Ordinateur infecté

Bonjour

Mon ordinateur a été infecté. Cela a bloqué l'antivirus, le firewall, internet explorer. Je les ai désinstallé et je ne peux plus réinstaller mon antivirus, le programme se bloque. J'ai démarré ie6, il a marché un fois et, de nouveau, impossible de se connecter. Que dois-je faire svp ?

Répondre

Inscrivez-vous ou connectez-vous pour masquer ceci.

Bonjour

Voilà la log HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 16:02:55, on 18/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {CE3C5D3E-658E-4966-A675-8AFDE578AAE9} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/S [...] loader.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 2803032578
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.atoopic.com/XUpload.ocx
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: ActCmd - {4F662BA3-3986-1A22-A732-08B297B85579} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

Répondre à thad2007

Bonjour,

Il serait temps de passer à IE8 nan ?

Télécharge MalwareByte's Anti-Malware sur ton Bureau.

Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
~~~~ Fais redémarrer ton ordinateur normalement et poste le rapport dans ta prochaine réponse.

REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

Note : Si tu ne parviens à télécharger MBAM à part de MajorGeeks, tu peux le télécharger ici!

Aide :

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

OK, je dois utiliser un autre ordinateur pour télécharger le programme. Pour IE8, je l'ai désinstallé pour revenir à IE7 mais je garde ta sugestion sous le coude

Répondre à thad2007

Impossible de lancer l'ordin en mode sans echec !!!

Répondre à thad2007

Voilà le rapport MalwareBytes. J'ai pu réinstaller un antivirue et me connecter une fois avec IE mais quand j'ai voulu réinstallé IE7, de nouveau, le problème :

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1945
Windows 5.1.2600 Service Pack 3

18/04/2009 21:16:56
mbam-log-2009-04-18 (21-16-56).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 328466
Temps écoulé: 1 hour(s), 59 minute(s), 25 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 23

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sk9ou0s (Rootkit.Bagle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sk9ou0s (Rootkit.Bagle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sk9ou0s (Rootkit.Bagle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa (Rootkit.Bagle) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\german.exe (Rootkit.Bagle) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drvsyskit (Rootkit.Bagle) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Rootkit.Bagle) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\WINDOWS\system32\drivers\down (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\m (Trojan.Agent) -> Delete on reboot.

Fichier(s) infecté(s):
C:\Documents and Settings\HP_Propriétaire\Application Data\drivers\srosa2.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP40\A0040659.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP40\A0040679.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP40\A0040710.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP40\A0040731.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP41\A0040916.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP41\A0040960.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP41\A0041100.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP41\A0041477.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP41\A0041512.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP42\A0041550.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP43\A0041864.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP43\A0042155.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP43\A0042226.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\560125.exe (Trojan.Packed) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\m\data.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\drivers\winupgro.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Delete on reboot.
C:\Documents and Settings\HP_Propriétaire\Application Data\m\flec006.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\HP_Propriétaire\Application Data\drivers\wfsintwq.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.

Répondre à thad2007

J'ai supprimé le rootkit.Bagle via le tuto sur votre forum. Je peux, de nouveau, démarrer l'ordi en mode sans échec. Je vais voir si j'ai accès à Internet....

Répondre à thad2007

Re,

Tu as fait un scan Combofix ?

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Il est en train de se faire. Je te mets le rapport dès qu'il se termine

Répondre à thad2007

Voilà le rapport Combo-Fix

ComboFix 09-04-19.04 - HP_Propriétaire 19/04/2009 11:48.3 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.815 [GMT 2:00]
Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\Combo-Fix.exe
FW: ZoneAlarm Firewall *enabled*
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Propriétaire\Application Data\drivers\downld
C:\InfoSat.txt
c:\windows\java1\lrulitu.bak2
c:\windows\patch.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SK9OU0S
-------\Legacy_SROSA

((((((((((((((((((((((((((((( Fichiers créés du 2009-03-19 au 2009-04-19 ))))))))))))))))))))))))))))))))))))
.

2009-04-19 08:11 . 2009-04-19 08:11 -------- d-----w c:\windows\LastGood.Tmp
2009-04-19 08:11 . 2009-04-19 09:47 -------- d-----w C:\FindyKill
2009-04-18 16:56 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-18 16:56 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-18 16:56 . 2009-04-18 16:56 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-18 12:42 . 2009-04-18 12:42 230 ----a-w c:\windows\system32\spupdsvc.inf
2009-04-17 21:34 . 2009-04-17 21:34 -------- d-----w c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\Wrensoft
2009-04-17 21:08 . 2009-04-19 09:52 -------- d--h--w c:\documents and settings\HP_Propriétaire\Application Data\drivers
2009-04-15 07:12 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 07:12 . 2009-03-06 14:20 286720 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 07:12 . 2009-02-09 11:23 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 07:12 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 07:12 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 07:12 . 2009-02-09 10:53 735744 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 07:12 . 2009-02-09 10:53 739840 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 07:12 . 2009-02-09 10:53 685568 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 07:12 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 07:12 . 2008-12-16 12:31 354304 -c----w c:\windows\system32\dllcache\winhttp.dll
2009-04-15 07:12 . 2009-03-27 06:54 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 07:12 . 2008-04-21 21:15 219136 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-03 08:20 . 2009-04-14 14:50 -------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\FrostWire
2009-04-03 08:17 . 2009-04-03 08:22 -------- d-----w c:\program files\FrostWire
2009-03-28 11:13 . 2009-03-28 11:13 -------- d-----w c:\program files\Guitar Pro 5
2009-03-28 10:48 . 2009-03-28 11:30 -------- d-----w c:\program files\MagicISO
2009-03-21 14:07 . 2009-03-21 14:07 1054720 -c----w c:\windows\system32\dllcache\kernel32.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 09:47 . 2009-04-19 09:46 1212 ----a-w C:\FindyKill.txt
2009-04-18 14:02 . 2007-01-29 17:12 -------- d-----w c:\program files\Hijackthis Version Française
2009-04-18 13:47 . 2005-04-24 16:52 -------- d-----w c:\program files\FileZilla
2009-04-18 12:33 . 2005-01-01 16:32 72996 ----a-w c:\windows\system32\perfc00C.dat
2009-04-18 12:33 . 2005-01-01 16:32 462536 ----a-w c:\windows\system32\perfh00C.dat
2009-04-18 11:59 . 2007-06-01 21:10 -------- d-----w c:\program files\eMule
2009-04-17 21:25 . 2008-11-30 10:44 981812 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-17 21:25 . 2008-11-30 10:44 83689504 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-17 21:18 . 2008-04-11 20:54 -------- d-----w c:\program files\Mozilla Firefox 3 Beta 5
2009-04-17 16:52 . 2007-06-01 18:51 -------- d-----w c:\program files\Paint Shop Pro 6
2009-04-10 20:08 . 2009-04-10 20:10 1754624 ----a-w c:\windows\Internet Logs\xDB1B.tmp
2009-04-10 16:40 . 2009-04-10 16:42 100352 ----a-w c:\windows\Internet Logs\xDB19.tmp
2009-04-10 16:40 . 2009-04-10 16:42 1754112 ----a-w c:\windows\Internet Logs\xDB1A.tmp
2009-04-10 15:49 . 2009-04-10 15:51 3044864 ----a-w c:\windows\Internet Logs\xDB17.tmp
2009-04-10 15:49 . 2009-04-10 15:51 1753088 ----a-w c:\windows\Internet Logs\xDB18.tmp
2009-04-08 17:47 . 2009-04-08 17:48 1747456 ----a-w c:\windows\Internet Logs\xDB16.tmp
2009-04-07 12:21 . 2009-04-07 12:23 1744896 ----a-w c:\windows\Internet Logs\xDB15.tmp
2009-04-06 17:53 . 2009-04-06 17:54 1741312 ----a-w c:\windows\Internet Logs\xDB14.tmp
2009-04-04 21:33 . 2009-04-04 21:34 1737728 ----a-w c:\windows\Internet Logs\xDB13.tmp
2009-04-04 17:18 . 2009-04-04 17:19 1737728 ----a-w c:\windows\Internet Logs\xDB12.tmp
2009-04-03 15:24 . 2009-04-03 15:25 1742336 ----a-w c:\windows\Internet Logs\xDB11.tmp
2009-04-03 15:24 . 2009-04-03 15:25 3289088 ----a-w c:\windows\Internet Logs\xDB10.tmp
2009-04-01 07:55 . 2005-01-01 09:09 -------- d-----w c:\program files\Java
2009-03-28 12:20 . 2009-03-28 12:22 1729024 ----a-w c:\windows\Internet Logs\xDBF.tmp
2009-03-27 22:21 . 2007-06-01 21:42 95664 ----a-w c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-19 17:57 . 2009-03-19 17:59 1688576 ----a-w c:\windows\Internet Logs\xDBE.tmp
2009-03-17 17:39 . 2009-03-17 17:41 1687552 ----a-w c:\windows\Internet Logs\xDBD.tmp
2009-03-12 09:45 . 2009-03-12 09:45 -------- d-----w c:\program files\iTunes
2009-03-12 09:45 . 2009-03-12 09:45 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-12 09:45 . 2009-03-12 09:45 -------- d-----w c:\program files\iPod
2009-03-12 09:45 . 2007-09-12 18:29 -------- d-----w c:\program files\Fichiers communs\Apple
2009-03-12 09:42 . 2009-03-12 09:42 -------- d-----w c:\program files\Bonjour
2009-03-11 08:16 . 2009-01-21 09:03 3914846 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-03-09 03:19 . 2009-01-22 20:44 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 15:50 . 2008-12-21 10:09 -------- d-----w c:\program files\BitTornado
2009-03-07 12:39 . 2009-03-07 12:40 3005952 ----a-w c:\windows\Internet Logs\xDBB.tmp
2009-03-07 12:39 . 2009-03-07 12:40 1663488 ----a-w c:\windows\Internet Logs\xDBC.tmp
2009-03-07 09:46 . 2009-03-07 09:46 -------- d-----w c:\program files\Pochette Express 2
2009-03-06 14:20 . 2005-01-01 16:32 286720 ----a-w c:\windows\system32\pdh.dll
2009-03-05 14:48 . 2009-03-05 14:50 1659904 ----a-w c:\windows\Internet Logs\xDBA.tmp
2009-03-05 11:11 . 2006-09-24 18:02 -------- d-----w c:\program files\CDex_150
2009-02-25 20:39 . 2009-02-25 20:47 1643520 ----a-w c:\windows\Internet Logs\xDB9.tmp
2009-02-19 17:55 . 2009-02-19 17:56 1638400 ----a-w c:\windows\Internet Logs\xDB8.tmp
2009-02-12 17:56 . 2009-02-12 17:58 1605120 ----a-w c:\windows\Internet Logs\xDB7.tmp
2009-02-11 18:15 . 2009-02-11 18:16 1620992 ----a-w c:\windows\Internet Logs\xDB6.tmp
2009-02-11 18:15 . 2009-02-11 18:16 2898432 ----a-w c:\windows\Internet Logs\xDB5.tmp
2009-02-09 14:05 . 2005-01-01 16:32 1846912 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:23 . 2004-08-04 07:48 2025984 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:23 . 2005-01-01 16:32 2147328 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:23 . 2005-01-01 16:32 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:53 . 2005-01-01 16:32 735744 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:53 . 2005-01-01 16:32 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:53 . 2005-01-01 16:32 739840 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:53 . 2005-01-01 16:32 685568 ----a-w c:\windows\system32\advapi32.dll
2009-02-06 10:39 . 2006-01-04 17:28 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:58 . 2005-01-01 16:32 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-26 22:07 . 2009-01-26 22:08 2967040 ----a-w c:\windows\Internet Logs\xDB3.tmp
2009-01-26 22:07 . 2009-01-26 22:08 1595904 ----a-w c:\windows\Internet Logs\xDB4.tmp
2008-09-30 19:09 . 2008-09-30 19:09 95264 ----a-w c:\documents and settings\Administrateur.NOM-B0A1C0A3909.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-10-09 00:00 . 2007-06-01 17:33 138 ----a-w c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\fusioncache.dat
2005-01-01 15:16 . 2008-12-21 17:48 135 ----a-w c:\documents and settings\Invité\Local Settings\Application Data\fusioncache.dat
2005-01-01 15:16 . 2008-09-30 20:44 135 ----a-w c:\documents and settings\Administrateur.NOM-B0A1C0A3909.001\Local Settings\Application Data\fusioncache.dat
2005-01-01 15:16 . 2008-09-30 07:37 135 ----a-w c:\documents and settings\Administrateur.NOM-B0A1C0A3909.000\Local Settings\Application Data\fusioncache.dat
2005-01-01 15:16 . 2007-02-02 18:03 135 ----a-w c:\documents and settings\Administrateur\Local Settings\Application Data\fusioncache.dat
2005-01-01 15:16 . 2005-11-26 13:48 135 ----a-w c:\documents and settings\Vent\Local Settings\Application Data\fusioncache.dat
2005-01-01 15:16 . 2005-04-20 11:17 135 ----a-w c:\documents and settings\thãd\Local Settings\Application Data\fusioncache.dat
2005-04-28 16:22 . 2005-04-26 10:06 444471 --sha-w c:\windows\java\utilurl.dll
2005-05-01 20:44 . 2005-05-01 11:44 0 --sha-w c:\windows\SMINST\HPCD.sys
2008-02-11 12:46 . 2008-02-11 12:46 56 --sh--r c:\windows\system32\4C5A114734.sys
2008-08-26 10:52 . 2008-08-26 10:52 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082620080827\index.dat
.

------- Sigcheck -------

[-] 2005-05-02 20:58 663040 0996B57CC2ABCB271872296E98A18DB2 c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
[-] 2005-03-10 07:48 662016 06AD0B0F43286CD50AF283762EB56763 c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll
[-] 2005-09-03 00:08 664576 031CA1310E4CB23E5A4F747D763D0B49 c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[-] 2005-07-03 02:10 663552 39846B1AC2B99349272EE6E075C3B8AF c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
[-] 2005-10-21 03:39 665600 D327378CEEF9A141C7352691FC30A0DA c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2006-03-04 04:00 667648 241DBC4C2714B2F39AFDED49459ED420 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2006-05-10 05:26 667648 44FCC339191ADB8892520DFA473C455F c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-06-23 11:25 668672 582953780721AC5D38F98CAB229EC7B9 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[-] 2006-09-14 08:38 668672 B8B6F05885A6F42724E8D6BFEDE6BD3F c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[-] 2007-02-19 15:23 669696 1BDE6D5DBA35797ECA8DB8FCB80FC015 c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll
[-] 2007-03-23 09:29 823296 375B58A68A016546535A84060092325C c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[-] 2007-04-18 12:44 669696 A3BF56A786B277E881FD9137F55F0B4B c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll
[-] 2007-06-26 14:36 669696 19058FBDC72F7BAE085369C6D0A7D074 c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll
[-] 2007-08-22 12:57 669696 4F6A45B54D26708E2C2BF2C43D83EDEA c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll
[-] 2007-10-11 05:59 670208 0465CDE31ADD22F6233FFB4FE4AF01CF c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll
[7] 2007-10-10 23:22 825344 871AE10D6AE8877E9636AE5017953D52 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[7] 2007-12-07 01:42 825344 F4FD487241D3AC291046A22CEBD2CF71 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[7] 2008-03-01 12:34 827392 5A0093F59B505C008ED0CEE615563C72 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[7] 2008-04-23 07:19 827392 78D3D2B0BE6AD3E6D82CCB115CF74310 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[7] 2008-06-23 15:40 827904 52589BAE67DD9859724287372668690B c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 09:10 827904 4B0E70D44297877A313045BD059770E1 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-10-16 19:33 827904 37D1A1BFE3D9904F2C3D11592456F9C0 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 23:47 827904 4E192082A5FCE9EF19198A24CDEA3442 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2009-03-03 00:15 828416 39F71B559A97ED722F939A0EA7235323 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2005-03-10 08:04 660992 BA7CDA9917332A6E1FAA1B46BC3AB5FD c:\windows\$NtUninstallKB883939$\wininet.dll
[7] 2004-08-05 10:00 660480 58FE94EF42E074F4CAD8BF02E70E6478 c:\windows\$NtUninstallKB890923$\wininet.dll
[-] 2005-07-03 02:16 662528 E994E704303F07F331B03EE9ED6D9E2D c:\windows\$NtUninstallKB896688$\wininet.dll
[-] 2005-05-02 20:57 662016 FFE3E6FB8D52955A2DE4C6CC765B02BC c:\windows\$NtUninstallKB896727$\wininet.dll
[-] 2005-09-03 00:06 662528 A2DD7EC3AC1EAD13F65E2898FCABBD1A c:\windows\$NtUninstallKB905915$\wininet.dll
[-] 2005-10-21 03:41 662528 E41E8FDF62CF20F2E2B16D800D96EB51 c:\windows\$NtUninstallKB912812$\wininet.dll
[-] 2006-03-04 03:35 662528 19E1A21F21BC938A92EE8BE630994493 c:\windows\$NtUninstallKB916281$\wininet.dll
[-] 2006-05-10 05:24 662528 343FABBF09312842816E92947AACF73A c:\windows\$NtUninstallKB918899$\wininet.dll
[-] 2006-06-23 11:11 663040 4F343F414F05E81CF61B1001634FC6B7 c:\windows\$NtUninstallKB922760$\wininet.dll
[-] 2006-09-14 08:40 663040 B1E994472F3574DB141266F1AA905433 c:\windows\$NtUninstallKB931768$\wininet.dll
[7] 2004-08-05 10:00 660480 58FE94EF42E074F4CAD8BF02E70E6478 c:\windows\$NtUninstallKB933566$\wininet.dll
[-] 2007-04-18 12:32 663040 CA6F58031096FC2509C57670129469F7 c:\windows\$NtUninstallKB937143$\wininet.dll
[-] 2007-06-26 14:12 663040 889269134AF28B2142F47A337CA3A1CD c:\windows\$NtUninstallKB939653$\wininet.dll
[-] 2007-08-22 13:13 663040 18048557AA56DE4B1955FDF7A21F9B24 c:\windows\$NtUninstallKB942615$\wininet.dll
[-] 2006-11-07 19:03 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\ie7updates\KB931768-IE7\wininet.dll
[7] 2007-10-10 23:49 824832 BC5119C53BDD48DABC628D448A3BDCCB c:\windows\ie7updates\KB944533-IE7\wininet.dll
[7] 2008-03-01 12:58 826368 8E027981DDFFA690D456FE18B37415A0 c:\windows\ie7updates\KB950759-IE7\wininet.dll
[7] 2008-06-23 16:28 826368 AC0BD61DC2C64906FBFE50E005FEFA2C c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2008-12-20 22:47 826368 0551C946E305CEE0A79BA744DC141BFC c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2008-04-14 02:33 670208 4A6E04EA20F48D750D9BFED8600D516B c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2006-10-23 15:34 668672 EFA0C2870CBA1747809A13E09F35BF82 c:\windows\SoftwareDistribution\Download\4d1fd3346d9c5199d8c02e0a0384053a\sp2qfe\wininet.dll
[-] 2007-01-04 14:02 669184 114342601AC7EA73B0D2A0ED8505B8B9 c:\windows\SoftwareDistribution\Download\70ee9301296d09c5cfdd37a6f3d1ab20\sp2qfe\wininet.dll
[-] 2009-02-20 08:10 670208 273B84C3C339341F917D7DDAD0722F51 c:\windows\SoftwareDistribution\Download\79744cbfb0498e6a509ccf6b4d7a5d3c\sp3gdr\wininet.dll
[-] 2009-02-20 07:58 671744 8EAE861274F3E0C00C10C871371A1A8E c:\windows\SoftwareDistribution\Download\79744cbfb0498e6a509ccf6b4d7a5d3c\sp3qfe\wininet.dll
[-] 2007-02-27 13:26 822784 75DE73E328E300CAED5965FAEA2F5D3F c:\windows\SoftwareDistribution\Download\824654e71c4bbf408746bf4ef5b4fde5\SP2GDR\wininet.dll
[-] 2007-03-23 09:29 823296 375B58A68A016546535A84060092325C c:\windows\SoftwareDistribution\Download\824654e71c4bbf408746bf4ef5b4fde5\SP2QFE\wininet.dll
[-] 2007-02-19 15:04 663040 129A4681B22150D08E35E144494240A2 c:\windows\SoftwareDistribution\Download\a9563d42f1c26989f29cbdef7b43236c\SP2GDR\wininet.dll
[-] 2007-02-19 15:23 669696 1BDE6D5DBA35797ECA8DB8FCB80FC015 c:\windows\SoftwareDistribution\Download\a9563d42f1c26989f29cbdef7b43236c\SP2QFE\wininet.dll
[7] 2009-03-03 00:13 826368 68A2567FDD62AE7E31D8A885C5173EF9 c:\windows\SoftwareDistribution\Download\f4a2c0aaa24852247df21c71c0eb238d\sp3gdr\wininet.dll
[7] 2009-03-03 00:15 828416 39F71B559A97ED722F939A0EA7235323 c:\windows\SoftwareDistribution\Download\f4a2c0aaa24852247df21c71c0eb238d\sp3qfe\wininet.dll
[-] 2007-10-11 06:13 663552 D2FD027E5D3AF96DEE6C5CC225079DF0 c:\windows\system32\wininet.dll
[-] 2007-10-11 06:13 663552 D2FD027E5D3AF96DEE6C5CC225079DF0 c:\windows\system32\dllcache\wininet.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-09 344064]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-04-18 919016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-11 342312]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-03-22 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2004-09-24 49152]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-07-28 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-07-29 2551808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-4-20 110592]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=

R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-12-31 693512]
R3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-12-31 910600]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a07861b1-e4a7-11dc-95d8-0011d888b889}]
\Shell\AutoRun\command - K:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a49ac867-2c21-11de-b8a6-0011d888b889}]
\Shell\AutoRun\command - k:\wd_windows_tools\WDEULA.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6c9c827-dd61-11dd-acfd-0011d888b889}]
\Shell\AutoRun\command - L:\EmDesk.exe
\Shell\EmDesk\command - L:\EmDesk.exe
.
Contenu du dossier 'Tâches planifiées'

2009-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-04-17 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:23]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll
BHO-{CE3C5D3E-658E-4966-A675-8AFDE578AAE9} - (no file)
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
HKLM-RunOnce-<NO NAME> - (no file)
SSODL-ActCmd-{4F662BA3-3986-1A22-A732-08B297B85579} - (no file)

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\rq0evp5p.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

---- PARAMETRES FIREFOX ----
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 12:26
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(232)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-04-19 12:31 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-04-19 10:31

Avant-CF: 96 034 942 976 octets libres
Après-CF: 102 136 934 400 octets libres

299 --- E O F --- 2009-04-15 08:24

Répondre à thad2007

Même problème avec Bagle ?

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

J'ai refait un scan avec FindyKill et j'ai essayé de supprimer à la main le dossier C:\Avenger, impossible ! Par contre je n'ai plus winupro dans la base de registre et je ne peux supprimer certaines clés comme : LEGACY_SROSA.. Voilà le rapport du scan

############################## [ FindyKill V4.724 ]

# User : HP_Propriétaire () # NOM-B0A1C0A3909
# Update on 15/04/09 by Chiquitine29
# Start at: 12:56:01 | 19/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# Intel(R) Pentium(R) 4 CPU 3.20GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# FW : ZoneAlarm Firewall[ Enabled ]7.0.483.000

# C:\ # Disque fixe local # 144,25 Go (95,14 Go free) [HP_PAVILION] # NTFS
# D:\ # Disque fixe local # 4,78 Go (1016,69 Mo free) [HP_RECOVERY] # FAT32
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible
# J:\ # Disque amovible

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ C:\WINDOWS # C:\WINDOWS\Prefetch ]

Found ! C:\WINDOWS\Prefetch\225531.EXE-09940966.pf
Found ! C:\WINDOWS\Prefetch\227078.EXE-019D535E.pf
Found ! C:\WINDOWS\Prefetch\248890.EXE-1EA867C9.pf
Found ! C:\WINDOWS\Prefetch\255953.EXE-1E1BDFDC.pf
Found ! C:\WINDOWS\Prefetch\262421.EXE-354CEB38.pf
Found ! C:\WINDOWS\Prefetch\555218.EXE-2160470F.pf
Found ! C:\WINDOWS\Prefetch\557750.EXE-1CB234B5.pf
Found ! C:\WINDOWS\Prefetch\560125.EXE-087CCCA3.pf
Found ! C:\WINDOWS\Prefetch\565171.EXE-17056ECF.pf
Found ! C:\WINDOWS\Prefetch\584250.EXE-19AE2109.pf
Found ! C:\WINDOWS\Prefetch\586562.EXE-1DA25750.pf
Found ! C:\WINDOWS\Prefetch\588812.EXE-195A9CE8.pf
Found ! C:\WINDOWS\Prefetch\592187.EXE-2EA6FDE0.pf
Found ! C:\WINDOWS\Prefetch\598718.EXE-183CFFDE.pf
Found ! C:\WINDOWS\Prefetch\599875.EXE-08BFE003.pf
Found ! C:\WINDOWS\Prefetch\600500.EXE-317489C5.pf
Found ! C:\WINDOWS\Prefetch\608984.EXE-323F11AD.pf
Found ! C:\WINDOWS\Prefetch\613484.EXE-30E35F1F.pf
Found ! C:\WINDOWS\Prefetch\FLEC006.EXE-0D3C241B.pf
Found ! C:\WINDOWS\Prefetch\KEYGEN.EXE-0BB988E9.pf
Found ! C:\WINDOWS\Prefetch\KEYGEN.EXE-2F9D80FD.pf
Found ! C:\WINDOWS\Prefetch\MDELK.EXE-0EF461CE.pf
Found ! C:\WINDOWS\Prefetch\WINTEMS.EXE-377E42D4.pf

################## [ C:\WINDOWS\System32... ]

################## [ C:\Documents and Settings\HP_Propriétaire\Application Data ]

Found ! "C:\Documents and Settings\HP_Propriétaire\Application Data\drivers"

################## [ C:\Documents and Settings\HP_Propriétaire...\Temp Files... ]

Found ! C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@www.cracks[2].txt
Found ! C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@www.serials[1].txt

################## [ Registre / Clés infectieuses ]

Found ! HKEY_USERS\S-1-5-21-965552258-2244601395-4113980137-1007\Software\Local AppWizard-Generated Applications\keygen
Found ! HKEY_USERS\S-1-5-21-965552258-2244601395-4113980137-1007\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\keygen
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S

################## [ Recherche dans supports amovibles]

# Recherche fichiers connus :

Found ! C:\Avenger

################## [ Registre / Mountpoint2 ]

# -> Not found !

################## [ ! Fin du rapport # FindyKill V4.724 ! ]

Répondre à thad2007

Lorsque je lance l'option 2 de suppression avec FindyKill, cela commence puis une fenêtre d'avertissement qui s'affiche et mon ordi redémarre sans le message de suppression faite ???

Répondre à thad2007

Oupppsss !!!! J'ai redémarré en mode normal et le programme s'est remis en route avec le message cleaning.... Il doit supprimer les fichiers donc !

Répondre à thad2007

C'est bon les fichiers onté supprimé mail il a trouvé d'autres fichiers corrompus. J'avais désinstallé Zone Alarm et Firefox. Je vais aller voir dans ProgramFiles ce qu'il en reste. Quant à la suite j'ai encore besoin de ton aide Voilà le rapport

############################## [ FindyKill V4.724 ]

# User : HP_Propriétaire (Administrateurs) # NOM-B0A1C0A3909
# Update on 15/04/09 by Chiquitine29
# Start at: 13:29:01 | 19/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# Intel(R) Pentium(R) 4 CPU 3.20GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# FW : ZoneAlarm Firewall[ Enabled ]7.0.483.000

# C:\ # Disque fixe local # 144,25 Go (94,13 Go free) [HP_PAVILION] # NTFS
# D:\ # Disque fixe local # 4,78 Go (1016,69 Mo free) [HP_RECOVERY] # FAT32
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible
# J:\ # Disque amovible

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ C:\WINDOWS # C:\WINDOWS\Prefetch ]

Deleted ! C:\WINDOWS\Prefetch\225531.EXE-09940966.pf
Deleted ! C:\WINDOWS\Prefetch\227078.EXE-019D535E.pf
Deleted ! C:\WINDOWS\Prefetch\248890.EXE-1EA867C9.pf
Deleted ! C:\WINDOWS\Prefetch\255953.EXE-1E1BDFDC.pf
Deleted ! C:\WINDOWS\Prefetch\262421.EXE-354CEB38.pf
Deleted ! C:\WINDOWS\Prefetch\555218.EXE-2160470F.pf
Deleted ! C:\WINDOWS\Prefetch\557750.EXE-1CB234B5.pf
Deleted ! C:\WINDOWS\Prefetch\560125.EXE-087CCCA3.pf
Deleted ! C:\WINDOWS\Prefetch\565171.EXE-17056ECF.pf
Deleted ! C:\WINDOWS\Prefetch\584250.EXE-19AE2109.pf
Deleted ! C:\WINDOWS\Prefetch\586562.EXE-1DA25750.pf
Deleted ! C:\WINDOWS\Prefetch\588812.EXE-195A9CE8.pf
Deleted ! C:\WINDOWS\Prefetch\592187.EXE-2EA6FDE0.pf
Deleted ! C:\WINDOWS\Prefetch\598718.EXE-183CFFDE.pf
Deleted ! C:\WINDOWS\Prefetch\599875.EXE-08BFE003.pf
Deleted ! C:\WINDOWS\Prefetch\600500.EXE-317489C5.pf
Deleted ! C:\WINDOWS\Prefetch\608984.EXE-323F11AD.pf
Deleted ! C:\WINDOWS\Prefetch\613484.EXE-30E35F1F.pf
Deleted ! C:\WINDOWS\Prefetch\FLEC006.EXE-0D3C241B.pf
Deleted ! C:\WINDOWS\Prefetch\KEYGEN.EXE-0BB988E9.pf
Deleted ! C:\WINDOWS\Prefetch\KEYGEN.EXE-2F9D80FD.pf
Deleted ! C:\WINDOWS\Prefetch\MDELK.EXE-0EF461CE.pf
Deleted ! C:\WINDOWS\Prefetch\WINTEMS.EXE-377E42D4.pf
Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-2E16D772.pf

################## [ C:\WINDOWS\System32... ]

################## [ C:\Users\...\AppData\Roaming ]

Deleted ! "C:\Documents and Settings\HP_Propriétaire\Application Data\drivers"

################## [ Cleaning .. Temp Files... ]

Deleted ! C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@www.cracks[2].txt
Deleted ! C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@www.serials[1].txt

################## [ Registry / Infected keys ]

Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro

################## [ Cleaning Removable drives ]

# Deleting Files :

Deleted ! C:\Avenger

################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ States / Restarting of services ]

# Services : [ Auto=2 / Request=3 / Disable=4 ]

# Ndisuio -> # Type of startup =3
# EapHost -> # Type of startup =2
# Ip6Fw -> # Type of startup =2
# SharedAccess -> # Type of startup =2
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2

################## [ Searching Other Infections ]

# -> Nothing found.

################## [ Corrupted files # Re-Installation required ]

C:\Program Files\a-squared Free\a2cmd.exe
C:\Program Files\a-squared Free\a2upd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\uninstall\helper.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Zone Labs\ZoneAlarm\repair\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zatutor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\SAV32CLI\SAV32CLI.EXE
C:\temp\ext52246\update\update.exe
C:\WINDOWS\$hf_mig$\KB873333\update\update.exe
C:\WINDOWS\$hf_mig$\KB873339\update\update.exe
C:\WINDOWS\$hf_mig$\KB883939\update\update.exe
C:\WINDOWS\$hf_mig$\KB885250\update\update.exe
C:\WINDOWS\$hf_mig$\KB885835\update\update.exe
C:\WINDOWS\$hf_mig$\KB885836\update\update.exe
C:\WINDOWS\$hf_mig$\KB886185\update\update.exe
C:\WINDOWS\$hf_mig$\KB887472\update\update.exe
C:\WINDOWS\$hf_mig$\KB887742\update\update.exe
C:\WINDOWS\$hf_mig$\KB888113\update\update.exe
C:\WINDOWS\$hf_mig$\KB888302\update\update.exe
C:\WINDOWS\$hf_mig$\KB890046\update\update.exe
C:\WINDOWS\$hf_mig$\KB890175\update\update.exe
C:\WINDOWS\$hf_mig$\KB890859\update\update.exe
C:\WINDOWS\$hf_mig$\KB890923\update\update.exe
C:\WINDOWS\$hf_mig$\KB891781\update\update.exe
C:\WINDOWS\$hf_mig$\KB893066\update\update.exe
C:\WINDOWS\$hf_mig$\KB893086\update\update.exe
C:\WINDOWS\$hf_mig$\KB893756\update\update.exe
C:\WINDOWS\$hf_mig$\KB894391\update\update.exe
C:\WINDOWS\$hf_mig$\KB896358\update\update.exe
C:\WINDOWS\$hf_mig$\KB896422\update\update.exe
C:\WINDOWS\$hf_mig$\KB896423\update\update.exe
C:\WINDOWS\$hf_mig$\KB896424\update\update.exe
C:\WINDOWS\$hf_mig$\KB896428\update\update.exe
C:\WINDOWS\$hf_mig$\KB896688\update\update.exe
C:\WINDOWS\$hf_mig$\KB896727\update\update.exe
C:\WINDOWS\$hf_mig$\KB898461\update\update.exe
C:\WINDOWS\$hf_mig$\KB899587\update\update.exe
C:\WINDOWS\$hf_mig$\KB899588\update\update.exe
C:\WINDOWS\$hf_mig$\KB899591\update\update.exe
C:\WINDOWS\$hf_mig$\KB900485\update\update.exe
C:\WINDOWS\$hf_mig$\KB900725\update\update.exe
C:\WINDOWS\$hf_mig$\KB901017\update\update.exe
C:\WINDOWS\$hf_mig$\KB901214\update\update.exe
C:\WINDOWS\$hf_mig$\KB902400\update\update.exe
C:\WINDOWS\$hf_mig$\KB904706\update\update.exe
C:\WINDOWS\$hf_mig$\KB904942\update\update.exe
C:\WINDOWS\$hf_mig$\KB905414\update\update.exe
C:\WINDOWS\$hf_mig$\KB905749\update\update.exe
C:\WINDOWS\$hf_mig$\KB905915\update\update.exe
C:\WINDOWS\$hf_mig$\KB908519\update\update.exe
C:\WINDOWS\$hf_mig$\KB908531\update\update.exe
C:\WINDOWS\$hf_mig$\KB910437\update\update.exe
C:\WINDOWS\$hf_mig$\KB911280\update\update.exe
C:\WINDOWS\$hf_mig$\KB911562\update\update.exe
C:\WINDOWS\$hf_mig$\KB911567\update\update.exe
C:\WINDOWS\$hf_mig$\KB911927\update\update.exe
C:\WINDOWS\$hf_mig$\KB912812\update\update.exe
C:\WINDOWS\$hf_mig$\KB912919\update\update.exe
C:\WINDOWS\$hf_mig$\KB913446\update\update.exe
C:\WINDOWS\$hf_mig$\KB913580\update\update.exe
C:\WINDOWS\$hf_mig$\KB914388\update\update.exe
C:\WINDOWS\$hf_mig$\KB914389\update\update.exe
C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
C:\WINDOWS\$hf_mig$\KB916281\update\update.exe
C:\WINDOWS\$hf_mig$\KB916595\update\update.exe
C:\WINDOWS\$hf_mig$\KB917159\update\update.exe
C:\WINDOWS\$hf_mig$\KB917344\update\update.exe
C:\WINDOWS\$hf_mig$\KB917422\update\update.exe
C:\WINDOWS\$hf_mig$\KB917953\update\update.exe
C:\WINDOWS\$hf_mig$\KB918118\update\update.exe
C:\WINDOWS\$hf_mig$\KB918439\update\update.exe
C:\WINDOWS\$hf_mig$\KB918899\update\update.exe
C:\WINDOWS\$hf_mig$\KB919007\update\update.exe
C:\WINDOWS\$hf_mig$\KB920213\update\update.exe
C:\WINDOWS\$hf_mig$\KB920214\update\update.exe
C:\WINDOWS\$hf_mig$\KB920670\update\update.exe
C:\WINDOWS\$hf_mig$\KB920683\update\update.exe
C:\WINDOWS\$hf_mig$\KB920685\update\update.exe
C:\WINDOWS\$hf_mig$\KB920872\update\update.exe
C:\WINDOWS\$hf_mig$\KB921398\update\update.exe
C:\WINDOWS\$hf_mig$\KB921503\update\update.exe
C:\WINDOWS\$hf_mig$\KB921883\update\update.exe
C:\WINDOWS\$hf_mig$\KB922582\update\update.exe
C:\WINDOWS\$hf_mig$\KB922616\update\update.exe
C:\WINDOWS\$hf_mig$\KB922760\update\update.exe
C:\WINDOWS\$hf_mig$\KB922819\update\update.exe
C:\WINDOWS\$hf_mig$\KB923414\update\update.exe
C:\WINDOWS\$hf_mig$\KB923561\update\update.exe
C:\WINDOWS\$hf_mig$\KB923694\update\update.exe
C:\WINDOWS\$hf_mig$\KB923980\update\update.exe
C:\WINDOWS\$hf_mig$\KB924191\update\update.exe
C:\WINDOWS\$hf_mig$\KB924270\update\update.exe
C:\WINDOWS\$hf_mig$\KB924496\update\update.exe
C:\WINDOWS\$hf_mig$\KB925486\update\update.exe
C:\WINDOWS\$hf_mig$\KB925902\update\update.exe
C:\WINDOWS\$hf_mig$\KB926255\update\update.exe
C:\WINDOWS\$hf_mig$\KB926436\update\update.exe
C:\WINDOWS\$hf_mig$\KB927779\update\update.exe
C:\WINDOWS\$hf_mig$\KB927802\update\update.exe
C:\WINDOWS\$hf_mig$\KB927891\update\update.exe
C:\WINDOWS\$hf_mig$\KB928255\update\update.exe
C:\WINDOWS\$hf_mig$\KB928843\update\update.exe
C:\WINDOWS\$hf_mig$\KB929123\update\update.exe
C:\WINDOWS\$hf_mig$\KB929338\update\update.exe
C:\WINDOWS\$hf_mig$\KB929969\update\update.exe
C:\WINDOWS\$hf_mig$\KB930178\update\update.exe
C:\WINDOWS\$hf_mig$\KB930916\update\update.exe
C:\WINDOWS\$hf_mig$\KB931261\update\update.exe
C:\WINDOWS\$hf_mig$\KB931768\update\update.exe
C:\WINDOWS\$hf_mig$\KB931768-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB931784\update\update.exe
C:\WINDOWS\$hf_mig$\KB931836\update\update.exe
C:\WINDOWS\$hf_mig$\KB932168\update\update.exe
C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
C:\WINDOWS\$hf_mig$\KB933360\update\update.exe
C:\WINDOWS\$hf_mig$\KB933566\update\update.exe
C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
C:\WINDOWS\$hf_mig$\KB935839\update\update.exe
C:\WINDOWS\$hf_mig$\KB935840\update\update.exe
C:\WINDOWS\$hf_mig$\KB936021\update\update.exe
C:\WINDOWS\$hf_mig$\KB936357\update\update.exe
C:\WINDOWS\$hf_mig$\KB937143\update\update.exe
C:\WINDOWS\$hf_mig$\KB938127\update\update.exe
C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB938828\update\update.exe
C:\WINDOWS\$hf_mig$\KB938829\update\update.exe
C:\WINDOWS\$hf_mig$\KB939653\update\update.exe
C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
C:\WINDOWS\$hf_mig$\KB942615\update\update.exe
C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
C:\WINDOWS\$hf_mig$\KB942840\update\update.exe
C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
C:\WINDOWS\$hf_mig$\KB943460\update\update.exe
C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
C:\WINDOWS\$hf_mig$\KB946627\update\update.exe
C:\WINDOWS\$hf_mig$\KB946648\update\update.exe
C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
C:\WINDOWS\$hf_mig$\KB948881\update\update.exe
C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB950760\update\update.exe
C:\WINDOWS\$hf_mig$\KB950762\update\update.exe
C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
C:\WINDOWS\$hf_mig$\KB951066\update\update.exe
C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
C:\WINDOWS\$hf_mig$\KB951376\update\update.exe
C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe
C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
C:\WINDOWS\$hf_mig$\KB951978\update\update.exe
C:\WINDOWS\$hf_mig$\KB952004\update\update.exe
C:\WINDOWS\$hf_mig$\KB952287\update\update.exe
C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
C:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB953839\update\update.exe
C:\WINDOWS\$hf_mig$\KB954211\update\update.exe
C:\WINDOWS\$hf_mig$\KB954459\update\update.exe
C:\WINDOWS\$hf_mig$\KB954600\update\update.exe
C:\WINDOWS\$hf_mig$\KB955069\update\update.exe
C:\WINDOWS\$hf_mig$\KB955839\update\update.exe
C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB956391\update\update.exe
C:\WINDOWS\$hf_mig$\KB956572\update\update.exe
C:\WINDOWS\$hf_mig$\KB956802\update\update.exe
C:\WINDOWS\$hf_mig$\KB956803\update\update.exe
C:\WINDOWS\$hf_mig$\KB956841\update\update.exe
C:\WINDOWS\$hf_mig$\KB957095\update\update.exe
C:\WINDOWS\$hf_mig$\KB957097\update\update.exe
C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB958644\update\update.exe
C:\WINDOWS\$hf_mig$\KB958687\update\update.exe
C:\WINDOWS\$hf_mig$\KB958690\update\update.exe
C:\WINDOWS\$hf_mig$\KB959426\update\update.exe
C:\WINDOWS\$hf_mig$\KB960225\update\update.exe
C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB960715\update\update.exe
C:\WINDOWS\$hf_mig$\KB960803\update\update.exe
C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB961373\update\update.exe
C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB967715\update\update.exe
C:\WINDOWS\$NtUninstallKB873339$\update.exe
C:\WINDOWS\$NtUninstallKB885835$\update.exe
C:\WINDOWS\$NtUninstallKB885836$\update.exe
C:\WINDOWS\$NtUninstallKB886185$\update.exe
C:\WINDOWS\$NtUninstallKB887472$\update.exe
C:\WINDOWS\$NtUninstallKB888302$\update.exe
C:\WINDOWS\$NtUninstallKB890046$\update.exe
C:\WINDOWS\$NtUninstallKB890859$\update.exe
C:\WINDOWS\$NtUninstallKB891781$\update.exe
C:\WINDOWS\$NtUninstallKB893756$\update.exe
C:\WINDOWS\$NtUninstallKB894391$\update.exe
C:\WINDOWS\$NtUninstallKB896358$\update.exe
C:\WINDOWS\$NtUninstallKB896423$\update.exe
C:\WINDOWS\$NtUninstallKB896428$\update.exe
C:\WINDOWS\$NtUninstallKB898461$\update.exe
C:\WINDOWS\$NtUninstallKB899587$\update.exe
C:\WINDOWS\$NtUninstallKB899591$\update.exe
C:\WINDOWS\$NtUninstallKB900725$\update.exe
C:\WINDOWS\$NtUninstallKB901017$\update.exe
C:\WINDOWS\$NtUninstallKB901214$\update.exe
C:\WINDOWS\$NtUninstallKB902400$\update.exe
C:\WINDOWS\$NtUninstallKB904706$\update.exe
C:\WINDOWS\$NtUninstallKB904942$\update.exe
C:\WINDOWS\$NtUninstallKB905414$\update.exe
C:\WINDOWS\$NtUninstallKB905749$\update.exe
C:\WINDOWS\$NtUninstallKB908519$\update.exe
C:\WINDOWS\$NtUninstallKB908531$\update.exe
C:\WINDOWS\$NtUninstallKB910437$\update.exe
C:\WINDOWS\$NtUninstallKB911280$\update.exe
C:\WINDOWS\$NtUninstallKB911562$\update.exe
C:\WINDOWS\$NtUninstallKB911927$\update.exe
C:\WINDOWS\$NtUninstallKB913580$\update.exe
C:\WINDOWS\$NtUninstallKB914388$\update.exe
C:\WINDOWS\$NtUninstallKB914389$\update.exe
C:\WINDOWS\$NtUninstallKB915865$\update.exe
C:\WINDOWS\$NtUninstallKB916595$\update.exe
C:\WINDOWS\$NtUninstallKB917344$\update.exe
C:\WINDOWS\$NtUninstallKB917953$\update.exe
C:\WINDOWS\$NtUninstallKB918118$\update.exe
C:\WINDOWS\$NtUninstallKB918439$\update.exe
C:\WINDOWS\$NtUninstallKB919007$\update.exe
C:\WINDOWS\$NtUninstallKB920213$\update.exe
C:\WINDOWS\$NtUninstallKB920670$\update.exe
C:\WINDOWS\$NtUninstallKB920683$\update.exe
C:\WINDOWS\$NtUninstallKB920685$\update.exe
C:\WINDOWS\$NtUninstallKB922582$\update.exe
C:\WINDOWS\$NtUninstallKB922819$\update.exe
C:\WINDOWS\$NtUninstallKB923414$\update.exe
C:\WINDOWS\$NtUninstallKB923980$\update.exe
C:\WINDOWS\$NtUninstallKB924191$\update.exe
C:\WINDOWS\$NtUninstallKB924270$\update.exe
C:\WINDOWS\$NtUninstallKB924496$\update.exe
C:\WINDOWS\$NtUninstallKB925902$\update.exe
C:\WINDOWS\$NtUninstallKB926255$\update.exe
C:\WINDOWS\$NtUninstallKB926436$\update.exe
C:\WINDOWS\$NtUninstallKB927779$\update.exe
C:\WINDOWS\$NtUninstallKB927802$\update.exe
C:\WINDOWS\$NtUninstallKB927891$\update.exe
C:\WINDOWS\$NtUninstallKB928255$\update.exe
C:\WINDOWS\$NtUninstallKB928843$\update.exe
C:\WINDOWS\$NtUninstallKB929969$\update.exe
C:\WINDOWS\$NtUninstallKB930178$\update.exe
C:\WINDOWS\$NtUninstallKB930916$\update.exe
C:\WINDOWS\$NtUninstallKB931261$\update.exe
C:\WINDOWS\$NtUninstallKB931836$\update.exe
C:\WINDOWS\ie7updates\KB931768-IE7\update.exe
C:\WINDOWS\SoftwareDistribution\Download\011cdeb527c0ded3735dde8070aaf659\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\149dffda614674463c33ccf79c4404f3\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\1e6adbe79b62338ef62637e719d50b99\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\4d1fd3346d9c5199d8c02e0a0384053a\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\70ee9301296d09c5cfdd37a6f3d1ab20\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\72a4049f1baa204daaa90904a1d02845\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\824654e71c4bbf408746bf4ef5b4fde5\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\a9563d42f1c26989f29cbdef7b43236c\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\aa575248fa2fd745643e306ccaa52cf2\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\ce5be003a2bf8d73308ed1db60259a46\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\f4a2c0aaa24852247df21c71c0eb238d\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\fb0faa128362fdadcb1300a59dbc6dc9\update\update.exe
C:\WINDOWS\system32\dllcache\register.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\ZoneLabs\updclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe

################## [ ! End of Report # FindyKill V4.724 ! ]

Répondre à thad2007

Comme j'avais toujours des pbs j'ai préféré tout formater er remettre un système tou beau, tout propre Heureusement que j'ai un DD de sauvegarde d'1 tetra. Merci pour ton aide et ta patience Angeldark

Répondre à thad2007

Forum Sécurité - Virus : Ordinateur infecté

Attention