lancer le Nettoyage. (N)

Si tu dois redémarrer l’ordinateur fais le manuellement.

Poste le rapport situé dans le dossier MSNFix.

Le nom du rapport correspond au moment de sa création : date_heure.log

Note: Si tu obtiens un fichier zip d’upload sur ton bureau, merci de l'envoyer sur http://upload.changelog.fr
Comment Uploader ?

Aide : Comment utiliser MSNFix.

| Alerter

Répondre à XmichouX

big0bout

11 Juillet 2008 16:18:04

Merci de votre aide, il y a eu une infection de détecter.

Voici le rapport:

MSNFix 1.732

C:\Documents and Settings\HP_Administrateur\Bureau\MSNFix
Fix exécuté le 2008-07-11 - 12:08:49,95 By HP_Administrateur
mode normal

************************ Recherche les fichiers présents

... C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\removalfile.bat
... C:\Program Files\outerinfo\Terms.rtf
... C:\WINDOWS\Downloaded Program Files\setup.inf
... C:\WINDOWS\system32\mcrh.tmp
... C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\removalfile.bat
... C:\Documents and Settings\HP_Administrateur\??????.exe
... C:\Documents and Settings\HP_Administrateur\????????.exe
... C:\WINDOWS\cookies.ini
... C:\WINDOWS\wr.txt
... C:\WINDOWS\system32\mcrh.tmp
... C:\WINDOWS\system32\vbzip10.dll

************************ Recherche les dossiers présents

... C:\Program Files\outerinfo\

************************ Suppression des fichiers

.. OK ... C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\removalfile.bat
.. OK ... C:\Program Files\outerinfo\Terms.rtf
.. OK ... C:\WINDOWS\Downloaded Program Files\setup.inf
.. OK ... C:\WINDOWS\system32\mcrh.tmp
.. OK ... C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\removalfile.bat
/!\ ... C:\Documents and Settings\HP_Administrateur\??????.exe
/!\ ... C:\Documents and Settings\HP_Administrateur\????????.exe
.. OK ... C:\WINDOWS\cookies.ini
.. OK ... C:\WINDOWS\wr.txt
.. OK ... C:\WINDOWS\system32\mcrh.tmp
.. OK ... C:\WINDOWS\system32\vbzip10.dll

************************ Suppression des dossiers

/!\ ... C:\Program Files\outerinfo\

************************ Nettoyage du registre

Les fichiers encore présents seront supprimés au prochain redémarrage

************************ Suppression des fichiers

.. OK ... C:\Documents and Settings\HP_Administrateur\??????.exe
.. OK ... C:\Documents and Settings\HP_Administrateur\????????.exe

************************ Fichiers suspects

Aucun Fichier trouvé

Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 2008-07-11_12123239.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,

Important : http://msnfix.changelog.fr/index.php/2008/05/18/32-aler...

------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

| Alerter

Répondre à big0bout

XmichouX

11 Juillet 2008 22:05:21

Re,

Télécharge Lop S&D.exe (d’ Eric 71) sur ton bureau.

Double-clique dessus pour lancer l'installation

Puis double-clique sur le raccourci Lop S&D présent sur ton bureau (Si tu es sous Vista, clique droit -> exécuter en tant qu'admin)

Séléctionne la langue souhaitée , puis choisis l'Option 1 (Recherche)

Patiente jusqu'à la fin du scan

Poste le rapport généré (C:\lopR.txt)

Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
Tapes explorer et valide. Cela te fera apparaitre ton bureau

| Alerter

Répondre à XmichouX

big0bout

12 Juillet 2008 00:23:40

Voici le rapport de Lop S&D.exe

-----------------------[ Lop S&D 4.2.2-1 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : HP_Administrateur ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 2008-07-11 | 20:17:13,93 ] [ PC : GOOFY ]
[ MAJ : 09-07-2008 | 21:02 ]

-------------[ Listing des dossiers dans Application Data ]------------

[2005-08-24|00:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[2004-12-01|23:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[2004-12-03|21:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[2005-08-24|00:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[2005-08-24|00:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[2005-08-24|00:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
[2005-08-24|00:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

[2005-10-11|17:31] C:\DOCUME~1\Alain\APPLIC~1\Absolutist.com
[2007-03-17|12:00] C:\DOCUME~1\Alain\APPLIC~1\Adobe
[2005-08-25|11:27] C:\DOCUME~1\Alain\APPLIC~1\AdobeUM
[2006-06-07|21:23] C:\DOCUME~1\Alain\APPLIC~1\Ahead
[2005-08-23|21:02] C:\DOCUME~1\Alain\APPLIC~1\Apple Computer
[2007-03-17|11:39] C:\DOCUME~1\Alain\APPLIC~1\ArcSoft
[2007-05-01|18:47] C:\DOCUME~1\Alain\APPLIC~1\Canon
[2004-12-01|16:28] C:\DOCUME~1\Alain\APPLIC~1\desktop.ini
[2007-02-08|17:38] C:\DOCUME~1\Alain\APPLIC~1\Druide
[2006-10-27|16:34] C:\DOCUME~1\Alain\APPLIC~1\Google
[2006-04-06|18:53] C:\DOCUME~1\Alain\APPLIC~1\Help
[2005-08-23|21:02] C:\DOCUME~1\Alain\APPLIC~1\Identities
[2006-05-15|09:50] C:\DOCUME~1\Alain\APPLIC~1\Leadertech
[2007-06-01|17:49] C:\DOCUME~1\Alain\APPLIC~1\LimeWire
[2007-03-17|11:36] C:\DOCUME~1\Alain\APPLIC~1\Macromedia
[2007-05-30|19:16] C:\DOCUME~1\Alain\APPLIC~1\Microsoft
[2007-03-03|17:13] C:\DOCUME~1\Alain\APPLIC~1\Mozilla
[2006-06-30|16:23] C:\DOCUME~1\Alain\APPLIC~1\muvee Technologies
[2006-06-30|16:08] C:\DOCUME~1\Alain\APPLIC~1\NeroDCTemplates
[2007-05-03|16:11] C:\DOCUME~1\Alain\APPLIC~1\OpenOffice.org2
[2006-05-08|17:40] C:\DOCUME~1\Alain\APPLIC~1\Real
[2005-08-23|21:02] C:\DOCUME~1\Alain\APPLIC~1\SampleView
[2006-12-01|16:24] C:\DOCUME~1\Alain\APPLIC~1\ScanSoft
[2006-05-15|09:51] C:\DOCUME~1\Alain\APPLIC~1\Sonic
[2005-11-03|20:58] C:\DOCUME~1\Alain\APPLIC~1\Sony Corporation
[2005-09-19|19:03] C:\DOCUME~1\Alain\APPLIC~1\Sun
[2005-08-24|21:09] C:\DOCUME~1\Alain\APPLIC~1\Symantec
[2005-11-09|17:21] C:\DOCUME~1\Alain\APPLIC~1\Template
[2007-06-03|14:56] C:\DOCUME~1\Alain\APPLIC~1\U3
[2007-05-23|19:41] C:\DOCUME~1\Alain\APPLIC~1\uTorrent
[2007-04-27|09:55] C:\DOCUME~1\Alain\APPLIC~1\wklnhst.dat

[2005-08-24|00:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2007-03-17|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[2008-04-05|15:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[2008-04-05|15:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2006-12-01|16:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[2004-12-01|23:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[2007-04-11|18:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[2006-10-27|15:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2008-01-13|19:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[2005-08-24|00:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[2005-08-24|00:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
[2005-08-24|00:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[2007-07-12|12:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[2008-06-29|19:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[2005-08-24|00:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2005-08-24|16:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies
[2007-04-11|18:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[2008-06-29|19:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Proxy Long Chin Ping
[2005-08-24|00:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[2005-08-23|23:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[2005-11-03|20:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[2008-01-06|15:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[2007-11-05|16:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[2006-08-01|20:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[2007-09-16|17:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2008-06-10|16:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[2005-10-11|17:29] C:\DOCUME~1\CHRIST~1\APPLIC~1\Absolutist.com
[2007-05-10|09:18] C:\DOCUME~1\CHRIST~1\APPLIC~1\Adobe
[2007-04-13|15:02] C:\DOCUME~1\CHRIST~1\APPLIC~1\Ahead
[2005-08-23|21:02] C:\DOCUME~1\CHRIST~1\APPLIC~1\Apple Computer
[2004-12-01|16:28] C:\DOCUME~1\CHRIST~1\APPLIC~1\desktop.ini
[2006-10-27|18:58] C:\DOCUME~1\CHRIST~1\APPLIC~1\Google
[2005-08-23|21:02] C:\DOCUME~1\CHRIST~1\APPLIC~1\Identities
[2006-12-31|14:35] C:\DOCUME~1\CHRIST~1\APPLIC~1\inifile41.ini
[2006-12-31|14:35] C:\DOCUME~1\CHRIST~1\APPLIC~1\internaldb1942.dat
[2006-12-31|14:35] C:\DOCUME~1\CHRIST~1\APPLIC~1\internaldb41.dat
[2006-12-31|14:35] C:\DOCUME~1\CHRIST~1\APPLIC~1\internaldb4827.dat
[2006-12-31|14:35] C:\DOCUME~1\CHRIST~1\APPLIC~1\internaldb5436.dat
[2006-12-31|14:35] C:\DOCUME~1\CHRIST~1\APPLIC~1\internaldb6334.dat
[2006-12-31|14:35] C:\DOCUME~1\CHRIST~1\APPLIC~1\internaldb8467.dat
[2006-05-15|09:41] C:\DOCUME~1\CHRIST~1\APPLIC~1\InterVideo
[2007-06-02|09:57] C:\DOCUME~1\CHRIST~1\APPLIC~1\LimeWire
[2005-08-25|08:21] C:\DOCUME~1\CHRIST~1\APPLIC~1\Macromedia
[2005-11-26|14:44] C:\DOCUME~1\CHRIST~1\APPLIC~1\Microsoft
[2005-12-19|18:34] C:\DOCUME~1\CHRIST~1\APPLIC~1\Mozilla
[2005-09-18|14:47] C:\DOCUME~1\CHRIST~1\APPLIC~1\muvee Technologies
[2005-09-13|17:11] C:\DOCUME~1\CHRIST~1\APPLIC~1\Real
[2005-08-23|21:02] C:\DOCUME~1\CHRIST~1\APPLIC~1\SampleView
[2006-04-04|16:17] C:\DOCUME~1\CHRIST~1\APPLIC~1\Sonic
[2005-11-23|15:20] C:\DOCUME~1\CHRIST~1\APPLIC~1\Sony Corporation
[2005-08-27|17:55] C:\DOCUME~1\CHRIST~1\APPLIC~1\Sun
[2005-08-23|21:02] C:\DOCUME~1\CHRIST~1\APPLIC~1\Symantec
[2005-12-19|18:34] C:\DOCUME~1\CHRIST~1\APPLIC~1\Talkback
[2005-08-25|13:17] C:\DOCUME~1\CHRIST~1\APPLIC~1\Template
[2007-04-11|17:23] C:\DOCUME~1\CHRIST~1\APPLIC~1\U3
[2007-05-10|09:19] C:\DOCUME~1\CHRIST~1\APPLIC~1\wklnhst.dat

[2007-06-06|18:48] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Adobe
[2005-08-24|00:22] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Apple Computer
[2004-12-01|23:28] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\desktop.ini
[2007-06-04|12:14] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Google
[2004-12-03|21:59] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Identities
[2007-06-04|20:21] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\LimeWire
[2007-06-04|12:12] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Macromedia
[2007-06-11|22:39] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Microsoft
[2007-06-04|13:07] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Real
[2005-08-24|00:35] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\SampleView
[2007-06-04|13:51] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Sun
[2005-08-24|00:43] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Symantec

[2005-08-24|00:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
[2004-12-01|23:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[2004-12-03|21:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[2005-08-24|00:53] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[2005-08-24|00:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
[2005-08-24|00:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
[2005-08-24|00:43] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[2008-05-04|16:19] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Adobe
[2008-05-08|19:30] C:\DOCUME~1\HP_ADM~1\APPLIC~1\AdobeUM
[2008-05-13|12:02] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Apple Computer
[2007-06-03|17:19] C:\DOCUME~1\HP_ADM~1\APPLIC~1\ArcSoft
[2008-06-29|19:09] C:\DOCUME~1\HP_ADM~1\APPLIC~1\blue burn
[2008-07-10|17:59] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Canon
[2008-04-29|15:55] C:\DOCUME~1\HP_ADM~1\APPLIC~1\DataCast
[2004-12-01|23:28] C:\DOCUME~1\HP_ADM~1\APPLIC~1\desktop.ini
[2008-01-30|19:36] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Druide
[2008-02-15|23:02] C:\DOCUME~1\HP_ADM~1\APPLIC~1\FileZilla
[2008-05-01|20:36] C:\DOCUME~1\HP_ADM~1\APPLIC~1\fretsonfire
[2007-07-04|14:59] C:\DOCUME~1\HP_ADM~1\APPLIC~1\G-Force Prefs (WindowsMediaPlayer).txt
[2007-06-03|18:35] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Google
[2008-01-13|19:03] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Grisoft
[2004-12-03|21:59] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Identities
[2007-07-26|10:11] C:\DOCUME~1\HP_ADM~1\APPLIC~1\InterVideo
[2007-06-27|14:10] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Leadertech
[2008-04-22|17:21] C:\DOCUME~1\HP_ADM~1\APPLIC~1\LimeWire
[2007-06-03|18:16] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Macromedia
[2008-04-01|22:09] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Microsoft
[2008-04-20|10:55] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Mozilla
[2008-02-14|20:18] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Notepad++
[2007-08-20|11:34] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Opera
[2007-06-08|19:32] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Real
[2005-08-24|00:35] C:\DOCUME~1\HP_ADM~1\APPLIC~1\SampleView
[2007-06-27|14:11] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Sonic
[2007-06-22|10:21] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Sun
[2007-06-03|19:26] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Symantec
[2007-06-03|17:07] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Template
[2007-10-07|14:30] C:\DOCUME~1\HP_ADM~1\APPLIC~1\TuneUp Software
[2007-09-26|19:30] C:\DOCUME~1\HP_ADM~1\APPLIC~1\U3
[2008-03-13|22:21] C:\DOCUME~1\HP_ADM~1\APPLIC~1\uTorrent
[2008-07-09|13:59] C:\DOCUME~1\HP_ADM~1\APPLIC~1\wklnhst.dat

[2006-01-19|22:41] C:\DOCUME~1\JOLLE~1\APPLIC~1\Adobe
[2007-04-16|15:21] C:\DOCUME~1\JOLLE~1\APPLIC~1\Ahead
[2005-08-23|21:02] C:\DOCUME~1\JOLLE~1\APPLIC~1\Apple Computer
[2007-04-16|15:11] C:\DOCUME~1\JOLLE~1\APPLIC~1\Canon
[2004-12-01|16:28] C:\DOCUME~1\JOLLE~1\APPLIC~1\desktop.ini
[2007-04-12|19:21] C:\DOCUME~1\JOLLE~1\APPLIC~1\Druide
[2006-10-27|19:57] C:\DOCUME~1\JOLLE~1\APPLIC~1\Google
[2005-10-29|18:05] C:\DOCUME~1\JOLLE~1\APPLIC~1\Help
[2005-08-23|21:02] C:\DOCUME~1\JOLLE~1\APPLIC~1\Identities
[2007-06-01|12:01] C:\DOCUME~1\JOLLE~1\APPLIC~1\LimeWire
[2005-08-25|08:57] C:\DOCUME~1\JOLLE~1\APPLIC~1\Macromedia
[2006-07-31|20:52] C:\DOCUME~1\JOLLE~1\APPLIC~1\Microsoft
[2007-05-10|08:59] C:\DOCUME~1\JOLLE~1\APPLIC~1\OpenOffice.org2
[2005-10-19|21:57] C:\DOCUME~1\JOLLE~1\APPLIC~1\Real
[2005-08-23|21:02] C:\DOCUME~1\JOLLE~1\APPLIC~1\SampleView
[2006-09-10|16:47] C:\DOCUME~1\JOLLE~1\APPLIC~1\Sonic
[2005-09-22|21:33] C:\DOCUME~1\JOLLE~1\APPLIC~1\Sun
[2005-10-29|18:04] C:\DOCUME~1\JOLLE~1\APPLIC~1\Symantec
[2005-08-28|14:01] C:\DOCUME~1\JOLLE~1\APPLIC~1\Template
[2007-04-11|17:18] C:\DOCUME~1\JOLLE~1\APPLIC~1\U3
[2007-05-14|10:33] C:\DOCUME~1\JOLLE~1\APPLIC~1\wklnhst.dat

[2007-05-12|08:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
[2007-05-08|20:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[2007-06-03|17:23] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[2007-05-08|17:49] C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon

[2005-08-23|21:02] C:\DOCUME~1\Michel\APPLIC~1\Apple Computer
[2004-12-01|16:28] C:\DOCUME~1\Michel\APPLIC~1\desktop.ini
[2005-08-23|21:02] C:\DOCUME~1\Michel\APPLIC~1\Identities
[2005-08-23|21:02] C:\DOCUME~1\Michel\APPLIC~1\Microsoft
[2005-08-23|21:02] C:\DOCUME~1\Michel\APPLIC~1\Real
[2005-08-23|21:02] C:\DOCUME~1\Michel\APPLIC~1\SampleView
[2005-08-23|21:02] C:\DOCUME~1\Michel\APPLIC~1\Symantec

[2005-05-21|14:52] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[2005-08-25|11:22] C:\DOCUME~1\Robin\APPLIC~1\Adobe
[2006-06-19|18:24] C:\DOCUME~1\Robin\APPLIC~1\Ahead
[2005-08-23|21:02] C:\DOCUME~1\Robin\APPLIC~1\Apple Computer
[2006-12-11|16:20] C:\DOCUME~1\Robin\APPLIC~1\Canon
[2004-12-01|16:28] C:\DOCUME~1\Robin\APPLIC~1\desktop.ini
[2005-12-29|11:43] C:\DOCUME~1\Robin\APPLIC~1\G-Force Prefs (WindowsMediaPlayer).txt
[2006-02-24|20:18] C:\DOCUME~1\Robin\APPLIC~1\Google
[2005-11-01|18:47] C:\DOCUME~1\Robin\APPLIC~1\Help
[2005-08-23|21:02] C:\DOCUME~1\Robin\APPLIC~1\Identities
[2005-11-22|16:11] C:\DOCUME~1\Robin\APPLIC~1\InstallShield
[2005-09-27|16:24] C:\DOCUME~1\Robin\APPLIC~1\InstallShield Installation Information
[2006-04-07|19:01] C:\DOCUME~1\Robin\APPLIC~1\InterVideo
[2006-09-14|19:05] C:\DOCUME~1\Robin\APPLIC~1\LimeWire

[2005-08-25|13:51] C:\DOCUME~1\Robin\APPLIC~1\Macromedia
[2005-10-04|16:47] C:\DOCUME~1\Robin\APPLIC~1\Microsoft
[2005-08-25|14:12] C:\DOCUME~1\Robin\APPLIC~1\Mozilla
[2005-09-28|15:22] C:\DOCUME~1\Robin\APPLIC~1\muvee Technologies
[2005-09-04|15:53] C:\DOCUME~1\Robin\APPLIC~1\Real
[2005-08-23|21:02] C:\DOCUME~1\Robin\APPLIC~1\SampleView
[2006-02-10|17:20] C:\DOCUME~1\Robin\APPLIC~1\Sonic
[2005-08-30|14:26] C:\DOCUME~1\Robin\APPLIC~1\Sun
[2005-10-30|14:54] C:\DOCUME~1\Robin\APPLIC~1\Symantec
[2005-08-25|14:12] C:\DOCUME~1\Robin\APPLIC~1\Talkback
[2005-08-23|22:00] C:\DOCUME~1\Robin\APPLIC~1\Template
[2007-04-11|16:47] C:\DOCUME~1\Robin\APPLIC~1\U3
[2006-07-01|17:36] C:\DOCUME~1\Robin\APPLIC~1\Vso
[2006-10-26|18:38] C:\DOCUME~1\Robin\APPLIC~1\wklnhst.dat

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[2008-07-11 20:00][--ah-----] C:\WINDOWS\tasks\AF9B293991B8DF31.job
[2008-07-11 13:22][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008-07-11 17:15][--a------] C:\WINDOWS\tasks\1-Click Maintenance.job
[2008-07-11 12:12][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2004-08-10 21:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

AF9B293991B8DF31.job <--> c:\docume~1\hp_adm~1\applic~1\bluebu~1\eqtraywin.exe

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[2007-07-02|15:53] C:\Program Files\A.ico
[2007-07-12|15:03] C:\Program Files\a.zip
[2007-08-22|16:45] C:\Program Files\Activision
[2006-01-07|14:17] C:\Program Files\Activision Value
[2007-06-06|17:00] C:\Program Files\Adobe
[2007-02-08|17:42] C:\Program Files\Ahead
[2006-10-29|16:07] C:\Program Files\Alcohol Soft
[2007-03-17|11:59] C:\Program Files\Alcohol Toolbar
[2007-03-02|23:19] C:\Program Files\Alias
[2008-04-05|15:32] C:\Program Files\Apple Software Update
[2006-12-01|16:22] C:\Program Files\ArcSoft
[2005-10-17|15:27] C:\Program Files\Ares Download Client
[2005-09-29|19:22] C:\Program Files\Ares Galaxy FasterDownload
[2005-08-24|14:28] C:\Program Files\AT&T
[2007-01-13|12:40] C:\Program Files\Atari
[2008-03-20|12:07] C:\Program Files\Axis Communications
[2007-07-02|15:53] C:\Program Files\B.ico
[2007-07-12|15:06] C:\Program Files\b.zip
[2007-05-10|16:49] C:\Program Files\backburner 2
[2005-08-24|00:25] C:\Program Files\BackWeb
[2008-06-29|19:09] C:\Program Files\blue burn
[2008-04-05|15:33] C:\Program Files\Bonjour
[2008-02-14|19:37] C:\Program Files\Bradbury
[2005-12-01|20:15] C:\Program Files\Broderbund
[2007-07-12|15:03] C:\Program Files\c.zip
[2006-12-01|16:22] C:\Program Files\Canon
[2006-08-01|20:07] C:\Program Files\Cap'n Crunch
[2008-06-29|19:09] C:\Program Files\Circle Developement
[2004-12-03|21:03] C:\Program Files\ComPlus Applications
[2006-08-01|20:22] C:\Program Files\Deer Drive
[2006-06-07|13:11] C:\Program Files\devnz
[2005-08-24|14:18] C:\Program Files\directx
[2007-02-08|17:27] C:\Program Files\Druide
[2007-04-14|17:44] C:\Program Files\EA GAMES
[2006-11-17|17:16] C:\Program Files\EA SPORTS
[2007-05-10|16:51] C:\Program Files\EACOM
[2007-06-03|18:24] C:\Program Files\Easy Internet signup
[2006-11-17|21:05] C:\Program Files\Electronic Arts
[2008-06-25|14:07] C:\Program Files\Everest Poker
[2007-05-14|14:56] C:\Program Files\Everest Poker.net
[2006-11-07|20:14] C:\Program Files\Fantasy Hockey League
[2008-06-10|16:54] C:\Program Files\Fichiers communs
[2008-02-14|20:26] C:\Program Files\FileZilla FTP Client
[2007-05-30|18:56] C:\Program Files\FlashGet
[2005-08-24|00:15] C:\Program Files\FrenchOtto
[2008-05-01|20:34] C:\Program Files\Frets on Fire
[2008-02-01|18:10] C:\Program Files\Full Tilt Poker
[2005-09-07|17:17] C:\Program Files\GameSpy Arcade
[2005-08-24|00:15] C:\Program Files\GemMasterFrench
[2007-05-10|16:53] C:\Program Files\GM Hockey Renaissance
[2007-06-03|19:11] C:\Program Files\Google
[2008-01-13|19:03] C:\Program Files\Grisoft
[2006-08-01|20:09] C:\Program Files\Hasbro Interactive
[2007-05-10|16:53] C:\Program Files\Heroes II Gold
[2005-08-24|00:06] C:\Program Files\Hewlett-Packard
[2005-08-24|00:07] C:\Program Files\HP
[2005-08-23|18:40] C:\Program Files\HP DeskJet 840C Series
[2005-08-24|00:27] C:\Program Files\HPQ
[2006-01-25|20:15] C:\Program Files\Illustrate
[2007-01-13|12:37] C:\Program Files\Infogrames
[2007-01-13|12:40] C:\Program Files\Infogrames Interactive
[2008-04-29|15:55] C:\Program Files\InstallShield Installation Information
[2008-06-12|03:02] C:\Program Files\Internet Explorer
[2006-07-07|19:39] C:\Program Files\InternetGameBox
[2005-08-24|00:51] C:\Program Files\InterVideo
[2008-04-05|15:34] C:\Program Files\iPod
[2008-04-05|15:34] C:\Program Files\iTunes
[2008-07-09|15:00] C:\Program Files\Java
[2007-08-16|15:56] C:\Program Files\Lame MP3 Codec
[2007-07-12|12:40] C:\Program Files\Lavasoft
[2007-10-02|19:48] C:\Program Files\LimeWire
[2005-09-22|20:19] C:\Program Files\Logitech
[2008-02-14|19:35] C:\Program Files\Macromedia
[2007-02-21|21:40] C:\Program Files\MarkAny
[2005-08-23|23:45] C:\Program Files\Messenger
[2008-06-29|19:09] C:\Program Files\Messenger Plus! Live
[2007-05-11|15:20] C:\Program Files\Microsoft ActiveSync
[2008-06-12|03:02] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2005-08-24|00:13] C:\Program Files\Microsoft Encarta
[2007-07-12|14:39] C:\Program Files\microsoft frontpage
[2006-10-29|16:27] C:\Program Files\Microsoft Games
[2007-05-10|17:13] C:\Program Files\Microsoft NetShow
[2008-02-24|12:54] C:\Program Files\Microsoft Office
[2005-08-24|00:21] C:\Program Files\Microsoft Visual Studio
[2007-06-03|18:21] C:\Program Files\Microsoft Works
[2007-06-03|18:40] C:\Program Files\Microsoft.NET
[2005-09-23|09:28] C:\Program Files\minicliptoolbar toolbar
[2008-04-25|20:26] C:\Program Files\Movie Maker
[2008-07-11|00:10] C:\Program Files\Mozilla Firefox
[2007-01-02|00:13] C:\Program Files\MP3 Player Utilities
[2007-01-02|12:08] C:\Program Files\MP3 Player Utilities 3.57
[2007-01-15|19:17] C:\Program Files\MP3 Player Utilities 3.68
[2007-01-19|17:43] C:\Program Files\Mpath
[2008-02-24|12:54] C:\Program Files\MSECache
[2004-12-03|22:01] C:\Program Files\MSN
[2004-12-03|22:01] C:\Program Files\MSN Gaming Zone
[2008-01-09|17:43] C:\Program Files\MSN Messenger
[2006-11-15|18:33] C:\Program Files\MSXML 4.0
[2005-08-24|00:52] C:\Program Files\muvee Technologies
[2006-07-07|15:15] C:\Program Files\Nero
[2007-06-03|19:37] C:\Program Files\NetMeeting
[2007-07-12|15:15] C:\Program Files\Network Monitor
[2008-02-14|19:39] C:\Program Files\Notepad++
[2004-12-03|22:01] C:\Program Files\Online Services
[2007-05-10|17:16] C:\Program Files\OpenOffice.org 2.1
[2008-07-11|12:10] C:\Program Files\Outerinfo
[2007-07-12|14:48] C:\Program Files\outlook
[2007-06-29|03:06] C:\Program Files\Outlook Express
[2007-06-03|18:27] C:\Program Files\PC-Doctor for Windows
[2007-03-23|20:32] C:\Program Files\PKR
[2008-05-11|08:31] C:\Program Files\PokerStars
[2006-12-22|12:27] C:\Program Files\pshl
[2006-12-31|14:35] C:\Program Files\PuzzleDesktop
[2008-04-05|15:33] C:\Program Files\QuickTime
[2005-08-24|00:13] C:\Program Files\Real
[2008-02-27|17:05] C:\Program Files\RndLabs
[2005-09-04|16:32] C:\Program Files\Rockstar Games
[2007-02-21|21:40] C:\Program Files\Samsung
[2006-12-01|16:23] C:\Program Files\ScanSoft
[2005-08-24|14:12] C:\Program Files\Scrabble
[2006-11-29|19:10] C:\Program Files\Screensavers.com
[2005-08-24|00:33] C:\Program Files\Services en ligne
[2006-04-11|18:54] C:\Program Files\SigmaTel
[2006-03-06|17:33] C:\Program Files\Softinterface, Inc
[2005-08-24|00:17] C:\Program Files\Sonic
[2005-11-03|20:52] C:\Program Files\Sony
[2007-06-03|14:40] C:\Program Files\Steam
[2005-11-01|18:42] C:\Program Files\SymNetDrv
[2008-05-03|13:39] C:\Program Files\Thumbs.db
[2008-02-23|15:27] C:\Program Files\TI Education
[2007-03-17|11:35] C:\Program Files\Total Training
[2008-07-10|22:25] C:\Program Files\Trend Micro
[2007-06-04|16:15] C:\Program Files\Ubisoft
[2004-12-03|21:03] C:\Program Files\Uninstall Information
[2005-08-24|00:25] C:\Program Files\Updates from HP
[2007-06-09|09:19] C:\Program Files\uTorrent
[2008-05-22|20:33] C:\Program Files\VirtualDJ
[2008-01-01|16:31] C:\Program Files\Voyage Century Online
[2006-07-01|17:19] C:\Program Files\vso
[2006-12-31|15:31] C:\Program Files\WAV to MP3 Encoder
[2008-06-10|16:54] C:\Program Files\Windows Live
[2007-06-03|19:37] C:\Program Files\Windows Media Player
[2007-06-03|19:37] C:\Program Files\Windows NT
[2004-12-03|22:02] C:\Program Files\Windows Plus
[2004-12-03|21:03] C:\Program Files\WindowsUpdate
[2007-06-05|19:01] C:\Program Files\WinRAR
[2007-07-12|12:36] C:\Program Files\WordPerfect Office X3 Installer
[2004-12-03|22:02] C:\Program Files\xerox
[2007-08-16|15:56] C:\Program Files\Xvid
[2006-01-23|20:22] C:\Program Files\Yahoo!

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[2007-06-06|17:02] C:\Program Files\Fichiers communs\Adobe
[2007-03-17|11:46] C:\Program Files\Fichiers communs\Adobe Systems Shared
[2007-04-11|18:35] C:\Program Files\Fichiers communs\Ahead
[2008-04-05|15:32] C:\Program Files\Fichiers communs\Apple
[2005-12-01|20:15] C:\Program Files\Fichiers communs\Broderbund
[2007-06-03|18:41] C:\Program Files\Fichiers communs\DESIGNER
[2007-04-14|17:52] C:\Program Files\Fichiers communs\DirectX
[2005-08-24|00:06] C:\Program Files\Fichiers communs\Hewlett-Packard
[2005-08-23|23:54] C:\Program Files\Fichiers communs\HP
[2005-08-24|00:51] C:\Program Files\Fichiers communs\InstallShield
[2005-08-24|00:51] C:\Program Files\Fichiers communs\InterVideo
[2005-08-23|23:39] C:\Program Files\Fichiers communs\Java
[2005-08-23|18:24] C:\Program Files\Fichiers communs\LightScribe
[2005-09-22|20:19] C:\Program Files\Fichiers communs\Logitech
[2008-02-14|19:35] C:\Program Files\Fichiers communs\Macromedia
[2008-02-24|12:54] C:\Program Files\Fichiers communs\Microsoft Shared
[2004-12-03|22:00] C:\Program Files\Fichiers communs\MSSoap
[2005-08-24|00:24] C:\Program Files\Fichiers communs\muvee Technologies
[2004-12-03|22:00] C:\Program Files\Fichiers communs\ODBC
[2005-08-24|00:13] C:\Program Files\Fichiers communs\Real
[2007-06-03|19:37] C:\Program Files\Fichiers communs\Services
[2005-08-24|00:12] C:\Program Files\Fichiers communs\Sonic Shared
[2005-11-03|20:52] C:\Program Files\Fichiers communs\Sony Shared
[2004-12-03|22:00] C:\Program Files\Fichiers communs\SpeechEngines
[2005-08-24|00:12] C:\Program Files\Fichiers communs\SureThing Shared
[2008-01-06|15:12] C:\Program Files\Fichiers communs\Symantec Shared
[2007-06-29|03:06] C:\Program Files\Fichiers communs\System
[2008-02-23|15:27] C:\Program Files\Fichiers communs\TI Shared
[2005-08-24|00:17] C:\Program Files\Fichiers communs\TiVo Shared
[2008-02-14|19:35] C:\Program Files\Fichiers communs\Vbox
[2008-06-10|16:54] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[2008-01-01|16:31] C:\Program Files\Fichiers communs\Wise Installation Wizard
[2005-08-24|00:13] C:\Program Files\Fichiers communs\xing shared

---------------------------[ Process ]--------------------------

... 59

IEXPLORE.EXE ~ [3532]
IEXPLORE.EXE ~ [4088]

----------------------[ Recherche avec S_Lop ]---------------------

C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\bis2B.exe

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Proxy Long Chin Ping
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Proxy Long Chin Ping\Error owns.exe
C:\DOCUME~1\HP_ADM~1\APPLIC~1\bluebu~1
C:\DOCUME~1\HP_ADM~1\APPLIC~1\bluebu~1\dentstupidanti.exe
C:\DOCUME~1\HP_ADM~1\APPLIC~1\bluebu~1\Dupe global scr keep.exe
C:\DOCUME~1\HP_ADM~1\APPLIC~1\bluebu~1\eq tray win.exe
C:\DOCUME~1\HP_ADM~1\APPLIC~1\bluebu~1\ghafwffl.exe
C:\Program Files\bluebu~1
C:\Program Files\Circle Developement
C:\Program Files\Circle Developement\Uninstall.exe
C:\WINDOWS\Prefetch\DENTSTUPIDANTI.EXE-215CE3C6.pf
C:\WINDOWS\Prefetch\EQ TRAY WIN.EXE-0AA1EAE6.pf
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@adultfriendfinder[2].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@adin.bigpoint[2].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@bigpoint[1].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@es.bigpoint[1].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@es.bigpoint[2].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@es.bigpoint[3].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@es.bigpoint[4].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@es.bigpoint[5].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@es.bigpoint[6].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@es.bigpoint[7].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@es.bigpoint[8].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@fr.seafight.bigpoint[1].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@us.seafight.bigpoint[2].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@us.xblaster.bigpoint[2].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.bigpoint[1].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.bigpoint[2].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.bigpoint[3].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.bigpoint[4].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.bigpoint[5].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.bigpoint[6].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.bigpoint[7].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.bigpoint[8].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@pacificpoker[1].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@partygaming.122.2o7[1].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@partypoker[1].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@fr.seafight.bigpoint[1].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@us.seafight.bigpoint[2].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@hotfrog[1].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@888[1].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@888[2].txt
C:\WINDOWS\Tasks\AF9B293991B8DF31.job

----------------------[ Verification du Registre ]----------------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CopyDraw"="C:\\DOCUME~1\\HP_ADM~1\\APPLIC~1\\BLUEBU~1\\dentstupidanti.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHIN PING PHONE PILE"="C:\\Documents and Settings\\All Users\\Application Data\\Proxy Long Chin Ping\\Error owns.exe"

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE

----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-11 20:18:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
C:\WINDOWS\System32\drivers\ntndis.sys 4864 bytes executable
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------[ Recherche d'autres infections ]---------------------

C:\Program Files\InternetGameBox
C:\Program Files\InternetGameBox\IGB.maj
C:\Program Files\InternetGameBox\InternetGameBox.exe
C:\Program Files\InternetGameBox\InternetGameBox.url
C:\Program Files\InternetGameBox\ressources
C:\Program Files\InternetGameBox\skins
C:\Program Files\InternetGameBox\uninst.exe
C:\WINDOWS\Pack.epk
! EGDACCESS !

C:\WINDOWS\system32\VxIllnnn.ini2
C:\WINDOWS\system32\VxIllnnn.ini
! VUNDO Possible !

[F:19085][D:76]-> C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
[F:1641][D:0]-> C:\DOCUME~1\HP_ADM~1\Cookies
[F:6345][D:10]-> C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 20:21:25,95 ]----------------------

| Alerter

Répondre à big0bout

XmichouX

12 Juillet 2008 01:26:16

Re,

Relance Lop S&D.

Choisis cette fois ci l'Option 2 (Suppression)
! Ne ferme pas la fenêtre lors de la suppression ! [/#f]

Poste le rapport généré (C:\lopR.txt)

[#008040]Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
Tapes explorer et valide. Cela te fera apparaitre ton bureau

| Alerter

Répondre à XmichouX

big0bout

12 Juillet 2008 03:23:24

Voici le rapport de la supression de lop S&D
-----------------------[ Lop S&D 4.2.2-1 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : HP_Administrateur ] [ "C:\Lop SD" ] [ Selection : 2 ]
[ 2008-07-11 | 23:15:33,87 ] [ PC : GOOFY ]
[ MAJ : 09-07-2008 | 21:02 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

Echec ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Proxy Long Chin Ping\Error owns.exe
Supprime! - C:\DOCUME~1\HP_ADM~1\APPLIC~1\bluebu~1\dentstupidanti.exe
Supprime! - C:\DOCUME~1\HP_ADM~1\APPLIC~1\bluebu~1\Dupe global scr keep.exe
Supprime! - C:\DOCUME~1\HP_ADM~1\APPLIC~1\bluebu~1\eq tray win.exe
Supprime! - C:\DOCUME~1\HP_ADM~1\APPLIC~1\bluebu~1\ghafwffl.exe
Supprime! - C:\Program Files\Circle Developement\Uninstall.exe
Supprime! - C:\WINDOWS\Prefetch\DENTSTUPIDANTI.EXE-215CE3C6.pf
Supprime! - C:\WINDOWS\Prefetch\EQ TRAY WIN.EXE-0AA1EAE6.pf
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@adultfriendfinder[2].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@adin.bigpoint[2].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@bigpoint[1].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@es.bigpoint[1].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@es.bigpoint[2].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@es.bigpoint[3].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@es.bigpoint[4].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@es.bigpoint[5].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@es.bigpoint[6].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@es.bigpoint[7].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@es.bigpoint[8].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@fr.seafight.bigpoint[1].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@us.seafight.bigpoint[2].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@us.xblaster.bigpoint[2].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.bigpoint[1].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.bigpoint[2].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.bigpoint[3].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.bigpoint[4].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.bigpoint[5].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.bigpoint[6].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.bigpoint[7].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.bigpoint[8].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@pacificpoker[1].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@partygaming.122.2o7[1].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@partypoker[1].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@hotfrog[1].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@888[1].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@888[2].txt
Supprime! - C:\WINDOWS\Tasks\AF9B293991B8DF31.job
Supprime! - C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\bis2B.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Proxy Long Chin Ping
Supprime! - C:\DOCUME~1\HP_ADM~1\APPLIC~1\bluebu~1
Supprime! - C:\Program Files\bluebu~1
Supprime! - C:\Program Files\Circle Developement

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

-------------[ Listing des dossiers dans APPLIC~1 ]------------

[2005-08-24|00:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[2004-12-01|23:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[2004-12-03|21:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[2005-08-24|00:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[2005-08-24|00:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[2005-08-24|00:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
[2005-08-24|00:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

[2005-10-11|17:31] C:\DOCUME~1\Alain\APPLIC~1\Absolutist.com
[2007-03-17|12:00] C:\DOCUME~1\Alain\APPLIC~1\Adobe
[2005-08-25|11:27] C:\DOCUME~1\Alain\APPLIC~1\AdobeUM
[2006-06-07|21:23] C:\DOCUME~1\Alain\APPLIC~1\Ahead
[2005-08-23|21:02] C:\DOCUME~1\Alain\APPLIC~1\Apple Computer
[2007-03-17|11:39] C:\DOCUME~1\Alain\APPLIC~1\ArcSoft
[2007-05-01|18:47] C:\DOCUME~1\Alain\APPLIC~1\Canon
[2004-12-01|16:28] C:\DOCUME~1\Alain\APPLIC~1\desktop.ini
[2007-02-08|17:38] C:\DOCUME~1\Alain\APPLIC~1\Druide
[2006-10-27|16:34] C:\DOCUME~1\Alain\APPLIC~1\Google
[2006-04-06|18:53] C:\DOCUME~1\Alain\APPLIC~1\Help
[2005-08-23|21:02] C:\DOCUME~1\Alain\APPLIC~1\Identities
[2006-05-15|09:50] C:\DOCUME~1\Alain\APPLIC~1\Leadertech
[2007-06-01|17:49] C:\DOCUME~1\Alain\APPLIC~1\LimeWire
[2007-03-17|11:36] C:\DOCUME~1\Alain\APPLIC~1\Macromedia
[2007-05-30|19:16] C:\DOCUME~1\Alain\APPLIC~1\Microsoft
[2007-03-03|17:13] C:\DOCUME~1\Alain\APPLIC~1\Mozilla
[2006-06-30|16:23] C:\DOCUME~1\Alain\APPLIC~1\muvee Technologies
[2006-06-30|16:08] C:\DOCUME~1\Alain\APPLIC~1\NeroDCTemplates
[2007-05-03|16:11] C:\DOCUME~1\Alain\APPLIC~1\OpenOffice.org2
[2006-05-08|17:40] C:\DOCUME~1\Alain\APPLIC~1\Real
[2005-08-23|21:02] C:\DOCUME~1\Alain\APPLIC~1\SampleView
[2006-12-01|16:24] C:\DOCUME~1\Alain\APPLIC~1\ScanSoft
[2006-05-15|09:51] C:\DOCUME~1\Alain\APPLIC~1\Sonic
[2005-11-03|20:58] C:\DOCUME~1\Alain\APPLIC~1\Sony Corporation
[2005-09-19|19:03] C:\DOCUME~1\Alain\APPLIC~1\Sun
[2005-08-24|21:09] C:\DOCUME~1\Alain\APPLIC~1\Symantec
[2005-11-09|17:21] C:\DOCUME~1\Alain\APPLIC~1\Template
[2007-06-03|14:56] C:\DOCUME~1\Alain\APPLIC~1\U3
[2007-05-23|19:41] C:\DOCUME~1\Alain\APPLIC~1\uTorrent
[2007-04-27|09:55] C:\DOCUME~1\Alain\APPLIC~1\wklnhst.dat

[2005-08-24|00:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2007-03-17|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[2008-04-05|15:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[2008-04-05|15:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2006-12-01|16:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[2004-12-01|23:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[2007-04-11|18:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[2006-10-27|15:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2008-01-13|19:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[2005-08-24|00:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[2005-08-24|00:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
[2005-08-24|00:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[2007-07-12|12:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[2008-06-29|19:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[2005-08-24|00:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2005-08-24|16:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies
[2007-04-11|18:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[2005-08-24|00:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[2005-08-23|23:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[2005-11-03|20:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[2008-01-06|15:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[2007-11-05|16:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[2006-08-01|20:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[2007-09-16|17:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2008-06-10|16:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[2005-10-11|17:29] C:\DOCUME~1\CHRIST~1\APPLIC~1\Absolutist.com
[2007-05-10|09:18] C:\DOCUME~1\CHRIST~1\APPLIC~1\Adobe
[2007-04-13|15:02] C:\DOCUME~1\CHRIST~1\APPLIC~1\Ahead
[2005-08-23|21:02] C:\DOCUME~1\CHRIST~1\APPLIC~1\Apple Computer
[2004-12-01|16:28] C:\DOCUME~1\CHRIST~1\APPLIC~1\desktop.ini
[2006-10-27|18:58] C:\DOCUME~1\CHRIST~1\APPLIC~1\Google
[2005-08-23|21:02] C:\DOCUME~1\CHRIST~1\APPLIC~1\Identities
[2006-12-31|14:35] C:\DOCUME~1\CHRIST~1\APPLIC~1\inifile41.ini
[2006-12-31|14:35] C:\DOCUME~1\CHRIST~1\APPLIC~1\internaldb1942.dat
[2006-12-31|14:35] C:\DOCUME~1\CHRIST~1\APPLIC~1\internaldb41.dat
[2006-12-31|14:35] C:\DOCUME~1\CHRIST~1\APPLIC~1\internaldb4827.dat
[2006-12-31|14:35] C:\DOCUME~1\CHRIST~1\APPLIC~1\internaldb5436.dat
[2006-12-31|14:35] C:\DOCUME~1\CHRIST~1\APPLIC~1\internaldb6334.dat
[2006-12-31|14:35] C:\DOCUME~1\CHRIST~1\APPLIC~1\internaldb8467.dat
[2006-05-15|09:41] C:\DOCUME~1\CHRIST~1\APPLIC~1\InterVideo
[2007-06-02|09:57] C:\DOCUME~1\CHRIST~1\APPLIC~1\LimeWire
[2005-08-25|08:21] C:\DOCUME~1\CHRIST~1\APPLIC~1\Macromedia
[2005-11-26|14:44] C:\DOCUME~1\CHRIST~1\APPLIC~1\Microsoft
[2005-12-19|18:34] C:\DOCUME~1\CHRIST~1\APPLIC~1\Mozilla
[2005-09-18|14:47] C:\DOCUME~1\CHRIST~1\APPLIC~1\muvee Technologies
[2005-09-13|17:11] C:\DOCUME~1\CHRIST~1\APPLIC~1\Real
[2005-08-23|21:02] C:\DOCUME~1\CHRIST~1\APPLIC~1\SampleView
[2006-04-04|16:17] C:\DOCUME~1\CHRIST~1\APPLIC~1\Sonic
[2005-11-23|15:20] C:\DOCUME~1\CHRIST~1\APPLIC~1\Sony Corporation
[2005-08-27|17:55] C:\DOCUME~1\CHRIST~1\APPLIC~1\Sun
[2005-08-23|21:02] C:\DOCUME~1\CHRIST~1\APPLIC~1\Symantec
[2005-12-19|18:34] C:\DOCUME~1\CHRIST~1\APPLIC~1\Talkback
[2005-08-25|13:17] C:\DOCUME~1\CHRIST~1\APPLIC~1\Template
[2007-04-11|17:23] C:\DOCUME~1\CHRIST~1\APPLIC~1\U3
[2007-05-10|09:19] C:\DOCUME~1\CHRIST~1\APPLIC~1\wklnhst.dat

[2007-06-06|18:48] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Adobe
[2005-08-24|00:22] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Apple Computer
[2004-12-01|23:28] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\desktop.ini
[2007-06-04|12:14] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Google
[2004-12-03|21:59] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Identities
[2007-06-04|20:21] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\LimeWire
[2007-06-04|12:12] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Macromedia
[2007-06-11|22:39] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Microsoft
[2007-06-04|13:07] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Real
[2005-08-24|00:35] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\SampleView
[2007-06-04|13:51] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Sun
[2005-08-24|00:43] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Symantec

[2005-08-24|00:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
[2004-12-01|23:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[2004-12-03|21:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[2005-08-24|00:53] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[2005-08-24|00:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
[2005-08-24|00:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
[2005-08-24|00:43] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[2008-05-04|16:19] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Adobe
[2008-05-08|19:30] C:\DOCUME~1\HP_ADM~1\APPLIC~1\AdobeUM
[2008-05-13|12:02] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Apple Computer
[2007-06-03|17:19] C:\DOCUME~1\HP_ADM~1\APPLIC~1\ArcSoft
[2008-07-10|17:59] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Canon
[2008-04-29|15:55] C:\DOCUME~1\HP_ADM~1\APPLIC~1\DataCast
[2004-12-01|23:28] C:\DOCUME~1\HP_ADM~1\APPLIC~1\desktop.ini
[2008-01-30|19:36] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Druide
[2008-02-15|23:02] C:\DOCUME~1\HP_ADM~1\APPLIC~1\FileZilla
[2008-05-01|20:36] C:\DOCUME~1\HP_ADM~1\APPLIC~1\fretsonfire
[2007-07-04|14:59] C:\DOCUME~1\HP_ADM~1\APPLIC~1\G-Force Prefs (WindowsMediaPlayer).txt
[2007-06-03|18:35] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Google
[2008-01-13|19:03] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Grisoft
[2004-12-03|21:59] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Identities
[2007-07-26|10:11] C:\DOCUME~1\HP_ADM~1\APPLIC~1\InterVideo
[2007-06-27|14:10] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Leadertech
[2008-04-22|17:21] C:\DOCUME~1\HP_ADM~1\APPLIC~1\LimeWire
[2007-06-03|18:16] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Macromedia
[2008-04-01|22:09] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Microsoft
[2008-04-20|10:55] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Mozilla
[2008-02-14|20:18] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Notepad++
[2007-08-20|11:34] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Opera
[2007-06-08|19:32] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Real
[2005-08-24|00:35] C:\DOCUME~1\HP_ADM~1\APPLIC~1\SampleView
[2007-06-27|14:11] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Sonic
[2007-06-22|10:21] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Sun
[2007-06-03|19:26] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Symantec
[2007-06-03|17:07] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Template
[2007-10-07|14:30] C:\DOCUME~1\HP_ADM~1\APPLIC~1\TuneUp Software
[2007-09-26|19:30] C:\DOCUME~1\HP_ADM~1\APPLIC~1\U3
[2008-03-13|22:21] C:\DOCUME~1\HP_ADM~1\APPLIC~1\uTorrent
[2008-07-09|13:59] C:\DOCUME~1\HP_ADM~1\APPLIC~1\wklnhst.dat

[2006-01-19|22:41] C:\DOCUME~1\JOLLE~1\APPLIC~1\Adobe
[2007-04-16|15:21] C:\DOCUME~1\JOLLE~1\APPLIC~1\Ahead
[2005-08-23|21:02] C:\DOCUME~1\JOLLE~1\APPLIC~1\Apple Computer
[2007-04-16|15:11] C:\DOCUME~1\JOLLE~1\APPLIC~1\Canon
[2004-12-01|16:28] C:\DOCUME~1\JOLLE~1\APPLIC~1\desktop.ini
[2007-04-12|19:21] C:\DOCUME~1\JOLLE~1\APPLIC~1\Druide
[2006-10-27|19:57] C:\DOCUME~1\JOLLE~1\APPLIC~1\Google
[2005-10-29|18:05] C:\DOCUME~1\JOLLE~1\APPLIC~1\Help
[2005-08-23|21:02] C:\DOCUME~1\JOLLE~1\APPLIC~1\Identities
[2007-06-01|12:01] C:\DOCUME~1\JOLLE~1\APPLIC~1\LimeWire
[2005-08-25|08:57] C:\DOCUME~1\JOLLE~1\APPLIC~1\Macromedia
[2006-07-31|20:52] C:\DOCUME~1\JOLLE~1\APPLIC~1\Microsoft
[2007-05-10|08:59] C:\DOCUME~1\JOLLE~1\APPLIC~1\OpenOffice.org2
[2005-10-19|21:57] C:\DOCUME~1\JOLLE~1\APPLIC~1\Real
[2005-08-23|21:02] C:\DOCUME~1\JOLLE~1\APPLIC~1\SampleView
[2006-09-10|16:47] C:\DOCUME~1\JOLLE~1\APPLIC~1\Sonic
[2005-09-22|21:33] C:\DOCUME~1\JOLLE~1\APPLIC~1\Sun
[2005-10-29|18:04] C:\DOCUME~1\JOLLE~1\APPLIC~1\Symantec
[2005-08-28|14:01] C:\DOCUME~1\JOLLE~1\APPLIC~1\Template
[2007-04-11|17:18] C:\DOCUME~1\JOLLE~1\APPLIC~1\U3
[2007-05-14|10:33] C:\DOCUME~1\JOLLE~1\APPLIC~1\wklnhst.dat

[2007-05-12|08:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
[2007-05-08|20:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[2007-06-03|17:23] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[2007-05-08|17:49] C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon

[2005-08-23|21:02] C:\DOCUME~1\Michel\APPLIC~1\Apple Computer
[2004-12-01|16:28] C:\DOCUME~1\Michel\APPLIC~1\desktop.ini
[2005-08-23|21:02] C:\DOCUME~1\Michel\APPLIC~1\Identities
[2005-08-23|21:02] C:\DOCUME~1\Michel\APPLIC~1\Microsoft
[2005-08-23|21:02] C:\DOCUME~1\Michel\APPLIC~1\Real
[2005-08-23|21:02] C:\DOCUME~1\Michel\APPLIC~1\SampleView
[2005-08-23|21:02] C:\DOCUME~1\Michel\APPLIC~1\Symantec

[2005-05-21|14:52] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[2005-08-25|11:22] C:\DOCUME~1\Robin\APPLIC~1\Adobe
[2006-06-19|18:24] C:\DOCUME~1\Robin\APPLIC~1\Ahead
[2005-08-23|21:02] C:\DOCUME~1\Robin\APPLIC~1\Apple Computer
[2006-12-11|16:20] C:\DOCUME~1\Robin\APPLIC~1\Canon
[2004-12-01|16:28] C:\DOCUME~1\Robin\APPLIC~1\desktop.ini
[2005-12-29|11:43] C:\DOCUME~1\Robin\APPLIC~1\G-Force Prefs (WindowsMediaPlayer).txt
[2006-02-24|20:18] C:\DOCUME~1\Robin\APPLIC~1\Google
[2005-11-01|18:47] C:\DOCUME~1\Robin\APPLIC~1\Help
[2005-08-23|21:02] C:\DOCUME~1\Robin\APPLIC~1\Identities
[2005-11-22|16:11] C:\DOCUME~1\Robin\APPLIC~1\InstallShield
[2005-09-27|16:24] C:\DOCUME~1\Robin\APPLIC~1\InstallShield Installation Information
[2006-04-07|19:01] C:\DOCUME~1\Robin\APPLIC~1\InterVideo
[2006-09-14|19:05] C:\DOCUME~1\Robin\APPLIC~1\LimeWire
[2005-08-25|13:51] C:\DOCUME~1\Robin\APPLIC~1\Macromedia
[2005-10-04|16:47] C:\DOCUME~1\Robin\APPLIC~1\Microsoft
[2005-08-25|14:12] C:\DOCUME~1\Robin\APPLIC~1\Mozilla
[2005-09-28|15:22] C:\DOCUME~1\Robin\APPLIC~1\muvee Technologies
[2005-09-04|15:53] C:\DOCUME~1\Robin\APPLIC~1\Real
[2005-08-23|21:02] C:\DOCUME~1\Robin\APPLIC~1\SampleView
[2006-02-10|17:20] C:\DOCUME~1\Robin\APPLIC~1\Sonic
[2005-08-30|14:26] C:\DOCUME~1\Robin\APPLIC~1\Sun
[2005-10-30|14:54] C:\DOCUME~1\Robin\APPLIC~1\Symantec
[2005-08-25|14:12] C:\DOCUME~1\Robin\APPLIC~1\Talkback
[2005-08-23|22:00] C:\DOCUME~1\Robin\APPLIC~1\Template
[2007-04-11|16:47] C:\DOCUME~1\Robin\APPLIC~1\U3
[2006-07-01|17:36] C:\DOCUME~1\Robin\APPLIC~1\Vso
[2006-10-26|18:38] C:\DOCUME~1\Robin\APPLIC~1\wklnhst.dat

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[2008-07-11 13:22][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008-07-11 17:15][--a------] C:\WINDOWS\tasks\1-Click Maintenance.job
[2008-07-11 12:12][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2004-08-10 21:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[2007-07-02|15:53] C:\Program Files\A.ico
[2007-07-12|15:03] C:\Program Files\a.zip
[2007-08-22|16:45] C:\Program Files\Activision
[2006-01-07|14:17] C:\Program Files\Activision Value
[2007-06-06|17:00] C:\Program Files\Adobe
[2007-02-08|17:42] C:\Program Files\Ahead
[2006-10-29|16:07] C:\Program Files\Alcohol Soft
[2007-03-17|11:59] C:\Program Files\Alcohol Toolbar
[2007-03-02|23:19] C:\Program Files\Alias
[2008-04-05|15:32] C:\Program Files\Apple Software Update
[2006-12-01|16:22] C:\Program Files\ArcSoft
[2005-10-17|15:27] C:\Program Files\Ares Download Client
[2005-09-29|19:22] C:\Program Files\Ares Galaxy FasterDownload
[2005-08-24|14:28] C:\Program Files\AT&T
[2007-01-13|12:40] C:\Program Files\Atari
[2008-03-20|12:07] C:\Program Files\Axis Communications
[2007-07-02|15:53] C:\Program Files\B.ico
[2007-07-12|15:06] C:\Program Files\b.zip
[2007-05-10|16:49] C:\Program Files\backburner 2
[2005-08-24|00:25] C:\Program Files\BackWeb
[2008-04-05|15:33] C:\Program Files\Bonjour
[2008-02-14|19:37] C:\Program Files\Bradbury
[2005-12-01|20:15] C:\Program Files\Broderbund
[2007-07-12|15:03] C:\Program Files\c.zip
[2006-12-01|16:22] C:\Program Files\Canon
[2006-08-01|20:07] C:\Program Files\Cap'n Crunch
[2004-12-03|21:03] C:\Program Files\ComPlus Applications
[2006-08-01|20:22] C:\Program Files\Deer Drive
[2006-06-07|13:11] C:\Program Files\devnz
[2005-08-24|14:18] C:\Program Files\directx
[2007-02-08|17:27] C:\Program Files\Druide
[2007-04-14|17:44] C:\Program Files\EA GAMES
[2006-11-17|17:16] C:\Program Files\EA SPORTS
[2007-05-10|16:51] C:\Program Files\EACOM
[2007-06-03|18:24] C:\Program Files\Easy Internet signup
[2006-11-17|21:05] C:\Program Files\Electronic Arts
[2008-06-25|14:07] C:\Program Files\Everest Poker
[2007-05-14|14:56] C:\Program Files\Everest Poker.net
[2006-11-07|20:14] C:\Program Files\Fantasy Hockey League
[2008-06-10|16:54] C:\Program Files\Fichiers communs
[2008-02-14|20:26] C:\Program Files\FileZilla FTP Client
[2007-05-30|18:56] C:\Program Files\FlashGet
[2005-08-24|00:15] C:\Program Files\FrenchOtto
[2008-05-01|20:34] C:\Program Files\Frets on Fire
[2008-02-01|18:10] C:\Program Files\Full Tilt Poker
[2005-09-07|17:17] C:\Program Files\GameSpy Arcade
[2005-08-24|00:15] C:\Program Files\GemMasterFrench
[2007-05-10|16:53] C:\Program Files\GM Hockey Renaissance
[2007-06-03|19:11] C:\Program Files\Google
[2008-01-13|19:03] C:\Program Files\Grisoft
[2006-08-01|20:09] C:\Program Files\Hasbro Interactive
[2007-05-10|16:53] C:\Program Files\Heroes II Gold
[2005-08-24|00:06] C:\Program Files\Hewlett-Packard
[2005-08-24|00:07] C:\Program Files\HP
[2005-08-23|18:40] C:\Program Files\HP DeskJet 840C Series
[2005-08-24|00:27] C:\Program Files\HPQ
[2006-01-25|20:15] C:\Program Files\Illustrate
[2007-01-13|12:37] C:\Program Files\Infogrames
[2007-01-13|12:40] C:\Program Files\Infogrames Interactive
[2008-04-29|15:55] C:\Program Files\InstallShield Installation Information
[2008-06-12|03:02] C:\Program Files\Internet Explorer
[2006-07-07|19:39] C:\Program Files\InternetGameBox
[2005-08-24|00:51] C:\Program Files\InterVideo
[2008-04-05|15:34] C:\Program Files\iPod
[2008-04-05|15:34] C:\Program Files\iTunes
[2008-07-09|15:00] C:\Program Files\Java
[2007-08-16|15:56] C:\Program Files\Lame MP3 Codec
[2007-07-12|12:40] C:\Program Files\Lavasoft
[2007-10-02|19:48] C:\Program Files\LimeWire
[2005-09-22|20:19] C:\Program Files\Logitech
[2008-02-14|19:35] C:\Program Files\Macromedia
[2007-02-21|21:40] C:\Program Files\MarkAny
[2005-08-23|23:45] C:\Program Files\Messenger
[2008-06-29|19:09] C:\Program Files\Messenger Plus! Live
[2007-05-11|15:20] C:\Program Files\Microsoft ActiveSync
[2008-06-12|03:02] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2005-08-24|00:13] C:\Program Files\Microsoft Encarta
[2007-07-12|14:39] C:\Program Files\microsoft frontpage
[2006-10-29|16:27] C:\Program Files\Microsoft Games
[2007-05-10|17:13] C:\Program Files\Microsoft NetShow
[2008-02-24|12:54] C:\Program Files\Microsoft Office
[2005-08-24|00:21] C:\Program Files\Microsoft Visual Studio
[2007-06-03|18:21] C:\Program Files\Microsoft Works
[2007-06-03|18:40] C:\Program Files\Microsoft.NET
[2005-09-23|09:28] C:\Program Files\minicliptoolbar toolbar
[2008-04-25|20:26] C:\Program Files\Movie Maker
[2008-07-11|00:10] C:\Program Files\Mozilla Firefox
[2007-01-02|00:13] C:\Program Files\MP3 Player Utilities
[2007-01-02|12:08] C:\Program Files\MP3 Player Utilities 3.57
[2007-01-15|19:17] C:\Program Files\MP3 Player Utilities 3.68
[2007-01-19|17:43] C:\Program Files\Mpath
[2008-02-24|12:54] C:\Program Files\MSECache
[2004-12-03|22:01] C:\Program Files\MSN
[2004-12-03|22:01] C:\Program Files\MSN Gaming Zone
[2008-01-09|17:43] C:\Program Files\MSN Messenger
[2006-11-15|18:33] C:\Program Files\MSXML 4.0
[2005-08-24|00:52] C:\Program Files\muvee Technologies
[2006-07-07|15:15] C:\Program Files\Nero
[2007-06-03|19:37] C:\Program Files\NetMeeting
[2007-07-12|15:15] C:\Program Files\Network Monitor
[2008-02-14|19:39] C:\Program Files\Notepad++
[2004-12-03|22:01] C:\Program Files\Online Services
[2007-05-10|17:16] C:\Program Files\OpenOffice.org 2.1
[2008-07-11|12:10] C:\Program Files\Outerinfo
[2007-07-12|14:48] C:\Program Files\outlook
[2007-06-29|03:06] C:\Program Files\Outlook Express
[2007-06-03|18:27] C:\Program Files\PC-Doctor for Windows
[2007-03-23|20:32] C:\Program Files\PKR
[2008-05-11|08:31] C:\Program Files\PokerStars
[2006-12-22|12:27] C:\Program Files\pshl
[2006-12-31|14:35] C:\Program Files\PuzzleDesktop
[2008-04-05|15:33] C:\Program Files\QuickTime
[2005-08-24|00:13] C:\Program Files\Real
[2008-02-27|17:05] C:\Program Files\RndLabs
[2005-09-04|16:32] C:\Program Files\Rockstar Games
[2007-02-21|21:40] C:\Program Files\Samsung
[2006-12-01|16:23] C:\Program Files\ScanSoft
[2005-08-24|14:12] C:\Program Files\Scrabble
[2006-11-29|19:10] C:\Program Files\Screensavers.com
[2005-08-24|00:33] C:\Program Files\Services en ligne
[2006-04-11|18:54] C:\Program Files\SigmaTel
[2006-03-06|17:33] C:\Program Files\Softinterface, Inc
[2005-08-24|00:17] C:\Program Files\Sonic
[2005-11-03|20:52] C:\Program Files\Sony
[2007-06-03|14:40] C:\Program Files\Steam
[2005-11-01|18:42] C:\Program Files\SymNetDrv
[2008-05-03|13:39] C:\Program Files\Thumbs.db
[2008-02-23|15:27] C:\Program Files\TI Education
[2007-03-17|11:35] C:\Program Files\Total Training
[2008-07-10|22:25] C:\Program Files\Trend Micro
[2007-06-04|16:15] C:\Program Files\Ubisoft
[2004-12-03|21:03] C:\Program Files\Uninstall Information
[2005-08-24|00:25] C:\Program Files\Updates from HP
[2007-06-09|09:19] C:\Program Files\uTorrent
[2008-05-22|20:33] C:\Program Files\VirtualDJ
[2008-01-01|16:31] C:\Program Files\Voyage Century Online
[2006-07-01|17:19] C:\Program Files\vso
[2006-12-31|15:31] C:\Program Files\WAV to MP3 Encoder
[2008-06-10|16:54] C:\Program Files\Windows Live
[2007-06-03|19:37] C:\Program Files\Windows Media Player
[2007-06-03|19:37] C:\Program Files\Windows NT
[2004-12-03|22:02] C:\Program Files\Windows Plus
[2004-12-03|21:03] C:\Program Files\WindowsUpdate
[2007-06-05|19:01] C:\Program Files\WinRAR
[2007-07-12|12:36] C:\Program Files\WordPerfect Office X3 Installer
[2004-12-03|22:02] C:\Program Files\xerox
[2007-08-16|15:56] C:\Program Files\Xvid
[2006-01-23|20:22] C:\Program Files\Yahoo!

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[2007-06-06|17:02] C:\Program Files\Fichiers communs\Adobe
[2007-03-17|11:46] C:\Program Files\Fichiers communs\Adobe Systems Shared
[2007-04-11|18:35] C:\Program Files\Fichiers communs\Ahead
[2008-04-05|15:32] C:\Program Files\Fichiers communs\Apple
[2005-12-01|20:15] C:\Program Files\Fichiers communs\Broderbund
[2007-06-03|18:41] C:\Program Files\Fichiers communs\DESIGNER
[2007-04-14|17:52] C:\Program Files\Fichiers communs\DirectX
[2005-08-24|00:06] C:\Program Files\Fichiers communs\Hewlett-Packard
[2005-08-23|23:54] C:\Program Files\Fichiers communs\HP
[2005-08-24|00:51] C:\Program Files\Fichiers communs\InstallShield
[2005-08-24|00:51] C:\Program Files\Fichiers communs\InterVideo
[2005-08-23|23:39] C:\Program Files\Fichiers communs\Java
[2005-08-23|18:24] C:\Program Files\Fichiers communs\LightScribe
[2005-09-22|20:19] C:\Program Files\Fichiers communs\Logitech
[2008-02-14|19:35] C:\Program Files\Fichiers communs\Macromedia
[2008-02-24|12:54] C:\Program Files\Fichiers communs\Microsoft Shared
[2004-12-03|22:00] C:\Program Files\Fichiers communs\MSSoap
[2005-08-24|00:24] C:\Program Files\Fichiers communs\muvee Technologies
[2004-12-03|22:00] C:\Program Files\Fichiers communs\ODBC
[2005-08-24|00:13] C:\Program Files\Fichiers communs\Real
[2007-06-03|19:37] C:\Program Files\Fichiers communs\Services
[2005-08-24|00:12] C:\Program Files\Fichiers communs\Sonic Shared
[2005-11-03|20:52] C:\Program Files\Fichiers communs\Sony Shared
[2004-12-03|22:00] C:\Program Files\Fichiers communs\SpeechEngines
[2005-08-24|00:12] C:\Program Files\Fichiers communs\SureThing Shared
[2008-01-06|15:12] C:\Program Files\Fichiers communs\Symantec Shared
[2007-06-29|03:06] C:\Program Files\Fichiers communs\System
[2008-02-23|15:27] C:\Program Files\Fichiers communs\TI Shared
[2005-08-24|00:17] C:\Program Files\Fichiers communs\TiVo Shared
[2008-02-14|19:35] C:\Program Files\Fichiers communs\Vbox
[2008-06-10|16:54] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[2008-01-01|16:31] C:\Program Files\Fichiers communs\Wise Installation Wizard
[2005-08-24|00:13] C:\Program Files\Fichiers communs\xing shared

---------------------------[ Process ]--------------------------

... 57

... OK !

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

Aucun fichier / dossier Lop trouvé !

----------------------[ Verification du Registre ]----------------------

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE

----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-11 23:17:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
C:\WINDOWS\System32\drivers\ntndis.sys 4864 bytes executable
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------[ Recherche d'autres infections ]---------------------

C:\Program Files\InternetGameBox
C:\Program Files\InternetGameBox\IGB.maj
C:\Program Files\InternetGameBox\InternetGameBox.exe
C:\Program Files\InternetGameBox\InternetGameBox.url
C:\Program Files\InternetGameBox\ressources
C:\Program Files\InternetGameBox\skins
C:\Program Files\InternetGameBox\uninst.exe
C:\WINDOWS\Pack.epk
! EGDACCESS !

C:\WINDOWS\system32\VxIllnnn.ini2
C:\WINDOWS\system32\VxIllnnn.ini
! VUNDO Possible !

[F:19084][D:76]-> C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
[F:1613][D:0]-> C:\DOCUME~1\HP_ADM~1\Cookies
[F:6350][D:10]-> C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 23:18:05,09 ]----------------------

| Alerter

Répondre à big0bout

XmichouX

12 Juillet 2008 12:35:41

Re,

Télécharge Navilog (de Il-Mafioso)

Enregistre-le sur ton Bureau.

Installe-le en double cliquant sur navilog.exe.

Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau) [Clic droit -> "Exécuter en tant qu'administrateur". ( Pour Vista)]

Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
! N'utilise pas l'option 2, 3 et 4 sans notre accord !

Patiente jusqu'à l'apparition de ce message :
*** Analyse Termine le ..... ***

Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste le rapport ici.

Poste le rapport généré.

Le rapport se trouve ici : C:\fixnavi.txt

Si tu as Vista, fais ceci avant :
Désactive l'UAC (Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le)

| Alerter

Répondre à XmichouX

big0bout

12 Juillet 2008 14:38:57

Voici le rapport fixnavi:

Search Navipromo version 3.6.0 commencé le 2008-07-12 à 10:03:56,85

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "HP_Administrateur"

Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans "C:\WINDOWS" ***

*** Recherche dossiers dans "C:\Program Files" ***

C:\Program Files\InternetGameBox trouvé !

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\menudÉ~1\progra~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\HP_Administrateur\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\Alain\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\CHRIST~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\CHRIST~1.GOF\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\JOLLE~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\Michel\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\Robin\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\HP_Administrateur\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\Alain\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\CHRIST~1\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\CHRIST~1.GOF\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\JOLLE~1\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\Michel\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\Robin\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\HP_Administrateur\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\Alain\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\CHRIST~1\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\CHRIST~1.GOF\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\JOLLE~1\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\Michel\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\Robin\menudm~1\progra~1" ***

...\InternetGameBox trouvé !
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\HP_Administrateur\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\Alain\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\CHRIST~1\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\CHRIST~1.GOF\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\JOLLE~1\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\Michel\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\Robin\locals~1\applic~1" *

*** Recherche fichiers ***

C:\WINDOWS\pack.epk trouvé !

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

* Dans "C:\Documents and Settings\HP_Administrateur\locals~1\applic~1" :

* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :

* Dans "C:\DOCUME~1\Alain\locals~1\applic~1" :

* Dans "C:\DOCUME~1\CHRIST~1\locals~1\applic~1" :

* Dans "C:\DOCUME~1\CHRIST~1.GOF\locals~1\applic~1" :

* Dans "C:\DOCUME~1\JOLLE~1\locals~1\applic~1" :

* Dans "C:\DOCUME~1\Michel\locals~1\applic~1" :

* Dans "C:\DOCUME~1\Robin\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\VxIllnnn.ini2 trouvé ! infection Vundo possible non traitée par cet outil !

*** Analyse terminée le 2008-07-12 à 10:33:52,39 ***

| Alerter

Répondre à big0bout

XmichouX

12 Juillet 2008 21:35:25

Re,

Double clique sur le raccourci de Navilog.

Choisis l'option 2 puis valide. (Entrée)

Laisse toi guider.

Ton ordinateur va redémarrer, sinon fais le manuellement.

Ton bureau va disparaître.

Après un certain temps, le Bloc-notes va s'ouvrir.

Sauvegarde le rapport.

Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
Tapes explorer et valide. Cela te fera apparaitre ton bureau

Démarrer -> panneau de configuration -> options internet
Clique sur l'onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés" :

Montorgueil ; VIP

Si tu les trouves, fais ceci :
* Sélectionne chacun de ces certificats et clique sur exporter. Enregistre le/les sur ton bureau.
* Supprime ensuite ceux présents dans l'onglet "certificats" des options de ton naviguateur.

Ensuite pour chacun des certificats présents sur ton bureau :
* Va sur le site Web :
http://www.bleepingcomputer.com/submit-malware.php?chan...
* Copie/colle ceci dans la case 'Link to Topic' :
le nom du certificat (Montorgueil ,......)
* Copie/colle ceci dans la case 'Browse to the File' :
Le certificat correspondant que tu avais exportés vers ton bureau

Si c'est fait, supprime enfin le certificat présent sur ton bureau.

Les programmes suivants installent cette infection :

* Go-astro
* GoRecord
* HotTVPlayer
* MailSkinner
* Messenger Skinner
* Instant Access
* InternetGameBox
* sudoplanet
* Webmediaplayer : sauf celui provenant du site suivant > http://www.azertysite.new.fr/
* Sur le site www.games-desktop.com (Ne pas aller dessus!)

Poste le rapport sauvegardé auparavant (C:\cleannavi.txt) ainsi qu'un nouveau rapport Hijackthis.

| Alerter

Répondre à XmichouX

big0bout

12 Juillet 2008 22:22:23

En vérifiant le dossier des certificats, il n'y en avait aucun dans la partie éditeurs approuvé.

rapport navilog:

Clean Navipromo version 3.6.0 commencé le 2008-07-12 à 18:03:47,18

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "HP_Administrateur"

Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS

Nettoyage exécuté au redémarrage de l'ordinateur

*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *

* Suppression dans "C:\Documents and Settings\HP_Administrateur\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\Alain\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\CHRIST~1\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\CHRIST~1.GOF\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\JOLLE~1\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\Michel\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\Robin\locals~1\applic~1" *

*** Suppression dossiers dans "C:\WINDOWS" ***

*** Suppression dossiers dans "C:\Program Files" ***

C:\Program Files\InternetGamebox ...suppression...
C:\Program Files\InternetGamebox supprimé !

*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Suppression dossiers dans "c:\docume~1\alluse~1\menudÉ~1\progra~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\HP_Administrateur\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\Alain\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\CHRIST~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\CHRIST~1.GOF\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\JOLLE~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\Michel\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\Robin\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\HP_Administrateur\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\Alain\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\CHRIST~1\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\CHRIST~1.GOF\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\JOLLE~1\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\Michel\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\Robin\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\HP_Administrateur\menudm~1\progra~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\Alain\menudm~1\progra~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\CHRIST~1\menudm~1\progra~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\CHRIST~1.GOF\menudm~1\progra~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\JOLLE~1\menudm~1\progra~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\Michel\menudm~1\progra~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\Robin\menudm~1\progra~1" ***

...\InternetGamebox ...suppression...
...\InternetGamebox supprimé !

*** Suppression fichiers ***

C:\WINDOWS\pack.epk supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\HP_Administrateur\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans "C:\WINDOWS\system32" *

* Dans "C:\Documents and Settings\HP_Administrateur\locals~1\applic~1" *

* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Dans "C:\DOCUME~1\Alain\locals~1\applic~1" *

* Dans "C:\DOCUME~1\CHRIST~1\locals~1\applic~1" *

* Dans "C:\DOCUME~1\CHRIST~1.GOF\locals~1\applic~1" *

* Dans "C:\DOCUME~1\JOLLE~1\locals~1\applic~1" *

* Dans "C:\DOCUME~1\Michel\locals~1\applic~1" *

* Dans "C:\DOCUME~1\Robin\locals~1\applic~1" *

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 2008-07-12 à 18:09:55,56 ***

rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:15:34, on 2008-07-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.infinit.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [f8129355] rundll32.exe "C:\WINDOWS\system32\rphseolr.dll",b
O4 - HKLM\..\Run: [BMfb21a0c9] Rundll32.exe "C:\WINDOWS\system32\vhavxumo.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.infinit.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://60.43.33.196/kxhcm10.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://82.176.73.20/home/SonySncRz30View.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://webcam1.ttu.ee/activex/AMC.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://128.97.43.214/activex/AMC.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9924 bytes

| Alerter

Répondre à big0bout

XmichouX

12 Juillet 2008 22:30:25

Re,

Télécharge ComboFix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)

Double clique sur ComboFix.exe.

Accepte la licence en cliquant sur Oui.

Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

Aide : Comment utiliser ComboFix.

| Alerter

Répondre à XmichouX

big0bout

12 Juillet 2008 23:57:06

Voici le rapport combofix:

ComboFix 08-07-12.1 - HP_Administrateur 2008-07-12 19:24:14.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2535 [GMT -4:00]
Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program Files\network monitor
C:\Program Files\outerinfo
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.MSNFix
C:\Program Files\outlook
C:\Program Files\outlook\p.zip
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\SSSInst\bin\SSSUninst.exe
C:\temp\17o7
C:\temp\17o7\tmpTF.log
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ddcYSKBQ.dll
C:\WINDOWS\system32\drivers\ntndis.exe
C:\WINDOWS\system32\drivers\ntndis.sys
C:\WINDOWS\system32\fbghxvab.dll
C:\WINDOWS\system32\hcunchrx.ini
C:\WINDOWS\system32\hynmwxgp.ini
C:\WINDOWS\system32\nnnllIxV.dll
C:\WINDOWS\system32\oeminfo.ini
C:\WINDOWS\system32\onyjfxjq.ini
C:\WINDOWS\system32\pfuqgetq.ini
C:\WINDOWS\system32\qzbvkg.dll
C:\WINDOWS\system32\rdynsltj.ini
C:\WINDOWS\system32\rloeshpr.ini
C:\WINDOWS\system32\sSmnnLfD.dll
C:\WINDOWS\system32\VxIllnnn.ini
C:\WINDOWS\system32\VxIllnnn.ini2
C:\WINDOWS\system32\ybmwejaf.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NTNDIS
-------\Service_ntndis

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-12 to 2008-07-12 ))))))))))))))))))))))))))))))))))))
.

2008-07-12 19:40 . 2008-07-12 19:40 294 ---hs---- C:\WINDOWS\system32\rloeshpr.ini
2008-07-12 15:29 . 2008-07-12 15:29 105,248 --a------ C:\WINDOWS\system32\zismbz.dll
2008-07-12 15:29 . 2008-07-12 15:29 105,248 --a------ C:\WINDOWS\system32\hycvludv.dll
2008-07-12 15:27 . 2008-07-12 15:27 90,928 --a------ C:\WINDOWS\system32\vhavxumo.dll
2008-07-12 15:27 . 2008-07-12 15:27 81,168 --a------ C:\WINDOWS\system32\rphseolr.dll
2008-07-12 10:03 . 2008-07-12 18:09 <REP> d-------- C:\Program Files\Navilog1
2008-07-11 20:16 . 2008-07-11 23:18 <REP> d-------- C:\Lop SD
2008-07-11 13:39 . 2008-07-11 13:39 105,248 --a------ C:\WINDOWS\system32\xomjfehd.dll
2008-07-11 13:39 . 2008-07-11 13:39 105,248 --a------ C:\WINDOWS\system32\eptdnq.dll
2008-07-11 13:36 . 2008-07-11 13:36 90,928 --a------ C:\WINDOWS\system32\pxqrygps.dll
2008-07-10 22:25 . 2008-07-10 22:25 <REP> d-------- C:\Program Files\Trend Micro
2008-07-10 18:08 . 2008-07-10 18:08 105,232 --a------ C:\WINDOWS\system32\omwybd.dll
2008-07-10 18:08 . 2008-07-10 18:08 105,232 --a------ C:\WINDOWS\system32\gttajsma.dll
2008-07-10 18:06 . 2008-07-10 18:06 90,912 --a------ C:\WINDOWS\system32\uyeuoson.dll
2008-07-09 15:00 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-09 13:38 . 2008-07-09 13:38 105,152 --a------ C:\WINDOWS\system32\lysedshx.dll
2008-07-09 13:38 . 2008-07-09 13:38 105,152 --a------ C:\WINDOWS\system32\ehtbou.dll
2008-07-09 13:35 . 2008-07-09 13:35 90,816 --a------ C:\WINDOWS\system32\ernvhkjj.dll
2008-07-08 13:41 . 2008-07-08 13:41 105,296 --a------ C:\WINDOWS\system32\ixpncqbq.dll
2008-07-08 13:41 . 2008-07-08 13:41 105,296 --a------ C:\WINDOWS\system32\dlqipg.dll
2008-07-08 13:35 . 2008-07-08 13:35 90,880 --a------ C:\WINDOWS\system32\euuvevxv.dll
2008-07-07 16:36 . 2008-07-11 02:40 5,174 --a------ C:\WINDOWS\cookies.MSNFix
2008-07-07 14:57 . 2008-07-10 18:05 143 --a------ C:\WINDOWS\system32\mcrh.MSNFix
2008-07-07 13:39 . 2008-07-07 13:39 105,280 --a------ C:\WINDOWS\system32\ynrfmloc.dll
2008-07-07 13:39 . 2008-07-07 13:39 105,280 --a------ C:\WINDOWS\system32\wvnxkk.dll
2008-07-07 13:36 . 2008-07-07 13:36 81,216 --a------ C:\WINDOWS\system32\qjxfjyno.dll
2008-07-07 13:33 . 2008-07-12 19:40 110,419 --a------ C:\WINDOWS\BMfb21a0c9.xml
2008-07-07 13:33 . 2008-07-07 13:33 90,912 --a------ C:\WINDOWS\system32\gmtbreyc.dll
2008-06-29 19:09 . 2008-06-29 19:09 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-06-29 19:09 . 2008-06-29 19:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-06-12 03:02 . 2008-06-12 03:02 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-10 21:59 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\Canon
2008-07-09 19:00 --------- d-----w C:\Program Files\Java
2008-07-09 17:59 2,818 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
2008-06-25 18:07 --------- d-----w C:\Program Files\Everest Poker
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 20:54 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-06-10 20:54 --------- d-----w C:\Program Files\Windows Live
2008-06-10 20:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-23 00:33 --------- d-----w C:\Program Files\VirtualDJ
2008-05-13 16:02 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\Apple Computer
2008-05-03 17:39 7,168 --sha-w C:\Program Files\Thumbs.db
2007-07-12 19:06 22 ----a-w C:\Program Files\b.zip
2007-07-12 19:03 22 ----a-w C:\Program Files\c.zip
2007-07-12 19:03 22 ----a-w C:\Program Files\a.zip
2007-07-02 19:53 25,214 ----a-w C:\Program Files\B.ico
2007-07-02 19:53 25,214 ----a-w C:\Program Files\A.ico
2007-05-10 13:19 2,162 ----a-w C:\Documents and Settings\Christian\Application Data\wklnhst.dat
2007-04-27 13:55 4,550 ----a-w C:\Documents and Settings\Alain\Application Data\wklnhst.dat
2006-12-31 18:35 9,216 ----a-w C:\Documents and Settings\Christian\Application Data\internaldb8467.dat
2006-12-31 18:35 49 ----a-w C:\Documents and Settings\Christian\Application Data\internaldb41.dat
2006-12-31 18:35 337 ----a-w C:\Documents and Settings\Christian\Application Data\internaldb1942.dat
2006-12-31 18:35 20,480 ----a-w C:\Documents and Settings\Christian\Application Data\internaldb4827.dat
2006-12-31 18:35 0 ----a-w C:\Documents and Settings\Christian\Application Data\internaldb6334.dat
2006-12-31 18:35 0 ----a-w C:\Documents and Settings\Christian\Application Data\internaldb5436.dat
2006-10-26 22:38 5,382 ----a-w C:\Documents and Settings\Robin\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba941fcf-ef87-4046-8244-3591f7cbad93}]
2008-07-12 15:29 105248 --a------ C:\WINDOWS\system32\zismbz.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-28 10:22 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 21:00 15360]
"Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe" [2006-12-06 17:43 526008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 18:04 59392]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-06 00:19 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-06 00:23 114688]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 22:34 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 23:54 253952]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-08-24 00:13 180269]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 08:23 132624]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"f8129355"="C:\WINDOWS\system32\rphseolr.dll" [2008-07-12 15:27 81168]
"BMfb21a0c9"="C:\WINDOWS\system32\vhavxumo.dll" [2008-07-12 15:27 90928]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 23:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 13:08]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{148277f2-c9b4-11d9-9ecb-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-07-11 21:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-07-11 17:22:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 19:41:01
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\rphseolr.dll
-> C:\WINDOWS\system32\vhavxumo.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehRecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\hp\KBD\KBD.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-12 19:52:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-12 23:51:02

Pre-Run: 161,808,277,504 octets libres
Post-Run: 166,972,084,224 octets libres

202 --- E O F --- 2008-06-21 07:01:31

| Alerter

Répondre à big0bout

XmichouX

13 Juillet 2008 12:21:41

Re,

Sélectionne l'intégralité du cadre ci-dessous :

Collect::
C:\WINDOWS\system32\rphseolr.dll
C:\WINDOWS\system32\vhavxumo.dll
C:\WINDOWS\system32\zismbz.dll
C:\WINDOWS\system32\rloeshpr.ini
C:\WINDOWS\system32\hycvludv.dll
C:\WINDOWS\system32\xomjfehd.dll
C:\WINDOWS\system32\eptdnq.dll
C:\WINDOWS\system32\pxqrygps.dll
C:\WINDOWS\system32\omwybd.dll
C:\WINDOWS\system32\gttajsma.dll
C:\WINDOWS\system32\uyeuoson.dll
C:\WINDOWS\system32\lysedshx.dll
C:\WINDOWS\system32\ehtbou.dll
C:\WINDOWS\system32\ernvhkjj.dll
C:\WINDOWS\system32\ixpncqbq.dll
C:\WINDOWS\system32\dlqipg.dll
C:\WINDOWS\system32\euuvevxv.dll
C:\WINDOWS\cookies.MSNFix
C:\WINDOWS\system32\mcrh.MSNFix
C:\WINDOWS\system32\ynrfmloc.dll
C:\WINDOWS\system32\wvnxkk.dll
C:\WINDOWS\system32\qjxfjyno.dll
C:\WINDOWS\BMfb21a0c9.xml
C:\WINDOWS\system32\gmtbreyc.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba941fcf-ef87-4046-8244-3591f7cbad93}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=-
"Acrobat Assistant 7.0"=-
"QuickTime Task"=-
"iTunesHelper"=-
"f8129355"=-
"BMfb21a0c9"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{148277f2-c9b4-11d9-9ecb-806d6172696f}]

Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)

Enregistre le sous sur ton bureau sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

Cela va relancer Combofix.

ComboFix créera ces fichiers sur ton Bureau :
- Un fichier zippé nommé Submit [Date Time].zip
- Un second fichier nommé - CF-Submit.htm

ComboFix peut exiger un redémarrage pour compléter son travail. Accepte.

Lorsque l'outil aura terminé, un rapport ComboFix.log apparaîtra à l'écran.

Une nouvelle fenêtre avec invite "Submit Files for further analysis" s'ouvrira. Clique "OK"

Ton navigateur se lancera automatiquement avec le fichier CF-Submit.htm et une fenêtre s'ouvrira :
- Clique sur le bouton "Browse"("Parcourir") et navigue vers le fichier
Submit [Date Time].zip qui est sur ton Bureau.
- Clique sur le fichier afin de le sélectionner.

Soumets le fichier en cliquant "OK"

Lorsque cette opération sera complétée, tu peux supprimer ces deux fichiers qui se trouvent sur ton Bureau.
Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.Paramètres Système avancés -> Protection du système -> décoche les "disques disponibles", clique sur désactiver la restauration système à l'apparition du message, fais pareil pour tous , appliquer, ok.

| Alerter

Répondre à XmichouX

big0bout

13 Juillet 2008 18:01:33

Je n'ai pas trouver sur mon ordi ceci:

Paramètres Système avancés -> Protection du système -> décoche les "disques disponibles", clique sur désactiver la restauration système à l'apparition du message, fais pareil pour tous , appliquer, ok.

mais voici tout de même le rapport de combofix:

ComboFix 08-07-12.1 - HP_Administrateur 2008-07-13 12:54:36.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2536 [GMT -4:00]
Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrateur\Bureau\CFScript.txt.txt
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMfb21a0c9.xml
C:\WINDOWS\cookies.MSNFix
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dlqipg.dll
C:\WINDOWS\system32\ehtbou.dll
C:\WINDOWS\system32\eptdnq.dll
C:\WINDOWS\system32\ernvhkjj.dll
C:\WINDOWS\system32\euuvevxv.dll
C:\WINDOWS\system32\gmtbreyc.dll
C:\WINDOWS\system32\gttajsma.dll
C:\WINDOWS\system32\hycvludv.dll
C:\WINDOWS\system32\ixpncqbq.dll
C:\WINDOWS\system32\lysedshx.dll
C:\WINDOWS\system32\mcrh.MSNFix
C:\WINDOWS\system32\omwybd.dll
C:\WINDOWS\system32\pxqrygps.dll
C:\WINDOWS\system32\qjxfjyno.dll
C:\WINDOWS\system32\rloeshpr.ini
C:\WINDOWS\system32\rphseolr.dll
C:\WINDOWS\system32\uyeuoson.dll
C:\WINDOWS\system32\vhavxumo.dll
C:\WINDOWS\system32\wvnxkk.dll
C:\WINDOWS\system32\xomjfehd.dll
C:\WINDOWS\system32\ynrfmloc.dll
C:\WINDOWS\system32\zismbz.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-13 to 2008-07-13 ))))))))))))))))))))))))))))))))))))
.

2008-07-12 19:52 . 2008-07-12 19:52 <REP> d-------- C:\Documents and Settings\Joëlle
2008-07-12 19:52 . <REP> C:\Documents and Settings\JoÙlle\Local Settings
2008-07-12 10:03 . 2008-07-12 18:09 <REP> d-------- C:\Program Files\Navilog1
2008-07-11 20:16 . 2008-07-11 23:18 <REP> d-------- C:\Lop SD
2008-07-10 22:25 . 2008-07-10 22:25 <REP> d-------- C:\Program Files\Trend Micro
2008-07-09 15:00 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-29 19:09 . 2008-06-29 19:09 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-06-29 19:09 . 2008-06-29 19:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-10 21:59 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\Canon
2008-07-09 19:00 --------- d-----w C:\Program Files\Java
2008-07-09 17:59 2,818 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
2008-06-25 18:07 --------- d-----w C:\Program Files\Everest Poker
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 07:02 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-10 20:54 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-06-10 20:54 --------- d-----w C:\Program Files\Windows Live
2008-06-10 20:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-23 00:33 --------- d-----w C:\Program Files\VirtualDJ
2008-05-13 16:02 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\Apple Computer
2008-05-03 17:39 7,168 --sha-w C:\Program Files\Thumbs.db
2007-07-12 19:06 22 ----a-w C:\Program Files\b.zip
2007-07-12 19:03 22 ----a-w C:\Program Files\c.zip
2007-07-12 19:03 22 ----a-w C:\Program Files\a.zip
2007-07-02 19:53 25,214 ----a-w C:\Program Files\B.ico
2007-07-02 19:53 25,214 ----a-w C:\Program Files\A.ico
2007-05-10 13:19 2,162 ----a-w C:\Documents and Settings\Christian\Application Data\wklnhst.dat
2007-04-27 13:55 4,550 ----a-w C:\Documents and Settings\Alain\Application Data\wklnhst.dat
2006-12-31 18:35 9,216 ----a-w C:\Documents and Settings\Christian\Application Data\internaldb8467.dat
2006-12-31 18:35 49 ----a-w C:\Documents and Settings\Christian\Application Data\internaldb41.dat
2006-12-31 18:35 337 ----a-w C:\Documents and Settings\Christian\Application Data\internaldb1942.dat
2006-12-31 18:35 20,480 ----a-w C:\Documents and Settings\Christian\Application Data\internaldb4827.dat
2006-12-31 18:35 0 ----a-w C:\Documents and Settings\Christian\Application Data\internaldb6334.dat
2006-12-31 18:35 0 ----a-w C:\Documents and Settings\Christian\Application Data\internaldb5436.dat
2006-10-26 22:38 5,382 ----a-w C:\Documents and Settings\Robin\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-07-12_19.50.44.16 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-12 23:40:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-13 16:56:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-12 07:03:35 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-07-13 07:01:09 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-06-12 07:03:35 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-07-13 07:01:09 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-06-12 07:03:35 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-07-13 07:01:09 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-06-12 07:03:34 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-07-13 07:01:09 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-06-12 07:03:35 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-07-13 07:01:09 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-06-12 07:03:35 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-07-13 07:01:09 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-06-12 07:03:35 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-07-13 07:01:09 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-06-12 07:03:35 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-07-13 07:01:09 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-06-12 07:03:35 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-07-13 07:01:09 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-06-12 07:03:35 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-07-13 07:01:09 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-06-12 07:03:35 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-07-13 07:01:09 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-06-12 07:03:34 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-07-13 07:01:09 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-06-12 07:03:34 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-07-13 07:01:09 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-28 10:22 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 21:00 15360]
"Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe" [2006-12-06 17:43 526008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 18:04 59392]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-06 00:19 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-06 00:23 114688]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 22:34 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 23:54 253952]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 08:23 132624]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 23:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 13:08]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-07-11 21:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-07-11 17:22:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 12:58:04
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehRecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\hp\KBD\KBD.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-13 13:08:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-13 17:07:35
ComboFix2.txt 2008-07-12 23:52:08

Pre-Run: 167,285,760,000 octets libres
Post-Run: 167,286,734,848 octets libres

185 --- E O F --- 2008-07-13 07:01:12

| Alerter

Répondre à big0bout

XmichouX

13 Juillet 2008 23:55:14

Oups, désolé, je m'étais trompé.

Télécharge MalwareByte's Anti-Malware sur ton Bureau.

Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées :
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.

REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

[#FF0000]Aide : Comment utiliser MBAM.

| Alerter

Répondre à XmichouX

big0bout

16 Juillet 2008 21:34:59

Désolé d'avoir pris un peu de temps:

voici le rapport malware:

Malwarebytes' Anti-Malware 1.20
Version de la base de données: 959
Windows 5.1.2600 Service Pack 2

17:29:47 2008-07-16
mbam-log-7-16-2008 (17-29-47).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 218172
Temps écoulé: 3 hour(s), 3 minute(s), 36 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 13

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{D914ACD5-1321-4D0E-A2F6-861E2DFB47B4}\RP406\A0122024.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D914ACD5-1321-4D0E-A2F6-861E2DFB47B4}\RP412\A0125403.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D914ACD5-1321-4D0E-A2F6-861E2DFB47B4}\RP412\A0125407.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D914ACD5-1321-4D0E-A2F6-861E2DFB47B4}\RP412\A0125408.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D914ACD5-1321-4D0E-A2F6-861E2DFB47B4}\RP412\A0125418.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D914ACD5-1321-4D0E-A2F6-861E2DFB47B4}\RP412\A0125420.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\a.zip (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\A.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\b.zip (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\B.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\c.zip (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\BMfb21a0c9.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Robin\Bureau\InternetGameBox.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.

| Alerter

Répondre à big0bout

XmichouX

18 Juillet 2008 12:35:59

Re,

Poste un nouveau rapport HijackThis.

| Alerter

Répondre à XmichouX

big0bout

18 Juillet 2008 21:58:02

voici le rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:55:55, on 2008-07-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.infinit.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://60.43.33.196/kxhcm10.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://82.176.73.20/home/SonySncRz30View.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://webcam1.ttu.ee/activex/AMC.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://128.97.43.214/activex/AMC.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9919 bytes

| Alerter

Répondre à big0bout

XmichouX

18 Juillet 2008 22:09:22

Re,

Télécharge AntiVir sur ton Bureau.

Double clique sur l'exécutable téléchargé pour lancer l'installation.

A la fin de l'installation, clique sur Finish.

Ouvre Antivir, assure-toi qu’il soit bien à jour !

Dans l'onglet Local Protection, choisis Scanner.

Active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur).

Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur.

Poste moi le rapport généré : Pour cela, clique sur l'onglet Overview, puis choisis Reports, tu trouveras son rapport..

Note : Pour une éradication des menaces plus efficace, lance le scan en mode sans échec.

Aide : Comment installer et utiliser AntiVir.

| Alerter

Répondre à XmichouX

big0bout

21 Juillet 2008 03:00:52

Avira AntiVir Personal
Report file date: 20 juillet 2008 13:59

Scanning for 1165085 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Administrateur
Computer name: GOOFY

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 15:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 14:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 14:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 14:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 16:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 19:08:58
ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 2008-03-21 01:12:34
ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 2008-03-25 14:27:50
Engineversion : 8.1.0.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 15:58:21
AESCRIPT.DLL : 8.1.0.19 229754 Bytes 2008-04-07 21:34:44
AESCN.DLL : 8.1.0.12 115060 Bytes 2008-04-07 21:34:44
AERDL.DLL : 8.1.0.19 418164 Bytes 2008-04-07 21:34:44
AEPACK.DLL : 8.1.1.0 364918 Bytes 2008-03-18 17:20:42
AEOFFICE.DLL : 8.1.0.15 192889 Bytes 2008-04-07 21:34:44
AEHEUR.DLL : 8.1.0.15 1147253 Bytes 2008-04-07 21:34:44
AEHELP.DLL : 8.1.0.11 115061 Bytes 2008-04-07 21:34:43
AEGEN.DLL : 8.1.0.15 299379 Bytes 2008-04-07 21:34:43
AEEMU.DLL : 8.1.0.5 430450 Bytes 2008-04-07 21:34:43
AECORE.DLL : 8.1.0.25 168309 Bytes 2008-04-08 15:58:32
AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 23:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 16:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 19:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 23:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 14:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 14:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 23:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 23:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 18:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 20:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 18:02:11

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, F:, G:, H:, I:, J:, K:, L:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 20 juillet 2008 13:59

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD5
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[INFO] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[INFO] In the drive 'I:\' no data medium is inserted!
Boot sector 'J:\'
[INFO] In the drive 'J:\' no data medium is inserted!
Boot sector 'L:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '22' files ).

Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\b5243ede892694454bc60a84a1bc\mrt.exe
[WARNING] The file could not be opened!
C:\b5243ede892694454bc60a84a1bc\mrtstub.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\Alain\Application Data\Microsoft\Internet Explorer\Desktop.htt
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48f68e5e.qua'!
C:\Documents and Settings\Christian\Application Data\Microsoft\Internet Explorer\Desktop.htt
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48f6901b.qua'!
C:\Documents and Settings\Christian\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-57dfbfd9-2df8a6a6.zip
[0] Archive type: ZIP
--> BnnnnBaa.class
[DETECTION] Is the Trojan horse TR/Java.Downloader.Gen
--> VaannnaaBaa.class
[DETECTION] Is the Trojan horse TR/ClassLoader
--> Dnnny.class
[DETECTION] Contains detection pattern of the Java virus JAVA/Exploit.Bytverify.5
--> Bnnnnn.class
[DETECTION] Is the Trojan horse TR/Java.ClassLoader.AS
--> Den.class
[DETECTION] Is the Trojan horse TR/Exploit.Bytverify
--> Din.class
[DETECTION] Is the Trojan horse TR/Exploit.Bytverify.A
--> Dun.class
[DETECTION] Is the Trojan horse TR/Exploit.Bytverify.B
[NOTE] The file was moved to '48f7904a.qua'!
C:\Documents and Settings\Christian\Bureau\sinstaller2.exe
[DETECTION] Contains detection pattern of the dropper DR/Comet.AC
[NOTE] The file was moved to '48f191cb.qua'!
C:\Documents and Settings\Joëlle\Application Data\Microsoft\Internet Explorer\Desktop.htt
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48f695fe.qua'!
C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Desktop.htt
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48f696ab.qua'!
C:\Program Files\Everest Poker.net\Everest Poker.net.exe
[DETECTION] The file contains an executable. This, however, is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '48e8a46e.qua'!
C:\Program Files\Full Tilt Poker\Updater.exe
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was moved to '48e7a56b.qua'!
C:\Program Files\Internet Explorer\profsywuy.html
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48f2a686.qua'!
C:\QooBox\Quarantine\catchme2008-07-12_193910,00.zip
[0] Archive type: ZIP
--> ntndis.sys
[DETECTION] Contains detection pattern of the worm WORM/ForBot.31916.A
[NOTE] The file was moved to '48f7aa5a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcYSKBQ.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48e6aa5e.qua'!
C:\WINDOWS\18-979cccfcc7622e89302a49c23b6fa37a.exe
[DETECTION] Contains detection pattern of the dropper DR/TrafficSol.F
[NOTE] The file was moved to '48b0aa59.qua'!
C:\WINDOWS\system32\drivers\atapi.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <HP_RECOVERY>
Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'F:\'
Search path F:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'G:\'
Search path G:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'H:\'
Search path H:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'I:\'
Search path I:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'J:\'
Search path J:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'K:\'
Search path K:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'L:\' <ROBIN>

End of the scan: 20 juillet 2008 17:46
Used time: 3:46:59 min

The scan has been done completely.

14566 Scanning directories
704998 Files were scanned
12 viruses and/or unwanted programs were found
6 Files were classified as suspicious:
0 files were deleted
0 files were repaired
12 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
704986 Files not concerned
17937 Archives were scanned
8 Warnings
12 Notes

| Alerter

Répondre à big0bout

XmichouX

21 Juillet 2008 10:31:11

Bien, supprime :

C:\Program Files\Everest Poker.net

C:\Program Files\Full Tilt Poker

Puis poste un nouveau rapport HIjackThis.
Où en sont tes soucis ?

| Alerter

Répondre à XmichouX

big0bout

21 Juillet 2008 16:23:10

Poour ce qui est des problèmes, je n'en voit pas de visible.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:16, on 2008-07-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.infinit.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://60.43.33.196/kxhcm10.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://82.176.73.20/home/SonySncRz30View.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://webcam1.ttu.ee/activex/AMC.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://128.97.43.214/activex/AMC.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10605 bytes

| Alerter

Répondre à big0bout

XmichouX

21 Juillet 2008 16:33:56

Bien, on a fini, tu étais bien infecté, fais attention à l'avenir.
Tu peux désinstaller Ad-Aware, inutile d'avoir plusieurs anti-spywares.

Télécharge ToolsCleaner2 (de A.Rothstein)

Installe le sur ton Bureau.

Clique sur Recherche pour lancer le scan.

Clique sur Supprimer pour nettoyer les outils utilisés.

Clique sur Quitter.

Poste ce rapport ~>C:\TCleaner.txt<~

Garde Ccleaner, MBAM et AntiVir si nous les avons installés..

Désactive-réactive la restauration système.

Rapporte ton infection sur Malware Complaints >Tuto<

Ton(tes) infection(s) : Egdaccess/Magic.control/Navipromo, Ver MSN, LOP, Vundo.

Si tu ne la trouves pas dans la liste, poste dans Autres infections,

Mets ton ordi correctement à jour >ici<

Si ce n'est pas fait, assure-toi que les Mises à jour Automatiques Windows soient activées !

Puis regarde ces dossiers :

- Sécurité/Prévention
- Conséquences de la multi-protection
- Toolbars : Inutilité et ralentissements

Bonne journée/soirée

| Alerter

Répondre à XmichouX

big0bout

21 Juillet 2008 21:38:15

merci pour tout, voici le rapport Tcleaner

-->- Recherche:

C:\Lop SD: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\HP_Administrateur\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\HP_Administrateur\Bureau\virus\HijackThis.lnk: trouvé !
C:\Documents and Settings\HP_Administrateur\Bureau\virus\Lop S&D.lnk: trouvé !
C:\Documents and Settings\HP_Administrateur\Bureau\virus\LopSD.exe: trouvé !
C:\Documents and Settings\HP_Administrateur\Bureau\virus\Msnfix.zip: trouvé !
C:\Documents and Settings\HP_Administrateur\Bureau\virus\Navilog1.exe: trouvé !
C:\Documents and Settings\HP_Administrateur\Bureau\virus\Navilog1.lnk: trouvé !
C:\Documents and Settings\HP_Administrateur\Bureau\virus\ComboFix.exe: trouvé !
C:\Documents and Settings\HP_Administrateur\Bureau\virus\MsnFix: trouvé !
C:\Documents and Settings\HP_Administrateur\Menu Démarrer\Programmes\Lop S&D: trouvé !
C:\Documents and Settings\HP_Administrateur\Recent\MSNFix.lnk: trouvé !
C:\Documents and Settings\HP_Administrateur\Recent\HijackThis.lnk: trouvé !
C:\Lop SD\Lop S&D.lnk: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\HP_Administrateur\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\HP_Administrateur\Bureau\virus\HijackThis.lnk: supprimé !
C:\Documents and Settings\HP_Administrateur\Bureau\virus\Lop S&D.lnk: supprimé !
C:\Documents and Settings\HP_Administrateur\Bureau\virus\LopSD.exe: supprimé !
C:\Documents and Settings\HP_Administrateur\Bureau\virus\Msnfix.zip: supprimé !
C:\Documents and Settings\HP_Administrateur\Bureau\virus\Navilog1.exe: supprimé !
C:\Documents and Settings\HP_Administrateur\Bureau\virus\Navilog1.lnk: supprimé !
C:\Documents and Settings\HP_Administrateur\Bureau\virus\ComboFix.exe: supprimé !
C:\Documents and Settings\HP_Administrateur\Recent\MSNFix.lnk: supprimé !
C:\Documents and Settings\HP_Administrateur\Recent\HijackThis.lnk: supprimé !
C:\Lop SD\Lop S&D.lnk: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Lop SD: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Documents and Settings\HP_Administrateur\Bureau\virus\MsnFix: supprimé !
C:\Documents and Settings\HP_Administrateur\Menu Démarrer\Programmes\Lop S&D: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

| Alerter

Répondre à big0bout

XmichouX

22 Juillet 2008 12:01:35

Bien, c'est clean, ++

| Alerter

Répondre à XmichouX

Tom's guide dans le monde