Votre question

[RESOLU] Rapport Hijackthis HELP

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
17 Juillet 2009 11:21:39

Bonjour, je suis infecté depuis plus d'une semaine par des pubs via internet explorer. J'ai fait un rapport hijackthis mais je ne m'y connait absolument pas. Je m'en remet a vous pour m'aider. Merci d'avance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:12, on 17/07/2009
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Taskix\Taskix32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
D:\Movies\Jeux\steam\steam.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Taskix] C:\Program Files\Taskix\Taskix32.exe start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [ASUS Energy Saving] "C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe"
O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iso data fast cast] C:\Documents and Settings\All Users\Application Data\save time iso data\Love Open.exe
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Mapi Option] C:\DOCUME~1\ADMINI~1\APPLIC~1\FLAPIN~1\CdromFaceComp.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: steam.lnk = D:\Movies\Jeux\steam\steam.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Download with Rapget - D:\Téléchargements\RapGet_www.tripper.fr_by_loolka\RapGet www.tripper.fr by loolka\rapget.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{46469AC0-9CA3-4CED-91EC-B13106848DBE}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{46469AC0-9CA3-4CED-91EC-B13106848DBE}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{46469AC0-9CA3-4CED-91EC-B13106848DBE}: NameServer = 212.27.54.252,212.27.53.252
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: wbsys.dll,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10265 bytes

Autres pages sur : resolu rapport hijackthis help

a c 334 8 Sécurité
a b 9 Windows
17 Juillet 2009 14:47:32

Bonjour,

Tu as une infection Lop/Swizzor.

  • Télécharge Lop S&D sur ton Bureau.
  • Double-clique dessus pour lancer l'installation.
  • Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
    (Sous Vista, il faut cliquer sur le raccourci Lop S&D et choisir Exécuter en tant qu'administrateur)
  • Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche) .
  • Patiente jusqu'à la fin du scan.
  • Poste le rapport généré (C:\lopR.txt).
    17 Juillet 2009 21:12:56


    --------------------\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3, v.5657
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz )
    BIOS : BIOS Date: 03/20/08 11:12:08 Ver: 08.00.12
    USER : Administrateur ( Administrator )
    BOOT : Normal boot
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:117 Go (Free:92 Go)
    D:\ (Local Disk) - NTFS - Total:814 Go (Free:361 Go)
    E:\ (CD or DVD)
    F:\ (USB)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)
    J:\ (CD or DVD)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [1] ( 17/07/2009|21:09 )

    --------------------\\ Listing des dossiers dans APPLIC~1

    [28/03/2009|13:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
    [05/06/2009|17:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
    [28/03/2009|13:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
    [12/06/2009|11:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\DAEMON Tools Lite
    [22/05/2009|13:46] C:\DOCUME~1\ADMINI~1\APPLIC~1\DMCache
    [03/07/2009|16:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\dvdcss
    [12/07/2009|00:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\flap info
    [28/03/2009|12:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
    [26/05/2009|12:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\IDM
    [28/03/2009|13:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
    [12/06/2009|11:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
    [28/03/2009|18:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\mirkes.de
    [07/04/2009|12:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
    [05/06/2009|18:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\Nokia
    [06/04/2009|18:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\Notepad++
    [05/06/2009|18:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\PC Suite
    [17/07/2009|20:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\Skype
    [28/03/2009|12:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
    [28/03/2009|13:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\TMP
    [18/05/2009|19:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\UseNeXT
    [17/07/2009|18:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\uTorrent
    [28/03/2009|17:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\vlc
    [02/06/2009|23:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\Winamp
    [28/03/2009|12:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR

    [28/03/2009|13:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [28/03/2009|17:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [28/03/2009|17:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [20/05/2009|22:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
    [12/06/2009|11:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DAEMON Tools Lite
    [29/05/2009|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
    [28/05/2009|21:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESET
    [08/06/2009|22:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\G DATA
    [18/06/2009|21:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
    [17/07/2009|10:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
    [16/07/2009|22:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
    [04/04/2009|14:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    [28/03/2009|13:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
    [28/03/2009|13:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
    [29/03/2009|10:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [12/06/2009|11:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [06/04/2009|18:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
    [05/06/2009|18:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
    [05/06/2009|18:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
    [12/07/2009|00:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\save time iso data
    [28/03/2009|15:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    [08/06/2009|22:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [13/04/2009|18:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TrackMania
    [06/04/2009|17:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

    [28/03/2009|12:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [28/03/2009|12:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\uTorrent
    [28/03/2009|12:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\WinRAR

    [03/04/2009|20:49] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [28/03/2009|12:37] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [17/07/2009 21:00][--ah-----] C:\WINDOWS\tasks\87E471018D53E075.job
    [17/07/2009 10:31][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [14/04/2008 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    ( 87E471018D53E075.job )=( c:\docume~1\admini~1\applic~1\flapin~1\listcoalfrag.exe )

    --------------------\\ Listing des dossiers dans C:\Program Files

    [04/07/2009|23:08] C:\Program Files\3DBELOTE
    [28/03/2009|13:39] C:\Program Files\Adobe
    [04/04/2009|12:35] C:\Program Files\AlienGUIse
    [28/03/2009|13:10] C:\Program Files\Analog Devices
    [28/03/2009|17:27] C:\Program Files\Apple Software Update
    [28/03/2009|13:19] C:\Program Files\ASUS
    [20/05/2009|22:37] C:\Program Files\ATI
    [20/05/2009|22:12] C:\Program Files\ATI Technologies
    [29/05/2009|11:31] C:\Program Files\AutoGK
    [29/05/2009|11:30] C:\Program Files\AviSynth 2.5
    [28/03/2009|12:56] C:\Program Files\CCleaner
    [12/07/2009|00:07] C:\Program Files\Circle Develpement
    [28/03/2009|12:35] C:\Program Files\ComPlus Applications
    [13/06/2009|11:13] C:\Program Files\DAEMON Tools Lite
    [12/06/2009|11:22] C:\Program Files\DAEMON Tools Toolbar
    [05/06/2009|18:08] C:\Program Files\DIFX
    [29/05/2009|11:24] C:\Program Files\DVD Shrink
    [08/06/2009|18:47] C:\Program Files\Fichiers communs
    [12/07/2009|00:08] C:\Program Files\flap info
    [08/06/2009|22:08] C:\Program Files\G DATA
    [29/05/2009|11:30] C:\Program Files\Gabest
    [28/03/2009|12:56] C:\Program Files\GeekBox
    [22/06/2009|14:52] C:\Program Files\Google
    [12/06/2009|11:14] C:\Program Files\InstallShield Installation Information
    [28/03/2009|13:02] C:\Program Files\Intel
    [26/05/2009|12:52] C:\Program Files\Internet Download Manager
    [16/07/2009|23:04] C:\Program Files\Internet Explorer
    [28/03/2009|12:56] C:\Program Files\Java
    [16/07/2009|22:54] C:\Program Files\Kaspersky Lab
    [04/04/2009|14:10] C:\Program Files\Lavasoft
    [28/03/2009|13:25] C:\Program Files\Logitech
    [28/03/2009|13:20] C:\Program Files\ma-config.com
    [28/03/2009|13:17] C:\Program Files\Marvell
    [12/07/2009|00:07] C:\Program Files\Messenger Plus! Live
    [05/06/2009|19:15] C:\Program Files\Microsoft
    [06/04/2009|18:41] C:\Program Files\Microsoft Office
    [28/03/2009|17:18] C:\Program Files\Microsoft Visual Studio
    [06/04/2009|18:38] C:\Program Files\Microsoft Visual Studio 8
    [06/04/2009|18:42] C:\Program Files\Microsoft Works
    [12/06/2009|11:19] C:\Program Files\Microsoft WSE
    [06/04/2009|18:41] C:\Program Files\Microsoft.NET
    [17/07/2009|18:38] C:\Program Files\Mozilla Firefox
    [06/04/2009|18:41] C:\Program Files\MSBuild
    [05/06/2009|18:19] C:\Program Files\MSXML 6.0
    [05/06/2009|18:19] C:\Program Files\Nokia
    [28/03/2009|12:34] C:\Program Files\Notepad++
    [05/06/2009|17:52] C:\Program Files\NSS
    [16/07/2009|23:04] C:\Program Files\Outlook Express
    [28/03/2009|12:36] C:\Program Files\Paint.NET
    [05/06/2009|18:08] C:\Program Files\PC Connectivity Solution
    [28/03/2009|17:28] C:\Program Files\QuickTime
    [18/04/2009|20:19] C:\Program Files\RAR Password Cracker
    [28/03/2009|15:22] C:\Program Files\Skype
    [08/06/2009|22:10] C:\Program Files\Spybot - Search & Destroy
    [28/03/2009|12:56] C:\Program Files\Taskix
    [28/03/2009|12:41] C:\Program Files\Uninstall Information
    [28/03/2009|12:34] C:\Program Files\Unlocker
    [06/05/2009|18:02] C:\Program Files\UseNeXT
    [28/03/2009|12:56] C:\Program Files\uTorrent
    [28/03/2009|14:19] C:\Program Files\VideoLAN
    [28/03/2009|14:23] C:\Program Files\Winamp
    [05/06/2009|19:15] C:\Program Files\Windows Live
    [28/03/2009|14:22] C:\Program Files\Windows Live SkyDrive
    [28/03/2009|12:36] C:\Program Files\Windows Media Connect 2
    [16/07/2009|23:04] C:\Program Files\Windows Media Player
    [28/03/2009|12:37] C:\Program Files\Windows Trust
    [28/03/2009|12:36] C:\Program Files\WindowsUpdate
    [28/03/2009|12:56] C:\Program Files\WinRAR
    [28/03/2009|12:41] C:\Program Files\WTInstaller
    [28/03/2009|12:56] C:\Program Files\XtremSplit
    [29/05/2009|11:31] C:\Program Files\XviD

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [28/03/2009|13:39] C:\Program Files\Fichiers communs\Adobe
    [28/03/2009|17:28] C:\Program Files\Fichiers communs\Apple
    [06/04/2009|18:41] C:\Program Files\Fichiers communs\DESIGNER
    [28/03/2009|13:19] C:\Program Files\Fichiers communs\InstallShield
    [05/06/2009|18:19] C:\Program Files\Fichiers communs\Microsoft Shared
    [28/03/2009|12:35] C:\Program Files\Fichiers communs\MSSoap
    [05/06/2009|18:19] C:\Program Files\Fichiers communs\Nokia
    [28/03/2009|13:30] C:\Program Files\Fichiers communs\ODBC
    [05/06/2009|18:08] C:\Program Files\Fichiers communs\PCSuite
    [28/03/2009|12:36] C:\Program Files\Fichiers communs\Services
    [28/03/2009|13:30] C:\Program Files\Fichiers communs\SpeechEngines
    [04/04/2009|12:31] C:\Program Files\Fichiers communs\Stardock
    [16/07/2009|23:04] C:\Program Files\Fichiers communs\System
    [28/03/2009|14:18] C:\Program Files\Fichiers communs\Windows Live
    [06/04/2009|17:59] C:\Program Files\Fichiers communs\WindowsLiveInstaller
    [04/04/2009|14:09] C:\Program Files\Fichiers communs\Wise Installation Wizard

