Pub sur mon pc

Bonjour,

Tu as une infection Lop/Swizzor.

Télécharge Lop S&D sur ton Bureau.

Double-clique dessus pour lancer l'installation.

Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.

Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche) .

Patiente jusqu'à la fin du scan.

Poste le rapport généré (C:\lopR.txt).

merci T.T



-----------------------[ Lop S&D 4.2.0-3 XP/Vista ]---------------------

[ USER : Marco ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 26/06/2009 | 10:41:03,28 ] [ PC : SAMSUNG ]
[ MAJ : 30-04-2008 | 18:35 ]

-------------[ Listing des dossiers dans Application Data ]------------

[30/04/2008|19:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[26/04/2009|22:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\Intel
[26/01/2009|21:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
[30/04/2008|18:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[03/06/2008|11:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[03/06/2008|11:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback

[18/03/2009|01:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[22/04/2009|00:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[09/12/2008|20:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[01/05/2008|01:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[01/05/2008|01:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[31/01/2009|20:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
[28/04/2009|23:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[07/05/2008|18:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[23/06/2009|23:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag
[10/06/2009|15:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[30/04/2008|19:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[03/06/2008|21:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FaxCtr
[01/05/2008|01:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[26/04/2009|22:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
[24/04/2009|23:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\iolo
[31/01/2009|19:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
[08/02/2009|22:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LxThumbs
[26/01/2009|21:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[10/05/2008|11:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memeo
[01/05/2008|02:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[06/12/2008|16:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MGS
[23/06/2009|15:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microgaming
[24/05/2009|14:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[14/06/2009|22:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[01/05/2008|01:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[09/06/2009|22:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\S.N.Safe&Software
[09/04/2009|15:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Solero
[01/09/2008|17:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Temp
[25/05/2008|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Test Drive Unlimited
[25/06/2008|11:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Uniblue
[17/07/2008|21:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[01/05/2008|00:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[30/04/2008|19:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[26/04/2009|22:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intel
[30/04/2008|18:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[26/04/2009|22:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\Intel
[08/02/2009|22:49] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[30/04/2008|18:02] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[10/06/2009|15:37] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla

[10/05/2008|11:08] C:\DOCUME~1\Marco\APPLIC~1\Adobe
[01/05/2008|01:50] C:\DOCUME~1\Marco\APPLIC~1\Apple Computer
[31/01/2009|20:13] C:\DOCUME~1\Marco\APPLIC~1\ATI
[21/06/2009|23:24] C:\DOCUME~1\Marco\APPLIC~1\Audio Recorder Titanium
[29/08/2008|02:08] C:\DOCUME~1\Marco\APPLIC~1\Azureus
[09/07/2008|22:34] C:\DOCUME~1\Marco\APPLIC~1\CyberLink
[07/05/2008|20:19] C:\DOCUME~1\Marco\APPLIC~1\DataCast
[30/04/2008|19:48] C:\DOCUME~1\Marco\APPLIC~1\desktop.ini
[27/01/2009|08:27] C:\DOCUME~1\Marco\APPLIC~1\Desktopicon
[30/08/2008|13:49] C:\DOCUME~1\Marco\APPLIC~1\DivX
[29/01/2009|16:36] C:\DOCUME~1\Marco\APPLIC~1\dvdcss
[23/03/2009|17:43] C:\DOCUME~1\Marco\APPLIC~1\FaxCtr
[22/05/2008|15:19] C:\DOCUME~1\Marco\APPLIC~1\FileZilla
[23/06/2009|20:29] C:\DOCUME~1\Marco\APPLIC~1\GetRight
[10/06/2009|15:06] C:\DOCUME~1\Marco\APPLIC~1\GlarySoft
[21/04/2009|16:58] C:\DOCUME~1\Marco\APPLIC~1\Help
[30/04/2008|18:17] C:\DOCUME~1\Marco\APPLIC~1\Identities
[26/04/2009|22:25] C:\DOCUME~1\Marco\APPLIC~1\Intel
[22/04/2009|13:09] C:\DOCUME~1\Marco\APPLIC~1\iolo
[03/02/2009|20:42] C:\DOCUME~1\Marco\APPLIC~1\ItDb.enc
[05/07/2008|14:53] C:\DOCUME~1\Marco\APPLIC~1\Lexmark Productivity Studio
[15/01/2009|20:50] C:\DOCUME~1\Marco\APPLIC~1\LimeWire
[10/06/2009|15:11] C:\DOCUME~1\Marco\APPLIC~1\Macromedia
[26/01/2009|21:52] C:\DOCUME~1\Marco\APPLIC~1\Malwarebytes
[01/05/2008|01:48] C:\DOCUME~1\Marco\APPLIC~1\Media Player Classic
[23/06/2009|20:22] C:\DOCUME~1\Marco\APPLIC~1\Microsoft
[10/06/2009|20:30] C:\DOCUME~1\Marco\APPLIC~1\Moyea
[26/08/2008|16:15] C:\DOCUME~1\Marco\APPLIC~1\Mozilla
[23/06/2009|23:18] C:\DOCUME~1\Marco\APPLIC~1\PLAN PART
[26/04/2009|23:30] C:\DOCUME~1\Marco\APPLIC~1\RayV
[05/04/2009|17:07] C:\DOCUME~1\Marco\APPLIC~1\Real
[24/09/2008|18:47] C:\DOCUME~1\Marco\APPLIC~1\Samsung
[12/05/2008|22:58] C:\DOCUME~1\Marco\APPLIC~1\SecuROM
[08/04/2009|20:27] C:\DOCUME~1\Marco\APPLIC~1\SharePod
[07/05/2008|19:53] C:\DOCUME~1\Marco\APPLIC~1\Sun
[23/03/2009|19:45] C:\DOCUME~1\Marco\APPLIC~1\Syntrillium
[30/04/2008|22:51] C:\DOCUME~1\Marco\APPLIC~1\Talkback
[22/07/2008|22:51] C:\DOCUME~1\Marco\APPLIC~1\U3
[25/06/2008|11:12] C:\DOCUME~1\Marco\APPLIC~1\Uniblue
[26/06/2009|10:40] C:\DOCUME~1\Marco\APPLIC~1\uTorrent
[08/05/2008|15:02] C:\DOCUME~1\Marco\APPLIC~1\vlc
[29/04/2009|23:46] C:\DOCUME~1\Marco\APPLIC~1\Winamp
[01/05/2008|01:48] C:\DOCUME~1\Marco\APPLIC~1\WinRAR

[26/04/2009|22:25] C:\DOCUME~1\NETWOR~1\APPLIC~1\Intel
[30/04/2008|18:02] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[30/04/2008|19:48] C:\DOCUME~1\SAFE'N~1\APPLIC~1\desktop.ini
[26/04/2009|22:25] C:\DOCUME~1\SAFE'N~1\APPLIC~1\Intel
[09/06/2009|23:55] C:\DOCUME~1\SAFE'N~1\APPLIC~1\Microsoft

----------------[ Tâches planifiées dans C:\windows\tasks ]---------------

[26/06/2009 10:00][--ah-----] C:\windows\tasks\AC8B4EC09364F9A4.job
[26/06/2009 09:51][--a------] C:\windows\tasks\GlaryInitialize.job
[23/06/2009 22:49][--a------] C:\windows\tasks\AppleSoftwareUpdate.job
[26/06/2009 09:51][--ah-----] C:\windows\tasks\SA.DAT
[19/08/2004 22:01][-r-h-----] C:\windows\tasks\desktop.ini

