Virus Win32 Purityscan-Q

Fermé
rome901 Messages postés 6 Date d'inscription lundi 3 décembre 2007 Statut Membre Dernière intervention 7 décembre 2007 - 3 déc. 2007 à 13:22
rudyrital Messages postés 6230 Date d'inscription lundi 14 novembre 2005 Statut Membre Dernière intervention 10 octobre 2009 - 17 déc. 2007 à 17:38
Bonjour,

J'ai quelques petits soucis avec mon pc portable. Avast a detecté un virus :Virus Win32 Purityscan-Q
que je n'arrive pas a supprimer. Alors j'ai fais un scan de mon pc avec hijacks this et voila ce qu'il m'indique!

Comme je n'y comprend pas grand chose, je fais appel a vous.

Si vous pouviez me dire tout ce qui cloche dans mon pc grace au scan que j'ai fais je vous en serais tres reconnaissant!!!

help me ;) merci d'avance.

voici mon scan :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:00:28, on 03/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Program Files\Fichiers communs\YDP\UserAccessManager\useraccess.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\msimn.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B8AEA819-67DE-3878-8B5A-4CE6028E0AE1} - C:\WINDOWS\system32\wmuicdj.dll (file missing)
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [msimn.exe] C:\WINDOWS\msimn.exe
O4 - HKLM\..\Run: [horylyva] C:\Program Files\Internet Explorer\horylyva77798.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\romain\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\romain\Application Data\Microsoft\Windows\rayiou.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SIMUL8 Parallel Processor (SIMUL8Parallel) - SIMUL8 Corporation - C:\Program Files\SIMUL8\SIMUL8_ParallelSVC.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC (UserAccess) - Unknown owner - C:\Program Files\Fichiers communs\YDP\UserAccessManager\useraccess.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\profsydy.html

16 réponses

rudyrital Messages postés 6230 Date d'inscription lundi 14 novembre 2005 Statut Membre Dernière intervention 10 octobre 2009 131
3 déc. 2007 à 19:58
Tout d'abord Bonjour et bienvenue sur le forum d'entraide COMMENT CA MARCHE

Clique sur ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
pour télécharger navilog1.exe.

Choisis Enregistrer

et enregistre-le sur ton bureau.

Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité du rapport dans ta réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)



0
j'ai suivit tes instructions, mais je ne suis pas certains que ca a changé quelque chose!!

voila ce que navilog1 me dit :

Search Navipromo version 3.3.6 commencé le 04/12/2007 à 10:31:57,87

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 14.11.2007 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11


*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\romain\Application Data ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun fichier trouvé dans :

- C:\WINDOWS\system32
- C:\DOCUME~1\ROMAIN\LOCALS~1\APPLIC~1



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans C:\DOCUME~1\ROMAIN\LOCALS~1\APPLIC~1 *



*** Recherche fichiers ***




*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

2)Recherche Heuristique :



3)Recherche Certificats :

Certificat Egroup absent !


*** Analyse terminée le 04/12/2007 à 10:32:37,12 ***

donc voila

Ne dois-je pas supprimer quelques lignes du scan de hijacks?

y-a-t'il d'autres moyen de trouver ces virus (cheval de troies) et de les eradiquer une bonne fois pour toutes?

merci de votre aide
0
rudyrital Messages postés 6230 Date d'inscription lundi 14 novembre 2005 Statut Membre Dernière intervention 10 octobre 2009 131
4 déc. 2007 à 21:53
Tu vas télécharger SmitFraudFix :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Suis ces procédures:

Double-clique sur smitfraudfix.exe
Sélectionne 1 (MAIS SURTOUT PAS LE 2 JE TE DIRAIS QUAND TU POURRA LE FAIRE ) puis appuie "entrer" ensuite un rapport sera généré dans ce chemin :

C:\rapport.txt

Puis tu le colle dans ton prochain post

Remarque:

Faux positif:
process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
http://www.beyondlogic.org/consulting/processutil/processutil.htm
0
voila le rapport effectué par SmitFraudFix :
SmitFraudFix v2.258

Rapport fait à 9:39:23,90, 05/12/2007
Executé à partir de C:\Documents and Settings\romain\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Program Files\Fichiers communs\YDP\UserAccessManager\useraccess.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\mrofinu1148.exe
C:\WINDOWS\msimn.exe
C:\Program Files\Internet Explorer\horylyva77798.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Insider\Insider.exe
C:\Documents and Settings\romain\Application Data\WinTouch\WinTouch.exe
C:\DOCUME~1\romain\APPLIC~1\RACLE~1\ping.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\romain