    --------------------\\ Process

    ( 56 Processes )

    IEXPLORE.EXE ~ [PID:1060]
    IEXPLORE.EXE ~ [PID:1556]

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\save time iso data
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\save time iso data\Love Open.dat
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\save time iso data\Love Open.exe
    C:\DOCUME~1\ADMINI~1\APPLIC~1\flapin~1
    C:\DOCUME~1\ADMINI~1\APPLIC~1\flapin~1\CdromFaceComp.exe
    C:\DOCUME~1\ADMINI~1\APPLIC~1\flapin~1\ffrvajgs.exe
    C:\DOCUME~1\ADMINI~1\APPLIC~1\flapin~1\listcoalfrag.exe
    C:\DOCUME~1\ADMINI~1\APPLIC~1\flapin~1\POP CLOSE MORE NURB.exe
    C:\Program Files\flapin~1
    C:\DOCUME~1\ADMINI~1\Cookies\administrateur@adserver5[1].txt
    C:\DOCUME~1\ADMINI~1\Cookies\administrateur@www.adserver5[2].txt
    C:\DOCUME~1\ADMINI~1\Cookies\administrateur@888[1].txt
    C:\WINDOWS\Tasks\87E471018D53E075.job

    --------------------\\ Verification du Registre

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Mapi Option"="C:\\DOCUME~1\\ADMINI~1\\APPLIC~1\\FLAPIN~1\\CdromFaceComp.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "iso data fast cast"="C:\\Documents and Settings\\All Users\\Application Data\\save time iso data\\Love Open.exe"

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE


    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-07-17 21:11:45
    Windows 5.1.2600 Service Pack 3, v.5657 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\ADMINI~1\Bureau\crack pcm2009.7z
    C:\DOCUME~1\ADMINI~1\Bureau\MelkGDIS\G-Data Internet Security 2009\GDATA_2009_Trial_Reset_1.0\Crack G Data Instrution.txt


    [F:45][D:7]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    [F:54][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies
    [F:677][D:6]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 17/07/2009|21:12 - Option : [1]

    --------------------\\ Fin du rapport a 21:12:37
    Contenus similaires
    a c 334 8 Sécurité
    a b 9 Windows
    17 Juillet 2009 21:16:03

  • Relance Lop S&D.
    (Sous Vista, il faut cliquer sur le raccourci Lop S&D et choisir Exécuter en tant qu'administrateur)
  • Choisis cette fois-ci l'option 2 (Suppression).
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré (C:\lopR.txt).

    (Si le Bureau ne réapparaît pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
    17 Juillet 2009 21:40:05


    --------------------\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3, v.5657
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz )
    BIOS : BIOS Date: 03/20/08 11:12:08 Ver: 08.00.12
    USER : Administrateur ( Administrator )
    BOOT : Normal boot
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:117 Go (Free:92 Go)
    D:\ (Local Disk) - NTFS - Total:814 Go (Free:361 Go)
    E:\ (CD or DVD)
    F:\ (USB)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)
    J:\ (CD or DVD)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [2] ( 17/07/2009|21:36 )


    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\save time iso data\Love Open.dat
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\save time iso data\Love Open.exe
    Supprime! - C:\DOCUME~1\ADMINI~1\APPLIC~1\flapin~1\CdromFaceComp.exe
    Supprime! - C:\DOCUME~1\ADMINI~1\APPLIC~1\flapin~1\ffrvajgs.exe
    Supprime! - C:\DOCUME~1\ADMINI~1\APPLIC~1\flapin~1\listcoalfrag.exe
    Supprime! - C:\DOCUME~1\ADMINI~1\APPLIC~1\flapin~1\POP CLOSE MORE NURB.exe
    Supprime! - C:\DOCUME~1\ADMINI~1\Cookies\administrateur@adserver5[1].txt
    Supprime! - C:\DOCUME~1\ADMINI~1\Cookies\administrateur@www.adserver5[2].txt
    Supprime! - C:\DOCUME~1\ADMINI~1\Cookies\administrateur@888[1].txt
    Supprime! - C:\WINDOWS\Tasks\87E471018D53E075.job
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\save time iso data
    Supprime! - C:\DOCUME~1\ADMINI~1\APPLIC~1\flapin~1
    Supprime! - C:\Program Files\flapin~1
    -
    [ Fichier Hosts ] .. Restaure!

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    --------------------\\ Listing des dossiers dans APPLIC~1

    [28/03/2009|13:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
    [05/06/2009|17:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
    [28/03/2009|13:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
    [12/06/2009|11:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\DAEMON Tools Lite
    [22/05/2009|13:46] C:\DOCUME~1\ADMINI~1\APPLIC~1\DMCache
    [03/07/2009|16:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\dvdcss
    [28/03/2009|12:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
    [26/05/2009|12:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\IDM
    [28/03/2009|13:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
    [12/06/2009|11:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
    [28/03/2009|18:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\mirkes.de
    [07/04/2009|12:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
    [05/06/2009|18:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\Nokia
    [06/04/2009|18:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\Notepad++
    [05/06/2009|18:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\PC Suite
    [17/07/2009|21:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Skype
    [28/03/2009|12:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
    [28/03/2009|13:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\TMP
    [18/05/2009|19:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\UseNeXT
    [17/07/2009|18:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\uTorrent
    [28/03/2009|17:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\vlc
    [02/06/2009|23:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\Winamp
    [28/03/2009|12:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR

    [28/03/2009|13:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [28/03/2009|17:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [28/03/2009|17:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [20/05/2009|22:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
    [12/06/2009|11:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DAEMON Tools Lite
    [29/05/2009|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
    [28/05/2009|21:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESET
    [08/06/2009|22:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\G DATA
    [18/06/2009|21:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
    [17/07/2009|21:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
    [16/07/2009|22:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
    [04/04/2009|14:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    [28/03/2009|13:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
    [28/03/2009|13:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
    [29/03/2009|10:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [12/06/2009|11:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [06/04/2009|18:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
    [05/06/2009|18:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
    [05/06/2009|18:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
    [28/03/2009|15:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    [08/06/2009|22:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [13/04/2009|18:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TrackMania
    [06/04/2009|17:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

    [28/03/2009|12:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [28/03/2009|12:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\uTorrent
    [28/03/2009|12:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\WinRAR

    [03/04/2009|20:49] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [28/03/2009|12:37] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [17/07/2009 21:34][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [14/04/2008 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [04/07/2009|23:08] C:\Program Files\3DBELOTE
    [28/03/2009|13:39] C:\Program Files\Adobe
    [04/04/2009|12:35] C:\Program Files\AlienGUIse
    [28/03/2009|13:10] C:\Program Files\Analog Devices
    [28/03/2009|17:27] C:\Program Files\Apple Software Update
    [28/03/2009|13:19] C:\Program Files\ASUS
    [20/05/2009|22:37] C:\Program Files\ATI
    [20/05/2009|22:12] C:\Program Files\ATI Technologies
    [29/05/2009|11:31] C:\Program Files\AutoGK
    [29/05/2009|11:30] C:\Program Files\AviSynth 2.5
    [28/03/2009|12:56] C:\Program Files\CCleaner
    [12/07/2009|00:07] C:\Program Files\Circle Develpement
    [28/03/2009|12:35] C:\Program Files\ComPlus Applications
    [13/06/2009|11:13] C:\Program Files\DAEMON Tools Lite
    [12/06/2009|11:22] C:\Program Files\DAEMON Tools Toolbar
    [05/06/2009|18:08] C:\Program Files\DIFX
    [29/05/2009|11:24] C:\Program Files\DVD Shrink
    [17/07/2009|21:17] C:\Program Files\EA Games
    [08/06/2009|18:47] C:\Program Files\Fichiers communs
    [08/06/2009|22:08] C:\Program Files\G DATA
    [29/05/2009|11:30] C:\Program Files\Gabest
    [28/03/2009|12:56] C:\Program Files\GeekBox
    [22/06/2009|14:52] C:\Program Files\Google
    [12/06/2009|11:14] C:\Program Files\InstallShield Installation Information
    [28/03/2009|13:02] C:\Program Files\Intel
    [26/05/2009|12:52] C:\Program Files\Internet Download Manager
    [16/07/2009|23:04] C:\Program Files\Internet Explorer
    [28/03/2009|12:56] C:\Program Files\Java
    [16/07/2009|22:54] C:\Program Files\Kaspersky Lab
    [04/04/2009|14:10] C:\Program Files\Lavasoft
    [28/03/2009|13:25] C:\Program Files\Logitech
    [28/03/2009|13:20] C:\Program Files\ma-config.com
    [28/03/2009|13:17] C:\Program Files\Marvell
    [12/07/2009|00:07] C:\Program Files\Messenger Plus! Live
    [05/06/2009|19:15] C:\Program Files\Microsoft
    [06/04/2009|18:41] C:\Program Files\Microsoft Office
    [28/03/2009|17:18] C:\Program Files\Microsoft Visual Studio
    [06/04/2009|18:38] C:\Program Files\Microsoft Visual Studio 8
    [06/04/2009|18:42] C:\Program Files\Microsoft Works
    [12/06/2009|11:19] C:\Program Files\Microsoft WSE
    [06/04/2009|18:41] C:\Program Files\Microsoft.NET
    [17/07/2009|21:15] C:\Program Files\Mozilla Firefox
    [06/04/2009|18:41] C:\Program Files\MSBuild
    [05/06/2009|18:19] C:\Program Files\MSXML 6.0
    [05/06/2009|18:19] C:\Program Files\Nokia
    [28/03/2009|12:34] C:\Program Files\Notepad++
    [05/06/2009|17:52] C:\Program Files\NSS
    [16/07/2009|23:04] C:\Program Files\Outlook Express
    [28/03/2009|12:36] C:\Program Files\Paint.NET
    [05/06/2009|18:08] C:\Program Files\PC Connectivity Solution
    [28/03/2009|17:28] C:\Program Files\QuickTime
    [18/04/2009|20:19] C:\Program Files\RAR Password Cracker
    [28/03/2009|15:22] C:\Program Files\Skype
    [08/06/2009|22:10] C:\Program Files\Spybot - Search & Destroy
    [28/03/2009|12:56] C:\Program Files\Taskix
    [28/03/2009|12:41] C:\Program Files\Uninstall Information
    [28/03/2009|12:34] C:\Program Files\Unlocker
    [06/05/2009|18:02] C:\Program Files\UseNeXT
    [28/03/2009|12:56] C:\Program Files\uTorrent
    [28/03/2009|14:19] C:\Program Files\VideoLAN
    [28/03/2009|14:23] C:\Program Files\Winamp
    [05/06/2009|19:15] C:\Program Files\Windows Live
    [28/03/2009|14:22] C:\Program Files\Windows Live SkyDrive
    [28/03/2009|12:36] C:\Program Files\Windows Media Connect 2
    [16/07/2009|23:04] C:\Program Files\Windows Media Player
    [28/03/2009|12:37] C:\Program Files\Windows Trust
    [28/03/2009|12:36] C:\Program Files\WindowsUpdate
    [28/03/2009|12:56] C:\Program Files\WinRAR
    [28/03/2009|12:41] C:\Program Files\WTInstaller
    [28/03/2009|12:56] C:\Program Files\XtremSplit
    [29/05/2009|11:31] C:\Program Files\XviD

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [28/03/2009|13:39] C:\Program Files\Fichiers communs\Adobe
    [28/03/2009|17:28] C:\Program Files\Fichiers communs\Apple
    [06/04/2009|18:41] C:\Program Files\Fichiers communs\DESIGNER
    [28/03/2009|13:19] C:\Program Files\Fichiers communs\InstallShield
    [05/06/2009|18:19] C:\Program Files\Fichiers communs\Microsoft Shared
    [28/03/2009|12:35] C:\Program Files\Fichiers communs\MSSoap
    [05/06/2009|18:19] C:\Program Files\Fichiers communs\Nokia
    [28/03/2009|13:30] C:\Program Files\Fichiers communs\ODBC
    [05/06/2009|18:08] C:\Program Files\Fichiers communs\PCSuite
    [28/03/2009|12:36] C:\Program Files\Fichiers communs\Services
    [28/03/2009|13:30] C:\Program Files\Fichiers communs\SpeechEngines
    [04/04/2009|12:31] C:\Program Files\Fichiers communs\Stardock
    [16/07/2009|23:04] C:\Program Files\Fichiers communs\System
    [28/03/2009|14:18] C:\Program Files\Fichiers communs\Windows Live
    [06/04/2009|17:59] C:\Program Files\Fichiers communs\WindowsLiveInstaller
    [04/04/2009|14:09] C:\Program Files\Fichiers communs\Wise Installation Wizard

    --------------------\\ Process

    ( 54 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE


    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-07-17 21:38:25
    Windows 5.1.2600 Service Pack 3, v.5657 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\ADMINI~1\Bureau\crack pcm2009.7z
    C:\DOCUME~1\ADMINI~1\Bureau\MelkGDIS\G-Data Internet Security 2009\GDATA_2009_Trial_Reset_1.0\Crack G Data Instrution.txt


    [F:48][D:6]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    [F:52][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies
    [F:84][D:6]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 17/07/2009|21:12 - Option : [1]
    2 - "C:\Lop SD\LopR_2.txt" - 17/07/2009|21:39 - Option : [2]

    --------------------\\ Fin du rapport a 21:39:23
    a c 334 8 Sécurité
    a b 9 Windows
    17 Juillet 2009 21:45:54

    Bien.

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    17 Juillet 2009 21:51:10

    Sa en fait des lignes :) 
    info.txt logfile of random's system information tool 1.06 2009-07-17 21:49:56

    ======Uninstall list======

    3DBELOTE II-->"C:\Program Files\3DBELOTE\unins000.exe"
    Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 9.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
    AI Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\Setup.exe" -l0x40c
    AlienGUIse Theme Manager-->C:\PROGRA~1\ALIENG~1\thememgr.exe /uninstallwise
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
    ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
    ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
    ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:D ISPLAY -clean
    Auto Gordian Knot 2.55-->C:\Program Files\AutoGK\uninst.exe
    AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
    Battlefield Heroes-->"C:\Program Files\EA Games\Battlefield Heroes\uninstaller.exe" "C:\Program Files\EA Games\Battlefield Heroes\Uninstall.xml"
    Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
    CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
    DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
    GeekBox-->"C:\Program Files\GeekBox\Désinstaller.exe"
    HijackThis 2.0.2-->"C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe" /uninstall
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
    Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
    JMB36X Raid Configurer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x40c -removeonly
    Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
    Kaspersky Internet Security 2010-->MsiExec.exe /I{9D8B0949-7C47-476F-9F06-F900D3B078EA}
    Kaspersky Internet Security 2010-->MsiExec.exe /I{9D8B0949-7C47-476F-9F06-F900D3B078EA}
    Logitech GamePanel Software 3.01-->MsiExec.exe /X{9B5B156B-9A4B-48FB-AA59-47B221495A7B}
    Ma-Config.com-->MsiExec.exe /X{560BD6E0-0BA6-43AF-B423-E1DF4D2EB3C3}
    Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe
    Messenger Plus! Live & Sponsor (CiD)-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
    Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Enterprise 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
    Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
    Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
    Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
    Nokia Connectivity Cable Driver-->MsiExec.exe /I{82427977-8776-4087-90CA-9F65174D3C4D}
    Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_fre_web.exe
    Nokia PC Suite-->MsiExec.exe /I{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}
    Nokia Software Updater-->MsiExec.exe /X{9F59C3AE-81B0-4EF6-9762-D674BB079705}
    NSS (remove only)-->C:\Program Files\NSS\uninstall.exe
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    Package de pilotes Windows - Nokia Modem (02/23/2009 7.01.0.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_171C10620CF14FA76859E310DF8C6CF642D81C73\nokbtmdm.inf
    Package de pilotes Windows - Nokia Modem (02/24/2009 4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_5929FEDBB724B17D4BCDD74361BD95262BE1608B\nokia_bluetooth.inf
    Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
    PC Connectivity Solution-->MsiExec.exe /I{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}
    Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
    PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
    QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
    RAR Password Cracker 4.12-->C:\Program Files\RAR Password Cracker\uninstall.exe
    Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
    Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
    SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x40c -removeonly
    Taskix-->"C:\Program Files\Taskix\Désinstaller.exe"
    Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
    UseNeXT-->"C:\Program Files\UseNeXT\unins000.exe"
    uTorrent-->"C:\Program Files\uTorrent\Désinstaller.exe"
    VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
    Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
    Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
    Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
    Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
    Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    Windows Trust Core Codecs-->"C:\WINDOWS\System32\UnWTCC.exe"
    Windows Trust Installer-->"C:\Program Files\WTInstaller\Désinstaller.exe"
    WinRAR-->"C:\Program Files\WinRAR\uninstall.exe"
    World of Warcraft FREE Trial-->MsiExec.exe /X{02EBDBB9-4600-41D3-B566-40CB861511D2}
    XtremSplit-->"C:\Program Files\XtremSplit\Désinstaller.exe"
    XviD MPEG4 Video Codec (remove only)-->"C:\Program Files\XviD\xvid-uninstall.exe"

    =====HijackThis Backups=====

    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-16]
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2009-07-16]
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" [2009-07-16]
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-07-16]
    O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-16]
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2009-07-16]

    Securitycenter WMI appears to be broken

    ======System event log======

    Computer Name: FASTORDI-A17214
    Event Code: 15007
    Message: La réservation de l'espace de nom identifié par le préfixe d'URL http://*:2869/ a été correctement ajoutée.

    Record Number: 5
    Source Name: HTTP
    Time Written: 20090328113628.000000+060
    Event Type: Informations
    User:

    Computer Name: FASTORDI-A17214
    Event Code: 3260
    Message: Cet ordinateur a correctement été joint au workgroup 'WORKGROUP'.

    Record Number: 4
    Source Name: Workstation
    Time Written: 20090328113400.000000+060
    Event Type: Informations
    User:

    Computer Name: FASTORDI-A17214
    Event Code: 6011
    Message: Le nom NetBIOS et le nom de l'hôte DNS de cet ordinateur ont été modifiés de MACHINENAME vers FASTORDI-A17214.

    Record Number: 3
    Source Name: EventLog
    Time Written: 20090328113329.000000+060
    Event Type: Informations
    User:

    Computer Name: MACHINENAME
    Event Code: 6005
    Message: Le service d'Enregistrement d'événement a démarré.

    Record Number: 2
    Source Name: EventLog
    Time Written: 20090328122657.000000+060
    Event Type: Informations
    User:

    Computer Name: MACHINENAME
    Event Code: 6009
    Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.

    Record Number: 1
    Source Name: EventLog
    Time Written: 20090328122657.000000+060
    Event Type: Informations
    User:

    =====Application event log=====

    Computer Name: FASTORDI-A17214
    Event Code: 103
    Message: msnmsgr (3280) \\.\C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\korki_2004@hotmail.com\SharingMetadata\Working\database_7A98_1FBF_981F_78B9\dfsr.db: Le moteur de base de données a arrêté une instance (0).

    Record Number: 410
    Source Name: ESENT
    Time Written: 20090513220318.000000+120
    Event Type: Informations
    User:

    Computer Name: FASTORDI-A17214
    Event Code: 102
    Message: msnmsgr (3280) \\.\C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\korki_2004@hotmail.com\SharingMetadata\Working\database_7A98_1FBF_981F_78B9\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).

    Record Number: 409
    Source Name: ESENT
    Time Written: 20090513121856.000000+120
    Event Type: Informations
    User:

    Computer Name: FASTORDI-A17214
    Event Code: 100
    Message: msnmsgr (3280) Le moteur de base de données 5.01.2600.5512 est démarré.

    Record Number: 408
    Source Name: ESENT
    Time Written: 20090513121856.000000+120
    Event Type: Informations
    User:

    Computer Name: FASTORDI-A17214
    Event Code: 101
    Message: msnmsgr (3280) Le moteur de base de données est arrêté.

    Record Number: 407
    Source Name: ESENT
    Time Written: 20090512230613.000000+120
    Event Type: Informations
    User:

    Computer Name: FASTORDI-A17214
    Event Code: 103
    Message: msnmsgr (3280) \\.\C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\korki_2004@hotmail.com\SharingMetadata\Working\database_7A98_1FBF_981F_78B9\dfsr.db: Le moteur de base de données a arrêté une instance (0).

    Record Number: 406
    Source Name: ESENT
    Time Written: 20090512230613.000000+120
    Event Type: Informations
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
    "PROCESSOR_REVISION"=0f0b
    "NUMBER_OF_PROCESSORS"=4
    "SysDir"=C:\WINDOWS\system32
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

    -----------------EOF-----------------



    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Administrateur at 2009-07-17 21:49:42
    Microsoft Windows XP Professionnel Service Pack 3, v.5657
    System drive C: has 94 GB (78%) free of 120 GB
    Total RAM: 2047 MB (55% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:49:54, on 17/07/2009
    Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20900)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Taskix\Taskix32.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
    C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
    C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
    C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe
    C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
    D:\Movies\Jeux\steam\steam.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
    C:\Documents and Settings\Administrateur\Bureau\Administrateur.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/ie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/ie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/ie
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [Taskix] C:\Program Files\Taskix\Taskix32.exe start
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
    O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
    O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
    O4 - HKLM\..\Run: [ASUS Energy Saving] "C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe"
    O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Startup: steam.lnk = D:\Movies\Jeux\steam\steam.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
    O8 - Extra context menu item: Download with Rapget - D:\Téléchargements\RapGet_www.tripper.fr_by_loolka\RapGet www.tripper.fr by loolka\rapget.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{46469AC0-9CA3-4CED-91EC-B13106848DBE}: NameServer = 212.27.54.252,212.27.53.252
    O17 - HKLM\System\CS1\Services\Tcpip\..\{46469AC0-9CA3-4CED-91EC-B13106848DBE}: NameServer = 212.27.54.252,212.27.53.252
    O17 - HKLM\System\CS2\Services\Tcpip\..\{46469AC0-9CA3-4CED-91EC-B13106848DBE}: NameServer = 212.27.54.252,212.27.53.252
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O20 - AppInit_DLLs: wbsys.dll,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 10199 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
    IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-05-25 68112]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
    Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-28 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-28 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
    FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-05-25 264720]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-28 73728]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Taskix"=C:\Program Files\Taskix\Taskix32.exe [2008-04-02 124416]
    "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-10-08 1036288]
    "SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2007-10-08 864256]
    "JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
    "36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-03-21 1953792]
    "Ai Nap"=C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe [2008-01-28 1413120]
    "CPU Power Monitor"=C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe [2008-01-09 627200]
    "Cpu Level Up help"=C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe [2007-11-30 881152]
    "ASUS Energy Saving"=C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe [2008-01-28 1352704]
    "Launch LgDevAgt"=C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [2008-11-06 358920]
    "Launch LCDMon"=C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2008-11-06 1548296]
    "Launch LGDCore"=C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2008-11-06 2816520]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
    "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-03-09 37888]
    "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
    "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-04-28 61440]
    "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
    "avp"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-05-25 303376]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
    "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-03-11 24095528]
    "PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-03-20 1312256]
    "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-10-19 204288]
    "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

    C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage
    steam.lnk - D:\Movies\Jeux\steam\steam.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="wbsys.dll,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2009-04-29 155648]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
    C:\Program Files\AlienGUIse\fastload.dll [2001-12-20 24576]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2008-10-19 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=1
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=95
    "NoSMHelp"=1
    "ForceClassicControlPanel"=1
    "NoDesktopCleanupWizard"=1
    "NoInstrumentation"=0
    "NoResolveSearch"=1
    "NoResolveTrack"=1
    "NoSMBalloonTip"=1
    "NoSMConfigurePrograms"=1
    "NoStartMenuMFUprogramsList"=0
    "NoStrCmpLogical"=0
    "NoWelcomeScreen"=1

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HideRunAsVerb"=
    "NoActiveDesktop"=
    "NoDriveTypeAutoRun"=
    "NoInstrumentation"=
    "NoResolveTrack"=
    "NoSetActiveDesktop"=
    "NoStartMenuMFUprogramsList"=
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
    "C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
    "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
    "D:\Movies\Jeux\steam\SteamApps\batista068\counter-strike source\hl2.exe"="D:\Movies\Jeux\steam\SteamApps\batista068\counter-strike source\hl2.exe:*:Enabled:hl2"
    "D:\Jeux\Métin2\metin2.bin"="D:\Jeux\Métin2\metin2.bin:*:Enabled:metin2"
    "C:\Program Files\Fichiers communs\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Fichiers communs\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
    "C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
    "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:p nkBstrA"
    "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:p nkBstrB"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    ======File associations======

    .reg - edit -
    .reg - open -

    ======List of files/folders created in the last 1 months======

    2009-07-17 21:49:42 ----D---- C:\rsit
    2009-07-17 21:48:48 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
    2009-07-17 21:48:45 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
    2009-07-17 21:48:45 ----A---- C:\WINDOWS\system32\pbsvc.exe
    2009-07-17 21:17:07 ----D---- C:\Program Files\EA Games
    2009-07-17 21:09:10 ----A---- C:\lopR.txt
    2009-07-17 21:08:26 ----D---- C:\Lop SD
    2009-07-16 22:58:01 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-07-16 22:53:00 ----SHD---- C:\Config.Msi
    2009-07-04 23:31:23 ----A---- C:\WINDOWS\3DBELOTE2.INI
    2009-07-04 23:06:15 ----D---- C:\Program Files\3DBELOTE
    2009-06-22 22:02:13 ----A---- C:\WINDOWS\system32\uxtheme.dll.backup
    2009-06-22 14:52:47 ----D---- C:\Program Files\Google

    ======List of files/folders modified in the last 1 months======

    2009-07-17 21:49:51 ----D---- C:\WINDOWS\Temp
    2009-07-17 21:49:05 ----D---- C:\WINDOWS\system32\drivers
    2009-07-17 21:48:48 ----D---- C:\WINDOWS\system32
    2009-07-17 21:48:45 ----D---- C:\WINDOWS\system32\LogFiles
    2009-07-17 21:39:42 ----D---- C:\Program Files\Mozilla Firefox
    2009-07-17 21:36:15 ----SD---- C:\WINDOWS\Tasks
    2009-07-17 21:36:15 ----D---- C:\Program Files
    2009-07-17 21:36:14 ----D---- C:\WINDOWS\Prefetch
    2009-07-17 21:36:05 ----D---- C:\Documents and Settings\Administrateur\Application Data\Skype
    2009-07-17 21:35:21 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2009-07-17 21:35:06 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-07-17 18:37:52 ----D---- C:\Documents and Settings\Administrateur\Application Data\uTorrent
    2009-07-17 10:29:47 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-07-16 23:09:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-07-16 23:05:09 ----D---- C:\WINDOWS
    2009-07-16 23:04:16 ----D---- C:\WINDOWS\system32\Restore
    2009-07-16 23:04:16 ----D---- C:\Program Files\Windows Media Player
    2009-07-16 23:04:16 ----D---- C:\Program Files\Outlook Express
    2009-07-16 23:04:16 ----D---- C:\Program Files\Internet Explorer
    2009-07-16 23:04:16 ----D---- C:\Program Files\Fichiers communs\System
    2009-07-16 23:03:11 ----RSD---- C:\WINDOWS\Fonts
    2009-07-16 22:55:08 ----SHD---- C:\WINDOWS\Installer
    2009-07-16 22:55:03 ----D---- C:\WINDOWS\system32\CatRoot
    2009-07-16 22:54:55 ----D---- C:\Program Files\Kaspersky Lab
    2009-07-16 22:54:51 ----D---- C:\WINDOWS\inf
    2009-07-16 22:47:57 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    2009-07-12 00:07:44 ----D---- C:\Program Files\Circle Develpement
    2009-07-12 00:07:42 ----D---- C:\Program Files\Messenger Plus! Live
    2009-07-05 19:52:38 ----D---- C:\WINDOWS\Minidump
    2009-07-05 19:52:38 ----D---- C:\WINDOWS\Debug
    2009-07-03 16:56:21 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss
    2009-06-22 22:04:13 ----D---- C:\WINDOWS\Cursors
    2009-06-22 22:02:13 ----A---- C:\WINDOWS\system32\uxtheme.dll
    2009-06-18 21:07:25 ----D---- C:\Documents and Settings\All Users\Application Data\Installations

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
    R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-07-16 296976]
    R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-10-09 313856]
    R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-06-19 103424]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-10-19 60800]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-04-29 3643904]
    R3 GearAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [2008-02-22 16168]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
    R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-05-13 31760]
    R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-10-19 12288]
    R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-10-19 61824]
    R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
    R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-08-15 265856]
    S3 ag5h5ryw;ag5h5ryw; C:\WINDOWS\system32\drivers\ag5h5ryw.sys []
    S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
    S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
    S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
    S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
    S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
    S3 PRODIGY;PRODIGY; C:\WINDOWS\System32\Drivers\PRODIGY.SYS [2006-08-29 32377]
    S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
    S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
    S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
    S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-10-19 38528]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2009-04-04 611664]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-04-29 602112]
    R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-05-25 303376]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-28 152984]
    R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
    R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-07-17 75064]
    R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2008-10-19 918016]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]
    S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-04-28 593920]
    S2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-07-17 111928]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
    S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-03-15 216232]
    S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S4 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

    -----------------EOF-----------------
    a c 334 8 Sécurité
    a b 9 Windows
    17 Juillet 2009 21:54:14

  • Désinstalle Java(TM) 6 Update 10.

  • Mets à jour Java.

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    17 Juillet 2009 22:07:25

    Malwarebytes' Anti-Malware 1.39
    Version de la base de données: 2452
    Windows 5.1.2600 Service Pack 3, v.5657

    17/07/2009 22:06:12
    mbam-log-2009-07-17 (22-06-12).txt

    Type de recherche: Examen rapide
    Eléments examinés: 88517
    Temps écoulé: 3 minute(s), 33 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    a c 334 8 Sécurité
    a b 9 Windows
    17 Juillet 2009 22:08:07

    Plus de souci ?
    17 Juillet 2009 22:16:42

    Pour le moment, rien à signaler. Merci beaucoup pour ton aide Destrio.
    a c 334 8 Sécurité
    a b 9 Windows
    17 Juillet 2009 22:19:14

    1/

  • Désinstalle HijackThis.

  • Télécharge ToolsCleaner2 sur ton Bureau.
  • Double-clique sur ToolsCleaner2.exe pour le lancer.
  • Clique sur Recherche et laisse le scan agir.
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options Facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


    2/

  • Télécharge et installe CCleaner Slim.
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyser. Une fois terminé, lance le nettoyage.


    3/

  • Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.


    ==Prévention==

    Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

    Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, onglet Mises à jour automatiques).

    Par rapport au P2P : Lien

    Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


    ==Problème résolu ?==

    Si tu estimes que ton problème est résolu :

    ---> Ajoute maintenant [Résolu] au titre. Pour cela :
  • Clique, dans ton premier message, sur le bouton Editer .
  • Rajoute la mention [Résolu] devant le titre.
  • Clique ensuite sur Valider votre message.


    Sois plus vigilant(e) sur Internet ;) 
    17 Juillet 2009 23:01:47

    [ Rapport ToolsCleaner version 2.3.7 (par A.Rothstein & dj QUIOU) ]

    --> Recherche:

    C:\lopR.txt: trouvé !
    C:\Lop SD: trouvé !
    C:\Rsit: trouvé !
    C:\Documents and Settings\Administrateur\Bureau\LopSD.exe: trouvé !
    C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe: trouvé !
    C:\Documents and Settings\Administrateur\Bureau\hijackthis.log: trouvé !
    C:\Documents and Settings\Administrateur\Bureau\Rsit.exe: trouvé !
    C:\Program Files\Mozilla Firefox\hijackthis.log: trouvé !

    Je suis assez vigilant en général et j'ai un bon anti virus, mais le problème est apparu depuis que j'ai installer windows live messenger +.

    Je te remercie de tout ces conseils et pour se problème qui est a présent résolu.

    a c 334 8 Sécurité
    a b 9 Windows
    17 Juillet 2009 23:09:05

    Il ne faut pas installer le sponsor de Messenger Plus Live.

    Tu as cliqué sur Suppression dans ToolsCleaner ?
    a c 334 8 Sécurité
    a b 9 Windows
    17 Juillet 2009 23:23:03

    Tu peux supprimer ToolsCleaner ;) 

    Bonne soirée/nuit.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS