Votre question

Problème de mises à jours (VIRUS ALERT!)

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
18 Octobre 2008 18:03:49

Bonjour, voilà j'ai essayer d'installer la nouvelle mise à jour "Service pack 3"et mon ordinateur ne voulais plus démarrer mais maintenant j'ai virus alert! qui s'affiche à coté de l'heure et la date merci de m'aider svp.

Voici mon rapport Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:03: VIRUS ALERT!, on 18/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: rosqxvmn - {DD75AB82-CBE3-4096-825E-C24BFA82B5FF} - C:\WINDOWS\rosqxvmn.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MsUpdate] C:\Setup_ver1.1779.2.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [comapi] C:\WINDOWS\system32\tmjydklc.exe
O4 - HKLM\..\Policies\Explorer\Run: [D2bolTVe6l] C:\Documents and Settings\All Users\Application Data\xipinkvo\noxmjcnw.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{E39C656A-A35A-4F11-8BF8-B6E2CCFBCA23}: NameServer = 192.168.1.1
O21 - SSODL: qrbgltos - {95C07D7F-DE2B-463C-8BE6-18D1C29F0B16} - C:\WINDOWS\qrbgltos.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9340 bytes

Autres pages sur : probleme mises jours virus alert

18 Octobre 2008 22:27:17

Re,

Voici mon rapport SmitFraudix:


SmitFraudFix v2.364

Rapport fait à 20:08:38,76, 18/10/2008
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\lomxeqsn.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Propriétaire


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Propriétaire\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_PRO~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E39C656A-A35A-4F11-8BF8-B6E2CCFBCA23}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E39C656A-A35A-4F11-8BF8-B6E2CCFBCA23}: NameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E39C656A-A35A-4F11-8BF8-B6E2CCFBCA23}: NameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E39C656A-A35A-4F11-8BF8-B6E2CCFBCA23}: NameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

18 Octobre 2008 22:34:41

Bonsoir

1

~Redémarre l'ordinateur en mode sans échec (F8 au démarrage de l'ordinateur)
Aide

~Double clique sur SmitfraudFix.cmd
~Sélectionne 2 et presse Entrée dans le menu pour supprimer les fichiers responsables de l'infection.
~Réponds Oui (o) à toutes les questions.
Un redémarrage sera peut être nécessaire pour terminer la procédure de nettoyage.
~Poste le nouveau rapport.

2
ajoute un nouveau log hijackthis stp
Contenus similaires
18 Octobre 2008 23:04:43

Merci, c'est gentil de me répondre pouvez vous m'expliquer par quoi je suis infecter?

Voici mes rapports:

SmitFraudFix v2.364

Rapport fait à 22:44:01,34, 18/10/2008
Executé à partir de C:\Documents and Settings\HP_Propri‚taire\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\lomxeqsn.exe supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E39C656A-A35A-4F11-8BF8-B6E2CCFBCA23}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E39C656A-A35A-4F11-8BF8-B6E2CCFBCA23}: NameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E39C656A-A35A-4F11-8BF8-B6E2CCFBCA23}: NameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E39C656A-A35A-4F11-8BF8-B6E2CCFBCA23}: NameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:03:49, on 18/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [c0d0d7ff] rundll32.exe "C:\WINDOWS\system32\nxoxxadq.dll",b
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{E39C656A-A35A-4F11-8BF8-B6E2CCFBCA23}: NameServer = 192.168.1.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 7441 bytes


Merci


18 Octobre 2008 23:10:04

Re
speechrapfr a dit :
Merci, c'est gentil de me répondre pouvez vous m'expliquer par quoi je suis infecter?

SmitFraud et Vundo semble-t-il.
Pour Vundo, je ne sais pas encore si ce sont des restes d'une ancienne infection où si l'infection est encore active... (l'absence de lignes O2 et O20 me laisse penser que oui.) On verra bien ;) 


Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    19 Octobre 2008 11:44:35

    Re,

    Voici mon rapport MalwareByte's Anti-Malware:

    Malwarebytes' Anti-Malware 1.29
    Version de la base de données: 1286
    Windows 5.1.2600 Service Pack 2

    19/10/2008 11:37:18
    mbam-log-2008-10-19 (11-37-18).txt

    Type de recherche: Examen complet (C:\|D:\|L:\|)
    Eléments examinés: 210629
    Temps écoulé: 8 hour(s), 25 minute(s), 7 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 11
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 3
    Fichier(s) infecté(s): 11

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\ssqRLEVo.dll (Trojan.Vundo.H) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d4bd693-8357-407e-a800-bf43a3318b5e} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{1d4bd693-8357-407e-a800-bf43a3318b5e} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{12001406-f536-4657-bcfd-da90a1fd59d8} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12001406-f536-4657-bcfd-da90a1fd59d8} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper (Adware.NetPumper) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\rosqxvmn.btsx (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\rosqxvmn.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c0d0d7ff (Trojan.Vundo.H) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ssqrlevo -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ssqrlevo -> Delete on reboot.

    Dossier(s) infecté(s):
    C:\Program Files\NetPumper (Adware.NetPumper) -> Delete on reboot.
    C:\Program Files\NetPumper\ZM (Adware.NetPumper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Propriétaire\Application Data\NetPumper (Adware.NetPumper) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\ssqRLEVo.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\oVELRqss.ini (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\oVELRqss.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nxoxxadq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qdaxxoxn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\efcATLfg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvSkLfd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP427\A0090698.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP427\A0090699.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\kwlcwmxy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lxehog.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    19 Octobre 2008 13:31:33

    bonjour

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    ajoute un nouveau rapport Hijackthis.
    19 Octobre 2008 14:03:23

    Salut,

    Encore merci de m'aider, voici mes rapports:

    ComboFix 08-10-18.03 - HP_Propriétaire 2008-10-19 13:51:37.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.572 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-19 au 2008-10-19 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-19 02:59 . 2008-10-19 02:59 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-19 02:59 . 2008-10-19 02:59 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Malwarebytes
    2008-10-19 02:59 . 2008-10-19 02:59 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Malwarebytes
    2008-10-19 02:59 . 2008-10-19 02:59 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Malwarebytes
    2008-10-19 02:59 . 2008-10-19 02:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-19 02:59 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-19 02:59 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-18 22:39 . 2005-01-02 01:52 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
    2008-10-18 22:39 . 2004-11-24 03:37 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage réseau
    2008-10-18 22:39 . 2004-11-24 03:37 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-10-18 22:39 . 2007-10-27 09:45 <REP> d-------- C:\Documents and Settings\Administrateur\Modèles
    2008-10-18 22:39 . 2005-01-02 02:22 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2008-10-18 22:39 . 2004-11-25 05:26 <REP> d-------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2008-10-18 22:39 . 2007-10-27 09:48 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2008-10-18 22:39 . 2005-01-02 01:57 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-10-18 22:39 . 2005-01-02 02:13 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
    2008-10-18 22:39 . 2005-01-02 02:04 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SampleView
    2008-10-18 22:39 . 2005-01-02 01:52 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer
    2008-10-18 22:39 . 2008-10-18 22:40 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-10-18 20:30 . 2008-10-18 20:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Blizzard
    2008-10-18 20:08 . 2008-10-18 22:44 924 --a------ C:\WINDOWS\system32\tmp.reg
    2008-10-18 19:52 . 2008-10-18 19:52 236 --a------ C:\sqmdata06.sqm
    2008-10-18 19:52 . 2008-10-18 19:52 200 --a------ C:\sqmnoopt06.sqm
    2008-10-18 17:11 . 2008-10-18 17:11 236 --a------ C:\sqmdata05.sqm
    2008-10-18 17:11 . 2008-10-18 17:11 200 --a------ C:\sqmnoopt05.sqm
    2008-10-18 00:37 . 2004-08-05 20:00 380,928 --a------ C:\WINDOWS\system32\irprops.cpl
    2008-10-18 00:28 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\002909_.tmp
    2008-10-18 00:24 . 2004-08-05 20:00 26,624 --a------ C:\WINDOWS\system32\drivers\usbehci.sys
    2008-10-18 00:24 . 2004-08-05 20:00 15,488 --a------ C:\WINDOWS\system32\drivers\mssmbios.sys
    2008-10-18 00:23 . 2006-03-17 02:33 262,784 --a------ C:\WINDOWS\system32\drivers\http.sys
    2008-10-18 00:21 . 2004-08-05 20:00 4,190,352 --a------ C:\WINDOWS\system32\dllcache\luna.mst
    2008-10-18 00:20 . 2008-08-14 15:44 2,138,112 --a------ C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    2008-10-18 00:19 . 2007-10-25 18:56 8,510,976 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
    2008-10-17 23:55 . 2008-10-17 23:55 236 --a------ C:\sqmdata04.sqm
    2008-10-17 23:55 . 2008-10-17 23:55 200 --a------ C:\sqmnoopt04.sqm
    2008-10-17 22:50 . 2008-10-17 22:50 236 --a------ C:\sqmdata03.sqm
    2008-10-17 22:50 . 2008-10-17 22:50 200 --a------ C:\sqmnoopt03.sqm
    2008-10-17 22:16 . 2008-10-17 22:16 236 --a------ C:\sqmdata02.sqm
    2008-10-17 22:16 . 2008-10-17 22:16 200 --a------ C:\sqmnoopt02.sqm
    2008-10-17 21:33 . 2008-10-17 21:33 236 --a------ C:\sqmdata01.sqm
    2008-10-17 21:33 . 2008-10-17 21:33 200 --a------ C:\sqmnoopt01.sqm
    2008-10-17 21:10 . 2008-10-17 21:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\xipinkvo
    2008-10-16 22:07 . 2008-10-16 22:07 <REP> d-------- C:\Program Files\Electronic Arts
    2008-10-14 23:32 . 2008-10-14 23:32 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Sports Interactive
    2008-10-14 23:32 . 2008-10-14 23:32 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Sports Interactive
    2008-10-14 23:32 . 2008-10-14 23:32 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Sports Interactive
    2008-10-14 23:24 . 2008-10-14 23:26 <REP> d--h----- C:\Program Files\Zero G Registry
    2008-10-14 23:22 . 2008-10-14 23:22 <REP> d--h----- C:\Documents and Settings\HP_Propriétaire\InstallAnywhere
    2008-10-14 23:22 . 2008-10-14 23:22 <REP> d--h----- C:\Documents and Settings\HP_Propriétaire\InstallAnywhere
    2008-10-13 20:56 . 2008-10-13 20:56 236 --a------ C:\sqmdata00.sqm
    2008-10-13 20:56 . 2008-10-13 20:56 200 --a------ C:\sqmnoopt00.sqm
    2008-10-12 21:48 . 2008-10-12 21:49 <REP> d-------- C:\Program Files\mp3DirectCut
    2008-10-12 14:57 . 2008-10-12 14:57 <REP> d-------- C:\Program Files\Empire Interactive
    2008-10-11 19:07 . 2008-10-11 19:07 <REP> d-------- C:\ProgramData
    2008-10-11 18:43 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
    2008-10-11 14:38 . 2008-10-19 11:53 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Tracing
    2008-10-11 14:38 . 2008-10-19 11:53 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Tracing
    2008-10-11 14:38 . 2008-10-11 14:38 25,768 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
    2008-10-11 14:21 . 2008-09-04 22:03 56,344 --a------ C:\WINDOWS\system32\drivers\fssfltr.sys
    2008-10-11 14:18 . 2008-10-11 14:18 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2008-10-11 14:11 . 2008-10-11 14:11 <REP> d-------- C:\Program Files\Microsoft
    2008-10-11 13:22 . 2008-10-11 13:22 <REP> d-------- C:\Program Files\Fichiers communs\Windows Live
    2008-10-08 18:43 . 2008-10-08 18:43 <REP> d-------- C:\Program Files\AviSynth 2.5
    2008-10-08 18:42 . 2008-10-08 18:42 <REP> d-------- C:\Program Files\eRightSoft
    2008-10-05 14:12 . 2008-10-05 14:12 28,898 --a------ C:\WINDOWS\system32\SpoonUninstall-dBPowerAMP Real Audio Encoder R3.bmp
    2008-10-05 14:12 . 2008-10-05 14:12 27,958 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Real Audio Codec.bmp
    2008-10-05 14:12 . 2008-10-05 14:12 27,958 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Ogg Vorbis Codec.bmp
    2008-10-05 14:12 . 2008-10-05 14:12 2,995 --a------ C:\WINDOWS\system32\SpoonUninstall-dBPowerAMP Real Audio Encoder R3.dat
    2008-10-05 14:12 . 2008-10-05 14:12 2,154 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Ogg Vorbis Codec.dat
    2008-10-05 14:12 . 2008-10-05 14:12 1,928 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Real Audio Codec.dat
    2008-10-05 14:10 . 2008-10-05 14:09 27,958 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.bmp
    2008-10-05 14:10 . 2008-10-05 14:10 17,871 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
    2008-10-05 10:18 . 2008-10-05 10:18 <REP> d-------- C:\Program Files\CAPCOM
    2008-10-04 20:48 . 2008-10-04 20:53 <REP> d-------- C:\Program Files\VisualSubSync
    2008-09-28 13:50 . 2008-09-28 13:50 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\InstallShield
    2008-09-28 13:50 . 2008-09-28 13:50 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\InstallShield
    2008-09-28 13:50 . 2008-09-28 13:50 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\InstallShield
    2008-09-28 13:50 . 2008-09-28 13:51 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\EmailNotifier
    2008-09-28 13:50 . 2008-09-28 13:51 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\EmailNotifier
    2008-09-28 13:50 . 2008-09-28 13:51 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\EmailNotifier
    2008-09-28 13:50 . 2008-09-28 13:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Megaupload
    2008-09-28 13:50 . 2008-09-28 13:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EmailNotifier
    2008-09-20 16:33 . 2008-09-20 16:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-09-20 16:17 . 2008-09-20 16:17 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2008-09-19 14:52 . 2008-10-04 15:50 <REP> d-------- C:\Program Files\MediaInfo

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-18 21:03 7,442 ----a-w C:\Program Files\hijackthis.log
    2008-10-18 20:23 --------- d-----w C:\Program Files\KONAMI
    2008-10-18 19:12 --------- d-----w C:\Program Files\World of Warcraft
    2008-10-18 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
    2008-10-18 17:52 --------- d-----w C:\Program Files\TuneUp Utilities 2006
    2008-10-18 14:10 45,056 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
    2008-10-18 14:10 44,032 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
    2008-10-17 13:14 --------- d-----w C:\Program Files\eMule
    2008-10-16 17:05 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-10-15 17:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-10-15 16:37 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-10-14 16:49 --------- d-----w C:\Program Files\BitComet
    2008-10-11 16:33 --------- d-----w C:\Program Files\DAEMON Tools Pro
    2008-10-11 12:21 --------- d-----w C:\Program Files\Windows Live
    2008-10-10 19:42 --------- d-----w C:\Program Files\adslTV
    2008-10-05 12:14 167,424 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
    2008-09-24 20:53 5,632 ----a-w C:\WINDOWS\system32\drivers\StarOpen.sys
    2008-09-22 11:41 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\LimeWire
    2008-09-22 11:41 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\LimeWire
    2008-09-22 11:41 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\LimeWire
    2008-09-19 11:49 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\vlc
    2008-09-19 11:49 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\vlc
    2008-09-19 11:49 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\vlc
    2008-09-18 19:37 --------- d-----w C:\Program Files\CyberLeadingCorp
    2008-09-17 01:45 --------- d-----w C:\Program Files\FlashFXP
    2008-09-16 23:10 --------- d-----w C:\Program Files\QuickSFV
    2008-09-15 15:39 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-09-15 15:39 1,846,144 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
    2008-09-14 18:44 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\OmegaT
    2008-09-14 18:44 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\OmegaT
    2008-09-14 18:44 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\OmegaT
    2008-09-10 12:32 --------- d-----w C:\Program Files\Fichiers communs\logishrd
    2008-09-10 12:31 --------- d-----w C:\Program Files\Logitech
    2008-09-10 12:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
    2008-09-10 12:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
    2008-09-08 22:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll
    2008-09-05 14:04 288,768 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-09-04 17:08 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Samsung
    2008-09-04 17:08 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Samsung
    2008-09-04 17:08 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Samsung
    2008-09-04 17:05 --------- d-----w C:\Program Files\Samsung
    2008-09-03 09:04 --------- d-----w C:\Program Files\FairUse Wizard 2
    2008-09-01 15:29 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
    2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\dllcache\srv.sys
    2008-08-27 20:04 --------- d-----w C:\Program Files\Zylom Games
    2008-08-27 12:03 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Zylom
    2008-08-27 12:03 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Zylom
    2008-08-27 12:03 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Zylom
    2008-08-27 11:26 --------- d-----w C:\Program Files\LimeWire
    2008-08-27 11:26 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\PlayFirst
    2008-08-27 11:26 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\PlayFirst
    2008-08-27 11:26 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\PlayFirst
    2008-08-27 11:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
    2008-08-19 09:30 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
    2008-08-14 13:44 2,182,400 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
    2008-08-14 13:44 2,182,400 ----a-w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    2008-08-14 13:44 2,059,776 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
    2008-08-14 13:44 2,059,776 ----a-w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    2008-08-14 13:44 2,017,792 ----a-w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
    2008-08-14 09:51 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
    2008-07-20 12:52 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll
    2008-06-07 09:04 22,328 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\PnkBstrK.sys
    2008-06-07 09:04 22,328 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\PnkBstrK.sys
    2008-06-07 09:04 22,328 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\PnkBstrK.sys
    2008-05-24 12:53 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2008-05-16 14:58 396,288 ----a-w C:\Program Files\HijackThis.exe
    2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    2008-03-16 12:30 216,064 --sh--r C:\WINDOWS\system32\nbDX.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-10-18_19.52.21.07 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2004-08-05 18:00:00 39,552 ----a-w C:\WINDOWS\system32\dllcache\processr.sys
    - 2008-10-18 15:11:21 63,412 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-10-18 21:03:56 63,412 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-10-18 15:11:21 76,670 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-10-18 21:03:56 76,670 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-10-18 15:11:21 402,802 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-10-18 21:03:56 402,802 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-10-18 15:11:21 470,318 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-10-18 21:03:56 470,318 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-10-19 09:40:03 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_200.dat
    + 2008-10-19 09:39:52 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_630.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" [2006-10-06 305152]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-09-09 3513344]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-06 339968]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 61440]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2005-09-25 155648]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 C:\WINDOWS\AGRSMMSG.exe]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 C:\WINDOWS\system32\bthprops.cpl]

    C:\WINDOWS\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
    AutoTBar.exe [2003-09-30 57344]

    C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    AutoTBar.exe [2003-09-30 57344]

    C:\WINDOWS\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
    AutoTBar.exe [2003-09-30 57344]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= i420vfw.dll
    "msacm.ac3filter"= ac3filter.acm

