Se connecter / S'enregistrer
Votre question

Virus qui bloque certains sites web

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
11 Juillet 2008 04:32:44

Bonjour à tous,

Mon ordinateur a attrapé un virus, je le crois bien, et cela a pour effet de m'empecher de faire des recherches par la barre d'outil de google par exemple. J'ai fait plusieurs scan avec AVG et ad-aware, mais rien d'utile n'a été trouver pour régler mon problème.

Voici le hijackthis de mon ordinateur:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:25:41, on 2008-07-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.infinit.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [Windows Media Player] C:\Documents and Settings\HP_Administrateur\rvvkmd.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CHIN PING PHONE PILE] C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\Error owns.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [f8129355] rundll32.exe "C:\WINDOWS\system32\xrhcnuch.dll",b
O4 - HKLM\..\Run: [BMfb21a0c9] Rundll32.exe "C:\WINDOWS\system32\uyeuoson.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [CopyDraw] C:\DOCUME~1\HP_ADM~1\APPLIC~1\BLUEBU~1\dentstupidanti.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.infinit.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://60.43.33.196/kxhcm10.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://82.176.73.20/home/SonySncRz30View.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://webcam1.ttu.ee/activex/AMC.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://128.97.43.214/activex/AMC.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10423 bytes



Merci beaucoup de votre aide, ce sera beaucoup apprécier.

Autres pages sur : virus bloque certains sites web

11 Juillet 2008 10:38:05

utilise ad-aware SE ( pas la version 2007-2008 ) elle sert a rien

Pour ceux qui arrive pu à avoir les updates de ad-aware SE

sur le site officiel elle y sont , je vous met le lien dowland ( mis à jour tout les 10 jours )

une fois le fichier zip récupéré décompressé le dans le dossier d' install

http://dlserver.download.lavasoft.com/public/defs.zip
11 Juillet 2008 13:05:39

Bonjour,

Plusieurs infections.

Télécharge MsnFix (de !aur3n7) sur ton Bureau.

  • Dézippe le sur ton bureau.
  • Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat. (L’extension bat peut ne pas apparaître)
  • Exécute l'option R.
  • Si l'infection est détectée, presse une touche pour lancer le Nettoyage. (N)
  • Si tu dois redémarrer l’ordinateur fais le manuellement.
  • Poste le rapport situé dans le dossier MSNFix.
  • Le nom du rapport correspond au moment de sa création : date_heure.log

    Note: Si tu obtiens un fichier zip d’upload sur ton bureau, merci de l'envoyer sur http://upload.changelog.fr
    Comment Uploader ?


    Aide : Comment utiliser MSNFix.
    Contenus similaires
    11 Juillet 2008 18:18:04

    Merci de votre aide, il y a eu une infection de détecter.

    Voici le rapport:


    MSNFix 1.732

    C:\Documents and Settings\HP_Administrateur\Bureau\MSNFix
    Fix exécuté le 2008-07-11 - 12:08:49,95 By HP_Administrateur
    mode normal

    ************************ Recherche les fichiers présents

    ... C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\removalfile.bat
    ... C:\Program Files\outerinfo\Terms.rtf
    ... C:\WINDOWS\Downloaded Program Files\setup.inf
    ... C:\WINDOWS\system32\mcrh.tmp
    ... C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\removalfile.bat
    ... C:\Documents and Settings\HP_Administrateur\??????.exe
    ... C:\Documents and Settings\HP_Administrateur\????????.exe
    ... C:\WINDOWS\cookies.ini
    ... C:\WINDOWS\wr.txt
    ... C:\WINDOWS\system32\mcrh.tmp
    ... C:\WINDOWS\system32\vbzip10.dll

    ************************ Recherche les dossiers présents

    ... C:\Program Files\outerinfo\




    ************************ Suppression des fichiers

    .. OK ... C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\removalfile.bat
    .. OK ... C:\Program Files\outerinfo\Terms.rtf
    .. OK ... C:\WINDOWS\Downloaded Program Files\setup.inf
    .. OK ... C:\WINDOWS\system32\mcrh.tmp
    .. OK ... C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\removalfile.bat
    /!\ ... C:\Documents and Settings\HP_Administrateur\??????.exe
    /!\ ... C:\Documents and Settings\HP_Administrateur\????????.exe
    .. OK ... C:\WINDOWS\cookies.ini
    .. OK ... C:\WINDOWS\wr.txt
    .. OK ... C:\WINDOWS\system32\mcrh.tmp
    .. OK ... C:\WINDOWS\system32\vbzip10.dll


    ************************ Suppression des dossiers

    /!\ ... C:\Program Files\outerinfo\


    ************************ Nettoyage du registre



    Les fichiers encore présents seront supprimés au prochain redémarrage


    ************************ Suppression des fichiers

    .. OK ... C:\Documents and Settings\HP_Administrateur\??????.exe
    .. OK ... C:\Documents and Settings\HP_Administrateur\????????.exe



    ************************ Fichiers suspects

    Aucun Fichier trouvé


    Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 2008-07-11_12123239.zip

    ************************ HKLM\...\Winlogon\Userinit

    Userinit = C:\WINDOWS\system32\userinit.exe,

    Important : http://msnfix.changelog.fr/index.php/2008/05/18/32-aler...


    ------------------------------------------------------------------------
    Auteur : !aur3n7 Contact: http://changelog.fr
    ------------------------------------------------------------------------

    --------------------------------------------- END ---------------------------------------------

    12 Juillet 2008 00:05:21

    Re,

    Télécharge Lop S&D.exe (d’ Eric 71) sur ton bureau.

  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton bureau (Si tu es sous Vista, clique droit -> exécuter en tant qu'admin)
  • Séléctionne la langue souhaitée , puis choisis l'Option 1 (Recherche)
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré (C:\lopR.txt)

    Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
    Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
    Tapes explorer et valide. Cela te fera apparaitre ton bureau
    12 Juillet 2008 02:23:40

    Voici le rapport de Lop S&D.exe



    -----------------------[ Lop S&D 4.2.2-1 XP/Vista ]---------------------

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : HP_Administrateur ] [ "C:\Lop SD" ] [ Selection : 1 ]
    [ 2008-07-11 | 20:17:13,93 ] [ PC : GOOFY ]
    [ MAJ : 09-07-2008 | 21:02 ]

    -------------[ Listing des dossiers dans Application Data ]------------

    [2005-08-24|00:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
    [2004-12-01|23:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
    [2004-12-03|21:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
    [2005-08-24|00:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
    [2005-08-24|00:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
    [2005-08-24|00:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
    [2005-08-24|00:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

    [2005-10-11|17:31] C:\DOCUME~1\Alain\APPLIC~1\Absolutist.com
    [2007-03-17|12:00] C:\DOCUME~1\Alain\APPLIC~1\Adobe
    [2005-08-25|11:27] C:\DOCUME~1\Alain\APPLIC~1\AdobeUM
    [2006-06-07|21:23] C:\DOCUME~1\Alain\APPLIC~1\Ahead
    [2005-08-23|21:02] C:\DOCUME~1\Alain\APPLIC~1\Apple Computer
    [2007-03-17|11:39] C:\DOCUME~1\Alain\APPLIC~1\ArcSoft
    [2007-05-01|18:47] C:\DOCUME~1\Alain\APPLIC~1\Canon
    [2004-12-01|16:28] C:\DOCUME~1\Alain\APPLIC~1\desktop.ini
    [2007-02-08|17:38] C:\DOCUME~1\Alain\APPLIC~1\Druide
    [2006-10-27|16:34] C:\DOCUME~1\Alain\APPLIC~1\Google
    [2006-04-06|18:53] C:\DOCUME~1\Alain\APPLIC~1\Help
    [2005-08-23|21:02] C:\DOCUME~1\Alain\APPLIC~1\Identities
    [2006-05-15|09:50] C:\DOCUME~1\Alain\APPLIC~1\Leadertech
    [2007-06-01|17:49] C:\DOCUME~1\Alain\APPLIC~1\LimeWire
    [2007-03-17|11:36] C:\DOCUME~1\Alain\APPLIC~1\Macromedia
    [2007-05-30|19:16] C:\DOCUME~1\Alain\APPLIC~1\Microsoft
    [2007-03-03|17:13] C:\DOCUME~1\Alain\APPLIC~1\Mozilla
    [2006-06-30|16:23] C:\DOCUME~1\Alain\APPLIC~1\muvee Technologies
    [2006-06-30|16:08] C:\DOCUME~1\Alain\APPLIC~1\NeroDCTemplates
    [2007-05-03|16:11] C:\DOCUME~1\Alain\APPLIC~1\OpenOffice.org2
    [2006-05-08|17:40] C:\DOCUME~1\Alain\APPLIC~1\Real
    [2005-08-23|21:02] C:\DOCUME~1\Alain\APPLIC~1\SampleView
    [2006-12-01|16:24] C:\DOCUME~1\Alain\APPLIC~1\ScanSoft
    [2006-05-15|09:51] C:\DOCUME~1\Alain\APPLIC~1\Sonic
    [2005-11-03|20:58] C:\DOCUME~1\Alain\APPLIC~1\Sony Corporation
    [2005-09-19|19:03] C:\DOCUME~1\Alain\APPLIC~1\Sun
    [2005-08-24|21:09] C:\DOCUME~1\Alain\APPLIC~1\Symantec
    [2005-11-09|17:21] C:\DOCUME~1\Alain\APPLIC~1\Template
    [2007-06-03|14:56] C:\DOCUME~1\Alain\APPLIC~1\U3
    [2007-05-23|19:41] C:\DOCUME~1\Alain\APPLIC~1\uTorrent
    [2007-04-27|09:55] C:\DOCUME~1\Alain\APPLIC~1\wklnhst.dat

    [2005-08-24|00:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [2007-03-17|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
    [2008-04-05|15:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [2008-04-05|15:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [2006-12-01|16:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
    [2004-12-01|23:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
    [2007-04-11|18:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
    [2006-10-27|15:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [2008-01-13|19:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
    [2005-08-24|00:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
    [2005-08-24|00:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
    [2005-08-24|00:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    [2007-07-12|12:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    [2008-06-29|19:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [2005-08-24|00:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [2005-08-24|16:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies
    [2007-04-11|18:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
    [2008-06-29|19:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Proxy Long Chin Ping
    [2005-08-24|00:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    [2005-08-23|23:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [2005-11-03|20:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
    [2008-01-06|15:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    [2007-11-05|16:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [2006-08-01|20:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
    [2007-09-16|17:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [2008-06-10|16:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

    [2005-10-11|17:29] C:\DOCUME~1\CHRIST~1\APPLIC~1\Absolutist.com
    [2007-05-10|09:18] C:\DOCUME~1\CHRIST~1\APPLIC~1\Adobe
    [2007-04-13|15:02] C:\DOCUME~1\CHRIST~1\APPLIC~1\Ahead
    [2005-08-23|21:02] C:\DOCUME~1\CHRIST~1\APPLIC~1\Apple Computer
    [2004-12-01|16:28] C:\DOCUME~1\CHRIST~1\APPLIC~1\desktop.ini
    [2006-10-27|18:58] C:\DOCUME~1\CHRIST~1\APPLIC~1\Google
    [2005-08-23|21:02] C:\DOCUME~1\CHRIST~1\APPLIC~1\Identities
    [2006-12-31|14:35] C:\DOCUME~1\CHRIST~1\APPLIC~1\inifile41.ini
    [2006-12-31|14:35] C:\DOCUME~1\CHRIST~1\APPLIC~1\internaldb1942.dat
    [2006-12-31|14:35] C:\DOCUME~1\CHRIST~1\APPLIC~1\internaldb41.dat
    [2006-12-31|14:35] C:\DOCUME~1\CHRIST~1\APPLIC~1\internaldb4827.dat
    [2006-12-31|14:35] C:\DOCUME~1\CHRIST~1\APPLIC~1\internaldb5436.dat
    [2006-12-31|14:35] C:\DOCUME~1\CHRIST~1\APPLIC~1\internaldb6334.dat
    [2006-12-31|14:35] C:\DOCUME~1\CHRIST~1\APPLIC~1\internaldb8467.dat
    [2006-05-15|09:41] C:\DOCUME~1\CHRIST~1\APPLIC~1\InterVideo
    [2007-06-02|09:57] C:\DOCUME~1\CHRIST~1\APPLIC~1\LimeWire
    [2005-08-25|08:21] C:\DOCUME~1\CHRIST~1\APPLIC~1\Macromedia
    [2005-11-26|14:44] C:\DOCUME~1\CHRIST~1\APPLIC~1\Microsoft
    [2005-12-19|18:34] C:\DOCUME~1\CHRIST~1\APPLIC~1\Mozilla
    [2005-09-18|14:47] C:\DOCUME~1\CHRIST~1\APPLIC~1\muvee Technologies
    [2005-09-13|17:11] C:\DOCUME~1\CHRIST~1\APPLIC~1\Real
    [2005-08-23|21:02] C:\DOCUME~1\CHRIST~1\APPLIC~1\SampleView
    [2006-04-04|16:17] C:\DOCUME~1\CHRIST~1\APPLIC~1\Sonic
    [2005-11-23|15:20] C:\DOCUME~1\CHRIST~1\APPLIC~1\Sony Corporation
    [2005-08-27|17:55] C:\DOCUME~1\CHRIST~1\APPLIC~1\Sun
    [2005-08-23|21:02] C:\DOCUME~1\CHRIST~1\APPLIC~1\Symantec
    [2005-12-19|18:34] C:\DOCUME~1\CHRIST~1\APPLIC~1\Talkback
    [2005-08-25|13:17] C:\DOCUME~1\CHRIST~1\APPLIC~1\Template
    [2007-04-11|17:23] C:\DOCUME~1\CHRIST~1\APPLIC~1\U3
    [2007-05-10|09:19] C:\DOCUME~1\CHRIST~1\APPLIC~1\wklnhst.dat

    [2007-06-06|18:48] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Adobe
    [2005-08-24|00:22] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Apple Computer
    [2004-12-01|23:28] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\desktop.ini
    [2007-06-04|12:14] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Google
    [2004-12-03|21:59] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Identities
    [2007-06-04|20:21] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\LimeWire
    [2007-06-04|12:12] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Macromedia
    [2007-06-11|22:39] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Microsoft
    [2007-06-04|13:07] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Real
    [2005-08-24|00:35] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\SampleView
    [2007-06-04|13:51] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Sun
    [2005-08-24|00:43] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Symantec

    [2005-08-24|00:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
    [2004-12-01|23:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
    [2004-12-03|21:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [2005-08-24|00:53] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [2005-08-24|00:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
    [2005-08-24|00:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
    [2005-08-24|00:43] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

    [2008-05-04|16:19] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Adobe
    [2008-05-08|19:30] C:\DOCUME~1\HP_ADM~1\APPLIC~1\AdobeUM
    [2008-05-13|12:02] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Apple Computer
    [2007-06-03|17:19] C:\DOCUME~1\HP_ADM~1\APPLIC~1\ArcSoft
    [2008-06-29|19:09] C:\DOCUME~1\HP_ADM~1\APPLIC~1\blue burn
    [2008-07-10|17:59] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Canon
    [2008-04-29|15:55] C:\DOCUME~1\HP_ADM~1\APPLIC~1\DataCast
    [2004-12-01|23:28] C:\DOCUME~1\HP_ADM~1\APPLIC~1\desktop.ini
    [2008-01-30|19:36] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Druide
    [2008-02-15|23:02] C:\DOCUME~1\HP_ADM~1\APPLIC~1\FileZilla
    [2008-05-01|20:36] C:\DOCUME~1\HP_ADM~1\APPLIC~1\fretsonfire
    [2007-07-04|14:59] C:\DOCUME~1\HP_ADM~1\APPLIC~1\G-Force Prefs (WindowsMediaPlayer).txt
    [2007-06-03|18:35] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Google
    [2008-01-13|19:03] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Grisoft
    [2004-12-03|21:59] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Identities
    [2007-07-26|10:11] C:\DOCUME~1\HP_ADM~1\APPLIC~1\InterVideo
    [2007-06-27|14:10] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Leadertech
    [2008-04-22|17:21] C:\DOCUME~1\HP_ADM~1\APPLIC~1\LimeWire
    [2007-06-03|18:16] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Macromedia
    [2008-04-01|22:09] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Microsoft
    [2008-04-20|10:55] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Mozilla
    [2008-02-14|20:18] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Notepad++
    [2007-08-20|11:34] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Opera
    [2007-06-08|19:32] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Real
    [2005-08-24|00:35] C:\DOCUME~1\HP_ADM~1\APPLIC~1\SampleView
    [2007-06-27|14:11] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Sonic
    [2007-06-22|10:21] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Sun
    [2007-06-03|19:26] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Symantec
    [2007-06-03|17:07] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Template
    [2007-10-07|14:30] C:\DOCUME~1\HP_ADM~1\APPLIC~1\TuneUp Software
    [2007-09-26|19:30] C:\DOCUME~1\HP_ADM~1\APPLIC~1\U3
    [2008-03-13|22:21] C:\DOCUME~1\HP_ADM~1\APPLIC~1\uTorrent
    [2008-07-09|13:59] C:\DOCUME~1\HP_ADM~1\APPLIC~1\wklnhst.dat

    [2006-01-19|22:41] C:\DOCUME~1\JOLLE~1\APPLIC~1\Adobe
    [2007-04-16|15:21] C:\DOCUME~1\JOLLE~1\APPLIC~1\Ahead
    [2005-08-23|21:02] C:\DOCUME~1\JOLLE~1\APPLIC~1\Apple Computer
    [2007-04-16|15:11] C:\DOCUME~1\JOLLE~1\APPLIC~1\Canon
    [2004-12-01|16:28] C:\DOCUME~1\JOLLE~1\APPLIC~1\desktop.ini
    [2007-04-12|19:21] C:\DOCUME~1\JOLLE~1\APPLIC~1\Druide
    [2006-10-27|19:57] C:\DOCUME~1\JOLLE~1\APPLIC~1\Google
    [2005-10-29|18:05] C:\DOCUME~1\JOLLE~1\APPLIC~1\Help
    [2005-08-23|21:02] C:\DOCUME~1\JOLLE~1\APPLIC~1\Identities
    [2007-06-01|12:01] C:\DOCUME~1\JOLLE~1\APPLIC~1\LimeWire
    [2005-08-25|08:57] C:\DOCUME~1\JOLLE~1\APPLIC~1\Macromedia
    [2006-07-31|20:52] C:\DOCUME~1\JOLLE~1\APPLIC~1\Microsoft
    [2007-05-10|08:59] C:\DOCUME~1\JOLLE~1\APPLIC~1\OpenOffice.org2
    [2005-10-19|21:57] C:\DOCUME~1\JOLLE~1\APPLIC~1\Real
    [2005-08-23|21:02] C:\DOCUME~1\JOLLE~1\APPLIC~1\SampleView
    [2006-09-10|16:47] C:\DOCUME~1\JOLLE~1\APPLIC~1\Sonic
    [2005-09-22|21:33] C:\DOCUME~1\JOLLE~1\APPLIC~1\Sun
    [2005-10-29|18:04] C:\DOCUME~1\JOLLE~1\APPLIC~1\Symantec
    [2005-08-28|14:01] C:\DOCUME~1\JOLLE~1\APPLIC~1\Template
    [2007-04-11|17:18] C:\DOCUME~1\JOLLE~1\APPLIC~1\U3
    [2007-05-14|10:33] C:\DOCUME~1\JOLLE~1\APPLIC~1\wklnhst.dat

    [2007-05-12|08:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
    [2007-05-08|20:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
    [2007-06-03|17:23] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [2007-05-08|17:49] C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon

    [2005-08-23|21:02] C:\DOCUME~1\Michel\APPLIC~1\Apple Computer
    [2004-12-01|16:28] C:\DOCUME~1\Michel\APPLIC~1\desktop.ini
    [2005-08-23|21:02] C:\DOCUME~1\Michel\APPLIC~1\Identities
    [2005-08-23|21:02] C:\DOCUME~1\Michel\APPLIC~1\Microsoft
    [2005-08-23|21:02] C:\DOCUME~1\Michel\APPLIC~1\Real
    [2005-08-23|21:02] C:\DOCUME~1\Michel\APPLIC~1\SampleView
    [2005-08-23|21:02] C:\DOCUME~1\Michel\APPLIC~1\Symantec

    [2005-05-21|14:52] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [2005-08-25|11:22] C:\DOCUME~1\Robin\APPLIC~1\Adobe
    [2006-06-19|18:24] C:\DOCUME~1\Robin\APPLIC~1\Ahead
    [2005-08-23|21:02] C:\DOCUME~1\Robin\APPLIC~1\Apple Computer
    [2006-12-11|16:20] C:\DOCUME~1\Robin\APPLIC~1\Canon
    [2004-12-01|16:28] C:\DOCUME~1\Robin\APPLIC~1\desktop.ini
    [2005-12-29|11:43] C:\DOCUME~1\Robin\APPLIC~1\G-Force Prefs (WindowsMediaPlayer).txt
    [2006-02-24|20:18] C:\DOCUME~1\Robin\APPLIC~1\Google
    [2005-11-01|18:47] C:\DOCUME~1\Robin\APPLIC~1\Help
    [2005-08-23|21:02] C:\DOCUME~1\Robin\APPLIC~1\Identities
    [2005-11-22|16:11] C:\DOCUME~1\Robin\APPLIC~1\InstallShield
    [2005-09-27|16:24] C:\DOCUME~1\Robin\APPLIC~1\InstallShield Installation Information
    [2006-04-07|19:01] C:\DOCUME~1\Robin\APPLIC~1\InterVideo
    [2006-09-14|19:05] C:\DOCUME~1\Robin\APPLIC~1\LimeWire

    [2005-08-25|13:51] C:\DOCUME~1\Robin\APPLIC~1\Macromedia
    [2005-10-04|16:47] C:\DOCUME~1\Robin\APPLIC~1\Microsoft
    [2005-08-25|14:12] C:\DOCUME~1\Robin\APPLIC~1\Mozilla
    [2005-09-28|15:22] C:\DOCUME~1\Robin\APPLIC~1\muvee Technologies
    [2005-09-04|15:53] C:\DOCUME~1\Robin\APPLIC~1\Real
    [2005-08-23|21:02] C:\DOCUME~1\Robin\APPLIC~1\SampleView
    [2006-02-10|17:20] C:\DOCUME~1\Robin\APPLIC~1\Sonic
    [2005-08-30|14:26] C:\DOCUME~1\Robin\APPLIC~1\Sun
    [2005-10-30|14:54] C:\DOCUME~1\Robin\APPLIC~1\Symantec
    [2005-08-25|14:12] C:\DOCUME~1\Robin\APPLIC~1\Talkback
    [2005-08-23|22:00] C:\DOCUME~1\Robin\APPLIC~1\Template
    [2007-04-11|16:47] C:\DOCUME~1\Robin\APPLIC~1\U3
    [2006-07-01|17:36] C:\DOCUME~1\Robin\APPLIC~1\Vso
    [2006-10-26|18:38] C:\DOCUME~1\Robin\APPLIC~1\wklnhst.dat

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [2008-07-11 20:00][--ah-----] C:\WINDOWS\tasks\AF9B293991B8DF31.job
    [2008-07-11 13:22][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2008-07-11 17:15][--a------] C:\WINDOWS\tasks\1-Click Maintenance.job
    [2008-07-11 12:12][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [2004-08-10 21:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

    AF9B293991B8DF31.job <--> c:\docume~1\hp_adm~1\applic~1\bluebu~1\eqtraywin.exe

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [2007-07-02|15:53] C:\Program Files\A.ico
    [2007-07-12|15:03] C:\Program Files\a.zip
    [2007-08-22|16:45] C:\Program Files\Activision
    [2006-01-07|14:17] C:\Program Files\Activision Value
    [2007-06-06|17:00] C:\Program Files\Adobe
    [2007-02-08|17:42] C:\Program Files\Ahead
    [2006-10-29|16:07] C:\Program Files\Alcohol Soft
    [2007-03-17|11:59] C:\Program Files\Alcohol Toolbar
    [2007-03-02|23:19] C:\Program Files\Alias
    [2008-04-05|15:32] C:\Program Files\Apple Software Update
    [2006-12-01|16:22] C:\Program Files\ArcSoft
    [2005-10-17|15:27] C:\Program Files\Ares Download Client
    [2005-09-29|19:22] C:\Program Files\Ares Galaxy FasterDownload
    [2005-08-24|14:28] C:\Program Files\AT&T
    [2007-01-13|12:40] C:\Program Files\Atari
    [2008-03-20|12:07] C:\Program Files\Axis Communications
    [2007-07-02|15:53] C:\Program Files\B.ico
    [2007-07-12|15:06] C:\Program Files\b.zip
    [2007-05-10|16:49] C:\Program Files\backburner 2
    [2005-08-24|00:25] C:\Program Files\BackWeb
    [2008-06-29|19:09] C:\Program Files\blue burn
    [2008-04-05|15:33] C:\Program Files\Bonjour
    [2008-02-14|19:37] C:\Program Files\Bradbury
    [2005-12-01|20:15] C:\Program Files\Broderbund
    [2007-07-12|15:03] C:\Program Files\c.zip
    [2006-12-01|16:22] C:\Program Files\Canon
    [2006-08-01|20:07] C:\Program Files\Cap'n Crunch
    [2008-06-29|19:09] C:\Program Files\Circle Developement
    [2004-12-03|21:03] C:\Program Files\ComPlus Applications
    [2006-08-01|20:22] C:\Program Files\Deer Drive
    [2006-06-07|13:11] C:\Program Files\devnz
    [2005-08-24|14:18] C:\Program Files\directx
    [2007-02-08|17:27] C:\Program Files\Druide
    [2007-04-14|17:44] C:\Program Files\EA GAMES
    [2006-11-17|17:16] C:\Program Files\EA SPORTS
    [2007-05-10|16:51] C:\Program Files\EACOM
    [2007-06-03|18:24] C:\Program Files\Easy Internet signup
    [2006-11-17|21:05] C:\Program Files\Electronic Arts
    [2008-06-25|14:07] C:\Program Files\Everest Poker
    [2007-05-14|14:56] C:\Program Files\Everest Poker.net
    [2006-11-07|20:14] C:\Program Files\Fantasy Hockey League
    [2008-06-10|16:54] C:\Program Files\Fichiers communs
    [2008-02-14|20:26] C:\Program Files\FileZilla FTP Client
    [2007-05-30|18:56] C:\Program Files\FlashGet
    [2005-08-24|00:15] C:\Program Files\FrenchOtto
    [2008-05-01|20:34] C:\Program Files\Frets on Fire
    [2008-02-01|18:10] C:\Program Files\Full Tilt Poker
    [2005-09-07|17:17] C:\Program Files\GameSpy Arcade
    [2005-08-24|00:15] C:\Program Files\GemMasterFrench
    [2007-05-10|16:53] C:\Program Files\GM Hockey Renaissance
    [2007-06-03|19:11] C:\Program Files\Google
    [2008-01-13|19:03] C:\Program Files\Grisoft
    [2006-08-01|20:09] C:\Program Files\Hasbro Interactive
    [2007-05-10|16:53] C:\Program Files\Heroes II Gold
    [2005-08-24|00:06] C:\Program Files\Hewlett-Packard
    [2005-08-24|00:07] C:\Program Files\HP
    [2005-08-23|18:40] C:\Program Files\HP DeskJet 840C Series
    [2005-08-24|00:27] C:\Program Files\HPQ
    [2006-01-25|20:15] C:\Program Files\Illustrate
    [2007-01-13|12:37] C:\Program Files\Infogrames
    [2007-01-13|12:40] C:\Program Files\Infogrames Interactive
    [2008-04-29|15:55] C:\Program Files\InstallShield Installation Information
    [2008-06-12|03:02] C:\Program Files\Internet Explorer
    [2006-07-07|19:39] C:\Program Files\InternetGameBox
    [2005-08-24|00:51] C:\Program Files\InterVideo
    [2008-04-05|15:34] C:\Program Files\iPod
    [2008-04-05|15:34] C:\Program Files\iTunes
    [2008-07-09|15:00] C:\Program Files\Java
    [2007-08-16|15:56] C:\Program Files\Lame MP3 Codec
    [2007-07-12|12:40] C:\Program Files\Lavasoft
    [2007-10-02|19:48] C:\Program Files\LimeWire
    [2005-09-22|20:19] C:\Program Files\Logitech
    [2008-02-14|19:35] C:\Program Files\Macromedia
    [2007-02-21|21:40] C:\Program Files\MarkAny
    [2005-08-23|23:45] C:\Program Files\Messenger
    [2008-06-29|19:09] C:\Program Files\Messenger Plus! Live
    [2007-05-11|15:20] C:\Program Files\Microsoft ActiveSync
    [2008-06-12|03:02] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [2005-08-24|00:13] C:\Program Files\Microsoft Encarta
    [2007-07-12|14:39] C:\Program Files\microsoft frontpage
    [2006-10-29|16:27] C:\Program Files\Microsoft Games
    [2007-05-10|17:13] C:\Program Files\Microsoft NetShow
    [2008-02-24|12:54] C:\Program Files\Microsoft Office
    [2005-08-24|00:21] C:\Program Files\Microsoft Visual Studio
    [2007-06-03|18:21] C:\Program Files\Microsoft Works
    [2007-06-03|18:40] C:\Program Files\Microsoft.NET
    [2005-09-23|09:28] C:\Program Files\minicliptoolbar toolbar
    [2008-04-25|20:26] C:\Program Files\Movie Maker
    [2008-07-11|00:10] C:\Program Files\Mozilla Firefox
    [2007-01-02|00:13] C:\Program Files\MP3 Player Utilities
    [2007-01-02|12:08] C:\Program Files\MP3 Player Utilities 3.57
    [2007-01-15|19:17] C:\Program Files\MP3 Player Utilities 3.68
    [2007-01-19|17:43] C:\Program Files\Mpath
    [2008-02-24|12:54] C:\Program Files\MSECache
    [2004-12-03|22:01] C:\Program Files\MSN
    [2004-12-03|22:01] C:\Program Files\MSN Gaming Zone
    [2008-01-09|17:43] C:\Program Files\MSN Messenger
    [2006-11-15|18:33] C:\Program Files\MSXML 4.0
    [2005-08-24|00:52] C:\Program Files\muvee Technologies
    [2006-07-07|15:15] C:\Program Files\Nero
    [2007-06-03|19:37] C:\Program Files\NetMeeting
    [2007-07-12|15:15] C:\Program Files\Network Monitor
    [2008-02-14|19:39] C:\Program Files\Notepad++
    [2004-12-03|22:01] C:\Program Files\Online Services
    [2007-05-10|17:16] C:\Program Files\OpenOffice.org 2.1
    [2008-07-11|12:10] C:\Program Files\Outerinfo
    [2007-07-12|14:48] C:\Program Files\outlook
    [2007-06-29|03:06] C:\Program Files\Outlook Express
    [2007-06-03|18:27] C:\Program Files\PC-Doctor for Windows
    [2007-03-23|20:32] C:\Program Files\PKR
    [2008-05-11|08:31] C:\Program Files\PokerStars
    [2006-12-22|12:27] C:\Program Files\pshl
    [2006-12-31|14:35] C:\Program Files\PuzzleDesktop
    [2008-04-05|15:33] C:\Program Files\QuickTime
    [2005-08-24|00:13] C:\Program Files\Real
    [2008-02-27|17:05] C:\Program Files\RndLabs
    [2005-09-04|16:32] C:\Program Files\Rockstar Games
    [2007-02-21|21:40] C:\Program Files\Samsung
    [2006-12-01|16:23] C:\Program Files\ScanSoft
    [2005-08-24|14:12] C:\Program Files\Scrabble
    [2006-11-29|19:10] C:\Program Files\Screensavers.com
    [2005-08-24|00:33] C:\Program Files\Services en ligne
    [2006-04-11|18:54] C:\Program Files\SigmaTel
    [2006-03-06|17:33] C:\Program Files\Softinterface, Inc
    [2005-08-24|00:17] C:\Program Files\Sonic
    [2005-11-03|20:52] C:\Program Files\Sony
    [2007-06-03|14:40] C:\Program Files\Steam
    [2005-11-01|18:42] C:\Program Files\SymNetDrv
    [2008-05-03|13:39] C:\Program Files\Thumbs.db
    [2008-02-23|15:27] C:\Program Files\TI Education
    [2007-03-17|11:35] C:\Program Files\Total Training
    [2008-07-10|22:25] C:\Program Files\Trend Micro
    [2007-06-04|16:15] C:\Program Files\Ubisoft
    [2004-12-03|21:03] C:\Program Files\Uninstall Information
    [2005-08-24|00:25] C:\Program Files\Updates from HP
    [2007-06-09|09:19] C:\Program Files\uTorrent
    [2008-05-22|20:33] C:\Program Files\VirtualDJ
    [2008-01-01|16:31] C:\Program Files\Voyage Century Online
    [2006-07-01|17:19] C:\Program Files\vso
    [2006-12-31|15:31] C:\Program Files\WAV to MP3 Encoder
    [2008-06-10|16:54] C:\Program Files\Windows Live
    [2007-06-03|19:37] C:\Program Files\Windows Media Player
    [2007-06-03|19:37] C:\Program Files\Windows NT
    [2004-12-03|22:02] C:\Program Files\Windows Plus
    [2004-12-03|21:03] C:\Program Files\WindowsUpdate
    [2007-06-05|19:01] C:\Program Files\WinRAR
    [2007-07-12|12:36] C:\Program Files\WordPerfect Office X3 Installer
    [2004-12-03|22:02] C:\Program Files\xerox
    [2007-08-16|15:56] C:\Program Files\Xvid
    [2006-01-23|20:22] C:\Program Files\Yahoo!

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    [2007-06-06|17:02] C:\Program Files\Fichiers communs\Adobe
    [2007-03-17|11:46] C:\Program Files\Fichiers communs\Adobe Systems Shared
    [2007-04-11|18:35] C:\Program Files\Fichiers communs\Ahead
    [2008-04-05|15:32] C:\Program Files\Fichiers communs\Apple
    [2005-12-01|20:15] C:\Program Files\Fichiers communs\Broderbund
    [2007-06-03|18:41] C:\Program Files\Fichiers communs\DESIGNER
    [2007-04-14|17:52] C:\Program Files\Fichiers communs\DirectX
    [2005-08-24|00:06] C:\Program Files\Fichiers communs\Hewlett-Packard
    [2005-08-23|23:54] C:\Program Files\Fichiers communs\HP
    [2005-08-24|00:51] C:\Program Files\Fichiers communs\InstallShield
    [2005-08-24|00:51] C:\Program Files\Fichiers communs\InterVideo
    [2005-08-23|23:39] C:\Program Files\Fichiers communs\Java
    [2005-08-23|18:24] C:\Program Files\Fichiers communs\LightScribe
    [2005-09-22|20:19] C:\Program Files\Fichiers communs\Logitech
    [2008-02-14|19:35] C:\Program Files\Fichiers communs\Macromedia
    [2008-02-24|12:54] C:\Program Files\Fichiers communs\Microsoft Shared
    [2004-12-03|22:00] C:\Program Files\Fichiers communs\MSSoap
    [2005-08-24|00:24] C:\Program Files\Fichiers communs\muvee Technologies
    [2004-12-03|22:00] C:\Program Files\Fichiers communs\ODBC
    [2005-08-24|00:13] C:\Program Files\Fichiers communs\Real
    [2007-06-03|19:37] C:\Program Files\Fichiers communs\Services
    [2005-08-24|00:12] C:\Program Files\Fichiers communs\Sonic Shared
    [2005-11-03|20:52] C:\Program Files\Fichiers communs\Sony Shared
    [2004-12-03|22:00] C:\Program Files\Fichiers communs\SpeechEngines
    [2005-08-24|00:12] C:\Program Files\Fichiers communs\SureThing Shared
    [2008-01-06|15:12] C:\Program Files\Fichiers communs\Symantec Shared
    [2007-06-29|03:06] C:\Program Files\Fichiers communs\System
    [2008-02-23|15:27] C:\Program Files\Fichiers communs\TI Shared
    [2005-08-24|00:17] C:\Program Files\Fichiers communs\TiVo Shared
    [2008-02-14|19:35] C:\Program Files\Fichiers communs\Vbox
    [2008-06-10|16:54] C:\Program Files\Fichiers communs\WindowsLiveInstaller
    [2008-01-01|16:31] C:\Program Files\Fichiers communs\Wise Installation Wizard
    [2005-08-24|00:13] C:\Program Files\Fichiers communs\xing shared

    ---------------------------[ Process ]--------------------------

    ... 59

    IEXPLORE.EXE ~ [3532]
    IEXPLORE.EXE ~ [4088]

    ----------------------[ Recherche avec S_Lop ]---------------------

    C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\bis2B.exe

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Proxy Long Chin Ping
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Proxy Long Chin Ping\Error owns.exe
    C:\DOCUME~1\HP_ADM~1\APPLIC~1\bluebu~1
    C:\DOCUME~1\HP_ADM~1\APPLIC~1\bluebu~1\dentstupidanti.exe
    C:\DOCUME~1\HP_ADM~1\APPLIC~1\bluebu~1\Dupe global scr keep.exe
    C:\DOCUME~1\HP_ADM~1\APPLIC~1\bluebu~1\eq tray win.exe
    C:\DOCUME~1\HP_ADM~1\APPLIC~1\bluebu~1\ghafwffl.exe
    C:\Program Files\bluebu~1
    C:\Program Files\Circle Developement
    C:\Program Files\Circle Developement\Uninstall.exe
    C:\WINDOWS\Prefetch\DENTSTUPIDANTI.EXE-215CE3C6.pf
    C:\WINDOWS\Prefetch\EQ TRAY WIN.EXE-0AA1EAE6.pf
    C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@adultfriendfinder[2].txt
    C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@adin.bigpoint[2].txt
    C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@bigpoint[1].txt
    C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@es.bigpoint[1].txt
    C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@es.bigpoint[2].txt
    C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@es.bigpoint[3].txt
    C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@es.bigpoint[4].txt
    C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@es.bigpoint[5].txt
    C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@es.bigpoint[6].txt
    C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@es.bigpoint[7].txt
    C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@es.bigpoint[8].txt
    C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@fr.seafight.bigpoint[1].txt
    C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@us.seafight.bigpoint[2].txt
    C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@us.xblaster.bigpoint[2].txt
    C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.bigpoint[1].txt
    C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.bigpoint[2].txt
    C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.bigpoint[3].txt
    C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.bigpoint[4].txt
    C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.bigpoint[5].txt
    C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.bigpoint[6].txt
    C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.bigpoint[7].txt
    C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.bigpoint[8].txt
    C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@pacificpoker[1].txt
    C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@partygaming.122.2o7[1].txt
    C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@partypoker[1].txt
    C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@fr.seafight.bigpoint[1].txt
    C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@us.seafight.bigpoint[2].txt
    C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@hotfrog[1].txt
    C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@888[1].txt
    C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@888[2].txt
    C:\WINDOWS\Tasks\AF9B293991B8DF31.job

    ----------------------[ Verification du Registre ]----------------------

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CopyDraw"="C:\\DOCUME~1\\HP_ADM~1\\APPLIC~1\\BLUEBU~1\\dentstupidanti.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CHIN PING PHONE PILE"="C:\\Documents and Settings\\All Users\\Application Data\\Proxy Long Chin Ping\\Error owns.exe"

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-11 20:18:43
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    C:\WINDOWS\System32\drivers\ntndis.sys 4864 bytes executable
    scan completed successfully
    hidden processes: 0
    hidden files: 1

    --------------------[ Recherche d'autres infections ]---------------------

    C:\Program Files\InternetGameBox
    C:\Program Files\InternetGameBox\IGB.maj
    C:\Program Files\InternetGameBox\InternetGameBox.exe
    C:\Program Files\InternetGameBox\InternetGameBox.url
    C:\Program Files\InternetGameBox\ressources
    C:\Program Files\InternetGameBox\skins
    C:\Program Files\InternetGameBox\uninst.exe
    C:\WINDOWS\Pack.epk
    ! EGDACCESS !

    C:\WINDOWS\system32\VxIllnnn.ini2
    C:\WINDOWS\system32\VxIllnnn.ini
    ! VUNDO Possible !



    [F:19085][D:76]-> C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
    [F:1641][D:0]-> C:\DOCUME~1\HP_ADM~1\Cookies
    [F:6345][D:10]-> C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\content.IE5

    --------------------[ Fin du rapport a 20:21:25,95 ]----------------------
    12 Juillet 2008 03:26:16

    Re,

    Relance Lop S&D.

  • Choisis cette fois ci l'Option 2 (Suppression)
    ! Ne ferme pas la fenêtre lors de la suppression ! [/#f]
  • Poste le rapport généré (C:\lopR.txt)

    [#008040]Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
    Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
    Tapes explorer et valide. Cela te fera apparaitre ton bureau
    12 Juillet 2008 05:23:24

    Voici le rapport de la supression de lop S&D
    -----------------------[ Lop S&D 4.2.2-1 XP/Vista ]---------------------

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : HP_Administrateur ] [ "C:\Lop SD" ] [ Selection : 2 ]
    [ 2008-07-11 | 23:15:33,87 ] [ PC : GOOFY ]
    [ MAJ : 09-07-2008 | 21:02 ]


    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

    Echec ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Proxy Long Chin Ping\Error owns.exe
    Supprime! - C:\DOCUME~1\HP_ADM~1\APPLIC~1\bluebu~1\dentstupidanti.exe
    Supprime! - C:\DOCUME~1\HP_ADM~1\APPLIC~1\bluebu~1\Dupe global scr keep.exe
    Supprime! - C:\DOCUME~1\HP_ADM~1\APPLIC~1\bluebu~1\eq tray win.exe
    Supprime! - C:\DOCUME~1\HP_ADM~1\APPLIC~1\bluebu~1\ghafwffl.exe
    Supprime! - C:\Program Files\Circle Developement\Uninstall.exe
    Supprime! - C:\WINDOWS\Prefetch\DENTSTUPIDANTI.EXE-215CE3C6.pf
    Supprime! - C:\WINDOWS\Prefetch\EQ TRAY WIN.EXE-0AA1EAE6.pf
    Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@adultfriendfinder[2].txt
    Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@adin.bigpoint[2].txt
    Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@bigpoint[1].txt
    Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@es.bigpoint[1].txt
    Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@es.bigpoint[2].txt
    Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@es.bigpoint[3].txt
    Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@es.bigpoint[4].txt
    Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@es.bigpoint[5].txt
    Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@es.bigpoint[6].txt
    Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@es.bigpoint[7].txt
    Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@es.bigpoint[8].txt
    Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@fr.seafight.bigpoint[1].txt
    Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@us.seafight.bigpoint[2].txt
    Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@us.xblaster.bigpoint[2].txt
    Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.bigpoint[1].txt
    Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.bigpoint[2].txt
    Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.bigpoint[3].txt
    Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.bigpoint[4].txt
    Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.bigpoint[5].txt
    Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.bigpoint[6].txt
    Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.bigpoint[7].txt
    Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.bigpoint[8].txt
    Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@pacificpoker[1].txt
    Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@partygaming.122.2o7[1].txt
    Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@partypoker[1].txt
    Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@hotfrog[1].txt
    Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@888[1].txt
    Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@888[2].txt
    Supprime! - C:\WINDOWS\Tasks\AF9B293991B8DF31.job
    Supprime! - C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\bis2B.exe
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Proxy Long Chin Ping
    Supprime! - C:\DOCUME~1\HP_ADM~1\APPLIC~1\bluebu~1
    Supprime! - C:\Program Files\bluebu~1
    Supprime! - C:\Program Files\Circle Developement

    //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    -------------[ Listing des dossiers dans APPLIC~1 ]------------

    [2005-08-24|00:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
    [2004-12-01|23:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
    [2004-12-03|21:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
    [2005-08-24|00:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
    [2005-08-24|00:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
    [2005-08-24|00:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
    [2005-08-24|00:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

    [2005-10-11|17:31] C:\DOCUME~1\Alain\APPLIC~1\Absolutist.com
    [2007-03-17|12:00] C:\DOCUME~1\Alain\APPLIC~1\Adobe
    [2005-08-25|11:27] C:\DOCUME~1\Alain\APPLIC~1\AdobeUM
    [2006-06-07|21:23] C:\DOCUME~1\Alain\APPLIC~1\Ahead
    [2005-08-23|21:02] C:\DOCUME~1\Alain\APPLIC~1\Apple Computer
    [2007-03-17|11:39] C:\DOCUME~1\Alain\APPLIC~1\ArcSoft
    [2007-05-01|18:47] C:\DOCUME~1\Alain\APPLIC~1\Canon
    [2004-12-01|16:28] C:\DOCUME~1\Alain\APPLIC~1\desktop.ini
    [2007-02-08|17:38] C:\DOCUME~1\Alain\APPLIC~1\Druide
    [2006-10-27|16:34] C:\DOCUME~1\Alain\APPLIC~1\Google
    [2006-04-06|18:53] C:\DOCUME~1\Alain\APPLIC~1\Help
    [2005-08-23|21:02] C:\DOCUME~1\Alain\APPLIC~1\Identities
    [2006-05-15|09:50] C:\DOCUME~1\Alain\APPLIC~1\Leadertech
    [2007-06-01|17:49] C:\DOCUME~1\Alain\APPLIC~1\LimeWire
    [2007-03-17|11:36] C:\DOCUME~1\Alain\APPLIC~1\Macromedia
    [2007-05-30|19:16] C:\DOCUME~1\Alain\APPLIC~1\Microsoft
    [2007-03-03|17:13] C:\DOCUME~1\Alain\APPLIC~1\Mozilla
    [2006-06-30|16:23] C:\DOCUME~1\Alain\APPLIC~1\muvee Technologies
    [2006-06-30|16:08] C:\DOCUME~1\Alain\APPLIC~1\NeroDCTemplates
    [2007-05-03|16:11] C:\DOCUME~1\Alain\APPLIC~1\OpenOffice.org2
    [2006-05-08|17:40] C:\DOCUME~1\Alain\APPLIC~1\Real
    [2005-08-23|21:02] C:\DOCUME~1\Alain\APPLIC~1\SampleView
    [2006-12-01|16:24] C:\DOCUME~1\Alain\APPLIC~1\ScanSoft
    [2006-05-15|09:51] C:\DOCUME~1\Alain\APPLIC~1\Sonic
    [2005-11-03|20:58] C:\DOCUME~1\Alain\APPLIC~1\Sony Corporation
    [2005-09-19|19:03] C:\DOCUME~1\Alain\APPLIC~1\Sun
    [2005-08-24|21:09] C:\DOCUME~1\Alain\APPLIC~1\Symantec
    [2005-11-09|17:21] C:\DOCUME~1\Alain\APPLIC~1\Template
    [2007-06-03|14:56] C:\DOCUME~1\Alain\APPLIC~1\U3
    [2007-05-23|19:41] C:\DOCUME~1\Alain\APPLIC~1\uTorrent
    [2007-04-27|09:55] C:\DOCUME~1\Alain\APPLIC~1\wklnhst.dat

    [2005-08-24|00:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [2007-03-17|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
    [2008-04-05|15:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [2008-04-05|15:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [2006-12-01|16:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
    [2004-12-01|23:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
    [2007-04-11|18:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
    [2006-10-27|15:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [2008-01-13|19:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
    [2005-08-24|00:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
    [2005-08-24|00:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
    [2005-08-24|00:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    [2007-07-12|12:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    [2008-06-29|19:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [2005-08-24|00:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [2005-08-24|16:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies
    [2007-04-11|18:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
    [2005-08-24|00:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    [2005-08-23|23:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [2005-11-03|20:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
    [2008-01-06|15:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    [2007-11-05|16:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [2006-08-01|20:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
    [2007-09-16|17:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [2008-06-10|16:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

    [2005-10-11|17:29] C:\DOCUME~1\CHRIST~1\APPLIC~1\Absolutist.com
    [2007-05-10|09:18] C:\DOCUME~1\CHRIST~1\APPLIC~1\Adobe
    [2007-04-13|15:02] C:\DOCUME~1\CHRIST~1\APPLIC~1\Ahead
    [2005-08-23|21:02] C:\DOCUME~1\CHRIST~1\APPLIC~1\Apple Computer
    [2004-12-01|16:28] C:\DOCUME~1\CHRIST~1\APPLIC~1\desktop.ini
    [2006-10-27|18:58] C:\DOCUME~1\CHRIST~1\APPLIC~1\Google
    [2005-08-23|21:02] C:\DOCUME~1\CHRIST~1\APPLIC~1\Identities
    [2006-12-31|14:35] C:\DOCUME~1\CHRIST~1\APPLIC~1\inifile41.ini
    [2006-12-31|14:35] C:\DOCUME~1\CHRIST~1\APPLIC~1\internaldb1942.dat
    [2006-12-31|14:35] C:\DOCUME~1\CHRIST~1\APPLIC~1\internaldb41.dat
    [2006-12-31|14:35] C:\DOCUME~1\CHRIST~1\APPLIC~1\internaldb4827.dat
    [2006-12-31|14:35] C:\DOCUME~1\CHRIST~1\APPLIC~1\internaldb5436.dat
    [2006-12-31|14:35] C:\DOCUME~1\CHRIST~1\APPLIC~1\internaldb6334.dat
    [2006-12-31|14:35] C:\DOCUME~1\CHRIST~1\APPLIC~1\internaldb8467.dat
    [2006-05-15|09:41] C:\DOCUME~1\CHRIST~1\APPLIC~1\InterVideo
    [2007-06-02|09:57] C:\DOCUME~1\CHRIST~1\APPLIC~1\LimeWire
    [2005-08-25|08:21] C:\DOCUME~1\CHRIST~1\APPLIC~1\Macromedia
    [2005-11-26|14:44] C:\DOCUME~1\CHRIST~1\APPLIC~1\Microsoft
    [2005-12-19|18:34] C:\DOCUME~1\CHRIST~1\APPLIC~1\Mozilla
    [2005-09-18|14:47] C:\DOCUME~1\CHRIST~1\APPLIC~1\muvee Technologies
    [2005-09-13|17:11] C:\DOCUME~1\CHRIST~1\APPLIC~1\Real
    [2005-08-23|21:02] C:\DOCUME~1\CHRIST~1\APPLIC~1\SampleView
    [2006-04-04|16:17] C:\DOCUME~1\CHRIST~1\APPLIC~1\Sonic
    [2005-11-23|15:20] C:\DOCUME~1\CHRIST~1\APPLIC~1\Sony Corporation
    [2005-08-27|17:55] C:\DOCUME~1\CHRIST~1\APPLIC~1\Sun
    [2005-08-23|21:02] C:\DOCUME~1\CHRIST~1\APPLIC~1\Symantec
    [2005-12-19|18:34] C:\DOCUME~1\CHRIST~1\APPLIC~1\Talkback
    [2005-08-25|13:17] C:\DOCUME~1\CHRIST~1\APPLIC~1\Template
    [2007-04-11|17:23] C:\DOCUME~1\CHRIST~1\APPLIC~1\U3
    [2007-05-10|09:19] C:\DOCUME~1\CHRIST~1\APPLIC~1\wklnhst.dat

    [2007-06-06|18:48] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Adobe
    [2005-08-24|00:22] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Apple Computer
    [2004-12-01|23:28] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\desktop.ini
    [2007-06-04|12:14] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Google
    [2004-12-03|21:59] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Identities
    [2007-06-04|20:21] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\LimeWire
    [2007-06-04|12:12] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Macromedia
    [2007-06-11|22:39] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Microsoft
    [2007-06-04|13:07] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Real
    [2005-08-24|00:35] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\SampleView
    [2007-06-04|13:51] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Sun
    [2005-08-24|00:43] C:\DOCUME~1\CHRIST~1.GOF\APPLIC~1\Symantec

    [2005-08-24|00:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
    [2004-12-01|23:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
    [2004-12-03|21:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [2005-08-24|00:53] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [2005-08-24|00:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
    [2005-08-24|00:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
    [2005-08-24|00:43] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

    [2008-05-04|16:19] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Adobe
    [2008-05-08|19:30] C:\DOCUME~1\HP_ADM~1\APPLIC~1\AdobeUM
    [2008-05-13|12:02] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Apple Computer
    [2007-06-03|17:19] C:\DOCUME~1\HP_ADM~1\APPLIC~1\ArcSoft
    [2008-07-10|17:59] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Canon
    [2008-04-29|15:55] C:\DOCUME~1\HP_ADM~1\APPLIC~1\DataCast
    [2004-12-01|23:28] C:\DOCUME~1\HP_ADM~1\APPLIC~1\desktop.ini
    [2008-01-30|19:36] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Druide
    [2008-02-15|23:02] C:\DOCUME~1\HP_ADM~1\APPLIC~1\FileZilla
    [2008-05-01|20:36] C:\DOCUME~1\HP_ADM~1\APPLIC~1\fretsonfire
    [2007-07-04|14:59] C:\DOCUME~1\HP_ADM~1\APPLIC~1\G-Force Prefs (WindowsMediaPlayer).txt
    [2007-06-03|18:35] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Google
    [2008-01-13|19:03] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Grisoft
    [2004-12-03|21:59] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Identities
    [2007-07-26|10:11] C:\DOCUME~1\HP_ADM~1\APPLIC~1\InterVideo
    [2007-06-27|14:10] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Leadertech
    [2008-04-22|17:21] C:\DOCUME~1\HP_ADM~1\APPLIC~1\LimeWire
    [2007-06-03|18:16] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Macromedia
    [2008-04-01|22:09] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Microsoft
    [2008-04-20|10:55] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Mozilla
    [2008-02-14|20:18] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Notepad++
    [2007-08-20|11:34] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Opera
    [2007-06-08|19:32] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Real
    [2005-08-24|00:35] C:\DOCUME~1\HP_ADM~1\APPLIC~1\SampleView
    [2007-06-27|14:11] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Sonic
    [2007-06-22|10:21] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Sun
    [2007-06-03|19:26] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Symantec
    [2007-06-03|17:07] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Template
    [2007-10-07|14:30] C:\DOCUME~1\HP_ADM~1\APPLIC~1\TuneUp Software
    [2007-09-26|19:30] C:\DOCUME~1\HP_ADM~1\APPLIC~1\U3
    [2008-03-13|22:21] C:\DOCUME~1\HP_ADM~1\APPLIC~1\uTorrent
    [2008-07-09|13:59] C:\DOCUME~1\HP_ADM~1\APPLIC~1\wklnhst.dat

    [2006-01-19|22:41] C:\DOCUME~1\JOLLE~1\APPLIC~1\Adobe
    [2007-04-16|15:21] C:\DOCUME~1\JOLLE~1\APPLIC~1\Ahead
    [2005-08-23|21:02] C:\DOCUME~1\JOLLE~1\APPLIC~1\Apple Computer
    [2007-04-16|15:11] C:\DOCUME~1\JOLLE~1\APPLIC~1\Canon
    [2004-12-01|16:28] C:\DOCUME~1\JOLLE~1\APPLIC~1\desktop.ini
    [2007-04-12|19:21] C:\DOCUME~1\JOLLE~1\APPLIC~1\Druide
    [2006-10-27|19:57] C:\DOCUME~1\JOLLE~1\APPLIC~1\Google
    [2005-10-29|18:05] C:\DOCUME~1\JOLLE~1\APPLIC~1\Help
    [2005-08-23|21:02] C:\DOCUME~1\JOLLE~1\APPLIC~1\Identities
    [2007-06-01|12:01] C:\DOCUME~1\JOLLE~1\APPLIC~1\LimeWire
    [2005-08-25|08:57] C:\DOCUME~1\JOLLE~1\APPLIC~1\Macromedia
    [2006-07-31|20:52] C:\DOCUME~1\JOLLE~1\APPLIC~1\Microsoft
    [2007-05-10|08:59] C:\DOCUME~1\JOLLE~1\APPLIC~1\OpenOffice.org2
    [2005-10-19|21:57] C:\DOCUME~1\JOLLE~1\APPLIC~1\Real
    [2005-08-23|21:02] C:\DOCUME~1\JOLLE~1\APPLIC~1\SampleView
    [2006-09-10|16:47] C:\DOCUME~1\JOLLE~1\APPLIC~1\Sonic
    [2005-09-22|21:33] C:\DOCUME~1\JOLLE~1\APPLIC~1\Sun
    [2005-10-29|18:04] C:\DOCUME~1\JOLLE~1\APPLIC~1\Symantec
    [2005-08-28|14:01] C:\DOCUME~1\JOLLE~1\APPLIC~1\Template
    [2007-04-11|17:18] C:\DOCUME~1\JOLLE~1\APPLIC~1\U3
    [2007-05-14|10:33] C:\DOCUME~1\JOLLE~1\APPLIC~1\wklnhst.dat

    [2007-05-12|08:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
    [2007-05-08|20:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
    [2007-06-03|17:23] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [2007-05-08|17:49] C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon

    [2005-08-23|21:02] C:\DOCUME~1\Michel\APPLIC~1\Apple Computer
    [2004-12-01|16:28] C:\DOCUME~1\Michel\APPLIC~1\desktop.ini
    [2005-08-23|21:02] C:\DOCUME~1\Michel\APPLIC~1\Identities
    [2005-08-23|21:02] C:\DOCUME~1\Michel\APPLIC~1\Microsoft
    [2005-08-23|21:02] C:\DOCUME~1\Michel\APPLIC~1\Real
    [2005-08-23|21:02] C:\DOCUME~1\Michel\APPLIC~1\SampleView
    [2005-08-23|21:02] C:\DOCUME~1\Michel\APPLIC~1\Symantec

    [2005-05-21|14:52] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [2005-08-25|11:22] C:\DOCUME~1\Robin\APPLIC~1\Adobe
    [2006-06-19|18:24] C:\DOCUME~1\Robin\APPLIC~1\Ahead
    [2005-08-23|21:02] C:\DOCUME~1\Robin\APPLIC~1\Apple Computer
    [2006-12-11|16:20] C:\DOCUME~1\Robin\APPLIC~1\Canon
    [2004-12-01|16:28] C:\DOCUME~1\Robin\APPLIC~1\desktop.ini
    [2005-12-29|11:43] C:\DOCUME~1\Robin\APPLIC~1\G-Force Prefs (WindowsMediaPlayer).txt
    [2006-02-24|20:18] C:\DOCUME~1\Robin\APPLIC~1\Google
    [2005-11-01|18:47] C:\DOCUME~1\Robin\APPLIC~1\Help
    [2005-08-23|21:02] C:\DOCUME~1\Robin\APPLIC~1\Identities
    [2005-11-22|16:11] C:\DOCUME~1\Robin\APPLIC~1\InstallShield
    [2005-09-27|16:24] C:\DOCUME~1\Robin\APPLIC~1\InstallShield Installation Information
    [2006-04-07|19:01] C:\DOCUME~1\Robin\APPLIC~1\InterVideo
    [2006-09-14|19:05] C:\DOCUME~1\Robin\APPLIC~1\LimeWire
    [2005-08-25|13:51] C:\DOCUME~1\Robin\APPLIC~1\Macromedia
    [2005-10-04|16:47] C:\DOCUME~1\Robin\APPLIC~1\Microsoft
    [2005-08-25|14:12] C:\DOCUME~1\Robin\APPLIC~1\Mozilla
    [2005-09-28|15:22] C:\DOCUME~1\Robin\APPLIC~1\muvee Technologies
    [2005-09-04|15:53] C:\DOCUME~1\Robin\APPLIC~1\Real
    [2005-08-23|21:02] C:\DOCUME~1\Robin\APPLIC~1\SampleView
    [2006-02-10|17:20] C:\DOCUME~1\Robin\APPLIC~1\Sonic
    [2005-08-30|14:26] C:\DOCUME~1\Robin\APPLIC~1\Sun
    [2005-10-30|14:54] C:\DOCUME~1\Robin\APPLIC~1\Symantec
    [2005-08-25|14:12] C:\DOCUME~1\Robin\APPLIC~1\Talkback
    [2005-08-23|22:00] C:\DOCUME~1\Robin\APPLIC~1\Template
    [2007-04-11|16:47] C:\DOCUME~1\Robin\APPLIC~1\U3
    [2006-07-01|17:36] C:\DOCUME~1\Robin\APPLIC~1\Vso
    [2006-10-26|18:38] C:\DOCUME~1\Robin\APPLIC~1\wklnhst.dat

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [2008-07-11 13:22][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2008-07-11 17:15][--a------] C:\WINDOWS\tasks\1-Click Maintenance.job
    [2008-07-11 12:12][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [2004-08-10 21:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [2007-07-02|15:53] C:\Program Files\A.ico
    [2007-07-12|15:03] C:\Program Files\a.zip
    [2007-08-22|16:45] C:\Program Files\Activision
    [2006-01-07|14:17] C:\Program Files\Activision Value
    [2007-06-06|17:00] C:\Program Files\Adobe
    [2007-02-08|17:42] C:\Program Files\Ahead
    [2006-10-29|16:07] C:\Program Files\Alcohol Soft
    [2007-03-17|11:59] C:\Program Files\Alcohol Toolbar
    [2007-03-02|23:19] C:\Program Files\Alias
    [2008-04-05|15:32] C:\Program Files\Apple Software Update
    [2006-12-01|16:22] C:\Program Files\ArcSoft
    [2005-10-17|15:27] C:\Program Files\Ares Download Client
    [2005-09-29|19:22] C:\Program Files\Ares Galaxy FasterDownload
    [2005-08-24|14:28] C:\Program Files\AT&T
    [2007-01-13|12:40] C:\Program Files\Atari
    [2008-03-20|12:07] C:\Program Files\Axis Communications
    [2007-07-02|15:53] C:\Program Files\B.ico
    [2007-07-12|15:06] C:\Program Files\b.zip
    [2007-05-10|16:49] C:\Program Files\backburner 2
    [2005-08-24|00:25] C:\Program Files\BackWeb
    [2008-04-05|15:33] C:\Program Files\Bonjour
    [2008-02-14|19:37] C:\Program Files\Bradbury
    [2005-12-01|20:15] C:\Program Files\Broderbund
    [2007-07-12|15:03] C:\Program Files\c.zip
    [2006-12-01|16:22] C:\Program Files\Canon
    [2006-08-01|20:07] C:\Program Files\Cap'n Crunch
    [2004-12-03|21:03] C:\Program Files\ComPlus Applications
    [2006-08-01|20:22] C:\Program Files\Deer Drive
    [2006-06-07|13:11] C:\Program Files\devnz
    [2005-08-24|14:18] C:\Program Files\directx
    [2007-02-08|17:27] C:\Program Files\Druide
    [2007-04-14|17:44] C:\Program Files\EA GAMES
    [2006-11-17|17:16] C:\Program Files\EA SPORTS
    [2007-05-10|16:51] C:\Program Files\EACOM
    [2007-06-03|18:24] C:\Program Files\Easy Internet signup
    [2006-11-17|21:05] C:\Program Files\Electronic Arts
    [2008-06-25|14:07] C:\Program Files\Everest Poker
    [2007-05-14|14:56] C:\Program Files\Everest Poker.net
    [2006-11-07|20:14] C:\Program Files\Fantasy Hockey League
    [2008-06-10|16:54] C:\Program Files\Fichiers communs
    [2008-02-14|20:26] C:\Program Files\FileZilla FTP Client
    [2007-05-30|18:56] C:\Program Files\FlashGet
    [2005-08-24|00:15] C:\Program Files\FrenchOtto
    [2008-05-01|20:34] C:\Program Files\Frets on Fire
    [2008-02-01|18:10] C:\Program Files\Full Tilt Poker
    [2005-09-07|17:17] C:\Program Files\GameSpy Arcade
    [2005-08-24|00:15] C:\Program Files\GemMasterFrench
    [2007-05-10|16:53] C:\Program Files\GM Hockey Renaissance
    [2007-06-03|19:11] C:\Program Files\Google
    [2008-01-13|19:03] C:\Program Files\Grisoft
    [2006-08-01|20:09] C:\Program Files\Hasbro Interactive
    [2007-05-10|16:53] C:\Program Files\Heroes II Gold
    [2005-08-24|00:06] C:\Program Files\Hewlett-Packard
    [2005-08-24|00:07] C:\Program Files\HP
    [2005-08-23|18:40] C:\Program Files\HP DeskJet 840C Series
    [2005-08-24|00:27] C:\Program Files\HPQ
    [2006-01-25|20:15] C:\Program Files\Illustrate
    [2007-01-13|12:37] C:\Program Files\Infogrames
    [2007-01-13|12:40] C:\Program Files\Infogrames Interactive
    [2008-04-29|15:55] C:\Program Files\InstallShield Installation Information
    [2008-06-12|03:02] C:\Program Files\Internet Explorer
    [2006-07-07|19:39] C:\Program Files\InternetGameBox
    [2005-08-24|00:51] C:\Program Files\InterVideo
    [2008-04-05|15:34] C:\Program Files\iPod
    [2008-04-05|15:34] C:\Program Files\iTunes
    [2008-07-09|15:00] C:\Program Files\Java
    [2007-08-16|15:56] C:\Program Files\Lame MP3 Codec
    [2007-07-12|12:40] C:\Program Files\Lavasoft
    [2007-10-02|19:48] C:\Program Files\LimeWire
    [2005-09-22|20:19] C:\Program Files\Logitech
    [2008-02-14|19:35] C:\Program Files\Macromedia
    [2007-02-21|21:40] C:\Program Files\MarkAny
    [2005-08-23|23:45] C:\Program Files\Messenger
    [2008-06-29|19:09] C:\Program Files\Messenger Plus! Live
    [2007-05-11|15:20] C:\Program Files\Microsoft ActiveSync
    [2008-06-12|03:02] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [2005-08-24|00:13] C:\Program Files\Microsoft Encarta
    [2007-07-12|14:39] C:\Program Files\microsoft frontpage
    [2006-10-29|16:27] C:\Program Files\Microsoft Games
    [2007-05-10|17:13] C:\Program Files\Microsoft NetShow
    [2008-02-24|12:54] C:\Program Files\Microsoft Office
    [2005-08-24|00:21] C:\Program Files\Microsoft Visual Studio
    [2007-06-03|18:21] C:\Program Files\Microsoft Works
    [2007-06-03|18:40] C:\Program Files\Microsoft.NET
    [2005-09-23|09:28] C:\Program Files\minicliptoolbar toolbar
    [2008-04-25|20:26] C:\Program Files\Movie Maker
    [2008-07-11|00:10] C:\Program Files\Mozilla Firefox
    [2007-01-02|00:13] C:\Program Files\MP3 Player Utilities
    [2007-01-02|12:08] C:\Program Files\MP3 Player Utilities 3.57
    [2007-01-15|19:17] C:\Program Files\MP3 Player Utilities 3.68
    [2007-01-19|17:43] C:\Program Files\Mpath
    [2008-02-24|12:54] C:\Program Files\MSECache
    [2004-12-03|22:01] C:\Program Files\MSN
    [2004-12-03|22:01] C:\Program Files\MSN Gaming Zone
    [2008-01-09|17:43] C:\Program Files\MSN Messenger
    [2006-11-15|18:33] C:\Program Files\MSXML 4.0
    [2005-08-24|00:52] C:\Program Files\muvee Technologies
    [2006-07-07|15:15] C:\Program Files\Nero
    [2007-06-03|19:37] C:\Program Files\NetMeeting
    [2007-07-12|15:15] C:\Program Files\Network Monitor
    [2008-02-14|19:39] C:\Program Files\Notepad++
    [2004-12-03|22:01] C:\Program Files\Online Services
    [2007-05-10|17:16] C:\Program Files\OpenOffice.org 2.1
    [2008-07-11|12:10] C:\Program Files\Outerinfo
    [2007-07-12|14:48] C:\Program Files\outlook
    [2007-06-29|03:06] C:\Program Files\Outlook Express
    [2007-06-03|18:27] C:\Program Files\PC-Doctor for Windows
    [2007-03-23|20:32] C:\Program Files\PKR
    [2008-05-11|08:31] C:\Program Files\PokerStars
    [2006-12-22|12:27] C:\Program Files\pshl
    [2006-12-31|14:35] C:\Program Files\PuzzleDesktop
    [2008-04-05|15:33] C:\Program Files\QuickTime
    [2005-08-24|00:13] C:\Program Files\Real
    [2008-02-27|17:05] C:\Program Files\RndLabs
    [2005-09-04|16:32] C:\Program Files\Rockstar Games
    [2007-02-21|21:40] C:\Program Files\Samsung
    [2006-12-01|16:23] C:\Program Files\ScanSoft
    [2005-08-24|14:12] C:\Program Files\Scrabble
    [2006-11-29|19:10] C:\Program Files\Screensavers.com
    [2005-08-24|00:33] C:\Program Files\Services en ligne
    [2006-04-11|18:54] C:\Program Files\SigmaTel
    [2006-03-06|17:33] C:\Program Files\Softinterface, Inc
    [2005-08-24|00:17] C:\Program Files\Sonic
    [2005-11-03|20:52] C:\Program Files\Sony
    [2007-06-03|14:40] C:\Program Files\Steam
    [2005-11-01|18:42] C:\Program Files\SymNetDrv
    [2008-05-03|13:39] C:\Program Files\Thumbs.db
    [2008-02-23|15:27] C:\Program Files\TI Education
    [2007-03-17|11:35] C:\Program Files\Total Training
    [2008-07-10|22:25] C:\Program Files\Trend Micro
    [2007-06-04|16:15] C:\Program Files\Ubisoft
    [2004-12-03|21:03] C:\Program Files\Uninstall Information
    [2005-08-24|00:25] C:\Program Files\Updates from HP
    [2007-06-09|09:19] C:\Program Files\uTorrent
    [2008-05-22|20:33] C:\Program Files\VirtualDJ
    [2008-01-01|16:31] C:\Program Files\Voyage Century Online
    [2006-07-01|17:19] C:\Program Files\vso
    [2006-12-31|15:31] C:\Program Files\WAV to MP3 Encoder
    [2008-06-10|16:54] C:\Program Files\Windows Live
    [2007-06-03|19:37] C:\Program Files\Windows Media Player
    [2007-06-03|19:37] C:\Program Files\Windows NT
    [2004-12-03|22:02] C:\Program Files\Windows Plus
    [2004-12-03|21:03] C:\Program Files\WindowsUpdate
    [2007-06-05|19:01] C:\Program Files\WinRAR
    [2007-07-12|12:36] C:\Program Files\WordPerfect Office X3 Installer
    [2004-12-03|22:02] C:\Program Files\xerox
    [2007-08-16|15:56] C:\Program Files\Xvid
    [2006-01-23|20:22] C:\Program Files\Yahoo!

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    [2007-06-06|17:02] C:\Program Files\Fichiers communs\Adobe
    [2007-03-17|11:46] C:\Program Files\Fichiers communs\Adobe Systems Shared
    [2007-04-11|18:35] C:\Program Files\Fichiers communs\Ahead
    [2008-04-05|15:32] C:\Program Files\Fichiers communs\Apple
    [2005-12-01|20:15] C:\Program Files\Fichiers communs\Broderbund
    [2007-06-03|18:41] C:\Program Files\Fichiers communs\DESIGNER
    [2007-04-14|17:52] C:\Program Files\Fichiers communs\DirectX
    [2005-08-24|00:06] C:\Program Files\Fichiers communs\Hewlett-Packard
    [2005-08-23|23:54] C:\Program Files\Fichiers communs\HP
    [2005-08-24|00:51] C:\Program Files\Fichiers communs\InstallShield
    [2005-08-24|00:51] C:\Program Files\Fichiers communs\InterVideo
    [2005-08-23|23:39] C:\Program Files\Fichiers communs\Java
    [2005-08-23|18:24] C:\Program Files\Fichiers communs\LightScribe
    [2005-09-22|20:19] C:\Program Files\Fichiers communs\Logitech
    [2008-02-14|19:35] C:\Program Files\Fichiers communs\Macromedia
    [2008-02-24|12:54] C:\Program Files\Fichiers communs\Microsoft Shared
    [2004-12-03|22:00] C:\Program Files\Fichiers communs\MSSoap
    [2005-08-24|00:24] C:\Program Files\Fichiers communs\muvee Technologies
    [2004-12-03|22:00] C:\Program Files\Fichiers communs\ODBC
    [2005-08-24|00:13] C:\Program Files\Fichiers communs\Real
    [2007-06-03|19:37] C:\Program Files\Fichiers communs\Services
    [2005-08-24|00:12] C:\Program Files\Fichiers communs\Sonic Shared
    [2005-11-03|20:52] C:\Program Files\Fichiers communs\Sony Shared
    [2004-12-03|22:00] C:\Program Files\Fichiers communs\SpeechEngines
    [2005-08-24|00:12] C:\Program Files\Fichiers communs\SureThing Shared
    [2008-01-06|15:12] C:\Program Files\Fichiers communs\Symantec Shared
    [2007-06-29|03:06] C:\Program Files\Fichiers communs\System
    [2008-02-23|15:27] C:\Program Files\Fichiers communs\TI Shared
    [2005-08-24|00:17] C:\Program Files\Fichiers communs\TiVo Shared
    [2008-02-14|19:35] C:\Program Files\Fichiers communs\Vbox
    [2008-06-10|16:54] C:\Program Files\Fichiers communs\WindowsLiveInstaller
    [2008-01-01|16:31] C:\Program Files\Fichiers communs\Wise Installation Wizard
    [2005-08-24|00:13] C:\Program Files\Fichiers communs\xing shared

    ---------------------------[ Process ]--------------------------

    ... 57

    ... OK !

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    Aucun fichier / dossier Lop trouvé !

    ----------------------[ Verification du Registre ]----------------------

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-11 23:17:06
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    C:\WINDOWS\System32\drivers\ntndis.sys 4864 bytes executable
    scan completed successfully
    hidden processes: 0
    hidden files: 1

    --------------------[ Recherche d'autres infections ]---------------------

    C:\Program Files\InternetGameBox
    C:\Program Files\InternetGameBox\IGB.maj
    C:\Program Files\InternetGameBox\InternetGameBox.exe
    C:\Program Files\InternetGameBox\InternetGameBox.url
    C:\Program Files\InternetGameBox\ressources
    C:\Program Files\InternetGameBox\skins
    C:\Program Files\InternetGameBox\uninst.exe
    C:\WINDOWS\Pack.epk
    ! EGDACCESS !

    C:\WINDOWS\system32\VxIllnnn.ini2
    C:\WINDOWS\system32\VxIllnnn.ini
    ! VUNDO Possible !



    [F:19084][D:76]-> C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
    [F:1613][D:0]-> C:\DOCUME~1\HP_ADM~1\Cookies
    [F:6350][D:10]-> C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\content.IE5

    --------------------[ Fin du rapport a 23:18:05,09 ]----------------------
    12 Juillet 2008 14:35:41

    Re,

    Télécharge Navilog (de Il-Mafioso)

  • Enregistre-le sur ton Bureau.
  • Installe-le en double cliquant sur navilog.exe.
  • Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
    (Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau) [Clic droit -> "Exécuter en tant qu'administrateur". ( Pour Vista)]
  • Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
    ! N'utilise pas l'option 2, 3 et 4 sans notre accord !
  • Patiente jusqu'à l'apparition de ce message :
    *** Analyse Termine le ..... ***
  • Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste le rapport ici.
  • Poste le rapport généré.

    Le rapport se trouve ici : C:\fixnavi.txt

    Si tu as Vista, fais ceci avant :
    Désactive l'UAC (Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le)
    12 Juillet 2008 16:38:57

    Voici le rapport fixnavi:


    Search Navipromo version 3.6.0 commencé le 2008-07-12 à 10:03:56,85

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "HP_Administrateur"

    Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO


    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 6.0.2900.2180
    Système de fichiers : NTFS

    Recherche executé en mode normal

    *** Recherche Programmes installés ***


    *** Recherche dossiers dans "C:\WINDOWS" ***


    *** Recherche dossiers dans "C:\Program Files" ***

    C:\Program Files\InternetGameBox trouvé !

    *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


    *** Recherche dossiers dans "c:\docume~1\alluse~1\menudÉ~1\progra~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\HP_Administrateur\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\Alain\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\CHRIST~1\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\CHRIST~1.GOF\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\JOLLE~1\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\Michel\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\Robin\applic~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\HP_Administrateur\locals~1\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\Alain\locals~1\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\CHRIST~1\locals~1\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\CHRIST~1.GOF\locals~1\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\JOLLE~1\locals~1\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\Michel\locals~1\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\Robin\locals~1\applic~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\HP_Administrateur\menudm~1\progra~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\Alain\menudm~1\progra~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\CHRIST~1\menudm~1\progra~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\CHRIST~1.GOF\menudm~1\progra~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\JOLLE~1\menudm~1\progra~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\Michel\menudm~1\progra~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\Robin\menudm~1\progra~1" ***

    ...\InternetGameBox trouvé !
    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Aucun Fichier trouvé


    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans "C:\WINDOWS\system32" *

    * Recherche dans "C:\Documents and Settings\HP_Administrateur\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\Alain\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\CHRIST~1\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\CHRIST~1.GOF\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\JOLLE~1\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\Michel\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\Robin\locals~1\applic~1" *



    *** Recherche fichiers ***


    C:\WINDOWS\pack.epk trouvé !

    *** Recherche clés spécifiques dans le Registre ***


    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :


    2)Recherche Heuristique :

    * Dans "C:\WINDOWS\system32" :


    * Dans "C:\Documents and Settings\HP_Administrateur\locals~1\applic~1" :


    * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


    * Dans "C:\DOCUME~1\Alain\locals~1\applic~1" :


    * Dans "C:\DOCUME~1\CHRIST~1\locals~1\applic~1" :


    * Dans "C:\DOCUME~1\CHRIST~1.GOF\locals~1\applic~1" :


    * Dans "C:\DOCUME~1\JOLLE~1\locals~1\applic~1" :


    * Dans "C:\DOCUME~1\Michel\locals~1\applic~1" :


    * Dans "C:\DOCUME~1\Robin\locals~1\applic~1" :


    3)Recherche Certificats :

    Certificat Egroup absent !
    Certificat Electronic-Group absent !
    Certificat OOO-Favorit absent !
    Certificat Sunny-Day-Design-Ltd absent !

    4)Recherche fichiers connus :

    C:\WINDOWS\system32\VxIllnnn.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


    *** Analyse terminée le 2008-07-12 à 10:33:52,39 ***
    12 Juillet 2008 23:35:25

    Re,

  • Double clique sur le raccourci de Navilog.
  • Choisis l'option 2 puis valide. (Entrée)
  • Laisse toi guider.
  • Ton ordinateur va redémarrer, sinon fais le manuellement.
  • Ton bureau va disparaître.
  • Après un certain temps, le Bloc-notes va s'ouvrir.
  • Sauvegarde le rapport.
  • Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

    Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
    Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
    Tapes explorer et valide. Cela te fera apparaitre ton bureau


    Démarrer -> panneau de configuration -> options internet
    Clique sur l'onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés" :

    Montorgueil ; VIP

    Si tu les trouves, fais ceci :
    * Sélectionne chacun de ces certificats et clique sur exporter. Enregistre le/les sur ton bureau.
    * Supprime ensuite ceux présents dans l'onglet "certificats" des options de ton naviguateur.

    Ensuite pour chacun des certificats présents sur ton bureau :
    * Va sur le site Web :
    http://www.bleepingcomputer.com/submit-malware.php?chan...
    * Copie/colle ceci dans la case 'Link to Topic' :
    le nom du certificat (Montorgueil ,......)
    * Copie/colle ceci dans la case 'Browse to the File' :
    Le certificat correspondant que tu avais exportés vers ton bureau

    Si c'est fait, supprime enfin le certificat présent sur ton bureau.

    Les programmes suivants installent cette infection :

    * Go-astro
    * GoRecord
    * HotTVPlayer
    * MailSkinner
    * Messenger Skinner
    * Instant Access
    * InternetGameBox
    * sudoplanet
    * Webmediaplayer : sauf celui provenant du site suivant > http://www.azertysite.new.fr/
    * Sur le site www.games-desktop.com (Ne pas aller dessus!)

  • Poste le rapport sauvegardé auparavant (C:\cleannavi.txt) ainsi qu'un nouveau rapport Hijackthis.
    13 Juillet 2008 00:22:23

    En vérifiant le dossier des certificats, il n'y en avait aucun dans la partie éditeurs approuvé.


    rapport navilog:


    Clean Navipromo version 3.6.0 commencé le 2008-07-12 à 18:03:47,18

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "HP_Administrateur"

    Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO


    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 6.0.2900.2180
    Système de fichiers : NTFS

    Mode suppression automatique
    avec prise en charge résultats Catchme et GNS


    Nettoyage exécuté au redémarrage de l'ordinateur


    *** fsbl1.txt non trouvé ***
    (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


    *** Suppression avec sauvegardes résultats GenericNaviSearch ***

    * Suppression dans "C:\WINDOWS\System32" *


    * Suppression dans "C:\Documents and Settings\HP_Administrateur\locals~1\applic~1" *


    * Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *


    * Suppression dans "C:\DOCUME~1\Alain\locals~1\applic~1" *


    * Suppression dans "C:\DOCUME~1\CHRIST~1\locals~1\applic~1" *


    * Suppression dans "C:\DOCUME~1\CHRIST~1.GOF\locals~1\applic~1" *


    * Suppression dans "C:\DOCUME~1\JOLLE~1\locals~1\applic~1" *


    * Suppression dans "C:\DOCUME~1\Michel\locals~1\applic~1" *


    * Suppression dans "C:\DOCUME~1\Robin\locals~1\applic~1" *



    *** Suppression dossiers dans "C:\WINDOWS" ***


    *** Suppression dossiers dans "C:\Program Files" ***

    C:\Program Files\InternetGamebox ...suppression...
    C:\Program Files\InternetGamebox supprimé !


    *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


    *** Suppression dossiers dans "c:\docume~1\alluse~1\menudÉ~1\progra~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\HP_Administrateur\applic~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\Alain\applic~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\CHRIST~1\applic~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\CHRIST~1.GOF\applic~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\JOLLE~1\applic~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\Michel\applic~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\Robin\applic~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\HP_Administrateur\locals~1\applic~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\Alain\locals~1\applic~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\CHRIST~1\locals~1\applic~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\CHRIST~1.GOF\locals~1\applic~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\JOLLE~1\locals~1\applic~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\Michel\locals~1\applic~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\Robin\locals~1\applic~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\HP_Administrateur\menudm~1\progra~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\Alain\menudm~1\progra~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\CHRIST~1\menudm~1\progra~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\CHRIST~1.GOF\menudm~1\progra~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\JOLLE~1\menudm~1\progra~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\Michel\menudm~1\progra~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\Robin\menudm~1\progra~1" ***

    ...\InternetGamebox ...suppression...
    ...\InternetGamebox supprimé !



    *** Suppression fichiers ***

    C:\WINDOWS\pack.epk supprimé !

    *** Suppression fichiers temporaires ***

    Nettoyage contenu C:\WINDOWS\Temp effectué !
    Nettoyage contenu C:\Documents and Settings\HP_Administrateur\locals~1\Temp effectué !

    *** Traitement Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

    2)Recherche, création sauvegardes et suppression Heuristique :


    * Dans "C:\WINDOWS\system32" *


    * Dans "C:\Documents and Settings\HP_Administrateur\locals~1\applic~1" *


    * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *


    * Dans "C:\DOCUME~1\Alain\locals~1\applic~1" *


    * Dans "C:\DOCUME~1\CHRIST~1\locals~1\applic~1" *


    * Dans "C:\DOCUME~1\CHRIST~1.GOF\locals~1\applic~1" *


    * Dans "C:\DOCUME~1\JOLLE~1\locals~1\applic~1" *


    * Dans "C:\DOCUME~1\Michel\locals~1\applic~1" *


    * Dans "C:\DOCUME~1\Robin\locals~1\applic~1" *


    *** Sauvegarde du Registre vers dossier Safebackup ***

    sauvegarde du Registre réalisée avec succès !

    *** Nettoyage Registre ***

    Nettoyage Registre Ok


    *** Certificats ***

    Certificat Egroup absent !
    Certificat Electronic-Group absent !
    Certificat OOO-Favorit absent !
    Certificat Sunny-Day-Design-Ltdt absent !

    *** Nettoyage terminé le 2008-07-12 à 18:09:55,56 ***





    rapport hijackthis:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:15:34, on 2008-07-12
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCMTR.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\AGRSMMSG.exe
    c:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.infinit.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [f8129355] rundll32.exe "C:\WINDOWS\system32\rphseolr.dll",b
    O4 - HKLM\..\Run: [BMfb21a0c9] Rundll32.exe "C:\WINDOWS\system32\vhavxumo.dll",s
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.infinit.com/
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://60.43.33.196/kxhcm10.ocx
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://82.176.73.20/home/SonySncRz30View.cab
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://webcam1.ttu.ee/activex/AMC.cab
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://128.97.43.214/activex/AMC.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 9924 bytes

    13 Juillet 2008 00:30:25

    Re,

    Télécharge ComboFix (de sUBs) sur ton Bureau.

  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Double clique sur ComboFix.exe.
  • Accepte la licence en cliquant sur Oui.
  • Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    Aide : Comment utiliser ComboFix.
    13 Juillet 2008 01:57:06

    Voici le rapport combofix:



    ComboFix 08-07-12.1 - HP_Administrateur 2008-07-12 19:24:14.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2535 [GMT -4:00]
    Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\LocalService\Application Data\NetMon
    C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
    C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
    C:\Program Files\network monitor
    C:\Program Files\outerinfo
    C:\Program Files\outerinfo\outerinfo.ico
    C:\Program Files\outerinfo\Terms.MSNFix
    C:\Program Files\outlook
    C:\Program Files\outlook\p.zip
    C:\Program Files\screensavers.com
    C:\Program Files\screensavers.com\SSSInst\bin\SSSUninst.exe
    C:\temp\17o7
    C:\temp\17o7\tmpTF.log
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\ddcYSKBQ.dll
    C:\WINDOWS\system32\drivers\ntndis.exe
    C:\WINDOWS\system32\drivers\ntndis.sys
    C:\WINDOWS\system32\fbghxvab.dll
    C:\WINDOWS\system32\hcunchrx.ini
    C:\WINDOWS\system32\hynmwxgp.ini
    C:\WINDOWS\system32\nnnllIxV.dll
    C:\WINDOWS\system32\oeminfo.ini
    C:\WINDOWS\system32\onyjfxjq.ini
    C:\WINDOWS\system32\pfuqgetq.ini
    C:\WINDOWS\system32\qzbvkg.dll
    C:\WINDOWS\system32\rdynsltj.ini
    C:\WINDOWS\system32\rloeshpr.ini
    C:\WINDOWS\system32\sSmnnLfD.dll
    C:\WINDOWS\system32\VxIllnnn.ini
    C:\WINDOWS\system32\VxIllnnn.ini2
    C:\WINDOWS\system32\ybmwejaf.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NTNDIS
    -------\Service_ntndis


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-12 to 2008-07-12 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-12 19:40 . 2008-07-12 19:40 294 ---hs---- C:\WINDOWS\system32\rloeshpr.ini
    2008-07-12 15:29 . 2008-07-12 15:29 105,248 --a------ C:\WINDOWS\system32\zismbz.dll
    2008-07-12 15:29 . 2008-07-12 15:29 105,248 --a------ C:\WINDOWS\system32\hycvludv.dll
    2008-07-12 15:27 . 2008-07-12 15:27 90,928 --a------ C:\WINDOWS\system32\vhavxumo.dll
    2008-07-12 15:27 . 2008-07-12 15:27 81,168 --a------ C:\WINDOWS\system32\rphseolr.dll
    2008-07-12 10:03 . 2008-07-12 18:09 <REP> d-------- C:\Program Files\Navilog1
    2008-07-11 20:16 . 2008-07-11 23:18 <REP> d-------- C:\Lop SD
    2008-07-11 13:39 . 2008-07-11 13:39 105,248 --a------ C:\WINDOWS\system32\xomjfehd.dll
    2008-07-11 13:39 . 2008-07-11 13:39 105,248 --a------ C:\WINDOWS\system32\eptdnq.dll
    2008-07-11 13:36 . 2008-07-11 13:36 90,928 --a------ C:\WINDOWS\system32\pxqrygps.dll
    2008-07-10 22:25 . 2008-07-10 22:25 <REP> d-------- C:\Program Files\Trend Micro
    2008-07-10 18:08 . 2008-07-10 18:08 105,232 --a------ C:\WINDOWS\system32\omwybd.dll
    2008-07-10 18:08 . 2008-07-10 18:08 105,232 --a------ C:\WINDOWS\system32\gttajsma.dll
    2008-07-10 18:06 . 2008-07-10 18:06 90,912 --a------ C:\WINDOWS\system32\uyeuoson.dll
    2008-07-09 15:00 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-07-09 13:38 . 2008-07-09 13:38 105,152 --a------ C:\WINDOWS\system32\lysedshx.dll
    2008-07-09 13:38 . 2008-07-09 13:38 105,152 --a------ C:\WINDOWS\system32\ehtbou.dll
    2008-07-09 13:35 . 2008-07-09 13:35 90,816 --a------ C:\WINDOWS\system32\ernvhkjj.dll
    2008-07-08 13:41 . 2008-07-08 13:41 105,296 --a------ C:\WINDOWS\system32\ixpncqbq.dll
    2008-07-08 13:41 . 2008-07-08 13:41 105,296 --a------ C:\WINDOWS\system32\dlqipg.dll
    2008-07-08 13:35 . 2008-07-08 13:35 90,880 --a------ C:\WINDOWS\system32\euuvevxv.dll
    2008-07-07 16:36 . 2008-07-11 02:40 5,174 --a------ C:\WINDOWS\cookies.MSNFix
    2008-07-07 14:57 . 2008-07-10 18:05 143 --a------ C:\WINDOWS\system32\mcrh.MSNFix
    2008-07-07 13:39 . 2008-07-07 13:39 105,280 --a------ C:\WINDOWS\system32\ynrfmloc.dll
    2008-07-07 13:39 . 2008-07-07 13:39 105,280 --a------ C:\WINDOWS\system32\wvnxkk.dll
    2008-07-07 13:36 . 2008-07-07 13:36 81,216 --a------ C:\WINDOWS\system32\qjxfjyno.dll
    2008-07-07 13:33 . 2008-07-12 19:40 110,419 --a------ C:\WINDOWS\BMfb21a0c9.xml
    2008-07-07 13:33 . 2008-07-07 13:33 90,912 --a------ C:\WINDOWS\system32\gmtbreyc.dll
    2008-06-29 19:09 . 2008-06-29 19:09 <REP> d-------- C:\Program Files\Messenger Plus! Live
    2008-06-29 19:09 . 2008-06-29 19:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-06-12 03:02 . 2008-06-12 03:02 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-10 21:59 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\Canon
    2008-07-09 19:00 --------- d-----w C:\Program Files\Java
    2008-07-09 17:59 2,818 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
    2008-06-25 18:07 --------- d-----w C:\Program Files\Everest Poker
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-10 20:54 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-06-10 20:54 --------- d-----w C:\Program Files\Windows Live
    2008-06-10 20:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-05-23 00:33 --------- d-----w C:\Program Files\VirtualDJ
    2008-05-13 16:02 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\Apple Computer
    2008-05-03 17:39 7,168 --sha-w C:\Program Files\Thumbs.db
    2007-07-12 19:06 22 ----a-w C:\Program Files\b.zip
    2007-07-12 19:03 22 ----a-w C:\Program Files\c.zip
    2007-07-12 19:03 22 ----a-w C:\Program Files\a.zip
    2007-07-02 19:53 25,214 ----a-w C:\Program Files\B.ico
    2007-07-02 19:53 25,214 ----a-w C:\Program Files\A.ico
    2007-05-10 13:19 2,162 ----a-w C:\Documents and Settings\Christian\Application Data\wklnhst.dat
    2007-04-27 13:55 4,550 ----a-w C:\Documents and Settings\Alain\Application Data\wklnhst.dat
    2006-12-31 18:35 9,216 ----a-w C:\Documents and Settings\Christian\Application Data\internaldb8467.dat
    2006-12-31 18:35 49 ----a-w C:\Documents and Settings\Christian\Application Data\internaldb41.dat
    2006-12-31 18:35 337 ----a-w C:\Documents and Settings\Christian\Application Data\internaldb1942.dat
    2006-12-31 18:35 20,480 ----a-w C:\Documents and Settings\Christian\Application Data\internaldb4827.dat
    2006-12-31 18:35 0 ----a-w C:\Documents and Settings\Christian\Application Data\internaldb6334.dat
    2006-12-31 18:35 0 ----a-w C:\Documents and Settings\Christian\Application Data\internaldb5436.dat
    2006-10-26 22:38 5,382 ----a-w C:\Documents and Settings\Robin\Application Data\wklnhst.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba941fcf-ef87-4046-8244-3591f7cbad93}]
    2008-07-12 15:29 105248 --a------ C:\WINDOWS\system32\zismbz.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-28 10:22 68856]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 21:00 15360]
    "Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe" [2006-12-06 17:43 526008]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 18:04 59392]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-06 00:19 77824]
    "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-06 00:23 114688]
    "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 22:34 245760]
    "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 23:54 253952]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-08-24 00:13 180269]
    "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
    "SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 08:23 132624]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "f8129355"="C:\WINDOWS\system32\rphseolr.dll" [2008-07-12 15:27 81168]
    "BMfb21a0c9"="C:\WINDOWS\system32\vhavxumo.dll" [2008-07-12 15:27 90928]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 23:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 13:08]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{148277f2-c9b4-11d9-9ecb-806d6172696f}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-07-11 21:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    "2008-07-11 17:22:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-12 19:41:01
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...


    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\WINDOWS\system32\rphseolr.dll
    -> C:\WINDOWS\system32\vhavxumo.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\ehome\ehRecvr.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\ehome\ehmsas.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\hp\KBD\KBD.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-12 19:52:07 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-07-12 23:51:02

    Pre-Run: 161,808,277,504 octets libres
    Post-Run: 166,972,084,224 octets libres

    202 --- E O F --- 2008-06-21 07:01:31
    13 Juillet 2008 14:21:41

    Re,

    Sélectionne l'intégralité du cadre ci-dessous :

    Collect::
    C:\WINDOWS\system32\rphseolr.dll
    C:\WINDOWS\system32\vhavxumo.dll
    C:\WINDOWS\system32\zismbz.dll
    C:\WINDOWS\system32\rloeshpr.ini
    C:\WINDOWS\system32\hycvludv.dll
    C:\WINDOWS\system32\xomjfehd.dll
    C:\WINDOWS\system32\eptdnq.dll
    C:\WINDOWS\system32\pxqrygps.dll
    C:\WINDOWS\system32\omwybd.dll
    C:\WINDOWS\system32\gttajsma.dll
    C:\WINDOWS\system32\uyeuoson.dll
    C:\WINDOWS\system32\lysedshx.dll
    C:\WINDOWS\system32\ehtbou.dll
    C:\WINDOWS\system32\ernvhkjj.dll
    C:\WINDOWS\system32\ixpncqbq.dll
    C:\WINDOWS\system32\dlqipg.dll
    C:\WINDOWS\system32\euuvevxv.dll
    C:\WINDOWS\cookies.MSNFix
    C:\WINDOWS\system32\mcrh.MSNFix
    C:\WINDOWS\system32\ynrfmloc.dll
    C:\WINDOWS\system32\wvnxkk.dll
    C:\WINDOWS\system32\qjxfjyno.dll
    C:\WINDOWS\BMfb21a0c9.xml
    C:\WINDOWS\system32\gmtbreyc.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba941fcf-ef87-4046-8244-3591f7cbad93}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"=-
    "Acrobat Assistant 7.0"=-
    "QuickTime Task"=-
    "iTunesHelper"=-
    "f8129355"=-
    "BMfb21a0c9"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{148277f2-c9b4-11d9-9ecb-806d6172696f}]


  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix.
  • ComboFix créera ces fichiers sur ton Bureau :
    - Un fichier zippé nommé Submit [Date Time].zip
    - Un second fichier nommé - CF-Submit.htm
  • ComboFix peut exiger un redémarrage pour compléter son travail. Accepte.
  • Lorsque l'outil aura terminé, un rapport ComboFix.log apparaîtra à l'écran.
  • Une nouvelle fenêtre avec invite "Submit Files for further analysis" s'ouvrira. Clique "OK"
  • Ton navigateur se lancera automatiquement avec le fichier CF-Submit.htm et une fenêtre s'ouvrira :
    - Clique sur le bouton "Browse"("Parcourir") et navigue vers le fichier
    Submit [Date Time].zip qui est sur ton Bureau.
    - Clique sur le fichier afin de le sélectionner.
  • Soumets le fichier en cliquant "OK"
  • Lorsque cette opération sera complétée, tu peux supprimer ces deux fichiers qui se trouvent sur ton Bureau.
    Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.Paramètres Système avancés -> Protection du système -> décoche les "disques disponibles", clique sur désactiver la restauration système à l'apparition du message, fais pareil pour tous , appliquer, ok.
    13 Juillet 2008 20:01:33

    Je n'ai pas trouver sur mon ordi ceci:

    Paramètres Système avancés -> Protection du système -> décoche les "disques disponibles", clique sur désactiver la restauration système à l'apparition du message, fais pareil pour tous , appliquer, ok.



    mais voici tout de même le rapport de combofix:

    ComboFix 08-07-12.1 - HP_Administrateur 2008-07-13 12:54:36.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2536 [GMT -4:00]
    Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\HP_Administrateur\Bureau\CFScript.txt.txt
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\BMfb21a0c9.xml
    C:\WINDOWS\cookies.MSNFix
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\dlqipg.dll
    C:\WINDOWS\system32\ehtbou.dll
    C:\WINDOWS\system32\eptdnq.dll
    C:\WINDOWS\system32\ernvhkjj.dll
    C:\WINDOWS\system32\euuvevxv.dll
    C:\WINDOWS\system32\gmtbreyc.dll
    C:\WINDOWS\system32\gttajsma.dll
    C:\WINDOWS\system32\hycvludv.dll
    C:\WINDOWS\system32\ixpncqbq.dll
    C:\WINDOWS\system32\lysedshx.dll
    C:\WINDOWS\system32\mcrh.MSNFix
    C:\WINDOWS\system32\omwybd.dll
    C:\WINDOWS\system32\pxqrygps.dll
    C:\WINDOWS\system32\qjxfjyno.dll
    C:\WINDOWS\system32\rloeshpr.ini
    C:\WINDOWS\system32\rphseolr.dll
    C:\WINDOWS\system32\uyeuoson.dll
    C:\WINDOWS\system32\vhavxumo.dll
    C:\WINDOWS\system32\wvnxkk.dll
    C:\WINDOWS\system32\xomjfehd.dll
    C:\WINDOWS\system32\ynrfmloc.dll
    C:\WINDOWS\system32\zismbz.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-13 to 2008-07-13 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-12 19:52 . 2008-07-12 19:52 <REP> d-------- C:\Documents and Settings\Joëlle
    2008-07-12 19:52 . <REP> C:\Documents and Settings\JoÙlle\Local Settings
    2008-07-12 10:03 . 2008-07-12 18:09 <REP> d-------- C:\Program Files\Navilog1
    2008-07-11 20:16 . 2008-07-11 23:18 <REP> d-------- C:\Lop SD
    2008-07-10 22:25 . 2008-07-10 22:25 <REP> d-------- C:\Program Files\Trend Micro
    2008-07-09 15:00 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-06-29 19:09 . 2008-06-29 19:09 <REP> d-------- C:\Program Files\Messenger Plus! Live
    2008-06-29 19:09 . 2008-06-29 19:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-10 21:59 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\Canon
    2008-07-09 19:00 --------- d-----w C:\Program Files\Java
    2008-07-09 17:59 2,818 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
    2008-06-25 18:07 --------- d-----w C:\Program Files\Everest Poker
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-12 07:02 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-06-10 20:54 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-06-10 20:54 --------- d-----w C:\Program Files\Windows Live
    2008-06-10 20:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-05-23 00:33 --------- d-----w C:\Program Files\VirtualDJ
    2008-05-13 16:02 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\Apple Computer
    2008-05-03 17:39 7,168 --sha-w C:\Program Files\Thumbs.db
    2007-07-12 19:06 22 ----a-w C:\Program Files\b.zip
    2007-07-12 19:03 22 ----a-w C:\Program Files\c.zip
    2007-07-12 19:03 22 ----a-w C:\Program Files\a.zip
    2007-07-02 19:53 25,214 ----a-w C:\Program Files\B.ico
    2007-07-02 19:53 25,214 ----a-w C:\Program Files\A.ico
    2007-05-10 13:19 2,162 ----a-w C:\Documents and Settings\Christian\Application Data\wklnhst.dat
    2007-04-27 13:55 4,550 ----a-w C:\Documents and Settings\Alain\Application Data\wklnhst.dat
    2006-12-31 18:35 9,216 ----a-w C:\Documents and Settings\Christian\Application Data\internaldb8467.dat
    2006-12-31 18:35 49 ----a-w C:\Documents and Settings\Christian\Application Data\internaldb41.dat
    2006-12-31 18:35 337 ----a-w C:\Documents and Settings\Christian\Application Data\internaldb1942.dat
    2006-12-31 18:35 20,480 ----a-w C:\Documents and Settings\Christian\Application Data\internaldb4827.dat
    2006-12-31 18:35 0 ----a-w C:\Documents and Settings\Christian\Application Data\internaldb6334.dat
    2006-12-31 18:35 0 ----a-w C:\Documents and Settings\Christian\Application Data\internaldb5436.dat
    2006-10-26 22:38 5,382 ----a-w C:\Documents and Settings\Robin\Application Data\wklnhst.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2008-07-12_19.50.44.16 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-07-12 23:40:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-07-13 16:56:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    - 2008-06-12 07:03:35 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
    + 2008-07-13 07:01:09 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
    - 2008-06-12 07:03:35 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2008-07-13 07:01:09 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    - 2008-06-12 07:03:35 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
    + 2008-07-13 07:01:09 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
    - 2008-06-12 07:03:34 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2008-07-13 07:01:09 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2008-06-12 07:03:35 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2008-07-13 07:01:09 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2008-06-12 07:03:35 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2008-07-13 07:01:09 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2008-06-12 07:03:35 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2008-07-13 07:01:09 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2008-06-12 07:03:35 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2008-07-13 07:01:09 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    - 2008-06-12 07:03:35 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    + 2008-07-13 07:01:09 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    - 2008-06-12 07:03:35 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
    + 2008-07-13 07:01:09 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
    - 2008-06-12 07:03:35 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    + 2008-07-13 07:01:09 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2008-06-12 07:03:34 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    + 2008-07-13 07:01:09 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2008-06-12 07:03:34 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2008-07-13 07:01:09 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-28 10:22 68856]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 21:00 15360]
    "Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe" [2006-12-06 17:43 526008]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 18:04 59392]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-06 00:19 77824]
    "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-06 00:23 114688]
    "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 22:34 245760]
    "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 23:54 253952]
    "SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 08:23 132624]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 23:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 13:08]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-07-11 21:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    "2008-07-11 17:22:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-13 12:58:04
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...


    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\ehome\ehRecvr.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\ehome\ehmsas.exe
    C:\hp\KBD\KBD.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-13 13:08:38 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-07-13 17:07:35
    ComboFix2.txt 2008-07-12 23:52:08

    Pre-Run: 167,285,760,000 octets libres
    Post-Run: 167,286,734,848 octets libres

    185 --- E O F --- 2008-07-13 07:01:12
    14 Juillet 2008 01:55:14

    Oups, désolé, je m'étais trompé.

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées :
    Redémarre en mode sans échec
    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.

    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    [#FF0000]Aide
    : Comment utiliser MBAM.
    16 Juillet 2008 23:34:59

    Désolé d'avoir pris un peu de temps:

    voici le rapport malware:

    Malwarebytes' Anti-Malware 1.20
    Version de la base de données: 959
    Windows 5.1.2600 Service Pack 2

    17:29:47 2008-07-16
    mbam-log-7-16-2008 (17-29-47).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 218172
    Temps écoulé: 3 hour(s), 3 minute(s), 36 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 13

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\System Volume Information\_restore{D914ACD5-1321-4D0E-A2F6-861E2DFB47B4}\RP406\A0122024.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{D914ACD5-1321-4D0E-A2F6-861E2DFB47B4}\RP412\A0125403.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{D914ACD5-1321-4D0E-A2F6-861E2DFB47B4}\RP412\A0125407.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{D914ACD5-1321-4D0E-A2F6-861E2DFB47B4}\RP412\A0125408.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{D914ACD5-1321-4D0E-A2F6-861E2DFB47B4}\RP412\A0125418.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{D914ACD5-1321-4D0E-A2F6-861E2DFB47B4}\RP412\A0125420.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\a.zip (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Program Files\A.ico (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Program Files\b.zip (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Program Files\B.ico (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Program Files\c.zip (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\BMfb21a0c9.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Robin\Bureau\InternetGameBox.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
    18 Juillet 2008 14:35:59

    Re,

    Poste un nouveau rapport HijackThis.
    18 Juillet 2008 23:58:02

    voici le rapport hijackthis:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:55:55, on 2008-07-18
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCMTR.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\AGRSMMSG.exe
    c:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.infinit.com/
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://60.43.33.196/kxhcm10.ocx
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://82.176.73.20/home/SonySncRz30View.cab
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://webcam1.ttu.ee/activex/AMC.cab
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://128.97.43.214/activex/AMC.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 9919 bytes
    19 Juillet 2008 00:09:22

    Re,

    Télécharge AntiVir sur ton Bureau.

  • Double clique sur l'exécutable téléchargé pour lancer l'installation.
  • A la fin de l'installation, clique sur Finish.
  • Ouvre Antivir, assure-toi qu’il soit bien à jour !
  • Dans l'onglet Local Protection, choisis Scanner.
  • Active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur).
  • Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur.
  • Poste moi le rapport généré : Pour cela, clique sur l'onglet Overview, puis choisis Reports, tu trouveras son rapport..

    Note : Pour une éradication des menaces plus efficace, lance le scan en mode sans échec.

    Aide : Comment installer et utiliser AntiVir.
    21 Juillet 2008 05:00:52



    Avira AntiVir Personal
    Report file date: 20 juillet 2008 13:59

    Scanning for 1165085 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Save mode
    Username: Administrateur
    Computer name: GOOFY

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 15:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 14:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 14:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 14:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 16:33:34
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 19:08:58
    ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 2008-03-21 01:12:34
    ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 2008-03-25 14:27:50
    Engineversion : 8.1.0.28
    AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 15:58:21
    AESCRIPT.DLL : 8.1.0.19 229754 Bytes 2008-04-07 21:34:44
    AESCN.DLL : 8.1.0.12 115060 Bytes 2008-04-07 21:34:44
    AERDL.DLL : 8.1.0.19 418164 Bytes 2008-04-07 21:34:44
    AEPACK.DLL : 8.1.1.0 364918 Bytes 2008-03-18 17:20:42
    AEOFFICE.DLL : 8.1.0.15 192889 Bytes 2008-04-07 21:34:44
    AEHEUR.DLL : 8.1.0.15 1147253 Bytes 2008-04-07 21:34:44
    AEHELP.DLL : 8.1.0.11 115061 Bytes 2008-04-07 21:34:43
    AEGEN.DLL : 8.1.0.15 299379 Bytes 2008-04-07 21:34:43
    AEEMU.DLL : 8.1.0.5 430450 Bytes 2008-04-07 21:34:43
    AECORE.DLL : 8.1.0.25 168309 Bytes 2008-04-08 15:58:32
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 23:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 16:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 19:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 23:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 14:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 14:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 23:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 23:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 18:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 20:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 18:02:11

    Configuration settings for the scan:
    Jobname..........................: Manual Selection
    Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:, E:, F:, G:, H:, I:, J:, K:, L:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: 20 juillet 2008 13:59

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    13 processes with 13 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD4
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD5
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!
    Boot sector 'G:\'
    [INFO] In the drive 'G:\' no data medium is inserted!
    Boot sector 'H:\'
    [INFO] In the drive 'H:\' no data medium is inserted!
    Boot sector 'I:\'
    [INFO] In the drive 'I:\' no data medium is inserted!
    Boot sector 'J:\'
    [INFO] In the drive 'J:\' no data medium is inserted!
    Boot sector 'L:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '22' files ).


    Starting the file scan:

    Begin scan in 'C:\' <HP_PAVILION>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\b5243ede892694454bc60a84a1bc\mrt.exe
    [WARNING] The file could not be opened!
    C:\b5243ede892694454bc60a84a1bc\mrtstub.exe
    [WARNING] The file could not be opened!
    C:\Documents and Settings\Alain\Application Data\Microsoft\Internet Explorer\Desktop.htt
    [DETECTION] Contains suspicious code HEUR/HTML.Malware
    [NOTE] The fund was classified as suspicious.
    [NOTE] The file was moved to '48f68e5e.qua'!
    C:\Documents and Settings\Christian\Application Data\Microsoft\Internet Explorer\Desktop.htt
    [DETECTION] Contains suspicious code HEUR/HTML.Malware
    [NOTE] The fund was classified as suspicious.
    [NOTE] The file was moved to '48f6901b.qua'!
    C:\Documents and Settings\Christian\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-57dfbfd9-2df8a6a6.zip
    [0] Archive type: ZIP
    --> BnnnnBaa.class
    [DETECTION] Is the Trojan horse TR/Java.Downloader.Gen
    --> VaannnaaBaa.class
    [DETECTION] Is the Trojan horse TR/ClassLoader
    --> Dnnny.class
    [DETECTION] Contains detection pattern of the Java virus JAVA/Exploit.Bytverify.5
    --> Bnnnnn.class
    [DETECTION] Is the Trojan horse TR/Java.ClassLoader.AS
    --> Den.class
    [DETECTION] Is the Trojan horse TR/Exploit.Bytverify
    --> Din.class
    [DETECTION] Is the Trojan horse TR/Exploit.Bytverify.A
    --> Dun.class
    [DETECTION] Is the Trojan horse TR/Exploit.Bytverify.B
    [NOTE] The file was moved to '48f7904a.qua'!
    C:\Documents and Settings\Christian\Bureau\sinstaller2.exe
    [DETECTION] Contains detection pattern of the dropper DR/Comet.AC
    [NOTE] The file was moved to '48f191cb.qua'!
    C:\Documents and Settings\Joëlle\Application Data\Microsoft\Internet Explorer\Desktop.htt
    [DETECTION] Contains suspicious code HEUR/HTML.Malware
    [NOTE] The fund was classified as suspicious.
    [NOTE] The file was moved to '48f695fe.qua'!
    C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Desktop.htt
    [DETECTION] Contains suspicious code HEUR/HTML.Malware
    [NOTE] The fund was classified as suspicious.
    [NOTE] The file was moved to '48f696ab.qua'!
    C:\Program Files\Everest Poker.net\Everest Poker.net.exe
    [DETECTION] The file contains an executable. This, however, is disguised by a harmless file extension (HIDDENEXT/Crypted)
    [NOTE] The file was moved to '48e8a46e.qua'!
    C:\Program Files\Full Tilt Poker\Updater.exe
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was moved to '48e7a56b.qua'!
    C:\Program Files\Internet Explorer\profsywuy.html
    [DETECTION] Contains suspicious code HEUR/HTML.Malware
    [NOTE] The fund was classified as suspicious.
    [NOTE] The file was moved to '48f2a686.qua'!
    C:\QooBox\Quarantine\catchme2008-07-12_193910,00.zip
    [0] Archive type: ZIP
    --> ntndis.sys
    [DETECTION] Contains detection pattern of the worm WORM/ForBot.31916.A
    [NOTE] The file was moved to '48f7aa5a.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\ddcYSKBQ.dll.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '48e6aa5e.qua'!
    C:\WINDOWS\18-979cccfcc7622e89302a49c23b6fa37a.exe
    [DETECTION] Contains detection pattern of the dropper DR/TrafficSol.F
    [NOTE] The file was moved to '48b0aa59.qua'!
    C:\WINDOWS\system32\drivers\atapi.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <HP_RECOVERY>
    Begin scan in 'E:\'
    Search path E:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'F:\'
    Search path F:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'G:\'
    Search path G:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'H:\'
    Search path H:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'I:\'
    Search path I:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'J:\'
    Search path J:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'K:\'
    Search path K:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'L:\' <ROBIN>


    End of the scan: 20 juillet 2008 17:46
    Used time: 3:46:59 min

    The scan has been done completely.

    14566 Scanning directories
    704998 Files were scanned
    12 viruses and/or unwanted programs were found
    6 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    12 files were moved to quarantine
    0 files were renamed
    4 Files cannot be scanned
    704986 Files not concerned
    17937 Archives were scanned
    8 Warnings
    12 Notes

    21 Juillet 2008 12:31:11

    Bien, supprime :
  • C:\Program Files\Everest Poker.net
  • C:\Program Files\Full Tilt Poker

    Puis poste un nouveau rapport HIjackThis.
    Où en sont tes soucis ?
    21 Juillet 2008 18:23:10

    Poour ce qui est des problèmes, je n'en voit pas de visible.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:19:16, on 2008-07-21
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCMTR.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\AGRSMMSG.exe
    c:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.infinit.com/
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://60.43.33.196/kxhcm10.ocx
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://82.176.73.20/home/SonySncRz30View.cab
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://webcam1.ttu.ee/activex/AMC.cab
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://128.97.43.214/activex/AMC.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 10605 bytes
    21 Juillet 2008 18:33:56

    Bien, on a fini, tu étais bien infecté, fais attention à l'avenir.
    Tu peux désinstaller Ad-Aware, inutile d'avoir plusieurs anti-spywares.

    Télécharge ToolsCleaner2 (de A.Rothstein)

  • Installe le sur ton Bureau.
  • Clique sur Recherche pour lancer le scan.
  • Clique sur Supprimer pour nettoyer les outils utilisés.
  • Clique sur Quitter.
  • Poste ce rapport ~>C:\TCleaner.txt<~

  • Garde Ccleaner, MBAM et AntiVir si nous les avons installés..
  • Désactive-réactive la restauration système.
  • Rapporte ton infection sur Malware Complaints >Tuto<
  • Ton(tes) infection(s) : Egdaccess/Magic.control/Navipromo, Ver MSN, LOP, Vundo.
  • Si tu ne la trouves pas dans la liste, poste dans Autres infections,

  • Mets ton ordi correctement à jour >ici<
  • Si ce n'est pas fait, assure-toi que les Mises à jour Automatiques Windows soient activées !

    Puis regarde ces dossiers :

    - Sécurité/Prévention
    - Conséquences de la multi-protection
    - Toolbars : Inutilité et ralentissements

    Bonne journée/soirée :) 
    21 Juillet 2008 23:38:15

    merci pour tout, voici le rapport Tcleaner


    -->- Recherche:

    C:\Lop SD: trouvé !
    C:\Qoobox: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
    C:\Documents and Settings\HP_Administrateur\Bureau\HijackThis.lnk: trouvé !
    C:\Documents and Settings\HP_Administrateur\Bureau\virus\HijackThis.lnk: trouvé !
    C:\Documents and Settings\HP_Administrateur\Bureau\virus\Lop S&D.lnk: trouvé !
    C:\Documents and Settings\HP_Administrateur\Bureau\virus\LopSD.exe: trouvé !
    C:\Documents and Settings\HP_Administrateur\Bureau\virus\Msnfix.zip: trouvé !
    C:\Documents and Settings\HP_Administrateur\Bureau\virus\Navilog1.exe: trouvé !
    C:\Documents and Settings\HP_Administrateur\Bureau\virus\Navilog1.lnk: trouvé !
    C:\Documents and Settings\HP_Administrateur\Bureau\virus\ComboFix.exe: trouvé !
    C:\Documents and Settings\HP_Administrateur\Bureau\virus\MsnFix: trouvé !
    C:\Documents and Settings\HP_Administrateur\Menu Démarrer\Programmes\Lop S&D: trouvé !
    C:\Documents and Settings\HP_Administrateur\Recent\MSNFix.lnk: trouvé !
    C:\Documents and Settings\HP_Administrateur\Recent\HijackThis.lnk: trouvé !
    C:\Lop SD\Lop S&D.lnk: trouvé !
    C:\Program Files\Navilog1: trouvé !
    C:\Program Files\Navilog1\Navilog1.bat: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
    C:\Documents and Settings\HP_Administrateur\Bureau\HijackThis.lnk: supprimé !
    C:\Documents and Settings\HP_Administrateur\Bureau\virus\HijackThis.lnk: supprimé !
    C:\Documents and Settings\HP_Administrateur\Bureau\virus\Lop S&D.lnk: supprimé !
    C:\Documents and Settings\HP_Administrateur\Bureau\virus\LopSD.exe: supprimé !
    C:\Documents and Settings\HP_Administrateur\Bureau\virus\Msnfix.zip: supprimé !
    C:\Documents and Settings\HP_Administrateur\Bureau\virus\Navilog1.exe: supprimé !
    C:\Documents and Settings\HP_Administrateur\Bureau\virus\Navilog1.lnk: supprimé !
    C:\Documents and Settings\HP_Administrateur\Bureau\virus\ComboFix.exe: supprimé !
    C:\Documents and Settings\HP_Administrateur\Recent\MSNFix.lnk: supprimé !
    C:\Documents and Settings\HP_Administrateur\Recent\HijackThis.lnk: supprimé !
    C:\Lop SD\Lop S&D.lnk: supprimé !
    C:\Program Files\Navilog1\Navilog1.bat: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Lop SD: supprimé !
    C:\Qoobox: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
    C:\Documents and Settings\HP_Administrateur\Bureau\virus\MsnFix: supprimé !
    C:\Documents and Settings\HP_Administrateur\Menu Démarrer\Programmes\Lop S&D: supprimé !
    C:\Program Files\Navilog1: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !
    22 Juillet 2008 14:01:35

    Bien, c'est clean, ++ ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS