Se connecter / S'enregistrer
Votre question

fenêtres pub intempestives

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
28 Novembre 2008 18:39:39

bonjour j'ai le même problème de pub intempestive, mon antivirus détecte en trojan, plusieurs même, les effaces et... rien. Les pubs reviennent pour des jeux d'argent souvent, des sites porno et.. pour un antivirus!
voici le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:04:29, on 28/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/firefox
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: (no name) - {072F7274-3F50-4CF7-9F35-9959CD1D23FA} - (no file)
O2 - BHO: (no name) - {0C435395-3B69-4DF9-9A4D-5C9E933B2FF6} - (no file)
O2 - BHO: (no name) - {160EB06C-CAB6-4A7C-BEBC-08511600351D} - C:\WINDOWS\system32\hgGyvWMf.dll (file missing)
O2 - BHO: (no name) - {2E721E3D-7FA9-4AFB-9B8B-C8610AFB9BF7} - (no file)
O2 - BHO: (no name) - {62D1390B-75E8-445C-A99D-3340E08FD4C5} - (no file)
O2 - BHO: (no name) - {69CC5F33-B705-4FD1-A5A3-DD86AD563CA6} - (no file)
O2 - BHO: (no name) - {7496feb8-2ed9-48e8-82dd-33d5ddd7f5b6} - C:\WINDOWS\system32\topitavi.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {793CF810-E60F-437A-A67C-36BB6AB30B68} - (no file)
O2 - BHO: (no name) - {7D53DD42-BA02-4CEF-8900-BC3837050B75} - (no file)
O2 - BHO: (no name) - {8B03082D-8733-4AD6-ABF9-5AD6B53FA2C4} - (no file)
O2 - BHO: (no name) - {8F67E146-FB6C-418F-9FE5-37AA2206D92E} - C:\WINDOWS\system32\qoMffFWN.dll (file missing)
O2 - BHO: (no name) - {94ED2AFC-1628-4A44-81EE-6632B7667FD2} - (no file)
O2 - BHO: (no name) - {AA40FB51-D7CD-4F6F-90A7-FA73E765B468} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {BD89771D-32F3-44BB-B6E3-C3B5F633AD0E} - (no file)
O2 - BHO: (no name) - {D6CFFE18-29EB-4C68-98FD-D4A002AA38A1} - (no file)
O2 - BHO: (no name) - {DFEDBEFB-4DC5-4290-AB58-063104E87D56} - (no file)
O2 - BHO: (no name) - {E6E01B1D-0ECA-44E8-B435-DF08AD4CE8AF} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [poke mp3 cdrom meta] C:\Documents and Settings\All Users\Application Data\Jump Poll Poke Mp3\Comp barb.exe
O4 - HKLM\..\Run: [koruralare] Rundll32.exe "C:\WINDOWS\system32\sudenupu.dll",s
O4 - HKLM\..\Run: [CPM0ba89a88] Rundll32.exe "c:\windows\system32\madubiha.dll",a
O4 - HKLM\..\Run: [089ba914] rundll32.exe "C:\WINDOWS\system32\somituso.dll",b
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [koruralare] Rundll32.exe "C:\WINDOWS\system32\sudenupu.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .3gp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpe: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E791CBED-F675-42D2-AD17-AE9709E227F3}: NameServer = 212.27.54.252,212.27.53.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: trvsfw.dll snpmfd.dll jyguwn.dll vtaijq.dll ccwjnr.dll xgrcju.dll cxvjkb.dll nobhce.dll C:\WINDOWS\system32\lenozafi.dll c:\windows\system32\yubiwojo.dll c:\windows\system32\madubiha.dll
O20 - Winlogon Notify: fccaaXRK - fccaaXRK.dll (file missing)
O20 - Winlogon Notify: yaywxXnO - yaywxXnO.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\madubiha.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\madubiha.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 10166 bytes


Merci pour votre aide!

Autres pages sur : fenetres pub intempestives

a b 8 Sécurité
28 Novembre 2008 18:48:29

Bonjour,

[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    30 Novembre 2008 14:31:48

    J' ai un peu galéré, je connais pas du tout cet outil, voici le rapport:

    ComboFix 08-11-29.03 - fish 2008-11-30 11:26:45.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1573 [GMT 1:00]
    Lancé depuis: c:\documents and settings\fish\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\combofix\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\BM0ba89a88.txt
    c:\windows\BM0ba89a88.xml
    c:\windows\system32\~.exe
    c:\windows\system32\ahogktue.ini
    c:\windows\system32\aotuoqmv.ini
    c:\windows\system32\atobakef.ini
    c:\windows\system32\awsyewcm.dll
    c:\windows\system32\awtrQIcC.dll
    c:\windows\system32\bfwcyrsw.ini
    c:\windows\system32\bivayuye.dll
    c:\windows\system32\BKnnWvut.ini
    c:\windows\system32\BKnnWvut.ini2
    c:\windows\system32\bksvybso.ini
    c:\windows\system32\cdhkncul.ini
    c:\windows\system32\cprmogqy.ini
    c:\windows\system32\cwobduhs.ini
    c:\windows\system32\dbvoruis.dll
    c:\windows\system32\ddmywjoa.ini
    c:\windows\system32\DghjPqss.ini
    c:\windows\system32\DghjPqss.ini2
    c:\windows\system32\dgksbopq.ini
    c:\windows\system32\dmarhcpg.ini
    c:\windows\system32\dmjrpimo.exe
    c:\windows\system32\dwjudgps.ini
    c:\windows\system32\dxcumiyd.ini
    c:\windows\system32\epejojit.ini
    c:\windows\system32\epekesek.ini
    c:\windows\system32\esatuzuj.ini
    c:\windows\system32\fcmwrfsa.dll
    c:\windows\system32\fekabota.dll
    c:\windows\system32\fMWvyGgh.ini
    c:\windows\system32\fMWvyGgh.ini2
    c:\windows\system32\ftsniuji.dll
    c:\windows\system32\garavebu.dll
    c:\windows\system32\gmkjsfcn.ini
    c:\windows\system32\gpchramd.dll
    c:\windows\system32\idugodig.ini
    c:\windows\system32\ifhekqph.ini
    c:\windows\system32\iifcCTLd.dll
    c:\windows\system32\iifcYQJC.dll
    c:\windows\system32\ijuinstf.ini
    c:\windows\system32\isndmkdo.dll
    c:\windows\system32\itehivol.ini
    c:\windows\system32\itodetek.ini
    c:\windows\system32\jglcfpec.dll
    c:\windows\system32\khfEXono.dll
    c:\windows\system32\kjlatt.dll
    c:\windows\system32\lqnwgaqm.dll
    c:\windows\system32\lucnkhdc.dll
    c:\windows\system32\luhutoha.dll
    c:\windows\system32\mcrh.tmp
    c:\windows\system32\ncfsjkmg.dll
    c:\windows\system32\nftxjrqe.dll
    c:\windows\system32\odelehiw.ini
    c:\windows\system32\ofovigib.ini
    c:\windows\system32\omhiytop.dll
    c:\windows\system32\orutikay.ini
    c:\windows\system32\osutimos.ini
    c:\windows\system32\owtppwkx.dll
    c:\windows\system32\pewodaju.dll
    c:\windows\system32\potyihmo.ini
    c:\windows\system32\qjaeppfd.ini
    c:\windows\system32\qoMeDWqO.dll
    c:\windows\system32\ramrpsbr.dll
    c:\windows\system32\rhkqavmg.ini
    c:\windows\system32\rkepbjwy.ini
    c:\windows\system32\rwpgin.dll
    c:\windows\system32\rwrvqhtj.dll
    c:\windows\system32\sagukckc.ini
    c:\windows\system32\scohfyrj.dll
    c:\windows\system32\shudbowc.dll
    c:\windows\system32\spiwjlkx.ini
    c:\windows\system32\ssqQhfEw.dll
    c:\windows\system32\stnldjta.ini
    c:\windows\system32\tijojepe.dll
    c:\windows\system32\tuvTjHWP.dll
    c:\windows\system32\tuvWomlj.dll
    c:\windows\system32\tuvWqQjG.dll
    c:\windows\system32\tvbtrdok.ini
    c:\windows\system32\ubevarag.ini
    c:\windows\system32\ujodadog.ini
    c:\windows\system32\urqNEXqr.dll
    c:\windows\system32\urqPFVPh.dll
    c:\windows\system32\vfjhig.dll
    c:\windows\system32\vritks.dll
    c:\windows\system32\wcltvnbc.exe
    c:\windows\system32\wgrqkxnd.dll
    c:\windows\system32\wrrbprmy.exe
    c:\windows\system32\wsrycwfb.dll
    c:\windows\system32\xamigmyw.dll
    c:\windows\system32\xkwpptwo.ini
    c:\windows\system32\yakituro.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-28 13:03 . 2008-11-28 13:03 <REP> d-------- c:\program files\Trend Micro
    2008-11-17 22:55 . 2008-11-17 22:55 <REP> d-------- c:\program files\Zylom Games
    2008-11-06 19:39 . 2008-11-06 19:39 0 --a------ c:\windows\system32\stnldjta.tmp
    2008-10-30 19:12 . 2008-10-30 19:12 72 --a------ c:\windows\MediaManager.INI
    2008-10-13 15:12 . 2008-10-13 15:12 71,680 --a------ c:\windows\system32\eutkgoha.dll
    2008-10-13 15:09 . 2008-10-13 15:09 123,904 --a------ c:\windows\system32\adiktnox.dll
    2008-10-12 14:06 . 2008-10-12 14:06 128,000 --a------ c:\windows\system32\quihxgjf.dll
    2008-10-11 14:37 . 2008-10-11 14:37 67,584 --a------ c:\windows\system32\xkljwips.dll
    2008-10-11 14:04 . 2008-10-11 14:04 123,904 --a------ c:\windows\system32\evgfnhuk.dll
    2008-10-10 10:59 . 2008-10-10 10:59 71,680 --a------ c:\windows\system32\vmqoutoa.dll
    2008-10-09 07:38 . 2008-10-09 07:38 128,000 --a------ c:\windows\system32\katnglcq.dll
    2008-10-09 07:35 . 2008-10-09 07:35 67,584 --a------ c:\windows\system32\dfppeajq.dll
    2008-10-07 22:08 . 2008-10-07 22:08 67,584 --a------ c:\windows\system32\hpqkehfi.dll
    2008-10-07 22:05 . 2008-10-07 22:05 123,904 --a------ c:\windows\system32\gwrfejhn.dll
    2008-10-06 22:09 . 2008-10-06 22:10 123,904 --a------ c:\windows\system32\axditxcn.dll
    2008-10-06 20:09 . 2008-11-11 23:58 <REP> d-------- c:\documents and settings\fish\Contacts
    2008-10-05 22:07 . 2008-10-05 22:07 67,072 --a------ c:\windows\system32\osbyvskb.dll
    2008-10-05 22:04 . 2008-10-05 22:04 128,000 --a------ c:\windows\system32\odfzze.dll
    2008-10-05 22:04 . 2008-10-05 22:04 128,000 --a------ c:\windows\system32\cyirshxj.dll
    2008-10-05 19:19 . 2008-10-31 17:46 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-10-04 22:04 . 2008-10-04 22:04 123,904 --a------ c:\windows\system32\uvsloycr.dll
    2008-10-04 22:04 . 2008-10-04 22:04 67,072 --a------ c:\windows\system32\aojwymdd.dll
    2008-10-04 20:03 . 2008-10-04 20:03 123,904 --a------ c:\windows\system32\ttwegubt.dll
    2008-10-04 18:02 . 2008-10-04 18:02 123,904 --a------ c:\windows\system32\ebraby.dll
    2008-10-04 18:01 . 2008-10-04 18:02 123,904 --a------ c:\windows\system32\rhprdrvt.dll
    2008-10-04 17:55 . 2008-10-04 17:55 25,088 --a------ c:\windows\system32\urqQjiFY.dll
    2008-10-04 17:55 . 2008-10-04 17:55 25,088 --a------ c:\windows\system32\opnlLFUl.dll
    2008-10-04 17:55 . 2008-10-04 17:55 25,088 --a------ c:\windows\system32\efcCssPI.dll
    2008-10-04 17:33 . 2008-11-17 22:57 <REP> d-------- c:\documents and settings\fish\Application Data\Zylom
    2008-10-04 17:33 . 2008-10-04 17:33 <REP> d-------- c:\documents and settings\All Users\Application Data\GameHouse

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-30 10:39 --------- d-----w c:\program files\Symantec AntiVirus
    2008-11-30 01:57 --------- d-----w c:\documents and settings\fish\Application Data\FileZilla
    2008-11-15 18:34 --------- d-----w c:\program files\FileZilla FTP Client
    2008-11-15 16:08 --------- d-----w c:\documents and settings\fish\Application Data\dvdcss
    2008-11-14 20:33 --------- d-----w c:\program files\adslTV
    2008-11-14 20:00 --------- d-----w c:\documents and settings\fish\Application Data\Castthiswma
    2008-11-07 13:39 --------- d-----w c:\program files\Fichiers communs\AVSMedia
    2008-09-30 22:27 --------- d-----w c:\documents and settings\All Users\Application Data\Jump Poll Poke Mp3
    2008-09-07 20:19 64,502 ----a-w c:\windows\BricoPackUninst.cmd
    2008-09-07 20:19 6,112 ----a-w c:\windows\BricoPackFoldersDelete.cmd
    2008-02-15 09:40 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
    2007-04-29 13:33 92,064 ----a-w c:\documents and settings\fish\mqdmmdm.sys
    2007-04-29 13:33 9,232 ----a-w c:\documents and settings\fish\mqdmmdfl.sys
    2007-04-29 13:33 79,328 ----a-w c:\documents and settings\fish\mqdmserd.sys
    2007-04-29 13:33 66,656 ----a-w c:\documents and settings\fish\mqdmbus.sys
    2007-04-29 13:33 6,208 ----a-w c:\documents and settings\fish\mqdmcmnt.sys
    2007-04-29 13:33 5,936 ----a-w c:\documents and settings\fish\mqdmwhnt.sys
    2007-04-29 13:33 4,048 ----a-w c:\documents and settings\fish\mqdmcr.sys
    2007-04-29 13:33 25,600 ----a-w c:\documents and settings\fish\usbsermptxp.sys
    2007-04-29 13:33 22,768 ----a-w c:\documents and settings\fish\usbsermpt.sys
    2005-05-13 15:12 217,073 -csha-r c:\windows\meta4.exe
    2005-10-24 09:13 66,560 -csha-r c:\windows\MOTA113.exe
    2005-10-13 19:27 422,400 -csha-r c:\windows\x2.64.exe
    2005-10-07 17:14 308,224 -csha-r c:\windows\system32\avisynth.dll
    2005-07-14 10:31 27,648 -csha-r c:\windows\system32\AVSredirect.dll
    2005-06-26 13:32 616,448 -csha-r c:\windows\system32\cygwin1.dll
    2005-06-21 20:37 45,568 -csha-r c:\windows\system32\cygz.dll
    2004-01-24 22:00 70,656 -csha-r c:\windows\system32\i420vfw.dll
    2006-04-27 08:24 2,945,024 -csha-r c:\windows\system32\Smab.dll
    2005-02-28 11:16 240,128 -csha-r c:\windows\system32\x.264.exe
    2004-01-25 17:18 70,656 --sha-w c:\windows\system32\yv12vfw.dll
    .

    ------- Sigcheck -------

    2004-08-19 16:09 694784 848baaf9d7e2a2ce9ca1cd0c2db43833 c:\windows\system32\wininet.dll
    2004-08-19 16:09 694784 848baaf9d7e2a2ce9ca1cd0c2db43833 c:\windows\system32\dllcache\wininet.dll

    2004-08-19 16:09 978432 c2e06cb7cfb5dbd8767ddd5e2e18cf71 c:\windows\explorer.exe
    2004-08-19 16:09 978432 c2e06cb7cfb5dbd8767ddd5e2e18cf71 c:\windows\system32\dllcache\explorer.exe

    2008-07-18 21:10 68808 136896c2cdc3f689876e0d44485153ea c:\windows\system32\wuauclt.exe
    2008-07-18 21:10 68808 136896c2cdc3f689876e0d44485153ea c:\windows\system32\dllcache\wuauclt.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 335872]
    "ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-04-18 48752]
    "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-05-09 85088]
    "CameraFixer"="c:\windows\CameraFixer.exe" [2005-12-06 20480]
    "snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "EPSON Stylus Photo RX420 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 98304]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
    "poke mp3 cdrom meta"="c:\documents and settings\All Users\Application Data\Jump Poll Poke Mp3\Comp barb.exe" [2008-11-30 9385984]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

    c:\documents and settings\fish\Menu D‚marrer\Programmes\D‚marrage\
    RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
    TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
    UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
    Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.FFDS"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "f:\\eMule\\emule.exe"=
    "c:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\adslTV\\adsltv.exe"=
    "c:\\Program Files\\adslTV\\vlc.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6346:TCP"= 6346:TCP:*:D isabled:shareaza
    "6346:UDP"= 6346:UDP:*:D isabled:shareaza
    "3389:TCP"= 3389:TCP:*:D isabled:@xpsp2res.dll,-22009
    "12215:TCP"= 12215:TCP:p ort client
    "12225:UDP"= 12225:UDP:p ort client
    "14733:TCP"= 14733:TCP:*:D isabled:shareaza
    "53852:TCP"= 53852:TCP:ml
    "61962:UDP"= 61962:UDP:mp
    "23907:TCP"= 23907:TCP:hjghh
    "54523:UDP"= 54523:UDP:jhiu
    "7561:TCP"= 7561:TCP:vcc
    "7571:UDP"= 7571:UDP:gdds
    "6910:TCP"= 6910:TCP:D fvdv
    "53472:UDP"= 53472:UDP:vdfvdf
    "6558:TCP"= 6558:TCP:nklk
    "12063:UDP"= 12063:UDP:kmlok
    "6347:UDP"= 6347:UDP:gdbf

    R3 axsaki;axsaki;c:\windows\system32\DRIVERS\axsaki.sys [2003-03-30 102624]
    R3 axskbus;axskbus;c:\windows\system32\DRIVERS\axskbus.sys [2003-03-28 8640]
    R3 EraserUtilDrvI7;EraserUtilDrvI7;\??\c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilDrvI7.sys [2008-11-30 99376]
    R3 ovt530;Webcam Deluxe;c:\windows\system32\Drivers\ov530vid.sys [2007-10-22 161792]
    S3 ASNDIS5;ASNDIS5 Protocol Driver;\??\c:\windows\system32\ASNDIS5.SYS []
    S3 ASPI;Advanced SCSI Programming Interface Driver;\??\c:\windows\System32\DRIVERS\ASPI32.sys [2006-09-07 25244]
    S3 RT2400;ASUS Wireless Driver;c:\windows\system32\DRIVERS\RT2400.sys []
    S3 USB28xxBGA;Pinnacle PCTV DVB-T USB Stick;c:\windows\system32\DRIVERS\emBDA.sys [2006-08-26 209408]
    S3 USB28xxOEM;USB 28xx OEM Filter;c:\windows\system32\DRIVERS\emOEM.sys [2006-08-26 17792]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09431672-adc9-11dd-b93a-0015f215755d}]
    \Shell\AutoRun\command - WD_Windows_Tools\Setup.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2008-11-30 c:\windows\Tasks\B58794719CB01095.job
    - c:\docume~1\fish\applic~1\castth~1\Four balm mess.exe []

    2006-10-16 c:\windows\Tasks\PMCS_Wakeup632966043828906250.job
    - c:\program files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe []
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{072F7274-3F50-4CF7-9F35-9959CD1D23FA} - (no file)
    BHO-{0C435395-3B69-4DF9-9A4D-5C9E933B2FF6} - (no file)
    BHO-{160EB06C-CAB6-4A7C-BEBC-08511600351D} - (no file)
    BHO-{2E721E3D-7FA9-4AFB-9B8B-C8610AFB9BF7} - (no file)
    BHO-{69CC5F33-B705-4FD1-A5A3-DD86AD563CA6} - (no file)
    BHO-{7496feb8-2ed9-48e8-82dd-33d5ddd7f5b6} - c:\windows\system32\topitavi.dll
    BHO-{793CF810-E60F-437A-A67C-36BB6AB30B68} - (no file)
    BHO-{7D53DD42-BA02-4CEF-8900-BC3837050B75} - (no file)
    BHO-{8B03082D-8733-4AD6-ABF9-5AD6B53FA2C4} - (no file)
    BHO-{8F67E146-FB6C-418F-9FE5-37AA2206D92E} - (no file)
    BHO-{94ED2AFC-1628-4A44-81EE-6632B7667FD2} - (no file)
    BHO-{AA40FB51-D7CD-4F6F-90A7-FA73E765B468} - (no file)
    BHO-{BD89771D-32F3-44BB-B6E3-C3B5F633AD0E} - (no file)
    BHO-{D6CFFE18-29EB-4C68-98FD-D4A002AA38A1} - (no file)
    BHO-{DFEDBEFB-4DC5-4290-AB58-063104E87D56} - (no file)
    BHO-{E6E01B1D-0ECA-44E8-B435-DF08AD4CE8AF} - (no file)
    HKLM-Run-koruralare - c:\windows\system32\sudenupu.dll
    HKLM-Run-CPM0ba89a88 - c:\windows\system32\pedabara.dll
    HKLM-Run-089ba914 - c:\windows\system32\ketedoti.dll
    ShellExecuteHooks-{0C435395-3B69-4DF9-9A4D-5C9E933B2FF6} - (no file)
    ShellExecuteHooks-{8F67E146-FB6C-418F-9FE5-37AA2206D92E} - (no file)
    Notify-fccaaXRK - fccaaXRK.dll
    Notify-yaywxXnO - yaywxXnO.dll


    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - c:\documents and settings\fish\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/firefox
    FF -: plugin - c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    FF -: plugin - c:\program files\Mozilla Firefox\plugins\nphardwaredetection.dll
    FF -: plugin - c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-30 11:38:19
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...


    c:\docume~1\fish\LOCALS~1\Temp\00022331.exe 1903208 bytes executable

    Scan terminé avec succès
    Fichiers cachés: 1

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mchInjDrv]
    "ImagePath"="\??\c:\docume~1\fish\LOCALS~1\Temp\mc21.tmp"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(1176)
    c:\windows\system32\Ati2evxx.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\program files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    c:\program files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\Symantec AntiVirus\DefWatch.exe
    c:\program files\Analog Devices\SoundMAX\SMAgent.exe
    c:\program files\Symantec AntiVirus\Rtvscan.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Symantec AntiVirus\DoScan.exe
    c:\program files\Internet Explorer\iexplore.exe
    c:\program files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    c:\program files\Java\jre1.6.0_05\bin\jucheck.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-11-30 11:45:26 - La machine a redémarré [fish]
    ComboFix-quarantined-files.txt 2008-11-30 10:45:21

    Avant-CF: 3,997,519,872 octets libres
    Après-CF: 4,388,511,744 octets libres

    334


    merci pour ton aide.
    Contenus similaires
    a b 8 Sécurité
    30 Novembre 2008 19:28:49

    Reposte un rapport Hijackthis.
    3 Décembre 2008 22:47:45

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:42:37, on 03/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\CameraFixer.exe
    C:\WINDOWS\vsnpstd.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/firefox
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [poke mp3 cdrom meta] C:\Documents and Settings\All Users\Application Data\Jump Poll Poke Mp3\Comp barb.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .3gp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for .mpe: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E791CBED-F675-42D2-AD17-AE9709E227F3}: NameServer = 212.27.54.252,212.27.53.252
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    --
    End of file - 7822 bytes



    je reviens de quelques jours de vacances et depuis mon retour, pas de fenêtres intempestives!
    Wait & see.
    a b 8 Sécurité
    4 Décembre 2008 16:53:52

    Pas terminé :) 

    Télécharge Lop S&D.exe ([#ff0000]Eric_71[/#f]) sur ton Bureau.

  • Lance l'installation du programme en exécutant le fichier téléchargé.
  • Double-clique maintenant sur le raccourci de LopS&D.
  • Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
  • Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
  • Poste le rapport généré (C:\lopR.txt*)
    * le nom de la partition peut changer
    4 Décembre 2008 17:42:38


    --------------------\\ Lop S&D 4.2.4-9c XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
    BIOS : BIOS Date: 08/04/05 22:35:07 Ver: 08.00.09
    USER : fish ( Administrator )
    BOOT : Normal boot
    Antivirus : Symantec AntiVirus Corporate Edition 10.0.0.359 (Not Activated)
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:16 Go (Free:3 Go)
    D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
    F:\ (Local Disk) - NTFS - Total:29 Go (Free:5 Go)
    G:\ (Local Disk) - NTFS - Total:48 Go (Free:1 Go)
    H:\ (Local Disk) - NTFS - Total:36 Go (Free:0 Go)
    J:\ (CD or DVD)

    "C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
    Option : [1] ( 04/12/2008|17:38 )

    --------------------\\ Listing des dossiers dans APPLIC~1

    [23/02/2007|16:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [17/09/2007|15:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [31/08/2006|19:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
    [06/08/2008|13:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
    [16/01/2008|02:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
    [28/04/2007|00:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
    [04/08/2008|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
    [04/10/2008|17:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GameHouse
    [16/11/2007|13:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [30/09/2008|23:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Jump Poll Poke Mp3
    [13/10/2006|16:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [28/08/2007|15:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NFS Underground
    [26/08/2006|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
    [15/02/2008|10:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    [31/10/2008|17:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [02/09/2006|14:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    [22/01/2008|00:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [15/07/2007|23:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\That Dvd User Bias
    [06/11/2006|00:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
    [17/01/2008|16:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

    [26/08/2006|18:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [06/08/2008|13:33] C:\DOCUME~1\fish\APPLIC~1\AccurateRip
    [09/12/2007|23:14] C:\DOCUME~1\fish\APPLIC~1\Adobe
    [23/02/2007|17:01] C:\DOCUME~1\fish\APPLIC~1\AdobeUM
    [21/05/2007|17:38] C:\DOCUME~1\fish\APPLIC~1\Apple Computer
    [22/10/2007|22:08] C:\DOCUME~1\fish\APPLIC~1\ArcSoft
    [06/08/2008|13:45] C:\DOCUME~1\fish\APPLIC~1\AVS4YOU
    [02/08/2008|19:04] C:\DOCUME~1\fish\APPLIC~1\BitDownload
    [14/11/2008|21:00] C:\DOCUME~1\fish\APPLIC~1\Castthiswma
    [27/02/2007|11:52] C:\DOCUME~1\fish\APPLIC~1\DivX
    [15/11/2008|17:08] C:\DOCUME~1\fish\APPLIC~1\dvdcss
    [30/11/2008|02:57] C:\DOCUME~1\fish\APPLIC~1\FileZilla
    [07/03/2007|19:29] C:\DOCUME~1\fish\APPLIC~1\Gearbox Software
    [07/01/2008|00:15] C:\DOCUME~1\fish\APPLIC~1\Google
    [26/08/2006|20:25] C:\DOCUME~1\fish\APPLIC~1\Help
    [17/11/2008|22:57] C:\DOCUME~1\fish\APPLIC~1\Identities
    [28/04/2007|00:22] C:\DOCUME~1\fish\APPLIC~1\InstallShield
    [02/08/2008|17:53] C:\DOCUME~1\fish\APPLIC~1\LimeWire
    [01/09/2006|11:13] C:\DOCUME~1\fish\APPLIC~1\Macromedia
    [12/11/2007|15:46] C:\DOCUME~1\fish\APPLIC~1\Media Player Classic
    [04/12/2008|00:31] C:\DOCUME~1\fish\APPLIC~1\Microsoft
    [29/08/2008|07:24] C:\DOCUME~1\fish\APPLIC~1\Mozilla
    [06/09/2008|14:22] C:\DOCUME~1\fish\APPLIC~1\PlayFirst
    [17/09/2007|16:05] C:\DOCUME~1\fish\APPLIC~1\Real
    [04/12/2008|00:29] C:\DOCUME~1\fish\APPLIC~1\Samsung
    [02/06/2008|02:25] C:\DOCUME~1\fish\APPLIC~1\Skype
    [03/06/2008|23:06] C:\DOCUME~1\fish\APPLIC~1\skypePM
    [19/09/2006|15:03] C:\DOCUME~1\fish\APPLIC~1\Sun
    [15/06/2008|14:07] C:\DOCUME~1\fish\APPLIC~1\U3
    [23/07/2008|10:19] C:\DOCUME~1\fish\APPLIC~1\vlc
    [17/11/2008|22:57] C:\DOCUME~1\fish\APPLIC~1\Zylom

    [10/11/2007|19:58] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [31/08/2006|19:32] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [04/12/2008 17:00][--ah-----] C:\WINDOWS\tasks\B58794719CB01095.job
    [16/10/2006 13:06][--a------] C:\WINDOWS\tasks\PMCS_Wakeup632966043828906250.job
    [04/12/2008 12:46][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [28/08/2001 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    ( B58794719CB01095.job )=( c:\docume~1\fish\applic~1\castth~1\Fourbalmmess.exe )

    --------------------\\ Listing des dossiers dans C:\Program Files

    [23/02/2007|16:55] C:\Program Files\Adobe
    [14/11/2008|21:33] C:\Program Files\adslTV
    [03/11/2006|21:12] C:\Program Files\Ahead
    [17/09/2008|16:32] C:\Program Files\Alcohol Soft
    [26/08/2006|18:53] C:\Program Files\Analog Devices
    [06/11/2006|00:31] C:\Program Files\ArcSoft
    [20/09/2006|17:26] C:\Program Files\ASUS
    [26/08/2006|19:03] C:\Program Files\ATI Technologies
    [03/12/2008|23:35] C:\Program Files\Avanquest update
    [27/02/2007|11:10] C:\Program Files\CCleaner
    [04/12/2008|00:13] C:\Program Files\Common Files
    [11/11/2007|15:07] C:\Program Files\EPSON
    [30/11/2008|11:29] C:\Program Files\Fichiers communs
    [15/11/2008|19:34] C:\Program Files\FileZilla FTP Client
    [18/01/2007|16:16] C:\Program Files\Free
    [01/06/2008|20:02] C:\Program Files\Freeplayer
    [24/11/2007|11:07] C:\Program Files\Google
    [13/12/2007|20:39] C:\Program Files\Haali
    [16/02/2007|15:28] C:\Program Files\HardwareDetection
    [22/10/2007|22:01] C:\Program Files\Hercules
    [03/12/2008|23:29] C:\Program Files\InstallShield Installation Information
    [26/08/2006|18:47] C:\Program Files\Intel
    [07/09/2008|21:37] C:\Program Files\Internet Explorer
    [02/08/2008|18:10] C:\Program Files\Java
    [26/08/2006|18:56] C:\Program Files\Marvell
    [26/08/2006|18:26] C:\Program Files\Messenger
    [26/08/2006|18:36] C:\Program Files\microsoft frontpage
    [28/08/2006|22:00] C:\Program Files\Microsoft Office
    [28/08/2006|21:59] C:\Program Files\Microsoft.NET
    [04/12/2008|00:12] C:\Program Files\Motorola
    [04/12/2008|00:14] C:\Program Files\Motorola Phone Tools
    [07/09/2008|21:37] C:\Program Files\Movie Maker
    [04/12/2008|17:27] C:\Program Files\Mozilla Firefox
    [26/08/2006|18:24] C:\Program Files\MSN
    [26/08/2006|18:26] C:\Program Files\MSN Gaming Zone
    [14/01/2008|20:23] C:\Program Files\MSN Messenger
    [26/08/2006|18:29] C:\Program Files\NetMeeting
    [07/09/2008|21:37] C:\Program Files\Outlook Express
    [21/05/2007|17:33] C:\Program Files\QuickTime
    [22/09/2007|02:19] C:\Program Files\Raveille
    [03/12/2008|22:55] C:\Program Files\Samsung
    [15/02/2008|10:39] C:\Program Files\Skype
    [06/11/2006|00:18] C:\Program Files\Smart Panel
    [13/09/2006|15:58] C:\Program Files\SuperCopier2
    [02/09/2006|15:00] C:\Program Files\Symantec
    [04/12/2008|17:35] C:\Program Files\Symantec AntiVirus
    [28/11/2008|13:03] C:\Program Files\Trend Micro
    [26/08/2006|18:44] C:\Program Files\Uninstall Information
    [26/08/2006|20:34] C:\Program Files\VideoLAN
    [16/11/2007|17:09] C:\Program Files\WinASPI
    [02/03/2007|19:10] C:\Program Files\Windows Media Player
    [26/08/2006|18:25] C:\Program Files\Windows NT
    [26/08/2006|18:31] C:\Program Files\WindowsUpdate
    [11/07/2007|11:14] C:\Program Files\WinRAR
    [20/09/2007|21:58] C:\Program Files\WinZip
    [26/08/2006|18:36] C:\Program Files\xerox
    [17/11/2008|22:55] C:\Program Files\Zylom Games

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [11/09/2006|11:25] C:\Program Files\Fichiers communs\Adobe
    [29/11/2006|22:38] C:\Program Files\Fichiers communs\Ahead
    [22/10/2007|22:06] C:\Program Files\Fichiers communs\ArcSoft
    [07/11/2008|14:39] C:\Program Files\Fichiers communs\AVSMedia
    [28/08/2006|22:00] C:\Program Files\Fichiers communs\DESIGNER
    [04/07/2007|19:19] C:\Program Files\Fichiers communs\DirectX
    [02/12/2006|02:01] C:\Program Files\Fichiers communs\GTK
    [26/08/2006|19:04] C:\Program Files\Fichiers communs\InstallShield
    [16/11/2007|13:14] C:\Program Files\Fichiers communs\Java
    [30/08/2008|12:05] C:\Program Files\Fichiers communs\Microsoft Shared
    [18/07/2007|18:15] C:\Program Files\Fichiers communs\Motorola Shared
    [26/08/2006|18:29] C:\Program Files\Fichiers communs\MSSoap
    [26/08/2006|20:14] C:\Program Files\Fichiers communs\ODBC
    [17/09/2007|16:05] C:\Program Files\Fichiers communs\Real
    [26/08/2006|18:29] C:\Program Files\Fichiers communs\Services
    [15/02/2008|10:39] C:\Program Files\Fichiers communs\Skype
    [13/10/2006|16:43] C:\Program Files\Fichiers communs\snpstd
    [26/08/2006|20:14] C:\Program Files\Fichiers communs\SpeechEngines
    [10/08/2008|19:02] C:\Program Files\Fichiers communs\Symantec Shared
    [28/08/2006|21:59] C:\Program Files\Fichiers communs\System

    --------------------\\ Process

    ( 44 Processes )

    c'est grave docteur?
    a b 8 Sécurité
    4 Décembre 2008 18:19:52

    Pas complet.
    4 Décembre 2008 18:48:53

    grrr je recommence
    a b 8 Sécurité
    4 Décembre 2008 19:14:32

    Citation :
    # Poste le rapport généré (C:\lopR.txt*)

    Pas besoin de le refaire :/ 
    5 Décembre 2008 17:58:02

    bonjour,
    je n'arrive pas à utiliser lop S&D, le programme s'installe et se lance mais reste bloqué à la fenêtre rouge 'please wait' ou un programme en '.exe' (d'où le rapport incomplet) . J'ai pourtant viré mon antivirus et les pare feu. J'ai zappé un truc? y'a t-il une manip' particulière?
    a b 8 Sécurité
    5 Décembre 2008 20:12:07

    Tu as essayé de le désinstaller/réinstaller ?
    6 Décembre 2008 20:46:47

    oui plusieurs fois et ce matin mon ordi n'a pas voulu démarré et quand il l'a fait, c'était en mode restauration... et super lent... c'est de pire en pire.
    a b 8 Sécurité
    7 Décembre 2008 14:46:58

    Je ne pense pas à une infection.
    7 Décembre 2008 14:58:22

    justement en regardant de plus près, je pense avoir chopé 3 virus différent:
    celui dont les fenetres commence par cid, un autre sur un antivirus et le 3e sur les jeux d'argent. Le site que j'ai consulté été d'ailleurs fait par toi même et éric. un des virus été conséquent au téléchargement d'un dossier beattorrent. Bref avec ce que tu dis je ne sais où donner de la tête.
    par contre au tout début des manip', j'avais installé une commande de restauration à laquelle j'ai accès quand le pc démarre, pas possible de récupéré le système avec ça?
    Et si ce n'est pas une infection, c'est quoi?

    a b 8 Sécurité
    7 Décembre 2008 17:25:15

    Je parle de non infection pour la lenteur. Mais on verra après.

