Virus invincible D.exe a laiiiide :'(

Philippo69 Messages postés 11 Date d'inscription   Statut Membre Dernière intervention   -  
Philippo69 Messages postés 11 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour,
Bonjour a tous le monde, je reopste ici car je sais pas comment ca marche lol ...

voila j ai un virus que j arrive pas à éradiquer depuis 4 jours, c'est d.exe mais il s'appelle aussi dialer.exdialer

spyware doctor l'enlève mais il reviens toujours....

j'ai commodo qui bloke ses tentative d'intrusion environs 2300 par heure... sur des port different...

il scanne tous mes port... et au bout de 2 heure il arrive a rentrer et a me couper le net ...

serieux c cho on a deja essayé de l'enlever sur un autre forum (sur la toile) avec jacko mais sans resultat alots je me permet de poster là en espérant trouver Ze Killeur of D.exe ...

shui o bout du rouleau bien évidement... .

Merci par avance de votre aide precieuse
Configuration: Windows 7 / Firefox 3.5.8

13 réponses

  1. Utilisateur anonyme
     
    Hello ,

    • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
    • Double-clique sur RSIT.exe afin de lancer le programme.
    • Clique sur Continue à l'écran Disclaimer.
    • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
    • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    1
  2. Live999 Messages postés 33 Statut Membre 2
     
    Salut,
    J'ai eu le même problème. Quel antivirus as-tu ? Est ce un télécharger ??
    Pour ma part j'avais téléchargé et j'ai préféré me l'acheter ensuite (question de principe).
    Voila :) essaye.
    A+
    Live999
    0
  3. Philippo69 Messages postés 11 Date d'inscription   Statut Membre Dernière intervention  
     
    slt j ai pas compris ....

    pour l antivirus j ai avira
    spyware doctor avec une license... qui le tue mais il revient a chaque demarage ....

    ya une fenetre noire qui s ouvre en demarrant ou c marqué CMD

    et apparement c un cho virus ...

    mais heuresement commodo bloke ses tentative d intrusion
    0
  4. Philippo69 Messages postés 11 Date d'inscription   Statut Membre Dernière intervention  
     
    je peux pas l installer

    il plante a chaque fois

    c mon virus sui sur ^^
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    Fais un clic droit sur RSIT.exe

    choisi propriété , ensuite dans l onglet compatibilité coches "executer ce programme en mode compatibilité"

    Windows xp sp3 . Clic sur appliquer et ok .

    Ensuite refais le scan stp
    0
  7. Philippo69 Messages postés 11 Date d'inscription   Statut Membre Dernière intervention  
     
    voila le rapport

    apres le truc c que le virus est desactivé vu que spyware docteur l as detruit jusqu'au prochain redemarage ...

    mais bon

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Gouvernor at 2010-02-18 21:26:35
    Microsoft Windows 7 Édition Intégrale
    System drive C: has 227 GB (48%) free of 477 GB
    Total RAM: 3326 MB (51% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:26:43, on 18/02/2010
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\System32\LVCOMSX.EXE
    C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\Intel\lses.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\explorer.exe
    C:\Windows\System32\msdt.exe
    C:\Windows\System32\sdiagnhost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wermgr.exe
    C:\Users\Gouvernor\Desktop\RSIT.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\trend micro\Gouvernor.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\System32\dvmurl.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
    O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\Windows\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [Symst] C:\Program Files\Intel\lses.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [AdobeBridge] "C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe" -stealth
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Startup: Symst.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (Ma-Config control) - http://www.ma-config.com/plugins/MaConfig_4_0_1_3.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll
    O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
    O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
    O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    0
  8. Utilisateur anonyme
     
    Tu connais l emplacement tu dis fichier .?
    0
  9. Philippo69 Messages postés 11 Date d'inscription   Statut Membre Dernière intervention  
     
    oui c window system32

    Voila un rapport combofix

    ComboFix 10-02-18.03 - Gouvernor 18/02/2010 21:50:19.1.4 - x86
    Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1033.18.3326.2478 [GMT 1:00]
    Lancé depuis: c:\users\Gouvernor\Desktop\ComboFix.exe
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2010-01-18 au 2010-02-18 ))))))))))))))))))))))))))))))))))))
    .

    2010-02-18 21:16 . 2010-02-18 21:16 -------- d-----w- c:\users\Gouvernor\AppData\Local\temp
    2010-02-18 21:16 . 2010-02-18 21:16 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-02-18 21:16 . 2010-02-18 21:16 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-02-18 20:35 . 2010-02-18 20:42 -------- d-----w- C:\32788R22FWJFW
    2010-02-18 20:13 . 2010-02-18 20:26 -------- d-----w- c:\program files\trend micro
    2010-02-18 20:12 . 2010-02-18 20:26 -------- d-----w- C:\rsit
    2010-02-18 19:57 . 2010-02-18 20:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-02-18 19:57 . 2010-02-18 20:36 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2010-02-18 14:53 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-02-18 14:53 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-02-18 14:53 . 2010-02-18 14:53 -------- d-----w- c:\programdata\Avira
    2010-02-18 14:53 . 2010-02-18 14:53 -------- d-----w- c:\program files\Avira
    2010-02-18 09:18 . 2010-02-18 09:18 -------- d-----w- c:\users\Gouvernor\AppData\Local\Threat Expert
    2010-02-18 08:58 . 2010-02-02 09:13 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
    2010-02-18 08:58 . 2010-02-02 09:13 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
    2010-02-18 08:58 . 2010-02-02 09:13 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
    2010-02-18 08:54 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
    2010-02-18 08:52 . 2010-02-18 08:52 -------- d-----w- c:\users\Gouvernor\AppData\Roaming\PC Tools
    2010-02-18 08:23 . 2010-02-18 08:31 -------- d-----w- C:\regsearch
    2010-02-17 18:33 . 2010-02-17 18:33 -------- d-----w- c:\users\Gouvernor\AppData\Local\Iceni
    2010-02-17 18:33 . 2009-05-11 15:33 56000 ----a-w- c:\programdata\Aspell\Dictionaries\Uninstall-AspellDict-en.exe
    2010-02-17 18:33 . 2009-05-11 15:33 55755 ----a-w- c:\programdata\Aspell\Dictionaries\Uninstall-AspellDict-uk.exe
    2010-02-17 18:32 . 2010-02-17 18:33 -------- d-----w- c:\programdata\Aspell
    2010-02-17 18:32 . 2010-02-17 18:32 -------- d-----w- c:\users\Gouvernor\AppData\Roaming\Iceni
    2010-02-17 18:32 . 2010-02-17 18:32 -------- d-----w- c:\programdata\Iceni
    2010-02-17 18:32 . 2010-02-17 18:32 -------- d-----w- c:\users\Gouvernor\AppData\Roaming\Aspell
    2010-02-17 18:32 . 2010-02-17 18:32 -------- d-----w- c:\program files\Iceni
    2010-02-17 18:00 . 2010-02-17 18:00 125952 ----a-w- c:\programdata\ParetoLogic\UUS2\Temp\Update.exe
    2010-02-17 17:51 . 2010-02-17 22:13 -------- d-----w- c:\programdata\ParetoLogic
    2010-02-17 17:51 . 2010-02-17 22:13 -------- d-----w- c:\program files\Common Files\ParetoLogic
    2010-02-17 17:50 . 2010-02-17 17:50 -------- d-----w- c:\users\Gouvernor\AppData\Local\Downloaded Installations
    2010-02-17 11:01 . 2010-02-17 11:01 -------- d-----w- C:\_OTL
    2010-02-17 10:47 . 2010-02-17 10:49 -------- d-----w- c:\users\Gouvernor\AppData\Roaming\QuickScan
    2010-02-17 10:47 . 2010-01-11 16:33 789320 ----a-w- c:\users\Gouvernor\AppData\Roaming\Mozilla\Firefox\Profiles\qd57niut.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    2010-02-17 10:47 . 2010-01-11 16:32 698184 ----a-w- c:\users\Gouvernor\AppData\Roaming\Mozilla\Firefox\Profiles\qd57niut.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
    2010-02-16 13:26 . 2010-02-17 14:22 -------- d-----w- c:\users\Gouvernor\AppData\Roaming\dvdcss
    2010-02-16 13:06 . 2010-02-18 15:28 -------- d-----w- c:\users\Gouvernor\AppData\Roaming\vlc
    2010-02-16 13:05 . 2010-02-16 13:05 -------- d-----w- c:\users\Gouvernor\AppData\Roaming\Malwarebytes
    2010-02-16 13:05 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-02-16 13:04 . 2010-02-16 13:04 -------- d-----w- c:\programdata\Malwarebytes
    2010-02-16 13:04 . 2010-02-16 13:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-02-16 13:04 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-02-16 13:03 . 2010-02-16 13:03 -------- d-----w- c:\program files\VideoLAN
    2010-02-16 11:20 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2010-02-15 18:38 . 2010-02-16 20:49 -------- d-----w- c:\program files\Tutorial
    2010-02-15 17:36 . 2010-02-15 17:34 339968 ---h--w- c:\users\Gouvernor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Symst.exe
    2010-02-15 14:36 . 2010-02-16 01:05 -------- d-----w- c:\program files\NirSoft
    2010-02-15 11:12 . 2010-02-15 11:12 -------- d--h--w- c:\programdata\CanonIJSolutionMenu
    2010-02-15 11:12 . 2010-02-15 11:12 -------- d--h--w- c:\programdata\CanonIJMyPrinter
    2010-02-15 11:12 . 2010-02-15 13:26 -------- d-----w- c:\programdata\CanonIJPLM
    2010-02-15 11:10 . 2010-02-15 11:10 -------- d-----w- c:\program files\Common Files\CANON
    2010-02-15 10:53 . 2010-02-15 10:53 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
    2010-02-15 10:53 . 2008-04-07 05:58 1339392 ----a-w- c:\windows\system32\CNC240C.DLL
    2010-02-15 10:53 . 2008-04-07 05:58 98304 ----a-w- c:\windows\system32\CNC240I.DLL
    2010-02-15 10:53 . 2008-03-10 04:59 270336 ----a-w- c:\windows\system32\CNC240L.DLL
    2010-02-15 10:53 . 2007-03-15 05:12 188416 ----a-w- c:\windows\system32\CNC240O.DLL
    2010-02-15 10:53 . 2010-02-15 10:53 -------- d--h--w- c:\program files\CanonBJ
    2010-02-15 10:52 . 2010-02-15 11:12 -------- d-----w- c:\program files\Canon
    2010-02-15 09:40 . 2010-02-15 14:04 -------- d-----w- C:\Spn
    2010-02-15 09:19 . 2010-02-15 09:34 -------- d-----w- c:\users\Gouvernor\AppData\Roaming\MessengerLog 360
    2010-02-15 09:18 . 2010-02-15 23:55 -------- d-----w- c:\program files\MessengerLog 360
    2010-02-15 08:45 . 2002-12-05 13:16 84992 ----a-w- c:\windows\system32\atl70.dll
    2010-02-15 08:45 . 2001-03-08 17:30 24064 ----a-w- c:\windows\system32\msxml3a.dll
    2010-02-15 08:35 . 2010-02-15 08:35 2157 ----a-w- c:\users\Gouvernor\AppData\Roaming\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
    2010-02-15 08:35 . 2010-02-15 08:35 2095 ----a-w- c:\users\Gouvernor\AppData\Roaming\.purple\certificates\x509\tls_peers\login.live.com
    2010-02-15 08:31 . 2010-02-15 10:18 -------- d-----w- c:\users\Gouvernor\AppData\Roaming\.purple
    2010-02-15 08:29 . 2010-02-15 08:29 -------- d-----w- c:\program files\Common Files\GTK
    2010-02-14 11:39 . 2010-02-14 14:36 -------- d-----w- c:\users\Gouvernor\AppData\Roaming\DMCache
    2010-02-14 10:53 . 2010-02-14 10:53 -------- d-----w- c:\windows\IP Changer
    2010-02-14 09:48 . 2010-02-14 09:48 -------- d-----w- c:\program files\Shabestar.net
    2010-02-12 15:23 . 2008-02-07 12:34 5206016 ----a-w- c:\windows\system32\mkl_genarts.dll
    2010-02-12 15:22 . 2006-09-20 15:49 200704 ----a-w- c:\windows\system32\libguide40.dll
    2010-02-12 15:22 . 2008-12-02 09:59 3731456 ----a-w- c:\windows\system32\sapphire_ae.dll
    2010-02-12 11:31 . 2010-02-13 19:39 -------- d-----w- c:\users\Gouvernor\AppData\Roaming\GridIron
    2010-02-12 11:31 . 2010-02-12 11:31 -------- d-----w- c:\users\Gouvernor\AppData\Roaming\GridIron Software
    2010-02-11 13:51 . 2010-02-13 19:40 -------- d-----w- c:\users\Gouvernor\AppData\Roaming\XnView
    2010-02-11 13:50 . 2010-02-11 13:50 -------- d-----w- c:\program files\XnView
    2010-02-10 11:10 . 2010-02-10 11:10 -------- d-----w- c:\windows\ProAnimator
    2010-02-08 19:57 . 2010-02-08 19:57 -------- d-----w- c:\program files\AliveMedia
    2010-02-06 15:12 . 2010-02-06 15:12 -------- d-----w- c:\windows\Sun
    2010-02-04 18:54 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
    2010-02-04 18:54 . 1998-07-13 00:08 59904 ----a-w- c:\windows\system32\MSCC2FR.DLL
    2010-02-04 18:54 . 1998-07-13 00:08 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
    2010-02-04 18:54 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
    2010-02-04 18:54 . 2010-02-04 18:54 -------- d-----w- c:\program files\PDFCreator
    2010-02-04 11:32 . 2010-02-04 11:44 -------- d-----w- c:\program files\Access Password Recovery Master
    2010-02-04 10:49 . 2010-02-15 14:34 -------- d-----w- c:\program files\ElcomSoft
    2010-02-03 20:02 . 2010-02-03 20:02 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
    2010-02-02 11:05 . 2010-02-02 11:05 -------- d-----w- c:\users\Gouvernor\AppData\Local\LogiShrd
    2010-02-02 11:03 . 2009-10-07 08:48 539160 ----a-w- c:\windows\system32\LVUI2RC.dll
    2010-02-02 11:03 . 2009-10-07 08:48 539160 ----a-w- c:\windows\system32\LVUI2.dll
    2010-02-02 11:03 . 2009-10-07 08:43 416280 ----a-w- c:\windows\system32\LVCodec2.dll
    2010-02-02 11:03 . 2009-04-30 23:01 265496 ----a-w- c:\windows\system32\drivers\lvrs.sys
    2010-02-02 11:03 . 2009-04-30 22:57 199192 ----a-w- c:\windows\system32\lvci1201278.dll
    2010-02-02 11:03 . 2009-04-30 22:55 13976 ----a-w- c:\windows\system32\drivers\lv302af.sys
    2010-02-02 11:03 . 2009-04-30 22:39 34068 ----a-w- c:\windows\system32\Repository.reg
    2010-02-02 10:25 . 2010-02-02 10:25 -------- d-----w- c:\users\Gouvernor\AppData\Local\Logitech-LS
    2010-02-02 10:22 . 2005-07-19 16:31 53248 ----a-r- c:\windows\system32\InstMed.exe
    2010-02-02 10:22 . 2010-02-02 10:22 -------- d-----w- c:\program files\Common Files\Logitech
    2010-02-02 10:22 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2010-02-02 10:22 . 2003-02-21 04:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-02-02 10:22 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
    2010-02-02 10:22 . 2003-03-18 20:44 57344 ----a-w- c:\windows\system32\MFC71ENU.DLL
    2010-01-31 11:00 . 2009-04-09 12:50 262144 ----a-w- c:\windows\system32\MSL_All-DLL80_x86.dll
    2010-01-31 11:00 . 2009-09-10 22:51 172544 ----a-w- c:\windows\system32\Boris TTK Utilities.dll
    2010-01-31 11:00 . 2009-09-10 22:54 775680 ----a-w- c:\windows\system32\Boris TTK Scene.dll
    2010-01-31 11:00 . 2009-09-10 22:52 1072128 ----a-w- c:\windows\system32\Boris TTK Renderer.dll
    2010-01-31 11:00 . 2009-09-10 22:54 94720 ----a-w- c:\windows\system32\Boris TTK Render Node.dll
    2010-01-31 11:00 . 2009-09-10 23:01 13102080 ----a-w- c:\windows\system32\Boris TTK AE.dll
    2010-01-31 10:59 . 2009-11-07 13:18 18933760 ----a-w- c:\windows\system32\BCC6_AE_16Bit.dll
    2010-01-31 10:59 . 2003-06-26 09:04 237568 ----a-r- c:\windows\system32\qtmlClient.dll
    2010-01-31 10:58 . 2010-02-12 15:28 -------- d-----w- c:\program files\Boris FX, Inc
    2010-01-31 10:58 . 2009-11-07 13:18 18832896 ----a-w- c:\windows\system32\BCC6_AE_8Bit.dll
    2010-01-29 14:42 . 2010-02-15 08:03 -------- d-----w- c:\program files\Common Files\BioWare
    2010-01-27 19:26 . 2010-01-27 19:26 -------- d-----w- c:\programdata\Messenger Plus!
    2010-01-27 19:26 . 2010-01-27 19:26 -------- d-----w- c:\program files\Messenger Plus! Live
    2010-01-26 18:02 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
    2010-01-26 18:02 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
    2010-01-24 18:32 . 2010-02-17 22:37 -------- d-----w- c:\program files\Call of Duty Modern Warfare 2
    2010-01-24 16:21 . 2010-01-24 16:21 -------- d-----w- c:\program files\ESET
    2010-01-24 16:08 . 2010-01-24 16:08 -------- d-----w- c:\program files\Trapcode Form
    2010-01-24 15:43 . 2010-01-24 16:52 -------- d-----w- c:\program files\GenArts
    2010-01-24 12:54 . 2004-03-29 16:23 90112 ----a-w- c:\windows\unvise32.exe
    2010-01-22 19:07 . 2010-01-22 19:07 -------- d-----w- c:\program files\MSXML 4.0
    2010-01-22 09:38 . 2010-01-22 09:38 -------- d-----w- c:\users\Gouvernor\AppData\Roaming\Nero

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-02-18 21:14 . 2010-02-18 08:52 -------- d-----w- c:\program files\Spyware Doctor
    2010-02-18 20:44 . 2010-01-16 21:53 -------- d-----w- c:\programdata\NVIDIA
    2010-02-18 20:44 . 2010-01-16 20:38 16608 ----a-w- c:\windows\gdrv.sys
    2010-02-18 10:03 . 2010-01-16 19:08 692886 ----a-w- c:\windows\system32\perfh00C.dat
    2010-02-18 10:03 . 2010-01-16 19:08 126998 ----a-w- c:\windows\system32\perfc00C.dat
    2010-02-18 08:58 . 2010-02-18 08:52 -------- d-----w- c:\programdata\PC Tools
    2010-02-18 08:54 . 2010-02-18 08:52 -------- d-----w- c:\program files\Common Files\PC Tools
    2010-02-17 13:47 . 2010-01-16 21:06 -------- d-----w- c:\programdata\ma-config.com
    2010-02-17 13:47 . 2010-01-16 21:06 -------- d-----w- c:\program files\ma-config.com
    2010-02-17 10:54 . 2010-01-17 15:57 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
    2010-02-17 10:54 . 2010-01-17 15:57 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2010-02-17 10:54 . 2010-01-17 15:57 171552 ----a-w- c:\windows\system32\guard32.dll
    2010-02-17 10:54 . 2010-01-17 15:57 130960 ----a-w- c:\windows\system32\drivers\cmdguard.sys
    2010-02-16 01:02 . 2010-01-18 23:51 1 ----a-w- c:\users\Gouvernor\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2010-02-15 17:36 . 2010-01-16 20:40 -------- d-----w- c:\program files\Intel
    2010-02-13 19:43 . 2010-02-13 19:43 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2010-02-13 19:43 . 2010-02-13 19:43 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
    2010-02-13 19:43 . 2010-02-13 19:43 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
    2010-02-13 19:40 . 2010-01-17 16:03 -------- d-----w- c:\users\Gouvernor\AppData\Roaming\BitTorrent
    2010-02-13 19:40 . 2010-01-17 15:57 -------- d-----w- c:\programdata\Comodo
    2010-02-13 19:40 . 2010-01-17 10:52 -------- d-----w- c:\programdata\FLEXnet
    2010-02-13 19:39 . 2010-01-18 23:51 -------- d-----w- c:\users\Gouvernor\AppData\Roaming\OpenOffice.org
    2010-02-11 18:02 . 2010-01-16 20:40 157104 ----a-w- c:\users\Gouvernor\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-02-10 11:08 . 2010-02-10 11:08 1942 ----a-w- c:\program files\trapcodehorizon.log
    2010-02-05 08:25 . 2010-02-18 08:52 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2010-02-05 08:18 . 2010-02-18 08:53 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
    2010-02-05 08:17 . 2010-02-18 08:53 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2010-02-04 15:14 . 2010-02-04 15:14 -------- d--h--w- c:\programdata\CanonBJ
    2010-02-02 11:05 . 2010-01-18 18:08 -------- d-----w- c:\program files\Logitech
    2010-02-02 11:04 . 2010-01-18 18:08 -------- d-----w- c:\program files\Common Files\Logishrd
    2010-02-02 11:03 . 2010-01-18 18:12 -------- d-----w- c:\programdata\LogiShrd
    2010-02-02 10:32 . 2010-01-18 21:30 -------- d-----w- c:\program files\CCleaner
    2010-02-02 10:22 . 2010-01-16 20:39 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-02-02 09:21 . 2010-01-17 01:42 -------- d-----w- c:\programdata\Google Updater
    2010-02-01 17:40 . 2010-01-17 01:42 -------- d-----w- c:\program files\Google
    2010-01-21 23:21 . 2010-02-18 08:54 149456 ----a-w- c:\windows\SGDetectionTool.dll
    2010-01-21 23:21 . 2010-02-18 08:54 1652688 ----a-w- c:\windows\PCTBDCore.dll
    2010-01-21 23:21 . 2010-02-18 08:54 767952 ----a-w- c:\windows\BDTSupport.dll
    2010-01-21 12:27 . 2010-01-18 23:48 -------- d-----w- c:\program files\Java
    2010-01-20 20:06 . 2010-01-16 21:52 -------- d-----w- c:\program files\AGEIA Technologies
    2010-01-18 23:49 . 2010-01-18 23:49 -------- d-----w- c:\program files\JRE
    2010-01-18 23:49 . 2010-01-18 23:49 -------- d-----w- c:\program files\OpenOffice.org 3
    2010-01-18 20:08 . 2010-01-18 19:59 -------- d-----w- c:\program files\BFVCC Server Manager
    2010-01-18 20:01 . 2010-01-18 20:01 553 ----a-w- c:\windows\eReg.dat
    2010-01-18 20:00 . 2010-01-18 20:00 -------- d-----w- c:\program files\AceGain
    2010-01-18 20:00 . 2010-01-18 19:59 729088 ----a-w- c:\windows\iun6002.exe
    2010-01-18 19:48 . 2010-01-16 20:39 -------- d-----w- c:\program files\Common Files\InstallShield
    2010-01-18 18:14 . 2010-01-18 18:14 -------- d-----w- c:\users\Gouvernor\AppData\Roaming\Logitech
    2010-01-18 18:14 . 2010-01-18 18:14 -------- d-----w- c:\users\Gouvernor\AppData\Roaming\Leadertech
    2010-01-18 18:08 . 2010-01-18 18:08 -------- d-----w- c:\programdata\Logitech
    2010-01-18 17:50 . 2010-01-18 17:50 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
    2010-01-18 17:21 . 2010-01-18 17:21 1834 ----a-w- c:\users\Gouvernor\AppData\Roaming\SAS7_000.DAT
    2010-01-18 16:45 . 2010-01-18 16:45 -------- d-----w- c:\programdata\InstallShield
    2010-01-17 16:03 . 2010-01-17 16:03 -------- d-----w- c:\program files\BitTorrent
    2010-01-17 15:57 . 2010-01-17 15:57 -------- d-----w- c:\program files\COMODO
    2010-01-17 15:29 . 2010-01-17 10:12 -------- d-----w- c:\program files\Common Files\Adobe
    2010-01-17 10:56 . 2010-01-17 10:54 -------- d-----w- c:\programdata\Apple Computer
    2010-01-17 10:54 . 2010-01-17 10:54 -------- d-----w- c:\program files\QuickTime
    2010-01-17 10:53 . 2010-01-17 10:53 -------- d-----w- c:\program files\Apple Software Update
    2010-01-17 10:53 . 2010-01-17 10:53 -------- d-----w- c:\programdata\Apple
    2010-01-17 10:39 . 2010-01-17 10:39 -------- d-----w- c:\programdata\ALM
    2010-01-17 10:36 . 2010-01-17 10:36 -------- d-----w- c:\program files\Common Files\PX Storage Engine
    2010-01-17 10:23 . 2010-01-17 10:23 -------- d-----w- c:\program files\Adobe Media Player
    2010-01-17 10:18 . 2010-01-17 10:18 -------- d-----w- c:\program files\Common Files\Macrovision Shared
    2010-01-17 10:08 . 2010-01-16 16:33 -------- d-----w- c:\users\Gouvernor\AppData\Roaming\DAEMON Tools Lite
    2010-01-17 02:19 . 2010-01-17 02:19 -------- d-----w- c:\program files\Microsoft
    2010-01-17 02:19 . 2010-01-17 02:18 -------- d-----w- c:\program files\Windows Live
    2010-01-17 02:19 . 2010-01-17 02:19 -------- d-----w- c:\program files\Windows Live SkyDrive
    2010-01-17 02:16 . 2010-01-17 02:16 -------- d-----w- c:\program files\Common Files\Windows Live
    2010-01-17 01:53 . 2010-01-17 01:53 0 ----a-w- c:\windows\nsreg.dat
    2010-01-16 21:53 . 2010-01-16 21:52 -------- d-----w- c:\program files\NVIDIA Corporation
    2010-01-16 21:52 . 2010-01-16 21:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-01-16 21:41 . 2010-01-16 21:18 -------- d-----w- c:\program files\Realtek
    2010-01-16 21:23 . 2010-01-16 21:23 -------- d-----w- c:\program files\TuneUp Utilities 2010
    2010-01-16 21:23 . 2010-01-16 21:23 -------- d-----w- c:\users\Gouvernor\AppData\Roaming\TuneUp Software
    2010-01-16 21:23 . 2010-01-16 21:23 -------- d-----w- c:\programdata\TuneUp Software
    2010-01-16 21:23 . 2010-01-16 21:23 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
    2010-01-16 20:42 . 2010-01-16 20:42 319456 ----a-w- c:\windows\DIFxAPI.dll
    2010-01-16 20:39 . 2010-01-16 20:39 -------- d-----w- c:\program files\Browser Configuration Utility
    2010-01-16 20:39 . 2010-01-16 20:39 -------- d-----w- c:\program files\GIGABYTE
    2010-01-16 19:07 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
    2010-01-16 19:07 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
    2010-01-16 19:07 . 2009-07-14 07:50 -------- d-----w- c:\program files\Windows Journal
    2010-01-16 19:07 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
    2010-01-16 19:07 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender
    2010-01-16 19:07 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
    2010-01-16 19:07 . 2010-01-16 19:08 38160 ----a-w- c:\windows\system32\perfd00C.dat
    2010-01-16 19:07 . 2010-01-16 19:08 344522 ----a-w- c:\windows\system32\perfi00C.dat
    2010-01-16 19:07 . 2010-01-16 19:07 38160 ----a-w- c:\windows\inf\PERFLIB\040C\perfd.dat
    2010-01-16 19:07 . 2010-01-16 19:07 38160 ----a-w- c:\windows\inf\PERFLIB\040C\perfc.dat
    2010-01-16 19:07 . 2010-01-16 19:07 344522 ----a-w- c:\windows\inf\PERFLIB\040C\perfi.dat
    2010-01-16 19:07 . 2010-01-16 19:07 344522 ----a-w- c:\windows\inf\PERFLIB\040C\perfh.dat
    2010-01-16 16:34 . 2010-01-16 16:34 -------- d-----w- c:\program files\DAEMON Tools Lite
    2010-01-16 16:34 . 2010-01-16 16:34 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-01-16 16:33 . 2010-01-16 16:33 -------- d-----w- c:\programdata\DAEMON Tools Lite
    2010-01-14 10:12 . 2010-01-16 14:22 181120 ------w- c:\windows\system32\MpSigStub.exe
    2010-01-03 11:31 . 2010-01-03 11:31 4 ----a-w- C:\loadcounter.dat
    2009-12-25 17:51 . 2010-01-16 21:41 1539104 ----a-w- c:\windows\system32\RtkPgExt.dll
    2009-12-25 17:51 . 2010-01-16 21:41 56864 ----a-w- c:\windows\system32\RtkCoInst.dll
    2009-12-25 17:51 . 2010-01-16 21:41 371232 ----a-w- c:\windows\system32\RtkApoApi.dll
    2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
    2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
    "AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS4\Bridge.exe" [2008-08-28 13145448]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-17 39408]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-25 8129056]
    "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-01-17 122880]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-17 1800464]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-03 1848648]
    "Symst"="c:\program files\Intel\lses.exe" [2006-02-15 339968]
    "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-01-18 1286608]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    c:\users\Gouvernor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
    Symst.exe [2010-2-15 339968]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-18 813584]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\guard32.dll

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" -systray -startup
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

    R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [18/02/2010 09:53 207280]
    R0 TfFsMon;TfFsMon;c:\windows\System32\drivers\TfFsMon.sys [18/02/2010 09:58 51984]
    R0 TfSysMon;TfSysMon;c:\windows\System32\drivers\TfSysMon.sys [18/02/2010 09:58 59664]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [17/01/2010 16:57 130960]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [17/01/2010 16:57 29520]
    R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [18/02/2010 09:53 233136]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [18/02/2010 15:53 108289]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [18/02/2010 09:54 112592]
    R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [16/01/2010 21:39 80392]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [18/02/2010 20:57 1153368]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [18/02/2010 09:52 365280]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [20/11/2009 19:17 240232]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [17/12/2009 21:00 1044808]
    R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [18/02/2010 09:52 70408]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [16/01/2010 22:18 233472]
    R3 TfNetMon;TfNetMon;c:\windows\System32\drivers\TfNetMon.sys [18/02/2010 09:58 33552]
    R3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064]
    S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [16/01/2010 17:34 691696]
    S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [01/02/2010 18:40 135664]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 05:46 284016]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [26/01/2010 17:45 243056]
    .
    Contenu du dossier 'Tâches planifiées'

    2010-02-18 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-17 09:21]

    2010-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 17:40]

    2010-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 17:40]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    uInternet Settings,ProxyOverride = local
    IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Ajouter à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: Liens de téléchargement avec Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
    LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    FF - ProfilePath - c:\users\Gouvernor\AppData\Roaming\Mozilla\Firefox\Profiles\qd57niut.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    FF - component: c:\users\Gouvernor\AppData\Roaming\Mozilla\Firefox\Profiles\qd57niut.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: c:\users\Gouvernor\AppData\Roaming\Mozilla\Firefox\Profiles\qd57niut.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

    ---- PARAMETRES FIREFOX ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    AddRemove-HijackThis - c:\users\Gouvernor\Downloads\HijackThis.exe

    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\GenArts\Sapphire AE\Install-{4E41A485-04D4-CF7C-6CE3-27F7BEAE7048}\Data*]
    @DACL=
    "CTE_32 Name"="696801:{C3B8A1BC-8B18-94D5-AD04-2B3354994626}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\GenArts\Sapphire AE\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*]
    @DACL=
    "DefaultSettings"="99:{C6DDA450-F687-55DF-CA23-1A5083308C5D}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectInput\Compatibility\CLIENT2._EXE35FEFABD00088200*]
    @DACL=
    "MaxDeviceNameLen"="1cE7a 0000èËâ4a6c"
    "NoPollSucceed"="{AC77A82B-0D56-9960-509F-8ADAAFDD0D29}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install*Loc\VxDs]
    @DACL=
    "CTE_32 Name"="2455240:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Install*Loc\xga-1-{64731909-3FB5-2F2B-7CA8-BB5B31E599CB}\Version 1.1]
    @DACL=
    "dat"="806585365:{7DBF3789-BCF3-8FDC-390A-3DF926104317}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\z*\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}]
    @DACL=
    "DefaultSettings"="2455261:{37C8840C-72FD-B1F6-4FC1-23A6EF5B6255}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{62D28299-D933-94D0-DB3A-72CE80B90C36}*\Install*Loc\xga-3\dat]
    @DACL=
    "default"="516231893:{774E5529-CA19-87C9-BCB2-377F21764179}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\xga-1-{64731909-3FB5-2F2B-7CA8-BB5B31E599CB}\Version 3.x]
    @DACL=
    "dat"="1767914624:{AD3DDE91-A641-23DE-96FD-B6A450167F74}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smase._dll*]
    @DACL=
    "AplicationGoo"="1c)#5e¾1d11?ál6bc1Ö"
    "ChkAppHelp"="{E6F58181-9166-5086-9C37-FF2E3F223C92}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WinXGA*\Providers*\{D9EBEC66-68A6-092F-CBD1-713C347AA5E0}\Current*Set\xga-3\ver]
    @DACL=
    "KnownSvcs"="923714602:{C4CDFB8F-D03C-CB55-A273-FF436E892B54}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\XBMga*\UUIDs\{4EF07DC3-FD1C-135E-EFC3-322ABF04FB6F}\xga-3\Install*Loc]
    @DACL=
    "{19620715-0001-1211-574574-30001}"="234522110:{4A7D9367-F51A-AEA4-0255-C14E2897EEB4}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\xGenArts\Sapphire AE\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}]
    @DACL=
    "CTE_32 Name"="8:{19C42D30-D844-8A07-12A4-E783E7D228F7}"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(800)
    c:\program files\Spyware Doctor\TFEngine\TFWAH.dll

    - - - - - - - > 'lsass.exe'(620)
    c:\program files\Spyware Doctor\TFEngine\TFWAH.dll
    .
    Heure de fin: 2010-02-18 22:30:40
    ComboFix-quarantined-files.txt 2010-02-18 21:30
    ComboFix2.txt 2010-02-17 17:09
    ComboFix3.txt 2010-02-17 16:13

    Avant-CF: 237 447 176 192 octets libres
    Après-CF: 236 860 108 800 octets libres

    - - End Of File - - DB35277D16295A1746B8542BE8EC8D9C
    0
  10. Utilisateur anonyme
     
    Salut PHILIPPO ,

    J ai récupéré ton infection via un autre forum . Ton infection va etre ajoutée à usbfix , je te propose d attendre la mise a jours .

    0
  11. Utilisateur anonyme
     
    Re ,

    • Télécharge UsbFix sur ton Bureau :

    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir.

    • Double clic sur UsbFix.exe présent sur ton bureau .

    • Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

    • Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]

    • Ton bureau disparaîtra et le pc redémarrera.

    • Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.

    Ensuite poste le rapport UsbFix.txt qui apparaîtra avec le bureau.

    • Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    • Tuto : http://pagesperso-orange.fr/NosTools/tuto_usbfix3.html
    0
  12. Philippo69 Messages postés 11 Date d'inscription   Statut Membre Dernière intervention  
     
    slt

    voila le resultat

    ############################## | UsbFix V6.096 |

    User : Gouvernor (Administrators) # LOCAL
    Update on 19/02/2010 by El Desaparecido , C_XX & Chimay8
    Start at: 22:16:23 | 19/02/2010
    Website : http://pagesperso-orange.fr/NosTools/index.html
    Contact : FindyKill.Contact@gmail.com

    Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
    Microsoft Windows 7 Édition Intégrale (6.1.7600 32-bit) #
    Internet Explorer 8.0.7600.16385
    Windows Firewall Status : Enabled

    C:\ -> Disque fixe local # 465,75 Go (215,29 Go free) # NTFS
    D:\ -> Disque fixe local # 372,61 Go (131,81 Go free) [New DD] # NTFS
    E:\ -> Disque CD-ROM
    F:\ -> Disque CD-ROM
    G:\ -> Disque amovible # 980,72 Mo (243,59 Mo free) # FAT

    ############################## | Processus actifs |

    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\LogonUI.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Windows\system32\astsrv.exe
    C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Windows\system32\runonce.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ################## | Elements infectieux |

    Supprimé ! C:\Users\GOUVER~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Symst.exe
    Supprimé ! C:\$Recycle.Bin\S-1-5-21-2177016412-999680989-3791653190-1001
    Supprimé ! D:\$Recycle.Bin\S-1-5-21-1422849372-567979575-93726810-1001
    Supprimé ! D:\$Recycle.Bin\S-1-5-21-2177016412-999680989-3791653190-1001
    Supprimé ! D:\$Recycle.Bin\S-1-5-21-4189993341-2051722357-3860364111-1000
    Supprimé ! D:\Recycler\S-1-5-21-1060284298-1682526488-682003330-500
    Supprimé ! D:\Recycler\S-1-5-21-1123561945-2111687655-839522115-1003
    Supprimé ! D:\Recycler\S-1-5-21-117609710-1645522239-839522115-1003
    Supprimé ! D:\Recycler\S-1-5-21-1960408961-682003330-725345543-500
    Supprimé ! D:\Recycler\S-1-5-21-515967899-1078081533-1644491937-500
    Supprimé ! D:\Recycler\S-1-5-21-854245398-1364589140-1417001333-500
    G:\autorun.inf -> fichier appelé : "G:\usb.exe
    " ( Absent ! )
    Supprimé ! G:\autorun.inf
    Supprimé ! G:\usb.exe

    ################## | MD5 |

    Supprimé ! C:\Users\Gouvernor\Desktop\Intel\lses.exe
    Supprimé ! C:\_OTM\MovedFiles\02192010_112139\c_program files\Intel\lses.exe

    ################## | Registre |

    Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoChangeStartMenu"
    Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
    Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

    ################## | Mountpoints2 |

    ################## | Listing des fichiers présent |

    [10/06/2009 22:42|--a------|24] C:\autoexec.bat
    [14/07/2009 02:38|-rahs----|383562] C:\bootmgr
    [16/01/2010 23:41|-rahs----|8192] C:\BOOTSECT.BAK
    [18/02/2010 22:30|--a------|33161] C:\ComboFix.txt
    [10/06/2009 22:42|--a------|10] C:\config.sys
    [16/01/2010 21:57|--a------|87] C:\csb.log
    [16/01/2010 20:15|-rahs----|181408] C:\grldr
    [?|?|?] C:\hiberfil.sys
    [16/02/2010 15:40|-rahs----|0] C:\IO.SYS
    [03/01/2010 12:31|--a------|4] C:\loadcounter.dat
    [16/02/2010 15:40|-rahs----|0] C:\MSDOS.SYS
    [29/02/2004 16:44|--a------|52576] C:\orange.bmp
    [?|?|?] C:\pagefile.sys
    [16/01/2010 21:42|--a------|390] C:\RHDSetup.log
    [17/02/2010 18:58|--a------|2193] C:\rollback.ini
    [19/02/2010 22:16|--a------|125] C:\service.log
    [20/02/2010 01:30|--a------|4950] C:\UsbFix.txt
    [08/01/2010 12:15|--a------|36157] D:\107 2.jpg
    [08/01/2010 12:17|--a------|32060] D:\107 3.jpg
    [08/01/2010 12:14|--a------|8895] D:\107.jpg
    [28/08/2009 08:37|--a------|5774] D:\545eddce79f48bc8d3d130e69b25f2a799f.zip
    [28/12/2008 16:30|--a------|29238] D:\78.zip
    [28/12/2008 16:29|--a------|2375601] D:\80.zip
    [28/12/2008 16:29|--a------|41100] D:\81.zip
    [07/11/2009 09:49|--a------|47707172] D:\97.zip
    [18/11/2009 20:59|--a------|91098] D:\98-1.zip
    [08/12/2009 18:10|--a------|850787] D:\99.zip
    [16/11/2009 21:29|--a------|755056640] D:\Angels And Demons EXTENDED FRENCH REPACK BDRiP XViD-DST.avi
    [06/09/2009 08:00|--a------|1607266] D:\bar_web.mov
    [16/10/2009 18:38|--a------|6511440] D:\Beggin_' (Pilooski Edit).mp3
    [06/07/2009 10:32|--a------|138792964] D:\Best western very cool commercial.mpg
    [15/12/2009 21:48|--a------|226063] D:\billet de train paris.jpg
    [14/11/2009 23:09|--a------|49434628] D:\CANTAL Final soft.mpg
    [02/02/2009 16:02|--a------|74240] D:\Contrat_de_cession_de_droits_PP.doc
    [30/12/2009 15:04|--a------|707917] D:\Cv Bibi.odt
    [24/01/2010 14:46|--a------|21664153] D:\Datamator_1.5.zip
    [03/12/2009 16:52|--a------|9739139] D:\Datamator_Win_Full.zip
    [05/06/2009 12:07|--a------|40911] D:\depot concept.abw
    [05/06/2009 10:03|--a------|10814] D:\depot concept.doc
    [27/10/2009 17:46|--a------|19340] D:\flare.zip
    [07/11/2009 10:15|--a------|206] D:\FraiFrai.txt
    [09/12/2009 15:19|--a------|969261] D:\graphfr_EFFET-PAPIER-DECHIRE___Page.zip
    [27/10/2009 17:46|--a------|17683] D:\heart.zip
    [04/09/2009 15:36|--a------|1507389] D:\images touche clavier.rar
    [19/11/2009 12:13|--a------|14813756] D:\images.rar
    [12/03/2008 00:12|--a------|1125919] D:\l Affaire TAMARA01.jpg
    [30/12/2009 18:19|--a------|9525] D:\letttre motivation.odt
    [23/11/2009 08:00|--a------|13652140] D:\lulu test_New.avi
    [11/01/2010 16:19|-ra------|528] D:\MediaID.bin
    [22/06/2009 10:47|--a------|263922] D:\mini phil.jpg
    [28/11/2009 15:59|--a------|5719682] D:\musique.zip
    [26/11/2009 17:14|--a------|648042496] D:\new york.mpg
    [05/04/2009 20:04|--a------|1623] D:\Nouveau Document texte.txt
    [23/09/2009 10:42|--a------|48306180] D:\Numericable la bourgeoise.mpg
    [27/10/2009 11:09|--a------|81] D:\numero .txt
    [13/01/2010 20:11|--a------|588292] D:\Particle Sprite.aep
    [11/01/2010 20:19|--a------|739] D:\Particle SpriteReport.txt
    [03/12/2009 14:45|--a------|6854186] D:\Red.Giant.Holomatrix.1.0.rar
    [03/09/2009 08:04|--a------|7118830] D:\Robbies william.mp3
    [19/11/2009 09:05|--a------|6343388] D:\Setup_FreeFlvConverter.exe
    [04/07/2009 15:04|--a------|99245153] D:\soleil HD.mov
    [07/09/2009 20:19|--a------|7881] D:\son disparition.mp3
    [30/04/2008 11:30|--a------|57535937] D:\sounds.zip
    [21/08/2009 10:15|--a------|185559093] D:\Studio 2C d‚mo MP3 OCCO.zip
    [11/01/2010 14:16|--a------|264775] D:\test neon et autre connerie.aep
    [04/01/2010 16:40|--a------|63979] D:\test plug.aep
    [27/11/2009 16:22|--a------|9154407] D:\Times Square(1).flv
    [03/12/2009 12:24|--a------|205221755] D:\travaux rolos.rar
    [27/10/2009 17:49|--a------|2976365] D:\VC_Rain.zip
    [17/02/2010 15:16|--a------|41395984] G:\Final PVP Marion_New.avi
    [13/08/2005 18:39|--a------|731164672] G:\Pile.ou.Face...avi

    ################## | Vaccination |

    # C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
    # D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
    # G:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

    ################## | Upload |

    Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_LOCAL.zip : https://www.ionos.fr/?affiliate_id=77097
    Merci pour votre contribution .

    ################## | ! Fin du rapport # UsbFix V6.096 ! |
    0
  13. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    un revenant :)
    0
  14. Philippo69 Messages postés 11 Date d'inscription   Statut Membre Dernière intervention  
     
    Ha bah sorry je bossais hier et ma copine ne sais pas faire....

    Donc désolé
    0