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\romain\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\romain\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\MalwareWiper\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\Windows NT\\profsydy.html"
"SubscribedURL"=""
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{82E5E421-B96E-4848-8AA7-8CFCD9587844}: DhcpNameServer=85.255.116.157,85.255.112.166
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8FEDED2D-763C-44CB-AEAA-5C9D637C4DDB}: DhcpNameServer=85.255.116.157,85.255.112.166
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B421AB8E-926B-4952-AABD-D4B19AF7E017}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{82E5E421-B96E-4848-8AA7-8CFCD9587844}: DhcpNameServer=85.255.116.157,85.255.112.166
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8FEDED2D-763C-44CB-AEAA-5C9D637C4DDB}: DhcpNameServer=85.255.116.157,85.255.112.166
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B421AB8E-926B-4952-AABD-D4B19AF7E017}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{82E5E421-B96E-4848-8AA7-8CFCD9587844}: DhcpNameServer=85.255.116.157,85.255.112.166
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8FEDED2D-763C-44CB-AEAA-5C9D637C4DDB}: DhcpNameServer=85.255.116.157,85.255.112.166
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B421AB8E-926B-4952-AABD-D4B19AF7E017}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
rudyrital Messages postés 6230 Date d'inscription lundi 14 novembre 2005 Statut Membre Dernière intervention 10 octobre 2009 131
5 déc. 2007 à 20:55
* Télécharge FixWareout d'un de ces deux sites sur le bureau:
http://downloads.subratam.org/Fixwareout.exe

* Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

*Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt)


ensuite seulement !!!


Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter.
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
Relance le programme Smitfraud,
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum

avec un nouveau rapport HijackThis! dans ta prochaine réponse.

0
rome901 Messages postés 6 Date d'inscription lundi 3 décembre 2007 Statut Membre Dernière intervention 7 décembre 2007
6 déc. 2007 à 12:25
voici le rapport fait avec Fixwareout :


Username "romain" - 06/12/2007 12:18:28 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{82E5E421-B96E-4848-8AA7-8CFCD9587844}
"DhcpNameServer"="85.255.116.157,85.255.112.166" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{8FEDED2D-763C-44CB-AEAA-5C9D637C4DDB}
"DhcpNameServer"="85.255.116.157,85.255.112.166" <Value cleared.

Cache de résolution DNS vidé.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....


C:\Program Files\MalwareWiper < Found
Additional tools are recommended.

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd.exe\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"DXDllRegExe"="dxdllreg.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"horylyva"="C:\\Program Files\\Internet Explorer\\horylyva77798.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"WinTouch"="C:\\Documents and Settings\\romain\\Application Data\\WinTouch\\WinTouch.exe"
"SfKg6w"="C:\\Documents and Settings\\romain\\Application Data\\Microsoft\\Windows\\rayiou.exe"
"Acmw"="\"C:\\DOCUME~1\\romain\\APPLIC~1\\RACLE~1\\ping.exe\" -vt yazb"
"Rxk"="C:\\WINDOWS\\system32\\??curity\\l?ass.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
C:\WINDOWS\repair\autoexec.nt missing
C:\WINDOWS\repair\Config.nt missing
~~~~~ End report ~~~~~
0
rome901 Messages postés 6 Date d'inscription lundi 3 décembre 2007 Statut Membre Dernière intervention 7 décembre 2007
6 déc. 2007 à 12:49
Voici le rapport avec SmitfraudFix en mode sans echec :
SmitFraudFix v2.258

Rapport fait à 12:38:50,25, 06/12/2007
Executé à partir de C:\Documents and Settings\romain\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\Program Files\MalwareWiper\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B421AB8E-926B-4952-AABD-D4B19AF7E017}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B421AB8E-926B-4952-AABD-D4B19AF7E017}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B421AB8E-926B-4952-AABD-D4B19AF7E017}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


Pour finir, voici le rapport avec HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:49, on 06/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Program Files\Fichiers communs\YDP\UserAccessManager\useraccess.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Internet Explorer\horylyva77798.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\romain\Application Data\WinTouch\WinTouch.exe
C:\DOCUME~1\romain\APPLIC~1\RACLE~1\ping.exe
C:\WINDOWS\system32\??curity\l?ass.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B8AEA819-67DE-3878-8B5A-4CE6028E0AE1} - C:\WINDOWS\system32\wmuicdj.dll (file missing)
O2 - BHO: (no name) - {B9A3AD4B-3288-3C2A-8F5A-4CE6028E0CB0} - C:\WINDOWS\system32\zovqbgh.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [horylyva] C:\Program Files\Internet Explorer\horylyva77798.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\romain\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\romain\Application Data\Microsoft\Windows\rayiou.exe
O4 - HKCU\..\Run: [Acmw] "C:\DOCUME~1\romain\APPLIC~1\RACLE~1\ping.exe" -vt yazb
O4 - HKCU\..\Run: [Rxk] C:\WINDOWS\system32\??curity\l?ass.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SIMUL8 Parallel Processor (SIMUL8Parallel) - SIMUL8 Corporation - C:\Program Files\SIMUL8\SIMUL8_ParallelSVC.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC (UserAccess) - Unknown owner - C:\Program Files\Fichiers communs\YDP\UserAccessManager\useraccess.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\profsydy.html
0
rudyrital Messages postés 6230 Date d'inscription lundi 14 novembre 2005 Statut Membre Dernière intervention 10 octobre 2009 131
6 déc. 2007 à 23:14
oui il en reste pas mal encore!!!


Télécharge « clean.zip »
http://www.malekal.com/download/clean.zip
•- Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier dénommé "clean ".

•- Redémarre en mode sans échec. ( note bien ce que tu as à faire ).
Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter.
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).


•- Ouvre le dossier « clean » qui se trouve sur ton bureau.
•- Double-clic sur « clean.cmd ».
Une fenêtre noire va apparaître, choisis l’option 2.

Clean va travailler.
•- Redémarre normalement
•- Poste qui se trouve ici C:\rapport_clean.txt.

(- Où est le rapport clean ? : « Poste de travail » / double clic sur disque « C / » double-clic sur « rapport_clean.txt » et « copier/coller le contenu » sur le forum. )






Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le scrïpt.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !


0
Voici le rapport fait avec clean :

Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 07/12/2007 a 0:49:16,96

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:
tentative de suppression de C:\StubInstaller.exe

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\bdod.bin

*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\Outerinfo"
tentative de suppression de "C:\Program Files\Viewpoint\"

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
0
rome901 Messages postés 6 Date d'inscription lundi 3 décembre 2007 Statut Membre Dernière intervention 7 décembre 2007
7 déc. 2007 à 01:35
rapport avec SDFix :


SDFix: Version 1.117

Run by romain on 07/12/2007 at 01:03

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\romain\Bureau\sdfix\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\PROGRA~1\WINDOW~1\PROFSY~1.HTM - Deleted
C:\PROGRA~1\INTERN~1\HORYLY~1.EXE - Deleted
C:\Documents and Settings\romain\Application Data\WinTouch\wintouch.cfg - Deleted
C:\Documents and Settings\romain\Application Data\WinTouch\WinTouch.exe - Deleted
C:\Documents and Settings\romain\Application Data\WinTouch\WTUninstaller.exe - Deleted



Folder C:\Documents and Settings\romain\Application Data\WinTouch - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-07 01:09:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
"CategoryMessageFile"=str(2):"c:\windows\system32\ESENT.dll"

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\romain\Local Settings\Application Data\Microsoft\Messenger\noemie.dal9@voila.fr\SharingMetadata\marionthiriet@msn.com\DFSR\Staging\CS{955DA5B3-A181-00A7-DC48-18D00742F083}\01\10-{955DA5B3-A181-00A7-DC48-18D00742F083}-v1-{0829C3DB-EBBE-4146-8EB5-E1BDD8190E08}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\romain\Local Settings\Application Data\Microsoft\Messenger\noemie.dal9@voila.fr\SharingMetadata\marionthiriet@msn.com\DFSR\Staging\CS{955DA5B3-A181-00A7-DC48-18D00742F083}\11\11-{0829C3DB-EBBE-4146-8EB5-E1BDD8190E08}-v11-{0829C3DB-EBBE-4146-8EB5-E1BDD8190E08}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1464 bytes hidden from API
C:\Documents and Settings\romain\Local Settings\Application Data\Microsoft\Messenger\noemie.dal9@voila.fr\SharingMetadata\marionthiriet@msn.com\DFSR\Staging\CS{955DA5B3-A181-00A7-DC48-18D00742F083}\29\629-{7D95708B-BC45-4512-A9F2-CD5A83F2F31F}-v629-{7D95708B-BC45-4512-A9F2-CD5A83F2F31F}-v629-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1000 bytes hidden from API
C:\Documents and Settings\romain\Local Settings\Application Data\Microsoft\Messenger\noemie.dal9@voila.fr\SharingMetadata\misspoupette_@hotmail.com\DFSR\Staging\CS{08283086-F059-FA4A-DE34-4DD68EAAA804}\01\12-{08283086-F059-FA4A-DE34-4DD68EAAA804}-v1-{0829C3DB-EBBE-4146-8EB5-E1BDD8190E08}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\romain\Local Settings\Application Data\Microsoft\Messenger\noemie.dal9@voila.fr\SharingMetadata\misspoupette_@hotmail.com\DFSR\Staging\CS{08283086-F059-FA4A-DE34-4DD68EAAA804}\49\49-{36D3318F-67CD-4FAA-9C70-0B838AA2BFBB}-v49-{36D3318F-67CD-4FAA-9C70-0B838AA2BFBB}-v49-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 920 bytes hidden from API
C:\Documents and Settings\romain\Local Settings\Application Data\Microsoft\Messenger\noemie.dal9@voila.fr\SharingMetadata\misspoupette_@hotmail.com\DFSR\Staging\CS{08283086-F059-FA4A-DE34-4DD68EAAA804}\50\50-{36D3318F-67CD-4FAA-9C70-0B838AA2BFBB}-v50-{36D3318F-67CD-4FAA-9C70-0B838AA2BFBB}-v50-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 888 bytes hidden from API
C:\Documents and Settings\romain\Mes documents\My Lockbox
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Anna shitting on floor while walking to the toilet (scat, standing shit, fetish, hard porn).mpg 14729512 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\(NuCiti.Com) Mfx 1185 - Swallow My Precious brazil youg Teen Lesben Slave Scat Piss Vomit Shit Enema Swallow Anal Sex XXXAfrican Ebony Afro Booty Butt Ass tits jugs brest wom.mpg 85528580 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\(NuCiti.com) mfx-751- Toilet Girl (Shit Eating, Piss Drinking, Vomit, Scat) Shitfest Big Booty Butt Ass Brazil worhip anal poo pee piss vomit Rim shit eat toilet spit lesbian f.mpg 301403310 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\02.wmv 706345 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\10.mpg 6019076 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\17.mpg 3921924 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\19310.mpeg 5320704 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\2.mpg 6281220 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\2.wmv 1629518 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\3.mpg 5349380 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\4.wmv 1509506 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Adult Teenager in the bathroom - great body - free sex stories black movies gay pics teen scat video nude girls porn young women big cum mature anal pussy asian(1).mpg 27038255 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\candacevon2.wmv 1145728 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\candacevon3.wmv 1309565 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\(NuCiti.com) Cowgirls Scat - MFX 8 Girl Shitfest Big Booty Butt Ass Brazil worhip anal poo pee piss vomit Rim shit eat toilet spit lesbian foot urine slave SML LM.mpg 211431428 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\17 pissing piss pee urine - lesbian watersports(2m14s).mpeg 16800104 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\2 girls peeing and shitting in diapers.avi 14363984 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Black Bad Girls 6 - [Part 2 of 2 - PORN - XXX].mpg 428210644 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Black Booty Cam 6 CD Brazilian Ass - Porno brasile_o (695 MB - 1h09').mpg 729765892 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\black girls - strap on - ebony lesbians 2.mpg 54434340 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Black porn star - Africa - Booty talk fat black ass & big tits mega fuck 1.mpg 191748100 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\c-k - Scat - Girl Getting Fucked while Shitting in Other's Girl Mouth.mpg 6287360 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\catfight with face sitting - good.mpeg 19144708 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Lesbian Scat Games [VCD,xxx,scat,piss,lesbian,shit-slave,shit-eating] 1.mpg 85573632 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Miko Lee - Spanish Gothic girls, fuck in black latex, leather & tattoos.mpg 158265348 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Miss Bizarre enema scat piss sex porn(1).mpg 7141380 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Onion Booty - Face sitting with Sara Jay [nc creamy big tits, wide hips, big ass].mpg 159140832 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\onion booty - nana xxx interracial big juicy rican ass.mpg 165738384 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Piss Scat Japan 2 Japanese girls anal dildo, shit eating, shit smearing, lesbian sex, bloody tampon.mpg 25149444 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Porn - Big Booty Black Girls - Girl works that Ass Out.mpg 2313715 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\PORN cum in ass smelly pussy, fart and eating fecal shell with Jamacan Face Hat...MUST HAVE.mpg 18740300 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Porno - Squirt - Xxx - gushers - female ejaculation - squirting pussy orgasm.mpg 29417102 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\See Her Squirt - Delilah Strong & Cytherea - Squirt & Creampie.mpg 63566048 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Shitting - Girl asks a new friend to be her toilet.mpeg 6762500 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\spanish chick - fat ass big titties - Porn-AllDatAzz 3.wmv 75165978 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Cum Fart Cocktails - Gia Paloma & Victoria Sin.mpg 98157424 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\DogFart Big Black Cock White Ass.mpg 136989587 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Eva Green - The Dreamers Nude Clip 2 Face Sitting.mpeg 3506920 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Extreme Japanese Scat - Post Enema Uro-Fecal Expulsion (1 Min 42 Sec Length Feature).mpg 10551300 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\f-f scat shitting in girl's mouth big one.mpg 2224132 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Faces of death - Girl Getting Fucked while Shitting in Other's Girl Mouth.mpg 6287360 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\faces of death- snuff extreme anal !!!HOLY SHIT!!! sex fuck.mpeg 1843200 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Facesitting_Domina in pink tanga-panty_big tit_ass-licking (Not any-pee-piss-urin or scat)_384x288mpeg(2) (1).mpg 26314652 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\College Girls Pooping 2 (scat) (Schwedischer Porno) (by Project Korea).avi 744989696 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\fart domination.wmv 1216228 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Kiss my Kaviar [VCD,xxx,scat,piss,lesbian,shit-slaves,shit-f.mpg 12295680 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Super Fat White girl with a huge ass Fucking -- Cake&Ice Cream BBW 09.mpg 65406636 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Scat - Blonde shitting and farting.MPG 6858756 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Scat - Brazilian Girls Eating Shit.mpg 6748164 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Scat - Girl alone - girls shitting -scato.mpg 7327748 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Scat - Girl Eating Shit From Another Girl's Ass.mpeg 2078724 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Scat - Japan - Two pretty Japanese girls into anal dildoe, enema, shit eating, shit smearing, lesbian sex, bloody tampon.mpeg 15232792 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Scat - Mistress & Slaves (1).mpg 7018500 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Scat - Shitting In A Girl Mouth Mov 02.mpg 7735300 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Scat Blowjob Vomit - Deep Throat Gag & Puke.mpg 32796618 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Scat mfx - 164 - 3 lesbian forced anal 2 lez,fetish,ass rimming,anus licking,pusmpg.mov 17748139 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Scat mfx - 164 - Ebony Lesbian, Chick Licks Friend s Ass MFX 164.mpg 96766502 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\scat shit poop german girl in bathroom standing.mpg 3706880 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Scat-3 Girls Shitting In 1 Girls Mouth.mpeg 7024644 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\FART FETISH - Brazilian girls farting!.mpeg 5201526 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Female Ejaculation - Gauge creampie - Kate - Best squirt cum closeup.mpg 38334544 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\FemDom - Face Sitting and Toe Sucking.mpg 7018500 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\huge tits perfect breasts big boobs holy shit they are big!!!.mpg 10981719 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Intoxicating phat ass brazilian teen from arizona pussy fucking sex.mpg 7655428 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\jap Scat - Japan - Two pretty Japanese girls into anal dildoe, enema, shit eating, shit smearing, lesbian sex, bloody tampon.mpg 62428594 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Thumbs.db 213504 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Thumbs.db:encryptable 0 bytes hidden from API
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Toilet - Pissing And Shitting outside.mpg 7528452 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\VOMIT PORN - Thee BEST vomit puke blowjob cum puke facial I have ever SEEN ... Queeny - Gag 'n' Puke (Messy).mpg 15693828 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Xxx - American - Scat in bathroom piss 1.mpg 20443576 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\XXX Kaviar on Blue Eyes (scat, piss, vomit,lesbian,shit-slave).mpg 35309600 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Downloads\Xxx Pisshit Scat Keviar Poo Merda Merde Kaviar Extreme) (36).avi 85226008 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\e Scat - Girls shitting while fucked in ass.mpg 240308572 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Facesitting01.wmv 1698690 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Facesitting02.wmv 1693290 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Spy cam catches 3 different girls shitting all over a public toilet - GREAT! (hidden cam, pee piss, shit, scat, HARD porn).mpg 66329284 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Thumbs.db 80384 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\Thumbs.db:encryptable 0 bytes hidden from API
C:\Documents and Settings\romain\Mes documents\My Lockbox\Morpheus Shared\whipped-ass1.mpeg 1198084 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Thumbs.db 81408 bytes
C:\Documents and Settings\romain\Mes documents\My Lockbox\Thumbs.db:encryptable 0 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 111


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%ProgramFiles%\\AOL 9.0\\aol.exe"="%ProgramFiles%\\AOL 9.0\\aol.exe:*:Enabled:AOL"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:Enabled:PANDORA"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\APPS\\Inventime\\my.exe"="C:\\APPS\\Inventime\\my.exe:*:Enabled:INVENTIME"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe:*:Enabled:WinDVD"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:Morpheus"
"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe"="C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe:*:Enabled:Active Virus Shield"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Proxomitron Naoko v4.5\\Proxomitron.exe"="C:\\Program Files\\Proxomitron Naoko v4.5\\Proxomitron.exe:*:Enabled:The Proxomitron"
"C:\\APPS\\skype\\phone\\Skype.exe"="C:\\APPS\\skype\\phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\romain\Bureau\sdfix\SDFix\backups\backups.zip

Files with Hidden Attributes:

Mon 14 Aug 2006 215 A.SHR --- "C:\BOOT.BAK"
Tue 31 May 2005 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Tue 31 May 2005 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Tue 31 May 2005 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Wed 22 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll"
Sun 26 Nov 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 1 Nov 2007 230,400 ..SHR --- "C:\WINDOWS\system32\??curity\l?ass.exe"
Tue 4 Dec 2007 72,704 ..SHR --- "C:\Documents and Settings\romain\Application Data\?racle\ping.exe"
Fri 21 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT3.tmp"
Tue 31 May 2005 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"

Finished!
0
rome901 Messages postés 6 Date d'inscription lundi 3 décembre 2007 Statut Membre Dernière intervention 7 décembre 2007
7 déc. 2007 à 01:36
rapport avec hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:35:56, on 07/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Program Files\Fichiers communs\YDP\UserAccessManager\useraccess.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\??curity\l?ass.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B8AEA819-67DE-3878-8B5A-4CE6028E0AE1} - C:\WINDOWS\system32\wmuicdj.dll (file missing)
O2 - BHO: (no name) - {B9A3AD4B-3288-3C2A-8F5A-4CE6028E0CB0} - C:\WINDOWS\system32\zovqbgh.dll (file missing)
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [horylyva] C:\Program Files\Internet Explorer\horylyva77798.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acmw] "C:\DOCUME~1\romain\APPLIC~1\RACLE~1\ping.exe" -vt yazb
O4 - HKCU\..\Run: [Rxk] C:\WINDOWS\system32\??curity\l?ass.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SIMUL8 Parallel Processor (SIMUL8Parallel) - SIMUL8 Corporation - C:\Program Files\SIMUL8\SIMUL8_ParallelSVC.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC (UserAccess) - Unknown owner - C:\Program Files\Fichiers communs\YDP\UserAccessManager\useraccess.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\profsydy.html
0
rudyrital Messages postés 6230 Date d'inscription lundi 14 novembre 2005 Statut Membre Dernière intervention 10 octobre 2009 131
7 déc. 2007 à 15:37
Télécharge combofix :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Double-clic sur combofix il vas te demander une question répond oui touche y puis attends que combofix soit fini il vas générer un rapport

Poste le sur le forum dans ta réponse


0
ComboFix 07-12-09.1 - romain 2007-12-10 10:59:05.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.586 [GMT 1:00]
Running from: C:\Documents and Settings\romain\Bureau\ComboFix.exe
* Created a new restore point
.
[i] ADS - svchost.exe: deleted 68 bytes in 1 streams. [/i]
[i] ADS - ntoskrnl.exe: deleted 68 bytes in 1 streams. [/i]

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\romain\Application Data\RACLE~1
C:\Documents and Settings\romain\Application Data\RACLE~1\?racle\
C:\Documents and Settings\romain\Application Data\RACLE~1\ping.exe
C:\Documents and Settings\romain\Menu Démarrer\Programmes\Outerinfo
C:\Documents and Settings\romain\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
C:\Documents and Settings\romain\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
C:\Program Files\internet explorer\iekey.dll
C:\WINDOWS\fnts~1
C:\WINDOWS\system32\curity~1
C:\WINDOWS\system32\curity~1\l?ass.exe
C:\WINDOWS\system32\wnsapiisv.exe

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-10 to 2007-12-10 ))))))))))))))))))))))))))))))))))))
.

2007-12-07 01:02 . 2007-12-07 01:02 <REP> d-------- C:\WINDOWS\ERUNT
2007-12-06 12:58 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-06 12:58 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-06 12:58 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-06 12:58 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-06 12:58 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-06 12:58 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-06 12:58 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-06 12:58 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-05 21:52 . 2004-08-05 13:00 17,920 --a------ C:\WINDOWS\system32\dllcache\tftp.exe
2007-12-05 09:39 . 2007-12-06 12:38 1,770 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-05 09:38 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-05 09:38 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-05 09:38 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-05 09:38 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-04 10:30 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-04 10:28 . 2007-12-04 12:19 <REP> d-------- C:\Program Files\Navilog1
2007-12-03 13:00 . 2007-12-03 13:00 <REP> d-------- C:\Program Files\Trend Micro
2007-11-29 22:17 . 2007-12-05 21:50 <REP> d-------- C:\Program Files\MSN Messenger
2007-11-27 17:41 . 2007-11-27 17:41 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-11-27 16:58 . 2007-11-27 17:43 <REP> d-------- C:\WINDOWS\rnapxs
2007-11-27 16:54 . 2007-11-27 17:45 <REP> d-------- C:\Program Files\F-Secure Internet Security
2007-11-26 21:57 . 2007-11-27 17:25 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-11-26 19:57 . 2007-11-26 19:57 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-11-25 22:01 . 2007-11-25 22:01 <REP> d-------- C:\VundoFix Backups
2007-11-19 23:30 . 2007-11-19 23:30 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-19 23:24 . 2007-12-03 12:58 <REP> d-------- C:\Program Files\Windows Live
2007-11-19 23:24 . 2007-11-19 23:27 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-19 23:24 . 2007-11-19 23:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-03 08:27 --------- d-----w C:\Program Files\eMule
2007-11-27 16:25 --------- d-----w C:\Program Files\Hijackthis Version Française
2007-11-26 12:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-25 10:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Micro Application
2007-10-17 10:51 --------- d-----w C:\Documents and Settings\romain\Application Data\MSNInstaller
2007-10-15 20:40 --------- d-----w C:\Program Files\Architecte 3D Platinum
2007-10-12 06:25 --------- d-----w C:\Program Files\CVitae
2007-05-17 16:08 2,874,926 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2007-05-17 16:07 25,990,392 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2006-11-02 17:46 323 ----a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B8AEA819-67DE-3878-8B5A-4CE6028E0AE1}]
C:\WINDOWS\system32\wmuicdj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9A3AD4B-3288-3C2A-8F5A-4CE6028E0CB0}]
C:\WINDOWS\system32\zovqbgh.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}"= C:\WINDOWS\system32\version69ie7fix.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e}]
[HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"Acmw"="C:\DOCUME~1\romain\APPLIC~1\RACLE~1\ping.exe" []
"Rxk"="C:\WINDOWS\system32\??curity\l?ass.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 16:28]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38]
"DXDllRegExe"="dxdllreg.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-14 18:01]
"horylyva"="C:\Program Files\Internet Explorer\horylyva77798.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-04-30 08:34]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= C:\Program Files\Windows NT\profsydy.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Smart Organizer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Smart Organizer.lnk
backup=C:\WINDOWS\pss\Smart Organizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^romain^Menu Démarrer^Programmes^Démarrage^Registration-Studio 8.lnk]
path=C:\Documents and Settings\romain\Menu Démarrer\Programmes\Démarrage\Registration-Studio 8.lnk
backup=C:\WINDOWS\pss\Registration-Studio 8.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-06-01 13:32 94208 --a------ C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cld2000.exe]
2007-02-22 21:37 3056128 --a------ C:\Program Files\Calendrier\Cld2000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-05 13:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DetectorApp]
2005-10-20 05:15 102400 --a------ C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flockbox]
C:\Program Files\My Lockbox\flockbox.exe /a

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]
2006-04-17 16:24 110592 --a------ C:\WINDOWS\ATK0100\HControl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-03-23 12:13 77824 --a------ C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-03-23 12:17 118784 --a------ C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-03-23 12:17 94208 --a------ C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe -scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 16:40 155648 --a------ C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2006-02-23 11:08 147456 --a------ c:\APPS\Powercinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio]
HDAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
1998-07-25 00:00 37376 --a------ C:\Program Files\Microsoft Money\System\reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
2005-11-17 08:51 975360 --------- C:\APPS\SMP\SmpSys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-06-03 02:52 36975 --a------ C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
2006-07-07 17:45 1052672 --a------ C:\Program Files\SuperCopier2\SuperCopier2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-05-12 13:36 774233 --a------ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS
S2 SIMUL8Parallel;SIMUL8 Parallel Processor;C:\Program Files\SIMUL8\SIMUL8_ParallelSVC.exe
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-10 10:00:02 C:\WINDOWS\Tasks\Extension de garantie.job"
- C:\APPS\SMP\PBCARNOT.EXE
"2007-09-08 09:44:28 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-12-10 10:00:03 C:\WINDOWS\Tasks\Master CD_DVD Creator.job"
- C:\Apps\SMP\MCDCHECK.EXE
"2006-11-01 16:00:59 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2006-11-01 16:00:59 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-12-10 09:47:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\romain\LOCALS~1\Temp\ighvolyv.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-10 11:03:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-10 11:05:10 - machine was rebooted
.
--- E O F ---
0
rudyrital Messages postés 6230 Date d'inscription lundi 14 novembre 2005 Statut Membre Dernière intervention 10 octobre 2009 131
13 déc. 2007 à 21:03
fait un scan ici
https://www.bitdefender.fr/

* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
* Dans la nouvelle fenêtre, clique sur j‘accepte
* Accepte le contrôle Active X et Installe le. Le scanner se charge
* La fenêtre change encore, clique sur ’cliquez ici pour scanner’
* Les signatures se chargent, etc.

tuto en image :
http://pageperso.aol.fr/rginformatique/mapage/defender.htm

copie colle le résultat ici
0
<HTML>
<HEAD>
<TITLE>BitDefender Online Scanner - Rapport d'analyse</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >


<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tr>
<td width="458">
<p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender Online Scanner</b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan="3" width="912">
<p><font face="Arial"><span style="font-size:11pt;"><B>Rapport d'analyse généré à: Sun, Dec 16, 2007 - 21:24:53</b></span></font></p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>Voie d'analyse: </b></span><span style="font-size:10pt;">C:\;D:\;</span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Statistiques</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Temps</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">01:18:37</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">385004</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Directoires</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">8890</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Secteurs de boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">3</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">7993</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Paquets programmes</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">90456</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>



<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Résultats</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Virus identifiés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">13</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers infectés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">91</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers suspects</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Avertissements</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Désinfectés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers effacés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">91</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Info sur les moteurs</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Définition virus</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">882509</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Version des moteurs</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse des plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">14</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archive des plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">38</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Unpack des plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">7</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">E-mail plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Système plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Paramètres d'analyse</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Première action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Seconde Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Heuristique</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Acceptez les avertissements</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Extensions analysées</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">*;</font></p>
</td>
</tr>

<tr>
<td width="57%">
<p><font face="Arial" size="2">Excludez les extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2"> </font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse d'emails</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse des Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyser paquets programmes</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse des fichiers</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse de boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td colspan=2>  
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="252" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Fichier analysé</b></font></p>
</td>
<td width="195" bgcolor="#CCCCCC" align="right">
<p align="left"><b><font size="2" face="Arial"> Statut</font></b></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\romain\Bureau\ccm\sdfix\SDFix\backups\backups.zip=>backups/WTUninstaller.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Agent.BUO</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\romain\Bureau\ccm\sdfix\SDFix\backups\backups.zip=>backups/WTUninstaller.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\romain\Bureau\ccm\sdfix\SDFix\backups\backups.zip=>backups/WTUninstaller.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\romain\Bureau\ccm\sdfix\SDFix\backups\backups.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\romain\Mes documents\romain ordi\logiciels\Videos photos\moviecsodecs1217.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: DeepScan:Generic.Zlob.7.1FED44BB</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\romain\Mes documents\romain ordi\logiciels\Videos photos\moviecsodecs1217.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\romain\Mes documents\romain ordi\logiciels\Videos photos\moviecsodecs1217.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/3d3t4t8n7l.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: MemScan:Trojan.Dialer.VUY</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/3d3t4t8n7l.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/8e9w3l6u1g1.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: MemScan:Trojan.Dialer.VUY</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/8e9w3l6u1g1.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/b138.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Agent.BHU</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/b138.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/b138.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/camg-77798.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Agent.ABLK</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/camg-77798.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/camg-77798.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/carlton</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: MemScan:Trojan.Dialer.VUY</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/carlton</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/ccSvcHst.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Backdoor.Sdbot.BNI</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/ccSvcHst.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/ccSvcHst.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/d8e9w3l6u1g1.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: MemScan:Trojan.Dialer.VUY</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/d8e9w3l6u1g1.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/Dance_dec_jpg.zip=>www.Dance_dec_jpg_Msn.com</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Backdoor.Sdbot.BNI</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/Dance_dec_jpg.zip=>www.Dance_dec_jpg_Msn.com</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/Dance_dec_jpg.zip=>www.Dance_dec_jpg_Msn.com</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/Dance_dec_jpg.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/mrofinu1148.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.DownLoader.Agent.YUV</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/mrofinu1148.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/mrofinu1148.exe.tmp</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.DownLoader.Agent.YUV</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/mrofinu1148.exe.tmp</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/msimn.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Downloader.JJFD</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/msimn.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/msimn.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/p6g7j3w2g3f5.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: MemScan:Trojan.Dialer.VUY</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/p6g7j3w2g3f5.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/party_jpg.zip=>www.party_jpg_Msn.com</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Downloader.JJFD</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/party_jpg.zip=>www.party_jpg_Msn.com</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/party_jpg.zip=>www.party_jpg_Msn.com</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/party_jpg.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/Yazzle1560OinAdmin.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Purityscan.EN</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/Yazzle1560OinAdmin.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip=>backup/Yazzle1560OinAdmin.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\MSN Messenger\MSNFix\05122007_21560456.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP165\A0083773.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: DeepScan:Generic.Zlob.7.1FED44BB</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP165\A0083773.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP165\A0083773.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP189\A0087122.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: MemScan:Trojan.Dialer.VUY</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP189\A0087122.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP189\A0087122.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP189\A0087131.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: MemScan:Trojan.Dialer.VUY</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP189\A0087131.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP189\A0087131.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP189\A0088141.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: MemScan:Trojan.Dialer.VUY</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP189\A0088141.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP189\A0088141.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP189\A0088305.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Agent.YUY</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP189\A0088305.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP189\A0088305.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP190\A0088767.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Agent.BHU</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP190\A0088767.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP190\A0088767.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP190\A0089202.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Agent.YUY</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP190\A0089202.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP190\A0089202.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP190\A0089204.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Agent.YUY</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP190\A0089204.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP190\A0089204.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP190\A0089511.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Agent.BUO</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP190\A0089511.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP190\A0089511.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP190\A0089572.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Agent.BHU</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP190\A0089572.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP190\A0089572.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP190\A0089585.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: MemScan:Trojan.Dialer.VUY</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{751238CC-
0
rudyrital Messages postés 6230 Date d'inscription lundi 14 novembre 2005 Statut Membre Dernière intervention 10 octobre 2009 131
17 déc. 2007 à 17:38
remet moi un nouveau log hijackthis,

ton rapport est illisible , tout a ete supprimer ???
0