AC8B4EC09364F9A4.job <--> c:\docume~1\marco\applic~1\planpa~1\DaleSeekDraw.exe

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[03/06/2008|21:21] C:\Program Files\Abbyy FineReader 6.0 Sprint
[09/12/2008|20:08] C:\Program Files\Adobe
[23/10/2008|22:18] C:\Program Files\Ahead
[28/04/2009|23:41] C:\Program Files\Apoint
[13/08/2008|11:40] C:\Program Files\Apple Software Update
[31/01/2009|04:04] C:\Program Files\ATI Technologies
[28/04/2009|23:38] C:\Program Files\Avira
[23/06/2009|01:09] C:\Program Files\AviSynth 2.5
[02/06/2161|15:41] C:\Program Files\Bill2's Process Manager
[20/01/2009|23:59] C:\Program Files\Bonjour
[11/07/2008|12:56] C:\Program Files\Broadcom
[12/02/2009|10:05] C:\Program Files\CCleaner
[24/06/2009|07:06] C:\Program Files\Circle Developement
[30/01/2009|22:10] C:\Program Files\CONEXANT
[26/04/2009|22:33] C:\Program Files\DIFX
[23/06/2009|11:40] C:\Program Files\Fichiers communs
[06/04/2009|14:04] C:\Program Files\Image-Line
[09/06/2009|03:27] C:\Program Files\InstallShield Installation Information
[26/04/2009|22:24] C:\Program Files\Intel
[25/06/2009|13:29] C:\Program Files\Internet Explorer
[02/06/2161|23:00] C:\Program Files\iPod
[10/06/2009|15:37] C:\Program Files\Java
[03/06/2008|21:23] C:\Program Files\Lexmark 3500-4500 Series
[03/06/2008|21:22] C:\Program Files\Lexmark Fax Solutions
[26/01/2009|21:52] C:\Program Files\Malwarebytes' Anti-Malware
[15/07/2008|15:39] C:\Program Files\MarkAny
[23/06/2009|20:38] C:\Program Files\Messenger
[23/06/2009|23:11] C:\Program Files\Messenger Plus! Live
[23/06/2009|20:35] C:\Program Files\Microsoft
[30/04/2008|18:02] C:\Program Files\microsoft frontpage
[24/05/2009|14:57] C:\Program Files\Microsoft Office
[15/01/2009|00:47] C:\Program Files\Microsoft Office Outlook Connector
[05/05/2008|21:46] C:\Program Files\Microsoft Visual Studio
[05/05/2008|21:55] C:\Program Files\Microsoft Works
[27/08/2008|18:24] C:\Program Files\Movie Maker
[26/06/2009|10:32] C:\Program Files\Mozilla Firefox
[05/05/2008|21:54] C:\Program Files\MSBuild
[23/06/2009|20:50] C:\Program Files\MSECACHE
[30/04/2008|17:55] C:\Program Files\MSN
[30/04/2008|17:56] C:\Program Files\MSN Gaming Zone
[01/05/2008|23:01] C:\Program Files\MSXML 6.0
[27/08/2008|15:45] C:\Program Files\NetMeeting
[27/08/2008|18:24] C:\Program Files\Outlook Express
[23/03/2009|21:38] C:\Program Files\Outsim
[01/04/2009|18:25] C:\Program Files\PerfectBux
[23/06/2009|23:16] C:\Program Files\PLAN PART
[30/04/2008|17:59] C:\Program Files\Services en ligne
[30/04/2008|22:10] C:\Program Files\SigmaTel
[27/08/2008|17:57] C:\Program Files\ThŠme
[01/05/2008|01:05] C:\Program Files\Trend Micro
[30/04/2008|18:17] C:\Program Files\Uninstall Information
[03/05/2008|19:12] C:\Program Files\UxTheme Multipatcher Fr
[23/06/2009|20:50] C:\Program Files\Windows Installer Clean Up
[15/01/2009|00:43] C:\Program Files\Windows Live
[16/07/2008|01:10] C:\Program Files\Windows Media Connect 2
[10/06/2009|15:37] C:\Program Files\Windows Media Player
[27/08/2008|15:45] C:\Program Files\Windows NT
[30/04/2008|18:00] C:\Program Files\WindowsUpdate
[30/04/2008|18:02] C:\Program Files\xerox

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[09/12/2008|20:08] C:\Program Files\Fichiers communs\Adobe
[02/06/2161|23:00] C:\Program Files\Fichiers communs\Apple
[05/05/2008|20:34] C:\Program Files\Fichiers communs\Designer
[14/04/2009|20:45] C:\Program Files\Fichiers communs\DirectX
[09/12/2008|16:09] C:\Program Files\Fichiers communs\DVDVideoSoft
[01/05/2008|01:32] C:\Program Files\Fichiers communs\InstallShield
[06/05/2008|14:48] C:\Program Files\Fichiers communs\Java
[19/02/2009|16:13] C:\Program Files\Fichiers communs\Microsoft Shared
[30/04/2008|17:58] C:\Program Files\Fichiers communs\MSSoap
[11/06/2009|22:01] C:\Program Files\Fichiers communs\ODBC
[30/04/2008|17:58] C:\Program Files\Fichiers communs\Services
[30/04/2008|19:48] C:\Program Files\Fichiers communs\SpeechEngines
[15/01/2009|00:47] C:\Program Files\Fichiers communs\System
[15/01/2009|00:36] C:\Program Files\Fichiers communs\Windows Live
[10/06/2009|15:37] C:\Program Files\Fichiers communs\WindowsLiveInstaller

---------------------------[ Process ]--------------------------

... 44

iexplore.exe ~ [3100]
iexplore.exe ~ [3140]

----------------------[ Recherche avec S_Lop ]---------------------

C:\DOCUME~1\Marco\LOCALS~1\Temp\bis286.exe
C:\DOCUME~1\Marco\LOCALS~1\Temp\bis288.exe

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag\manager slow.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag\manager slow.exe
C:\DOCUME~1\Marco\APPLIC~1\planpa~1
C:\DOCUME~1\Marco\APPLIC~1\planpa~1\Book Tray.exe
C:\DOCUME~1\Marco\APPLIC~1\planpa~1\DaleSeekDraw.exe
C:\DOCUME~1\Marco\APPLIC~1\planpa~1\hdhnghha.exe
C:\DOCUME~1\Marco\APPLIC~1\planpa~1\iaoptana.exe
C:\DOCUME~1\Marco\APPLIC~1\planpa~1\LIES THIS CHIN PEAK.exe
C:\Program Files\planpa~1
C:\Program Files\Circle Developement
C:\windows\Tasks\AC8B4EC09364F9A4.job

----------------------[ Verification du Registre ]----------------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fast Love"="C:\\DOCUME~1\\Marco\\APPLIC~1\\PLANPA~1\\Book Tray.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Base frag grid bows"="C:\\Documents and Settings\\All Users\\Application Data\\Cast ping base frag\\manager slow.exe"

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE


----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 10:42:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

=> C:\Documents and Settings\Marco\Local Settings\Temporary Internet Files\Content.IE5\TNGUDM43\crackerjackSplurb[1].swf


/!\ [Fich:488][Doss:5] C:\DOCUME~1\Marco\LOCALS~1\Temp
/!\ [Fich:161][Doss:0] C:\DOCUME~1\Marco\Cookies
/!\ [Fich:3714][Doss:6] C:\DOCUME~1\Marco\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 10:44:08,28 ]----------------------

Relance Lop S&D.

Choisis cette fois-ci l'option 2 (Suppression).

Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré (C:\lopR.txt).

(Si le Bureau ne réapparaît pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

--> On en est à la version 4.2.5-0 donc installe la nouvelle version  

merci pour la nouvelle version  



-----------------------[ Lop S&D 4.2.0-3 XP/Vista ]---------------------

[ USER : Marco ] [ "C:\Lop SD" ] [ Selection : 2 ]
[ 26/06/2009 | 21:14:09,28 ] [ PC : SAMSUNG ]
[ MAJ : 30-04-2008 | 18:35 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag\manager slow.dat
Echec ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag\manager slow.exe
Supprimé! - C:\DOCUME~1\Marco\APPLIC~1\planpa~1\Book Tray.exe
Supprimé! - C:\DOCUME~1\Marco\APPLIC~1\planpa~1\DaleSeekDraw.exe
Supprimé! - C:\DOCUME~1\Marco\APPLIC~1\planpa~1\hdhnghha.exe
Supprimé! - C:\DOCUME~1\Marco\APPLIC~1\planpa~1\iaoptana.exe
Supprimé! - C:\DOCUME~1\Marco\APPLIC~1\planpa~1\LIES THIS CHIN PEAK.exe
Supprimé! - C:\windows\Tasks\AC8B4EC09364F9A4.job
Supprimé! - C:\DOCUME~1\Marco\LOCALS~1\Temp\bis286.exe
Supprimé! - C:\DOCUME~1\Marco\LOCALS~1\Temp\bis288.exe
Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag
Supprimé! - C:\DOCUME~1\Marco\APPLIC~1\planpa~1
Supprimé! - C:\Program Files\planpa~1
Supprimé! - C:\Program Files\Circle Developement

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


-------------[ Listing des dossiers dans Application Data ]------------

[30/04/2008|19:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[26/04/2009|22:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\Intel
[26/01/2009|21:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
[30/04/2008|18:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[03/06/2008|11:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[03/06/2008|11:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback

[18/03/2009|01:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[22/04/2009|00:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[09/12/2008|20:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[01/05/2008|01:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[01/05/2008|01:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[31/01/2009|20:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
[28/04/2009|23:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[07/05/2008|18:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[10/06/2009|15:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[30/04/2008|19:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[03/06/2008|21:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FaxCtr
[01/05/2008|01:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[26/04/2009|22:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
[24/04/2009|23:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\iolo
[31/01/2009|19:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
[08/02/2009|22:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LxThumbs
[26/01/2009|21:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[10/05/2008|11:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memeo
[01/05/2008|02:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[06/12/2008|16:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MGS
[23/06/2009|15:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microgaming
[24/05/2009|14:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[14/06/2009|22:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[01/05/2008|01:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[09/06/2009|22:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\S.N.Safe&Software
[09/04/2009|15:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Solero
[01/09/2008|17:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Temp
[25/05/2008|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Test Drive Unlimited
[25/06/2008|11:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Uniblue
[17/07/2008|21:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[01/05/2008|00:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[30/04/2008|19:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[26/04/2009|22:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intel
[30/04/2008|18:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[26/04/2009|22:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\Intel
[08/02/2009|22:49] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[30/04/2008|18:02] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[10/06/2009|15:37] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla

[10/05/2008|11:08] C:\DOCUME~1\Marco\APPLIC~1\Adobe
[01/05/2008|01:50] C:\DOCUME~1\Marco\APPLIC~1\Apple Computer
[31/01/2009|20:13] C:\DOCUME~1\Marco\APPLIC~1\ATI
[21/06/2009|23:24] C:\DOCUME~1\Marco\APPLIC~1\Audio Recorder Titanium
[29/08/2008|02:08] C:\DOCUME~1\Marco\APPLIC~1\Azureus
[09/07/2008|22:34] C:\DOCUME~1\Marco\APPLIC~1\CyberLink
[07/05/2008|20:19] C:\DOCUME~1\Marco\APPLIC~1\DataCast
[30/04/2008|19:48] C:\DOCUME~1\Marco\APPLIC~1\desktop.ini
[27/01/2009|08:27] C:\DOCUME~1\Marco\APPLIC~1\Desktopicon
[30/08/2008|13:49] C:\DOCUME~1\Marco\APPLIC~1\DivX
[29/01/2009|16:36] C:\DOCUME~1\Marco\APPLIC~1\dvdcss
[23/03/2009|17:43] C:\DOCUME~1\Marco\APPLIC~1\FaxCtr
[22/05/2008|15:19] C:\DOCUME~1\Marco\APPLIC~1\FileZilla
[23/06/2009|20:29] C:\DOCUME~1\Marco\APPLIC~1\GetRight
[10/06/2009|15:06] C:\DOCUME~1\Marco\APPLIC~1\GlarySoft
[21/04/2009|16:58] C:\DOCUME~1\Marco\APPLIC~1\Help
[30/04/2008|18:17] C:\DOCUME~1\Marco\APPLIC~1\Identities
[26/04/2009|22:25] C:\DOCUME~1\Marco\APPLIC~1\Intel
[22/04/2009|13:09] C:\DOCUME~1\Marco\APPLIC~1\iolo
[03/02/2009|20:42] C:\DOCUME~1\Marco\APPLIC~1\ItDb.enc
[05/07/2008|14:53] C:\DOCUME~1\Marco\APPLIC~1\Lexmark Productivity Studio
[15/01/2009|20:50] C:\DOCUME~1\Marco\APPLIC~1\LimeWire
[10/06/2009|15:11] C:\DOCUME~1\Marco\APPLIC~1\Macromedia
[26/01/2009|21:52] C:\DOCUME~1\Marco\APPLIC~1\Malwarebytes
[01/05/2008|01:48] C:\DOCUME~1\Marco\APPLIC~1\Media Player Classic
[23/06/2009|20:22] C:\DOCUME~1\Marco\APPLIC~1\Microsoft
[10/06/2009|20:30] C:\DOCUME~1\Marco\APPLIC~1\Moyea
[26/08/2008|16:15] C:\DOCUME~1\Marco\APPLIC~1\Mozilla
[26/04/2009|23:30] C:\DOCUME~1\Marco\APPLIC~1\RayV
[05/04/2009|17:07] C:\DOCUME~1\Marco\APPLIC~1\Real
[24/09/2008|18:47] C:\DOCUME~1\Marco\APPLIC~1\Samsung
[12/05/2008|22:58] C:\DOCUME~1\Marco\APPLIC~1\SecuROM
[08/04/2009|20:27] C:\DOCUME~1\Marco\APPLIC~1\SharePod
[07/05/2008|19:53] C:\DOCUME~1\Marco\APPLIC~1\Sun
[23/03/2009|19:45] C:\DOCUME~1\Marco\APPLIC~1\Syntrillium
[30/04/2008|22:51] C:\DOCUME~1\Marco\APPLIC~1\Talkback
[22/07/2008|22:51] C:\DOCUME~1\Marco\APPLIC~1\U3
[25/06/2008|11:12] C:\DOCUME~1\Marco\APPLIC~1\Uniblue
[26/06/2009|21:14] C:\DOCUME~1\Marco\APPLIC~1\uTorrent
[08/05/2008|15:02] C:\DOCUME~1\Marco\APPLIC~1\vlc
[29/04/2009|23:46] C:\DOCUME~1\Marco\APPLIC~1\Winamp
[01/05/2008|01:48] C:\DOCUME~1\Marco\APPLIC~1\WinRAR

[26/04/2009|22:25] C:\DOCUME~1\NETWOR~1\APPLIC~1\Intel
[30/04/2008|18:02] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[30/04/2008|19:48] C:\DOCUME~1\SAFE'N~1\APPLIC~1\desktop.ini
[26/04/2009|22:25] C:\DOCUME~1\SAFE'N~1\APPLIC~1\Intel
[09/06/2009|23:55] C:\DOCUME~1\SAFE'N~1\APPLIC~1\Microsoft

----------------[ Tâches planifiées dans C:\windows\tasks ]---------------

[26/06/2009 09:51][--a------] C:\windows\tasks\GlaryInitialize.job
[23/06/2009 22:49][--a------] C:\windows\tasks\AppleSoftwareUpdate.job
[26/06/2009 09:51][--ah-----] C:\windows\tasks\SA.DAT
[19/08/2004 22:01][-r-h-----] C:\windows\tasks\desktop.ini

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[03/06/2008|21:21] C:\Program Files\Abbyy FineReader 6.0 Sprint
[09/12/2008|20:08] C:\Program Files\Adobe
[23/10/2008|22:18] C:\Program Files\Ahead
[28/04/2009|23:41] C:\Program Files\Apoint
[13/08/2008|11:40] C:\Program Files\Apple Software Update
[31/01/2009|04:04] C:\Program Files\ATI Technologies
[28/04/2009|23:38] C:\Program Files\Avira
[23/06/2009|01:09] C:\Program Files\AviSynth 2.5
[02/06/2161|15:41] C:\Program Files\Bill2's Process Manager
[20/01/2009|23:59] C:\Program Files\Bonjour
[11/07/2008|12:56] C:\Program Files\Broadcom
[12/02/2009|10:05] C:\Program Files\CCleaner
[30/01/2009|22:10] C:\Program Files\CONEXANT
[26/04/2009|22:33] C:\Program Files\DIFX
[23/06/2009|11:40] C:\Program Files\Fichiers communs
[06/04/2009|14:04] C:\Program Files\Image-Line
[09/06/2009|03:27] C:\Program Files\InstallShield Installation Information
[26/04/2009|22:24] C:\Program Files\Intel
[25/06/2009|13:29] C:\Program Files\Internet Explorer
[02/06/2161|23:00] C:\Program Files\iPod
[10/06/2009|15:37] C:\Program Files\Java
[03/06/2008|21:23] C:\Program Files\Lexmark 3500-4500 Series
[03/06/2008|21:22] C:\Program Files\Lexmark Fax Solutions
[26/01/2009|21:52] C:\Program Files\Malwarebytes' Anti-Malware
[15/07/2008|15:39] C:\Program Files\MarkAny
[23/06/2009|20:38] C:\Program Files\Messenger
[23/06/2009|23:11] C:\Program Files\Messenger Plus! Live
[23/06/2009|20:35] C:\Program Files\Microsoft
[30/04/2008|18:02] C:\Program Files\microsoft frontpage
[24/05/2009|14:57] C:\Program Files\Microsoft Office
[15/01/2009|00:47] C:\Program Files\Microsoft Office Outlook Connector
[05/05/2008|21:46] C:\Program Files\Microsoft Visual Studio
[05/05/2008|21:55] C:\Program Files\Microsoft Works
[27/08/2008|18:24] C:\Program Files\Movie Maker
[26/06/2009|21:08] C:\Program Files\Mozilla Firefox
[05/05/2008|21:54] C:\Program Files\MSBuild
[23/06/2009|20:50] C:\Program Files\MSECACHE
[30/04/2008|17:55] C:\Program Files\MSN
[30/04/2008|17:56] C:\Program Files\MSN Gaming Zone
[01/05/2008|23:01] C:\Program Files\MSXML 6.0
[27/08/2008|15:45] C:\Program Files\NetMeeting
[27/08/2008|18:24] C:\Program Files\Outlook Express
[23/03/2009|21:38] C:\Program Files\Outsim
[01/04/2009|18:25] C:\Program Files\PerfectBux
[30/04/2008|17:59] C:\Program Files\Services en ligne
[30/04/2008|22:10] C:\Program Files\SigmaTel
[27/08/2008|17:57] C:\Program Files\Thème
[01/05/2008|01:05] C:\Program Files\Trend Micro
[30/04/2008|18:17] C:\Program Files\Uninstall Information
[03/05/2008|19:12] C:\Program Files\UxTheme Multipatcher Fr
[23/06/2009|20:50] C:\Program Files\Windows Installer Clean Up
[15/01/2009|00:43] C:\Program Files\Windows Live
[16/07/2008|01:10] C:\Program Files\Windows Media Connect 2
[10/06/2009|15:37] C:\Program Files\Windows Media Player
[27/08/2008|15:45] C:\Program Files\Windows NT
[30/04/2008|18:00] C:\Program Files\WindowsUpdate
[30/04/2008|18:02] C:\Program Files\xerox

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[09/12/2008|20:08] C:\Program Files\Fichiers communs\Adobe
[02/06/2161|23:00] C:\Program Files\Fichiers communs\Apple
[05/05/2008|20:34] C:\Program Files\Fichiers communs\Designer
[14/04/2009|20:45] C:\Program Files\Fichiers communs\DirectX
[09/12/2008|16:09] C:\Program Files\Fichiers communs\DVDVideoSoft
[01/05/2008|01:32] C:\Program Files\Fichiers communs\InstallShield
[06/05/2008|14:48] C:\Program Files\Fichiers communs\Java
[19/02/2009|16:13] C:\Program Files\Fichiers communs\Microsoft Shared
[30/04/2008|17:58] C:\Program Files\Fichiers communs\MSSoap
[11/06/2009|22:01] C:\Program Files\Fichiers communs\ODBC
[30/04/2008|17:58] C:\Program Files\Fichiers communs\Services
[30/04/2008|19:48] C:\Program Files\Fichiers communs\SpeechEngines
[15/01/2009|00:47] C:\Program Files\Fichiers communs\System
[15/01/2009|00:36] C:\Program Files\Fichiers communs\Windows Live
[10/06/2009|15:37] C:\Program Files\Fichiers communs\WindowsLiveInstaller

---------------------------[ Process ]--------------------------

... 42

... OK !

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

Aucun fichier / dossier Lop trouvé !

----------------------[ Verification du Registre ]----------------------

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE


----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 21:15:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

=> C:\Documents and Settings\Marco\Local Settings\Temporary Internet Files\Content.IE5\TNGUDM43\crackerjackSplurb[1].swf


/!\ [Fich:500][Doss:5] C:\DOCUME~1\Marco\LOCALS~1\Temp
/!\ [Fich:161][Doss:0] C:\DOCUME~1\Marco\Cookies
/!\ [Fich:3766][Doss:6] C:\DOCUME~1\Marco\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 21:16:44,05 ]----------------------

Infection Lop supprimée.

On va voir s'il n'y a pas autre chose.

Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

Clique sur Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.

log.txt


Logfile of random's system information tool 1.06 (written by random/random)
Run by Marco at 2009-06-28 09:30:27
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 4 GB (19%) free of 21 GB
Total RAM: 2047 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:30:42, on 28/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\windows\system32\lxdicoms.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\windows\system32\svchost.exe
C:\windows\system32\ZuneBusEnum.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
E:\Program Files\Hercules\Hercules Blog Webcam\CamService.exe
C:\windows\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
E:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Marco\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Marco.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\windows\system32\userinit.exe,C:\Documents and Settings\Marco\xwpwc.exe \s,
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - E:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\SamSung!\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HerculesCamService] E:\Program Files\Hercules\Hercules Blog Webcam\CamService.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-746137067-1993962763-1343024091-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - Startup: iTunes.exe.lnk = E:\Program Files\iTunes\iTunes.exe
O8 - Extra context menu item: Download with GetRight - E:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\SamSung!\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - E:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\SamSung!\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\SamSung!\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\SamSung!\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\SamSung!\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\windows\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\windows\system32\lxdicoms.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7249 bytes

======Scheduled tasks folder======

C:\windows\tasks\AppleSoftwareUpdate.job
C:\windows\tasks\GlaryInitialize.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}]
IE to GetRight Helper - E:\Program Files\GetRight\xx2gr.dll [2007-07-18 246848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - F:\SamSung!\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-19 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-19 455168]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-02-21 819200]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-02-21 970752]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"HerculesCamService"=E:\Program Files\Hercules\Hercules Blog Webcam\CamService.exe [2006-10-13 122880]
"KernelFaultCheck"=C:\windows\system32\dumprep 0 -k []
"MSConfig"=C:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE [2008-04-14 172544]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\windows\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\windows\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-19 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
E:\Program Files\iTunes\iTunesHelper.exe [2009-05-30 292136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProcessManager]
C:\Program Files\Bill2's Process Manager\ProcessManager.exe [2009-05-30 1830912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
F:\SamSung!\MICROS~1\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marco^Menu Démarrer^Programmes^Démarrage^iTuneS.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marco^Menu Démarrer^Programmes^Démarrage^OneNote 2007 - Capture d'écran et lancement.lnk]
F:\SamSung!\MICROS~1\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3
"WMPNetworkSvc"=3
"StarWindServiceAE"=2
"odserv"=3
"Microsoft Office Groove Audit Service"=3
"IDriverT"=3
"Bonjour Service"=2
"ATI Smart"=2
"Ati HotKey Poller"=2

C:\Documents and Settings\Marco\Menu Démarrer\Programmes\Démarrage
iTunes.exe.lnk - E:\Program Files\iTunes\iTunes.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\windows\system32\Ati2evxx.dll [2008-12-01 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"=C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 192512]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=F:\SamSung!\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\SamSung!\Microsoft Office\Office12\OUTLOOK.EXE"="F:\SamSung!\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"F:\SamSung!\Microsoft Office\Office12\GROOVE.EXE"="F:\SamSung!\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"F:\SamSung!\Microsoft Office\Office12\ONENOTE.EXE"="F:\SamSung!\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"F:\SamSung!\Game\PES 2008\PES 2008\PES2008.exe"="F:\SamSung!\Game\PES 2008\PES 2008\PES2008.exe:*:Enabled ro Evolution Soccer 2008"
"F:\SamSung!\Game\Act of war\ACTOFWAR.EXE"="F:\SamSung!\Game\Act of war\ACTOFWAR.EXE:*:Enabled:ACTOFWAR"
"E:\Program Files\VideoLAN\VLC\vlc.exe"="E:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\Program Files\Lexmark 3500-4500 Series\App4R.exe"="C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe"="C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader"
"C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe"="C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:*:Enabled:Fax software"
"C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:*:Enabled evice Monitor"
"C:\WINDOWS\system32\lxdicfg.exe"="C:\WINDOWS\system32\lxdicfg.exe:*:Enabled rinter Communication System"
"C:\WINDOWS\system32\lxdicoms.exe"="C:\WINDOWS\system32\lxdicoms.exe:*:Enabled:Lexmark Communications System"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe:*:Enabled rinter Status Window Interface"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe:*:Enabled:Lexmark Connect Time Executable"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe:*:Enabled:Job Status Window Interface"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiwbgw.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiwbgw.exe:*:Enabled:Lexmark Web Gateway"
"C:\WINDOWS\system32\lxdiih.exe"="C:\WINDOWS\system32\lxdiih.exe:*:Enabled rinter Communication System"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\Program Files\uTorrent\uTorrent.exe"="E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"E:\Program Files\TVAnts\Tvants.exe"="E:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"E:\Program Files\RayV\RayV\RayV.dll"="E:\Program Files\RayV\RayV\RayV.dll:*:Enabled:RayV"
"C:\Program Files\Lexmark 3500-4500 Series\Wireless\lxdiwpss.exe"="C:\Program Files\Lexmark 3500-4500 Series\Wireless\lxdiwpss.exe:* isabled: "
"E:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe"="E:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe:* isabled:iolo AntiVirus®"
"E:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe"="E:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe:* isabled:iolo AntiVirus®"
"E:\Program Files\iolo\System Mechanic Professional\AntiVirus\iAVEmailScanner.exe"="E:\Program Files\iolo\System Mechanic Professional\AntiVirus\iAVEmailScanner.exe:* isabled:iolo AntiVirus® Email Protection"
"E:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe"="E:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe:* isabled:iolo AntiVirus® Email Protection"
"E:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe"="E:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe:* isabled:iolo Firewall®"
"E:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe"="E:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe:* isabled:iolo Firewall®"
"C:\Documents and Settings\Marco\Local Settings\temp\ms1240355414.exe"="C:\Documents and Settings\Marco\Local Settings\temp\ms1240355414.exe:* isabled:ms1240355414"
"E:\Program Files\RayV\RayV\RayV.exe"="E:\Program Files\RayV\RayV\RayV.exe:* isabled:RayV"
"C:\Program Files\RayV\RayV\RayV.dll"="C:\Program Files\RayV\RayV\RayV.dll:*:Enabled:RayV"
"C:\Program Files\RayV\RayV\RayV.exe"="C:\Program Files\RayV\RayV\RayV.exe:*:Enabled:RayV"
"C:\Documents and Settings\Marco\xwpwc.exe"="C:\Documents and Settings\Marco\xwpwc.exe:*:Enabled:ENABLE"
"E:\Program Files\iTunes\iTunes.exe"="E:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
"E:\Program Files\Hercules\Hercules Blog Webcam\Station2.exe"="E:\Program Files\Hercules\Hercules Blog Webcam\Station2.exe:*:Enabled:Hercules Webcam Station Evolution"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Lexmark 3500-4500 Series\app4r.exe"="C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37de8f3a-1935-11dd-8a62-00166fbf4087}]
shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{830bd25d-2b9f-11de-8639-00166fbf4087}]
shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb43a1e5-16d0-11dd-8a54-bdaccb291a89}]
shell\AutoRun\command - G:\LaunchU3.exe


======List of files/folders created in the last 1 months======

2161-06-03 14:10:01 ----D---- C:\windows\Minidump
2161-06-02 23:00:53 ----D---- C:\Program Files\iPod
2161-06-02 15:41:03 ----D---- C:\Program Files\Bill2's Process Manager
2009-06-26 10:41:03 ----A---- C:\lopR.txt
2009-06-23 20:50:40 ----D---- C:\Program Files\Windows Installer Clean Up
2009-06-23 20:50:21 ----D---- C:\Program Files\MSECACHE
2009-06-23 20:25:45 ----D---- C:\site
2009-06-23 20:25:45 ----D---- C:\fichier
2009-06-23 20:25:44 ----D---- C:\compta
2009-06-23 20:25:44 ----D---- C:\clip lyrics
2009-06-23 20:25:43 ----D---- C:\subtitle de films
2009-06-23 20:25:43 ----D---- C:\shopping
2009-06-23 20:25:43 ----D---- C:\cours
2009-06-23 20:25:40 ----D---- C:\table
2009-06-23 15:57:35 ----D---- C:\Documents and Settings\All Users\Application Data\Microgaming
2009-06-23 01:11:45 ----HDC---- C:\windows\$NtUninstallKB952011$
2009-06-23 01:09:30 ----A---- C:\windows\system32\pthreadGC2.dll
2009-06-23 01:09:03 ----D---- C:\Program Files\AviSynth 2.5
2009-06-21 23:24:06 ----D---- C:\Documents and Settings\Marco\Application Data\Audio Recorder Titanium
2009-06-21 23:21:55 ----A---- C:\windows\system32\NCTWMAFile2.dll
2009-06-21 23:21:55 ----A---- C:\windows\system32\NCTTextToAudio2.dll
2009-06-21 23:21:54 ----A---- C:\windows\system32\NCTAudioVisualizationEx2.dll
2009-06-21 23:21:54 ----A---- C:\windows\system32\NCTAudioVisualization2.dll
2009-06-21 23:21:54 ----A---- C:\windows\system32\NCTAudioTransform2.dll
2009-06-21 23:21:54 ----A---- C:\windows\system32\NCTAudioRecord2.dll
2009-06-21 23:21:54 ----A---- C:\windows\system32\NCTAudioPlayer2.dll
2009-06-21 23:21:54 ----A---- C:\windows\system32\NCTAudioInformation2.dll
2009-06-21 23:21:53 ----A---- C:\windows\system32\NCTAudioFile2.dll
2009-06-21 23:21:53 ----A---- C:\windows\system32\NCTAudioEditor2.dll
2009-06-21 23:21:53 ----A---- C:\windows\system32\NCTAudioDisplay2.dll
2009-06-21 23:21:52 ----A---- C:\windows\system32\NCTAudioDesign2.dll
2009-06-21 23:21:52 ----A---- C:\windows\system32\NCTAudioCDGrabber2.dll
2009-06-17 22:14:23 ----D---- C:\Downloads
2009-06-17 22:10:24 ----D---- C:\Documents and Settings\Marco\Application Data\GetRight
2009-06-17 00:29:18 ----HDC---- C:\windows\$NtUninstallWudf01007$
2009-06-16 13:26:51 ----D---- C:\windows\ie8updates
2009-06-16 13:20:04 ----A---- C:\windows\system32\ieencode.dll
2009-06-11 22:09:55 ----HDC---- C:\windows\$NtUninstallKB961501$
2009-06-11 22:09:45 ----HDC---- C:\windows\$NtUninstallKB969898$
2009-06-11 22:04:09 ----HDC---- C:\windows\$NtUninstallKB970238$
2009-06-11 22:03:10 ----A---- C:\windows\imsins.BAK
2009-06-11 22:03:03 ----HDC---- C:\windows\$NtUninstallKB968537$
2009-06-11 22:01:54 ----D---- C:\Program Files\Fichiers communs\ODBC
2009-06-10 20:30:13 ----D---- C:\Documents and Settings\Marco\Application Data\Moyea
2009-06-10 16:36:29 ----D---- C:\logs
2009-06-10 13:56:20 ----A---- C:\windows\ntbtlog.txt
2009-06-09 22:02:39 ----D---- C:\Documents and Settings\All Users\Application Data\S.N.Safe&Software
2009-06-09 03:28:03 ----D---- C:\windows\ovtcam
2009-06-09 03:28:03 ----A---- C:\windows\OMNIUNS.EXE
2009-06-09 03:27:37 ----D---- C:\windows\system32\HWC Blog

======List of files/folders modified in the last 1 months======

2161-06-02 23:00:51 ----D---- C:\Program Files\Fichiers communs\Apple
2161-06-02 22:55:11 ----DC---- C:\windows\system32\DRVSTORE
2009-06-28 09:30:31 ----D---- C:\Documents and Settings\Marco\Application Data\uTorrent
2009-06-28 09:30:24 ----D---- C:\windows\Prefetch
2009-06-28 09:24:35 ----D---- C:\Program Files\Mozilla Firefox
2009-06-27 10:11:21 ----D---- C:\windows\Temp
2009-06-27 10:11:15 ----D---- C:\windows\system32\CatRoot2
2009-06-27 01:24:23 ----A---- C:\windows\SchedLgU.Txt
2009-06-26 21:16:44 ----D---- C:\Lop SD
2009-06-26 21:14:15 ----RD---- C:\Program Files
2009-06-26 21:14:13 ----SD---- C:\windows\Tasks
2009-06-25 13:33:05 ----A---- C:\windows\win.ini
2009-06-25 13:33:05 ----A---- C:\windows\system.ini
2009-06-25 13:29:08 ----RSHDC---- C:\windows\system32\dllcache
2009-06-25 13:29:08 ----D---- C:\windows\system32\fr-fr
2009-06-25 13:29:08 ----D---- C:\WINDOWS
2009-06-25 13:29:07 ----D---- C:\windows\system32
2009-06-25 13:29:06 ----HD---- C:\windows\inf
2009-06-25 13:29:06 ----D---- C:\windows\Media
2009-06-25 13:29:06 ----D---- C:\windows\Help
2009-06-25 13:29:06 ----D---- C:\Program Files\Internet Explorer
2009-06-25 00:29:05 ----A---- C:\windows\system32\PerfStringBackup.INI
2009-06-24 05:56:50 ----D---- C:\windows\system32\config
2009-06-23 23:11:03 ----D---- C:\Program Files\Messenger Plus! Live
2009-06-23 21:28:11 ----D---- C:\windows\pss
2009-06-23 20:52:29 ----SHD---- C:\windows\Installer
2009-06-23 20:38:09 ----D---- C:\Program Files\Messenger
2009-06-23 20:35:03 ----D---- C:\Program Files\Microsoft
2009-06-23 20:22:50 ----SD---- C:\Documents and Settings\Marco\Application Data\Microsoft
2009-06-23 15:57:59 ----SD---- C:\windows\Downloaded Program Files
2009-06-23 11:40:55 ----D---- C:\Program Files\Fichiers communs
2009-06-21 22:02:30 ----D---- C:\windows\system32\CatRoot
2009-06-17 00:29:47 ----D---- C:\windows\system32\drivers
2009-06-16 13:27:08 ----HD---- C:\windows\$hf_mig$
2009-06-14 22:01:24 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-06-11 22:04:29 ----D---- C:\windows\Debug
2009-06-10 20:29:00 ----D---- C:\windows\WinSxS
2009-06-10 15:37:46 ----SHDC---- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2009-06-10 15:37:46 ----D---- C:\Program Files\Windows Media Player
2009-06-10 15:37:46 ----D---- C:\Program Files\Java
2009-06-10 15:37:41 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2009-06-10 15:20:42 ----D---- C:\windows\system32\Restore
2009-06-10 15:11:38 ----D---- C:\Documents and Settings\Marco\Application Data\Macromedia
2009-06-10 15:06:28 ----D---- C:\Documents and Settings\Marco\Application Data\GlarySoft
2009-06-09 23:55:32 ----D---- C:\Documents and Settings
2009-06-09 03:28:03 ----D---- C:\windows\twain_32
2009-06-09 03:27:27 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-01 18:51:12 ----A---- C:\windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\windows\system32\DRIVERS\avipbb.sys [2009-04-28 96104]
R1 intelppm;Pilote de processeur Intel; C:\windows\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\windows\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 PQNTDrv;PQNTDrv; C:\windows\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 ssmdrv;ssmdrv; C:\windows\system32\DRIVERS\ssmdrv.sys [2009-06-10 28520]
R1 StarOpen;StarOpen; C:\windows\system32\drivers\StarOpen.sys [2009-01-31 5632]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\windows\system32\DRIVERS\AegisP.sys [2009-04-26 21425]
R2 avgntflt;avgntflt; C:\windows\system32\DRIVERS\avgntflt.sys [2009-04-28 55640]
R2 mdmxsdk;mdmxsdk; C:\windows\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\windows\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NetBIOS NWLink; C:\windows\system32\DRIVERS\nwlnknb.sys [2004-08-19 63232]
R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\windows\system32\DRIVERS\nwlnkspx.sys [2004-08-19 55936]
R2 s24trans;Transport RLAN; C:\windows\system32\DRIVERS\s24trans.sys [2007-02-21 12416]
R2 zumbus;Zune Bus Enumerator Driver; C:\windows\system32\DRIVERS\zumbus.sys [2008-11-10 40832]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\windows\system32\DRIVERS\Apfiltr.sys [2005-09-28 113847]
R3 APL531;Hercules Blog Webcam; C:\windows\System32\Drivers\BLvid.sys [2006-09-29 274816]
R3 ati2mtag;ati2mtag; C:\windows\system32\DRIVERS\ati2mtag.sys [2008-12-02 3452928]
R3 camfilt;camfilt; C:\windows\System32\Drivers\camfilt.sys [2006-10-03 22656]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\windows\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 dtscsi;dtscsi; C:\windows\System32\Drivers\dtscsi.sys [2008-05-11 223128]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HidUsb;Pilote de classe HID Microsoft; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\windows\system32\DRIVERS\HSF_DPV.SYS [2005-03-17 1033600]
R3 HSFHWICH;HSFHWICH; C:\windows\system32\DRIVERS\HSFHWICH.sys [2005-03-17 208000]
R3 mouhid;Pilote HID de souris; C:\windows\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 STAC97;SigmaTel C-Major Audio; C:\windows\system32\drivers\STAC97.sys [2005-03-10 273168]
R3 usbaudio;Pilote USB audio (WDM); C:\windows\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\windows\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\windows\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\windows\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Pilote de stockage de masse USB; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\windows\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Pilote de carte de connexion réseau Intel(R) PRO/Wireless 2200BG pour Windows XP; C:\windows\system32\DRIVERS\w29n51.sys [2007-02-08 2209408]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\windows\System32\Drivers\wdf01000.sys [2008-03-27 503008]
R3 winachsf;winachsf; C:\windows\system32\DRIVERS\HSF_CNXT.sys [2005-03-17 705280]
S3 ajuaf5xh;ajuaf5xh; C:\windows\system32\drivers\ajuaf5xh.sys []
S3 Arp1394;Protocole client ARP 1394; C:\windows\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ATIXPGAA;ATIXPGAA; \??\C:\Dell\Drivers\R88754\ATIXPGAA.SYS []
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\windows\system32\DRIVERS\bcm4sbxp.sys [2003-09-26 44032]
S3 BthEnum;Service d'énumérateur Bluetooth; C:\windows\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\windows\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Pilote de port Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2008-06-14 272768]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Décodeur sous-titre fermé; C:\windows\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\windows\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\windows\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\windows\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;Pilote réseau 1394; C:\windows\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Pilote du Moniteur réseau; C:\windows\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\windows\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 sffdisk;Pilote de classe de stockage SFF; C:\windows\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;Pilote de protocole de stockage SFF pour SDBus; C:\windows\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;Détrameur décalage BDA; C:\windows\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\windows\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\windows\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\windows\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\windows\system32\DRIVERS\ssm_bus.sys [2007-05-02 83592]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\windows\system32\DRIVERS\ssm_mdfl.sys [2007-05-02 15112]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\windows\system32\DRIVERS\ssm_mdm.sys [2007-05-02 109704]
S3 streamip;BDA IPSink; C:\windows\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UIUSys;Conexant Setup API; C:\windows\system32\drivers\UIUSys.sys []
S3 usbscan;Pilote de scanneur USB; C:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WinUSB;WinUSB; C:\windows\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WpdUsb;WpdUsb; C:\windows\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\windows\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\windows\System32\drivers\ws2ifsl.sys [2004-08-19 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-06-10 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 BthServ;Bluetooth Support Service; C:\windows\system32\svchost.exe [2008-04-14 14336]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-02-21 643072]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 lxdi_device;lxdi_device; C:\windows\system32\lxdicoms.exe [2007-06-11 517040]
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService; C:\windows\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 99248]
R2 NwSapAgent;Agent SAP; C:\windows\system32\svchost.exe [2008-04-14 14336]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-02-21 327680]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2008-04-14 14336]
R2 ZuneBusEnum;Zune Bus Enumerator; C:\windows\system32\ZuneBusEnum.exe [2008-12-12 60032]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-05-30 541992]
S2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-02-21 983040]
S2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-02-21 294912]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ZuneNetworkSvc;Zune Network Sharing Service; E:\Program Files\zune\ZuneNss.exe [2008-12-12 5117568]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; C:\windows\system32\ZuneWlanCfgSvc.exe [2008-12-12 243840]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\windows\system32\Ati2evxx.exe [2008-12-01 598016]
S4 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-12-01 593920]
S4 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; F:\SamSung!\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S4 StarWindServiceAE;StarWind AE Service; E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S4 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

-----------------EOF-----------------






lxdi.log


2009/04/21-12:20:37.412 ComClient LcsClosePrinter() exception=1
2009/06/10-14:23:56.187 ComClient LcsClosePrinter() exception=1

1/

Lance ce fichier : C:\Program Files\Trend Micro\HijackThis\Marco.exe

Choisis Do a system scan only.

Coche les cases qui sont devant les lignes suivantes :

F2 - REG:system.ini: UserInit=C:\windows\system32\userinit.exe,C:\Documents and Settings\Marco\xwpwc.exe \s,

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

Ferme HijackThis.


2/

Télécharge OTM (OldTimer) sur ton Bureau.

Double-clique sur OTM.exe afin de le lancer.

Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:files
C:\Documents and Settings\Marco\Local Settings\temp\ms1240355414.exe
C:\Documents and Settings\Marco\xwpwc.exe

:reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\Marco\Local Settings\temp\ms1240355414.exe"=-
"C:\Documents and Settings\Marco\xwpwc.exe"=-

:commands
[purity]
[emptytemp]
[reboot]

Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

Clique maintenant sur le bouton MoveIt! puis ferme OTM.

---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
---> Le nom du rapport correspond au moment de sa création : date_heure.log

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\Documents and Settings\Marco\Local Settings\temp\ms1240355414.exe not found.
File/Folder C:\Documents and Settings\Marco\xwpwc.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\Marco\Local Settings\temp\ms1240355414.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\Marco\xwpwc.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 2493920 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33438 bytes
->FireFox cache emptied: 13413105 bytes

User: Marco
->Temp folder emptied: 60269271 bytes
->Temporary Internet Files folder emptied: 58360954 bytes
->Java cache emptied: 8565721 bytes
->FireFox cache emptied: 88211404 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 197224897 bytes

User: Safe'n'Sec ®
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114937 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 164404 bytes

RecycleBin emptied: 4980578725 bytes

Total Files Cleaned = 1064,81 mb


OTM by OldTimer - Version 3.0.0.2 log created on 06282009_180504

Files moved on Reboot...

Registry entries deleted on Reboot...

Bien.

Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.

Double-clique sur le fichier téléchargé pour lancer le processus d'installation.

Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.

Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.

Sélectionne Exécuter un examen rapide.

Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

Citation :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.

Ferme tes navigateurs.

Si des malwares ont été détectés, clique sur Afficher les résultats.

Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.

MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2347
Windows 5.1.2600 Service Pack 3

28/06/2009 23:37:39
mbam-log-2009-06-28 (23-37-39).txt

Type de recherche: Examen rapide
Eléments examinés: 98986
Temps écoulé: 13 minute(s), 1 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\QuickyPlaeyrSoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Peux-tu me poster le rapport info situé dans C:\rsit ?

info.txt logfile of random's system information tool 1.06 2009-05-13 13:06:25

======Uninstall list======

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD4F051C-1A2B-4A91-B187-B093C597418C}\setup.exe" -l0x40c anything
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
7-Zip 4.57-->"E:\Program Files\7-Zip\Uninstall.exe"
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Act of War - Direct Action-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F9B915DF-B79C-4747-9BA3-9705A57DC717}\setup.exe" -l0x40c
Adobe Flash Player 10 Plugin-->C:\windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.4 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->E:\Program Files\WinRAR\uninstall.exe
ASIO4ALL-->E:\Program Files\ASIO4ALL v2\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\windows\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class ISPLAY -clean
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom 440x 10/100 Integrated Controller-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1036
CCleaner (remove only)-->"E:\Program Files\CCleaner\uninst.exe"
Chessmaster Grandmaster Edition-->C:\Program Files\InstallShield Installation Information\{27614800-84A9-484E-9CCB-43ED2F1205F5}\setup.exe -runfromtemp -l0x040c
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
C-Major Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x40c -remove -removeonly
Combined Community Codec Pack 2008-09-21 16:18-->"E:\Program Files\Combined Community Codec Pack\unins001.exe"
Conexant D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\windows\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB932716-v2)-->"C:\windows\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\windows\$NtUninstallKB952287$\spuninst\spuninst.exe"
Driver Genius Professional Edition-->"E:\Program Files\Driver Genius\DriverGenius\unins000.exe"
EmoDio-->MsiExec.exe /X{C20CE592-B0F8-4D20-BF31-0151CA6331A6}
FL Studio 8-->E:\Program Files\FruityLoops Studio 8.0 XXL Edition\Dossier\uninstall.exe
Free YouTube to Mp3 Converter version 3.1-->"E:\Program Files\youtube\Free YouTube to Mp3 Converter\unins000.exe"
GUILTY GEAR XX #RELOAD-->MsiExec.exe /I{C6866249-495A-4ED7-AD69-99336B5E86E4}
Haali Media Splitter-->"E:\Program Files\Matroska Pack\haali\uninstall.exe"
Hercules Blog Webcam-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B6490BA-FAEA-486C-BAB5-561251D5F2B1}\setup.exe" -l0x40c -removeonly
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\windows\$NtUninstallKB929399$\spuninst\spuninst.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Kaspersky Online Scanner-->C:\windows\system32\KASPER~1\KASPER~1\kavuninstall.exe
K-Lite Codec Pack 3.9.0 Full-->"E:\Program Files\K-Lite Codec Pack\unins000.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Lexmark 3500-4500 Series-->C:\Program Files\Lexmark 3500-4500 Series\Install\x86\Uninst.exe
Logiciel Intel(R) PROSet/Wireless-->C:\windows\Installer\iProInst.exe
Magic ISO Maker v5.5 (build 0276)-->E:\PROGRA~1\MagicISO\UNWISE.EXE E:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
Messenger Plus! Live & Sponsor (CiD)-->"E:\Program Files\Messenger Plus! Live\Uninstall.exe"
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\windows\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\windows\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\windows\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\windows\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\windows\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft WinUsb 1.0-->"C:\windows\$NtUninstallwinusb0100$\spuninst\spuninst.exe"
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\windows\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\windows\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\windows\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\windows\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\windows\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\windows\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\windows\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\windows\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\windows\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\windows\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\windows\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\windows\$NtUninstallKB950759$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\windows\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\windows\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\windows\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\windows\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\windows\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\windows\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\windows\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\windows\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\windows\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\windows\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\windows\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\windows\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\windows\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\windows\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\windows\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\windows\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\windows\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\windows\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\windows\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\windows\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\windows\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\windows\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\windows\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\windows\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\windows\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\windows\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\windows\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\windows\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\windows\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\windows\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\windows\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\windows\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\windows\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB961503)-->"C:\windows\$NtUninstallKB961503$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\windows\$NtUninstallKB967715$\spuninst\spuninst.exe"
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg-->MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NBA LIVE 06-->F:\SamSung!\Game\NBA Live 06\EAUninstall.exe
Need for Speed Underground 2-->F:\SamSung!\Game\nfsu2\EAUninstall.exe
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Pack Crystal Clear 1.0-->C:\windows\BricoPacks\Crystal Clear\Remove.exe
PhotoFiltre Studio-->"E:\Program Files\PhotoFiltre Studio\Uninst.exe"
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
Pro Evolution Soccer 2008-->C:\Program Files\InstallShield Installation Information\{2FDFD600-7338-4738-90D5-FC4ACA08DC36}\setup.exe -runfromtemp -l0x040c
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Real Alternative 1.9.0-->"E:\Program Files\Real Alternative\unins000.exe"
Registry Mechanic 7.0-->"E:\Program Files\Registry Mechanic\unins000.exe"
SAMSUNG Mobile Modem Driver Set-->C:\windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Solutions de télécopie Lexmark-->C:\Program Files\\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
SuperCopier2-->"E:\Program Files\SuperCopier2\SC2Uninst.exe"
The Font Thing-->C:\windows\uninst.exe -f"e:\program files\photofiltre studio\fontvisu\DeIsL1.isu" -c"e:\program files\photofiltre studio\fontvisu\_ISREG32.DLL"
The Simpsons Hit & Run(TM)-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79AAB3A-B8B4-4AC7-94AB-1C4C076C6A89}\setup.exe" -l0x9
Tony Hawks Pro Skater 4-->MsiExec.exe /X{E0F07676-2C60-4465-A727-20DE3BFCABAC}
Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
Uninstall 1.0.0.1-->"C:\Program Files\Fichiers communs\DVDVideoSoft\unins000.exe"
Unlocker 1.8.7-->E:\Program Files\Unlocker\uninst.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Outlook 2007 Junk Email Filter (kb968503)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5DD98950-4D10-4B79-8BF6-59726705207D}
VideoLAN VLC media player 0.8.6f-->E:\Program Files\VideoLAN\VLC\uninstall.exe
Visual C++ 8.0 CRT (x86) WinSXS MSM-->MsiExec.exe /I{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}
Winamp-->"E:\Program Files\Winamp\UninstWA.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\windows\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\windows\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\windows\$NtServicePackUninstall$\spuninst\spuninst.exe"
XviD MPEG-4 Video Codec-->"E:\Program Files\XviD\unins000.exe"
zAlternator-->E:\Program Files\zAlternator\Uninstall.exe
Zune Language Pack (ES)-->MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR)-->MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}
Zune-->E:\Program Files\zune\ZuneSetup.exe /x
Zune-->MsiExec.exe /X{FF70513F-E3A7-402F-84FB-B7810A064BE2}

=====HijackThis Backups=====

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2009-01-28]
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr33... [2009-01-28]

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: SAMSUNG
Event Code: 7036
Message: Le service Compatibilité avec le Changement rapide d'utilisateur est entré dans l'état : en cours d'exécution.

Record Number: 52773
Source Name: Service Control Manager
Time Written: 20090423092340.000000+120
Event Type: Informations
User:

Computer Name: SAMSUNG
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.

Record Number: 52772
Source Name: Service Control Manager
Time Written: 20090423092340.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: SAMSUNG
Event Code: 26
Message: Application popup : Windows - L'écriture décalée a échoué : Windows n'a pas pu sauvegarder toutes les données pour le fichier F:\SamSung!\Microsoft Office\Office12. Les données ont été perdues. Cette erreur peut être due à une panne de votre matériel ou de votre connexion réseau. Essayez de sauvegarder ce fichier à un autre emplacement.

Record Number: 52771
Source Name: Application Popup
Time Written: 20090423092339.000000+120
Event Type: Informations
User:

Computer Name: SAMSUNG
Event Code: 50
Message: {L'écriture décalée a échoué}
Windows n'a pas pu sauvegarder toutes les données pour le fichier hs. Les données ont été perdues.
Cette erreur peut être due à une panne de votre matériel ou de votre connexion réseau. Essayez de sauvegarder ce fichier à un autre emplacement.

Record Number: 52770
Source Name: Ntfs
Time Written: 20090423092339.000000+120
Event Type: Avertissement
User:

Computer Name: SAMSUNG
Event Code: 50
Message: {L'écriture décalée a échoué}
Windows n'a pas pu sauvegarder toutes les données pour le fichier hs. Les données ont été perdues.
Cette erreur peut être due à une panne de votre matériel ou de votre connexion réseau. Essayez de sauvegarder ce fichier à un autre emplacement.

Record Number: 52769
Source Name: Ntfs
Time Written: 20090423092339.000000+120
Event Type: Avertissement
User:

=====Application event log=====

Computer Name: SAMSUNG
Event Code: 102
Message: MsnMsgr (3608) \\.\C:\Documents and Settings\Marco\Local Settings\Application Data\Microsoft\Messenger\ti_samsung@hotmail.fr\SharingMetadata\Working\database_FC10_2747_1027_86A\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).

Record Number: 8081
Source Name: ESENT
Time Written: 20081219113623.000000+060
Event Type: Informations
User:

Computer Name: SAMSUNG
Event Code: 100
Message: MsnMsgr (3608) Le moteur de base de données 5.01.2600.5512 est démarré.

Record Number: 8080
Source Name: ESENT
Time Written: 20081219113623.000000+060
Event Type: Informations
User:

Computer Name: SAMSUNG
Event Code: 101
Message: MsnMsgr (3608) Le moteur de base de données est arrêté.

Record Number: 8079
Source Name: ESENT
Time Written: 20081219113308.000000+060
Event Type: Informations
User:

Computer Name: SAMSUNG
Event Code: 103
Message: MsnMsgr (3608) \\.\C:\Documents and Settings\Marco\Local Settings\Application Data\Microsoft\Messenger\ti_samsung@hotmail.fr\SharingMetadata\Working\database_FC10_2747_1027_86A\dfsr.db: Le moteur de base de données a arrêté une instance (0).

Record Number: 8078
Source Name: ESENT
Time Written: 20081219113308.000000+060
Event Type: Informations
User:

Computer Name: SAMSUNG
Event Code: 302
Message: MsnMsgr (3608) \\.\C:\Documents and Settings\Marco\Local Settings\Application Data\Microsoft\Messenger\ti_samsung@hotmail.fr\SharingMetadata\Working\database_FC10_2747_1027_86A\dfsr.db: Le moteur de base de données a exécuté la procédure de récupération avec succès.

Record Number: 8077
Source Name: ESENT
Time Written: 20081219111436.000000+060
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\windows\Microsoft.NET\Framework\v2.0.50727;C:\Program Files\Samsung\Samsung PC Studio 3;E:\Program Files\QuickTime\QTSystem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Intel\WiFi\bin;E:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0d06
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

--> L'infection Lop vient du sponsor de Messenger Plus! Live, fais attention à ne pas l'installer la prochaine fois.

Désinstalle Java 6 Update 7 et Java 6 Update 13.

Mets à jour Java.

Mets à jour Adobe Reader.

Plus de souci ?

non c'est bon, c'est super gentil d'avoir fait tout ça pour moi, merci encore!!  

1/

Désinstalle HijackThis.

Télécharge ToolsCleaner2 sur ton Bureau.

Double-clique sur ToolsCleaner2.exe pour le lancer.

Clique sur Recherche et laisse le scan agir.

Clique sur Suppression pour finaliser.

Tu peux, si tu le souhaites, te servir des Options Facultatives.

Clique sur Quitter pour obtenir le rapport.

Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


2/

Télécharge et installe CCleaner Slim.

Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....

Va dans Nettoyeur, choisis Analyser. Une fois terminé, lance le nettoyage.


3/

Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.


==Prévention==

Supprimer les popups d'Antivir : Lien

Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, onglet Mises à jour automatiques).

Par rapport au P2P : Lien

Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


==Problème résolu ?==

Si tu estimes que ton problème est résolu :

---> Ajoute maintenant [Résolu] au titre. Pour cela :

Clique, dans ton premier message, sur le bouton Editer .

Rajoute la mention [Résolu] devant le titre.

Clique ensuite sur Valider votre message.


Sois plus vigilant(e) sur Internet  

[ Rapport ToolsCleaner version 2.3.7 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Lop SD: trouvé !
C:\Qoobox: trouvé !
C:\_OTM: trouvé !
C:\Toolbar SD: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Marco\Bureau\Fichier\HijackThis.lnk: trouvé !
C:\Documents and Settings\Marco\Bureau\Fichier\LopSD.exe: trouvé !
C:\Documents and Settings\Marco\Bureau\Fichier\OTM.exe: trouvé !
C:\Documents and Settings\Marco\Bureau\Fichier\ComboFix.exe: trouvé !
C:\Documents and Settings\Marco\Bureau\Fichier\ToolBarSD.exe: trouvé !
C:\Documents and Settings\Marco\Bureau\Fichier\Rsit.exe: trouvé !
C:\Documents and Settings\Marco\Menu Démarrer\Programmes\Lop S&D: trouvé !
C:\Lop SD\Lop S&D.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
--> Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Marco\Bureau\Fichier\HijackThis.lnk: supprimé !
C:\Documents and Settings\Marco\Bureau\Fichier\LopSD.exe: supprimé !
C:\Documents and Settings\Marco\Bureau\Fichier\OTM.exe: supprimé !
C:\Documents and Settings\Marco\Bureau\Fichier\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\Marco\Bureau\Fichier\ToolBarSD.exe: supprimé !
C:\Lop SD\Lop S&D.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Documents and Settings\Marco\Bureau\Fichier\Rsit.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Lop SD: supprimé !
C:\Qoobox: supprimé !
C:\_OTM: supprimé !
C:\Toolbar SD: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\Marco\Menu Démarrer\Programmes\Lop S&D: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !




je crois que c'est bon là haha

Tu peux supprimer ToolsCleaner.