Votre question

Virus HIDDENEXT/Crypted + pdyut2yo16

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
Anonyme
13 Mars 2010 13:17:49

Bonjour, alors j'ai un problème dernièrement j'ai choper plusieurs virus, j'ai réussi à en supprimer plusieurs mais certains s'accrochent donc je me dirige vers vous pour plus de conseils, pour le moment j'ai utilisé le scan de mon antivirus (antivir), adware, malwarebytes, ccleaner, spybot mais rien n'y fait à chaque fois que je démarre mon pc, mon antivirus me dit qu'il a trouvé 2 virus : HIDDENEXT/Crypted et un virus pdyut2yo16, donc j'ai télécharger hijackthis et j'ai fait un scan, est-ce que quelqu'un saurait me dire ce qui se passe ?
Merci d'avance pour votre aide.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11:03, on 13/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nwiz.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\mouse driver\mousedrv .exe
c:\windows\system32\algs .exe
C:\WINDOWS\system32\winIogon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\luc\SyncMan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\mxmxxl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SyncMan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\luc\LOCALS~1\Temp\ctv298.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cooxer.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wanadoo.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SyncMan] C:\WINDOWS\system32\SyncMan.exe
O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\system32\algs.exe
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\system32\winIogon.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\mxmxxl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr .exe" /background
O4 - HKCU\..\Run: [gdf498gtudsigjnsod8guifjgfhfhf] c:\docume~1\luc\locals~1\temp\pdyut2yo16 .exe
O4 - HKCU\..\Run: [SyncMan] C:\WINDOWS\system32\SyncMan.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\mxmxxl.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration .LNK = C:\Documents and Settings\luc\Application Data\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\luc\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F1EFB55-531B-4861-92FF-57666B86F099}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{31B8BC87-F4FF-42F3-8CD6-10C18AFB7D66}: NameServer = 212.27.40.240,212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{41170D04-1255-4062-B020-6E7BCD7FEBF7}: NameServer = 212.27.40.240,212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{8503E18A-5C5F-4A5B-AA90-3721A6CDFDA3}: NameServer = 212.27.40.240,212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDAED2B9-43F6-41CD-A207-FD9833EFF9D4}: NameServer = 212.27.40.240,212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{2F1EFB55-531B-4861-92FF-57666B86F099}: NameServer = 212.27.54.252,212.27.53.252
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Service Google Update (gupdate1ca032cf3c7aff8) (gupdate1ca032cf3c7aff8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

--
End of file - 14821 bytes

Autres pages sur : virus hiddenext crypted pdyut2yo16

a c 296 8 Sécurité
13 Mars 2010 13:19:24

Bonjour,

  • Télécharge OTL (de OldTimer) sur ton Bureau.
  • Double-clique sur OTL pour le lancer.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Une fenêtre apparaît. Dans la section Output en haut de cette fenêtre, coche Minimal Output.
  • Coche également les cases à côté de LOP Check et Purity Check.
  • Enfin, clique sur le bouton Run Scan. Le scan ne prendra pas beaucoup de temps.
  • Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau).

    Pour me transmettre les rapports :
  • Clique sur ce lien : http://www.cijoint.fr/
  • Clique sur Parcourir... et cherche le fichier du rapport que tu souhaites me transmettre.
  • Clique sur Ouvrir.
  • Clique sur Cliquez ici pour déposer le fichier.
  • Un lien de cette forme, hxxp://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt, est ajouté dans la page.
  • Copie-colle ce lien dans ta réponse.
    Contenus similaires
    Pas de réponse à votre question ? Demandez !
    a c 296 8 Sécurité
    13 Mars 2010 13:47:39

    OMG :lol: 

    [#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    Anonyme
    14 Mars 2010 11:24:27

    ComboFix 10-03-12.04 - luc 13/03/2010 13:58:22.1.2 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1023.530 [GMT 1:00]
    Lancé depuis: c:\documents and settings\luc\Mes documents\Téléchargements\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\luc\nwiz .exe
    c:\documents and settings\luc\rundll32 .exe
    c:\documents and settings\luc\rundll32.exe
    c:\documents and settings\luc\syncman .exe
    c:\documents and settings\luc\SyncMan.exe
    C:\FAUXVIRUS
    c:\fauxvirus\Faux Virus . COM! Le site pour faire des farces aux autres! -) s.url
    c:\fauxvirus\info email.txt
    c:\fauxvirus\info sillymouse.txt
    c:\fauxvirus\info smalldick.txt
    c:\fauxvirus\info Sol.txt
    c:\fauxvirus\info trouver_quit.txt
    c:\fauxvirus\info Virus_flo.txt
    c:\fauxvirus\Lisez moi sillymouse.txt
    c:\fauxvirus\Readme sillymouse.txt
    c:\fauxvirus\sillymouse.exe
    c:\program files\Adobe\acrotray .exe
    c:\program files\INSTALL.LOG
    c:\program files\Internet Explorer\js.mui
    c:\program files\Internet Explorer\wmpscfgs.exe
    c:\program files\Search Settings
    c:\program files\Search Settings\kb127\SearchSettings.dll
    c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
    c:\program files\Search Settings\SearchSettings.exe
    c:\recycler\S-1-5-21-3094894503-3458044819-1272999244-1003
    c:\windows\logfile32.txt
    c:\windows\mxmxxl .exe
    c:\windows\services .exe
    c:\windows\system32\_003779_.tmp.dll
    c:\windows\system32\_003780_.tmp.dll
    c:\windows\system32\_003781_.tmp.dll
    c:\windows\system32\_003782_.tmp.dll
    c:\windows\system32\_003786_.tmp.dll
    c:\windows\system32\_003787_.tmp.dll
    c:\windows\system32\_003788_.tmp.dll
    c:\windows\system32\_003789_.tmp.dll
    c:\windows\system32\_003790_.tmp.dll
    c:\windows\system32\_003791_.tmp.dll
    c:\windows\system32\_003792_.tmp.dll
    c:\windows\system32\_003793_.tmp.dll
    c:\windows\system32\_003794_.tmp.dll
    c:\windows\system32\_003795_.tmp.dll
    c:\windows\system32\_003796_.tmp.dll
    c:\windows\system32\_003797_.tmp.dll
    c:\windows\system32\_003798_.tmp.dll
    c:\windows\system32\_003799_.tmp.dll
    c:\windows\system32\_003800_.tmp.dll
    c:\windows\system32\_003801_.tmp.dll
    c:\windows\system32\_003802_.tmp.dll
    c:\windows\system32\_003803_.tmp.dll
    c:\windows\system32\_003804_.tmp.dll
    c:\windows\system32\_003805_.tmp.dll
    c:\windows\system32\_003806_.tmp.dll
    c:\windows\system32\_003808_.tmp.dll
    c:\windows\system32\_003809_.tmp.dll
    c:\windows\system32\_003811_.tmp.dll
    c:\windows\system32\_003812_.tmp.dll
    c:\windows\system32\_003813_.tmp.dll
    c:\windows\system32\_003814_.tmp.dll
    c:\windows\system32\_003815_.tmp.dll
    c:\windows\system32\_003816_.tmp.dll
    c:\windows\system32\_003818_.tmp.dll
    c:\windows\system32\_003819_.tmp.dll
    c:\windows\system32\_003820_.tmp.dll
    c:\windows\system32\_003821_.tmp.dll
    c:\windows\system32\_003822_.tmp.dll
    c:\windows\system32\_003823_.tmp.dll
    c:\windows\system32\_003824_.tmp.dll
    c:\windows\system32\_003825_.tmp.dll
    c:\windows\system32\_003827_.tmp.dll
    c:\windows\system32\_003828_.tmp.dll
    c:\windows\system32\_003829_.tmp.dll
    c:\windows\system32\_003830_.tmp.dll
    c:\windows\system32\_003831_.tmp.dll
    c:\windows\system32\_003832_.tmp.dll
    c:\windows\system32\_003833_.tmp.dll
    c:\windows\system32\_003834_.tmp.dll
    c:\windows\system32\_003835_.tmp.dll
    c:\windows\system32\_003836_.tmp.dll
    c:\windows\system32\_003837_.tmp.dll
    c:\windows\system32\_003838_.tmp.dll
    c:\windows\system32\_003839_.tmp.dll
    c:\windows\system32\_003840_.tmp.dll
    c:\windows\system32\_003841_.tmp.dll
    c:\windows\system32\_003842_.tmp.dll
    c:\windows\system32\_003843_.tmp.dll
    c:\windows\system32\_003844_.tmp.dll
    c:\windows\system32\_003845_.tmp.dll
    c:\windows\system32\_003846_.tmp.dll
    c:\windows\system32\_003847_.tmp.dll
    c:\windows\system32\_003848_.tmp.dll
    c:\windows\system32\_003849_.tmp.dll
    c:\windows\system32\_003850_.tmp.dll
    c:\windows\system32\_003851_.tmp.dll
    c:\windows\system32\_003852_.tmp.dll
    c:\windows\system32\_003853_.tmp.dll
    c:\windows\system32\_003854_.tmp.dll
    c:\windows\system32\_003856_.tmp.dll
    c:\windows\system32\_003857_.tmp.dll
    c:\windows\system32\_003858_.tmp.dll
    c:\windows\system32\_003859_.tmp.dll
    c:\windows\system32\_003860_.tmp.dll
    c:\windows\system32\_003861_.tmp.dll
    c:\windows\system32\_003862_.tmp.dll
    c:\windows\system32\_003864_.tmp.dll
    c:\windows\system32\_003865_.tmp.dll
    c:\windows\system32\_003866_.tmp.dll
    c:\windows\system32\_003867_.tmp.dll
    c:\windows\system32\_003868_.tmp.dll
    c:\windows\system32\_003869_.tmp.dll
    c:\windows\system32\_003870_.tmp.dll
    c:\windows\system32\_003871_.tmp.dll
    c:\windows\system32\_003873_.tmp.dll
    c:\windows\system32\_003874_.tmp.dll
    c:\windows\system32\_003875_.tmp.dll
    c:\windows\system32\_003878_.tmp.dll
    c:\windows\system32\_003879_.tmp.dll
    c:\windows\system32\_003881_.tmp.dll
    c:\windows\system32\_003882_.tmp.dll
    c:\windows\system32\_003883_.tmp.dll
    c:\windows\system32\_003884_.tmp.dll
    c:\windows\system32\_003885_.tmp.dll
    c:\windows\system32\_003886_.tmp.dll
    c:\windows\system32\_003888_.tmp.dll
    c:\windows\system32\_003889_.tmp.dll
    c:\windows\system32\_003890_.tmp.dll
    c:\windows\system32\_003891_.tmp.dll
    c:\windows\system32\_003892_.tmp.dll
    c:\windows\system32\_003893_.tmp.dll
    c:\windows\system32\_003894_.tmp.dll
    c:\windows\system32\_003897_.tmp.dll
    c:\windows\system32\_003898_.tmp.dll
    c:\windows\system32\_003899_.tmp.dll
    c:\windows\system32\_003900_.tmp.dll
    c:\windows\system32\_003901_.tmp.dll
    c:\windows\system32\_003902_.tmp.dll
    c:\windows\system32\_003903_.tmp.dll
    c:\windows\system32\_003905_.tmp.dll
    c:\windows\system32\_003906_.tmp.dll
    c:\windows\system32\_003907_.tmp.dll
    c:\windows\system32\_003908_.tmp.dll
    c:\windows\system32\_003909_.tmp.dll
    c:\windows\system32\_003911_.tmp.dll
    c:\windows\system32\_003914_.tmp.dll
    c:\windows\system32\_003915_.tmp.dll
    c:\windows\system32\_003919_.tmp.dll
    c:\windows\system32\_003920_.tmp.dll
    c:\windows\system32\_003922_.tmp.dll
    c:\windows\system32\_003925_.tmp.dll
    c:\windows\system32\_003927_.tmp.dll
    c:\windows\system32\_003928_.tmp.dll
    c:\windows\system32\_003929_.tmp.dll
    c:\windows\system32\_003930_.tmp.dll
    c:\windows\system32\_003933_.tmp.dll
    c:\windows\system32\_003934_.tmp.dll
    c:\windows\system32\_003935_.tmp.dll
    c:\windows\system32\_003936_.tmp.dll
    c:\windows\system32\_003937_.tmp.dll
    c:\windows\system32\_003942_.tmp.dll
    c:\windows\system32\_003944_.tmp.dll
    c:\windows\system32\algs .exe
    c:\windows\system32\algs .exe
    c:\windows\system32\algs.exe
    c:\windows\system32\csrs.exe
    c:\windows\system32\ctfmon .exe
    c:\windows\system32\firewall.exe
    c:\windows\system32\iexplore .exe
    c:\windows\system32\logon.exe
    c:\windows\system32\lssas .exe
    c:\windows\system32\lssas .exe
    c:\windows\system32\lssas .exe
    c:\windows\system32\lssas .exe
    c:\windows\system32\nwiz .exe
    c:\windows\system32\regedit .exe
    c:\windows\system32\regedit.exe
    c:\windows\system32\rundll32 .exe
    c:\windows\system32\syncman .exe
    c:\windows\system32\syncman .exe
    c:\windows\system32\winamp .exe
    c:\windows\system32\winiogon .exe
    c:\windows\system32\winiogon .exe
    c:\windows\system32\winiogon.exe

    c:\windows\system32\drivers\cdrom.sys . . . manque!!

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-14 au 2010-03-14 ))))))))))))))))))))))))))))))))))))
    .

    2010-03-13 12:27 . 2010-03-13 12:27 129 ----a-w- c:\windows\system32\rdhe.bat
    2010-03-13 12:08 . 2010-03-13 12:08 -------- d-----w- c:\program files\Trend Micro
    2010-03-13 11:53 . 2010-03-13 11:53 40448 --sh--r- c:\windows\mxmxxl.exe
    2010-03-13 00:17 . 2010-03-13 00:17 -------- d-----w- c:\documents and settings\luc\Application Data\Malwarebytes
    2010-03-13 00:17 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-13 00:17 . 2010-03-13 00:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-03-13 00:17 . 2010-03-13 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-03-13 00:17 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-12 20:30 . 2010-03-12 20:30 124 ----a-w- c:\windows\odtuhizm.bat
    2010-03-12 20:29 . 2010-03-12 20:29 130 ----a-w- c:\windows\system32\tvaov.bat
    2010-03-12 18:11 . 2010-03-12 18:11 4 ----a-w- c:\program files\147062.dat
    2010-03-12 18:11 . 2010-03-12 18:11 131 ----a-w- c:\windows\system32\fdaznd.bat
    2010-03-12 18:08 . 2010-03-12 18:08 4 ----a-w- c:\program files\77062.dat
    2010-03-12 18:07 . 2010-03-12 18:07 122 ----a-w- c:\windows\koncrr.bat
    2010-03-12 18:05 . 2010-03-12 18:05 4 ----a-w- c:\program files\8013031.dat
    2010-03-12 18:02 . 2010-03-12 18:02 133 ----a-w- c:\windows\system32\muhnavsz.bat
    2010-03-12 18:02 . 2010-03-12 18:02 130 ----a-w- c:\windows\system32\sgsoh.bat
    2010-03-12 17:58 . 2010-03-12 17:58 122 ----a-w- c:\windows\rwoymp.bat
    2010-03-12 17:57 . 2010-03-13 00:09 130 ----a-w- c:\windows\system32\jdden.bat
    2010-03-12 17:57 . 2010-03-12 18:03 129 ----a-w- c:\windows\system32\dehx.bat
    2010-03-12 17:53 . 2010-03-12 17:53 130 ----a-w- c:\windows\system32\gorex.bat
    2010-03-12 17:52 . 2010-03-12 17:52 129 ----a-w- c:\windows\system32\lrho.bat
    2010-03-12 16:01 . 2010-03-12 16:01 -------- d-----r- c:\documents and settings\NetworkService\Favoris
    2010-03-12 10:20 . 2010-03-12 10:20 4 ----a-w- c:\program files\258984.dat
    2010-03-12 09:40 . 2010-03-12 09:40 -------- d-----w- c:\windows\system32\ActiveScan
    2010-03-11 21:25 . 2010-03-11 21:25 124 ----a-w- c:\windows\system32\haswi.bat
    2010-03-11 21:21 . 2010-03-11 21:21 125 ----a-w- c:\windows\system32\puodeu.bat
    2010-03-11 21:21 . 2010-03-11 21:21 124 ----a-w- c:\windows\system32\hpmgv.bat
    2010-03-11 19:48 . 2010-03-11 19:48 125 ----a-w- c:\windows\system32\zxpkli.bat
    2010-03-11 17:29 . 2010-03-11 17:29 132 ----a-w- c:\windows\system32\dloymut.bat
    2010-03-11 17:29 . 2010-03-11 17:29 132 ----a-w- c:\windows\system32\oknuntt.bat
    2010-03-11 12:16 . 2010-03-11 12:16 123 ----a-w- c:\windows\system32\ykgx.bat
    2010-03-11 12:16 . 2010-03-11 12:16 124 ----a-w- c:\windows\system32\rnzqv.bat
    2010-03-11 12:16 . 2010-03-11 12:16 127 ----a-w- c:\windows\system32\gecjvoja.bat
    2010-03-11 12:16 . 2010-03-11 12:16 124 ----a-w- c:\windows\system32\xvrot.bat
    2010-03-11 10:41 . 2010-03-13 12:27 40448 ----a-w- c:\documents and settings\luc\nwiz.exe
    2010-03-11 10:41 . 2010-03-11 10:41 130048 ----a-w- c:\windows\system32\uakk.exe
    2010-03-11 10:36 . 2010-03-11 10:36 125 ----a-w- c:\windows\system32\nhesll.bat
    2010-03-11 10:35 . 2010-03-11 10:35 298496 --sha-r- c:\windows\system32\sy.exe
    2010-03-11 10:10 . 2010-03-11 10:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Test Drive Unlimited
    2010-03-09 19:26 . 2010-03-09 19:27 -------- d-----w- c:\program files\InterActual
    2010-03-05 14:46 . 1997-01-18 09:40 299520 ----a-w- c:\windows\uninst.exe
    2010-03-04 11:23 . 2010-03-04 11:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SWTCWRH
    2010-03-04 11:20 . 2010-03-04 11:20 -------- d-----w- c:\windows\11AE680750D24F5982B32C3E695E94C2.TMP
    2010-02-25 21:36 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\drivers\Changer.sys
    2010-02-25 21:36 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
    2010-02-24 22:01 . 2010-03-12 12:51 -------- d-----w- c:\documents and settings\luc\Application Data\DMCache
    2010-02-24 22:01 . 2010-03-09 19:03 -------- d-----w- c:\documents and settings\luc\Application Data\IDM
    2010-02-24 22:01 . 2010-03-13 00:09 -------- d-----w- c:\program files\Internet Download Manager
    2010-02-24 03:31 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
    2010-02-18 13:14 . 2010-02-18 13:17 -------- d-----w- c:\documents and settings\luc\dwhelper
    2010-02-17 23:23 . 2010-02-17 23:23 -------- d-----w- c:\program files\eMule
    2010-02-17 14:33 . 2010-02-17 14:33 307968 ----a-w- c:\windows\system32\TuneUpDefragService.exe
    2010-02-17 14:33 . 2008-02-27 12:15 28416 ----a-w- c:\windows\system32\uxtuneup.dll
    2010-02-17 14:33 . 2010-02-17 14:33 -------- d-----w- c:\documents and settings\luc\Application Data\TuneUp Software
    2010-02-17 14:32 . 2010-02-17 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
    2010-02-17 14:32 . 2010-02-17 14:32 -------- d-----w- c:\program files\TuneUp Utilities 2008
    2010-02-17 14:20 . 2010-02-17 14:20 -------- d-----w- c:\program files\IObit
    2010-02-17 14:11 . 2010-02-17 14:11 413696 ----a-w- c:\windows\system32\wrap_oal.dll
    2010-02-17 14:11 . 2010-02-17 14:11 110592 ----a-w- c:\windows\system32\OpenAL32.dll
    2010-02-17 14:11 . 2010-02-17 14:11 -------- d-----w- c:\program files\OpenAL
    2010-02-17 14:07 . 2010-02-17 14:07 -------- d-----w- c:\program files\Anuman interactive
    2010-02-12 14:50 . 1994-09-20 23:00 92208 ----a-w- c:\windows\system32\WING.DLL
    2010-02-12 14:50 . 1994-09-20 23:00 12800 ----a-w- c:\windows\system\WING32.DLL
    2010-02-12 14:39 . 1994-09-20 23:00 92208 ----a-w- c:\windows\system\WING.DLL
    2010-02-12 14:39 . 1994-09-20 23:00 6736 ----a-w- c:\windows\system\WINGDIB.DRV
    2010-02-12 14:39 . 1994-09-20 23:00 12800 ----a-w- c:\windows\system32\WING32.DLL
    2010-02-12 14:39 . 1994-08-23 23:00 188960 ----a-w- c:\windows\system\WINGDE.DLL

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-03-14 10:14 . 2010-03-14 10:14 40448 ----a-w- c:\windows\system32\syncman.exe
    2010-03-14 10:14 . 2010-03-14 10:14 40448 ----a-w- c:\documents and settings\luc\rundll32.exe
    2010-03-14 10:14 . 2005-09-17 12:33 -------- d-----w- c:\program files\Mouse Driver
    2010-03-14 10:14 . 2010-03-14 10:14 40448 ----a-w- c:\documents and settings\luc\rundll32 .exe
    2010-03-14 10:14 . 2010-03-14 10:14 40448 ----a-w- c:\documents and settings\luc\syncman.exe
    2010-03-13 12:27 . 2010-03-11 10:41 40448 ----a-w- c:\documents and settings\luc\nwiz .exe
    2010-03-12 16:01 . 2010-03-12 16:01 40448 ----a-w- c:\windows\system32\OLD4.tmp
    2010-03-12 16:01 . 2005-07-28 14:37 40448 ----a-w- c:\windows\system32\nwiz.exe
    2010-03-11 16:05 . 2009-02-18 13:12 -------- d-----w- c:\program files\RomStation
    2010-03-11 10:31 . 2005-12-25 14:05 -------- d-----w- c:\program files\Atari
    2010-03-11 09:51 . 2010-03-11 09:51 49152 ----a-r- c:\documents and settings\luc\Application Data\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe
    2010-03-11 00:03 . 2009-03-18 14:34 -------- d-----w- c:\documents and settings\luc\Application Data\Azureus
    2010-03-09 19:27 . 2009-02-17 11:16 -------- d-----w- c:\documents and settings\luc\Application Data\dvdcss
    2010-03-09 17:55 . 2007-01-20 19:24 43520 -c--a-w- c:\windows\system32\CmdLineExt03.dll
    2010-03-05 14:47 . 2009-10-30 12:32 -------- d-----w- c:\program files\LucasArts
    2010-03-04 11:20 . 2009-05-04 13:34 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
    2010-03-04 11:11 . 2005-07-28 14:39 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-03-03 08:46 . 2009-03-18 14:33 -------- d-----w- c:\program files\Vuze
    2010-03-01 18:01 . 2006-12-11 14:13 -------- d-----w- c:\documents and settings\luc\Application Data\InstallShield Installation Information
    2010-02-25 21:44 . 2010-02-25 21:44 16 ----a-w- c:\documents and settings\LocalService\Application Data\rbuwzv.dat
    2010-02-25 21:34 . 2010-02-25 21:34 8 ----a-w- c:\documents and settings\luc\Application Data\rbuwzv.dat
    2010-02-25 13:25 . 2007-11-26 14:25 -------- d-----w- c:\documents and settings\luc\Application Data\OpenOffice.org2
    2010-02-25 13:24 . 2008-01-13 19:47 1 ----a-w- c:\documents and settings\luc\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
    2010-02-24 22:01 . 2010-02-24 22:01 198064 ----a-w- c:\documents and settings\luc\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
    2010-02-22 19:37 . 2004-08-16 15:41 816670 ----a-w- c:\windows\system32\perfh00C.dat
    2010-02-22 19:37 . 2004-08-16 15:41 265392 ----a-w- c:\windows\system32\perfc00C.dat
    2010-02-17 15:34 . 2005-09-11 08:46 75136 -c--a-w- c:\documents and settings\luc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-02-17 15:24 . 2006-06-11 14:22 -------- d-----w- c:\program files\Yahoo!
    2010-02-17 15:20 . 2006-01-18 12:25 -------- d-----w- c:\program files\Steam
    2010-02-17 15:16 . 2006-10-22 09:56 -------- d-----w- c:\program files\Port Royale
    2010-02-17 15:14 . 2008-07-28 21:38 -------- d-----w- c:\program files\Pinnacle
    2010-02-17 15:10 . 2009-06-30 17:25 -------- d-----w- c:\program files\Image-Line
    2010-02-17 15:09 . 2009-06-21 13:46 -------- d-----w- c:\program files\Frets on Fire
    2010-02-17 15:08 . 2009-06-30 17:28 -------- d-----w- c:\program files\VstPlugins
    2010-02-17 15:07 . 2010-01-28 16:28 -------- d-----w- c:\documents and settings\luc\Application Data\FILEminimizerPictures
    2010-02-17 15:05 . 2008-07-22 23:06 -------- d-----w- c:\program files\DeskPlayer
    2010-02-17 15:04 . 2010-02-17 15:04 1190400 ----a-w- c:\documents and settings\luc\Application Data\Dealio\dinstallhelper.94E0B1293AB94CB38231CF08838D4F4F.dll
    2010-02-17 15:04 . 2009-03-29 12:01 -------- d-----w- c:\documents and settings\luc\Application Data\Dealio
    2010-02-17 14:10 . 2009-05-04 13:35 -------- d-----w- c:\program files\AGEIA Technologies
    2010-02-17 11:34 . 2008-05-01 18:23 -------- d-----w- c:\program files\SpeedFan
    2010-02-07 20:19 . 2007-04-04 18:38 -------- d-----w- c:\program files\adslTV
    2010-01-30 12:20 . 2010-01-30 12:20 1 ----a-w- c:\documents and settings\luc\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2010-01-30 12:20 . 2010-01-30 12:20 -------- d-----w- c:\documents and settings\luc\Application Data\OpenOffice.org
    2010-01-25 11:04 . 2008-01-14 10:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2010-01-21 13:42 . 2009-11-06 22:38 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-01-13 19:46 . 2010-01-13 19:46 -------- d-----w- c:\program files\DownloadToolz
    2010-01-12 18:49 . 2010-01-12 18:49 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
    2010-01-05 09:56 . 2004-08-16 15:41 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-01-05 09:56 . 2004-08-16 15:40 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-01-05 09:56 . 2004-08-16 15:40 17408 ----a-w- c:\windows\system32\corpol.dll
    2009-12-31 16:14 . 2009-05-06 07:05 352640 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-25 22:52 . 2009-12-25 22:52 62512 ---ha-w- c:\windows\system32\mlfcache.dat
    2009-12-25 17:36 . 2005-07-28 14:31 98304 ----a-w- c:\windows\DUMP6ac0.tmp
    2009-12-17 07:59 . 2004-08-16 16:03 347648 ----a-w- c:\windows\system32\mspaint.exe
    2009-03-03 21:22 . 2009-03-03 21:22 87 -c--a-w- c:\program files\pec.ini
    2007-01-11 13:07 . 2007-10-04 04:39 58032562 -c--a-w- c:\program files\Samsung_PC_Studio_311_FKB.exe
    2006-04-28 19:06 . 2005-09-10 19:19 278528 -c--a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
    2005-11-14 18:51 . 2005-11-14 18:51 7256768 -c--a-w- c:\program files\SkypeSetup.exe
    1998-04-30 12:56 . 2008-07-27 13:08 129024 -c--a-w- c:\program files\UNWISE.EXE
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    .
    1. <pre>
    2. c:\program files\Adobe\acrotray .exe
    3. c:\program files\Malwarebytes' Anti-Malware\mbam .exe
    4. c:\program files\Mouse Driver\mousedrv .exe
    5. c:\program files\Windows Live\Messenger\msnmsgr .exe
    6. c:\program files\Windows Live\Messenger\msnmsgr .exe
    7. c:\program files\Windows Live\Messenger\msnmsgr .exe
    8. c:\program files\Windows Live\Messenger\msnmsgr .exe
    9. c:\program files\Windows Live\Messenger\msnmsgr .exe
    10. c:\program files\Windows Live\Messenger\msnmsgr .exe
    11. c:\program files\Windows Live\Messenger\msnmsgr .exe
    12. c:\program files\Windows Live\Messenger\msnmsgr .exe
    13. c:\program files\Windows Live\Messenger\msnmsgr .exe
    14. c:\program files\Windows Live\Messenger\msnmsgr .exe
    15. c:\program files\Windows Live\Messenger\msnmsgr .exe
    16. c:\program files\Windows Live\Messenger\msnmsgr .exe
    17. c:\program files\Windows Live\Messenger\msnmsgr .exe
    18. c:\program files\Windows Live\Messenger\msnmsgr .exe
    19. c:\program files\Windows Live\Messenger\msnmsgr .exe
    20. c:\windows\ime\IMJP8_1\imjpmig .exe
    21. c:\windows\system32\IME\TINTLGNT\tintsetp .exe
    22. </pre>


    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\windows live\messenger\msnmsgr .exe" [2009-07-26 3883856]
    "SyncMan"="c:\documents and settings\luc\SyncMan.exe" [2010-03-14 40448]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
    "nwiz"="nwiz.exe" [2010-03-12 40448]
    "CreativeMouse "="c:\program files\Mouse Driver\MouseDrv.exe" [2010-03-14 40448]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 110592]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "SyncMan"="c:\windows\system32\SyncMan.exe" [2010-03-14 40448]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

    c:\documents and settings\luc\Menu D‚marrer\Programmes\D‚marrage\
    Registration .LNK - c:\documents and settings\luc\Application Data\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe [2010-3-1 6955008]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^luc^Menu Démarrer^Programmes^Démarrage^Registration Brothers In Arms.LNK]
    path=c:\documents and settings\luc\Menu Démarrer\Programmes\Démarrage\Registration Brothers In Arms.LNK
    backup=c:\windows\pss\Registration Brothers In Arms.LNKStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
    c:\program files\Babylon\Babylon-Pro\Babylon.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Canal Widget]
    2010-01-12 10:13 163928 ----a-w- c:\program files\Canal\Canal Widget\Launcher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    2007-04-03 22:29 165784 -c--a-w- c:\program files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
    2009-02-22 19:15 5668864 ----a-w- c:\program files\eMule\emule.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Felix]
    2001-11-18 15:37 307200 -c----w- c:\program files\ScreenMates\chatscreemate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-11-12 15:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2007-07-25 14:06 2027792 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
    2006-04-23 08:56 190024 ----a-w- c:\program files\MessengerPlus! 3\MsgPlus.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-03-11 10:35 40448 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2005-10-10 13:01 14881320 ----a-w- c:\apps\skype\phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlackerElves]
    c:\program files\ScreenMates\elves.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    2005-01-20 18:04 77824 -c--a-w- c:\windows\SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2009-12-07 12:43 1217808 ----a-w- c:\program files\Steam\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2005-07-28 14:47 180269 ----a-w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
    2008-06-19 13:15 3664944 ----a-w- c:\program files\Veoh Networks\Veoh\VeohClient.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2006-09-26 14:49 35328 ----a-w- c:\program files\Winamp\winampa.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "SsAAD.exe"=c:\progra~1\Sony\SONICS~1\SsAAD.exe
    "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
    "IDMan"=c:\program files\Internet Download Manager\IDMan.exe /onboot

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "ACTIVBOARD"=c:\apps\ABoard\ABoard.exe
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "PCMService"="c:\apps\Powercinema\PCMService.exe"
    "au"=c:\program files\Dealio\DealioAU.exe
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "Ask and Record FLV Service"="c:\program files\Replay Media Catcher\FLVSrvc.exe" /run
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"
    "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    "SearchSettings"=c:\program files\Search Settings\SearchSettings.exe
    "PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%ProgramFiles%\\AOL 9.0\\aol.exe"=
    "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
    "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\APPS\\Inventime\\my.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
    "c:\\Program Files\\Jowood\\Chaser MP Demo\\Chaser.exe"=
    "c:\\WINDOWS\\system32\\mcoinstall.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\alexi_laiho59\\condition zero\\hl.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\alexi_laiho59\\ricochet\\hl.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\adslTV\\vlc.exe"=
    "c:\\Program Files\\adslTV\\adslTV.exe"=
    "c:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
    "c:\\APPS\\skype\\phone\\Skype.exe"=
    "c:\\Program Files\\Steam\\steam.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\alexi_laiho59\\counter-strike source\\hl2.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\alexi_laiho59\\half-life 2 deathmatch\\hl2.exe"=
    "c:\\Program Files\\UnrealTournament\\System\\UnrealTournament.exe"=
    "c:\\Program Files\\HLSW\\hlsw.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\alexi_laiho59\\day of defeat source beta\\hl2.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Documents and Settings\\luc\\Mes documents\\Programmes\\Chaser MP Demo\\Chaser.exe"=
    "c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForever.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\empire total war demo\\Empire.exe"=
    "c:\\COD2\\CoD2MP_s.exe"=
    "c:\\Program Files\\Konami\\Pro Evolution Soccer 2009\\pes2009.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Call of Duty\\CoDMP.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\LucasArts\\Republic Heroes\\Republic Heroes.exe"=
    "c:\\Documents and Settings\\luc\\Mes documents\\Azureus Downloads\\Star.Wars.Battlefront.2.PC.Game(djDEVASTATE™)\\Star.Wars.Battlefront.2.PC.Game(djDEVASTATE™)\\Star.Wars.Battlefront.2.PC.Game(djDEVASTATE™)\\GameData\\BattlefrontII.exe"=
    "c:\\WINDOWS\\system32\\SyncMan.exe"=
    "c:\\Documents and Settings\\luc\\SyncMan.exe"=

    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30/05/2007 12:33 682232]
    R1 SSHDRV52;SSHDRV52;c:\windows\system32\drivers\SSHDRV52.sys [22/10/2006 11:03 29184]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [18/05/2009 14:02 108289]
    R2 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [05/02/2009 14:38 188416]
    R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [28/07/2005 15:37 799744]
    S2 gupdate1ca032cf3c7aff8;Service Google Update (gupdate1ca032cf3c7aff8);c:\program files\Google\Update\GoogleUpdate.exe [12/07/2009 21:11 133104]
    S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\luc\LOCALS~1\Temp\DMSKSSRh.sys --> c:\docume~1\luc\LOCALS~1\Temp\DMSKSSRh.sys [?]
    S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [28/08/2006 23:54 10664]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contenu du dossier 'Tâches planifiées'

    2010-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2010-03-14 c:\windows\Tasks\At1.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

    2010-03-14 c:\windows\Tasks\At10.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

    2010-03-14 c:\windows\Tasks\At11.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

    2010-03-14 c:\windows\Tasks\At12.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

    2010-03-14 c:\windows\Tasks\At13.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

    2010-03-14 c:\windows\Tasks\At14.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

    2010-03-14 c:\windows\Tasks\At15.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

    2010-03-14 c:\windows\Tasks\At16.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

    2010-03-14 c:\windows\Tasks\At17.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

    2010-03-14 c:\windows\Tasks\At18.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

    2010-03-14 c:\windows\Tasks\At19.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

    2010-03-14 c:\windows\Tasks\At2.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

    2010-03-14 c:\windows\Tasks\At20.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

    2010-03-14 c:\windows\Tasks\At21.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

    2010-03-14 c:\windows\Tasks\At22.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

    2010-03-14 c:\windows\Tasks\At23.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

    2010-03-14 c:\windows\Tasks\At24.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

    2010-03-14 c:\windows\Tasks\At25.job
    - c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

    2010-03-14 c:\windows\Tasks\At26.job
    - c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

    2010-03-14 c:\windows\Tasks\At27.job
    - c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

    2010-03-14 c:\windows\Tasks\At28.job
    - c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

    2010-03-14 c:\windows\Tasks\At29.job
    - c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

    2010-03-14 c:\windows\Tasks\At3.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

    2010-03-14 c:\windows\Tasks\At30.job
    - c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

    2010-03-14 c:\windows\Tasks\At31.job
    - c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

    2010-03-14 c:\windows\Tasks\At32.job
    - c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

    2010-03-14 c:\windows\Tasks\At33.job
    - c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

    2010-03-14 c:\windows\Tasks\At34.job
    - c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

    2010-03-14 c:\windows\Tasks\At35.job
    - c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

    2010-03-14 c:\windows\Tasks\At36.job
    - c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

    2010-03-14 c:\windows\Tasks\At37.job
    - c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

    2010-03-14 c:\windows\Tasks\At38.job
    - c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

    2010-03-14 c:\windows\Tasks\At39.job
    - c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

    2010-03-14 c:\windows\Tasks\At4.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

    2010-03-14 c:\windows\Tasks\At40.job
    - c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

    2010-03-14 c:\windows\Tasks\At41.job
    - c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

    2010-03-14 c:\windows\Tasks\At42.job
    - c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

    2010-03-14 c:\windows\Tasks\At43.job
    - c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

    2010-03-14 c:\windows\Tasks\At44.job
    - c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

    2010-03-14 c:\windows\Tasks\At45.job
    - c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

    2010-03-14 c:\windows\Tasks\At46.job
    - c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

    2010-03-14 c:\windows\Tasks\At47.job
    - c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

    2010-03-14 c:\windows\Tasks\At48.job
    - c:\program files\adobe\acrotray .exe [2010-03-14 10:15]

    2010-03-14 c:\windows\Tasks\At5.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

    2010-03-14 c:\windows\Tasks\At6.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

    2010-03-14 c:\windows\Tasks\At7.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

    2010-03-14 c:\windows\Tasks\At8.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

    2010-03-14 c:\windows\Tasks\At9.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-03-14 10:14]

    2010-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 20:11]

    2010-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 20:11]

    2010-03-14 c:\windows\Tasks\Maintenance en 1 clic.job
    - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-03-03 08:42]
    .
    .
    ------- Examen supplémentaire -------
    .
    mStart Page = hxxp://www.cooxer.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.wanadoo.fr/
    uInternet Settings,ProxyOverride = localhost;*.local
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
    IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
    IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
    IE: Compare Prices with &Dealio - c:\documents and settings\luc\Application Data\Dealio\kb127\res\DealioSearch.html
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
    IE: Sothink SWF Catcher
    IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
    IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
    TCP: {2F1EFB55-531B-4861-92FF-57666B86F099} = 212.27.54.252,212.27.53.252
    TCP: {31B8BC87-F4FF-42F3-8CD6-10C18AFB7D66} = 212.27.40.240,212.27.40.241
    TCP: {41170D04-1255-4062-B020-6E7BCD7FEBF7} = 212.27.40.240,212.27.40.241
    TCP: {8503E18A-5C5F-4A5B-AA90-3721A6CDFDA3} = 212.27.40.240,212.27.40.241
    TCP: {CDAED2B9-43F6-41CD-A207-FD9833EFF9D4} = 212.27.40.240,212.27.40.241
    FF - ProfilePath - c:\documents and settings\luc\Application Data\Mozilla\Firefox\Profiles\5j5altum.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - plugin: c:\program files\Canal\Canal Widget\VOD\npCpVod.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
    FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: content.max.tokenizing.time - 200000
    FF - user.js: content.notify.interval - 100000
    FF - user.js: content.switch.threshold - 650000
    FF - user.js: nglayout.initialpaint.delay - 300
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    Notify-dimsntfy - (no file)
    AddRemove-Teamspeak 2 RC2_is1 - c:\documents and settings\luc\Mes documents\Teamspeak2_RC2\unins000.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-03-14 11:12
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x871CB1E8]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xf762dfc3
    \Driver\ACPI -> ACPI.sys @ 0xf733fcb8
    \Driver\atapi -> sfsync02.sys @ 0xf77f9d60
    IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
    ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
    \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
    ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
    NDIS: -> SendCompleteHandler -> 0x0
    PacketIndicateHandler -> 0x0
    SendHandler -> 0x0
    user & kernel MBR OK

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
    "ImagePath"="c:\apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=c:\apps\Inventime\mysql\my.ini MysqlInventime"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-2863534237-775633001-747451241-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:c7,30,ed,94,d8,a5,9f,4f,71,60,76,ba,c7,b1,b0,f5,fb,51,d7,ad,48,1b,f1,
    0e,df,16,b1,60,9d,41,82,cb,47,3b,b9,32,cc,cd,8e,a2,f8,64,da,6b,aa,f6,90,e8,\
    "??"=hex:69,3e,43,58,9f,64,ba,75,fe,6b,77,07,2a,78,dd,74

    [HKEY_USERS\S-1-5-21-2863534237-775633001-747451241-1008\Software\SecuROM\License information*]
    "datasecu"=hex:22,cd,31,ae,81,32,21,83,3a,4d,0e,e7,77,0c,bf,89,51,2f,59,6f,47,
    e5,da,15,a9,96,4e,81,9b,f2,f8,31,b6,b2,5b,31,af,bd,37,dd,96,ab,f2,54,00,aa,\
    "rkeysecu"=hex:a1,fb,79,8e,18,ca,b0,3b,52,96,21,ab,fe,df,9c,79

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):be,0b,bc,77,3b,13,9d,af,1a,13,96,bb,a1,29,fb,f8,f7,f1,7d,5c,f6,
    99,3a,da,f5,3e,a7,48,61,f6,15,57,e7,ba,96,34,ee,a2,36,eb,00,00,00,00,00,00,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{d55fea38-4ab6-4ef4-94d5-57b860b0c23d}]
    @Denied: (Full) (Everyone)
    "Model"=dword:00000046
    "Therad"=dword:00000011

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "C040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'explorer.exe'(8336)
    c:\program files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\apps\Powercinema\Kernel\TV\CLSched.exe
    c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    c:\apps\HIDSERVICE\HIDSERVICE.exe
    c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    c:\windows\system32\HPZipm12.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\PnkBstrB.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Inventel\Gateway\wlancfg.exe
    c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\nwiz.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\windows\system32\rundll32.exe
    c:\program files\mouse driver\mousedrv .exe
    c:\docume~1\luc\LOCALS~1\Temp\ctv75839.exe
    c:\program files\Internet Explorer\IEXPLORE.EXE
    c:\program files\Windows Live\Toolbar\wltuser.exe
    .
    **************************************************************************
    .
    Heure de fin: 2010-03-14 11:23:23 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-03-14 10:23

    Avant-CF: 50 674 225 152 octets libres
    Après-CF: 50 575 089 664 octets libres

    Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,3,4,5,6,7
    - - End Of File - - 36B45525300C1139F0AF746F9E4E1205
    a c 296 8 Sécurité
    14 Mars 2010 12:02:45

  • Télécharge Dr.Web CureIt! sur ton Bureau.
  • Double-clique sur drweb-cureit.exe et clique sur Commencer le scan.
  • Ce scan rapide permet l'analyse des processus chargés en mémoire; s'il trouve des processus infectés, clique sur le bouton Oui pour Tout à l'invite.
  • Lorsque le scan rapide est terminé, clique sur Options > Changer la configuration.
  • Choisis l'onglet Scanner, et décoche Analyse heuristique.
  • De retour à la fenêtre principale : choisis Analyse complète.
  • Clique la flèche verte sur la droite et le scan débutera. Une publicité apparaît quelquefois, ferme-la.
  • Clique Oui pour Tout si un fichier est détecté.
  • A la fin du scan, si des infections sont trouvées, clique sur Tout sélectionner, puis sur Désinfecter. Si la désinfection est impossible, clique sur Quarantaine.
  • Au menu principal de l'outil, en haut à gauche, clique sur le menu Fichier et choisis Enregistrer le rapport.
  • Sauvegarde le rapport sur ton Bureau. Ce dernier se nommera DrWeb.csv.
  • Ferme Dr.Web CureIt!
  • Redémarre ton ordinateur (très important) car certains fichiers peuvent être déplacés/réparés au redémarrage.
  • Suite au redémarrage, poste (Copie/Colle) le contenu du rapport de l'outil Dr.Web dans ta prochaine réponse.

    NB : Dr.Web en version gratuite est un scanner à la demande et n'entre pas en conflit avec ton antivirus résident. Tu pourras finalement supprimer Dr.Web à la fin des manipulations.
    Anonyme
    14 Mars 2010 13:41:24

    merci beaucoup pour ton aide, te renverrais un message pour te faire savoir si le problème est régler, par contre tout à l'heure je voulais mettre à jour mes pare feux windows et un logiciel est apparu et il est assez intempestifs, c'est internet security 2010 j'ai chercher sur mon pc pour le supprimer ou désinstaller mais pas moyen de le trouver, saurais-tu comment le supprimer ?

    Merci
    a c 296 8 Sécurité
    14 Mars 2010 14:36:32

    C'est un rogue.

    Ton PC a encore plein d'infections.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS