[Résolu] gros virus :( a l'aide svp
Dernière réponse : dans Sécurité
Bonsoir, jai choppé un virus !
jai antivir comme antivirus
et il ne souvre meme plus
et par moment je peux atendre
le bruit sonore qui indique une page
avec le virus ( a metre en quarentaine , ignorée etc...)
mes je vois meme pas cette petite page
quelqu un peut m aidé svp
jai déja fait un rapport avec hijackthis
le voila :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:19:01, on 09/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Fichiers communs\AOL\1168010725\ee\aolsoftware.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\fichiers communs\aol\1168010725\ee\services\antiSpywareApp\ver2_0_28_1\AOLSP Scheduler.exe
C:\Program Files\Fichiers communs\AOL\Topspeed\3.0\aoltpsd3.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Norton Security Scan\Nss.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1168010725\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: E-Compagnon.lnk = C:\Program Files\ColiPoste\e-COMO\e-COMO.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab53083.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 13417 bytes
jai antivir comme antivirus
et il ne souvre meme plus
et par moment je peux atendre
le bruit sonore qui indique une page
avec le virus ( a metre en quarentaine , ignorée etc...)
mes je vois meme pas cette petite page
quelqu un peut m aidé svp
jai déja fait un rapport avec hijackthis
le voila :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:19:01, on 09/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Fichiers communs\AOL\1168010725\ee\aolsoftware.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\fichiers communs\aol\1168010725\ee\services\antiSpywareApp\ver2_0_28_1\AOLSP Scheduler.exe
C:\Program Files\Fichiers communs\AOL\Topspeed\3.0\aoltpsd3.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Norton Security Scan\Nss.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1168010725\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: E-Compagnon.lnk = C:\Program Files\ColiPoste\e-COMO\e-COMO.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab53083.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 13417 bytes
Autres pages sur : resolu gros virus aide svp
Lassé par la pub ? Créez un compte
Salut,
Tu es infecté par Bagle. C'est une infection qui s'attrape en téléchargeant des cracks par exemple donc supprime tes cracks et keygens sinon l'infection se relancera.
--> Télécharge FindyKill (par Chiquitine29) sur ton bureau :
http://sd-1.archive-host.com/membres/up/116615172019703...
--> Lance l'installation avec les paramètres par defaut
--> Double-clique sur le raccourci FindyKill sur ton bureau
--> Au menu principal, choisis l'option 1 (Recherche)
--> Poste le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
Tu es infecté par Bagle. C'est une infection qui s'attrape en téléchargeant des cracks par exemple donc supprime tes cracks et keygens sinon l'infection se relancera.
--> Télécharge FindyKill (par Chiquitine29) sur ton bureau :
http://sd-1.archive-host.com/membres/up/116615172019703...
--> Lance l'installation avec les paramètres par defaut
--> Double-clique sur le raccourci FindyKill sur ton bureau
--> Au menu principal, choisis l'option 1 (Recherche)
--> Poste le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
----------------- FindyKill V3.095 ------------------
* User : remy - MACAINE
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 02/10/08 par Chiquitine29
* Recherche effectuée à 1:37:26 le 09/10/2008
* Windows XP - Internet Explorer 7.0.5730.13
((((((((((((((((( *** Recherche *** ))))))))))))))))))
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\WINDOWS
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch
Present ! - C:\WINDOWS\Prefetch\EVID4226PATCH[1].EXE-1E2DC923.pf
»»»» Presence des fichiers dans C:\WINDOWS\system32
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers
Présent ! - C:\WINDOWS\system32\drivers\hldrrr.exe
Présent ! - "C:\WINDOWS\system32\drivers\downld"
Present ! - C:\WINDOWS\system32\drivers\downld\3851921.exe
Present ! - C:\WINDOWS\system32\drivers\downld\4312593.exe
Present ! - C:\WINDOWS\system32\drivers\downld\4318593.exe
Present ! - C:\WINDOWS\system32\drivers\downld\693953.exe
Present ! - C:\WINDOWS\system32\drivers\downld\151046.exe
Present ! - C:\WINDOWS\system32\drivers\downld\153406.exe
Present ! - C:\WINDOWS\system32\drivers\downld\3849546.exe
Present ! - C:\WINDOWS\system32\drivers\downld\588546.exe
Present ! - C:\WINDOWS\system32\drivers\downld\150937.exe
Present ! - C:\WINDOWS\system32\drivers\downld\593218.exe
Present ! - C:\WINDOWS\system32\drivers\downld\673609.exe
»»»» Presence des fichiers dans C:\Documents and Settings\remy\Application Data
»»»» Presence des fichiers dans C:\DOCUME~1\remy\LOCALS~1\Temp
C:\DOCUME~1\remy\LOCALS~1\Temp\Rar$EX00.063\UseNeXT_4.34_[Key+Serial].exe
»»»» Registre :
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Dit REG_SZ Dit.exe
AGRSMMSG REG_SZ AGRSMMSG.exe
Cmaudio REG_SZ RunDll32 cmicnfg.cpl,CMICtrlWnd
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
AOLDialer REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
Keyboard Status REG_SZ C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
RemoteControl REG_SZ "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
PCMService REG_SZ "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
avgnt REG_SZ "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
SpeedTouch USB Diagnostics REG_SZ "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
LVCOMSX REG_SZ C:\WINDOWS\system32\LVCOMSX.EXE
LogitechVideoRepair REG_SZ C:\Program Files\Logitech\Video\ISStart.exe
LogitechVideoTray REG_SZ C:\Program Files\Logitech\Video\LogiTray.exe
HP Software Update REG_SZ "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
HP Component Manager REG_SZ "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
eBayToolbar REG_SZ C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
HostManager REG_SZ C:\Program Files\Fichiers communs\AOL\1168010725\ee\AOLSoftware.exe
!AVG Anti-Spyware REG_SZ "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
EoEngine REG_SZ "C:\Program Files\EoRezo\EoEngine.exe"
avast! REG_SZ C:\PROGRA~1\Avast\ALWILS~1\Avast4\ashDisp.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
NBJ REG_SZ "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
drvsyskit REG_SZ C:\WINDOWS\system32\drivers\hldrrr.exe
AOL Fast Start REG_SZ "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b
Présent ! - HKEY_USERS\S-1-5-21-2637950881-3764555000-4120304191-1007\Software\Local AppWizard-Generated Applications\hldrrr
Présent ! - HKEY_USERS\S-1-5-21-2637950881-3764555000-4120304191-1007\Software\Local AppWizard-Generated Applications\UseNeXT_4.34_[Key+Serial]
Présent ! - HKEY_USERS\S-1-5-21-2637950881-3764555000-4120304191-1007\Software\bisoft
Présent ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\hldrrr
Présent ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\UseNeXT_4.34_[Key+Serial]
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Présent ! - HKEY_CURRENT_USER\Software\bisoft
»»»» Presence d infections dans Support amovible :
----------------- ! Fin du rapport ! ------------------
Voici l'exemple parfait de la source de l'infection : UseNeXT_4.34_[Key+Serial]
--> Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, etc...) sans les ouvrir
--> Double-clique sur le raccourci FindyKill sur ton bureau
--> Au menu principal, choisis l'option 2 (Suppression)
/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\
--> Ensuite, poste le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
--> Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, etc...) sans les ouvrir
--> Double-clique sur le raccourci FindyKill sur ton bureau
--> Au menu principal, choisis l'option 2 (Suppression)
/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\
--> Ensuite, poste le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
----------------- FindyKill V3.O85 ------------------
* User : remy - MACAINE
* Emplacement : C:\Program Files\FindyKill\FindyKill.cmd
* Outils Mis a jours le 02/10/08 par Chiquitine29
* Suppression effectuée à 1:55:35 le 09/10/2008
* Windows XP - Internet Explorer 7.0.5730.13
((((((((((((((( *** Suppression *** ))))))))))))))))))
»»»» Suppression des fichiers dans C:
»»»» Suppression des fichiers dans C:\WINDOWS
»»»» Suppression des fichiers dans C:\WINDOWS\Prefetch
Supprimé ! - C:\WINDOWS\Prefetch\ACRORD32.EXE-13285B88.pf
Supprimé ! - C:\WINDOWS\Prefetch\ALBUMDB2.EXE-0EEB0F05.pf
Supprimé ! - C:\WINDOWS\Prefetch\FXSVR2.EXE-14513BBA.pf
Supprimé ! - C:\WINDOWS\Prefetch\HPWUSCHD2.EXE-02F6D2DD.pf
Supprimé ! - C:\WINDOWS\Prefetch\HPZIPM12.EXE-145E7369.pf
Supprimé ! - C:\WINDOWS\Prefetch\REGTLIBV12.EXE-0E2FA54B.pf
Supprimé ! - C:\WINDOWS\Prefetch\RUNDLL32.EXE-13DA0E71.pf
Supprimé ! - C:\WINDOWS\Prefetch\RUNDLL32.EXE-18ACD379.pf
Supprimé ! - C:\WINDOWS\Prefetch\RUNDLL32.EXE-19748E77.pf
Supprimé ! - C:\WINDOWS\Prefetch\RUNDLL32.EXE-214568C9.pf
Supprimé ! - C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf
Supprimé ! - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2905E326.pf
Supprimé ! - C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf
Supprimé ! - C:\WINDOWS\Prefetch\SNDVOL32.EXE-383480B7.pf
Supprimé ! - C:\WINDOWS\Prefetch\AOLTPSD3.EXE-2AD90880.pf
Supprimé ! - C:\WINDOWS\Prefetch\HPQTHB08.EXE-060DCF16.pf
Supprimé ! - C:\WINDOWS\Prefetch\HPQTRA08.EXE-17E37E7E.pf
Supprimé ! - C:\WINDOWS\Prefetch\HPZENG10.EXE-0D4F2286.pf
Supprimé ! - C:\WINDOWS\Prefetch\HPZSTC10.EXE-154D2CBA.pf
Supprimé ! - C:\WINDOWS\Prefetch\EVID4226PATCH[1].EXE-1E2DC923.pf
»»»» Suppression des fichiers dans C:\WINDOWS\system32
»»»» Suppression des fichiers dans C:\WINDOWS\system32\drivers
Supprimé ! - C:\WINDOWS\system32\drivers\hldrrr.exe
Supprimé ! - C:\WINDOWS\system32\drivers\downld\150937.exe
Supprimé ! - C:\WINDOWS\system32\drivers\downld\151046.exe
Supprimé ! - C:\WINDOWS\system32\drivers\downld\153406.exe
Supprimé ! - C:\WINDOWS\system32\drivers\downld\3849546.exe
Supprimé ! - C:\WINDOWS\system32\drivers\downld\3851921.exe
Supprimé ! - C:\WINDOWS\system32\drivers\downld\4312593.exe
Supprimé ! - C:\WINDOWS\system32\drivers\downld\4318593.exe
Supprimé ! - C:\WINDOWS\system32\drivers\downld\588546.exe
Supprimé ! - C:\WINDOWS\system32\drivers\downld\593218.exe
Supprimé ! - C:\WINDOWS\system32\drivers\downld\673609.exe
Supprimé ! - C:\WINDOWS\system32\drivers\downld\693953.exe
Supprimé ! - "C:\WINDOWS\system32\drivers\downld"
»»»» Suppression des fichiers dans C:\Documents and Settings\remy\Application Data
»»»» Suppression des fichiers dans C:\DOCUME~1\remy\LOCALS~1\Temp
Supprimé ! - C:\DOCUME~1\remy\LOCALS~1\Temp\Rar$EX00.063\UseNeXT_4.34_[Key+Serial].exe
»»»» Suppression des clefs du registre..
Supprimé ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA
Supprimé ! - HKEY_USERS\S-1-5-21-2637950881-3764555000-4120304191-1007\Software\Local AppWizard-Generated Applications\hldrrr
Supprimé ! - HKEY_USERS\S-1-5-21-2637950881-3764555000-4120304191-1007\Software\Local AppWizard-Generated Applications\UseNeXT_4.34_[Key+Serial]
»»»» Suppression des clefs du registre effectuée !
»»»» Mode sans echec restauré !
»»»» Affichage des fichiers cachés réparé !
»»»» Services de securité Windows redemarré !
»»»» Suppression des fichiers dans Support amovible :
»»»» Necessite une [http://www.virustotal.com/ interpretation] :
Suspect ! - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Suspect ! - C:\Program Files\Windows Media Player\wmpnscfg.exe
Suspect ! - C:\WINDOWS\system32\MRT.exe
»»»» Recherche Cracks Keygen... :
C:\Documents and Settings\remy\Bureau\keygen pr logiciel txt.txt
C:\Documents and Settings\remy\Mes documents\logiciel\Xilisoft.Video.Converter.v3.1.7.0630b.Multilangages.Incl.Keygen.rar
C:\Documents and Settings\remy\Mes documents\Ma musique\ALPHA 5.20\07-alpha_5.20-crack_saison.mp3
C:\Documents and Settings\remy\Mes documents\mes album\RAP\Alpha 5.20\Alpha_5.20-3025_Avant_Rakailles_4-FR-2007-H5N1\07-alpha_5.20-crack_saison.mp3
C:\Documents and Settings\remy\Mes documents\mes album\RAP\Alpha 5.20\Vivre Et Mourir A Dakar\16 mon crack feat iron sy and lino.mp3
C:\Documents and Settings\remy\Mes documents\mes album\RAP\Rim-K-Famille_Nombreuse-FR-2007-H5N1\11-rim-k-pilotes_crack_musik_feat._hamza.mp3
C:\Documents and Settings\remy\Mes documents\Mes vid‚os\alpha 5.20\alpha_5.20-mon_crack_feat_iron_sy-xvid-fr-2006-g0ldz.avi
C:\Documents and Settings\remy\Mes documents\texte rap etc\texte rap\ALPHA 5-20-mon crack.txt
C:\Documents and Settings\remy\Recent\Crack.txt.lnk
C:\Documents and Settings\remy\Recent\keygen pr logiciel txt.txt.lnk
---------------- ! Fin du rapport ! ------------------
"C:\Documents and Settings\remy\Mes documents\logiciel\Xilisoft.Video.Converter.v3.1.7.0630b.Multilangages.Incl.Keygen.rar "
---> Très bof.
---> Supprime FindyKill
- Télécharge HijackThis V 2.02 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytic...
- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
- Clique sur Install ensuite sur I Accept
- Clique sur Do a scan system and save log file
- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
---> Très bof.
---> Supprime FindyKill
- Télécharge HijackThis V 2.02 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytic...
- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
- Clique sur Install ensuite sur I Accept
- Clique sur Do a scan system and save log file
- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:22:03, on 09/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Avast\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\Fichiers communs\AOL\1168010725\ee\aolsoftware.exe
c:\program files\fichiers communs\aol\1168010725\ee\services\antiSpywareApp\ver2_0_28_1\AOLSP Scheduler.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\AOL\Topspeed\3.0\aoltpsd3.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1168010725\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: E-Compagnon.lnk = C:\Program Files\ColiPoste\e-COMO\e-COMO.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab53083.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 13154 bytes
Scan saved at 02:22:03, on 09/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Avast\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\Fichiers communs\AOL\1168010725\ee\aolsoftware.exe
c:\program files\fichiers communs\aol\1168010725\ee\services\antiSpywareApp\ver2_0_28_1\AOLSP Scheduler.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\AOL\Topspeed\3.0\aoltpsd3.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1168010725\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: E-Compagnon.lnk = C:\Program Files\ColiPoste\e-COMO\e-COMO.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab53083.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 13154 bytes
---> Désinstalle Avast et garde Antivir (Un seul antivirus)
---> Télécharge CCleaner (N'installe pas la Yahoo Toolbar) :
http://www.ccleaner.com/download/downloading
---> Lance-le. Va dans "Options" puis "Avancé", tu décoches la case "Effacer uniquement les fichiers etc...". Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage. Puis tu vas dans "Registre", tu fais "Chercher des erreurs". Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.
---> Fais un scan rapide avec MBAM, supprime tout ce qu'il trouve et poste le rapport :
http://www.download.com/Malwarebytes-Anti-Malware/3000-...
---> Télécharge CCleaner (N'installe pas la Yahoo Toolbar) :
http://www.ccleaner.com/download/downloading
---> Lance-le. Va dans "Options" puis "Avancé", tu décoches la case "Effacer uniquement les fichiers etc...". Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage. Puis tu vas dans "Registre", tu fais "Chercher des erreurs". Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.
---> Fais un scan rapide avec MBAM, supprime tout ce qu'il trouve et poste le rapport :
http://www.download.com/Malwarebytes-Anti-Malware/3000-...
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1134
Windows 5.1.2600 Service Pack 3
09/10/2008 03:31:10
mbam-log-2008-10-09 (03-31-10).txt
Type de recherche: Examen rapide
Eléments examinés: 73623
Temps écoulé: 31 minute(s), 17 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld\1010875.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1036687.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1290093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1351312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\832343.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\845484.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\hldrrr.exe (Rootkit.Agent) -> Delete on reboot.
Version de la base de données: 1134
Windows 5.1.2600 Service Pack 3
09/10/2008 03:31:10
mbam-log-2008-10-09 (03-31-10).txt
Type de recherche: Examen rapide
Eléments examinés: 73623
Temps écoulé: 31 minute(s), 17 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld\1010875.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1036687.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1290093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1351312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\832343.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\845484.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\hldrrr.exe (Rootkit.Agent) -> Delete on reboot.
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1134
Windows 5.1.2600 Service Pack 3
09/10/2008 11:13:06
mbam-log-2008-10-09 (11-13-06).txt
Type de recherche: Examen rapide
Eléments examinés: 72329
Temps écoulé: 29 minute(s), 48 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld\228062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\229875.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\283406.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\288390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\352093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\364625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\hldrrr.exe (Rootkit.Agent) -> Delete on reboot.
Version de la base de données: 1134
Windows 5.1.2600 Service Pack 3
09/10/2008 11:13:06
mbam-log-2008-10-09 (11-13-06).txt
Type de recherche: Examen rapide
Eléments examinés: 72329
Temps écoulé: 29 minute(s), 48 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld\228062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\229875.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\283406.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\288390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\352093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\364625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\hldrrr.exe (Rootkit.Agent) -> Delete on reboot.
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix\Combofix.txt
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix\Combofix.txt
Sa ramme tro ! je suis limitée a quelque fonction
![:(]( ":(")
c'est horible
jai telecharger le logiciel comme tu ma dit
mes jai esseillé de le lancer et la
tout a beugué jai du eteindre le pc
je les ralumée mes il ramme
pff jesper qu on va arivé a quelque chose!
.. je vais esseiller de refaire fonctionné le logiciel mes ca vas pas etre gagnée je pence !!!
c'est horible
jai telecharger le logiciel comme tu ma dit
mes jai esseillé de le lancer et la
tout a beugué jai du eteindre le pc
je les ralumée mes il ramme
pff jesper qu on va arivé a quelque chose!
.. je vais esseiller de refaire fonctionné le logiciel mes ca vas pas etre gagnée je pence !!!
---> Fais un scan rapide avec MBAM en mode sans échec, supprime tout ce qu'il trouve et poste le rapport :
http://www.sosordi.net/Faq/Faq.2.html
/!\ Ne passe pas par msconfig pour redémarrer en mode sans échec /!\
http://www.sosordi.net/Faq/Faq.2.html
/!\ Ne passe pas par msconfig pour redémarrer en mode sans échec /!\
mode sans echec toujour pas réparée je pence
![:(]( ":(")
voila le rapport que jai ue
Reg export of SafeBoot key after repair:
========================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
========================
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
~~\SafeBoot\Minimal\Base
~~\SafeBoot\Minimal\Boot Bus Extender
~~\SafeBoot\Minimal\Boot file system
~~\SafeBoot\Minimal\dmboot.sys
~~\SafeBoot\Minimal\dmio.sys
~~\SafeBoot\Minimal\dmload.sys
~~\SafeBoot\Minimal\dmserver
~~\SafeBoot\Minimal\File system
~~\SafeBoot\Minimal\Filter
~~\SafeBoot\Minimal\PCI Configuration
~~\SafeBoot\Minimal\Primary disk
~~\SafeBoot\Minimal\RpcSs
~~\SafeBoot\Minimal\SCSI Class
~~\SafeBoot\Minimal\sermouse.sys
~~\SafeBoot\Minimal\System Bus Extender
~~\SafeBoot\Minimal\vga.sys
~~\SafeBoot\Minimal\vgasave.sys
~~\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
~~\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}
~~\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}
~~\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}
~~\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}
~~\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
========================
Error: Key: system\currentcontrolset\control\safeboot\minimal does not exist!
voila le rapport que jai ue
Reg export of SafeBoot key after repair:
========================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
========================
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
~~\SafeBoot\Minimal\Base
~~\SafeBoot\Minimal\Boot Bus Extender
~~\SafeBoot\Minimal\Boot file system
~~\SafeBoot\Minimal\dmboot.sys
~~\SafeBoot\Minimal\dmio.sys
~~\SafeBoot\Minimal\dmload.sys
~~\SafeBoot\Minimal\dmserver
~~\SafeBoot\Minimal\File system
~~\SafeBoot\Minimal\Filter
~~\SafeBoot\Minimal\PCI Configuration
~~\SafeBoot\Minimal\Primary disk
~~\SafeBoot\Minimal\RpcSs
~~\SafeBoot\Minimal\SCSI Class
~~\SafeBoot\Minimal\sermouse.sys
~~\SafeBoot\Minimal\System Bus Extender
~~\SafeBoot\Minimal\vga.sys
~~\SafeBoot\Minimal\vgasave.sys
~~\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
~~\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}
~~\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}
~~\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}
~~\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}
~~\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
========================
Error: Key: system\currentcontrolset\control\safeboot\minimal does not exist!
On va réutiliser FindyKill.
--> Télécharge FindyKill (par Chiquitine29) sur ton bureau :
http://sd-1.archive-host.com/membres/up/116615172019703...
--> Lance l'installation avec les paramètres par defaut
--> Double-clique sur le raccourci FindyKill sur ton bureau
--> Au menu principal, choisis l'option 1 (Recherche)
--> Poste le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
--> Télécharge FindyKill (par Chiquitine29) sur ton bureau :
http://sd-1.archive-host.com/membres/up/116615172019703...
--> Lance l'installation avec les paramètres par defaut
--> Double-clique sur le raccourci FindyKill sur ton bureau
--> Au menu principal, choisis l'option 1 (Recherche)
--> Poste le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
Bonjour,
Je vais donner un coup de main à Destrio5.
vero4873,
Télécharge Lop S&D.exe (d’ Eric 71 & Angeldark) sur ton bureau.
Double-clique dessus pour lancer l'installation
Puis double-clique sur le raccourci Lop S&D présent sur ton bureau (Si tu es sous Vista, clique droit -> exécuter en tant qu'admin)
Séléctionne la langue souhaitée , puis choisis l'Option 1 (Recherche)
Patiente jusqu'à la fin du scan
Poste le rapport généré (C:\lopR.txt)
Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
Tapes explorer et valide. Cela te fera apparaitre ton bureau
![;)]( ";)")
Je vais donner un coup de main à Destrio5.
vero4873,
Télécharge Lop S&D.exe (d’ Eric 71 & Angeldark) sur ton bureau.
Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
Tapes explorer et valide. Cela te fera apparaitre ton bureau
--------------------\\ Lop S&D 4.2.4-5 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.20GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : remy ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 0.0.0.0 (Activated)
C:\ (Local Disk) - NTFS - Total : 74 Go Free : 6 Go
D:\ (Local Disk) - NTFS - Total : 68 Go Free : 65 Go
E:\ (Local Disk) - FAT32 - Total : 5 Go Free : 1 Go
F:\ (Local Disk) - NTFS - Total : 149 Go Free : 148 Go
G:\ (CD or DVD)
H:\ (CD or DVD)
I:\ (USB)
J:\ (USB)
L:\ (USB)
"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [1] ( 09/10/2008|18:43 )
--------------------\\ Listing des dossiers dans APPLIC~1
[25/01/2005|18:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[26/01/2005|14:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\AOL
[05/02/2005|19:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\CyberLink
[20/01/2005|15:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[20/01/2005|19:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[26/01/2005|20:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[26/01/2005|12:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[25/01/2005|17:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[26/01/2005|14:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver
[18/05/2008|21:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[25/01/2005|18:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[27/02/2008|17:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[27/02/2008|17:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
[29/09/2008|00:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
[26/01/2005|13:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth
[06/07/2006|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[14/05/2007|15:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[02/10/2006|20:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[03/11/2007|12:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\eBay
[14/09/2006|19:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[01/09/2007|15:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[01/06/2007|11:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[26/02/2008|18:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macromedia
[06/07/2006|23:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[11/09/2008|21:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[29/01/2007|20:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[18/09/2006|20:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[26/01/2005|20:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies
[20/06/2006|23:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[12/02/2007|14:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
[20/01/2005|15:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[08/09/2007|18:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
[05/04/2007|12:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[09/08/2007|11:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[09/10/2008|14:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WholeSecurity
[30/05/2006|22:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[27/02/2008|18:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[06/07/2008|01:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[01/05/2006|20:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[25/01/2005|18:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[26/01/2005|14:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\AOL
[05/02/2005|19:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\CyberLink
[20/01/2005|15:33] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[20/01/2005|19:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[26/01/2005|20:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[26/01/2005|12:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
[25/01/2005|17:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[26/01/2005|14:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver
[25/01/2005|18:00] C:\DOCUME~1\INVIT~1\APPLIC~1\Adobe
[09/08/2008|17:12] C:\DOCUME~1\INVIT~1\APPLIC~1\AOL
[05/02/2005|19:58] C:\DOCUME~1\INVIT~1\APPLIC~1\CyberLink
[27/12/2007|22:23] C:\DOCUME~1\INVIT~1\APPLIC~1\eBay
[16/05/2007|12:33] C:\DOCUME~1\INVIT~1\APPLIC~1\Google
[21/09/2007|12:31] C:\DOCUME~1\INVIT~1\APPLIC~1\Grisoft
[20/01/2005|15:33] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities
[16/08/2007|19:38] C:\DOCUME~1\INVIT~1\APPLIC~1\InstallShield
[20/01/2005|19:50] C:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia
[04/08/2007|15:52] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft
[03/10/2008|10:36] C:\DOCUME~1\INVIT~1\APPLIC~1\Orbit
[26/01/2005|12:44] C:\DOCUME~1\INVIT~1\APPLIC~1\Real
[25/01/2005|17:45] C:\DOCUME~1\INVIT~1\APPLIC~1\Sun
[11/08/2007|21:47] C:\DOCUME~1\INVIT~1\APPLIC~1\Viewpoint
[26/01/2005|14:08] C:\DOCUME~1\INVIT~1\APPLIC~1\You've Got Pictures Screensaver
[13/08/2006|10:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[27/04/2006|19:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[26/01/2005|20:22] C:\DOCUME~1\LOCALS~1\APPLIC~1\X10 Commander
[27/04/2006|19:48] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[27/11/2006|09:55] C:\DOCUME~1\NETWOR~1\APPLIC~1\X10 Commander
[22/01/2007|21:34] C:\DOCUME~1\PROPRI~1\APPLIC~1\Real
[08/01/2007|13:09] C:\DOCUME~1\PROPRI~1\APPLIC~1\You've Got Pictures Screensaver
[02/08/2008|20:57] C:\DOCUME~1\remy\APPLIC~1\Adobe
[07/03/2007|13:09] C:\DOCUME~1\remy\APPLIC~1\AdobeUM
[21/06/2008|19:03] C:\DOCUME~1\remy\APPLIC~1\Ahead
[26/02/2008|18:35] C:\DOCUME~1\remy\APPLIC~1\AOL
[14/05/2007|19:50] C:\DOCUME~1\remy\APPLIC~1\CyberLink
[11/11/2006|23:33] C:\DOCUME~1\remy\APPLIC~1\DivX
[27/12/2007|21:44] C:\DOCUME~1\remy\APPLIC~1\D-Jix Media
[06/05/2006|18:40] C:\DOCUME~1\remy\APPLIC~1\dvdcss
[03/12/2007|23:14] C:\DOCUME~1\remy\APPLIC~1\eBay
[09/10/2008|15:34] C:\DOCUME~1\remy\APPLIC~1\EoRezo
[21/11/2007|23:39] C:\DOCUME~1\remy\APPLIC~1\GibbHill Properties Ltd
[19/02/2007|23:00] C:\DOCUME~1\remy\APPLIC~1\Google
[12/07/2008|23:49] C:\DOCUME~1\remy\APPLIC~1\GrabPro
[01/09/2007|20:22] C:\DOCUME~1\remy\APPLIC~1\Grisoft
[26/04/2006|15:02] C:\DOCUME~1\remy\APPLIC~1\Help
[20/01/2005|15:33] C:\DOCUME~1\remy\APPLIC~1\Identities
[29/09/2008|22:22] C:\DOCUME~1\remy\APPLIC~1\InstallShield
[18/09/2006|20:27] C:\DOCUME~1\remy\APPLIC~1\Lavasoft
[01/10/2008|00:04] C:\DOCUME~1\remy\APPLIC~1\LG Electronics
[09/10/2008|18:11] C:\DOCUME~1\remy\APPLIC~1\m
[02/08/2008|20:57] C:\DOCUME~1\remy\APPLIC~1\Macromedia
[11/09/2008|21:19] C:\DOCUME~1\remy\APPLIC~1\Malwarebytes
[01/05/2008|19:19] C:\DOCUME~1\remy\APPLIC~1\Microsoft
[26/02/2008|18:23] C:\DOCUME~1\remy\APPLIC~1\Mozilla
[09/10/2008|18:09] C:\DOCUME~1\remy\APPLIC~1\Orbit
[21/06/2006|12:28] C:\DOCUME~1\remy\APPLIC~1\Real
[27/11/2006|21:49] C:\DOCUME~1\remy\APPLIC~1\Roxio
[25/01/2005|17:45] C:\DOCUME~1\remy\APPLIC~1\Sun
[09/08/2007|19:11] C:\DOCUME~1\remy\APPLIC~1\Viewpoint
[26/04/2006|16:13] C:\DOCUME~1\remy\APPLIC~1\vlc
[14/12/2006|20:34] C:\DOCUME~1\remy\APPLIC~1\WholeSecurity
[08/04/2008|22:33] C:\DOCUME~1\remy\APPLIC~1\WinRAR
[26/01/2005|14:08] C:\DOCUME~1\remy\APPLIC~1\You've Got Pictures Screensaver
[27/08/2008|14:11] C:\DOCUME~1\VERONI~1\APPLIC~1\Adobe
[18/05/2008|20:58] C:\DOCUME~1\VERONI~1\APPLIC~1\AdobeUM
[13/12/2006|22:10] C:\DOCUME~1\VERONI~1\APPLIC~1\Ahead
[26/02/2008|18:43] C:\DOCUME~1\VERONI~1\APPLIC~1\AOL
[14/05/2007|15:43] C:\DOCUME~1\VERONI~1\APPLIC~1\CyberLink
[15/11/2006|14:19] C:\DOCUME~1\VERONI~1\APPLIC~1\DivX
[10/05/2008|19:03] C:\DOCUME~1\VERONI~1\APPLIC~1\D-Jix Media
[03/11/2007|14:04] C:\DOCUME~1\VERONI~1\APPLIC~1\eBay
[09/10/2008|14:28] C:\DOCUME~1\VERONI~1\APPLIC~1\EoRezo
[22/09/2006|23:21] C:\DOCUME~1\VERONI~1\APPLIC~1\Google
[01/09/2007|15:11] C:\DOCUME~1\VERONI~1\APPLIC~1\Grisoft
[29/04/2006|11:34] C:\DOCUME~1\VERONI~1\APPLIC~1\Help
[13/09/2008|21:23] C:\DOCUME~1\VERONI~1\APPLIC~1\Identities
[26/05/2006|18:27] C:\DOCUME~1\VERONI~1\APPLIC~1\Lavasoft
[09/10/2008|17:49] C:\DOCUME~1\VERONI~1\APPLIC~1\m
[06/08/2008|17:43] C:\DOCUME~1\VERONI~1\APPLIC~1\Macromedia
[20/09/2006|14:17] C:\DOCUME~1\VERONI~1\APPLIC~1\Microsoft
[09/10/2008|17:46] C:\DOCUME~1\VERONI~1\APPLIC~1\Orbit
[26/01/2005|12:44] C:\DOCUME~1\VERONI~1\APPLIC~1\Real
[28/05/2006|22:07] C:\DOCUME~1\VERONI~1\APPLIC~1\Roxio
[25/01/2005|17:45] C:\DOCUME~1\VERONI~1\APPLIC~1\Sun
[10/08/2007|07:03] C:\DOCUME~1\VERONI~1\APPLIC~1\Viewpoint
[29/11/2006|14:43] C:\DOCUME~1\VERONI~1\APPLIC~1\vlc
[23/04/2008|12:58] C:\DOCUME~1\VERONI~1\APPLIC~1\WholeSecurity
[08/04/2008|19:20] C:\DOCUME~1\VERONI~1\APPLIC~1\WinRAR
[26/01/2005|14:08] C:\DOCUME~1\VERONI~1\APPLIC~1\You've Got Pictures Screensaver
[13/09/2008|21:23] C:\DOCUME~1\VERONI~1\APPLIC~1\Zylom
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[08/10/2008 18:00][--a------] C:\WINDOWS\tasks\Norton Security Scan.job
[09/10/2008 18:07][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[05/10/2006|20:15] C:\Program Files\Adobe
[25/01/2005|18:31] C:\Program Files\Ahead
[29/09/2008|00:15] C:\Program Files\AOL
[26/02/2008|22:35] C:\Program Files\AOL 9.0 (2008)
[19/08/2008|13:06] C:\Program Files\AOL 9.0 VR
[27/02/2008|18:02] C:\Program Files\AOL Compagnon
[20/01/2005|18:33] C:\Program Files\ATI Technologies
[10/06/2007|21:04] C:\Program Files\Audacity
[03/06/2008|19:24] C:\Program Files\AVIConverter
[12/07/2006|12:16] C:\Program Files\Boonty
[20/01/2005|18:50] C:\Program Files\Cardreader Software
[15/06/2008|23:32] C:\Program Files\CCleaner
[05/02/2005|19:14] C:\Program Files\Common Files
[20/01/2005|15:31] C:\Program Files\ComPlus Applications
[05/10/2006|20:16] C:\Program Files\CyberLink
[26/04/2006|16:56] C:\Program Files\Digital Camera
[26/04/2006|16:59] C:\Program Files\directx
[29/09/2008|22:29] C:\Program Files\DivX
[09/10/2008|11:36] C:\Program Files\DivX(oct 2008)
[17/08/2008|14:16] C:\Program Files\DivX.2007
[03/06/2008|19:12] C:\Program Files\D-Jix
[14/05/2007|21:53] C:\Program Files\DVC Media 5.1
[30/04/2006|20:21] C:\Program Files\eBay
[09/10/2008|13:58] C:\Program Files\eMule
[08/10/2008|20:30] C:\Program Files\eMule2
[26/01/2005|11:23] C:\Program Files\Encarta
[03/08/2008|19:14] C:\Program Files\Fichiers communs
[08/05/2008|22:05] C:\Program Files\Free Audio Pack
[01/02/2007|20:29] C:\Program Files\Google
[01/09/2007|15:11] C:\Program Files\Grisoft
[01/06/2007|11:52] C:\Program Files\Hewlett-Packard
[20/01/2005|20:01] C:\Program Files\HighMAT CD Writing Wizard
[05/02/2005|19:41] C:\Program Files\Home Cinema
[01/06/2007|11:54] C:\Program Files\HP
[29/09/2008|22:26] C:\Program Files\InstallShield Installation Information
[20/01/2005|16:49] C:\Program Files\Intel
[14/08/2008|03:03] C:\Program Files\Internet Explorer
[26/04/2006|17:01] C:\Program Files\iSee Media
[26/01/2005|13:18] C:\Program Files\IVT Corporation
[10/07/2008|13:39] C:\Program Files\Java
[26/01/2005|14:08] C:\Program Files\Learn2.com
[29/09/2008|22:26] C:\Program Files\LG Electronics
[06/10/2008|20:23] C:\Program Files\LG PC Suite II
[26/04/2006|17:03] C:\Program Files\Logitech
[11/09/2008|21:30] C:\Program Files\Malwarebytes' Anti-Malware
[26/01/2005|20:10] C:\Program Files\Medion
[21/08/2008|12:24] C:\Program Files\Messenger
[21/11/2007|23:38] C:\Program Files\Messenger Plus! Live
[26/01/2005|11:25] C:\Program Files\Microsoft AutoRoute
[28/02/2008|11:05] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[20/01/2005|15:33] C:\Program Files\microsoft frontpage
[26/01/2005|11:16] C:\Program Files\Microsoft Office
[05/02/2005|18:04] C:\Program Files\Microsoft Visual Studio
[03/07/2006|17:45] C:\Program Files\Microsoft Works
[26/01/2005|11:13] C:\Program Files\Microsoft Works Suite 2005
[21/08/2008|12:13] C:\Program Files\Movie Maker
[20/01/2005|15:31] C:\Program Files\MSN
[20/01/2005|15:31] C:\Program Files\MSN Gaming Zone
[21/11/2007|23:38] C:\Program Files\MSN Messenger
[26/01/2005|20:43] C:\Program Files\muvee Technologies
[12/09/2008|20:32] C:\Program Files\Navilog1
[21/08/2008|12:04] C:\Program Files\NetMeeting
[09/10/2008|15:33] C:\Program Files\Norton Security Scan
[05/02/2005|18:50] C:\Program Files\OfficeUpdate11
[09/10/2008|16:30] C:\Program Files\Orbitdownloader
[21/08/2008|12:04] C:\Program Files\Outlook Express
[28/08/2006|17:56] C:\Program Files\PhotoFiltre
[10/07/2008|11:36] C:\Program Files\Picasa2
[07/10/2008|21:12] C:\Program Files\Picture It! Premium 10
[26/01/2005|12:42] C:\Program Files\QuickTime
[26/01/2005|20:29] C:\Program Files\RALINK
[26/01/2005|12:44] C:\Program Files\Real
[26/04/2006|16:59] C:\Program Files\Roxio
[20/01/2005|15:32] C:\Program Files\Services en ligne
[05/04/2007|10:27] C:\Program Files\Sony
[26/01/2005|14:08] C:\Program Files\TechCity Solutions
[26/04/2006|15:11] C:\Program Files\Thomson
[16/06/2008|23:52] C:\Program Files\Trend Micro
[05/04/2007|10:24] C:\Program Files\Ulead Systems
[20/01/2005|15:36] C:\Program Files\Uninstall Information
[27/04/2006|20:47] C:\Program Files\VideoLAN
[01/09/2007|17:32] C:\Program Files\Viewpoint
[20/04/2008|20:15] C:\Program Files\VirtualDJ
[20/01/2005|18:43] C:\Program Files\Winbond Electronics Corp
[20/01/2005|15:36] C:\Program Files\Windows Journal Viewer
[27/02/2008|18:20] C:\Program Files\Windows Live
[26/11/2006|11:13] C:\Program Files\Windows Media Connect
[26/11/2006|11:16] C:\Program Files\Windows Media Connect 2
[21/08/2008|12:04] C:\Program Files\Windows Media Player
[21/08/2008|12:04] C:\Program Files\Windows NT
[27/04/2006|13:54] C:\Program Files\WindowsUpdate
[08/04/2008|19:19] C:\Program Files\WinRAR
[05/02/2005|19:14] C:\Program Files\X10 Hardware
[26/02/2008|22:15] C:\Program Files\xerox
[07/12/2006|21:40] C:\Program Files\Xilisoft
[18/09/2006|19:27] C:\Program Files\xp_0781_8888
[06/07/2008|01:41] C:\Program Files\Yahoo!
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[26/04/2006|16:59] C:\Program Files\Fichiers communs\Adaptec Shared
[18/05/2008|21:01] C:\Program Files\Fichiers communs\Adobe
[25/01/2005|18:30] C:\Program Files\Fichiers communs\Ahead
[29/09/2008|00:17] C:\Program Files\Fichiers communs\AOL
[26/04/2006|15:14] C:\Program Files\Fichiers communs\aolback
[27/02/2008|17:57] C:\Program Files\Fichiers communs\aolshare
[06/07/2006|20:44] C:\Program Files\Fichiers communs\BOONTY Shared
[20/01/2005|18:43] C:\Program Files\Fichiers communs\Borland Shared
[26/01/2005|11:16] C:\Program Files\Fichiers communs\Designer
[26/04/2006|17:47] C:\Program Files\Fichiers communs\Hewlett-Packard
[26/04/2006|17:49] C:\Program Files\Fichiers communs\HP
[27/01/2007|15:06] C:\Program Files\Fichiers communs\InstallShield
[25/01/2005|17:25] C:\Program Files\Fichiers communs\Java
[26/04/2006|17:04] C:\Program Files\Fichiers communs\Logitech
[06/07/2006|23:06] C:\Program Files\Fichiers communs\Macrovision Shared
[27/02/2008|18:20] C:\Program Files\Fichiers communs\Microsoft Shared
[20/01/2005|15:32] C:\Program Files\Fichiers communs\MSSoap
[26/01/2005|20:43] C:\Program Files\Fichiers communs\muvee Technologies
[26/01/2005|14:08] C:\Program Files\Fichiers communs\Nullsoft
[20/01/2005|16:26] C:\Program Files\Fichiers communs\ODBC
[26/01/2005|12:44] C:\Program Files\Fichiers communs\Real
[26/04/2006|16:59] C:\Program Files\Fichiers communs\Roxio Shared
[08/01/2007|12:55] C:\Program Files\Fichiers communs\Scanner
[20/01/2005|15:32] C:\Program Files\Fichiers communs\Services
[20/01/2005|16:26] C:\Program Files\Fichiers communs\SpeechEngines
[09/10/2008|15:36] C:\Program Files\Fichiers communs\Symantec Shared
[21/08/2008|12:03] C:\Program Files\Fichiers communs\System
[27/02/2008|18:20] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[26/01/2005|12:44] C:\Program Files\Fichiers communs\xing shared
--------------------\\ Process
( 63 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\Program Files\Orbitdownloader
C:\Program Files\Orbitdownloader\addons
C:\Program Files\Orbitdownloader\banurl.ini
C:\Program Files\Orbitdownloader\Cache
C:\Program Files\Orbitdownloader\changelog.txt
C:\Program Files\Orbitdownloader\download.dll
C:\Program Files\Orbitdownloader\download.dll.bak
C:\Program Files\Orbitdownloader\Grab.exe
C:\Program Files\Orbitdownloader\GrabDll.dll
C:\Program Files\Orbitdownloader\GrabKernel.dll
C:\Program Files\Orbitdownloader\GrabPro.dll
C:\Program Files\Orbitdownloader\idht.dll
C:\Program Files\Orbitdownloader\idht.dll.bak
C:\Program Files\Orbitdownloader\Lang.ini
C:\Program Files\Orbitdownloader\language
C:\Program Files\Orbitdownloader\libeay32.dll
C:\Program Files\Orbitdownloader\magic.mgc
C:\Program Files\Orbitdownloader\orbitcth.dll
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitdm.exe.bak
C:\Program Files\Orbitdownloader\orbitmxt.dll
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Orbitdownloader\orbitnet.exe.bak
C:\Program Files\Orbitdownloader\saction.dll
C:\Program Files\Orbitdownloader\siteinfo.ini
C:\Program Files\Orbitdownloader\ssleay32.dll
C:\Program Files\Orbitdownloader\unins000.dat
C:\Program Files\Orbitdownloader\unins000.exe
C:\Program Files\Orbitdownloader\update
C:\Program Files\Orbitdownloader\winfile.dll
C:\DOCUME~1\remy\Cookies\remy@advertising[1].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
--------------------\\ Recherche d'autres infections
--------------------\\ ROOTKIT !!
Rootkit Bagle ! .. [HKLM\..\ControlSet001\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKLM\..\ControlSet001\Enum\Root\rosa]
Rootkit Bagle ! .. [HKLM\..\ControlSet001\Enum\Root\srosa]
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\remy\Mes documents\logiciel\Xilisoft.Video.Converter.v3.1.7.0630b.Multilangages.Incl.Keygen.rar
C:\DOCUME~1\remy\Mes documents\Ma musique\ALPHA 5.20\07-alpha_5.20-crack_saison.mp3
C:\DOCUME~1\remy\Mes documents\mes album\RAP\Alpha 5.20\Alpha_5.20-3025_Avant_Rakailles_4-FR-2007-H5N1\07-alpha_5.20-crack_saison.mp3
C:\DOCUME~1\remy\Mes documents\mes album\RAP\Alpha 5.20\Vivre Et Mourir A Dakar\16 mon crack feat iron sy and lino.mp3
C:\DOCUME~1\remy\Mes documents\mes album\RAP\Rim-K-Famille_Nombreuse-FR-2007-H5N1\11-rim-k-pilotes_crack_musik_feat._hamza.mp3
C:\DOCUME~1\remy\Mes documents\Mes vid‚os\alpha 5.20\alpha_5.20-mon_crack_feat_iron_sy-xvid-fr-2006-g0ldz.avi
C:\DOCUME~1\remy\Mes documents\texte rap etc\texte rap\ALPHA 5-20-mon crack.txt
C:\DOCUME~1\remy\Recent\Crack.txt.lnk
C:\DOCUME~1\remy\Recent\keygen pr logiciel txt.txt.lnk
C:\DOCUME~1\remy\Recent\Xilisoft.Video.Converter.v3.1.7.0630b.Multilangages.Incl.Keygen.rar.lnk
[F:30][D:13]-> C:\DOCUME~1\remy\LOCALS~1\Temp
[F:74][D:0]-> C:\DOCUME~1\remy\Cookies
[F:1766][D:15]-> C:\DOCUME~1\remy\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 09/10/2008|18:51 - Option : [1]
--------------------\\ Fin du rapport a 18:51:26
Re,
Bon déjà tu devrais commencer par supprimer tous les cracks de ton PC. Tu sais maintenant d'où vient l'infection.
1) Télécharge OTMoveIt3 (OldTimer). Sauvegarde-le sur ton Bureau.
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Double clique sur OTMoveIt3.exe afin de le lancer.
Colle (ou Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
Clique maintenant sur le bouton MoveIt![/#f] puis ferme OTMoveIt3.
[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
2) Fais un clic droit sur [#00fa5b]ComboFix (de sUBs) et choisis Enregistrer la cible (du lien) sous.
Choisis le Bureau, insère un trait d'union entre Combo et Fix de telle manière à obtenir Combo-Fix.exe, puis choisis Enregistrer.
Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Merci de visiter ce lien pour savoir comment installer et exécuter ComboFix :
http://www.bleepingcomputer.com/combofix/fr/comment-uti...
Cela inclut l'installation de la console de récupération windows si jamais elle n'est pas déjà été installée sur le PC. Il est vivement recommandé d'installer la console de récupération windows, car elle permet d'avoir accès à un très grand nombre de fonctionnalités dans le cas où le PC ne redémarrerait plus. C'est une sécurité supplémentaire en quelque sorte.
N.B : Pour les utilisateurs du SP3, veuillez télécharger la version de la console de récupération pour le SP2.
Une fois la console de récupération installée, vous aurez le choix au démarrage entre votre windows habituel et la console de récupération. Lancez votre windows habituel, puisque nous n'avons pas besoin d'utiliser la console de récupération, qui ne sert qu'en cas de problèmes. Par défaut, votre OS est sélectionné et il se lance automatiquement au bout de deux secondes. C'est normal![:)]( ":)")
Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
Bon courage![:)]( ":)")
Bon déjà tu devrais commencer par supprimer tous les cracks de ton PC. Tu sais maintenant d'où vient l'infection.
1) Télécharge OTMoveIt3 (OldTimer). Sauvegarde-le sur ton Bureau.
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
:processes
explorer.exe
:files
C:\DOCUME~1\remy\Mes documents\logiciel\Xilisoft.Video.Converter.v3.1.7.0630b.Multilangages.Incl.Keygen.rar
C:\DOCUME~1\remy\Mes documents\Ma musique\ALPHA 5.20\07-alpha_5.20-crack_saison.mp3
C:\DOCUME~1\remy\Mes documents\mes album\RAP\Alpha 5.20\Alpha_5.20-3025_Avant_Rakailles_4-FR-2007-H5N1\07-alpha_5.20-crack_saison.mp3
C:\DOCUME~1\remy\Mes documents\mes album\RAP\Alpha 5.20\Vivre Et Mourir A Dakar\16 mon crack feat iron sy and lino.mp3
C:\DOCUME~1\remy\Mes documents\mes album\RAP\Rim-K-Famille_Nombreuse-FR-2007-H5N1\11-rim-k-pilotes_crack_musik_feat._hamza.mp3
C:\DOCUME~1\remy\Mes documents\Mes vid‚os\alpha 5.20\alpha_5.20-mon_crack_feat_iron_sy-xvid-fr-2006-g0ldz.avi
C:\DOCUME~1\remy\Mes documents\texte rap etc\texte rap\ALPHA 5-20-mon crack.txt
C:\DOCUME~1\remy\Recent\Crack.txt.lnk
C:\DOCUME~1\remy\Recent\keygen pr logiciel txt.txt.lnk
C:\DOCUME~1\remy\Recent\Xilisoft.Video.Converter.v3.1.7.0630b.Multilangages.Incl.Keygen.rar.lnk
:commands
[purity]
[emptytemp]
[start explorer]
[reboot]
explorer.exe
:files
C:\DOCUME~1\remy\Mes documents\logiciel\Xilisoft.Video.Converter.v3.1.7.0630b.Multilangages.Incl.Keygen.rar
C:\DOCUME~1\remy\Mes documents\Ma musique\ALPHA 5.20\07-alpha_5.20-crack_saison.mp3
C:\DOCUME~1\remy\Mes documents\mes album\RAP\Alpha 5.20\Alpha_5.20-3025_Avant_Rakailles_4-FR-2007-H5N1\07-alpha_5.20-crack_saison.mp3
C:\DOCUME~1\remy\Mes documents\mes album\RAP\Alpha 5.20\Vivre Et Mourir A Dakar\16 mon crack feat iron sy and lino.mp3
C:\DOCUME~1\remy\Mes documents\mes album\RAP\Rim-K-Famille_Nombreuse-FR-2007-H5N1\11-rim-k-pilotes_crack_musik_feat._hamza.mp3
C:\DOCUME~1\remy\Mes documents\Mes vid‚os\alpha 5.20\alpha_5.20-mon_crack_feat_iron_sy-xvid-fr-2006-g0ldz.avi
C:\DOCUME~1\remy\Mes documents\texte rap etc\texte rap\ALPHA 5-20-mon crack.txt
C:\DOCUME~1\remy\Recent\Crack.txt.lnk
C:\DOCUME~1\remy\Recent\keygen pr logiciel txt.txt.lnk
C:\DOCUME~1\remy\Recent\Xilisoft.Video.Converter.v3.1.7.0630b.Multilangages.Incl.Keygen.rar.lnk
:commands
[purity]
[emptytemp]
[start explorer]
[reboot]
Double clique sur OTMoveIt3.exe afin de le lancer.
Colle (ou Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
Clique maintenant sur le bouton MoveIt![/#f] puis ferme OTMoveIt3.
[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
2) Fais un clic droit sur [#00fa5b]ComboFix (de sUBs) et choisis Enregistrer la cible (du lien) sous.
http://www.bleepingcomputer.com/combofix/fr/comment-uti...
Cela inclut l'installation de la console de récupération windows si jamais elle n'est pas déjà été installée sur le PC. Il est vivement recommandé d'installer la console de récupération windows, car elle permet d'avoir accès à un très grand nombre de fonctionnalités dans le cas où le PC ne redémarrerait plus. C'est une sécurité supplémentaire en quelque sorte.
N.B : Pour les utilisateurs du SP3, veuillez télécharger la version de la console de récupération pour le SP2.
Une fois la console de récupération installée, vous aurez le choix au démarrage entre votre windows habituel et la console de récupération. Lancez votre windows habituel, puisque nous n'avons pas besoin d'utiliser la console de récupération, qui ne sert qu'en cas de problèmes. Par défaut, votre OS est sélectionné et il se lance automatiquement au bout de deux secondes. C'est normal
Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
Bon courage
vero4873 a dit :
OK Egwene , J'ai du etre infectée par le crack de UseNExtMe je suprime tt de meme celui de mon video converteur
Au moin il y ora plus aucun soucy meme si ceului si eté pas infectée!
Aller jlance le nouveau logiciel
Le premier supprimera les cracks que j'ai repérés, le second devrait commencer à s'attaquer à l'infection. Je dis bien commencer parce qu'il faudra très certainement cibler la bestiole.
OK! Merci de cette bonne information sur ces logiciel ![;)]( ";)")
voila le raport du 1er :
Error: Unable to interpret <Age : 21 ans > in the current context!
Error: Unable to interpret <Sexe : Homme > in the current context!
Error: Unable to interpret <Messages : 5559 > in the current context!
Error: Unable to interpret <Inscription : Mar 19 Fev, 2008 > in the current context!
Error: Unable to interpret < 09-10-2008 à 18:58:58 Masquer Mettre un favori sur cette position pour y revenir plus tard Prévenir les modérateurs en cas d'abus Retirer de la liste des messages cités Ajouter à la liste des messages cités Répondre à ce message Voir le bbcode - 0 + > in the current context!
Error: Unable to interpret <Re, > in the current context!
Error: Unable to interpret <Bon déjà tu devrais commencer par supprimer tous les cracks de ton PC. Tu sais maintenant d'où vient l'infection. > in the current context!
Error: Unable to interpret <1) Télécharge OTMoveIt3 (OldTimer). Sauvegarde-le sur ton Bureau. > in the current context!
Error: Unable to interpret <Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous : > in the current context!
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\DOCUME~1\remy\Mes documents\logiciel\Xilisoft.Video.Converter.v3.1.7.0630b.Multilangages.Incl.Keygen.rar not found.
C:\DOCUME~1\remy\Mes documents\Ma musique\ALPHA 5.20\07-alpha_5.20-crack_saison.mp3 moved successfully.
C:\DOCUME~1\remy\Mes documents\mes album\RAP\Alpha 5.20\Alpha_5.20-3025_Avant_Rakailles_4-FR-2007-H5N1\07-alpha_5.20-crack_saison.mp3 moved successfully.
C:\DOCUME~1\remy\Mes documents\mes album\RAP\Alpha 5.20\Vivre Et Mourir A Dakar\16 mon crack feat iron sy and lino.mp3 moved successfully.
C:\DOCUME~1\remy\Mes documents\mes album\RAP\Rim-K-Famille_Nombreuse-FR-2007-H5N1\11-rim-k-pilotes_crack_musik_feat._hamza.mp3 moved successfully.
File/Folder C:\DOCUME~1\remy\Mes documents\Mes vid‚os\alpha 5.20\alpha_5.20-mon_crack_feat_iron_sy-xvid-fr-2006-g0ldz.avi not found.
C:\DOCUME~1\remy\Mes documents\texte rap etc\texte rap\ALPHA 5-20-mon crack.txt moved successfully.
C:\DOCUME~1\remy\Recent\Crack.txt.lnk moved successfully.
File/Folder C:\DOCUME~1\remy\Recent\keygen pr logiciel txt.txt.lnk not found.
C:\DOCUME~1\remy\Recent\Xilisoft.Video.Converter.v3.1.7.0630b.Multilangages.Incl.Keygen.rar.lnk moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\remy\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\remy\LOCALS~1\Temp\~DF4E76.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7c4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.4.2 log created on 10092008_191053
Files moved on Reboot...
C:\DOCUME~1\remy\LOCALS~1\Temp\hpodvd09.log moved successfully.
File C:\DOCUME~1\remy\LOCALS~1\Temp\~DF4E76.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_7c4.dat moved successfully.
voila le raport du 1er :
Error: Unable to interpret <Age : 21 ans > in the current context!
Error: Unable to interpret <Sexe : Homme > in the current context!
Error: Unable to interpret <Messages : 5559 > in the current context!
Error: Unable to interpret <Inscription : Mar 19 Fev, 2008 > in the current context!
Error: Unable to interpret < 09-10-2008 à 18:58:58 Masquer Mettre un favori sur cette position pour y revenir plus tard Prévenir les modérateurs en cas d'abus Retirer de la liste des messages cités Ajouter à la liste des messages cités Répondre à ce message Voir le bbcode - 0 + > in the current context!
Error: Unable to interpret <Re, > in the current context!
Error: Unable to interpret <Bon déjà tu devrais commencer par supprimer tous les cracks de ton PC. Tu sais maintenant d'où vient l'infection. > in the current context!
Error: Unable to interpret <1) Télécharge OTMoveIt3 (OldTimer). Sauvegarde-le sur ton Bureau. > in the current context!
Error: Unable to interpret <Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous : > in the current context!
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\DOCUME~1\remy\Mes documents\logiciel\Xilisoft.Video.Converter.v3.1.7.0630b.Multilangages.Incl.Keygen.rar not found.
C:\DOCUME~1\remy\Mes documents\Ma musique\ALPHA 5.20\07-alpha_5.20-crack_saison.mp3 moved successfully.
C:\DOCUME~1\remy\Mes documents\mes album\RAP\Alpha 5.20\Alpha_5.20-3025_Avant_Rakailles_4-FR-2007-H5N1\07-alpha_5.20-crack_saison.mp3 moved successfully.
C:\DOCUME~1\remy\Mes documents\mes album\RAP\Alpha 5.20\Vivre Et Mourir A Dakar\16 mon crack feat iron sy and lino.mp3 moved successfully.
C:\DOCUME~1\remy\Mes documents\mes album\RAP\Rim-K-Famille_Nombreuse-FR-2007-H5N1\11-rim-k-pilotes_crack_musik_feat._hamza.mp3 moved successfully.
File/Folder C:\DOCUME~1\remy\Mes documents\Mes vid‚os\alpha 5.20\alpha_5.20-mon_crack_feat_iron_sy-xvid-fr-2006-g0ldz.avi not found.
C:\DOCUME~1\remy\Mes documents\texte rap etc\texte rap\ALPHA 5-20-mon crack.txt moved successfully.
C:\DOCUME~1\remy\Recent\Crack.txt.lnk moved successfully.
File/Folder C:\DOCUME~1\remy\Recent\keygen pr logiciel txt.txt.lnk not found.
C:\DOCUME~1\remy\Recent\Xilisoft.Video.Converter.v3.1.7.0630b.Multilangages.Incl.Keygen.rar.lnk moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\remy\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\remy\LOCALS~1\Temp\~DF4E76.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7c4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.4.2 log created on 10092008_191053
Files moved on Reboot...
C:\DOCUME~1\remy\LOCALS~1\Temp\hpodvd09.log moved successfully.
File C:\DOCUME~1\remy\LOCALS~1\Temp\~DF4E76.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_7c4.dat moved successfully.
ComboFix 08-10-08.05 - remy 2008-10-09 20:01:36.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.621 [GMT 2:00]
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\remy\Application Data\m
C:\Documents and Settings\remy\Application Data\m\data.oct
C:\Documents and Settings\remy\Application Data\m\flec006.exe
C:\Documents and Settings\remy\Application Data\m\list.oct
C:\Documents and Settings\remy\Application Data\m\shared\AACPlayer_1.11.zip
C:\Documents and Settings\remy\Application Data\m\shared\Addictive_Typing_Lessons_2.0.zip
C:\Documents and Settings\remy\Application Data\m\shared\Adobe_Lightroom_1.1_[Crack].zip
C:\Documents and Settings\remy\Application Data\m\shared\AeternaBackup_1.0.1.115_(Serial).czip
C:\Documents and Settings\remy\Application Data\m\shared\AeternaBackup_1.0.1.115_(Serial).zip
C:\Documents and Settings\remy\Application Data\m\shared\Age_of_Mythology_-_The_Other_View_scenario.zip
C:\Documents and Settings\remy\Application Data\m\shared\AllBalancesLink_1.zip
C:\Documents and Settings\remy\Application Data\m\shared\Aurora_Password_Manager_2.0_(Serial).zip
C:\Documents and Settings\remy\Application Data\m\shared\Avast!.Anti-Virus.Home.4.6.603.Serial.Key.zip
C:\Documents and Settings\remy\Application Data\m\shared\Banner_Maker_Pro_for_Flash_2.07.zip
C:\Documents and Settings\remy\Application Data\m\shared\Baseball_Legends_Screensaver.zip
C:\Documents and Settings\remy\Application Data\m\shared\Bluevesta_Anonymous_Mailer_1.zip
C:\Documents and Settings\remy\Application Data\m\shared\Cartopro_Evolution_21.10.2006_Key+Serial.zip
C:\Documents and Settings\remy\Application Data\m\shared\Change_Request_Tracker_0.1.2.1.zip
C:\Documents and Settings\remy\Application Data\m\shared\Christmas_Night_3D_ScreenSaver_1.1_[KeyGen].zip
C:\Documents and Settings\remy\Application Data\m\shared\Clone_Disk_Generator_1.0.zip
C:\Documents and Settings\remy\Application Data\m\shared\Crystalfontz_WinTest_2.0_(Crack).zip
C:\Documents and Settings\remy\Application Data\m\shared\Dreamway_(Nokia_7710)_1.zip
C:\Documents and Settings\remy\Application Data\m\shared\DVD_Pro_5.0.1.zip
C:\Documents and Settings\remy\Application Data\m\shared\EbookMaker_2.1.zip
C:\Documents and Settings\remy\Application Data\m\shared\Eeppo_1.0.zip
C:\Documents and Settings\remy\Application Data\m\shared\eScan_Corporate_for_Proxy_Servers_8.0.653.1.zip
C:\Documents and Settings\remy\Application Data\m\shared\Extract_Link_2.4.zip
C:\Documents and Settings\remy\Application Data\m\shared\File_Master_1.0_Crack.zip
C:\Documents and Settings\remy\Application Data\m\shared\FileMaid_1.0.zip
C:\Documents and Settings\remy\Application Data\m\shared\Food_N_Flies_Screensaver_5.0_(Crack).zip
C:\Documents and Settings\remy\Application Data\m\shared\Fort_1.0.5.zip
C:\Documents and Settings\remy\Application Data\m\shared\FTP_Client_Uploader_Creator_for_Windows_5.1.2_(Key).zip
C:\Documents and Settings\remy\Application Data\m\shared\Gym_Journal_5.9.zip
C:\Documents and Settings\remy\Application Data\m\shared\Hardcopy_16.1.06_Key.zip
C:\Documents and Settings\remy\Application Data\m\shared\HideAll_2.04_[Crack].zip
C:\Documents and Settings\remy\Application Data\m\shared\How_to_play_the_guitar_Vol3_5.0_(Patch).zip
C:\Documents and Settings\remy\Application Data\m\shared\HTMLXpress_Demo_1.1.0.4_With_Crack.zip
C:\Documents and Settings\remy\Application Data\m\shared\I_Ching_Connexion_X_3.0.2.zip
C:\Documents and Settings\remy\Application Data\m\shared\ImTOO_DVD_to_MP4_Suite_3.1.36.0706b_(With_Crack).zip
C:\Documents and Settings\remy\Application Data\m\shared\jvider_1.7.zip
C:\Documents and Settings\remy\Application Data\m\shared\LingvoSoft_Talking_Dictionary_2006_Russian_Hebrew_3.1.41_Crack.zip
C:\Documents and Settings\remy\Application Data\m\shared\Maggot2000_2001.zip
C:\Documents and Settings\remy\Application Data\m\shared\Magic_Cards_2005_-_Video_Poker_Edition_1.0.zip
C:\Documents and Settings\remy\Application Data\m\shared\Mark.E..Smith.-.Pander.Panda.Panzer.(Musepack.1.15r.Q7.Xtreme).By.Smegger68.zip
C:\Documents and Settings\remy\Application Data\m\shared\McAfee.VirusScan.Plus.2007.Crack.and.Serial.zip
C:\Documents and Settings\remy\Application Data\m\shared\Mcafee.Virusscan.Professional.2006.10.0.25-Setup-Crack.zip
C:\Documents and Settings\remy\Application Data\m\shared\MechWarrior_4_Vengeance_-_Stormy_Hills_map.zip
C:\Documents and Settings\remy\Application Data\m\shared\Meta_Commander_Pro_1.2.19.zip
C:\Documents and Settings\remy\Application Data\m\shared\Moog_Modular_V_2_2.2.zip
C:\Documents and Settings\remy\Application Data\m\shared\Moyea_SWF_to_PSP_Converter_1.15.1.6_(Key).zip
C:\Documents and Settings\remy\Application Data\m\shared\MSN_Emoticons_Plus_3.6.zip
C:\Documents and Settings\remy\Application Data\m\shared\MST_TotalAccess_Disk_Pro_1.0.zip
C:\Documents and Settings\remy\Application Data\m\shared\Music_Publisher_5.07.zip
C:\Documents and Settings\remy\Application Data\m\shared\NBA_TOOLBAR_1.0.zip
C:\Documents and Settings\remy\Application Data\m\shared\Nico_Arts_1.0.zip
C:\Documents and Settings\remy\Application Data\m\shared\peak-o-mat_1.0_rc4.zip
C:\Documents and Settings\remy\Application Data\m\shared\Photo_Magic_2.0_Crack.zip
C:\Documents and Settings\remy\Application Data\m\shared\PhotoPrinter_1.1.zip
C:\Documents and Settings\remy\Application Data\m\shared\PL.NOD32.2.51.30.PL.+.key.zip
C:\Documents and Settings\remy\Application Data\m\shared\Proposal_Pack_Wizard_3.4.zip
C:\Documents and Settings\remy\Application Data\m\shared\Puzzle_1.1.zip
C:\Documents and Settings\remy\Application Data\m\shared\Quotestream_2.0.zip
C:\Documents and Settings\remy\Application Data\m\shared\Remote_Control_(Nokia_9200)_1.0.zip
C:\Documents and Settings\remy\Application Data\m\shared\Remote_Control_1.1.zip
C:\Documents and Settings\remy\Application Data\m\shared\replaceHTML_1.1.3.zip
C:\Documents and Settings\remy\Application Data\m\shared\Restaurant_Operations_&_Financial_Workbook_1.2_Serial.zip
C:\Documents and Settings\remy\Application Data\m\shared\ResumePipe_2.9.2_(Key+Serial).zip
C:\Documents and Settings\remy\Application Data\m\shared\Smartlaunch_4.1.zip
C:\Documents and Settings\remy\Application Data\m\shared\Steel_RunAs_1.0.zip
C:\Documents and Settings\remy\Application Data\m\shared\Strategy_Mapper_2.6.1.2.zip
C:\Documents and Settings\remy\Application Data\m\shared\Symantec.Client.Security.Corporate.3.15.zip
C:\Documents and Settings\remy\Application Data\m\shared\SysRun_1.0.zip
C:\Documents and Settings\remy\Application Data\m\shared\TFunctionParser_7.zip
C:\Documents and Settings\remy\Application Data\m\shared\The_Undersea_Life_Screensaver_1.5_Cracked.zip
C:\Documents and Settings\remy\Application Data\m\shared\ThinkingTunes_50818.zip
C:\Documents and Settings\remy\Application Data\m\shared\TPolyline_1.0.zip
C:\Documents and Settings\remy\Application Data\m\shared\TV24X7_1.5.zip
C:\Documents and Settings\remy\Application Data\m\shared\Ultra_Video_To_iPod_Converter_2.0.2007.926_(Patch).zip
C:\Documents and Settings\remy\Application Data\m\shared\Vacation_Rental_Tracker_Plus_1.4.0_[KeyGen].zip
C:\Documents and Settings\remy\Application Data\m\shared\VideoReDo_Plus_2.5.5.512_(Serial).zip
C:\Documents and Settings\remy\Application Data\m\shared\WaxWorldRadio_Listener_1.2.zip
C:\Documents and Settings\remy\Application Data\m\shared\Web-candy_Digital_Clock_1.0.zip
C:\Documents and Settings\remy\Application Data\m\shared\WinIPDO_2.1.zip
C:\Documents and Settings\remy\Application Data\m\shared\WinTransRC_1.4.13.zip
C:\Documents and Settings\remy\Application Data\m\shared\XML_Workbench_1.3_build_315.zip
C:\Documents and Settings\remy\Application Data\m\srvlist.oct
C:\Documents and Settings\veronique\Application Data\m
C:\Documents and Settings\veronique\Application Data\m\data.oct
C:\Documents and Settings\veronique\Application Data\m\flec006.exe
C:\Documents and Settings\veronique\Application Data\m\list.oct
C:\Documents and Settings\veronique\Application Data\m\shared\Xilisoft Video Converter 3.1.53.0502b.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xilisoft Video Cutter 1.0.28.0430.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xilisoft Video Editor 1.0.28.0502.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xilisoft Video Splitter 1.0.27.0404.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xilisoft Video To Audio Converter 3.1.54.0509b.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xilisoft WMA MP3 Converter 2.1.69.0425.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xilisoft YouTube to iPod Converter 1.0.91.0418.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xilisoft YouTube Video Converter 1.0.92.0502.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xilisoft Zune Converter Suite 3.1.53.0425b.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xilisoft Zune Video Converter 3.1.53.0430b.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Ximage 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Ximpa Sample Rate Converter 2.1.0.4.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Ximple Wine Cellar 1.08.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xin Editor 0.4.1.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XingMPEG Encoder 2.2.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xingtone 4.0.49.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xingtone Ringtone Maker 4.2.19.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xinha Here! 0.10.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xinorbis 3.7.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xint 4.1.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xintegrity 1.6.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xion Audio Player 1.0 Build 100.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xion Portable 1.0 Build 100.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xip 1.01.zip
C:\Documents and Settings\veronique\Application Data\m\shared\xIP converter 0.1 beta.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xiph OGG plugins for RealPlayer 0.7.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XIPNO Splits Generator 1.00.00.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xipped 1.5.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xippee Firefox Extension 2.3.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XiRCON 1.0B4.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XIRR Calculator 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xirrus Wi-Fi Monitor 1.01.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xirtam 1.10.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xistic Active SourceCode 2.0.44.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xitami 2.5c2 beta.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xito Application Manager 1.0.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xizzo 1.3.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XJCalc 3.2.18.25474.zip
C:\Documents and Settings\veronique\Application Data\m\shared\xJournal 1.3.0102.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XK Codec Pack 041014.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XK0-002 - Linux Practice Test Questions 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XK0-002 CompTIA Linux+ 8.05.05.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XKat 2.02.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xkcd 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xkcd Comics 1.0.0.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XL-DBQuery Professional 1.0.4.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XL-EasyGantt 2.2.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XL ACalc 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XL Audit Commander 1.54.zip
C:\Documents and Settings\veronique\Application Data\m\shared\xl bit 1.1.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XL Convert 1.1.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XL Delete 1.7.2692.29516.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XL Dialer 2.0.2.134.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XL Fusion 3.0.4.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XL Navigator 1.1.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XL Report Builder 2.1.4.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XL Style Manager 1.5.2.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLang10 1.2.9.zip
C:\Documents and Settings\veronique\Application Data\m\shared\xLauncher 2.62.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLCalendar 1.4.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLChartPro 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLCompare 1.0.016.zip
C:\Documents and Settings\veronique\Application Data\m\shared\xlDEA 2.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLDS 1.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLibri Clock 1.0.0.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xlight FTP Server 2.86.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xlink 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xlit 2.3.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLitePro 1.9.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLN Desktop Search 2.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLnow OnScript 2.1.568.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xload 1.2_14.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xlogan 2.0 build 2.0.222.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLogo 0.9.25.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xlpd 2.1 Build 0304.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLplus 2.0.18.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLPoints Plus 1.3.zip
C:\Documents and Settings\veronique\Application Data\m\shared\xlPrecision 2.0.1.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLProject 2.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLQ 3.9.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xlquotes 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLReportCom 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLReportGen 3.6.1.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLS (Excel) to DBF Converter 1.21.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLS Converter 1.6.8.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLS Regenerator 2.12.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLS to DBF Converter 1.01.02.zip
C:\Documents and Settings\veronique\Application Data\m\shared\xls2csv 1.1.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xls2Html 3.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLSConverterX.zip
C:\Documents and Settings\veronique\Application Data\m\shared\xlsgen - native Excel generator 2.1.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLStat 2008.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XlsToOra 1.1.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XlsToSql 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLTradeLink 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XM-EXE 1.6.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XM Administrator 0.1-4.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XM Easy Personal FTP Server 5.4.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XM Online Radio 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XM Tuner 1.5.zip
C:\Documents and Settings\veronique\Application Data\m\shared\xm2Rss 3.2.8.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XMAC General Icons 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XMail 1.25.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xmanager 2.0 Build 0765.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xmanager Enterprise 2.1 Build 0038.zip
C:\Documents and Settings\veronique\Application Data\m\shared\xMap Backup 2008.zip
C:\Documents and Settings\veronique\Application Data\m\shared\xMap Scanner Pro 2007.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XMark 7.0 SP1.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XMark.NET 7.0 SP1.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xmas Clock ScreenSaver 2.3.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xmas Desktop 3D Screensaver 1.2.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xmas FishBalls 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xmas Fred 2001.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xmas Gingerbread 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xmas Stars Screensaver.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xmas Time.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xmas Tree 1.01.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xmas Tree Screensaver 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xmas2003 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XmasLights 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XmasMan 1.3b.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xmass Fireplace Screensaver 3.11.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xmass Fireplace Wallpaper 3.11.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xmass Tree Animated Screensaver 3.11.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xmass Tree Wallpaper 3.11.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XMCalc 3.2.18.25507.zip
C:\Documents and Settings\veronique\Application Data\m\srvlist.oct
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\dat.txt
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\Bank.dll
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\100812.exe
C:\WINDOWS\system32\drivers\downld\106140.exe
C:\WINDOWS\system32\drivers\downld\107296.exe
C:\WINDOWS\system32\drivers\downld\112328.exe
C:\WINDOWS\system32\drivers\downld\156156.exe
C:\WINDOWS\system32\drivers\downld\158109.exe
C:\WINDOWS\system32\drivers\downld\159015.exe
C:\WINDOWS\system32\drivers\downld\180140.exe
C:\WINDOWS\system32\drivers\downld\180625.exe
C:\WINDOWS\system32\drivers\downld\182000.exe
C:\WINDOWS\system32\drivers\downld\192718.exe
C:\WINDOWS\system32\drivers\downld\194640.exe
C:\WINDOWS\system32\drivers\downld\195328.exe
C:\WINDOWS\system32\drivers\downld\207484.exe
C:\WINDOWS\system32\drivers\downld\212015.exe
C:\WINDOWS\system32\drivers\downld\218406.exe
C:\WINDOWS\system32\drivers\downld\225578.exe
C:\WINDOWS\system32\drivers\downld\227843.exe
C:\WINDOWS\system32\drivers\downld\228828.exe
C:\WINDOWS\system32\drivers\downld\240203.exe
C:\WINDOWS\system32\drivers\downld\244765.exe
C:\WINDOWS\system32\drivers\downld\250296.exe
C:\WINDOWS\system32\drivers\downld\254265.exe
C:\WINDOWS\system32\drivers\downld\257828.exe
C:\WINDOWS\system32\drivers\downld\265203.exe
C:\WINDOWS\system32\drivers\downld\267109.exe
C:\WINDOWS\system32\drivers\downld\278828.exe
C:\WINDOWS\system32\drivers\downld\286625.exe
C:\WINDOWS\system32\drivers\downld\294015.exe
C:\WINDOWS\system32\drivers\downld\339781.exe
C:\WINDOWS\system32\drivers\downld\342859.exe
C:\WINDOWS\system32\drivers\downld\351109.exe
C:\WINDOWS\system32\drivers\downld\359093.exe
C:\WINDOWS\system32\drivers\downld\363609.exe
C:\WINDOWS\system32\drivers\downld\369812.exe
C:\WINDOWS\system32\drivers\downld\373468.exe
C:\WINDOWS\system32\drivers\downld\374046.exe
C:\WINDOWS\system32\drivers\downld\380734.exe
C:\WINDOWS\system32\drivers\downld\384843.exe
C:\WINDOWS\system32\drivers\downld\384875.exe
C:\WINDOWS\system32\drivers\downld\396921.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\wintems.exe
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPRIP
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-09 au 2008-10-09 ))))))))))))))))))))))))))))))))))))
.
2008-10-09 19:10 . 2008-10-09 19:10 <REP> d-------- C:\_OTMoveIt
2008-10-09 18:42 . 2008-10-09 18:51 <REP> d-------- C:\Lop SD
2008-10-09 12:17 . 2008-10-09 14:28 <REP> d-------- C:\Documents and Settings\veronique\Application Data\EoRezo
2008-10-09 01:05 . 2008-10-09 15:34 <REP> d-------- C:\Documents and Settings\remy\Application Data\EoRezo
2008-10-08 01:33 . 2008-10-08 01:33 361,600 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-10-05 23:21 . 2008-10-09 13:58 <REP> d-------- C:\Program Files\eMule
2008-09-29 23:59 . 2008-09-29 23:59 <REP> d-------- C:\divx
2008-09-29 22:38 . 2008-09-29 22:38 <REP> d-------- C:\Sounds
2008-09-29 22:30 . 2007-09-28 19:56 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-09-29 22:29 . 2008-10-09 11:36 <REP> d-------- C:\Program Files\DivX(oct 2008)
2008-09-29 22:26 . 2008-09-29 22:26 <REP> d-------- C:\Program Files\LG Electronics
2008-09-29 22:23 . 2007-11-08 16:26 1,164,728 --a------ C:\WINDOWS\system32\NMSDVDXU.dll
2008-09-29 22:23 . 2005-09-26 22:55 419,240 --a------ C:\WINDOWS\system32\Vsflex7L.ocx
2008-09-29 22:23 . 2000-05-22 00:00 244,416 --a------ C:\WINDOWS\system32\Msflxgrd.ocx
2008-09-29 22:22 . 2008-10-06 20:23 <REP> d-------- C:\Program Files\LG PC Suite II
2008-09-29 22:22 . 2008-10-01 00:04 <REP> d-------- C:\Documents and Settings\remy\Application Data\LG Electronics
2008-09-29 22:22 . 2008-09-29 22:22 <REP> d-------- C:\Documents and Settings\remy\Application Data\InstallShield
2008-09-29 00:15 . 2008-09-29 00:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-09-11 21:19 . 2008-09-11 21:30 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-11 21:19 . 2008-09-11 21:19 <REP> d-------- C:\Documents and Settings\remy\Application Data\Malwarebytes
2008-09-11 21:19 . 2008-09-11 21:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-11 21:19 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-11 21:19 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-11 19:41 . 2008-09-12 20:32 <REP> d-------- C:\Program Files\Navilog1
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 18:10 --------- d-----w C:\Documents and Settings\remy\Application Data\Orbit
2008-10-09 18:08 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-10-09 17:02 15,360 ----a-w C:\WINDOWS\system32\register.exe
2008-10-09 15:46 --------- d-----w C:\Documents and Settings\veronique\Application Data\Orbit
2008-10-09 14:30 --------- d-----w C:\Program Files\Orbitdownloader
2008-10-09 13:36 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-10-09 13:33 --------- d-----w C:\Program Files\Norton Security Scan
2008-10-09 12:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-10-08 18:30 --------- d-----w C:\Program Files\eMule2
2008-10-08 12:09 11,310 -c--a-w C:\Documents and Settings\remy\Application Data\wklnhst.dat
2008-10-07 19:12 --------- d-----w C:\Program Files\Picture It! Premium 10
2008-10-03 08:36 --------- d-----w C:\Documents and Settings\Invité\Application Data\Orbit
2008-09-29 20:29 --------- d-----w C:\Program Files\DivX
2008-09-29 20:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-28 22:17 --------- d-----w C:\Program Files\Fichiers communs\AOL
2008-09-21 06:45 23,810 ----a-w C:\Documents and Settings\veronique\Application Data\wklnhst.dat
2008-09-13 19:23 --------- d-----w C:\Documents and Settings\veronique\Application Data\Zylom
2008-08-19 11:06 --------- d-----w C:\Program Files\AOL 9.0 VR
2008-08-17 12:16 --------- d-----w C:\Program Files\DivX.2007
2008-08-09 15:12 --------- d-----w C:\Documents and Settings\Invité\Application Data\AOL
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-06-04 20:28 84,472 ----a-w C:\Documents and Settings\remy\Application Data\GDIPFONTCACHEV1.DAT
2007-04-09 11:11 83,704 ----a-w C:\Documents and Settings\veronique\Application Data\GDIPFONTCACHEV1.DAT
2005-01-25 16:24 8 --sh--r C:\WINDOWS\system32\F2A38CDCBF.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-12-09 1937408]
"AOL Fast Start"="C:\Program Files\AOL 9.0 VR\AOL.EXE" [2007-06-21 50480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 70952]
"Keyboard Status"="C:\PROGRA~1\Medion\KeyStat\KeyStat.exe" [2005-01-25 411648]
"RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-02-04 118926]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-04-07 877568]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-12-14 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-12-14 217088]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2008-09-05 652528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-26 98304]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1168010725\ee\AOLSoftware.exe" [2006-11-17 50736]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Dit"="Dit.exe" [2004-07-20 C:\WINDOWS\Dit.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 C:\WINDOWS\AGRSMMSG.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-01-26 1048576]
Contr“leur de calendrier Ulead.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2007-04-05 69632]
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msvideo9"= SDVC03.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%ProgramFiles%\\AOL 9.0\\AOL.exe"=
"%WinDir%\\system32\\fxsclnt.exe"=
"%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\eMule2\\emule.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\1168010725\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AOL 9.0 VR\\waol.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\AOL 9.0 (2008)\\waol.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Groupement homologue Windows
"3540:UDP"= 3540:UDP![:p]( ":p")
rotocole PNRP (Peer Name Resolution Protocol)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-01-31 802048]
R3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-12-08 36256]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-01 1272000]
R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 19928]
S2 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-10-09 17408]
S3 GCR410P;Lecteur de cartes à puce série GEMPLUS GCR410P;C:\WINDOWS\system32\DRIVERS\grserial.sys [2008-04-14 28544]
S3 GEMPC430;Lecteur de cartes à puce GEMPLUS GemPC430 USB;C:\WINDOWS\system32\DRIVERS\grclass.sys [2001-08-23 82560]
S3 lgmcbus;LGE Mobile driver (WDM);C:\WINDOWS\system32\DRIVERS\lgmcbus.sys [2008-01-09 83584]
S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\lgmcmdfl.sys [2008-01-09 14976]
S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\lgmcmdm.sys [2008-01-09 110464]
S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\lgmcmgmt.sys [2008-01-09 104448]
S3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);C:\WINDOWS\system32\DRIVERS\lgmcnd5.sys [2008-01-09 25344]
S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\lgmcobex.sys [2008-01-09 100480]
S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);C:\WINDOWS\system32\DRIVERS\lgmcunic.sys [2008-01-09 109952]
S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 SCR111;Lecteur de cartes à puce SCM Microsystems SCR111 série;C:\WINDOWS\system32\DRIVERS\SCR111.sys [2001-08-23 17536]
S3 SDVC05;USB SDVC05;C:\WINDOWS\system32\Drivers\SDVC05.sys [2003-07-22 18088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenu du dossier 'Tâches planifiées'
2008-10-08 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 04:08]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-WMPNSCFG - C:\Program Files\Windows Media Player\WMPNSCFG.exe
HKCU-Run-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-EoEngine - (no file)
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\remy\Application Data\Mozilla\Firefox\Profiles\6j2kkdz9.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.lo.st
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-09 20:08:39
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\scardsvr.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Fichiers communs\AOL\1168010725\ee\services\antiSpywareApp\ver2_0_28_1\AOLSP Scheduler.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
.
**************************************************************************
.
Heure de fin: 2008-10-09 20:18:16 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-09 18:18:13
Avant-CF: 7,364,141,056 octets libres
Après-CF: 7,449,681,920 octets libres
491 --- E O F --- 2008-10-09 18:12:48
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.621 [GMT 2:00]
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\remy\Application Data\m
C:\Documents and Settings\remy\Application Data\m\data.oct
C:\Documents and Settings\remy\Application Data\m\flec006.exe
C:\Documents and Settings\remy\Application Data\m\list.oct
C:\Documents and Settings\remy\Application Data\m\shared\AACPlayer_1.11.zip
C:\Documents and Settings\remy\Application Data\m\shared\Addictive_Typing_Lessons_2.0.zip
C:\Documents and Settings\remy\Application Data\m\shared\Adobe_Lightroom_1.1_[Crack].zip
C:\Documents and Settings\remy\Application Data\m\shared\AeternaBackup_1.0.1.115_(Serial).czip
C:\Documents and Settings\remy\Application Data\m\shared\AeternaBackup_1.0.1.115_(Serial).zip
C:\Documents and Settings\remy\Application Data\m\shared\Age_of_Mythology_-_The_Other_View_scenario.zip
C:\Documents and Settings\remy\Application Data\m\shared\AllBalancesLink_1.zip
C:\Documents and Settings\remy\Application Data\m\shared\Aurora_Password_Manager_2.0_(Serial).zip
C:\Documents and Settings\remy\Application Data\m\shared\Avast!.Anti-Virus.Home.4.6.603.Serial.Key.zip
C:\Documents and Settings\remy\Application Data\m\shared\Banner_Maker_Pro_for_Flash_2.07.zip
C:\Documents and Settings\remy\Application Data\m\shared\Baseball_Legends_Screensaver.zip
C:\Documents and Settings\remy\Application Data\m\shared\Bluevesta_Anonymous_Mailer_1.zip
C:\Documents and Settings\remy\Application Data\m\shared\Cartopro_Evolution_21.10.2006_Key+Serial.zip
C:\Documents and Settings\remy\Application Data\m\shared\Change_Request_Tracker_0.1.2.1.zip
C:\Documents and Settings\remy\Application Data\m\shared\Christmas_Night_3D_ScreenSaver_1.1_[KeyGen].zip
C:\Documents and Settings\remy\Application Data\m\shared\Clone_Disk_Generator_1.0.zip
C:\Documents and Settings\remy\Application Data\m\shared\Crystalfontz_WinTest_2.0_(Crack).zip
C:\Documents and Settings\remy\Application Data\m\shared\Dreamway_(Nokia_7710)_1.zip
C:\Documents and Settings\remy\Application Data\m\shared\DVD_Pro_5.0.1.zip
C:\Documents and Settings\remy\Application Data\m\shared\EbookMaker_2.1.zip
C:\Documents and Settings\remy\Application Data\m\shared\Eeppo_1.0.zip
C:\Documents and Settings\remy\Application Data\m\shared\eScan_Corporate_for_Proxy_Servers_8.0.653.1.zip
C:\Documents and Settings\remy\Application Data\m\shared\Extract_Link_2.4.zip
C:\Documents and Settings\remy\Application Data\m\shared\File_Master_1.0_Crack.zip
C:\Documents and Settings\remy\Application Data\m\shared\FileMaid_1.0.zip
C:\Documents and Settings\remy\Application Data\m\shared\Food_N_Flies_Screensaver_5.0_(Crack).zip
C:\Documents and Settings\remy\Application Data\m\shared\Fort_1.0.5.zip
C:\Documents and Settings\remy\Application Data\m\shared\FTP_Client_Uploader_Creator_for_Windows_5.1.2_(Key).zip
C:\Documents and Settings\remy\Application Data\m\shared\Gym_Journal_5.9.zip
C:\Documents and Settings\remy\Application Data\m\shared\Hardcopy_16.1.06_Key.zip
C:\Documents and Settings\remy\Application Data\m\shared\HideAll_2.04_[Crack].zip
C:\Documents and Settings\remy\Application Data\m\shared\How_to_play_the_guitar_Vol3_5.0_(Patch).zip
C:\Documents and Settings\remy\Application Data\m\shared\HTMLXpress_Demo_1.1.0.4_With_Crack.zip
C:\Documents and Settings\remy\Application Data\m\shared\I_Ching_Connexion_X_3.0.2.zip
C:\Documents and Settings\remy\Application Data\m\shared\ImTOO_DVD_to_MP4_Suite_3.1.36.0706b_(With_Crack).zip
C:\Documents and Settings\remy\Application Data\m\shared\jvider_1.7.zip
C:\Documents and Settings\remy\Application Data\m\shared\LingvoSoft_Talking_Dictionary_2006_Russian_Hebrew_3.1.41_Crack.zip
C:\Documents and Settings\remy\Application Data\m\shared\Maggot2000_2001.zip
C:\Documents and Settings\remy\Application Data\m\shared\Magic_Cards_2005_-_Video_Poker_Edition_1.0.zip
C:\Documents and Settings\remy\Application Data\m\shared\Mark.E..Smith.-.Pander.Panda.Panzer.(Musepack.1.15r.Q7.Xtreme).By.Smegger68.zip
C:\Documents and Settings\remy\Application Data\m\shared\McAfee.VirusScan.Plus.2007.Crack.and.Serial.zip
C:\Documents and Settings\remy\Application Data\m\shared\Mcafee.Virusscan.Professional.2006.10.0.25-Setup-Crack.zip
C:\Documents and Settings\remy\Application Data\m\shared\MechWarrior_4_Vengeance_-_Stormy_Hills_map.zip
C:\Documents and Settings\remy\Application Data\m\shared\Meta_Commander_Pro_1.2.19.zip
C:\Documents and Settings\remy\Application Data\m\shared\Moog_Modular_V_2_2.2.zip
C:\Documents and Settings\remy\Application Data\m\shared\Moyea_SWF_to_PSP_Converter_1.15.1.6_(Key).zip
C:\Documents and Settings\remy\Application Data\m\shared\MSN_Emoticons_Plus_3.6.zip
C:\Documents and Settings\remy\Application Data\m\shared\MST_TotalAccess_Disk_Pro_1.0.zip
C:\Documents and Settings\remy\Application Data\m\shared\Music_Publisher_5.07.zip
C:\Documents and Settings\remy\Application Data\m\shared\NBA_TOOLBAR_1.0.zip
C:\Documents and Settings\remy\Application Data\m\shared\Nico_Arts_1.0.zip
C:\Documents and Settings\remy\Application Data\m\shared\peak-o-mat_1.0_rc4.zip
C:\Documents and Settings\remy\Application Data\m\shared\Photo_Magic_2.0_Crack.zip
C:\Documents and Settings\remy\Application Data\m\shared\PhotoPrinter_1.1.zip
C:\Documents and Settings\remy\Application Data\m\shared\PL.NOD32.2.51.30.PL.+.key.zip
C:\Documents and Settings\remy\Application Data\m\shared\Proposal_Pack_Wizard_3.4.zip
C:\Documents and Settings\remy\Application Data\m\shared\Puzzle_1.1.zip
C:\Documents and Settings\remy\Application Data\m\shared\Quotestream_2.0.zip
C:\Documents and Settings\remy\Application Data\m\shared\Remote_Control_(Nokia_9200)_1.0.zip
C:\Documents and Settings\remy\Application Data\m\shared\Remote_Control_1.1.zip
C:\Documents and Settings\remy\Application Data\m\shared\replaceHTML_1.1.3.zip
C:\Documents and Settings\remy\Application Data\m\shared\Restaurant_Operations_&_Financial_Workbook_1.2_Serial.zip
C:\Documents and Settings\remy\Application Data\m\shared\ResumePipe_2.9.2_(Key+Serial).zip
C:\Documents and Settings\remy\Application Data\m\shared\Smartlaunch_4.1.zip
C:\Documents and Settings\remy\Application Data\m\shared\Steel_RunAs_1.0.zip
C:\Documents and Settings\remy\Application Data\m\shared\Strategy_Mapper_2.6.1.2.zip
C:\Documents and Settings\remy\Application Data\m\shared\Symantec.Client.Security.Corporate.3.15.zip
C:\Documents and Settings\remy\Application Data\m\shared\SysRun_1.0.zip
C:\Documents and Settings\remy\Application Data\m\shared\TFunctionParser_7.zip
C:\Documents and Settings\remy\Application Data\m\shared\The_Undersea_Life_Screensaver_1.5_Cracked.zip
C:\Documents and Settings\remy\Application Data\m\shared\ThinkingTunes_50818.zip
C:\Documents and Settings\remy\Application Data\m\shared\TPolyline_1.0.zip
C:\Documents and Settings\remy\Application Data\m\shared\TV24X7_1.5.zip
C:\Documents and Settings\remy\Application Data\m\shared\Ultra_Video_To_iPod_Converter_2.0.2007.926_(Patch).zip
C:\Documents and Settings\remy\Application Data\m\shared\Vacation_Rental_Tracker_Plus_1.4.0_[KeyGen].zip
C:\Documents and Settings\remy\Application Data\m\shared\VideoReDo_Plus_2.5.5.512_(Serial).zip
C:\Documents and Settings\remy\Application Data\m\shared\WaxWorldRadio_Listener_1.2.zip
C:\Documents and Settings\remy\Application Data\m\shared\Web-candy_Digital_Clock_1.0.zip
C:\Documents and Settings\remy\Application Data\m\shared\WinIPDO_2.1.zip
C:\Documents and Settings\remy\Application Data\m\shared\WinTransRC_1.4.13.zip
C:\Documents and Settings\remy\Application Data\m\shared\XML_Workbench_1.3_build_315.zip
C:\Documents and Settings\remy\Application Data\m\srvlist.oct
C:\Documents and Settings\veronique\Application Data\m
C:\Documents and Settings\veronique\Application Data\m\data.oct
C:\Documents and Settings\veronique\Application Data\m\flec006.exe
C:\Documents and Settings\veronique\Application Data\m\list.oct
C:\Documents and Settings\veronique\Application Data\m\shared\Xilisoft Video Converter 3.1.53.0502b.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xilisoft Video Cutter 1.0.28.0430.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xilisoft Video Editor 1.0.28.0502.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xilisoft Video Splitter 1.0.27.0404.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xilisoft Video To Audio Converter 3.1.54.0509b.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xilisoft WMA MP3 Converter 2.1.69.0425.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xilisoft YouTube to iPod Converter 1.0.91.0418.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xilisoft YouTube Video Converter 1.0.92.0502.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xilisoft Zune Converter Suite 3.1.53.0425b.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xilisoft Zune Video Converter 3.1.53.0430b.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Ximage 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Ximpa Sample Rate Converter 2.1.0.4.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Ximple Wine Cellar 1.08.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xin Editor 0.4.1.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XingMPEG Encoder 2.2.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xingtone 4.0.49.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xingtone Ringtone Maker 4.2.19.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xinha Here! 0.10.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xinorbis 3.7.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xint 4.1.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xintegrity 1.6.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xion Audio Player 1.0 Build 100.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xion Portable 1.0 Build 100.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xip 1.01.zip
C:\Documents and Settings\veronique\Application Data\m\shared\xIP converter 0.1 beta.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xiph OGG plugins for RealPlayer 0.7.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XIPNO Splits Generator 1.00.00.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xipped 1.5.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xippee Firefox Extension 2.3.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XiRCON 1.0B4.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XIRR Calculator 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xirrus Wi-Fi Monitor 1.01.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xirtam 1.10.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xistic Active SourceCode 2.0.44.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xitami 2.5c2 beta.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xito Application Manager 1.0.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xizzo 1.3.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XJCalc 3.2.18.25474.zip
C:\Documents and Settings\veronique\Application Data\m\shared\xJournal 1.3.0102.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XK Codec Pack 041014.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XK0-002 - Linux Practice Test Questions 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XK0-002 CompTIA Linux+ 8.05.05.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XKat 2.02.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xkcd 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xkcd Comics 1.0.0.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XL-DBQuery Professional 1.0.4.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XL-EasyGantt 2.2.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XL ACalc 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XL Audit Commander 1.54.zip
C:\Documents and Settings\veronique\Application Data\m\shared\xl bit 1.1.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XL Convert 1.1.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XL Delete 1.7.2692.29516.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XL Dialer 2.0.2.134.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XL Fusion 3.0.4.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XL Navigator 1.1.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XL Report Builder 2.1.4.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XL Style Manager 1.5.2.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLang10 1.2.9.zip
C:\Documents and Settings\veronique\Application Data\m\shared\xLauncher 2.62.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLCalendar 1.4.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLChartPro 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLCompare 1.0.016.zip
C:\Documents and Settings\veronique\Application Data\m\shared\xlDEA 2.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLDS 1.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLibri Clock 1.0.0.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xlight FTP Server 2.86.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xlink 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xlit 2.3.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLitePro 1.9.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLN Desktop Search 2.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLnow OnScript 2.1.568.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xload 1.2_14.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xlogan 2.0 build 2.0.222.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLogo 0.9.25.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xlpd 2.1 Build 0304.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLplus 2.0.18.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLPoints Plus 1.3.zip
C:\Documents and Settings\veronique\Application Data\m\shared\xlPrecision 2.0.1.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLProject 2.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLQ 3.9.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xlquotes 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLReportCom 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLReportGen 3.6.1.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLS (Excel) to DBF Converter 1.21.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLS Converter 1.6.8.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLS Regenerator 2.12.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLS to DBF Converter 1.01.02.zip
C:\Documents and Settings\veronique\Application Data\m\shared\xls2csv 1.1.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xls2Html 3.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLSConverterX.zip
C:\Documents and Settings\veronique\Application Data\m\shared\xlsgen - native Excel generator 2.1.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLStat 2008.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XlsToOra 1.1.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XlsToSql 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XLTradeLink 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XM-EXE 1.6.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XM Administrator 0.1-4.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XM Easy Personal FTP Server 5.4.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XM Online Radio 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XM Tuner 1.5.zip
C:\Documents and Settings\veronique\Application Data\m\shared\xm2Rss 3.2.8.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XMAC General Icons 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XMail 1.25.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xmanager 2.0 Build 0765.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xmanager Enterprise 2.1 Build 0038.zip
C:\Documents and Settings\veronique\Application Data\m\shared\xMap Backup 2008.zip
C:\Documents and Settings\veronique\Application Data\m\shared\xMap Scanner Pro 2007.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XMark 7.0 SP1.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XMark.NET 7.0 SP1.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xmas Clock ScreenSaver 2.3.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xmas Desktop 3D Screensaver 1.2.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xmas FishBalls 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xmas Fred 2001.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xmas Gingerbread 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xmas Stars Screensaver.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xmas Time.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xmas Tree 1.01.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xmas Tree Screensaver 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xmas2003 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XmasLights 1.0.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XmasMan 1.3b.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xmass Fireplace Screensaver 3.11.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xmass Fireplace Wallpaper 3.11.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xmass Tree Animated Screensaver 3.11.zip
C:\Documents and Settings\veronique\Application Data\m\shared\Xmass Tree Wallpaper 3.11.zip
C:\Documents and Settings\veronique\Application Data\m\shared\XMCalc 3.2.18.25507.zip
C:\Documents and Settings\veronique\Application Data\m\srvlist.oct
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\dat.txt
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\Bank.dll
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\100812.exe
C:\WINDOWS\system32\drivers\downld\106140.exe
C:\WINDOWS\system32\drivers\downld\107296.exe
C:\WINDOWS\system32\drivers\downld\112328.exe
C:\WINDOWS\system32\drivers\downld\156156.exe
C:\WINDOWS\system32\drivers\downld\158109.exe
C:\WINDOWS\system32\drivers\downld\159015.exe
C:\WINDOWS\system32\drivers\downld\180140.exe
C:\WINDOWS\system32\drivers\downld\180625.exe
C:\WINDOWS\system32\drivers\downld\182000.exe
C:\WINDOWS\system32\drivers\downld\192718.exe
C:\WINDOWS\system32\drivers\downld\194640.exe
C:\WINDOWS\system32\drivers\downld\195328.exe
C:\WINDOWS\system32\drivers\downld\207484.exe
C:\WINDOWS\system32\drivers\downld\212015.exe
C:\WINDOWS\system32\drivers\downld\218406.exe
C:\WINDOWS\system32\drivers\downld\225578.exe
C:\WINDOWS\system32\drivers\downld\227843.exe
C:\WINDOWS\system32\drivers\downld\228828.exe
C:\WINDOWS\system32\drivers\downld\240203.exe
C:\WINDOWS\system32\drivers\downld\244765.exe
C:\WINDOWS\system32\drivers\downld\250296.exe
C:\WINDOWS\system32\drivers\downld\254265.exe
C:\WINDOWS\system32\drivers\downld\257828.exe
C:\WINDOWS\system32\drivers\downld\265203.exe
C:\WINDOWS\system32\drivers\downld\267109.exe
C:\WINDOWS\system32\drivers\downld\278828.exe
C:\WINDOWS\system32\drivers\downld\286625.exe
C:\WINDOWS\system32\drivers\downld\294015.exe
C:\WINDOWS\system32\drivers\downld\339781.exe
C:\WINDOWS\system32\drivers\downld\342859.exe
C:\WINDOWS\system32\drivers\downld\351109.exe
C:\WINDOWS\system32\drivers\downld\359093.exe
C:\WINDOWS\system32\drivers\downld\363609.exe
C:\WINDOWS\system32\drivers\downld\369812.exe
C:\WINDOWS\system32\drivers\downld\373468.exe
C:\WINDOWS\system32\drivers\downld\374046.exe
C:\WINDOWS\system32\drivers\downld\380734.exe
C:\WINDOWS\system32\drivers\downld\384843.exe
C:\WINDOWS\system32\drivers\downld\384875.exe
C:\WINDOWS\system32\drivers\downld\396921.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\wintems.exe
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPRIP
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-09 au 2008-10-09 ))))))))))))))))))))))))))))))))))))
.
2008-10-09 19:10 . 2008-10-09 19:10 <REP> d-------- C:\_OTMoveIt
2008-10-09 18:42 . 2008-10-09 18:51 <REP> d-------- C:\Lop SD
2008-10-09 12:17 . 2008-10-09 14:28 <REP> d-------- C:\Documents and Settings\veronique\Application Data\EoRezo
2008-10-09 01:05 . 2008-10-09 15:34 <REP> d-------- C:\Documents and Settings\remy\Application Data\EoRezo
2008-10-08 01:33 . 2008-10-08 01:33 361,600 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-10-05 23:21 . 2008-10-09 13:58 <REP> d-------- C:\Program Files\eMule
2008-09-29 23:59 . 2008-09-29 23:59 <REP> d-------- C:\divx
2008-09-29 22:38 . 2008-09-29 22:38 <REP> d-------- C:\Sounds
2008-09-29 22:30 . 2007-09-28 19:56 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-09-29 22:29 . 2008-10-09 11:36 <REP> d-------- C:\Program Files\DivX(oct 2008)
2008-09-29 22:26 . 2008-09-29 22:26 <REP> d-------- C:\Program Files\LG Electronics
2008-09-29 22:23 . 2007-11-08 16:26 1,164,728 --a------ C:\WINDOWS\system32\NMSDVDXU.dll
2008-09-29 22:23 . 2005-09-26 22:55 419,240 --a------ C:\WINDOWS\system32\Vsflex7L.ocx
2008-09-29 22:23 . 2000-05-22 00:00 244,416 --a------ C:\WINDOWS\system32\Msflxgrd.ocx
2008-09-29 22:22 . 2008-10-06 20:23 <REP> d-------- C:\Program Files\LG PC Suite II
2008-09-29 22:22 . 2008-10-01 00:04 <REP> d-------- C:\Documents and Settings\remy\Application Data\LG Electronics
2008-09-29 22:22 . 2008-09-29 22:22 <REP> d-------- C:\Documents and Settings\remy\Application Data\InstallShield
2008-09-29 00:15 . 2008-09-29 00:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-09-11 21:19 . 2008-09-11 21:30 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-11 21:19 . 2008-09-11 21:19 <REP> d-------- C:\Documents and Settings\remy\Application Data\Malwarebytes
2008-09-11 21:19 . 2008-09-11 21:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-11 21:19 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-11 21:19 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-11 19:41 . 2008-09-12 20:32 <REP> d-------- C:\Program Files\Navilog1
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 18:10 --------- d-----w C:\Documents and Settings\remy\Application Data\Orbit
2008-10-09 18:08 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-10-09 17:02 15,360 ----a-w C:\WINDOWS\system32\register.exe
2008-10-09 15:46 --------- d-----w C:\Documents and Settings\veronique\Application Data\Orbit
2008-10-09 14:30 --------- d-----w C:\Program Files\Orbitdownloader
2008-10-09 13:36 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-10-09 13:33 --------- d-----w C:\Program Files\Norton Security Scan
2008-10-09 12:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-10-08 18:30 --------- d-----w C:\Program Files\eMule2
2008-10-08 12:09 11,310 -c--a-w C:\Documents and Settings\remy\Application Data\wklnhst.dat
2008-10-07 19:12 --------- d-----w C:\Program Files\Picture It! Premium 10
2008-10-03 08:36 --------- d-----w C:\Documents and Settings\Invité\Application Data\Orbit
2008-09-29 20:29 --------- d-----w C:\Program Files\DivX
2008-09-29 20:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-28 22:17 --------- d-----w C:\Program Files\Fichiers communs\AOL
2008-09-21 06:45 23,810 ----a-w C:\Documents and Settings\veronique\Application Data\wklnhst.dat
2008-09-13 19:23 --------- d-----w C:\Documents and Settings\veronique\Application Data\Zylom
2008-08-19 11:06 --------- d-----w C:\Program Files\AOL 9.0 VR
2008-08-17 12:16 --------- d-----w C:\Program Files\DivX.2007
2008-08-09 15:12 --------- d-----w C:\Documents and Settings\Invité\Application Data\AOL
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-06-04 20:28 84,472 ----a-w C:\Documents and Settings\remy\Application Data\GDIPFONTCACHEV1.DAT
2007-04-09 11:11 83,704 ----a-w C:\Documents and Settings\veronique\Application Data\GDIPFONTCACHEV1.DAT
2005-01-25 16:24 8 --sh--r C:\WINDOWS\system32\F2A38CDCBF.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-12-09 1937408]
"AOL Fast Start"="C:\Program Files\AOL 9.0 VR\AOL.EXE" [2007-06-21 50480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 70952]
"Keyboard Status"="C:\PROGRA~1\Medion\KeyStat\KeyStat.exe" [2005-01-25 411648]
"RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-02-04 118926]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-04-07 877568]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-12-14 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-12-14 217088]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2008-09-05 652528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-26 98304]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1168010725\ee\AOLSoftware.exe" [2006-11-17 50736]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Dit"="Dit.exe" [2004-07-20 C:\WINDOWS\Dit.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 C:\WINDOWS\AGRSMMSG.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-01-26 1048576]
Contr“leur de calendrier Ulead.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2007-04-05 69632]
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msvideo9"= SDVC03.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%ProgramFiles%\\AOL 9.0\\AOL.exe"=
"%WinDir%\\system32\\fxsclnt.exe"=
"%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\eMule2\\emule.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\1168010725\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AOL 9.0 VR\\waol.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\AOL 9.0 (2008)\\waol.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Groupement homologue Windows
"3540:UDP"= 3540:UDP
rotocole PNRP (Peer Name Resolution Protocol)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-01-31 802048]
R3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-12-08 36256]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-01 1272000]
R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 19928]
S2 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-10-09 17408]
S3 GCR410P;Lecteur de cartes à puce série GEMPLUS GCR410P;C:\WINDOWS\system32\DRIVERS\grserial.sys [2008-04-14 28544]
S3 GEMPC430;Lecteur de cartes à puce GEMPLUS GemPC430 USB;C:\WINDOWS\system32\DRIVERS\grclass.sys [2001-08-23 82560]
S3 lgmcbus;LGE Mobile driver (WDM);C:\WINDOWS\system32\DRIVERS\lgmcbus.sys [2008-01-09 83584]
S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\lgmcmdfl.sys [2008-01-09 14976]
S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\lgmcmdm.sys [2008-01-09 110464]
S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\lgmcmgmt.sys [2008-01-09 104448]
S3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);C:\WINDOWS\system32\DRIVERS\lgmcnd5.sys [2008-01-09 25344]
S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\lgmcobex.sys [2008-01-09 100480]
S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);C:\WINDOWS\system32\DRIVERS\lgmcunic.sys [2008-01-09 109952]
S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 SCR111;Lecteur de cartes à puce SCM Microsystems SCR111 série;C:\WINDOWS\system32\DRIVERS\SCR111.sys [2001-08-23 17536]
S3 SDVC05;USB SDVC05;C:\WINDOWS\system32\Drivers\SDVC05.sys [2003-07-22 18088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenu du dossier 'Tâches planifiées'
2008-10-08 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 04:08]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-WMPNSCFG - C:\Program Files\Windows Media Player\WMPNSCFG.exe
HKCU-Run-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-EoEngine - (no file)
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\remy\Application Data\Mozilla\Firefox\Profiles\6j2kkdz9.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.lo.st
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-09 20:08:39
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\scardsvr.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Fichiers communs\AOL\1168010725\ee\services\antiSpywareApp\ver2_0_28_1\AOLSP Scheduler.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
.
**************************************************************************
.
Heure de fin: 2008-10-09 20:18:16 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-09 18:18:13
Avant-CF: 7,364,141,056 octets libres
Après-CF: 7,449,681,920 octets libres
491 --- E O F --- 2008-10-09 18:12:48
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumRedirection google virus aidez moi svp
- ForumAide pour enlever virus pc svp
- ForumAlerte virus. aidez-moi svp
- ForumVirus systeme32 ivpmso.exe aide svp
- ForumVirus trojan hijackthis aide svp
- ForumAide pour virus bagle svp
- ForumSecurity system virus aidez moi svp
- ForumAlerte virus aidez moi svp
- ForumVirus backdoor.botget.ftpb.gen aide svp
- ForumVirus win32.trojan ik aidez moi svp
- Voir plus