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    8 Décembre 2008 10:20:24

    ne crions pas victoire, mais il me semble que tout soit rentré dans l'ordre.
    Voici le rapport MBAM:
    Malwarebytes' Anti-Malware 1.31
    Version de la base de données: 1471
    Windows 5.1.2600 Service Pack 2

    08/12/2008 10:10:20
    mbam-log-2008-12-08 (10-10-20).txt

    Type de recherche: Examen complet (C:\|F:\|G:\|H:\|)
    Eléments examinés: 139994
    Temps écoulé: 6 hour(s), 46 minute(s), 1 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 2
    Clé(s) du Registre infectée(s): 7
    Valeur(s) du Registre infectée(s): 5
    Elément(s) de données du Registre infecté(s): 6
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 144

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    c:\WINDOWS\system32\losamine.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\dasabisi.dll (Trojan.Vundo.H) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7496feb8-2ed9-48e8-82dd-33d5ddd7f5b6} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{7496feb8-2ed9-48e8-82dd-33d5ddd7f5b6} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7496feb8-2ed9-48e8-82dd-33d5ddd7f5b6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\089ba914 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\koruralare (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm0ba89a88 (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\losamine.dll -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\losamine.dll -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\dasabisi.dll -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\dasabisi.dll -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\dasabisi.dll -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www.iesearch.com/) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\berijona.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\anojireb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hirisaki.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ikasirih.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\kupuruzi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\izurupuk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pavelaro.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\oralevap.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vumehijo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ojihemuv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wogutopa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\apotugow.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dasabisi.dll (Trojan.Vundo.H) -> Delete on reboot.
    c:\WINDOWS\system32\losamine.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\noguyiyu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fish\Local Settings\temp\winbAlO0kn.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fish\Local Settings\Temporary Internet Files\Content.IE5\2VJVM4BA\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fish\Local Settings\Temporary Internet Files\Content.IE5\S5AV09YF\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\awsyewcm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\awtrQIcC.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\bivayuye.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\dbvoruis.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\dmjrpimo.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\fcmwrfsa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\fekabota.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ftsniuji.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\garavebu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\gpchramd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\iifcCTLd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\iifcYQJC.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\isndmkdo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\jglcfpec.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\khfEXono.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\kjlatt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\lqnwgaqm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\lucnkhdc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\luhutoha.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ncfsjkmg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\nftxjrqe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\omhiytop.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\owtppwkx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\pewodaju.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\qoMeDWqO.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ramrpsbr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\rwpgin.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\rwrvqhtj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\scohfyrj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\shudbowc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqQhfEw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\tijojepe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvTjHWP.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvWomlj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvWqQjG.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\urqNEXqr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\urqPFVPh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\vfjhig.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\vritks.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\wcltvnbc.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\wgrqkxnd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\wrrbprmy.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\wsrycwfb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\xamigmyw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\yakituro.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\~.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201072.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201077.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201079.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201085.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201090.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201096.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201097.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201099.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201100.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201102.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201105.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201106.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201108.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201111.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201112.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201113.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201114.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201115.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201116.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201117.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201118.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201121.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201124.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201125.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201128.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201129.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201132.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201133.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201135.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201136.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201138.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201140.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201141.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201142.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201143.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201147.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201148.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201149.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201150.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201151.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201152.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201153.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201154.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201155.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0201157.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP804\A0209781.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP804\A0209782.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP804\A0209783.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215663.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\adiktnox.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\aojwymdd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\axditxcn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cyirshxj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dfppeajq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ebraby.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\eutkgoha.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\evgfnhuk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\gwrfejhn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hpqkehfi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\katnglcq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nisawoyi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nuwonaka.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\odfzze.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\osbyvskb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pofolehe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\quihxgjf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rhprdrvt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rurajiye.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ttwegubt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\uvsloycr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vijibidi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vmqoutoa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xkljwips.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\yepogofa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\yuniyuzi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\zopiwahe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\~.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\opnlLFUl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\urqQjiFY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\efcCssPI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    8 Décembre 2008 10:29:31

    je viens de retenter lop S&D
    8 Décembre 2008 10:31:16

    je viens de relancer lop S&D et ça a fonctionné. le rapport généré:


    --------------------\\ Lop S&D 4.2.4-9c XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
    BIOS : BIOS Date: 08/04/05 22:35:07 Ver: 08.00.09
    USER : fish ( Administrator )
    BOOT : Normal boot
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:16 Go (Free:3 Go)
    D:\ (CD or DVD)
    F:\ (Local Disk) - NTFS - Total:29 Go (Free:5 Go)
    G:\ (Local Disk) - NTFS - Total:48 Go (Free:1 Go)
    H:\ (Local Disk) - NTFS - Total:36 Go (Free:0 Go)
    J:\ (CD or DVD)

    "C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
    Option : [1] ( 08/12/2008|10:22 )

    --------------------\\ Listing des dossiers dans APPLIC~1

    [23/02/2007|16:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [17/09/2007|15:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [31/08/2006|19:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
    [06/08/2008|13:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
    [16/01/2008|02:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
    [28/04/2007|00:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
    [04/08/2008|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
    [04/10/2008|17:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GameHouse
    [16/11/2007|13:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [30/09/2008|23:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Jump Poll Poke Mp3
    [07/12/2008|22:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [13/10/2006|16:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [28/08/2007|15:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NFS Underground
    [26/08/2006|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
    [15/02/2008|10:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    [31/10/2008|17:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [05/12/2008|10:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    [22/01/2008|00:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [15/07/2007|23:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\That Dvd User Bias
    [06/11/2006|00:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
    [17/01/2008|16:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

    [26/08/2006|18:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [06/08/2008|13:33] C:\DOCUME~1\fish\APPLIC~1\AccurateRip
    [09/12/2007|23:14] C:\DOCUME~1\fish\APPLIC~1\Adobe
    [23/02/2007|17:01] C:\DOCUME~1\fish\APPLIC~1\AdobeUM
    [21/05/2007|17:38] C:\DOCUME~1\fish\APPLIC~1\Apple Computer
    [22/10/2007|22:08] C:\DOCUME~1\fish\APPLIC~1\ArcSoft
    [06/08/2008|13:45] C:\DOCUME~1\fish\APPLIC~1\AVS4YOU
    [02/08/2008|19:04] C:\DOCUME~1\fish\APPLIC~1\BitDownload
    [14/11/2008|21:00] C:\DOCUME~1\fish\APPLIC~1\Castthiswma
    [27/02/2007|11:52] C:\DOCUME~1\fish\APPLIC~1\DivX
    [15/11/2008|17:08] C:\DOCUME~1\fish\APPLIC~1\dvdcss
    [30/11/2008|02:57] C:\DOCUME~1\fish\APPLIC~1\FileZilla
    [07/03/2007|19:29] C:\DOCUME~1\fish\APPLIC~1\Gearbox Software
    [07/01/2008|00:15] C:\DOCUME~1\fish\APPLIC~1\Google
    [26/08/2006|20:25] C:\DOCUME~1\fish\APPLIC~1\Help
    [17/11/2008|22:57] C:\DOCUME~1\fish\APPLIC~1\Identities
    [28/04/2007|00:22] C:\DOCUME~1\fish\APPLIC~1\InstallShield
    [02/08/2008|17:53] C:\DOCUME~1\fish\APPLIC~1\LimeWire
    [01/09/2006|11:13] C:\DOCUME~1\fish\APPLIC~1\Macromedia
    [07/12/2008|22:10] C:\DOCUME~1\fish\APPLIC~1\Malwarebytes
    [12/11/2007|15:46] C:\DOCUME~1\fish\APPLIC~1\Media Player Classic
    [04/12/2008|00:31] C:\DOCUME~1\fish\APPLIC~1\Microsoft
    [29/08/2008|07:24] C:\DOCUME~1\fish\APPLIC~1\Mozilla
    [06/09/2008|14:22] C:\DOCUME~1\fish\APPLIC~1\PlayFirst
    [17/09/2007|16:05] C:\DOCUME~1\fish\APPLIC~1\Real
    [04/12/2008|00:29] C:\DOCUME~1\fish\APPLIC~1\Samsung
    [02/06/2008|02:25] C:\DOCUME~1\fish\APPLIC~1\Skype
    [03/06/2008|23:06] C:\DOCUME~1\fish\APPLIC~1\skypePM
    [19/09/2006|15:03] C:\DOCUME~1\fish\APPLIC~1\Sun
    [15/06/2008|14:07] C:\DOCUME~1\fish\APPLIC~1\U3
    [23/07/2008|10:19] C:\DOCUME~1\fish\APPLIC~1\vlc
    [17/11/2008|22:57] C:\DOCUME~1\fish\APPLIC~1\Zylom

    [10/11/2007|19:58] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [31/08/2006|19:32] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [08/12/2008 00:00][--ah-----] C:\WINDOWS\tasks\B58794719CB01095.job
    [16/10/2006 13:06][--a------] C:\WINDOWS\tasks\PMCS_Wakeup632966043828906250.job
    [08/12/2008 10:12][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [28/08/2001 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    ( B58794719CB01095.job )=( c:\docume~1\fish\applic~1\castth~1\Fourbalmmess.exe )

    --------------------\\ Listing des dossiers dans C:\Program Files

    [23/02/2007|16:55] C:\Program Files\Adobe
    [14/11/2008|21:33] C:\Program Files\adslTV
    [03/11/2006|21:12] C:\Program Files\Ahead
    [17/09/2008|16:32] C:\Program Files\Alcohol Soft
    [26/08/2006|18:53] C:\Program Files\Analog Devices
    [06/11/2006|00:31] C:\Program Files\ArcSoft
    [20/09/2006|17:26] C:\Program Files\ASUS
    [26/08/2006|19:03] C:\Program Files\ATI Technologies
    [03/12/2008|23:35] C:\Program Files\Avanquest update
    [27/02/2007|11:10] C:\Program Files\CCleaner
    [04/12/2008|00:13] C:\Program Files\Common Files
    [11/11/2007|15:07] C:\Program Files\EPSON
    [30/11/2008|11:29] C:\Program Files\Fichiers communs
    [15/11/2008|19:34] C:\Program Files\FileZilla FTP Client
    [18/01/2007|16:16] C:\Program Files\Free
    [01/06/2008|20:02] C:\Program Files\Freeplayer
    [24/11/2007|11:07] C:\Program Files\Google
    [13/12/2007|20:39] C:\Program Files\Haali
    [16/02/2007|15:28] C:\Program Files\HardwareDetection
    [22/10/2007|22:01] C:\Program Files\Hercules
    [03/12/2008|23:29] C:\Program Files\InstallShield Installation Information
    [26/08/2006|18:47] C:\Program Files\Intel
    [07/09/2008|21:37] C:\Program Files\Internet Explorer
    [02/08/2008|18:10] C:\Program Files\Java
    [07/12/2008|22:10] C:\Program Files\Malwarebytes' Anti-Malware
    [26/08/2006|18:56] C:\Program Files\Marvell
    [26/08/2006|18:26] C:\Program Files\Messenger
    [26/08/2006|18:36] C:\Program Files\microsoft frontpage
    [28/08/2006|22:00] C:\Program Files\Microsoft Office
    [28/08/2006|21:59] C:\Program Files\Microsoft.NET
    [04/12/2008|00:12] C:\Program Files\Motorola
    [04/12/2008|00:14] C:\Program Files\Motorola Phone Tools
    [07/09/2008|21:37] C:\Program Files\Movie Maker
    [08/12/2008|10:21] C:\Program Files\Mozilla Firefox
    [26/08/2006|18:24] C:\Program Files\MSN
    [26/08/2006|18:26] C:\Program Files\MSN Gaming Zone
    [14/01/2008|20:23] C:\Program Files\MSN Messenger
    [26/08/2006|18:29] C:\Program Files\NetMeeting
    [07/09/2008|21:37] C:\Program Files\Outlook Express
    [21/05/2007|17:33] C:\Program Files\QuickTime
    [22/09/2007|02:19] C:\Program Files\Raveille
    [03/12/2008|22:55] C:\Program Files\Samsung
    [15/02/2008|10:39] C:\Program Files\Skype
    [06/11/2006|00:18] C:\Program Files\Smart Panel
    [13/09/2006|15:58] C:\Program Files\SuperCopier2
    [05/12/2008|10:51] C:\Program Files\Symantec
    [05/12/2008|10:51] C:\Program Files\Symantec AntiVirus
    [28/11/2008|13:03] C:\Program Files\Trend Micro
    [26/08/2006|18:44] C:\Program Files\Uninstall Information
    [26/08/2006|20:34] C:\Program Files\VideoLAN
    [16/11/2007|17:09] C:\Program Files\WinASPI
    [02/03/2007|19:10] C:\Program Files\Windows Media Player
    [26/08/2006|18:25] C:\Program Files\Windows NT
    [26/08/2006|18:31] C:\Program Files\WindowsUpdate
    [11/07/2007|11:14] C:\Program Files\WinRAR
    [20/09/2007|21:58] C:\Program Files\WinZip
    [26/08/2006|18:36] C:\Program Files\xerox
    [17/11/2008|22:55] C:\Program Files\Zylom Games

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [11/09/2006|11:25] C:\Program Files\Fichiers communs\Adobe
    [29/11/2006|22:38] C:\Program Files\Fichiers communs\Ahead
    [22/10/2007|22:06] C:\Program Files\Fichiers communs\ArcSoft
    [07/11/2008|14:39] C:\Program Files\Fichiers communs\AVSMedia
    [28/08/2006|22:00] C:\Program Files\Fichiers communs\DESIGNER
    [04/07/2007|19:19] C:\Program Files\Fichiers communs\DirectX
    [02/12/2006|02:01] C:\Program Files\Fichiers communs\GTK
    [26/08/2006|19:04] C:\Program Files\Fichiers communs\InstallShield
    [16/11/2007|13:14] C:\Program Files\Fichiers communs\Java
    [30/08/2008|12:05] C:\Program Files\Fichiers communs\Microsoft Shared
    [18/07/2007|18:15] C:\Program Files\Fichiers communs\Motorola Shared
    [26/08/2006|18:29] C:\Program Files\Fichiers communs\MSSoap
    [26/08/2006|20:14] C:\Program Files\Fichiers communs\ODBC
    [17/09/2007|16:05] C:\Program Files\Fichiers communs\Real
    [26/08/2006|18:29] C:\Program Files\Fichiers communs\Services
    [15/02/2008|10:39] C:\Program Files\Fichiers communs\Skype
    [13/10/2006|16:43] C:\Program Files\Fichiers communs\snpstd
    [26/08/2006|20:14] C:\Program Files\Fichiers communs\SpeechEngines
    [05/12/2008|10:52] C:\Program Files\Fichiers communs\Symantec Shared
    [28/08/2006|21:59] C:\Program Files\Fichiers communs\System

    --------------------\\ Process

    ( 35 Processes )

    iexplore.exe ~ [PID:648]

    --------------------\\ Recherche avec S_Lop

    C:\DOCUME~1\fish\APPLIC~1\CASTTH~1
    C:\DOCUME~1\fish\APPLIC~1\CASTTH~1\daqsdqmb.exe
    C:\DOCUME~1\fish\APPLIC~1\CASTTH~1\ejlertzs.exe
    C:\DOCUME~1\fish\APPLIC~1\CASTTH~1\hilnbaez.exe
    C:\DOCUME~1\fish\APPLIC~1\CASTTH~1\qdaoqadr.exe

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Jump Poll Poke Mp3
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Jump Poll Poke Mp3\Comp barb.exe
    C:\DOCUME~1\fish\APPLIC~1\castth~1
    C:\DOCUME~1\fish\APPLIC~1\castth~1\daqsdqmb.exe
    C:\DOCUME~1\fish\APPLIC~1\castth~1\ejlertzs.exe
    C:\DOCUME~1\fish\APPLIC~1\castth~1\hilnbaez.exe
    C:\DOCUME~1\fish\APPLIC~1\castth~1\qdaoqadr.exe
    C:\DOCUME~1\fish\APPLIC~1\Bitdownload
    C:\DOCUME~1\fish\APPLIC~1\BitDownload
    C:\DOCUME~1\fish\APPLIC~1\BitDownload\BitDownload.ini
    C:\DOCUME~1\fish\APPLIC~1\BitDownload\btdht.dat
    C:\DOCUME~1\fish\APPLIC~1\BitDownload\DHTLog.txt
    C:\DOCUME~1\fish\APPLIC~1\BitDownload\lib.vcs
    C:\DOCUME~1\fish\APPLIC~1\BitDownload\PlayLists
    C:\DOCUME~1\fish\APPLIC~1\BitDownload\RoutingTree.bin
    C:\DOCUME~1\fish\APPLIC~1\BitDownload\search.ini
    C:\DOCUME~1\fish\APPLIC~1\BitDownload\Shared.dat
    C:\DOCUME~1\fish\APPLIC~1\BitDownload\ShareHistory.dat
    C:\DOCUME~1\fish\APPLIC~1\BitDownload\SPK.bin
    C:\DOCUME~1\fish\APPLIC~1\BitDownload\Storage
    C:\DOCUME~1\fish\APPLIC~1\BitDownload\Torrents
    C:\DOCUME~1\fish\APPLIC~1\BitDownload\trdnld.vcs
    C:\DOCUME~1\fish\APPLIC~1\BitDownload\trupld.vcs
    C:\DOCUME~1\fish\APPLIC~1\BitDownload\URLs.ini
    C:\DOCUME~1\fish\Cookies\fish@advertising[2].txt
    C:\DOCUME~1\fish\Cookies\fish@bigpoint[1].txt
    C:\DOCUME~1\fish\Cookies\fish@fr.xblaster.bigpoint[1].txt
    C:\DOCUME~1\fish\Cookies\fish@banner.cotedazurpalace[2].txt
    C:\DOCUME~1\fish\Cookies\fish@cotedazurpalace[2].txt
    C:\DOCUME~1\fish\Cookies\fish@www.cotedazurpalace[1].txt
    C:\DOCUME~1\fish\Cookies\fish@adopt.euroclick[2].txt
    C:\DOCUME~1\fish\Cookies\fish@pacificpoker[2].txt
    C:\DOCUME~1\fish\Cookies\fish@partygaming.122.2o7[1].txt
    C:\DOCUME~1\fish\Cookies\fish@partypoker[2].txt
    C:\DOCUME~1\fish\Cookies\fish@banner.32vegas[2].txt
    C:\WINDOWS\Tasks\B58794719CB01095.job

    --------------------\\ Verification du Registre

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\warn 2 heart]
    "DisplayName"="CiD Help"
    "UninstallString"="C:\\DOCUME~1\\fish\\APPLIC~1\\CASTTH~1\\4 defy time.exe -uninstall"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "poke mp3 cdrom meta"="C:\\Documents and Settings\\All Users\\Application Data\\Jump Poll Poke Mp3\\Comp barb.exe"

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE


    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-08 10:24:07
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 1008

    --------------------\\ Recherche d'autres infections


    Aucune autre infection trouvée !

    [F:45][D:9]-> C:\DOCUME~1\fish\LOCALS~1\Temp
    [F:98][D:0]-> C:\DOCUME~1\fish\Cookies
    [F:1660][D:4]-> C:\DOCUME~1\fish\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 08/12/2008|10:27 - Option : [1]

    --------------------\\ Fin du rapport a 10:27:29
    a b 8 Sécurité
    8 Décembre 2008 17:12:24

    Retente l'option 2.
    8 Décembre 2008 20:43:02

    ok le rapport après option 2:


    --------------------\\ Lop S&D 4.2.4-9c XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
    BIOS : BIOS Date: 08/04/05 22:35:07 Ver: 08.00.09
    USER : fish ( Administrator )
    BOOT : Normal boot
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:16 Go (Free:3 Go)
    D:\ (CD or DVD)
    F:\ (Local Disk) - NTFS - Total:29 Go (Free:5 Go)
    G:\ (Local Disk) - NTFS - Total:48 Go (Free:1 Go)
    H:\ (Local Disk) - NTFS - Total:36 Go (Free:0 Go)
    J:\ (CD or DVD)

    "C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
    Option : [2] ( 08/12/2008|20:29 )


    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Jump Poll Poke Mp3\Comp barb.exe
    Supprime! - C:\DOCUME~1\fish\APPLIC~1\castth~1\daqsdqmb.exe
    Supprime! - C:\DOCUME~1\fish\APPLIC~1\castth~1\ejlertzs.exe
    Supprime! - C:\DOCUME~1\fish\APPLIC~1\castth~1\hilnbaez.exe
    Supprime! - C:\DOCUME~1\fish\APPLIC~1\castth~1\qdaoqadr.exe
    Supprime! - C:\DOCUME~1\fish\APPLIC~1\BitDownload\BitDownload.ini
    Supprime! - C:\DOCUME~1\fish\APPLIC~1\BitDownload\btdht.dat
    Supprime! - C:\DOCUME~1\fish\APPLIC~1\BitDownload\DHTLog.txt
    Supprime! - C:\DOCUME~1\fish\APPLIC~1\BitDownload\lib.vcs
    Supprime! - C:\DOCUME~1\fish\APPLIC~1\BitDownload\PlayLists
    Supprime! - C:\DOCUME~1\fish\APPLIC~1\BitDownload\RoutingTree.bin
    Supprime! - C:\DOCUME~1\fish\APPLIC~1\BitDownload\search.ini
    Supprime! - C:\DOCUME~1\fish\APPLIC~1\BitDownload\Shared.dat
    Supprime! - C:\DOCUME~1\fish\APPLIC~1\BitDownload\ShareHistory.dat
    Supprime! - C:\DOCUME~1\fish\APPLIC~1\BitDownload\SPK.bin
    Supprime! - C:\DOCUME~1\fish\APPLIC~1\BitDownload\Storage
    Supprime! - C:\DOCUME~1\fish\APPLIC~1\BitDownload\Torrents
    Supprime! - C:\DOCUME~1\fish\APPLIC~1\BitDownload\trdnld.vcs
    Supprime! - C:\DOCUME~1\fish\APPLIC~1\BitDownload\trupld.vcs
    Supprime! - C:\DOCUME~1\fish\APPLIC~1\BitDownload\URLs.ini
    Supprime! - C:\DOCUME~1\fish\Cookies\fish@advertising[2].txt
    Supprime! - C:\DOCUME~1\fish\Cookies\fish@bigpoint[1].txt
    Supprime! - C:\DOCUME~1\fish\Cookies\fish@fr.xblaster.bigpoint[1].txt
    Supprime! - C:\DOCUME~1\fish\Cookies\fish@banner.cotedazurpalace[2].txt
    Supprime! - C:\DOCUME~1\fish\Cookies\fish@cotedazurpalace[2].txt
    Supprime! - C:\DOCUME~1\fish\Cookies\fish@www.cotedazurpalace[1].txt
    Supprime! - C:\DOCUME~1\fish\Cookies\fish@adopt.euroclick[2].txt
    Supprime! - C:\DOCUME~1\fish\Cookies\fish@partygaming.122.2o7[1].txt
    Supprime! - C:\DOCUME~1\fish\Cookies\fish@partypoker[2].txt
    Supprime! - C:\DOCUME~1\fish\Cookies\fish@banner.32vegas[2].txt
    Supprime! - C:\WINDOWS\Tasks\B58794719CB01095.job
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Jump Poll Poke Mp3
    Supprime! - C:\DOCUME~1\fish\APPLIC~1\castth~1
    Supprime! - C:\DOCUME~1\fish\APPLIC~1\Bitdownload

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    --------------------\\ Listing des dossiers dans APPLIC~1

    [23/02/2007|16:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [17/09/2007|15:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [31/08/2006|19:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
    [06/08/2008|13:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
    [16/01/2008|02:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
    [28/04/2007|00:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
    [04/08/2008|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
    [04/10/2008|17:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GameHouse
    [16/11/2007|13:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [07/12/2008|22:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [13/10/2006|16:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [28/08/2007|15:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NFS Underground
    [26/08/2006|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
    [15/02/2008|10:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    [31/10/2008|17:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [05/12/2008|10:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    [22/01/2008|00:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [15/07/2007|23:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\That Dvd User Bias
    [06/11/2006|00:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
    [17/01/2008|16:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

    [26/08/2006|18:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [06/08/2008|13:33] C:\DOCUME~1\fish\APPLIC~1\AccurateRip
    [09/12/2007|23:14] C:\DOCUME~1\fish\APPLIC~1\Adobe
    [23/02/2007|17:01] C:\DOCUME~1\fish\APPLIC~1\AdobeUM
    [21/05/2007|17:38] C:\DOCUME~1\fish\APPLIC~1\Apple Computer
    [22/10/2007|22:08] C:\DOCUME~1\fish\APPLIC~1\ArcSoft
    [06/08/2008|13:45] C:\DOCUME~1\fish\APPLIC~1\AVS4YOU
    [27/02/2007|11:52] C:\DOCUME~1\fish\APPLIC~1\DivX
    [15/11/2008|17:08] C:\DOCUME~1\fish\APPLIC~1\dvdcss
    [30/11/2008|02:57] C:\DOCUME~1\fish\APPLIC~1\FileZilla
    [07/03/2007|19:29] C:\DOCUME~1\fish\APPLIC~1\Gearbox Software
    [07/01/2008|00:15] C:\DOCUME~1\fish\APPLIC~1\Google
    [26/08/2006|20:25] C:\DOCUME~1\fish\APPLIC~1\Help
    [17/11/2008|22:57] C:\DOCUME~1\fish\APPLIC~1\Identities
    [28/04/2007|00:22] C:\DOCUME~1\fish\APPLIC~1\InstallShield
    [02/08/2008|17:53] C:\DOCUME~1\fish\APPLIC~1\LimeWire
    [01/09/2006|11:13] C:\DOCUME~1\fish\APPLIC~1\Macromedia
    [07/12/2008|22:10] C:\DOCUME~1\fish\APPLIC~1\Malwarebytes
    [12/11/2007|15:46] C:\DOCUME~1\fish\APPLIC~1\Media Player Classic
    [04/12/2008|00:31] C:\DOCUME~1\fish\APPLIC~1\Microsoft
    [29/08/2008|07:24] C:\DOCUME~1\fish\APPLIC~1\Mozilla
    [06/09/2008|14:22] C:\DOCUME~1\fish\APPLIC~1\PlayFirst
    [17/09/2007|16:05] C:\DOCUME~1\fish\APPLIC~1\Real
    [04/12/2008|00:29] C:\DOCUME~1\fish\APPLIC~1\Samsung
    [02/06/2008|02:25] C:\DOCUME~1\fish\APPLIC~1\Skype
    [03/06/2008|23:06] C:\DOCUME~1\fish\APPLIC~1\skypePM
    [19/09/2006|15:03] C:\DOCUME~1\fish\APPLIC~1\Sun
    [15/06/2008|14:07] C:\DOCUME~1\fish\APPLIC~1\U3
    [23/07/2008|10:19] C:\DOCUME~1\fish\APPLIC~1\vlc
    [17/11/2008|22:57] C:\DOCUME~1\fish\APPLIC~1\Zylom

    [10/11/2007|19:58] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [31/08/2006|19:32] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [16/10/2006 13:06][--a------] C:\WINDOWS\tasks\PMCS_Wakeup632966043828906250.job
    [08/12/2008 20:26][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [28/08/2001 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [23/02/2007|16:55] C:\Program Files\Adobe
    [14/11/2008|21:33] C:\Program Files\adslTV
    [03/11/2006|21:12] C:\Program Files\Ahead
    [17/09/2008|16:32] C:\Program Files\Alcohol Soft
    [26/08/2006|18:53] C:\Program Files\Analog Devices
    [06/11/2006|00:31] C:\Program Files\ArcSoft
    [20/09/2006|17:26] C:\Program Files\ASUS
    [26/08/2006|19:03] C:\Program Files\ATI Technologies
    [03/12/2008|23:35] C:\Program Files\Avanquest update
    [27/02/2007|11:10] C:\Program Files\CCleaner
    [04/12/2008|00:13] C:\Program Files\Common Files
    [11/11/2007|15:07] C:\Program Files\EPSON
    [30/11/2008|11:29] C:\Program Files\Fichiers communs
    [15/11/2008|19:34] C:\Program Files\FileZilla FTP Client
    [18/01/2007|16:16] C:\Program Files\Free
    [01/06/2008|20:02] C:\Program Files\Freeplayer
    [24/11/2007|11:07] C:\Program Files\Google
    [13/12/2007|20:39] C:\Program Files\Haali
    [16/02/2007|15:28] C:\Program Files\HardwareDetection
    [22/10/2007|22:01] C:\Program Files\Hercules
    [03/12/2008|23:29] C:\Program Files\InstallShield Installation Information
    [26/08/2006|18:47] C:\Program Files\Intel
    [07/09/2008|21:37] C:\Program Files\Internet Explorer
    [02/08/2008|18:10] C:\Program Files\Java
    [07/12/2008|22:10] C:\Program Files\Malwarebytes' Anti-Malware
    [26/08/2006|18:56] C:\Program Files\Marvell
    [26/08/2006|18:26] C:\Program Files\Messenger
    [26/08/2006|18:36] C:\Program Files\microsoft frontpage
    [28/08/2006|22:00] C:\Program Files\Microsoft Office
    [28/08/2006|21:59] C:\Program Files\Microsoft.NET
    [04/12/2008|00:12] C:\Program Files\Motorola
    [04/12/2008|00:14] C:\Program Files\Motorola Phone Tools
    [07/09/2008|21:37] C:\Program Files\Movie Maker
    [08/12/2008|20:27] C:\Program Files\Mozilla Firefox
    [26/08/2006|18:24] C:\Program Files\MSN
    [26/08/2006|18:26] C:\Program Files\MSN Gaming Zone
    [14/01/2008|20:23] C:\Program Files\MSN Messenger
    [26/08/2006|18:29] C:\Program Files\NetMeeting
    [07/09/2008|21:37] C:\Program Files\Outlook Express
    [21/05/2007|17:33] C:\Program Files\QuickTime
    [22/09/2007|02:19] C:\Program Files\Raveille
    [03/12/2008|22:55] C:\Program Files\Samsung
    [15/02/2008|10:39] C:\Program Files\Skype
    [06/11/2006|00:18] C:\Program Files\Smart Panel
    [13/09/2006|15:58] C:\Program Files\SuperCopier2
    [05/12/2008|10:51] C:\Program Files\Symantec
    [05/12/2008|10:51] C:\Program Files\Symantec AntiVirus
    [28/11/2008|13:03] C:\Program Files\Trend Micro
    [26/08/2006|18:44] C:\Program Files\Uninstall Information
    [26/08/2006|20:34] C:\Program Files\VideoLAN
    [16/11/2007|17:09] C:\Program Files\WinASPI
    [02/03/2007|19:10] C:\Program Files\Windows Media Player
    [26/08/2006|18:25] C:\Program Files\Windows NT
    [26/08/2006|18:31] C:\Program Files\WindowsUpdate
    [11/07/2007|11:14] C:\Program Files\WinRAR
    [20/09/2007|21:58] C:\Program Files\WinZip
    [26/08/2006|18:36] C:\Program Files\xerox
    [17/11/2008|22:55] C:\Program Files\Zylom Games

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [11/09/2006|11:25] C:\Program Files\Fichiers communs\Adobe
    [29/11/2006|22:38] C:\Program Files\Fichiers communs\Ahead
    [22/10/2007|22:06] C:\Program Files\Fichiers communs\ArcSoft
    [07/11/2008|14:39] C:\Program Files\Fichiers communs\AVSMedia
    [28/08/2006|22:00] C:\Program Files\Fichiers communs\DESIGNER
    [04/07/2007|19:19] C:\Program Files\Fichiers communs\DirectX
    [02/12/2006|02:01] C:\Program Files\Fichiers communs\GTK
    [26/08/2006|19:04] C:\Program Files\Fichiers communs\InstallShield
    [16/11/2007|13:14] C:\Program Files\Fichiers communs\Java
    [30/08/2008|12:05] C:\Program Files\Fichiers communs\Microsoft Shared
    [18/07/2007|18:15] C:\Program Files\Fichiers communs\Motorola Shared
    [26/08/2006|18:29] C:\Program Files\Fichiers communs\MSSoap
    [26/08/2006|20:14] C:\Program Files\Fichiers communs\ODBC
    [17/09/2007|16:05] C:\Program Files\Fichiers communs\Real
    [26/08/2006|18:29] C:\Program Files\Fichiers communs\Services
    [15/02/2008|10:39] C:\Program Files\Fichiers communs\Skype
    [13/10/2006|16:43] C:\Program Files\Fichiers communs\snpstd
    [26/08/2006|20:14] C:\Program Files\Fichiers communs\SpeechEngines
    [05/12/2008|10:52] C:\Program Files\Fichiers communs\Symantec Shared
    [28/08/2006|21:59] C:\Program Files\Fichiers communs\System

    --------------------\\ Process

    ( 28 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\DOCUME~1\fish\Cookies\fish@pacificpoker[1].txt

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE


    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-08 20:30:33
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 1008

    --------------------\\ Recherche d'autres infections


    Aucune autre infection trouvée !

    [F:46][D:9]-> C:\DOCUME~1\fish\LOCALS~1\Temp
    [F:88][D:0]-> C:\DOCUME~1\fish\Cookies
    [F:1668][D:4]-> C:\DOCUME~1\fish\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 08/12/2008|10:27 - Option : [1]
    2 - "C:\Lop SD\LopR_2.txt" - 08/12/2008|20:33 - Option : [2]

    --------------------\\ Fin du rapport a 20:33:55




    et le rapport hijack:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:38:03, on 08/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\CameraFixer.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/firefox
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {7496feb8-2ed9-48e8-82dd-33d5ddd7f5b6} - C:\WINDOWS\system32\pinofivu.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [koruralare] Rundll32.exe "C:\WINDOWS\system32\dasabisi.dll",s
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKUS\S-1-5-19\..\Run: [koruralare] Rundll32.exe "C:\WINDOWS\system32\dasabisi.dll",s (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [koruralare] Rundll32.exe "C:\WINDOWS\system32\dasabisi.dll",s (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .3gp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for .mpe: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E791CBED-F675-42D2-AD17-AE9709E227F3}: NameServer = 212.27.54.252,212.27.53.252
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: , ,C:\WINDOWS\system32\dasabisi.dll
    O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 5589 bytes


    J'ai également fait le ménage sur le dd avec un tuto hyper précis (de toi je crois)
    je défragmente régulièrement et j'utilise cc cleaner aussi.
    Me reste une question, quel antivirus utiliser? jusque la le mien (symantec, un norton pour pro que m'avait conseiller un pote informaticien) marchait bien.
    Merci de ton aide
    a b 8 Sécurité
    8 Décembre 2008 20:45:38

    Avant de répondre à ces questions. Refais un scan Combofix.
    8 Décembre 2008 22:16:30

    ComboFix 08-12-07.01 - fish 2008-12-08 22:01:31.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1637 [GMT 1:00]
    Lancé depuis: c:\documents and settings\fish\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\ekilokah.ini
    c:\windows\system32\huzivewe.dll
    c:\windows\system32\jebodoma.dll
    c:\windows\system32\nukiyofi.dll
    c:\windows\system32\pinofivu.dll
    c:\windows\system32\sihosido.dll
    c:\windows\system32\vegozadi.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-08 au 2008-12-08 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-08 10:22 . 2008-12-08 20:33 <REP> d-------- C:\Lop SD
    2008-12-07 22:10 . 2008-12-07 22:10 <REP> d-------- c:\documents and settings\fish\Application Data\Malwarebytes
    2008-12-07 22:10 . 2008-12-07 22:10 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-12-07 22:10 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-07 22:10 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-12-07 22:09 . 2008-12-07 22:10 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-12-04 00:29 . 2008-12-04 00:29 <REP> d-------- c:\documents and settings\fish\Application Data\Samsung
    2008-12-04 00:13 . 2008-12-04 00:13 <REP> d-------- c:\program files\Common Files
    2008-12-04 00:12 . 2008-12-04 00:12 <REP> d-------- c:\program files\Motorola
    2008-12-03 23:35 . 2008-12-03 23:35 <REP> d-------- c:\program files\Avanquest update
    2008-12-03 22:58 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll
    2008-12-03 22:57 . 2008-12-03 22:58 <REP> d-------- c:\windows\system32\Samsung_USB_Drivers
    2008-12-03 22:57 . 2007-07-03 16:58 106,792 --a------ c:\windows\system32\drivers\sscdmdm.sys
    2008-12-03 22:57 . 2007-07-03 16:54 80,552 --a------ c:\windows\system32\drivers\sscdbus.sys
    2008-12-03 22:57 . 2007-07-03 16:57 11,944 --a------ c:\windows\system32\drivers\sscdmdfl.sys
    2008-12-03 22:57 . 2007-07-03 17:00 9,256 --a------ c:\windows\system32\drivers\sscdwhnt.sys
    2008-12-03 22:57 . 2007-07-03 17:00 9,256 --a------ c:\windows\system32\drivers\sscdwh.sys
    2008-12-03 22:57 . 2007-07-03 16:56 9,256 --a------ c:\windows\system32\drivers\sscdcmnt.sys
    2008-12-03 22:57 . 2007-07-03 16:56 9,256 --a------ c:\windows\system32\drivers\sscdcm.sys
    2008-12-03 22:57 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico
    2008-12-03 22:56 . 2008-12-03 23:17 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys
    2008-12-03 22:55 . 2008-12-03 22:55 <REP> d-------- c:\program files\Samsung
    2008-12-01 23:24 . 2003-10-09 19:38 141,824 --a------ c:\windows\system32\ClientCpl.cpl
    2008-12-01 23:24 . 2003-09-26 16:40 51,584 --a------ c:\windows\system32\drivers\RT2400.sys
    2008-12-01 23:24 . 2002-09-09 19:54 16,269 --a------ c:\windows\system32\ASNDIS5.sys
    2008-12-01 23:24 . 2001-04-16 05:48 15,577 --a------ c:\windows\system32\ASNDIS3.vxd
    2008-11-28 13:03 . 2008-11-28 13:03 <REP> d-------- c:\program files\Trend Micro
    2008-11-17 22:55 . 2008-11-17 22:55 <REP> d-------- c:\program files\Zylom Games

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-05 09:52 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
    2008-12-05 09:51 --------- d-----w c:\program files\Symantec AntiVirus
    2008-12-05 09:51 --------- d-----w c:\program files\Symantec
    2008-12-05 09:51 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
    2008-12-03 23:14 --------- d-----w c:\program files\Motorola Phone Tools
    2008-12-03 22:29 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-11-30 01:57 --------- d-----w c:\documents and settings\fish\Application Data\FileZilla
    2008-11-17 21:57 --------- d-----w c:\documents and settings\fish\Application Data\Zylom
    2008-11-15 18:34 --------- d-----w c:\program files\FileZilla FTP Client
    2008-11-15 16:08 --------- d-----w c:\documents and settings\fish\Application Data\dvdcss
    2008-11-14 20:33 --------- d-----w c:\program files\adslTV
    2008-11-07 13:39 --------- d-----w c:\program files\Fichiers communs\AVSMedia
    2008-10-31 16:46 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-02-15 09:40 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
    2007-04-29 13:33 92,064 ----a-w c:\documents and settings\fish\mqdmmdm.sys
    2007-04-29 13:33 9,232 ----a-w c:\documents and settings\fish\mqdmmdfl.sys
    2007-04-29 13:33 79,328 ----a-w c:\documents and settings\fish\mqdmserd.sys
    2007-04-29 13:33 66,656 ----a-w c:\documents and settings\fish\mqdmbus.sys
    2007-04-29 13:33 6,208 ----a-w c:\documents and settings\fish\mqdmcmnt.sys
    2007-04-29 13:33 5,936 ----a-w c:\documents and settings\fish\mqdmwhnt.sys
    2007-04-29 13:33 4,048 ----a-w c:\documents and settings\fish\mqdmcr.sys
    2007-04-29 13:33 25,600 ----a-w c:\documents and settings\fish\usbsermptxp.sys
    2007-04-29 13:33 22,768 ----a-w c:\documents and settings\fish\usbsermpt.sys
    2005-05-13 15:12 217,073 -csha-r c:\windows\meta4.exe
    2005-10-24 09:13 66,560 -csha-r c:\windows\MOTA113.exe
    2005-10-13 19:27 422,400 -csha-r c:\windows\x2.64.exe
    2005-10-07 17:14 308,224 -csha-r c:\windows\system32\avisynth.dll
    2005-07-14 10:31 27,648 -csha-r c:\windows\system32\AVSredirect.dll
    2005-06-26 13:32 616,448 -csha-r c:\windows\system32\cygwin1.dll
    2005-06-21 20:37 45,568 -csha-r c:\windows\system32\cygz.dll
    2004-01-24 22:00 70,656 -csha-r c:\windows\system32\i420vfw.dll
    2006-04-27 08:24 2,945,024 -csha-r c:\windows\system32\Smab.dll
    2005-02-28 11:16 240,128 -csha-r c:\windows\system32\x.264.exe
    2004-01-25 17:18 70,656 --sha-w c:\windows\system32\yv12vfw.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-11-30_11.44.12.14 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-12-03 23:13:03 22,486 ----a-r c:\windows\Installer\{922D9CCA-4317-425F-9AA5-94829DF8BA6D}\_6FEFF9B68218417F98F549.exe
    + 2008-12-03 23:13:03 22,486 ----a-r c:\windows\Installer\{922D9CCA-4317-425F-9AA5-94829DF8BA6D}\_768193AF48B27FC9C5F817.exe
    + 2008-12-03 23:13:03 22,486 ----a-r c:\windows\Installer\{922D9CCA-4317-425F-9AA5-94829DF8BA6D}\_C8733E494AEB6988C093CB.exe
    - 2006-08-26 17:42:45 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2008-12-07 11:12:15 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2006-08-26 17:42:45 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2008-12-07 11:12:15 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    - 2006-08-26 17:42:45 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-12-07 11:12:15 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2008-07-18 20:10:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll
    + 2008-10-16 13:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
    - 2008-07-18 20:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll
    + 2008-10-16 13:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
    - 2008-07-18 20:10:42 68,808 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
    + 2008-10-16 13:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
    - 2008-07-18 20:09:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
    + 2008-10-16 13:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
    - 2008-07-18 20:09:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll
    + 2008-10-16 13:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
    - 2008-07-18 20:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll
    + 2008-10-16 13:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
    - 2008-07-18 20:09:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll
    + 2008-10-16 13:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
    + 2008-08-21 17:49:22 18,688 -c--a-w c:\windows\system32\DRVSTORE\motccgp_4B8D9AB3A82A683595609FFF880F0EDF6139A96D\motccgp.sys
    + 2008-08-21 17:49:56 8,320 -c--a-w c:\windows\system32\DRVSTORE\motccgp_4B8D9AB3A82A683595609FFF880F0EDF6139A96D\motccgpfl.sys
    + 2007-11-02 14:51:28 6,400 -c--a-w c:\windows\system32\DRVSTORE\motccgp_4B8D9AB3A82A683595609FFF880F0EDF6139A96D\motswch.sys
    + 2006-11-13 14:45:54 1,419,232 -c--a-w c:\windows\system32\DRVSTORE\motccgp_4B8D9AB3A82A683595609FFF880F0EDF6139A96D\wdfcoinstaller01005.dll
    + 2007-06-18 14:18:26 23,680 -c--a-w c:\windows\system32\DRVSTORE\motmodem_8AAFC1213735C79BDDFE23749C53BFC0F01512CA\motmodem.sys
    + 2006-11-13 14:45:54 1,419,232 -c--a-w c:\windows\system32\DRVSTORE\motmodem_8AAFC1213735C79BDDFE23749C53BFC0F01512CA\wdfcoinstaller01005.dll
    + 2006-07-28 07:10:08 6,144 -c--a-w c:\windows\system32\DRVSTORE\motodrv_EBD40518FA36F6DD08A0EAF14AED13D857D9FFFC\mot_ci.dll
    + 2007-10-10 16:41:50 42,112 -c--a-w c:\windows\system32\DRVSTORE\motodrv_EBD40518FA36F6DD08A0EAF14AED13D857D9FFFC\motodrv.sys
    + 2007-01-23 21:36:20 6,016 -c--a-w c:\windows\system32\DRVSTORE\motousbnet_45605EBE166919E5AE82CE7DE5B7BB04045B4427\motfilt.sys
    + 2008-03-03 15:03:10 23,296 -c--a-w c:\windows\system32\DRVSTORE\motousbnet_45605EBE166919E5AE82CE7DE5B7BB04045B4427\Motousbnet.sys
    + 2007-11-02 14:51:28 6,400 -c--a-w c:\windows\system32\DRVSTORE\motousbnet_45605EBE166919E5AE82CE7DE5B7BB04045B4427\motswch.sys
    + 2006-11-13 14:45:54 1,419,232 -c--a-w c:\windows\system32\DRVSTORE\motousbnet_45605EBE166919E5AE82CE7DE5B7BB04045B4427\wdfcoinstaller01005.dll
    + 2007-06-18 14:18:26 23,680 -c--a-w c:\windows\system32\DRVSTORE\motport_50487F381F70FF5572305B1B459E22B860F1D8C7\motport.sys
    + 2006-11-13 14:45:54 1,419,232 -c--a-w c:\windows\system32\DRVSTORE\motport_50487F381F70FF5572305B1B459E22B860F1D8C7\wdfcoinstaller01005.dll
    - 2008-09-08 04:00:09 204,920 ----a-w c:\windows\system32\FNTCACHE.DAT
    + 2008-12-05 08:40:14 204,920 ----a-w c:\windows\system32\FNTCACHE.DAT
    + 2003-04-18 15:46:22 1,233,920 ----a-w c:\windows\system32\msxml4.dll
    + 2003-04-18 15:29:26 82,432 ----a-w c:\windows\system32\msxml4r.dll
    - 2008-10-26 16:51:22 52,880 ----a-w c:\windows\system32\perfc009.dat
    + 2008-12-08 09:58:23 52,880 ----a-w c:\windows\system32\perfc009.dat
    - 2008-10-26 16:51:23 63,762 ----a-w c:\windows\system32\perfc00C.dat
    + 2008-12-08 09:58:23 63,762 ----a-w c:\windows\system32\perfc00C.dat
    - 2008-10-26 16:51:23 380,658 ----a-w c:\windows\system32\perfh009.dat
    + 2008-12-08 09:58:23 380,658 ----a-w c:\windows\system32\perfh009.dat
    - 2008-10-26 16:51:23 445,394 ----a-w c:\windows\system32\perfh00C.dat
    + 2008-12-08 09:58:23 445,394 ----a-w c:\windows\system32\perfh00C.dat
    + 2007-05-02 10:11:16 83,592 ----a-w c:\windows\system32\Samsung_USB_Drivers\1\i386\ss_bus.sys
    + 2007-05-02 10:11:16 12,424 ----a-w c:\windows\system32\Samsung_USB_Drivers\1\i386\ss_cmnt.sys
    + 2007-05-02 10:11:18 15,112 ----a-w c:\windows\system32\Samsung_USB_Drivers\1\i386\ss_mdfl.sys
    + 2007-05-02 10:11:18 109,704 ----a-w c:\windows\system32\Samsung_USB_Drivers\1\i386\ss_mdm.sys
    + 2007-05-02 10:11:18 12,424 ----a-w c:\windows\system32\Samsung_USB_Drivers\1\i386\ss_whnt.sys
    + 2007-05-02 10:11:12 72,968 ----a-w c:\windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
    + 2007-05-02 10:12:34 83,592 ----a-w c:\windows\system32\Samsung_USB_Drivers\2\i386\ssm_bus.sys
    + 2007-05-02 10:12:34 12,424 ----a-w c:\windows\system32\Samsung_USB_Drivers\2\i386\ssm_cmnt.sys
    + 2007-05-02 10:12:36 15,112 ----a-w c:\windows\system32\Samsung_USB_Drivers\2\i386\ssm_mdfl.sys
    + 2007-05-02 10:12:36 109,704 ----a-w c:\windows\system32\Samsung_USB_Drivers\2\i386\ssm_mdm.sys
    + 2007-05-02 10:12:36 12,424 ----a-w c:\windows\system32\Samsung_USB_Drivers\2\i386\ssm_whnt.sys
    + 2007-05-02 10:12:28 72,968 ----a-w c:\windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
    + 2007-07-03 15:54:24 80,552 ----a-w c:\windows\system32\Samsung_USB_Drivers\3\i386\sscdbus.sys
    + 2007-07-03 15:56:00 9,256 ----a-w c:\windows\system32\Samsung_USB_Drivers\3\i386\sscdcmnt.sys
    + 2007-07-03 15:57:24 11,944 ----a-w c:\windows\system32\Samsung_USB_Drivers\3\i386\sscdmdfl.sys
    + 2007-07-03 15:58:20 106,792 ----a-w c:\windows\system32\Samsung_USB_Drivers\3\i386\sscdmdm.sys
    + 2007-07-03 15:59:10 86,824 ----a-w c:\windows\system32\Samsung_USB_Drivers\3\i386\sscdserd.sys
    + 2007-07-03 16:00:16 9,256 ----a-w c:\windows\system32\Samsung_USB_Drivers\3\i386\sscdwhnt.sys
    + 2007-07-03 15:53:24 70,824 ----a-w c:\windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
    + 2007-07-05 11:37:34 83,456 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\i386\sssdbus.sys
    + 2007-07-05 11:37:34 12,160 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\i386\sssdcmnt.sys
    + 2007-07-05 11:37:34 14,848 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\i386\sssdmdfl.sys
    + 2007-07-05 11:37:34 109,696 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\i386\sssdmdm.sys
    + 2007-07-05 11:37:34 103,808 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\i386\sssdmgmt.sys
    + 2007-07-05 11:37:36 99,712 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\i386\sssdobex.sys
    + 2007-07-05 11:37:36 12,160 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\i386\sssdwhnt.sys
    + 2007-07-19 08:44:10 70,904 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
    + 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
    + 2008-10-16 13:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
    + 2008-12-03 23:12:52 1,230,336 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
    + 2008-12-03 23:12:55 82,432 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
    .
    -- Instantané actualisé --
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7496feb8-2ed9-48e8-82dd-33d5ddd7f5b6}]
    c:\windows\system32\pinofivu.dll [BU]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 335872]
    "CameraFixer"="c:\windows\CameraFixer.exe" [2005-12-06 20480]
    "EPSON Stylus Photo RX420 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 98304]
    "koruralare"="c:\windows\system32\dasabisi.dll" [BU]
    "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-19 160768]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

    c:\documents and settings\fish\Menu D‚marrer\Programmes\D‚marrage\
    RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"= , ,c:\windows\system32\dasabisi.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.FFDS"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^fish^Menu Démarrer^Programmes^Démarrage^TransBar.lnk]
    path=c:\documents and settings\fish\Menu Démarrer\Programmes\Démarrage\TransBar.lnk
    backup=c:\windows\pss\TransBar.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^fish^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk]
    path=c:\documents and settings\fish\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk
    backup=c:\windows\pss\UberIcon.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^fish^Menu Démarrer^Programmes^Démarrage^Y'z Shadow.lnk]
    path=c:\documents and settings\fish\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk
    backup=c:\windows\pss\Y'z Shadow.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-04-27 08:41 282624 c:\program files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
    --a------ 2005-10-11 12:54 339968 c:\windows\vsnpstd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-02-22 04:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "f:\\eMule\\emule.exe"=
    "c:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\adslTV\\adsltv.exe"=
    "c:\\Program Files\\adslTV\\vlc.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6346:TCP"= 6346:TCP:*:D isabled:shareaza
    "6346:UDP"= 6346:UDP:*:D isabled:shareaza
    "3389:TCP"= 3389:TCP:*:D isabled:@xpsp2res.dll,-22009
    "12215:TCP"= 12215:TCP:p ort client
    "12225:UDP"= 12225:UDP:p ort client
    "14733:TCP"= 14733:TCP:*:D isabled:shareaza
    "53852:TCP"= 53852:TCP:ml
    "61962:UDP"= 61962:UDP:mp
    "23907:TCP"= 23907:TCP:hjghh
    "54523:UDP"= 54523:UDP:jhiu
    "7561:TCP"= 7561:TCP:vcc
    "7571:UDP"= 7571:UDP:gdds
    "6910:TCP"= 6910:TCP:D fvdv
    "53472:UDP"= 53472:UDP:vdfvdf
    "6558:TCP"= 6558:TCP:nklk
    "12063:UDP"= 12063:UDP:kmlok
    "6347:UDP"= 6347:UDP:gdbf

    R3 axsaki;axsaki;c:\windows\system32\DRIVERS\axsaki.sys [2003-03-30 102624]
    R3 axskbus;axskbus;c:\windows\system32\DRIVERS\axskbus.sys [2003-03-28 8640]
    R3 ovt530;Webcam Deluxe;c:\windows\system32\Drivers\ov530vid.sys [2007-10-22 161792]
    R3 RT2400;ASUS Wireless Driver;c:\windows\system32\DRIVERS\RT2400.sys [2008-12-01 51584]
    S3 ASNDIS5;ASNDIS5 Protocol Driver;\??\c:\windows\system32\ASNDIS5.SYS [2008-12-01 16269]
    S3 ASPI;Advanced SCSI Programming Interface Driver;\??\c:\windows\System32\DRIVERS\ASPI32.sys [2006-09-07 25244]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09431672-adc9-11dd-b93a-0015f215755d}]
    \Shell\AutoRun\command - WD_Windows_Tools\Setup.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2006-10-16 c:\windows\Tasks\PMCS_Wakeup632966043828906250.job
    - c:\program files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe []
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    Notify-NavLogon - (no file)
    MSConfigStartUp-poke mp3 cdrom meta - c:\documents and settings\All Users\Application Data\Jump Poll Poke Mp3\Comp barb.exe


    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/firefox
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: {E791CBED-F675-42D2-AD17-AE9709E227F3} = 212.27.54.252,212.27.53.252
    FireFox -: Profile - c:\documents and settings\fish\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/firefox
    FF -: plugin - c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    FF -: plugin - c:\program files\Mozilla Firefox\plugins\nphardwaredetection.dll
    FF -: plugin - c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-08 22:07:05
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mchInjDrv]
    "ImagePath"="\??\c:\docume~1\fish\LOCALS~1\Temp\mc21.tmp"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(964)
    c:\windows\system32\Ati2evxx.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\Analog Devices\SoundMAX\SMAgent.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-12-08 22:12:04 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-12-08 21:12:01
    ComboFix2.txt 2008-11-30 10:45:28

    Avant-CF: 3 977 789 440 octets libres
    Après-CF: 4,041,932,800 octets libres

    315
    a b 8 Sécurité
    9 Décembre 2008 12:34:31

    Re,

  • Fais un scan en ligne Kaspersky avec Internet Explorer :
  • Clique sur
  • Clique maintenant sur J'accepte.
  • Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
  • Patiente pendant l'installation des Mises à jour.
  • Choisis par la suite l'analyse du Poste de travail
  • Sauvegarde puis colle le rapport généré en fin d'analyse.

    AIDE : Tuto sur le scan en ligne

    NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
    9 Décembre 2008 20:42:33


    et voici


    KASPERSKY ON-LINE SCANNER REPORT
    Tuesday, December 09, 2008 8:40:58 PM
    Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version : 5.0.84.2
    Dernière mise à jour de la base antivirus Kaspersky : 9/12/2008
    Enregistrements dans la base antivirus Kaspersky : 1296887
    Paramètres d'analyse
    Analyser avec la base antivirus suivante standard
    Analyser les archives vrai
    Analyser les bases de messagerie vrai
    Cible de l'analyse Poste de travail
    A:\
    C:\
    D:\
    F:\
    G:\
    H:\
    J:\
    K:\
    Statistiques de l'analyse
    Total d'objets analysés 96314
    Nombre de virus trouvés 11
    Nombre d'objets infectés 34 / 0
    Nombre d'objets suspects 0
    Durée de l'analyse 02:35:14

    Nom de l'objet infecté Nom du virus Dernière action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\cert8.db L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\content-prefs.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\cookies.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\downloads.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\formhistory.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\key3.db L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\parent.lock L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\permissions.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\places.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\places.sqlite-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\search.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Application Data\Microsoft\Messenger\p2sn@hotmail.fr\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Application Data\Microsoft\Messenger\p2sn@hotmail.fr\SharingMetadata\pending.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Application Data\Microsoft\Messenger\p2sn@hotmail.fr\SharingMetadata\Working\database_AE08_9BE4_89B_A9BB\dfsr.db L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Application Data\Microsoft\Messenger\p2sn@hotmail.fr\SharingMetadata\Working\database_AE08_9BE4_89B_A9BB\fsr.log L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Application Data\Microsoft\Messenger\p2sn@hotmail.fr\SharingMetadata\Working\database_AE08_9BE4_89B_A9BB\fsrtmp.log L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Application Data\Microsoft\Messenger\p2sn@hotmail.fr\SharingMetadata\Working\database_AE08_9BE4_89B_A9BB\tmp.edb L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Application Data\Microsoft\Windows Live Contacts\p2sn@hotmail.fr\real\members.stg L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Application Data\Microsoft\Windows Live Contacts\p2sn@hotmail.fr\shadow\members.stg L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\urlclassifier3.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Historique\History.IE5\MSHist012008120920081210\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\temp\etilqs_cjkf1XaReAKdVo05kQ7k L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\temp\~DFEDEE.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\temp\~DFEE1A.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\temp\~DFF811.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\temp\~DFF82D.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\ntuser.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\ntuser.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Lop SD\Backup-Lop\DOCUME~1\ALLUSE~1\APPLIC~1\Jump Poll Poke Mp3\Comp barb.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\Lop SD\Backup-Lop\DOCUME~1\fish\APPLIC~1\CASTTH~1\daqsdqmb.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\Lop SD\Backup-Lop\DOCUME~1\fish\APPLIC~1\CASTTH~1\ejlertzs.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\Lop SD\Backup-Lop\DOCUME~1\fish\APPLIC~1\CASTTH~1\hilnbaez.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\Lop SD\Backup-Lop\DOCUME~1\fish\APPLIC~1\CASTTH~1\qdaoqadr.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0204182.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0204190.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0205198.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP801\A0208269.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP803\A0208340.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP803\A0209529.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP804\A0210786.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP805\A0210823.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP809\A0211956.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0212167.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0212551.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215614.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215661.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215679.dll Infecté : Trojan.Win32.Pakes.lqo ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215680.dll Infecté : Trojan.Win32.Pakes.lqr ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215683.dll Infecté : Trojan.Win32.Monder.xou ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215685.dll Infecté : Trojan.Win32.Monder.xow ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215686.dll Infecté : Backdoor.Win32.Delf.moi ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215689.dll Infecté : Trojan-GameThief.Win32.Magania.akfx ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215693.dll Infecté : Trojan.Win32.Pakes.kwr ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215695.dll Infecté : Trojan.Win32.Agent.agvb ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215701.dll Infecté : Trojan.Win32.Monder.xok ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215702.dll Infecté : Backdoor.Win32.Delf.moj ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215720.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215773.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215774.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215775.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215776.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215777.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP813\change.log L'objet est verrouillé ignoré
    C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
    C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
    C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
    C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
    C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
    F:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    G:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    H:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    Analyse terminée.
    10 Décembre 2008 00:11:14

    comme d'hab j'ai pas été jusqu'au bout du tuto, voici la verszion txt.:

    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Wednesday, December 10, 2008 12:08:49 AM
    Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version : 5.0.84.2
    Dernière mise à jour de la base antivirus Kaspersky : 9/12/2008
    Enregistrements dans la base antivirus Kaspersky : 1296887
    -------------------------------------------------------------------------------

    Paramètres d'analyse:
    Analyser avec la base antivirus suivante: standard
    Analyser les archives: vrai
    Analyser les bases de messagerie: vrai

    Cible de l'analyse - Poste de travail:
    A:\
    C:\
    D:\
    F:\
    G:\
    H:\
    J:\
    K:\

    Statistiques de l'analyse:
    Total d'objets analysés: 96314
    Nombre de virus trouvés: 11
    Nombre d'objets infectés: 34 / 0
    Nombre d'objets suspects: 0
    Durée de l'analyse: 02:35:14

    Nom de l'objet infecté / Nom du virus / Dernière action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\cert8.db L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\content-prefs.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\cookies.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\downloads.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\formhistory.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\key3.db L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\parent.lock L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\permissions.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\places.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\places.sqlite-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\search.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Application Data\Microsoft\Messenger\p2sn@hotmail.fr\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Application Data\Microsoft\Messenger\p2sn@hotmail.fr\SharingMetadata\pending.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Application Data\Microsoft\Messenger\p2sn@hotmail.fr\SharingMetadata\Working\database_AE08_9BE4_89B_A9BB\dfsr.db L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Application Data\Microsoft\Messenger\p2sn@hotmail.fr\SharingMetadata\Working\database_AE08_9BE4_89B_A9BB\fsr.log L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Application Data\Microsoft\Messenger\p2sn@hotmail.fr\SharingMetadata\Working\database_AE08_9BE4_89B_A9BB\fsrtmp.log L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Application Data\Microsoft\Messenger\p2sn@hotmail.fr\SharingMetadata\Working\database_AE08_9BE4_89B_A9BB\tmp.edb L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Application Data\Microsoft\Windows Live Contacts\p2sn@hotmail.fr\real\members.stg L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Application Data\Microsoft\Windows Live Contacts\p2sn@hotmail.fr\shadow\members.stg L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Application Data\Mozilla\Firefox\Profiles\2p2tq6bd.default\urlclassifier3.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Historique\History.IE5\MSHist012008120920081210\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\temp\etilqs_cjkf1XaReAKdVo05kQ7k L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\temp\~DFEDEE.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\temp\~DFEE1A.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\temp\~DFF811.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\temp\~DFF82D.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\ntuser.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\fish\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\ntuser.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Lop SD\Backup-Lop\DOCUME~1\ALLUSE~1\APPLIC~1\Jump Poll Poke Mp3\Comp barb.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\Lop SD\Backup-Lop\DOCUME~1\fish\APPLIC~1\CASTTH~1\daqsdqmb.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\Lop SD\Backup-Lop\DOCUME~1\fish\APPLIC~1\CASTTH~1\ejlertzs.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\Lop SD\Backup-Lop\DOCUME~1\fish\APPLIC~1\CASTTH~1\hilnbaez.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\Lop SD\Backup-Lop\DOCUME~1\fish\APPLIC~1\CASTTH~1\qdaoqadr.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0204182.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0204190.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP799\A0205198.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP801\A0208269.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP803\A0208340.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP803\A0209529.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP804\A0210786.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP805\A0210823.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP809\A0211956.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0212167.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0212551.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215614.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215661.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215679.dll Infecté : Trojan.Win32.Pakes.lqo ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215680.dll Infecté : Trojan.Win32.Pakes.lqr ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215683.dll Infecté : Trojan.Win32.Monder.xou ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215685.dll Infecté : Trojan.Win32.Monder.xow ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215686.dll Infecté : Backdoor.Win32.Delf.moi ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215689.dll Infecté : Trojan-GameThief.Win32.Magania.akfx ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215693.dll Infecté : Trojan.Win32.Pakes.kwr ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215695.dll Infecté : Trojan.Win32.Agent.agvb ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215701.dll Infecté : Trojan.Win32.Monder.xok ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215702.dll Infecté : Backdoor.Win32.Delf.moj ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215720.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215773.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215774.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215775.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215776.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP810\A0215777.exe Infecté : Trojan.Win32.Obfuscated.gen ignoré
    C:\System Volume Information\_restore{EB205A9B-B314-4D14-B8DE-418BE51C082B}\RP813\change.log L'objet est verrouillé ignoré
    C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
    C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
    C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
    C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
    C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
    F:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    G:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    H:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré

    Analyse terminée.
    a b 8 Sécurité
    10 Décembre 2008 12:28:09

    Re,

    Supprime ce dossier :
    C:\Lop SD

    Désactive puis réactive la restauration du système.
    10 Décembre 2008 13:51:50

    ok c'est fait.
    je n'ai plus aucun souci, tout a disparu et le pc retrouvé sa vitesse de croisière (enfin je l'ai monté en 2004, donc quand je dis vistesse...)
    merci de m'indiquer un antivirus: Kapersky?
    en tout cas un grand MERCI pour ton aide!
    a b 8 Sécurité
    11 Décembre 2008 13:14:36

    Antivirus gratuit ou payant ?
    12 Décembre 2008 00:31:14

    gratuit parce que d'après ce que j'ai compris ça ne change pas grand chose
    a b 8 Sécurité
    12 Décembre 2008 17:37:19

    AntiVir alors.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS