VIRUS google Fermé

Question

Bonjour,

Voila mon probleme :

J'ai un virus qui me redirige vers une page publicitaire a chaque fois que je clique sur un lien de google quand j'ai fais une recherche. c'est assé voir 
tres embetant. et je voudrais savoir si vous aviez une solution s'il vous plait .

j'ai fais un scan hijackthis et un fixwareout

Voici les rapports 

HIJACK:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:28:28, on 15/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\windows\system32\msiexec.exe
C:\windows\system32
vsvc32.exe
C:\windows\system32\HPZipm12.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\wscntfy.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\windows\vVX3000.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\RTHDCPL.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66027
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1036
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: XBTP05231 Class - {031F120A-BBAF-45d8-B306-375F2A6B9398} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A944F455-E460-479C-85C2-FB165E5931AB} - C:\windows\system32\pmnno.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C9284271-BBEB-4D42-933D-D95E9F47D0A3} - C:\windows\system32\pmnonnOi.dll (file missing)
O2 - BHO: (no name) - {F9C44C0B-D269-4746-894B-912E3CE1CEE6} - (no file)
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [VX3000] C:\windows\vVX3000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Dart trust] C:\DOCUME~1\JULIEN~1\APPLIC~1\MP3GRE~1\ball inter bows.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKCU\..\Policies\Explorer\Run: [{3C52FB74-07DA-1036-1110-051026040021}] "C:\Program Files\Fichiers communs\{3C52FB74-07DA-1036-1110-051026040021}\Update.exe" mc-110-12-0000272
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\Julien²\Menu Démarrer\Programmes\CarbonPoker\CarbonPoker.lnk (HKCU)
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision                                                     - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - Z:\Program Files\NFS p\PB\PnkBstrA.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\windows\SYSTEM32\VundoFixSVC.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/JULIEN~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg
 
et FIXWAREOUT ;

Username "Juliený" - 15/09/2008 18:34:43 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Cache de résolution DNS vidé.


PC crashed or was not allowed to reboot.
 
~~~~~ Postrun check 
HKLM\SOFTWARE\~\Winlogon\ "System"="" 
....
....
~~~~~ Misc files. 
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe"
"WinampAgent"="C:\Program Files\Winamp\winampa.exe"
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe -minimize"
"Wspn"=""
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE"
"VX3000"="C:\windows\vVX3000.exe"
"SunJavaUpdateSched"="\"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe\""
"QuickTime Task"="\"C:\Program Files\QuickTime Alternative\qttask.exe\" -atboottime"
"ppmate"="C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay"
"LifeCam"="\"C:\Program Files\Microsoft LifeCam\LifeExp.exe\""
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot"
"avgnt"="\"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe\" /min"
"ZoneAlarm Client"="\"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe\""
"NvMediaCenter"="RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="\"c:\program files\steam\steam.exe\" -silent"
"Skype"="\"C:\Program Files\Skype\Phone\Skype.exe\" /nosplash /minimized"
"Dart trust"="C:\DOCUME~1\JULIEN~1\APPLIC~1\MP3GRE~1\ball inter bows.exe"
"DAEMON Tools"="\"C:\Program Files\DAEMON Tools\daemon.exe\" -lang 1033"
"ctfmon.exe"="C:\windows\system32\ctfmon.exe"
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

Destrio5 · Answer

Salut,

Important : Désactive TeaTimer, le résident de Spybot, il va gêner la désinfection en empêchant la modification des BHO.

--->  Démarre Spybot, clique sur Mode, coche Mode avancé
---> A gauche, clique sur Outils, puis sur Résident
--->  Décoche la case devant Résident "TeaTimer" :
http://apu.mabul.org/up/5/apu-5-gpdx9e06cwz2dypom2q7n6nc.jpg
--->  Quitte Spybot

Note : Je te conseille de ne pas le réactiver, il a été incapable d'empêcher l'infection de ton PC.

---> Télécharge Lop S&D sur ton Bureau
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
---> Double-clique dessus pour lancer l'installation
---> Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
---> Séléctionne la langue souhaitée, puis choisis l'option 1 (Recherche)
---> Patiente jusqu'à la fin du scan
---> Poste le rapport généré (C:\lopR.txt)

AmbrionX · Answer

Voila le rapport 
  
 -----------------------[  Lop S&D 4.1.0-6  XP/Vista  ]---------------------

   [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
   [ USER : Juliený ] [ "C:\Lop SD" ]
   [ 15/09/2008 | 20:33:38,37 ] [ PC : JULIEN ]
   [ MAJ : 02-04-2008 | 23:05 ]
 
   -------------[ Listing des dossiers dans Application Data ]------------  

   [15/04/2006|23:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\.
   [15/04/2006|23:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\..
   [15/04/2006|23:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
   [16/04/2006|12:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

   [13/09/2008|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
   [13/09/2008|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
   [28/04/2007|23:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.zreglib
   [17/04/2006|18:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\addr_file.html
   [21/04/2008|13:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [23/12/2006|14:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [05/04/2008|14:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
   [24/03/2008|20:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
   [15/04/2006|23:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
   [27/03/2008|21:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
   [25/05/2007|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
   [03/04/2007|14:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
   [13/09/2008|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
   [07/04/2008|13:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
   [02/09/2006|14:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
   [10/06/2008|22:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [14/08/2008|10:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
   [23/06/2006|11:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
   [27/12/2006|23:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1
View_Profiles
   [17/04/2006|18:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
   [16/06/2008|17:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
   [02/09/2008|01:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
   [24/03/2008|20:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
   [29/07/2007|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1	estownsphoneeach
   [25/05/2008|17:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TrackMania
   [04/03/2007|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
   [02/09/2006|21:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [21/03/2007|19:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
   [08/12/2007|18:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
   [01/03/2008|18:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller




   [05/02/2008|18:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
   [05/02/2008|18:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
   [15/04/2006|23:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
   [05/02/2008|18:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
   [16/04/2006|12:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft



   [13/09/2008|10:53] C:\DOCUME~1\JULIEN~1\APPLIC~1\.
   [13/09/2008|10:53] C:\DOCUME~1\JULIEN~1\APPLIC~1\..
   [22/05/2006|12:13] C:\DOCUME~1\JULIEN~1\APPLIC~1\.bittorrent
   [27/03/2008|21:57] C:\DOCUME~1\JULIEN~1\APPLIC~1\Adobe
   [10/05/2006|14:25] C:\DOCUME~1\JULIEN~1\APPLIC~1\AdobeUM
   [11/01/2008|19:21] C:\DOCUME~1\JULIEN~1\APPLIC~1\ALLCapture
   [10/02/2007|12:26] C:\DOCUME~1\JULIEN~1\APPLIC~1\Apple Computer
   [01/09/2008|13:23] C:\DOCUME~1\JULIEN~1\APPLIC~1\Azureus
   [19/07/2006|21:08] C:\DOCUME~1\JULIEN~1\APPLIC~1\Babylon
   [15/09/2006|23:09] C:\DOCUME~1\JULIEN~1\APPLIC~1\Bitdefender
   [26/04/2008|22:48] C:\DOCUME~1\JULIEN~1\APPLIC~1\CopyToDvd
   [08/09/2006|18:45] C:\DOCUME~1\JULIEN~1\APPLIC~1\Corel
   [02/07/2007|13:33] C:\DOCUME~1\JULIEN~1\APPLIC~1\DAEMON Tools Pro
   [03/05/2008|22:36] C:\DOCUME~1\JULIEN~1\APPLIC~1\depotfile.c2c
   [15/04/2006|23:20] C:\DOCUME~1\JULIEN~1\APPLIC~1\desktop.ini
   [22/08/2008|21:29] C:\DOCUME~1\JULIEN~1\APPLIC~1\DivX
   [28/04/2007|21:06] C:\DOCUME~1\JULIEN~1\APPLIC~1\dvdcss
   [23/05/2007|18:08] C:\DOCUME~1\JULIEN~1\APPLIC~1\FarStone
   [11/08/2006|00:31] C:\DOCUME~1\JULIEN~1\APPLIC~1\F-Secure
   [27/06/2008|13:48] C:\DOCUME~1\JULIEN~1\APPLIC~1\GanymedeNet
   [07/10/2007|17:43] C:\DOCUME~1\JULIEN~1\APPLIC~1\Google
   [14/11/2007|17:40] C:\DOCUME~1\JULIEN~1\APPLIC~1\Hamachi
   [01/11/2006|19:51] C:\DOCUME~1\JULIEN~1\APPLIC~1\Help
   [24/05/2007|22:40] C:\DOCUME~1\JULIEN~1\APPLIC~1\HP
   [15/05/2006|13:52] C:\DOCUME~1\JULIEN~1\APPLIC~1\ICQLite
   [16/04/2006|13:03] C:\DOCUME~1\JULIEN~1\APPLIC~1\Identities
   [26/04/2008|10:16] C:\DOCUME~1\JULIEN~1\APPLIC~1\InfraRecorder
   [26/04/2008|10:22] C:\DOCUME~1\JULIEN~1\APPLIC~1\inst.exe
   [18/05/2007|21:24] C:\DOCUME~1\JULIEN~1\APPLIC~1\InterTrust
   [11/08/2006|00:29] C:\DOCUME~1\JULIEN~1\APPLIC~1\ispnews
   [24/02/2007|16:01] C:\DOCUME~1\JULIEN~1\APPLIC~1\Jasc
   [14/10/2006|07:57] C:\DOCUME~1\JULIEN~1\APPLIC~1\La Bataille pour la Terre du Milieu T II
   [31/12/2006|17:43] C:\DOCUME~1\JULIEN~1\APPLIC~1\Lavasoft
   [18/04/2006|21:30] C:\DOCUME~1\JULIEN~1\APPLIC~1\Macromedia
   [09/04/2008|14:30] C:\DOCUME~1\JULIEN~1\APPLIC~1\MailFrontier
   [13/05/2006|13:46] C:\DOCUME~1\JULIEN~1\APPLIC~1\Media Player Classic
   [11/11/2007|14:31] C:\DOCUME~1\JULIEN~1\APPLIC~1\Microsoft
   [21/05/2006|12:11] C:\DOCUME~1\JULIEN~1\APPLIC~1\Morpheus
   [07/09/2008|12:28] C:\DOCUME~1\JULIEN~1\APPLIC~1\Mozilla
   [29/07/2007|11:54] C:\DOCUME~1\JULIEN~1\APPLIC~1\Mp3 Great Fast
   [23/06/2006|11:50] C:\DOCUME~1\JULIEN~1\APPLIC~1\MSN6
   [09/04/2008|14:00] C:\DOCUME~1\JULIEN~1\APPLIC~1\MySpace
   [27/12/2006|19:06] C:\DOCUME~1\JULIEN~1\APPLIC~1
View_Wallpaper
   [26/04/2008|10:22] C:\DOCUME~1\JULIEN~1\APPLIC~1\pcouffin.cat
   [26/04/2008|10:22] C:\DOCUME~1\JULIEN~1\APPLIC~1\pcouffin.inf
   [26/04/2008|10:22] C:\DOCUME~1\JULIEN~1\APPLIC~1\pcouffin.log
   [26/04/2008|10:22] C:\DOCUME~1\JULIEN~1\APPLIC~1\pcouffin.sys
   [31/12/2007|14:04] C:\DOCUME~1\JULIEN~1\APPLIC~1\PnkBstrK.sys
   [04/03/2007|20:10] C:\DOCUME~1\JULIEN~1\APPLIC~1\PPMate
   [24/07/2007|15:01] C:\DOCUME~1\JULIEN~1\APPLIC~1\Pro Cycling Manager 2007
   [13/05/2006|22:07] C:\DOCUME~1\JULIEN~1\APPLIC~1\Real
   [30/10/2006|15:31] C:\DOCUME~1\JULIEN~1\APPLIC~1\Screaming Bee
   [11/05/2007|19:52] C:\DOCUME~1\JULIEN~1\APPLIC~1\SecondLife
   [20/05/2007|11:58] C:\DOCUME~1\JULIEN~1\APPLIC~1\SecuROM
   [15/09/2008|19:52] C:\DOCUME~1\JULIEN~1\APPLIC~1\Skype
   [10/05/2008|20:30] C:\DOCUME~1\JULIEN~1\APPLIC~1\SopCast
   [21/04/2006|21:45] C:\DOCUME~1\JULIEN~1\APPLIC~1\Sun
   [09/11/2007|19:24] C:\DOCUME~1\JULIEN~1\APPLIC~1\SystemRequirementsLab
   [17/04/2006|18:05] C:\DOCUME~1\JULIEN~1\APPLIC~1\Talkback
   [26/03/2008|15:41] C:\DOCUME~1\JULIEN~1\APPLIC~1	eamspeak2
   [30/01/2008|22:59] C:\DOCUME~1\JULIEN~1\APPLIC~1\TVU Networks
   [06/12/2006|16:29] C:\DOCUME~1\JULIEN~1\APPLIC~1\Ulead Systems
   [22/11/2006|14:44] C:\DOCUME~1\JULIEN~1\APPLIC~1\Uniblue
   [21/04/2006|20:25] C:\DOCUME~1\JULIEN~1\APPLIC~1\vlc
   [02/05/2008|18:51] C:\DOCUME~1\JULIEN~1\APPLIC~1\Vso
   [03/04/2008|18:02] C:\DOCUME~1\JULIEN~1\APPLIC~1\WinPatrol
   [30/09/2007|15:03] C:\DOCUME~1\JULIEN~1\APPLIC~1\XnView

   [17/07/2007|09:45] C:\DOCUME~1\JULIEN~2\APPLIC~1\.
   [17/07/2007|09:45] C:\DOCUME~1\JULIEN~2\APPLIC~1\..
   [17/07/2007|09:45] C:\DOCUME~1\JULIEN~2\APPLIC~1\AdobeDLM.log
   [12/05/2007|18:23] C:\DOCUME~1\JULIEN~2\APPLIC~1\SecondLife


   [10/08/2006|19:34] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
   [10/08/2006|19:34] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
   [10/08/2006|19:34] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
   [10/08/2006|19:33] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [16/04/2006|13:02] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
   [16/04/2006|13:02] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
   [16/04/2006|12:47] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

 
   ----------------[ Tâches planifiées dans C:\windows	asks ]---------------

   [15/09/2008 20:15][--a------] C:\windows	asks\V‚rifier les mises … jour de Windows Live Toolbar.job
   [15/09/2008 18:40][--ah-----] C:\windows	asks\SA.DAT
   [30/08/2002 14:00][-r-h-----] C:\windows	asks\desktop.ini
 
   ---------------[ Listing des dossiers dans C:\Program Files ]--------------
 
   [14/09/2008|01:25] C:\Program Files\.
   [14/09/2008|01:25] C:\Program Files\..
   [09/11/2007|23:44] C:\Program Files\Active WebCam
   [27/03/2008|21:32] C:\Program Files\Adobe
   [17/04/2006|18:04] C:\Program Files\Ahead
   [13/02/2007|09:58] C:\Program Files\Alcohol Soft
   [16/09/2007|19:17] C:\Program Files\ALLCapture 2.0 Essai
   [16/09/2006|12:39] C:\Program Files\Alwil Software
   [01/09/2008|14:54] C:\Program Files\Anti Trojan Elite
   [21/05/2006|11:58] C:\Program Files\ANtsP2P
   [15/09/2008|00:25] C:\Program Files\a-squared Free
   [04/10/2006|15:09] C:\Program Files\ATP
   [13/09/2008|04:21] C:\Program Files\Attansic
   [17/03/2008|20:20] C:\Program Files\Audacity
   [16/03/2008|01:14] C:\Program Files\AV Vcs 4.0 DIAMOND
   [03/06/2007|17:37] C:\Program Files\AVI-GIF
   [05/04/2008|14:12] C:\Program Files\Avira
   [25/03/2008|21:13] C:\Program Files\Azureus
   [24/03/2008|20:04] C:\Program Files\bfgclient
   [03/04/2008|18:02] C:\Program Files\BillP Studios
   [27/03/2008|21:37] C:\Program Files\Bonjour
   [12/11/2006|18:16] C:\Program Files\CamStudio
   [11/01/2008|15:02] C:\Program Files\Capturino 1.4
   [22/11/2007|20:45] C:\Program Files\CarbonPoker
   [19/09/2006|19:42] C:\Program Files\CCleaner
   [27/05/2006|10:36] C:\Program Files\Common Files
   [03/09/2008|17:04] C:\Program Files\Condor
   [20/05/2007|15:30] C:\Program Files\CORAL_V2
   [06/12/2006|13:16] C:\Program Files\Correctif Explorer
   [09/12/2007|12:57] C:\Program Files\CyberQix
   [17/07/2007|14:10] C:\Program Files\DAEMON Tools
   [17/07/2007|14:10] C:\Program Files\DaemonTools_WhenUSave_Installer
   [22/05/2006|19:35] C:\Program Files\DAP
   [05/05/2007|20:07] C:\Program Files\directx
   [01/09/2008|14:52] C:\Program Files\DivX
   [04/03/2007|11:49] C:\Program Files\EA GAMES
   [31/05/2007|17:56] C:\Program Files\Electronic Arts
   [07/04/2008|13:23] C:\Program Files\eMule
   [22/02/2008|13:09] C:\Program Files\ffdsasetts.reg
   [22/02/2008|13:09] C:\Program Files\ffdssetts.reg
   [27/03/2008|21:20] C:\Program Files\Fichiers communs
   [30/10/2007|22:46] C:\Program Files\FMS
   [16/08/2007|10:32] C:\Program Files\Foxit Software
   [10/06/2007|15:16] C:\Program Files\FRAPSLOG.TXT
   [11/11/2007|19:13] C:\Program Files\FreebieSMS
   [21/10/2007|18:07] C:\Program Files\FS2004
   [01/11/2006|13:30] C:\Program Files\fs9 2006-11-01 12-30-54-71.bmp
   [01/11/2006|13:30] C:\Program Files\fs9 2006-11-01 12-30-59-51.bmp
   [22/03/2008|23:17] C:\Program Files\Full Tilt Poker
   [27/06/2008|13:46] C:\Program Files\Ganymede
   [21/10/2007|16:12] C:\Program Files\GetData
   [04/03/2007|11:59] C:\Program Files\GIMP-2.0
   [31/10/2006|23:13] C:\Program Files\GMixon
   [07/04/2008|17:11] C:\Program Files\Google
   [09/12/2006|17:17] C:\Program Files\Grisoft
   [13/02/2007|16:09] C:\Program Files\GUILD WARS
   [24/05/2007|22:44] C:\Program Files\HP
   [25/04/2008|11:30] C:\Program Files\HyCam2
   [05/09/2008|22:25] C:\Program Files\HyperLobbyPro3
   [15/05/2006|13:52] C:\Program Files\ICQLite
   [11/08/2006|11:05] C:\Program Files\Includes
   [13/09/2008|04:21] C:\Program Files\InstallShield Installation Information
   [13/09/2008|03:51] C:\Program Files\Intel
   [14/08/2008|10:11] C:\Program Files\Internet Explorer
   [11/06/2008|14:18] C:\Program Files\IVCsoft
   [24/02/2007|16:01] C:\Program Files\Jasc Software Inc
   [03/04/2007|11:14] C:\Program Files\Java
   [09/12/2006|17:24] C:\Program Files\jv16 PowerTools
   [03/12/2007|22:25] C:\Program Files\Lavalys
   [31/12/2006|17:43] C:\Program Files\Lavasoft
   [01/09/2008|12:05] C:\Program Files\LimeWire
   [01/09/2008|14:53] C:\Program Files\LimeWire Acceleration Patch
   [13/09/2008|10:53] C:\Program Files\ma-config.com
   [01/09/2008|18:41] C:\Program Files\Mastermax
   [17/04/2006|18:06] C:\Program Files\Media Player Classic
   [17/04/2006|18:14] C:\Program Files\Messenger
   [03/04/2008|17:54] C:\Program Files\Messenger Plus! Live
   [29/06/2006|14:44] C:\Program Files\MessengerPlus! 3
   [16/04/2006|12:48] C:\Program Files\microsoft frontpage
   [30/10/2007|14:15] C:\Program Files\Microsoft Games
   [18/06/2007|16:24] C:\Program Files\Microsoft LifeCam
   [02/05/2007|13:38] C:\Program Files\Microsoft Office
   [23/08/2008|09:59] C:\Program Files\Microsoft Silverlight
   [02/05/2007|13:38] C:\Program Files\Microsoft Visual Studio
   [02/05/2007|13:33] C:\Program Files\Microsoft Visual Studio 8
   [02/05/2007|13:39] C:\Program Files\Microsoft Works
   [02/05/2007|13:37] C:\Program Files\Microsoft.NET
   [25/11/2007|15:49] C:\Program Files\Movie Maker
   [18/08/2006|12:48] C:\Program Files\MOZILL~13
   [18/08/2006|12:50] C:\Program Files\MOZILL~16
   [15/09/2008|19:34] C:\Program Files\Mozilla Firefox
   [24/07/2007|20:00] C:\Program Files\Mp3 Great Fast
   [22/02/2008|13:09] C:\Program Files\mpc1.reg
   [22/02/2008|13:09] C:\Program Files\mpc2.reg
   [22/02/2008|13:09] C:\Program Files\mpc3.reg
   [22/02/2008|13:09] C:\Program Files\mpc4.reg
   [22/02/2008|13:09] C:\Program Files\mpc5.reg
   [22/02/2008|13:09] C:\Program Files\mpc6.reg
   [22/02/2008|13:09] C:\Program Files\mpc7.reg
   [02/05/2007|13:39] C:\Program Files\MSBuild
   [29/06/2006|16:22] C:\Program Files\MSN Games
   [16/04/2006|12:44] C:\Program Files\MSN Gaming Zone
   [03/04/2008|17:54] C:\Program Files\MSN Messenger
   [11/11/2006|23:50] C:\Program Files\MSN Webcam Recorder
   [01/05/2007|15:48] C:\Program Files\MSXML 4.0
   [10/04/2008|20:59] C:\Program Files\MySpace
   [30/06/2006|21:15] C:\Program Files\Netgear
   [17/04/2006|17:55] C:\Program Files\NetMeeting
   [17/04/2006|18:03] C:\Program Files\NVIDIA
   [08/06/2006|09:32] C:\Program Files\orange
   [03/03/2008|00:50] C:\Program Files\Outlook Express
   [17/04/2007|18:34] C:\Program Files\Paint.NET
   [12/08/2006|22:29] C:\Program Files\PhotoFiltre
   [08/10/2007|16:26] C:\Program Files\PowerISO
   [04/03/2007|20:09] C:\Program Files\PPMate
   [24/02/2007|09:28] C:\Program Files\PPStream
   [07/04/2008|17:33] C:\Program Files\PpStream Fr
   [23/12/2006|14:51] C:\Program Files\QuickTime Alternative
   [17/04/2006|18:06] C:\Program Files\Real Alternative
   [14/09/2008|02:00] C:\Program Files\Realtek
   [14/09/2008|01:25] C:\Program Files\Realtek AC97
   [17/03/2008|20:07] C:\Program Files\RM-X© Audio Capture
   [25/11/2007|16:43] C:\Program Files\RocketDock
   [14/06/2006|13:14] C:\Program Files\SAGEM
   [21/02/2008|23:05] C:\Program Files\Satsuki Decoder Pack
   [12/11/2006|18:10] C:\Program Files\Screen Recorder
   [06/12/2006|13:16] C:\Program Files\Services en ligne
   [17/11/2006|18:27] C:\Program Files\Skype
   [17/04/2006|18:06] C:\Program Files\SLD Codec Pack
   [17/07/2007|09:46] C:\Program Files\SlySoft
   [18/04/2007|14:40] C:\Program Files\SoftChris
   [15/09/2006|23:04] C:\Program Files\Softwin
   [16/06/2008|17:14] C:\Program Files\Sony Ericsson
   [04/10/2007|19:39] C:\Program Files\SopCast
   [27/11/2007|22:19] C:\Program Files\SplitCam
   [15/09/2008|17:23] C:\Program Files\Spybot - Search & Destroy
   [15/09/2008|18:42] C:\Program Files\Steam
   [13/01/2008|21:04] C:\Program Files\Strategy First
   [04/04/2007|22:45] C:\Program Files\SugarwareZ
   [01/09/2008|22:37] C:\Program Files\SystemRequirementsLab
   [05/05/2006|19:15] C:\Program Files\Teamspeak2_RC2
   [24/03/2008|20:04] C:\Program Files	emp01
   [19/03/2008|22:55] C:\Program Files\Thrustmaster
   [18/04/2008|17:35] C:\Program Files\TmNationsForever
   [05/04/2008|14:07] C:\Program Files\Trend Micro
   [19/03/2008|22:43] C:\Program Files\TVAnts
   [04/10/2007|19:29] C:\Program Files\TVUPlayer
   [26/01/2008|19:35] C:\Program Files\Ubi Soft
   [19/01/2008|13:12] C:\Program Files\Ubisoft
   [22/11/2006|14:44] C:\Program Files\Uniblue
   [21/05/2006|11:40] C:\Program Files\Uninstall Information
   [30/03/2008|16:53] C:\Program Files\Valve
   [21/04/2006|20:24] C:\Program Files\VideoLAN
   [26/04/2008|10:22] C:\Program Files\vso
   [24/05/2006|12:24] C:\Program Files\Winamp
   [11/06/2008|18:54] C:\Program Files\WinAVI MP4 Converter
   [08/12/2007|18:47] C:\Program Files\Windows Live
   [07/09/2008|16:22] C:\Program Files\Windows Live Safety Center
   [21/03/2007|19:24] C:\Program Files\Windows Live Toolbar
   [29/08/2006|23:21] C:\Program Files\Windows Media Components
   [02/03/2008|02:21] C:\Program Files\Windows Media Connect 2
   [02/03/2008|02:32] C:\Program Files\Windows Media Player
   [17/04/2006|17:55] C:\Program Files\Windows NT
   [17/04/2006|17:58] C:\Program Files\WindowsUpdate
   [03/06/2007|18:23] C:\Program Files\WinMPG VideoConvert
   [01/11/2006|19:51] C:\Program Files\WinRAR
   [16/04/2006|12:48] C:\Program Files\xerox
   [06/12/2006|13:15] C:\Program Files\Xfire
   [30/09/2007|14:59] C:\Program Files\XnView
   [07/04/2008|13:23] C:\Program Files\Yahoo!
   [21/05/2006|11:53] C:\Program Files\Zero G Registry
   [06/04/2008|17:08] C:\Program Files\Zone Labs
   [24/03/2008|20:06] C:\Program Files\Zuma Deluxe
  
   ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
   
   [27/03/2008|21:20] C:\Program Files\Fichiers communs\.
   [27/03/2008|21:20] C:\Program Files\Fichiers communs\..
   [10/08/2006|10:24] C:\Program Files\Fichiers communs\{3C52FB74-07DA-1036-1110-051026040021}
   [27/03/2008|21:36] C:\Program Files\Fichiers communs\Adobe
   [17/04/2006|18:04] C:\Program Files\Fichiers communs\Ahead
   [02/05/2007|13:38] C:\Program Files\Fichiers communs\DESIGNER
   [12/09/2006|17:53] C:\Program Files\Fichiers communs\GTK
   [08/09/2006|18:44] C:\Program Files\Fichiers communs\InstallShield
   [03/04/2007|14:08] C:\Program Files\Fichiers communs\InstallShield Shared
   [01/11/2006|17:44] C:\Program Files\Fichiers communs\Java
   [27/03/2008|21:20] C:\Program Files\Fichiers communs\Macrovision Shared
   [01/03/2008|18:19] C:\Program Files\Fichiers communs\Microsoft Shared
   [16/04/2006|12:46] C:\Program Files\Fichiers communs\MSSoap
   [02/05/2006|20:14] C:\Program Files\Fichiers communs\NSV
   [15/04/2006|23:21] C:\Program Files\Fichiers communs\ODBC
   [30/10/2006|15:28] C:\Program Files\Fichiers communs\Screaming Bee
   [16/04/2006|12:46] C:\Program Files\Fichiers communs\Services
   [15/09/2006|23:07] C:\Program Files\Fichiers communs\Softwin
   [15/04/2006|23:21] C:\Program Files\Fichiers communs\SpeechEngines
   [04/03/2007|20:09] C:\Program Files\Fichiers communs\Synacast
   [03/03/2008|00:50] C:\Program Files\Fichiers communs\System
   [01/03/2008|18:19] C:\Program Files\Fichiers communs\WindowsLiveInstaller

   ----------------------[ Recherche avec S_Lop ]---------------------

   Aucun fichier / dossier Lop trouvé ! 
 
   -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

   Aucun fichier / dossier Lop trouvé ! 
 
   ----------------------[ Verification du Registre ]----------------------
 
   ..... OK !

   --------------------[ Verification du fichier Hosts ]---------------------

   Fichier Hosts PROPRE


   ----------------[ Recherche de fichiers avec Catchme ]-----------------
 
   catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-09-15 20:35:25
   Windows 5.1.2600 Service Pack 2 NTFS
   scanning hidden files ...
   disk error: C:\windows\System32\
   please note that you need administrator rights to perform deep scan
 
   --------------------[ Recherche d'autres infections ]---------------------

   C:\windows\pack.epk
   C:\windows\system32\ugrtzuw_navps.dat  
   C:\windows\system32\ugrtzuw_nav.dat 
   C:\windows\system32\ugrtzuw.dat  
   [b]! EGDACCESS !/b
 
   C:\windows\system32\iOnnonmp.ini2 
   [b]! VUNDO Possible !/b
 

   /!\ [Fich:292][Doss:287] C:\DOCUME~1\JULIEN~1\LOCALS~1\Temp
   /!\ [Fich:75][Doss:0] C:\DOCUME~1\JULIEN~1\Cookies
   /!\ [Fich:36][Doss:25] C:\DOCUME~1\JULIEN~1\LOCALS~1\TEMPOR~1\content.IE5

   --------------------[ Fin du rapport a 20:35:29,03  ]----------------------

Destrio5 · Answer

Lop S&D n'a pas reconnu les dossiers Lop, j'ai contacté le créateur pour qu'il rajoute les dossiers infectés.

Fais ceci :

- Télécharge Navilog1 (de IL-MAFIOSO) et enregistre-le sur le bureau : 
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe 

- Double-clique sur Navilog1.exe afin de lancer l'installation

- Si le fix ne lance pas automatiquement après son installation, double-clique sur Navilog1 présent sur le bureau

- Appuie sur F ou f  puis valide par Entrée

- Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options

- Choisis l'option 1 et appuie sur la touche Entrée pour valider ton choix

- Patiente jusqu'au message : *** Analyse Termine le ..... ***

- Le scan fini, le bloc-notes contenant le rapport sera affiché, poste le contenu de ce rapport dans ta prochaine réponse

- Si le résultat du scan ne s'affiche pas, tu le trouveras dans C:\fixnavi.txt

N'utilise pas l'option 2, 3 et 4 sans notre accord, des fichiers légitimes peuvent être inclus dans ce scan.

AmbrionX · Answer

Search Navipromo version 3.6.5 commencé le 15/09/2008 à 21:44:13,28

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "Julien²" 

Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180 
Système de fichiers : 

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\windows" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Julien²\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\JULIEN~2\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\Julien²\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\Julien²\menudm~1\progra~1" *** 

...\WebMediaPlayer trouvé !

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" *** 


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Scan Catchme non réalisé.
Droits limités sur la session actuelle.

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\windows\system32" *

* Recherche dans "C:\Documents and Settings\Julien²\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 



*** Recherche fichiers *** 


C:\windows\pack.epk trouvé !

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé ! 

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\windows\system32" :

ugrtzuw.dat trouvé !
ugrtzuw_nav.dat trouvé !
ugrtzuw_navps.dat trouvé !

* Dans "C:\Documents and Settings\Julien²\locals~1\applic~1" : 


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" : 


3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\windows\system32\iOnnonmp.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 15/09/2008 à 21:44:44,00 ***

Destrio5 · Answer

---> Relance Navilog1, fais l'option 2 et poste le rapport