Virus HIDDENEXT/Crypted + pdyut2yo16

Anonyme

13 Mars 2010 12:17:49

Bonjour, alors j'ai un problème dernièrement j'ai choper plusieurs virus, j'ai réussi à en supprimer plusieurs mais certains s'accrochent donc je me dirige vers vous pour plus de conseils, pour le moment j'ai utilisé le scan de mon antivirus (antivir), adware, malwarebytes, ccleaner, spybot mais rien n'y fait à chaque fois que je démarre mon pc, mon antivirus me dit qu'il a trouvé 2 virus : HIDDENEXT/Crypted et un virus pdyut2yo16, donc j'ai télécharger hijackthis et j'ai fait un scan, est-ce que quelqu'un saurait me dire ce qui se passe ?
Merci d'avance pour votre aide.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11:03, on 13/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nwiz.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\mouse driver\mousedrv .exe
c:\windows\system32\algs .exe
C:\WINDOWS\system32\winIogon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\luc\SyncMan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\mxmxxl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SyncMan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\luc\LOCALS~1\Temp\ctv298.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cooxer.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wanadoo.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SyncMan] C:\WINDOWS\system32\SyncMan.exe
O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\system32\algs.exe
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\system32\winIogon.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\mxmxxl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr .exe" /background
O4 - HKCU\..\Run: [gdf498gtudsigjnsod8guifjgfhfhf] c:\docume~1\luc\locals~1\temp\pdyut2yo16 .exe
O4 - HKCU\..\Run: [SyncMan] C:\WINDOWS\system32\SyncMan.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\mxmxxl.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration .LNK = C:\Documents and Settings\luc\Application Data\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\luc\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F1EFB55-531B-4861-92FF-57666B86F099}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{31B8BC87-F4FF-42F3-8CD6-10C18AFB7D66}: NameServer = 212.27.40.240,212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{41170D04-1255-4062-B020-6E7BCD7FEBF7}: NameServer = 212.27.40.240,212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{8503E18A-5C5F-4A5B-AA90-3721A6CDFDA3}: NameServer = 212.27.40.240,212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDAED2B9-43F6-41CD-A207-FD9833EFF9D4}: NameServer = 212.27.40.240,212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{2F1EFB55-531B-4861-92FF-57666B86F099}: NameServer = 212.27.54.252,212.27.53.252
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Service Google Update (gupdate1ca032cf3c7aff8) (gupdate1ca032cf3c7aff8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

--
End of file - 14821 bytes

Autres pages sur : virus hiddenext crypted pdyut2yo16

| Etre averti des réponses
| Alerter

Répondre à Anonyme

Destrio5

13 Mars 2010 12:19:24

Bonjour,

Télécharge OTL (de OldTimer) sur ton Bureau.

Double-clique sur OTL pour le lancer.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

Une fenêtre apparaît. Dans la section Output en haut de cette fenêtre, coche Minimal Output.

Coche également les cases à côté de LOP Check et Purity Check.

Enfin, clique sur le bouton Run Scan. Le scan ne prendra pas beaucoup de temps.

Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau).

Pour me transmettre les rapports :

Clique sur ce lien : http://www.cijoint.fr/

Clique sur Parcourir... et cherche le fichier du rapport que tu souhaites me transmettre.

Clique sur Ouvrir.

Clique sur Cliquez ici pour déposer le fichier.

Un lien de cette forme, hxxp://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt, est ajouté dans la page.

Copie-colle ce lien dans ta réponse.

| Alerter

Répondre à Destrio5

Anonyme

13 Mars 2010 12:41:45

Voila les deux rapport (OTL et Extras respectivement)

http://www.cijoint.fr/cjlink.php?file=cj201003/cijlSIq6...

http://www.cijoint.fr/cjlink.php?file=cj201003/cijuYBQ2...

| Alerter

Répondre à Anonyme

Destrio5

13 Mars 2010 12:47:39

OMG

[#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.

Il va te demander d'installer la console de récupération : accepte.

Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix

| Alerter

Répondre à Destrio5

Anonyme

14 Mars 2010 10:24:27

ComboFix 10-03-12.04 - luc 13/03/2010 13:58:22.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1023.530 [GMT 1:00]
Lancé depuis: c:\documents and settings\luc\Mes documents\Téléchargements\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\luc\nwiz .exe
c:\documents and settings\luc\rundll32 .exe
c:\documents and settings\luc\rundll32.exe
c:\documents and settings\luc\syncman .exe
c:\documents and settings\luc\SyncMan.exe
C:\FAUXVIRUS
c:\fauxvirus\Faux Virus . COM! Le site pour faire des farces aux autres! -) s.url
c:\fauxvirus\info email.txt
c:\fauxvirus\info sillymouse.txt
c:\fauxvirus\info smalldick.txt
c:\fauxvirus\info Sol.txt
c:\fauxvirus\info trouver_quit.txt
c:\fauxvirus\info Virus_flo.txt
c:\fauxvirus\Lisez moi sillymouse.txt
c:\fauxvirus\Readme sillymouse.txt
c:\fauxvirus\sillymouse.exe
c:\program files\Adobe\acrotray .exe
c:\program files\INSTALL.LOG
c:\program files\Internet Explorer\js.mui
c:\program files\Internet Explorer\wmpscfgs.exe
c:\program files\Search Settings
c:\program files\Search Settings\kb127\SearchSettings.dll
c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\recycler\S-1-5-21-3094894503-3458044819-1272999244-1003
c:\windows\logfile32.txt
c:\windows\mxmxxl .exe
c:\windows\services .exe
c:\windows\system32\_003779_.tmp.dll
c:\windows\system32\_003780_.tmp.dll
c:\windows\system32\_003781_.tmp.dll
c:\windows\system32\_003782_.tmp.dll
c:\windows\system32\_003786_.tmp.dll
c:\windows\system32\_003787_.tmp.dll
c:\windows\system32\_003788_.tmp.dll
c:\windows\system32\_003789_.tmp.dll
c:\windows\system32\_003790_.tmp.dll
c:\windows\system32\_003791_.tmp.dll
c:\windows\system32\_003792_.tmp.dll
c:\windows\system32\_003793_.tmp.dll
c:\windows\system32\_003794_.tmp.dll
c:\windows\system32\_003795_.tmp.dll
c:\windows\system32\_003796_.tmp.dll
c:\windows\system32\_003797_.tmp.dll
c:\windows\system32\_003798_.tmp.dll
c:\windows\system32\_003799_.tmp.dll
c:\windows\system32\_003800_.tmp.dll
c:\windows\system32\_003801_.tmp.dll
c:\windows\system32\_003802_.tmp.dll
c:\windows\system32\_003803_.tmp.dll
c:\windows\system32\_003804_.tmp.dll
c:\windows\system32\_003805_.tmp.dll
c:\windows\system32\_003806_.tmp.dll
c:\windows\system32\_003808_.tmp.dll
c:\windows\system32\_003809_.tmp.dll
c:\windows\system32\_003811_.tmp.dll
c:\windows\system32\_003812_.tmp.dll
c:\windows\system32\_003813_.tmp.dll
c:\windows\system32\_003814_.tmp.dll
c:\windows\system32\_003815_.tmp.dll
c:\windows\system32\_003816_.tmp.dll
c:\windows\system32\_003818_.tmp.dll
c:\windows\system32\_003819_.tmp.dll
c:\windows\system32\_003820_.tmp.dll
c:\windows\system32\_003821_.tmp.dll
c:\windows\system32\_003822_.tmp.dll
c:\windows\system32\_003823_.tmp.dll
c:\windows\system32\_003824_.tmp.dll
c:\windows\system32\_003825_.tmp.dll
c:\windows\system32\_003827_.tmp.dll
c:\windows\system32\_003828_.tmp.dll
c:\windows\system32\_003829_.tmp.dll
c:\windows\system32\_003830_.tmp.dll
c:\windows\system32\_003831_.tmp.dll
c:\windows\system32\_003832_.tmp.dll
c:\windows\system32\_003833_.tmp.dll
c:\windows\system32\_003834_.tmp.dll
c:\windows\system32\_003835_.tmp.dll
c:\windows\system32\_003836_.tmp.dll
c:\windows\system32\_003837_.tmp.dll
c:\windows\system32\_003838_.tmp.dll
c:\windows\system32\_003839_.tmp.dll
c:\windows\system32\_003840_.tmp.dll
c:\windows\system32\_003841_.tmp.dll
c:\windows\system32\_003842_.tmp.dll
c:\windows\system32\_003843_.tmp.dll
c:\windows\system32\_003844_.tmp.dll
c:\windows\system32\_003845_.tmp.dll
c:\windows\system32\_003846_.tmp.dll
c:\windows\system32\_003847_.tmp.dll
c:\windows\system32\_003848_.tmp.dll
c:\windows\system32\_003849_.tmp.dll
c:\windows\system32\_003850_.tmp.dll
c:\windows\system32\_003851_.tmp.dll
c:\windows\system32\_003852_.tmp.dll
c:\windows\system32\_003853_.tmp.dll
c:\windows\system32\_003854_.tmp.dll
c:\windows\system32\_003856_.tmp.dll
c:\windows\system32\_003857_.tmp.dll
c:\windows\system32\_003858_.tmp.dll
c:\windows\system32\_003859_.tmp.dll
c:\windows\system32\_003860_.tmp.dll
c:\windows\system32\_003861_.tmp.dll
c:\windows\system32\_003862_.tmp.dll
c:\windows\system32\_003864_.tmp.dll
c:\windows\system32\_003865_.tmp.dll
c:\windows\system32\_003866_.tmp.dll
c:\windows\system32\_003867_.tmp.dll
c:\windows\system32\_003868_.tmp.dll
c:\windows\system32\_003869_.tmp.dll
c:\windows\system32\_003870_.tmp.dll
c:\windows\system32\_003871_.tmp.dll
c:\windows\system32\_003873_.tmp.dll
c:\windows\system32\_003874_.tmp.dll
c:\windows\system32\_003875_.tmp.dll
c:\windows\system32\_003878_.tmp.dll
c:\windows\system32\_003879_.tmp.dll
c:\windows\system32\_003881_.tmp.dll
c:\windows\system32\_003882_.tmp.dll
c:\windows\system32\_003883_.tmp.dll
c:\windows\system32\_003884_.tmp.dll
c:\windows\system32\_003885_.tmp.dll
c:\windows\system32\_003886_.tmp.dll
c:\windows\system32\_003888_.tmp.dll
c:\windows\system32\_003889_.tmp.dll
c:\windows\system32\_003890_.tmp.dll
c:\windows\system32\_003891_.tmp.dll
c:\windows\system32\_003892_.tmp.dll
c:\windows\system32\_003893_.tmp.dll
c:\windows\system32\_003894_.tmp.dll
c:\windows\system32\_003897_.tmp.dll
c:\windows\system32\_003898_.tmp.dll
c:\windows\system32\_003899_.tmp.dll
c:\windows\system32\_003900_.tmp.dll
c:\windows\system32\_003901_.tmp.dll
c:\windows\system32\_003902_.tmp.dll
c:\windows\system32\_003903_.tmp.dll
c:\windows\system32\_003905_.tmp.dll
c:\windows\system32\_003906_.tmp.dll
c:\windows\system32\_003907_.tmp.dll
c:\windows\system32\_003908_.tmp.dll
c:\windows\system32\_003909_.tmp.dll
c:\windows\system32\_003911_.tmp.dll
c:\windows\system32\_003914_.tmp.dll
c:\windows\system32\_003915_.tmp.dll
c:\windows\system32\_003919_.tmp.dll
c:\windows\system32\_003920_.tmp.dll
c:\windows\system32\_003922_.tmp.dll
c:\windows\system32\_003925_.tmp.dll
c:\windows\system32\_003927_.tmp.dll
c:\windows\system32\_003928_.tmp.dll
c:\windows\system32\_003929_.tmp.dll
c:\windows\system32\_003930_.tmp.dll
c:\windows\system32\_003933_.tmp.dll
c:\windows\system32\_003934_.tmp.dll
c:\windows\system32\_003935_.tmp.dll
c:\windows\system32\_003936_.tmp.dll
c:\windows\system32\_003937_.tmp.dll
c:\windows\system32\_003942_.tmp.dll
c:\windows\system32\_003944_.tmp.dll
c:\windows\system32\algs .exe
c:\windows\system32\algs .exe
c:\windows\system32\algs.exe
c:\windows\system32\csrs.exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\firewall.exe
c:\windows\system32\iexplore .exe
c:\windows\system32\logon.exe
c:\windows\system32\lssas .exe
c:\windows\system32\lssas .exe
c:\windows\system32\lssas .exe
c:\windows\system32\lssas .exe
c:\windows\system32\nwiz .exe
c:\windows\system32\regedit .exe
c:\windows\system32\regedit.exe
c:\windows\system32\rundll32 .exe
c:\windows\system32\syncman .exe
c:\windows\system32\syncman .exe
c:\windows\system32\winamp .exe
c:\windows\system32\winiogon .exe
c:\windows\system32\winiogon .exe
c:\windows\system32\winiogon.exe

c:\windows\system32\drivers\cdrom.sys . . . manque!!

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-14 au 2010-03-14 ))))))))))))))))))))))))))))))))))))
.

2010-03-13 12:27 . 2010-03-13 12:27 129 ----a-w- c:\windows\system32\rdhe.bat
2010-03-13 12:08 . 2010-03-13 12:08 -------- d-----w- c:\program files\Trend Micro
2010-03-13 11:53 . 2010-03-13 11:53 40448 --sh--r- c:\windows\mxmxxl.exe
2010-03-13 00:17 . 2010-03-13 00:17 -------- d-----w- c:\documents and settings\luc\Application Data\Malwarebytes
2010-03-13 00:17 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-13 00:17 . 2010-03-13 00:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-13 00:17 . 2010-03-13 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-13 00:17 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-12 20:30 . 2010-03-12 20:30 124 ----a-w- c:\windows\odtuhizm.bat
2010-03-12 20:29 . 2010-03-12 20:29 130 ----a-w- c:\windows\system32\tvaov.bat
2010-03-12 18:11 . 2010-03-12 18:11 4 ----a-w- c:\program files\147062.dat
2010-03-12 18:11 . 2010-03-12 18:11 131 ----a-w- c:\windows\system32\fdaznd.bat
2010-03-12 18:08 . 2010-03-12 18:08 4 ----a-w- c:\program files\77062.dat
2010-03-12 18:07 . 2010-03-12 18:07 122 ----a-w- c:\windows\koncrr.bat
2010-03-12 18:05 . 2010-03-12 18:05 4 ----a-w- c:\program files\8013031.dat
2010-03-12 18:02 . 2010-03-12 18:02 133 ----a-w- c:\windows\system32\muhnavsz.bat
2010-03-12 18:02 . 2010-03-12 18:02 130 ----a-w- c:\windows\system32\sgsoh.bat
2010-03-12 17:58 . 2010-03-12 17:58 122 ----a-w- c:\windows\rwoymp.bat
2010-03-12 17:57 . 2010-03-13 00:09 130 ----a-w- c:\windows\system32\jdden.bat
2010-03-12 17:57 . 2010-03-12 18:03 129 ----a-w- c:\windows\system32\dehx.bat
2010-03-12 17:53 . 2010-03-12 17:53 130 ----a-w- c:\windows\system32\gorex.bat
2010-03-12 17:52 . 2010-03-12 17:52 129 ----a-w- c:\windows\system32\lrho.bat
2010-03-12 16:01 . 2010-03-12 16:01 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2010-03-12 10:20 . 2010-03-12 10:20 4 ----a-w- c:\program files\258984.dat
2010-03-12 09:40 . 2010-03-12 09:40 -------- d-----w- c:\windows\system32\ActiveScan
2010-03-11 21:25 . 2010-03-11 21:25 124 ----a-w- c:\windows\system32\haswi.bat
2010-03-11 21:21 . 2010-03-11 21:21 125 ----a-w- c:\windows\system32\puodeu.bat
2010-03-11 21:21 . 2010-03-11 21:21 124 ----a-w- c:\windows\system32\hpmgv.bat
2010-03-11 19:48 . 2010-03-11 19:48 125 ----a-w- c:\windows\system32\zxpkli.bat
2010-03-11 17:29 . 2010-03-11 17:29 132 ----a-w- c:\windows\system32\dloymut.bat
2010-03-11 17:29 . 2010-03-11 17:29 132 ----a-w- c:\windows\system32\oknuntt.bat
2010-03-11 12:16 . 2010-03-11 12:16 123 ----a-w- c:\windows\system32\ykgx.bat
2010-03-11 12:16 . 2010-03-11 12:16 124 ----a-w- c:\windows\system32\rnzqv.bat
2010-03-11 12:16 . 2010-03-11 12:16 127 ----a-w- c:\windows\system32\gecjvoja.bat
2010-03-11 12:16 . 2010-03-11 12:16 124 ----a-w- c:\windows\system32\xvrot.bat
2010-03-11 10:41 . 2010-03-13 12:27 40448 ----a-w- c:\documents and settings\luc\nwiz.exe
2010-03-11 10:41 . 2010-03-11 10:41 130048 ----a-w- c:\windows\system32\uakk.exe
2010-03-11 10:36 . 2010-03-11 10:36 125 ----a-w- c:\windows\system32\nhesll.bat
2010-03-11 10:35 . 2010-03-11 10:35 298496 --sha-r- c:\windows\system32\sy.exe
2010-03-11 10:10 . 2010-03-11 10:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Test Drive Unlimited
2010-03-09 19:26 . 2010-03-09 19:27 -------- d-----w- c:\program files\InterActual
2010-03-05 14:46 . 1997-01-18 09:40 299520 ----a-w- c:\windows\uninst.exe
2010-03-04 11:23 . 2010-03-04 11:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SWTCWRH
2010-03-04 11:20 . 2010-03-04 11:20 -------- d-----w- c:\windows\11AE680750D24F5982B32C3E695E94C2.TMP
2010-02-25 21:36 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\drivers\Changer.sys
2010-02-25 21:36 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
2010-02-24 22:01 . 2010-03-12 12:51 -------- d-----w- c:\documents and settings\luc\Application Data\DMCache
2010-02-24 22:01 . 2010-03-09 19:03 -------- d-----w- c:\documents and settings\luc\Application Data\IDM
2010-02-24 22:01 . 2010-03-13 00:09 -------- d-----w- c:\program files\Internet Download Manager
2010-02-24 03:31 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-18 13:14 . 2010-02-18 13:17 -------- d-----w- c:\documents and settings\luc\dwhelper
2010-02-17 23:23 . 2010-02-17 23:23 -------- d-----w- c:\program files\eMule
2010-02-17 14:33 . 2010-02-17 14:33 307968 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-02-17 14:33 . 2008-02-27 12:15 28416 ----a-w- c:\windows\system32\uxtuneup.dll
2010-02-17 14:33 . 2010-02-17 14:33 -------- d-----w- c:\documents and settings\luc\Application Data\TuneUp Software
2010-02-17 14:32 . 2010-02-17 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-02-17 14:32 . 2010-02-17 14:32 -------- d-----w- c:\program files\TuneUp Utilities 2008
2010-02-17 14:20 . 2010-02-17 14:20 -------- d-----w- c:\program files\IObit
2010-02-17 14:11 . 2010-02-17 14:11 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-02-17 14:11 . 2010-02-17 14:11 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-02-17 14:11 . 2010-02-17 14:11 -------- d-----w- c:\program files\OpenAL
2010-02-17 14:07 . 2010-02-17 14:07 -------- d-----w- c:\program files\Anuman interactive
2010-02-12 14:50 . 1994-09-20 23:00 92208 ----a-w- c:\windows\system32\WING.DLL
2010-02-12 14:50 . 1994-09-20 23:00 12800 ----a-w- c:\windows\system\WING32.DLL
2010-02-12 14:39 . 1994-09-20 23:00 92208 ----a-w- c:\windows\system\WING.DLL
2010-02-12 14:39 . 1994-09-20 23:00 6736 ----a-w- c:\windows\system\WINGDIB.DRV
2010-02-12 14:39 . 1994-09-20 23:00 12800 ----a-w- c:\windows\system32\WING32.DLL
2010-02-12 14:39 . 1994-08-23 23:00 188960 ----a-w- c:\windows\system\WINGDE.DLL

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 10:14 . 2010-03-14 10:14 40448 ----a-w- c:\windows\system32\syncman.exe
2010-03-14 10:14 . 2010-03-14 10:14 40448 ----a-w- c:\documents and settings\luc\rundll32.exe
2010-03-14 10:14 . 2005-09-17 12:33 -------- d-----w- c:\program files\Mouse Driver
2010-03-14 10:14 . 2010-03-14 10:14 40448 ----a-w- c:\documents and settings\luc\rundll32 .exe
2010-03-14 10:14 . 2010-03-14 10:14 40448 ----a-w- c:\documents and settings\luc\syncman.exe
2010-03-13 12:27 . 2010-03-11 10:41 40448 ----a-w- c:\documents and settings\luc\nwiz .exe
2010-03-12 16:01 . 2010-03-12 16:01 40448 ----a-w- c:\windows\system32\OLD4.tmp
2010-03-12 16:01 . 2005-07-28 14:37 40448 ----a-w- c:\windows\system32\nwiz.exe
2010-03-11 16:05 . 2009-02-18 13:12 -------- d-----w- c:\program files\RomStation
2010-03-11 10:31 . 2005-12-25 14:05 -------- d-----w- c:\program files\Atari
2010-03-11 09:51 . 2010-03-11 09:51 49152 ----a-r- c:\documents and settings\luc\Application Data\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe
2010-03-11 00:03 . 2009-03-18 14:34 -------- d-----w- c:\documents and settings\luc\Application Data\Azureus
2010-03-09 19:27 . 2009-02-17 11:16 -------- d-----w- c:\documents and settings\luc\Application Data\dvdcss
2010-03-09 17:55 . 2007-01-20 19:24 43520 -c--a-w- c:\windows\system32\CmdLineExt03.dll
2010-03-05 14:47 . 2009-10-30 12:32 -------- d-----w- c:\program files\LucasArts
2010-03-04 11:20 . 2009-05-04 13:34 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2010-03-04 11:11 . 2005-07-28 14:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-03 08:46 . 2009-03-18 14:33 -------- d-----w- c:\program files\Vuze
2010-03-01 18:01 . 2006-12-11 14:13 -------- d-----w- c:\documents and settings\luc\Application Data\InstallShield Installation Information
2010-02-25 21:44 . 2010-02-25 21:44 16 ----a-w- c:\documents and settings\LocalService\Application Data\rbuwzv.dat
2010-02-25 21:34 . 2010-02-25 21:34 8 ----a-w- c:\documents and settings\luc\Application Data\rbuwzv.dat
2010-02-25 13:25 . 2007-11-26 14:25 -------- d-----w- c:\documents and settings\luc\Application Data\OpenOffice.org2
2010-02-25 13:24 . 2008-01-13 19:47 1 ----a-w- c:\documents and settings\luc\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-02-24 22:01 . 2010-02-24 22:01 198064 ----a-w- c:\documents and settings\luc\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2010-02-22 19:37 . 2004-08-16 15:41 816670 ----a-w- c:\windows\system32\perfh00C.dat
2010-02-22 19:37 . 2004-08-16 15:41 265392 ----a-w- c:\windows\system32\perfc00C.dat
2010-02-17 15:34 . 2005-09-11 08:46 75136 -c--a-w- c:\documents and settings\luc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-17 15:24 . 2006-06-11 14:22 -------- d-----w- c:\program files\Yahoo!
2010-02-17 15:20 . 2006-01-18 12:25 -------- d-----w- c:\program files\Steam
2010-02-17 15:16 . 2006-10-22 09:56 -------- d-----w- c:\program files\Port Royale
2010-02-17 15:14 . 2008-07-28 21:38 -------- d-----w- c:\program files\Pinnacle
2010-02-17 15:10 . 2009-06-30 17:25 -------- d-----w- c:\program files\Image-Line
2010-02-17 15:09 . 2009-06-21 13:46 -------- d-----w- c:\program files\Frets on Fire
2010-02-17 15:08 . 2009-06-30 17:28 -------- d-----w- c:\program files\VstPlugins
2010-02-17 15:07 . 2010-01-28 16:28 -------- d-----w- c:\documents and settings\luc\Application Data\FILEminimizerPictures
2010-02-17 15:05 . 2008-07-22 23:06 -------- d-----w- c:\program files\DeskPlayer
2010-02-17 15:04 . 2010-02-17 15:04 1190400 ----a-w- c:\documents and settings\luc\Application Data\Dealio\dinstallhelper.94E0B1293AB94CB38231CF08838D4F4F.dll
2010-02-17 15:04 . 2009-03-29 12:01 -------- d-----w- c:\documents and settings\luc\Application Data\Dealio
2010-02-17 14:10 . 2009-05-04 13:35 -------- d-----w- c:\program files\AGEIA Technologies
2010-02-17 11:34 . 2008-05-01 18:23 -------- d-----w- c:\program files\SpeedFan
2010-02-07 20:19 . 2007-04-04 18:38 -------- d-----w- c:\program files\adslTV
2010-01-30 12:20 . 2010-01-30 12:20 1 ----a-w- c:\documents and settings\luc\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-30 12:20 . 2010-01-30 12:20 -------- d-----w- c:\documents and settings\luc\Application Data\OpenOffice.org
2010-01-25 11:04 . 2008-01-14 10:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-21 13:42 . 2009-11-06 22:38 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-13 19:46 . 2010-01-13 19:46 -------- d-----w- c:\program files\DownloadToolz
2010-01-12 18:49 . 2010-01-12 18:49 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2010-01-05 09:56 . 2004-08-16 15:41 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:56 . 2004-08-16 15:40 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:56 . 2004-08-16 15:40 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:14 . 2009-05-06 07:05 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-25 22:52 . 2009-12-25 22:52 62512 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-25 17:36 . 2005-07-28 14:31 98304 ----a-w- c:\windows\DUMP6ac0.tmp
2009-12-17 07:59 . 2004-08-16 16:03 347648 ----a-w- c:\windows\system32\mspaint.exe
2009-03-03 21:22 . 2009-03-03 21:22 87 -c--a-w- c:\program files\pec.ini
2007-01-11 13:07 . 2007-10-04 04:39 58032562 -c--a-w- c:\program files\Samsung_PC_Studio_311_FKB.exe
2006-04-28 19:06 . 2005-09-10 19:19 278528 -c--a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
2005-11-14 18:51 . 2005-11-14 18:51 7256768 -c--a-w- c:\program files\SkypeSetup.exe
1998-04-30 12:56 . 2008-07-27 13:08 129024 -c--a-w- c:\program files\UNWISE.EXE
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

<pre>

c:\program files\Adobe\acrotray .exe

c:\program files\Malwarebytes' Anti-Malware\mbam .exe

c:\program files\Mouse Driver\mousedrv .exe

c:\program files\Windows Live\Messenger\msnmsgr               .exe

c:\program files\Windows Live\Messenger\msnmsgr              .exe

c:\program files\Windows Live\Messenger\msnmsgr             .exe

c:\program files\Windows Live\Messenger\msnmsgr            .exe

c:\program files\Windows Live\Messenger\msnmsgr           .exe

c:\program files\Windows Live\Messenger\msnmsgr          .exe

c:\program files\Windows Live\Messenger\msnmsgr         .exe

c:\program files\Windows Live\Messenger\msnmsgr        .exe

c:\program files\Windows Live\Messenger\msnmsgr       .exe

c:\program files\Windows Live\Messenger\msnmsgr      .exe

c:\program files\Windows Live\Messenger\msnmsgr     .exe

c:\program files\Windows Live\Messenger\msnmsgr    .exe

c:\program files\Windows Live\Messenger\msnmsgr   .exe

c:\program files\Windows Live\Messenger\msnmsgr  .exe

c:\program files\Windows Live\Messenger\msnmsgr .exe

c:\windows\ime\IMJP8_1\imjpmig .exe

c:\windows\system32\IME\TINTLGNT\tintsetp .exe

</pre>

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\windows live\messenger\msnmsgr .exe" [2009-07-26 3883856]
"SyncMan"="c:\documents and settings\luc\SyncMan.exe" [2010-03-14 40448]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"nwiz"="nwiz.exe" [2010-03-12 40448]
"CreativeMouse "="c:\program files\Mouse Driver\MouseDrv.exe" [2010-03-14 40448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 110592]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SyncMan"="c:\windows\system32\SyncMan.exe" [2010-03-14 40448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\luc\Menu D‚marrer\Programmes\D‚marrage\
Registration .LNK - c:\documents and settings\luc\Application Data\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe [2010-3-1 6955008]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^luc^Menu Démarrer^Programmes^Démarrage^Registration Brothers In Arms.LNK]
path=c:\documents and settings\luc\Menu Démarrer\Programmes\Démarrage\Registration Brothers In Arms.LNK
backup=c:\windows\pss\Registration Brothers In Arms.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
c:\program files\Babylon\Babylon-Pro\Babylon.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Canal Widget]
2010-01-12 10:13 163928 ----a-w- c:\program files\Canal\Canal Widget\Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-04-03 22:29 165784 -c--a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
2009-02-22 19:15 5668864 ----a-w- c:\program files\eMule\emule.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Felix]
2001-11-18 15:37 307200 -c----w- c:\program files\ScreenMates\chatscreemate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 15:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-07-25 14:06 2027792 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
2006-04-23 08:56 190024 ----a-w- c:\program files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-03-11 10:35 40448 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2005-10-10 13:01 14881320 ----a-w- c:\apps\skype\phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlackerElves]
c:\program files\ScreenMates\elves.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-01-20 18:04 77824 -c--a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-12-07 12:43 1217808 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-07-28 14:47 180269 ----a-w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
2008-06-19 13:15 3664944 ----a-w- c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2006-09-26 14:49 35328 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SsAAD.exe"=c:\progra~1\Sony\SONICS~1\SsAAD.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"IDMan"=c:\program files\Internet Download Manager\IDMan.exe /onboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ACTIVBOARD"=c:\apps\ABoard\ABoard.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"PCMService"="c:\apps\Powercinema\PCMService.exe"
"au"=c:\program files\Dealio\DealioAU.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Ask and Record FLV Service"="c:\program files\Replay Media Catcher\FLVSrvc.exe" /run
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"SearchSettings"=c:\program files\Search Settings\SearchSettings.exe
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\APPS\\Inventime\\my.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Jowood\\Chaser MP Demo\\Chaser.exe"=
"c:\\WINDOWS\\system32\\mcoinstall.exe"=
"c:\\Program Files\\Steam\\SteamApps\\alexi_laiho59\\condition zero\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\alexi_laiho59\\ricochet\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\adslTV\\vlc.exe"=
"c:\\Program Files\\adslTV\\adslTV.exe"=
"c:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"c:\\APPS\\skype\\phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\alexi_laiho59\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\alexi_laiho59\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\UnrealTournament\\System\\UnrealTournament.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Steam\\SteamApps\\alexi_laiho59\\day of defeat source beta\\hl2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Documents and Settings\\luc\\Mes documents\\Programmes\\Chaser MP Demo\\Chaser.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\empire total war demo\\Empire.exe"=
"c:\\COD2\\CoD2MP_s.exe"=
"c:\\Program Files\\Konami\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LucasArts\\Republic Heroes\\Republic Heroes.exe"=
"c:\\Documents and Settings\\luc\\Mes documents\\Azureus Downloads\\Star.Wars.Battlefront.2.PC.Game(djDEVASTATE™)\\Star.Wars.Battlefront.2.PC.Game(djDEVASTATE™)\\Star.Wars.Battlefront.2.PC.Game(djDEVASTATE™)\\GameData\\BattlefrontII.exe"=
"c:\\WINDOWS\\system32\\SyncMan.exe"=
"c:\\Documents and Settings\\luc\\SyncMan.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30/05/2007 12:33 682232]
R1 SSHDRV52;SSHDRV52;c:\windows\system32\drivers\SSHDRV52.sys [22/10/2006 11:03 29184]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [18/05/2009 14:02 108289]
R2 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [05/02/2009 14:38 188416]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [28/07/2005 15:37 799744]
S2 gupdate1ca032cf3c7aff8;Service Google Update (gupdate1ca032cf3c7aff8);c:\program files\Google\Update\GoogleUpdate.exe [12/07/2009 21:11 133104]
S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\luc\LOCALS~1\Temp\DMSKSSRh.sys --> c:\docume~1\luc\LOCALS~1\Temp\DMSKSSRh.sys [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [28/08/2006 23:54 10664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'

2010-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-03-14 c:\windows\Tasks\At1.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

2010-03-14 c:\windows\Tasks\At10.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

2010-03-14 c:\windows\Tasks\At11.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

2010-03-14 c:\windows\Tasks\At12.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

2010-03-14 c:\windows\Tasks\At13.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

2010-03-14 c:\windows\Tasks\At14.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

2010-03-14 c:\windows\Tasks\At15.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

2010-03-14 c:\windows\Tasks\At16.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

2010-03-14 c:\windows\Tasks\At17.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

2010-03-14 c:\windows\Tasks\At18.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

2010-03-14 c:\windows\Tasks\At19.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

2010-03-14 c:\windows\Tasks\At2.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

2010-03-14 c:\windows\Tasks\At20.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

2010-03-14 c:\windows\Tasks\At21.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

2010-03-14 c:\windows\Tasks\At22.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

2010-03-14 c:\windows\Tasks\At23.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

2010-03-14 c:\windows\Tasks\At24.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

2010-03-14 c:\windows\Tasks\At25.job
- c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

2010-03-14 c:\windows\Tasks\At26.job
- c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

2010-03-14 c:\windows\Tasks\At27.job
- c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

2010-03-14 c:\windows\Tasks\At28.job
- c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

2010-03-14 c:\windows\Tasks\At29.job
- c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

2010-03-14 c:\windows\Tasks\At3.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

2010-03-14 c:\windows\Tasks\At30.job
- c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

2010-03-14 c:\windows\Tasks\At31.job
- c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

2010-03-14 c:\windows\Tasks\At32.job
- c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

2010-03-14 c:\windows\Tasks\At33.job
- c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

2010-03-14 c:\windows\Tasks\At34.job
- c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

2010-03-14 c:\windows\Tasks\At35.job
- c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

2010-03-14 c:\windows\Tasks\At36.job
- c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

2010-03-14 c:\windows\Tasks\At37.job
- c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

2010-03-14 c:\windows\Tasks\At38.job
- c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

2010-03-14 c:\windows\Tasks\At39.job
- c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

2010-03-14 c:\windows\Tasks\At4.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

2010-03-14 c:\windows\Tasks\At40.job
- c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

2010-03-14 c:\windows\Tasks\At41.job
- c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

2010-03-14 c:\windows\Tasks\At42.job
- c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

2010-03-14 c:\windows\Tasks\At43.job
- c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

2010-03-14 c:\windows\Tasks\At44.job
- c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

2010-03-14 c:\windows\Tasks\At45.job
- c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

2010-03-14 c:\windows\Tasks\At46.job
- c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

2010-03-14 c:\windows\Tasks\At47.job
- c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

2010-03-14 c:\windows\Tasks\At48.job
- c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

2010-03-14 c:\windows\Tasks\At5.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

2010-03-14 c:\windows\Tasks\At6.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

2010-03-14 c:\windows\Tasks\At7.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

2010-03-14 c:\windows\Tasks\At8.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

2010-03-14 c:\windows\Tasks\At9.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

2010-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 20:11]

2010-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 20:11]

2010-03-14 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-03-03 08:42]
.
.
------- Examen supplémentaire -------
.
mStart Page = hxxp://www.cooxer.com/
uInternet Connection Wizard,ShellNext = hxxp://www.wanadoo.fr/
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Compare Prices with &Dealio - c:\documents and settings\luc\Application Data\Dealio\kb127\res\DealioSearch.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Sothink SWF Catcher
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
TCP: {2F1EFB55-531B-4861-92FF-57666B86F099} = 212.27.54.252,212.27.53.252
TCP: {31B8BC87-F4FF-42F3-8CD6-10C18AFB7D66} = 212.27.40.240,212.27.40.241
TCP: {41170D04-1255-4062-B020-6E7BCD7FEBF7} = 212.27.40.240,212.27.40.241
TCP: {8503E18A-5C5F-4A5B-AA90-3721A6CDFDA3} = 212.27.40.240,212.27.40.241
TCP: {CDAED2B9-43F6-41CD-A207-FD9833EFF9D4} = 212.27.40.240,212.27.40.241
FF - ProfilePath - c:\documents and settings\luc\Application Data\Mozilla\Firefox\Profiles\5j5altum.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\Canal\Canal Widget\VOD\npCpVod.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -

Notify-dimsntfy - (no file)
AddRemove-Teamspeak 2 RC2_is1 - c:\documents and settings\luc\Mes documents\Teamspeak2_RC2\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-14 11:12
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x871CB1E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf762dfc3
\Driver\ACPI -> ACPI.sys @ 0xf733fcb8
\Driver\atapi -> sfsync02.sys @ 0xf77f9d60
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
"ImagePath"="c:\apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=c:\apps\Inventime\mysql\my.ini MysqlInventime"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-2863534237-775633001-747451241-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c7,30,ed,94,d8,a5,9f,4f,71,60,76,ba,c7,b1,b0,f5,fb,51,d7,ad,48,1b,f1,
0e,df,16,b1,60,9d,41,82,cb,47,3b,b9,32,cc,cd,8e,a2,f8,64,da,6b,aa,f6,90,e8,\
"??"=hex:69,3e,43,58,9f,64,ba,75,fe,6b,77,07,2a,78,dd,74

[HKEY_USERS\S-1-5-21-2863534237-775633001-747451241-1008\Software\SecuROM\License information*]
"datasecu"=hex:22,cd,31,ae,81,32,21,83,3a,4d,0e,e7,77,0c,bf,89,51,2f,59,6f,47,
e5,da,15,a9,96,4e,81,9b,f2,f8,31,b6,b2,5b,31,af,bd,37,dd,96,ab,f2,54,00,aa,\
"rkeysecu"=hex:a1,fb,79,8e,18,ca,b0,3b,52,96,21,ab,fe,df,9c,79

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):be,0b,bc,77,3b,13,9d,af,1a,13,96,bb,a1,29,fb,f8,f7,f1,7d,5c,f6,
99,3a,da,f5,3e,a7,48,61,f6,15,57,e7,ba,96,34,ee,a2,36,eb,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{d55fea38-4ab6-4ef4-94d5-57b860b0c23d}]
@Denied: (Full) (Everyone)
"Model"=dword:00000046
"Therad"=dword:00000011

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(8336)
c:\program files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\apps\HIDSERVICE\HIDSERVICE.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Inventel\Gateway\wlancfg.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\nwiz.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\mouse driver\mousedrv .exe
c:\docume~1\luc\LOCALS~1\Temp\ctv75839.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Windows Live\Toolbar\wltuser.exe
.
**************************************************************************
.
Heure de fin: 2010-03-14 11:23:23 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-03-14 10:23

Avant-CF: 50 674 225 152 octets libres
Après-CF: 50 575 089 664 octets libres

Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,3,4,5,6,7
- - End Of File - - 36B45525300C1139F0AF746F9E4E1205

| Alerter

Répondre à Anonyme

Destrio5

14 Mars 2010 11:02:45

Télécharge Dr.Web CureIt! sur ton Bureau.

Double-clique sur drweb-cureit.exe et clique sur Commencer le scan.

Ce scan rapide permet l'analyse des processus chargés en mémoire; s'il trouve des processus infectés, clique sur le bouton Oui pour Tout à l'invite.

Lorsque le scan rapide est terminé, clique sur Options > Changer la configuration.

Choisis l'onglet Scanner, et décoche Analyse heuristique.

De retour à la fenêtre principale : choisis Analyse complète.

Clique la flèche verte sur la droite et le scan débutera. Une publicité apparaît quelquefois, ferme-la.

Clique Oui pour Tout si un fichier est détecté.

A la fin du scan, si des infections sont trouvées, clique sur Tout sélectionner, puis sur Désinfecter. Si la désinfection est impossible, clique sur Quarantaine.

Au menu principal de l'outil, en haut à gauche, clique sur le menu Fichier et choisis Enregistrer le rapport.

Sauvegarde le rapport sur ton Bureau. Ce dernier se nommera DrWeb.csv.

Ferme Dr.Web CureIt!

Redémarre ton ordinateur (très important) car certains fichiers peuvent être déplacés/réparés au redémarrage.

Suite au redémarrage, poste (Copie/Colle) le contenu du rapport de l'outil Dr.Web dans ta prochaine réponse.

NB : Dr.Web en version gratuite est un scanner à la demande et n'entre pas en conflit avec ton antivirus résident. Tu pourras finalement supprimer Dr.Web à la fin des manipulations.

| Alerter

Répondre à Destrio5

Anonyme

14 Mars 2010 12:41:24

merci beaucoup pour ton aide, te renverrais un message pour te faire savoir si le problème est régler, par contre tout à l'heure je voulais mettre à jour mes pare feux windows et un logiciel est apparu et il est assez intempestifs, c'est internet security 2010 j'ai chercher sur mon pc pour le supprimer ou désinstaller mais pas moyen de le trouver, saurais-tu comment le supprimer ?

Merci

| Alerter

Répondre à Anonyme

Destrio5

14 Mars 2010 13:36:32

C'est un rogue.

Ton PC a encore plein d'infections.

| Alerter

Répondre à Destrio5

Tom's guide dans le monde