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\" -lang 1033
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
    "SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe
    "updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
    "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
    "BitComet"="C:\Program Files\BitComet\BitComet.exe" /tray
    "Splash screen for Avast!"=C:\Program Files\Alwil Software\Avast4\ashAvast.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    "LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    "DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
    "AlcxMonitor"=ALCXMNTR.EXE
    "hpsysdrv"=c:\windows\system\hpsysdrv.exe
    "KBD"=C:\HP\KBD\KBD.EXE
    "PS2"=C:\WINDOWS\system32\ps2.exe
    "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
    "c0d0d7ff"=rundll32.exe "C:\WINDOWS\system32\nxoxxadq.dll",b

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\BitComet\\BitComet.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Documents and Settings\\HP_Propriétaire\\Bureau\\ViTALiTY\\PES2008.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\World of Warcraft\\WoW-1.12.0-frFR-downloader.exe"=
    "C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-frFR-patch-downloader.exe"=
    "C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\\Program Files\\FlashFXP\\flashfxp.exe
    "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
    "C:\\Program Files\\adslTV\\adsltv.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "7580:TCP"= 7580:TCP:BitComet 7580 TCP
    "7580:UDP"= 7580:UDP:BitComet 7580 UDP
    "26553:TCP"= 26553:TCP:BitComet 26553 TCP
    "26553:UDP"= 26553:UDP:BitComet 26553 UDP
    "6885:TCP"= 6885:TCP:BitComet 6885 TCP
    "6885:UDP"= 6885:UDP:BitComet 6885 UDP
    "6999:TCP"= 6999:TCP:BitComet 6999 TCP
    "6999:UDP"= 6999:UDP:BitComet 6999 UDP
    "58682:TCP"= 58682:TCP:p ando P2P TCP Listening Port
    "58682:UDP"= 58682:UDP:p ando P2P UDP Listening Port
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
    "6888:TCP"= 6888:TCP:BitComet 6888 TCP
    "6888:UDP"= 6888:UDP:BitComet 6888 UDP
    "65534:TCP"= 65534:TCP:BitComet 65534 TCP
    "65534:UDP"= 65534:UDP:BitComet 65534 UDP

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2008-09-04 56344]
    R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2004-08-05 14336]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    S3 fsssvc;Windows Live Contrôle parental;C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2008-09-04 512536]
    S3 SDVC04;USB DVC Service;C:\WINDOWS\system32\Drivers\SDVC04.sys [2003-05-22 42413]
    S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [ ]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04ec9383-64ab-11dd-bd51-0013d328cfbc}]
    \Shell\AutoRun\command - ClickMe.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0b07375-886e-11dc-bc70-0013d328cfbc}]
    \Shell\AutoRun\command - L:\autoplay.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

    2008-10-17 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
    - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-06 07:27]
    .
    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\qf1e0py3.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ig?hl=fr
    FF -: plugin - C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    FF -: plugin - C:\Program Files\adslTV\npvlc.dll
    FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
    FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-19 13:54:03
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...


    **************************************************************************
    .
    Heure de fin: 2008-10-19 13:56:41
    ComboFix-quarantined-files.txt 2008-10-19 11:55:37
    ComboFix2.txt 2008-10-18 17:54:14

    Avant-CF: 34 629 046 272 octets libres
    Après-CF: 34,619,215,872 octets libres

    306 --- E O F --- 2008-10-17 01:04:13


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:58:07, on 19/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E39C656A-A35A-4F11-8BF8-B6E2CCFBCA23}: NameServer = 192.168.1.1
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

    --
    End of file - 8239 bytes


    Encore une question j'ai plus l'icone de mon antivirus dans la zone de notification et j'ai une alerte sécurité a cause des mises à jour peux tu m'aider stp?

    19 Octobre 2008 21:00:26

    re

    je t'avais dit de désactiver ton antivirus...

    supprime le dossier:
    C:\Documents and Settings\All Users\Application Data\xipinkvo
    Note :
    Citation :
    Pour afficher les dossiers et fichiers cachés du système:
    Panneau de configuration/Options des dossiers/onglet Affichage/cocher Afficher les fichiers et dossiers cachés, décocher Masquer les extensions de fichiers connus, décocher Masquer les fichiers protégés du Système.

    Les fichiers et dossiers cachés du système apparaissent alors dans l'explorateur Windows en transparence.


    +++++++++

    Désinstalle correctement Avast!


    Pour le remplacer par Antivir.

    -->Tuto<--


    Pourquoi changer ? : Avast! vs Antivir
    mais aussi:
    14 antivirus au banc d'essai
    Citation :
    Antivir : le plus efficace des gratuits


    21 Octobre 2008 20:10:47

    Salut c'est tout ce que j'ai à faire tout est désinfecter?
    Et en ce qui concerne la mise à jour service pack 3 pourquoi quand je l'installe et je redémarre mon PC ne veux plus se mettre sur le bureau il redémarre toutes les cinq minutes ?
    21 Octobre 2008 23:13:15

    Bonsoir
    speechrapfr a dit :
    Salut c'est tout ce que j'ai à faire tout est désinfecter?
    Et en ce qui concerne la mise à jour service pack 3 pourquoi quand je l'installe et je redémarre mon PC ne veux plus se mettre sur le bureau il redémarre toutes les cinq minutes ?

    je ne t'ai pas demandé de mettre à jour windows il me semble...
    on verra ça en fin de désinfection.
    fais ce que je te demande et poste ton rapport antivir stp
    22 Octobre 2008 17:16:00

    Salut,

    Voici le rapport Antivir:



    Avira AntiVir Personal
    Report file date: mardi 21 octobre 2008 23:45

    Scanning for 1701701 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Save mode
    Username: HP_Propriétaire
    Computer name: SPEECHRAPFR

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
    ANTIVIR2.VDF : 7.0.7.59 4366336 Bytes 19/10/2008 18:31:58
    ANTIVIR3.VDF : 7.0.7.70 111104 Bytes 21/10/2008 18:32:01
    Engineversion : 8.2.0.5
    AEVDF.DLL : 8.1.0.6 102772 Bytes 21/10/2008 18:32:23
    AESCRIPT.DLL : 8.1.1.9 319867 Bytes 21/10/2008 18:32:21
    AESCN.DLL : 8.1.1.3 123252 Bytes 21/10/2008 18:32:19
    AERDL.DLL : 8.1.1.2 438644 Bytes 21/10/2008 18:32:18
    AEPACK.DLL : 8.1.2.4 369014 Bytes 21/10/2008 18:32:16
    AEOFFICE.DLL : 8.1.0.28 196987 Bytes 21/10/2008 18:32:14
    AEHEUR.DLL : 8.1.0.59 1438071 Bytes 21/10/2008 18:32:13
    AEHELP.DLL : 8.1.1.2 115062 Bytes 21/10/2008 18:32:08
    AEGEN.DLL : 8.1.0.41 319861 Bytes 21/10/2008 18:32:07
    AEEMU.DLL : 8.1.0.9 393588 Bytes 21/10/2008 18:32:05
    AECORE.DLL : 8.1.2.6 172406 Bytes 21/10/2008 18:32:03
    AEBB.DLL : 8.1.0.3 53618 Bytes 21/10/2008 18:32:02
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 21/10/2008 18:32:01
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Local Drives
    Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:, L:, F:, G:, H:, I:, E:, K:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
    Macro heuristic..................: on
    File heuristic...................: medium
    Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

    Start of the scan: mardi 21 octobre 2008 23:45

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    12 processes with 12 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD4
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD5
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!
    Boot sector 'L:\'
    [INFO] No virus was found!
    Boot sector 'F:\'
    [INFO] In the drive 'F:\' no data medium is inserted!
    Boot sector 'G:\'
    [INFO] In the drive 'G:\' no data medium is inserted!
    Boot sector 'H:\'
    [INFO] In the drive 'H:\' no data medium is inserted!
    Boot sector 'I:\'
    [INFO] In the drive 'I:\' no data medium is inserted!

    Starting to scan the registry.
    The registry was scanned ( '56' files ).


    Starting the file scan:

    Begin scan in 'C:\' <HP_PAVILION>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
    [0] Archive type: RAR SFX (self extracting)
    --> 32788R22FWJFW\hidec.exe
    [DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program
    --> 32788R22FWJFW\NirCmd.cfexe
    [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
    --> 32788R22FWJFW\nircmd.com
    [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
    --> 32788R22FWJFW\NirCmdC.cfexe
    [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.1.B application
    --> 32788R22FWJFW\psexec.cfexe
    [1] Archive type: RSRC
    --> Object
    [DETECTION] Contains recognition pattern of the APPL/PsExec.E application
    [NOTE] The file was moved to '496b4f93.qua'!
    C:\Documents and Settings\HP_Propriétaire\Bureau\SmitfraudFix\Reboot.exe
    [DETECTION] Contains recognition pattern of the SPR/Tool.Reboot.F program
    [NOTE] The file was moved to '496056c8.qua'!
    C:\Documents and Settings\HP_Propriétaire\Bureau\SmitfraudFix\restart.exe
    [DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
    [NOTE] The file was moved to '497156cc.qua'!
    C:\hp\bin\KillIt.exe
    [DETECTION] Contains recognition pattern of the APPL/KillApp.A application
    [NOTE] The file was moved to '496a5e52.qua'!
    C:\hp\bin\KillWind.exe
    [DETECTION] Contains recognition pattern of the APPL/KillApplicat.A application
    [NOTE] The file was moved to '48ef697b.qua'!
    C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe
    [DETECTION] Contains recognition pattern of the SPR/Tool.Reboot.F program
    [NOTE] The file was moved to '496096b4.qua'!
    C:\Program Files\Mozilla Firefox\SmitfraudFix\restart.exe
    [DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
    [NOTE] The file was moved to '497196b4.qua'!
    C:\Program Files\TuneUp Utilities 2006\SDShelEx.dll
    [DETECTION] Is the TR/Muldrop.6045.A Trojan
    [NOTE] The file was moved to '4951981a.qua'!
    C:\WINDOWS\NIRCMD.exe
    [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
    [NOTE] The file was moved to '495098ff.qua'!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <ACER>
    Begin scan in 'L:\' <ALCIDES>
    L:\Jeux PC\Crack\daemon.tools.pro.patch.exe
    [DETECTION] Is the TR/Agent.620544.A Trojan
    [NOTE] The file was moved to '4963b51d.qua'!
    L:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP368\A0077818.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '492eb4f1.qua'!
    L:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP427\A0090519.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE] The file was moved to '492eb4fe.qua'!
    L:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP439\A0102407.exe
    [DETECTION] Is the TR/Agent.620544.A Trojan
    [NOTE] The file was moved to '492fb4fe.qua'!
    L:\Logiciels\Sw AnyDVD6.1.0.0 & Clone DVD2.9.0.3 + crack1.40.rar
    [0] Archive type: RAR
    --> Sw AnyDVD6.1.0.0 & Clone DVD2.0.9.3 + crack\Slysoft Crack 1.40.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.bzjy back-door program
    [NOTE] The file was moved to '491ec6dd.qua'!
    L:\Logiciels\Daemon.Tools.Pro.Advanced.v4.10.0218.Incl-Crack.rar
    [0] Archive type: RAR
    --> Crack\daemon.tools.pro.patch.exe
    [DETECTION] Is the TR/Agent.620544.A Trojan
    [NOTE] The file was moved to '4963c887.qua'!
    L:\Logiciels\Crack Windows Vista™ SP1.rar
    [0] Archive type: RAR
    --> Crack Windows VistaT SP1.exe
    [1] Archive type: RAR SFX (self extracting)
    --> ACTIVATE.exe
    [DETECTION] Is the TR/Agent.EIW Trojan
    [NOTE] The file was moved to '495fc899.qua'!
    L:\Logiciels\Avast + Crack\Logiciel Avast Antivirus '' Generateur De Clefs '' Version 4.5 Pro Keygen ((Language Francais)).rar
    [0] Archive type: ZIP
    --> avast! antivirus v4.5 pro keygen.exe
    [DETECTION] Is the TR/Agent.35398 Trojan
    [NOTE] The file was moved to '4965c9dd.qua'!
    L:\Logiciels\WinRAR.v3.51+ crack\WinRAR.v3.51.WinALL.Cracked-CORE.zip
    [0] Archive type: ZIP
    --> crack.exe
    [DETECTION] Is the TR/Crypt.FSPM.Gen Trojan
    [NOTE] The file was moved to '496cca3b.qua'!
    Begin scan in 'F:\'
    Search path F:\ could not be opened!
    System error [21]: Le périphérique n'est pas prêt.
    Begin scan in 'G:\'
    Search path G:\ could not be opened!
    System error [21]: Le périphérique n'est pas prêt.
    Begin scan in 'H:\'
    Search path H:\ could not be opened!
    System error [21]: Le périphérique n'est pas prêt.
    Begin scan in 'I:\'
    Search path I:\ could not be opened!
    System error [21]: Le périphérique n'est pas prêt.
    Begin scan in 'E:\'
    Search path E:\ could not be opened!
    System error [21]: Le périphérique n'est pas prêt.
    Begin scan in 'K:\'
    Search path K:\ could not be opened!
    System error [21]: Le périphérique n'est pas prêt.


    End of the scan: mercredi 22 octobre 2008 08:36
    Used time: 8:50:44 Hour(s)

    The scan has been done completely.

    11188 Scanning directories
    418000 Files were scanned
    22 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    18 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    417976 Files not concerned
    16698 Archives were scanned
    6 Warnings
    18 Notes

    Merci.
    22 Octobre 2008 21:07:55

    bonsoir

    Télécharge Lop S&D.exe sur ton bureau

  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
  • Sélectionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré ( C:\lopR.txt )

    ( Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
    22 Octobre 2008 22:54:31

    Re, voici le rapport:


    --------------------\\ Lop S&D 4.2.4-6 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 3000+ )
    BIOS : Phoenix - Award BIOS v6.00PG
    USER : HP_Propriétaire ( Administrator )
    BOOT : Normal boot
    Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated)
    C:\ (Local Disk) - NTFS - Total : 144 Go Free : 16 Go
    D:\ (Local Disk) - NTFS - Total : 4 Go Free : 1 Go
    E:\ (CD or DVD)
    F:\ (USB)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)
    K:\ (CD or DVD)
    L:\ (Local Disk) - FAT32 - Total : 465 Go Free : 102 Go

    "C:\Lop SD" ( MAJ : 20-10-2008|20:35 )
    Option : [1] ( 22/10/2008|22:48 )

    --------------------\\ Listing des dossiers dans APPLIC~1

    [02/01/2005|01:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
    [25/11/2004|05:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
    [08/04/2008|03:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
    [02/01/2005|02:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
    [02/01/2005|02:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

    [12/05/2008|11:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [31/07/2008|19:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Aliasworlds
    [03/05/2008|11:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [21/10/2008|20:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    [18/10/2008|20:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Blizzard
    [31/05/2008|18:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
    [26/07/2008|21:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DAEMON Tools Pro
    [23/07/2008|17:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DFX
    [10/11/2007|12:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DonationCoder
    [07/12/2007|18:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
    [28/09/2008|13:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EmailNotifier
    [30/07/2008|19:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fashion Solitaire 1.2
    [20/09/2008|16:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
    [28/10/2007|09:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [02/01/2005|01:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
    [30/07/2008|15:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HipSoft
    [20/07/2008|14:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
    [02/01/2005|01:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    [16/05/2008|15:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    [10/09/2008|14:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
    [10/09/2008|14:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
    [19/10/2008|02:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [28/09/2008|13:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Megaupload
    [26/05/2008|19:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [11/10/2008|14:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [17/07/2008|15:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NannyMania
    [23/07/2008|17:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
    [27/08/2008|13:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
    [02/01/2005|01:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    [27/10/2007|12:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
    [17/07/2008|15:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
    [02/01/2005|01:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [17/07/2008|12:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns
    [31/07/2008|13:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
    [27/10/2007|09:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    [20/01/2008|16:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [22/11/2007|12:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
    [18/10/2008|19:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
    [27/10/2007|12:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [19/10/2008|14:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    [24/07/2008|12:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

    [02/01/2005|01:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
    [25/11/2004|05:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [08/04/2008|03:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [02/01/2005|02:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
    [02/01/2005|02:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

    [20/09/2008|16:33] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Adobe
    [16/05/2008|15:44] C:\DOCUME~1\HP_PRO~1\APPLIC~1\AdobeUM
    [06/06/2008|23:25] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Ahead
    [02/01/2005|01:52] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Apple Computer
    [31/05/2008|18:14] C:\DOCUME~1\HP_PRO~1\APPLIC~1\CyberLink
    [26/07/2008|21:42] C:\DOCUME~1\HP_PRO~1\APPLIC~1\DAEMON Tools Pro
    [22/01/2008|20:57] C:\DOCUME~1\HP_PRO~1\APPLIC~1\DivX
    [20/01/2008|16:46] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Eltima Software
    [28/09/2008|13:51] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EmailNotifier
    [24/11/2007|12:20] C:\DOCUME~1\HP_PRO~1\APPLIC~1\FlashFXP
    [24/07/2008|12:41] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Gamelab
    [22/11/2007|12:12] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Google
    [26/03/2008|18:20] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Help
    [20/07/2008|14:47] C:\DOCUME~1\HP_PRO~1\APPLIC~1\HP
    [27/08/2008|14:03] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Identities
    [20/07/2008|14:50] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Image Zone Express
    [28/09/2008|13:50] C:\DOCUME~1\HP_PRO~1\APPLIC~1\InstallShield
    [15/11/2007|22:08] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Leadertech
    [22/09/2008|13:41] C:\DOCUME~1\HP_PRO~1\APPLIC~1\LimeWire
    [27/10/2007|09:50] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Macromedia
    [19/10/2008|02:59] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Malwarebytes
    [27/10/2007|12:37] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Media Player Classic
    [21/04/2008|22:32] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Megaupload
    [11/10/2008|15:17] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Microsoft
    [28/08/2008|12:43] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Mozilla
    [21/07/2008|11:49] C:\DOCUME~1\HP_PRO~1\APPLIC~1\My Games
    [14/06/2008|14:57] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Nero
    [17/07/2008|12:26] C:\DOCUME~1\HP_PRO~1\APPLIC~1\NEW SUPPORT BYTE
    [14/09/2008|20:44] C:\DOCUME~1\HP_PRO~1\APPLIC~1\OmegaT
    [27/08/2008|13:26] C:\DOCUME~1\HP_PRO~1\APPLIC~1\PlayFirst
    [24/11/2007|13:35] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Real
    [02/01/2005|02:04] C:\DOCUME~1\HP_PRO~1\APPLIC~1\SampleView
    [04/09/2008|19:08] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Samsung
    [31/10/2007|04:13] C:\DOCUME~1\HP_PRO~1\APPLIC~1\SecuROM
    [14/10/2008|23:32] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Sports Interactive
    [17/12/2007|02:29] C:\DOCUME~1\HP_PRO~1\APPLIC~1\STOIK
    [28/10/2007|14:05] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Sun
    [02/01/2005|02:13] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Symantec
    [27/10/2007|09:52] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Talkback
    [27/10/2007|14:16] C:\DOCUME~1\HP_PRO~1\APPLIC~1\TuneUp Software
    [19/09/2008|13:49] C:\DOCUME~1\HP_PRO~1\APPLIC~1\vlc
    [07/04/2008|18:29] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Windows Live Writer
    [27/08/2008|14:03] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Zylom

    [20/05/2008|20:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [27/10/2007|13:52] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [17/10/2008 09:10][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [17/10/2008 17:16][--a------] C:\WINDOWS\tasks\Maintenance en 1 clic.job
    [22/10/2008 16:41][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [05/08/2004 20:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [15/10/2008|18:37] C:\Program Files\Adobe
    [10/10/2008|21:42] C:\Program Files\adslTV
    [21/10/2008|20:20] C:\Program Files\Alwil Software
    [03/05/2008|11:42] C:\Program Files\Apple Software Update
    [11/11/2007|21:56] C:\Program Files\Ashampoo
    [02/01/2005|01:29] C:\Program Files\ATI Technologies
    [21/10/2008|20:27] C:\Program Files\Avira
    [08/10/2008|18:43] C:\Program Files\AviSynth 2.5
    [14/10/2008|18:49] C:\Program Files\BitComet
    [05/10/2008|10:18] C:\Program Files\CAPCOM
    [24/11/2004|03:37] C:\Program Files\ComPlus Applications
    [18/09/2008|21:37] C:\Program Files\CyberLeadingCorp
    [20/02/2008|18:52] C:\Program Files\DAEMON Tools
    [21/10/2008|23:21] C:\Program Files\DAEMON Tools Pro
    [16/05/2008|15:16] C:\Program Files\DivX
    [27/10/2007|09:06] C:\Program Files\Easy Internet signup
    [16/10/2008|22:07] C:\Program Files\Electronic Arts
    [12/10/2008|14:57] C:\Program Files\Empire Interactive
    [22/10/2008|16:57] C:\Program Files\eMule
    [08/10/2008|18:42] C:\Program Files\eRightSoft
    [15/11/2007|22:08] C:\Program Files\Executive Software
    [03/09/2008|11:04] C:\Program Files\FairUse Wizard 2
    [19/10/2008|13:53] C:\Program Files\Fichiers communs
    [22/10/2008|16:51] C:\Program Files\FlashFXP
    [16/05/2008|15:00] C:\Program Files\Free Download Manager
    [02/08/2008|22:53] C:\Program Files\Freeplayer
    [29/10/2007|08:26] C:\Program Files\Google
    [20/07/2008|14:42] C:\Program Files\Hewlett-Packard
    [20/07/2008|14:44] C:\Program Files\HP
    [02/01/2005|01:57] C:\Program Files\HPQ
    [04/11/2007|00:46] C:\Program Files\Illustrate
    [15/10/2008|19:02] C:\Program Files\InstallShield Installation Information
    [19/10/2008|19:34] C:\Program Files\Internet Explorer
    [14/12/2007|03:04] C:\Program Files\Java
    [27/10/2007|12:31] C:\Program Files\K-Lite Codec Pack
    [18/10/2008|22:23] C:\Program Files\KONAMI
    [22/10/2008|16:51] C:\Program Files\LimeWire
    [10/09/2008|14:31] C:\Program Files\Logitech
    [19/10/2008|02:59] C:\Program Files\Malwarebytes' Anti-Malware
    [04/10/2008|15:50] C:\Program Files\MediaInfo
    [21/04/2008|22:31] C:\Program Files\Megaupload
    [20/10/2008|23:01] C:\Program Files\Messenger
    [01/09/2008|17:29] C:\Program Files\Messenger Plus! Live
    [11/10/2008|14:11] C:\Program Files\Microsoft
    [27/10/2007|18:07] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [25/11/2004|05:27] C:\Program Files\microsoft frontpage
    [09/03/2008|10:41] C:\Program Files\Microsoft Office
    [19/10/2008|14:52] C:\Program Files\Microsoft SQL Server Compact Edition
    [19/10/2008|19:34] C:\Program Files\Movie Maker
    [22/10/2008|22:45] C:\Program Files\Mozilla Firefox
    [12/10/2008|21:49] C:\Program Files\mp3DirectCut
    [25/11/2004|05:27] C:\Program Files\MSN
    [25/11/2004|05:27] C:\Program Files\MSN Gaming Zone
    [27/10/2007|13:32] C:\Program Files\MSXML 4.0
    [02/01/2005|02:22] C:\Program Files\muvee Technologies
    [03/06/2008|18:27] C:\Program Files\Navilog1
    [14/06/2008|14:52] C:\Program Files\Nero
    [14/06/2008|14:59] C:\Program Files\NeroInstall.bak
    [19/10/2008|19:34] C:\Program Files\NetMeeting
    [21/06/2008|14:11] C:\Program Files\NEW SUPPORT BYTE
    [29/10/2007|20:44] C:\Program Files\NFO viewer
    [25/11/2004|05:27] C:\Program Files\Online Services
    [19/10/2008|19:34] C:\Program Files\Outlook Express
    [14/12/2007|03:03] C:\Program Files\PC-Doctor for Windows
    [17/09/2008|01:10] C:\Program Files\QuickSFV
    [14/05/2008|17:08] C:\Program Files\QuickTime
    [04/09/2008|19:05] C:\Program Files\Samsung
    [18/02/2008|21:08] C:\Program Files\Securitoo
    [02/01/2005|02:03] C:\Program Files\Services en ligne
    [03/05/2008|15:14] C:\Program Files\SM
    [25/01/2008|20:22] C:\Program Files\SuperCopier2
    [16/05/2008|15:16] C:\Program Files\Total Video Converter
    [09/05/2008|15:22] C:\Program Files\Total Video2DVD Author
    [16/05/2008|15:27] C:\Program Files\Trend Micro
    [22/10/2008|05:02] C:\Program Files\TuneUp Utilities 2006
    [24/11/2004|03:37] C:\Program Files\Uninstall Information
    [16/02/2008|19:30] C:\Program Files\Unlocker
    [08/02/2008|14:37] C:\Program Files\URLSnooper2
    [08/02/2008|16:13] C:\Program Files\VirtualDubMOD
    [04/10/2008|20:53] C:\Program Files\VisualSubSync
    [24/05/2008|15:12] C:\Program Files\Wanadoo
    [24/07/2008|18:42] C:\Program Files\Winamp
    [22/10/2008|16:51] C:\Program Files\WinAVI MP4 Converter
    [19/10/2008|14:52] C:\Program Files\Windows Live
    [16/10/2008|19:05] C:\Program Files\Windows Live Safety Center
    [03/05/2008|15:17] C:\Program Files\Windows Live Toolbar
    [16/05/2008|15:05] C:\Program Files\Windows Media Connect 2
    [19/10/2008|19:34] C:\Program Files\Windows Media Player
    [19/10/2008|19:34] C:\Program Files\Windows NT
    [24/11/2004|03:37] C:\Program Files\WindowsUpdate
    [14/12/2007|03:23] C:\Program Files\WinPcap
    [18/09/2008|00:28] C:\Program Files\WinRAR
    [03/06/2008|18:26] C:\Program Files\Wireless LAN Utility
    [08/02/2008|14:37] C:\Program Files\WMR11
    [22/10/2008|17:29] C:\Program Files\World of Warcraft
    [02/08/2008|15:59] C:\Program Files\WowCartographe
    [25/11/2004|05:28] C:\Program Files\xerox
    [14/10/2008|23:26] C:\Program Files\Zero G Registry
    [27/08/2008|22:04] C:\Program Files\Zylom Games

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [15/10/2008|18:37] C:\Program Files\Fichiers communs\Adobe
    [01/08/2008|13:07] C:\Program Files\Fichiers communs\Ahead
    [17/11/2007|22:38] C:\Program Files\Fichiers communs\Blizzard Entertainment
    [23/07/2008|17:26] C:\Program Files\Fichiers communs\DFX
    [02/01/2005|01:42] C:\Program Files\Fichiers communs\Hewlett-Packard
    [20/07/2008|14:43] C:\Program Files\Fichiers communs\HP
    [05/12/2007|00:12] C:\Program Files\Fichiers communs\InstallShield
    [02/01/2005|01:23] C:\Program Files\Fichiers communs\Java
    [10/09/2008|14:32] C:\Program Files\Fichiers communs\logishrd
    [20/09/2008|16:17] C:\Program Files\Fichiers communs\Macrovision Shared
    [11/10/2008|14:11] C:\Program Files\Fichiers communs\Microsoft Shared
    [25/11/2004|05:26] C:\Program Files\Fichiers communs\MSSoap
    [23/07/2008|17:23] C:\Program Files\Fichiers communs\Nero
    [25/11/2004|05:26] C:\Program Files\Fichiers communs\ODBC
    [27/10/2007|09:45] C:\Program Files\Fichiers communs\Services
    [05/12/2007|00:11] C:\Program Files\Fichiers communs\Sonic Shared
    [25/11/2004|05:26] C:\Program Files\Fichiers communs\SpeechEngines
    [19/10/2008|19:34] C:\Program Files\Fichiers communs\System
    [29/02/2008|21:53] C:\Program Files\Fichiers communs\Vbox
    [11/10/2008|13:22] C:\Program Files\Fichiers communs\Windows Live
    [07/04/2008|15:42] C:\Program Files\Fichiers communs\WindowsLiveInstaller

    --------------------\\ Process

    ( 43 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns
    C:\DOCUME~1\HP_PRO~1\Cookies\hp_propriétaire@netpumper[2].txt
    C:\DOCUME~1\HP_PRO~1\Cookies\hp_propriétaire@www.adserver5[1].txt
    C:\DOCUME~1\HP_PRO~1\Cookies\hp_propriétaire@adultfriendfinder[2].txt
    C:\DOCUME~1\HP_PRO~1\Cookies\hp_propriétaire@advertising[2].txt
    C:\DOCUME~1\HP_PRO~1\Cookies\hp_propriétaire@banner.casinoking[2].txt
    C:\DOCUME~1\HP_PRO~1\Cookies\hp_propriétaire@casinoking[1].txt
    C:\DOCUME~1\HP_PRO~1\Cookies\hp_propriétaire@banner.cotedazurpalace[2].txt
    C:\DOCUME~1\HP_PRO~1\Cookies\hp_propriétaire@cotedazurpalace[2].txt
    C:\DOCUME~1\HP_PRO~1\Cookies\hp_propriétaire@adopt.euroclick[2].txt
    C:\DOCUME~1\HP_PRO~1\Cookies\hp_propriétaire@pacificpoker[1].txt
    C:\DOCUME~1\HP_PRO~1\Cookies\hp_propriétaire@partypoker[2].txt
    C:\DOCUME~1\HP_PRO~1\Cookies\hp_propriétaire@32vegas[2].txt
    C:\DOCUME~1\HP_PRO~1\Cookies\hp_propriétaire@banner.32vegas[2].txt
    C:\DOCUME~1\HP_PRO~1\Cookies\hp_propriétaire@lasvegas91.skyrock[1].txt
    C:\DOCUME~1\HP_PRO~1\Cookies\hp_propriétaire@www.lop[1].txt
    C:\DOCUME~1\HP_PRO~1\Cookies\hp_propriétaire@www.2xmoinscher[1].txt
    C:\DOCUME~1\HP_PRO~1\Cookies\hp_propriétaire@888[1].txt
    C:\DOCUME~1\HP_PRO~1\Cookies\hp_propriétaire@888[2].txt

    --------------------\\ Verification du Registre

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE


    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-22 22:50:04
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 281

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\HP_PRO~1\Bureau\Crack resident evil
    C:\DOCUME~1\HP_PRO~1\Bureau\Crack resident evil\game.exe
    C:\DOCUME~1\HP_PRO~1\Cookies\hp_propri‚taire@hhkingziscrack.blogspot[2].txt
    C:\DOCUME~1\HP_PRO~1\Recent\Daemon.Tools.Pro.Advanced.v4.10.0218.Incl-Crack.lnk
    C:\DOCUME~1\HP_PRO~1\Recent\Pro.Evolution.Soccer.2009.Crack.Only-RELOADED.lnk


    [F:62][D:21]-> C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp
    [F:730][D:0]-> C:\DOCUME~1\HP_PRO~1\Cookies
    [F:78][D:4]-> C:\DOCUME~1\HP_PRO~1\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 22/10/2008|22:52 - Option : [1]

    --------------------\\ Fin du rapport a 22:52:46
    23 Octobre 2008 22:05:52

    re
    je m'en doutais :D 

    vire tes cracks

    ~Fais une analyse antivirus en ligne sur le site de Kaspersky
    http://www.kaspersky.com/kos/eng/partner/default/kavweb...

    * Clique sur Accept
    * Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
    * clique une nouvelle fois sur "Accept"
    * Les bases de mises à jour vont s'installer, patiente un moment
    * Clique sur Next.
    * Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
    * Poste le rapport de scan.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS