PC infecté par trojan Résolu

Question

Bonjour,
Je suis embêté par de fausses alertes sécurité windows qui s'ouvrent toutes les 5 minutes. J'ai repéré l'exécutable responsable (windows/system32/cxexavux.exe) mais je n'arrive pas à le supprimer. Quelqu'un pourrait-il m'aider SVP ? Merci

toptitbal · Answer

Bonjour

Télécharge le fichier d’installation d’Hijackthis en cliquant sur ce lien 

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

* Enregistre HJTInstall.exe sur ton bureau. 

* Double-clique sur HJTInstall.exe pour lancer le programme

Tuto : https://www.malekal.com/tutoriel-hijackthis/
	http://pagesperso-orange.fr/rginformatique/section%20virus/Hijenr.gif
	http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm

* Accepte la license en cliquant sur le bouton "I Accept"
* Choisis l'option "Do a system scan and save a log file"
* Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
* Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

* Colle le rapport que tu viens de copier sur ce forum

sonic43 · Answer

Voilà le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:42:41, on 06/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GRUNCRKF\GVADQXYD.EXE
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\PROGRA~1\SONY\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\DOCUME~1\LAUREN~1\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE
C:\WINDOWS\SYSTEM32\CXEXAVUX.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRAM FILES\DNA\BTDNA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Barre d'outils du menu Anti-fraude de Trend Micro - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Barre d'outils du menu Anti-fraude de Trend Micro - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\SONY\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE" /minimized
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\PROGRAM FILES\DNA\BTDNA.EXE"
O4 - HKCU\..\Run: [SetStrMsg] C:\WINDOWS\system32\cxexavux.exe
O4 - HKLM\..\Policies\Explorer\Run: [eUFe1nv2jZ] C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GRUNCRKF\GVADQXYD.EXE
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.fr/clients/ImageUploader3.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O21 - SSODL: CmdMsg - {2E5A65BB-B055-C0DD-0118-09975F2EE086} - C:\Program Files\uqbjlwd\CmdMsg.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcappcapd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1	mproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

RAZAPOLO · Answer

BONJOUR
TOPTITBAL JUSTE TE DIRE QUE TA REPONSE SUR LE FORUM MA AUSSI AIDé.
LA REPONSE CONCERNANT LES VIRUS INFORMATIQUE.

toptitbal · Answer

Télécharge Lop S&D.exe sur ton Bureau.

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2 

* Double-clique dessus pour lancer l'installation 
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau 
* Séléctionne la langue souhaitée, puis choisis l'option 1 (Recherche) 
* Patiente jusqu'à la fin du scan 
* Poste le rapport généré (C:\lopR.txt) 


Tutorial ( aide ) : http://bibou0007.com/outils-specifiques-f78/tuto-lop-sd-t956.htm

sonic43 · Answer

Merci de prendre du temps pout t'occuper de cette satanée bestiole. Voici le rapport :

   --------------------\  Lop S&D 4.2.4-5   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Multiprocessor Free :               Intel(R) Pentium(R) 4 CPU 3.00GHz )
   BIOS : Phoenix ROM BIOS PLUS Version 1.10 A03
   USER : Laurent EYRARD ( Administrator )
   BOOT : Normal boot
   Antivirus : Trend Micro PC-cillin Internet Security 14 14.00.1487 (Activated)
   Firewall  : Trend Micro PC-cillin Internet Security (Firewall) 14 (Not Activated)
   C:\ (Local Disk) - NTFS - Total : 228 Go Free : 147 Go
   D:\ (CD or DVD)
   E:\ (Local Disk) - FAT - Total : 0 Go Free : 0 Go
   F:\ (Local Disk) - FAT32 - Total : 4 Go Free : 1 Go
   G:\ (USB)
   H:\ (USB)
   I:\ (USB)
   J:\ (USB)
   K:\ (Local Disk) - NTFS - Total : 465 Go Free : 206 Go
   M:\ (CD or DVD)

   "C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
   Option : [1] ( 06/10/2008|17:52 )
 
   --------------------\  Listing des dossiers dans APPLIC~1  

   [22/01/2006|13:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\Corel
   [01/09/2005|08:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
   [01/09/2005|08:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
   [22/01/2006|13:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
   [24/06/2008|17:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Vso
   [22/01/2006|13:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver

   [12/04/2007|22:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems
   [27/08/2008|21:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [27/01/2006|21:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
   [17/05/2006|11:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
   [05/06/2008|18:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
   [05/06/2008|18:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [04/09/2008|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
   [15/09/2008|14:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\cfgapien
   [01/10/2008|17:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CfgSrvEn
   [24/06/2008|17:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Citrix
   [22/01/2006|13:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative Labs
   [25/01/2006|22:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Dell Photo Printer 720
   [26/12/2006|23:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
   [18/09/2006|18:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
   [23/08/2008|00:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
   [05/10/2008|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\gruncrkf
   [22/01/2006|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
   [23/06/2008|22:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
   [23/08/2008|09:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [22/01/2006|13:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
   [17/05/2006|11:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
   [17/05/2006|11:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com Personal Firewall
   [29/09/2008|16:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [23/09/2008|22:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
   [17/05/2006|11:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MVTLogs
   [27/08/2008|21:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
   [06/05/2006|16:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
   [22/01/2006|13:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
   [10/06/2006|17:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
   [29/08/2008|11:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
   [22/01/2006|13:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
   [27/01/2006|23:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

   [29/09/2008|15:40] C:\DOCUME~1\Damien\APPLIC~1\Adobe
   [02/10/2008|14:31] C:\DOCUME~1\Damien\APPLIC~1\Apple Computer
   [06/10/2008|07:29] C:\DOCUME~1\Damien\APPLIC~1\BitTorrent
   [22/01/2006|13:27] C:\DOCUME~1\Damien\APPLIC~1\Corel
   [06/10/2008|00:54] C:\DOCUME~1\Damien\APPLIC~1\EPSON
   [29/09/2008|16:08] C:\DOCUME~1\Damien\APPLIC~1\Google
   [29/09/2008|13:19] C:\DOCUME~1\Damien\APPLIC~1\Grisoft
   [01/09/2005|08:25] C:\DOCUME~1\Damien\APPLIC~1\Identities
   [29/09/2008|15:40] C:\DOCUME~1\Damien\APPLIC~1\Macromedia
   [05/10/2008|19:36] C:\DOCUME~1\Damien\APPLIC~1\Microsoft
   [29/09/2008|13:24] C:\DOCUME~1\Damien\APPLIC~1\Mozilla
   [29/09/2008|13:19] C:\DOCUME~1\Damien\APPLIC~1\Real
   [22/01/2006|13:15] C:\DOCUME~1\Damien\APPLIC~1\Sun
   [29/09/2008|16:34] C:\DOCUME~1\Damien\APPLIC~1\vlc
   [22/01/2006|13:26] C:\DOCUME~1\Damien\APPLIC~1\You've Got Pictures Screensaver

   [22/01/2006|13:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Corel
   [01/09/2005|08:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
   [01/09/2005|08:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
   [22/01/2006|13:15] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
   [22/01/2006|13:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

   [15/09/2008|17:33] C:\DOCUME~1\INVIT~1\APPLIC~1\Adobe
   [22/01/2006|13:27] C:\DOCUME~1\INVIT~1\APPLIC~1\Corel
   [15/09/2008|14:32] C:\DOCUME~1\INVIT~1\APPLIC~1\EPSON
   [15/09/2008|14:33] C:\DOCUME~1\INVIT~1\APPLIC~1\Grisoft
   [01/09/2005|08:25] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities
   [15/09/2008|14:38] C:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia
   [23/09/2008|16:20] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft
   [15/09/2008|14:34] C:\DOCUME~1\INVIT~1\APPLIC~1\Mozilla
   [19/03/2007|18:51] C:\DOCUME~1\INVIT~1\APPLIC~1\Real
   [22/01/2006|13:15] C:\DOCUME~1\INVIT~1\APPLIC~1\Sun
   [25/09/2008|11:31] C:\DOCUME~1\INVIT~1\APPLIC~1\vlc
   [22/01/2006|13:26] C:\DOCUME~1\INVIT~1\APPLIC~1\You've Got Pictures Screensaver

   [12/04/2007|22:57] C:\DOCUME~1\LAUREN~1\APPLIC~1\ACD Systems
   [07/09/2008|18:36] C:\DOCUME~1\LAUREN~1\APPLIC~1\Adobe
   [01/05/2006|18:54] C:\DOCUME~1\LAUREN~1\APPLIC~1\Ahead
   [09/04/2007|17:18] C:\DOCUME~1\LAUREN~1\APPLIC~1\Apple Computer
   [06/09/2008|12:21] C:\DOCUME~1\LAUREN~1\APPLIC~1\ArcSoft
   [24/09/2008|23:42] C:\DOCUME~1\LAUREN~1\APPLIC~1\BitTorrent
   [13/01/2008|11:45] C:\DOCUME~1\LAUREN~1\APPLIC~1\BSplayer
   [12/01/2008|19:03] C:\DOCUME~1\LAUREN~1\APPLIC~1\BSplayer Pro
   [19/09/2008|00:17] C:\DOCUME~1\LAUREN~1\APPLIC~1\CopyToDvd
   [27/01/2006|22:56] C:\DOCUME~1\LAUREN~1\APPLIC~1\Corel Photo Album
   [24/05/2006|13:36] C:\DOCUME~1\LAUREN~1\APPLIC~1\Creative
   [15/09/2008|20:18] C:\DOCUME~1\LAUREN~1\APPLIC~1\DAEMON Tools
   [06/10/2008|17:48] C:\DOCUME~1\LAUREN~1\APPLIC~1\DNA
   [24/06/2008|20:39] C:\DOCUME~1\LAUREN~1\APPLIC~1\dvdcss
   [06/09/2008|12:10] C:\DOCUME~1\LAUREN~1\APPLIC~1\EPSON
   [12/01/2008|12:46] C:\DOCUME~1\LAUREN~1\APPLIC~1\FMZilla
   [11/05/2006|22:23] C:\DOCUME~1\LAUREN~1\APPLIC~1\Google
   [06/10/2008|14:30] C:\DOCUME~1\LAUREN~1\APPLIC~1\GrabIt
   [23/08/2008|00:46] C:\DOCUME~1\LAUREN~1\APPLIC~1\Grisoft
   [27/01/2006|23:21] C:\DOCUME~1\LAUREN~1\APPLIC~1\Help
   [01/09/2005|08:25] C:\DOCUME~1\LAUREN~1\APPLIC~1\Identities
   [19/10/2007|17:15] C:\DOCUME~1\LAUREN~1\APPLIC~1\InstallShield
   [11/02/2006|15:34] C:\DOCUME~1\LAUREN~1\APPLIC~1\Leadertech
   [25/01/2006|22:45] C:\DOCUME~1\LAUREN~1\APPLIC~1\Macromedia
   [23/08/2008|09:39] C:\DOCUME~1\LAUREN~1\APPLIC~1\Malwarebytes
   [17/05/2006|11:51] C:\DOCUME~1\LAUREN~1\APPLIC~1\McAfee.com Personal Firewall
   [17/09/2008|15:13] C:\DOCUME~1\LAUREN~1\APPLIC~1\Microsoft
   [19/06/2008|17:33] C:\DOCUME~1\LAUREN~1\APPLIC~1\Mozilla
   [16/07/2006|19:51] C:\DOCUME~1\LAUREN~1\APPLIC~1\MSNInstaller
   [10/09/2008|22:02] C:\DOCUME~1\LAUREN~1\APPLIC~1\OpenOffice.org2
   [17/08/2008|20:57] C:\DOCUME~1\LAUREN~1\APPLIC~1\Real
   [28/05/2008|18:26] C:\DOCUME~1\LAUREN~1\APPLIC~1\Sonic
   [10/06/2006|17:44] C:\DOCUME~1\LAUREN~1\APPLIC~1\Sony Corporation
   [22/01/2006|13:15] C:\DOCUME~1\LAUREN~1\APPLIC~1\Sun
   [28/01/2006|21:56] C:\DOCUME~1\LAUREN~1\APPLIC~1\Template
   [02/01/2007|13:32] C:\DOCUME~1\LAUREN~1\APPLIC~1\U3
   [03/10/2008|15:32] C:\DOCUME~1\LAUREN~1\APPLIC~1\vlc
   [19/09/2008|00:17] C:\DOCUME~1\LAUREN~1\APPLIC~1\Vso
   [08/07/2007|16:02] C:\DOCUME~1\LAUREN~1\APPLIC~1\XnView
   [22/01/2006|13:26] C:\DOCUME~1\LAUREN~1\APPLIC~1\You've Got Pictures Screensaver

   [17/05/2006|11:49] C:\DOCUME~1\LOCALS~1\APPLIC~1\McAfee.com Personal Firewall
   [26/12/2006|11:29] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
   [22/05/2006|22:23] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla

   [16/04/2008|22:55] C:\DOCUME~1\MARIAE~1\APPLIC~1\Adobe
   [22/01/2006|13:27] C:\DOCUME~1\MARIAE~1\APPLIC~1\Corel
   [19/03/2007|19:02] C:\DOCUME~1\MARIAE~1\APPLIC~1\Google
   [23/08/2008|08:45] C:\DOCUME~1\MARIAE~1\APPLIC~1\Grisoft
   [01/09/2005|08:25] C:\DOCUME~1\MARIAE~1\APPLIC~1\Identities
   [29/09/2007|17:50] C:\DOCUME~1\MARIAE~1\APPLIC~1\Macromedia
   [16/04/2008|23:09] C:\DOCUME~1\MARIAE~1\APPLIC~1\Microsoft
   [29/09/2007|09:37] C:\DOCUME~1\MARIAE~1\APPLIC~1\Mozilla
   [19/03/2007|18:57] C:\DOCUME~1\MARIAE~1\APPLIC~1\Real
   [22/01/2006|13:15] C:\DOCUME~1\MARIAE~1\APPLIC~1\Sun
   [22/01/2006|13:26] C:\DOCUME~1\MARIAE~1\APPLIC~1\You've Got Pictures Screensaver

   [01/09/2005|08:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [01/10/2008 14:26][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [03/10/2008 18:30][--a------] C:\WINDOWS	asks\Recherche de virus de McAfee.com - Mon ordinateur (BUREAU-Laurent EYRARD).job
   [27/01/2006 00:45][---------] C:\WINDOWS	asks\Rappel d'abonnement 1 auprŠs de l'ISP.job
   [06/10/2008 13:27][--ah-----] C:\WINDOWS	asks\SA.DAT
   [10/08/2004 14:00][-r-h-----] C:\WINDOWS	asks\desktop.ini

   --------------------\  Listing des dossiers dans C:\Program Files

   [18/11/2006|20:16] C:\Program Files\2BrightSparks
   [06/09/2008|11:47] C:\Program Files\ABBYY FineReader 6.0 Sprint
   [26/04/2007|13:20] C:\Program Files\ACD Systems
   [27/08/2008|21:34] C:\Program Files\Adobe
   [29/09/2008|16:16] C:\Program Files\adslTV
   [25/06/2008|10:59] C:\Program Files\Ahead
   [05/06/2008|18:46] C:\Program Files\Apple Software Update
   [06/09/2008|11:45] C:\Program Files\ArcSoft
   [24/12/2006|16:27] C:\Program Files\AviSynth 2.5
   [24/09/2008|17:53] C:\Program Files\BitTorrent
   [04/09/2008|17:45] C:\Program Files\Canon
   [04/09/2008|17:34] C:\Program Files\CanonBJ
   [25/10/2007|17:32] C:\Program Files\cbgeo
   [18/11/2006|19:32] C:\Program Files\CCleaner
   [24/06/2008|17:21] C:\Program Files\Citrix
   [11/09/2008|16:41] C:\Program Files\ColiPoste
   [26/12/2006|13:54] C:\Program Files\Combined Community Codec Pack
   [09/03/2006|20:08] C:\Program Files\Common Files
   [18/11/2006|20:09] C:\Program Files\Corel
   [18/11/2006|20:08] C:\Program Files\Creative
   [15/09/2008|20:22] C:\Program Files\DAEMON Tools Lite
   [26/09/2007|10:33] C:\Program Files\Dell
   [25/01/2006|22:27] C:\Program Files\Dell Photo Printer 720
   [24/09/2008|17:52] C:\Program Files\DNA
   [02/09/2008|00:22] C:\Program Files\EasyScan
   [06/09/2008|11:47] C:\Program Files\epson
   [16/10/2007|20:03] C:\Program Files\eRightSoft
   [28/01/2006|23:30] C:\Program Files\Euromat
   [17/05/2007|15:33] C:\Program Files\Exact Audio Copy
   [27/08/2008|21:33] C:\Program Files\Ex‚cutables
   [15/09/2008|20:37] C:\Program Files\Fichiers communs
   [18/08/2007|18:31] C:\Program Files\FileZilla
   [18/11/2006|20:10] C:\Program Files\FpTest
   [14/01/2008|19:22] C:\Program Files\Free Music Zilla
   [02/11/2006|17:51] C:\Program Files\Freeplayer
   [01/09/2005|08:27] C:\Program Files\FrenchOtto
   [01/09/2005|08:27] C:\Program Files\GemMasterFrench
   [06/11/2007|10:14] C:\Program Files\Google
   [17/05/2006|12:33] C:\Program Files\grab153_vf
   [26/12/2007|11:39] C:\Program Files\GrabIt
   [23/08/2008|00:46] C:\Program Files\Grisoft
   [23/09/2008|01:31] C:\Program Files\GUILD WARS
   [22/09/2008|17:01] C:\Program Files\HomePlayer
   [21/02/2008|11:31] C:\Program Files\HomePlayer1.5.4
   [28/01/2006|10:08] C:\Program Files\HP
   [03/01/2008|13:45] C:\Program Files\IncrediMail
   [03/10/2008|00:46] C:\Program Files\InstallShield Installation Information
   [22/01/2006|13:21] C:\Program Files\Intel
   [22/01/2006|13:21] C:\Program Files\InterActual
   [12/08/2008|22:01] C:\Program Files\Internet Explorer
   [21/03/2007|19:06] C:\Program Files\iTunes
   [01/09/2008|19:56] C:\Program Files\Java
   [21/05/2006|23:14] C:\Program Files\Le Nouveau Littr‚
   [23/06/2008|22:11] C:\Program Files\ma-config.com
   [23/08/2008|09:39] C:\Program Files\Malwarebytes' Anti-Malware
   [24/05/2006|13:53] C:\Program Files\Matroska Playback Pack
   [23/09/2008|17:04] C:\Program Files\Messenger
   [03/10/2008|00:46] C:\Program Files\Micro Application
   [01/09/2005|08:18] C:\Program Files\microsoft frontpage
   [27/01/2006|21:09] C:\Program Files\Microsoft Money
   [15/09/2008|20:38] C:\Program Files\Microsoft Office
   [15/09/2008|20:37] C:\Program Files\Microsoft Visual Studio
   [15/09/2008|20:38] C:\Program Files\Microsoft Works
   [15/09/2008|20:34] C:\Program Files\Microsoft.NET
   [23/09/2008|16:59] C:\Program Files\Movie Maker
   [06/10/2008|17:23] C:\Program Files\Mozilla Firefox
   [16/07/2006|19:50] C:\Program Files\MSN
   [01/09/2005|08:12] C:\Program Files\MSN Gaming Zone
   [29/09/2008|16:08] C:\Program Files\MSN Messenger
   [17/11/2006|18:46] C:\Program Files\MSXML 4.0
   [22/01/2006|13:27] C:\Program Files\MyWaySA
   [23/09/2008|16:53] C:\Program Files\NetMeeting
   [27/08/2008|21:58] C:\Program Files\NOS
   [01/09/2005|08:13] C:\Program Files\Online Services
   [17/03/2007|15:33] C:\Program Files\OpenOffice.org 2.1
   [17/03/2007|15:33] C:\Program Files\OpenOffice.org 2.1 Installation Files
   [23/09/2008|16:53] C:\Program Files\Outlook Express
   [10/01/2007|18:02] C:\Program Files\PDF2W
   [23/09/2008|16:34] C:\Program Files\PDFCreator
   [20/03/2007|21:02] C:\Program Files\PhotoBox
   [31/05/2008|10:36] C:\Program Files\Picasa2
   [08/07/2007|16:45] C:\Program Files\PixRecovery
   [17/05/2006|11:51] C:\Program Files\Pochette Express 2
   [17/01/2007|16:17] C:\Program Files\QuickPar
   [05/06/2008|18:48] C:\Program Files\QuickTime
   [23/08/2006|16:37] C:\Program Files\Radio net FR
   [22/01/2006|13:26] C:\Program Files\Real
   [27/12/2006|00:02] C:\Program Files\Rippackv3
   [25/06/2008|10:25] C:\Program Files\Roxio
   [01/09/2005|08:15] C:\Program Files\Services en ligne
   [23/08/2006|16:36] C:\Program Files\Setup_RnetFR
   [22/01/2006|13:19] C:\Program Files\Sigmatel
   [22/01/2006|13:29] C:\Program Files\Sonic
   [10/06/2006|17:09] C:\Program Files\Sony
   [10/06/2006|17:09] C:\Program Files\Sony Corporation
   [05/10/2008|23:37] C:\Program Files\Spybot - Search & Destroy
   [28/01/2006|22:34] C:\Program Files\TLC-EDUSOFT
   [27/01/2006|21:24] C:\Program Files\Trellix2
   [06/10/2008|17:42] C:\Program Files\Trend Micro
   [05/12/2006|14:58] C:\Program Files\Uninstall Information
   [05/10/2008|19:20] C:\Program Files\uqbjlwd
   [29/09/2008|16:17] C:\Program Files\VideoLAN
   [13/04/2007|11:43] C:\Program Files\Viewpoint
   [25/06/2008|15:47] C:\Program Files\VSO
   [12/01/2008|19:03] C:\Program Files\Webteh
   [22/09/2007|11:55] C:\Program Files\Western Digital Technologies
   [26/12/2006|11:20] C:\Program Files\Windows Media Connect 2
   [26/12/2006|11:21] C:\Program Files\Windows Media Player
   [23/09/2008|16:53] C:\Program Files\Windows NT
   [01/09/2005|08:12] C:\Program Files\Windows Plus
   [26/10/2006|18:45] C:\Program Files\WinPcap
   [16/05/2007|16:01] C:\Program Files\WinRAR
   [26/04/2007|21:52] C:\Program Files\winstars
   [01/09/2005|08:18] C:\Program Files\xerox
   [17/05/2006|11:52] C:\Program Files\Yahoo!
   [24/06/2008|20:39] C:\Program Files\Zoom Player

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [21/05/2007|18:12] C:\Program Files\Fichiers communs\ACD Systems
   [27/08/2008|21:34] C:\Program Files\Fichiers communs\Adobe
   [25/06/2008|10:59] C:\Program Files\Fichiers communs\Ahead
   [17/05/2006|11:50] C:\Program Files\Fichiers communs\AOL
   [06/09/2008|11:45] C:\Program Files\Fichiers communs\ArcSoft
   [22/01/2006|13:21] C:\Program Files\Fichiers communs\Creative Labs Shared
   [15/09/2008|20:37] C:\Program Files\Fichiers communs\DESIGNER
   [27/01/2006|21:23] C:\Program Files\Fichiers communs\FotoNation
   [22/01/2006|13:26] C:\Program Files\Fichiers communs\InstallShield
   [22/01/2006|13:15] C:\Program Files\Fichiers communs\Java
   [17/09/2008|22:05] C:\Program Files\Fichiers communs\Microsoft Shared
   [01/09/2005|08:15] C:\Program Files\Fichiers communs\MSSoap
   [27/01/2006|21:15] C:\Program Files\Fichiers communs\Nero
   [22/01/2006|13:26] C:\Program Files\Fichiers communs\Nullsoft
   [05/06/2006|23:08] C:\Program Files\Fichiers communs\ODBC
   [20/08/2008|07:47] C:\Program Files\Fichiers communs\Real
   [22/01/2006|13:21] C:\Program Files\Fichiers communs\Roxio Shared
   [01/09/2005|08:15] C:\Program Files\Fichiers communs\Services
   [25/06/2008|10:25] C:\Program Files\Fichiers communs\Sonic Shared
   [10/06/2006|17:09] C:\Program Files\Fichiers communs\Sony Shared
   [01/09/2005|08:08] C:\Program Files\Fichiers communs\SpeechEngines
   [02/01/2007|13:33] C:\Program Files\Fichiers communs\SWF Studio
   [23/09/2008|16:53] C:\Program Files\Fichiers communs\System
   [20/08/2008|07:48] C:\Program Files\Fichiers communs\xing shared

   --------------------\  Process

   ( 60 Processes )

   IEXPLORE.EXE ~ [PID:2344]

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   disk not found C:\
   please note that you need administrator rights to perform deep scan
 
   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !

   [F:5][D:1]-> C:\DOCUME~1\LAUREN~1\LOCALS~1\Temp
   [F:6][D:0]-> C:\DOCUME~1\LAUREN~1\Cookies
   [F:185][D:4]-> C:\DOCUME~1\LAUREN~1\LOCALS~1\TEMPOR~1\content.IE5

   1 - "C:\Lop SD\LopR_1.txt" - 06/10/2008|17:54 - Option : [1]

   --------------------\  Fin du rapport a 17:54:48

toptitbal · Answer

Relance Lop S&D 


* Choisis cette fois ci l'Option 2 (Suppression) 
* Ne ferme pas la fenêtre lors de la suppression ! 
* Poste le rapport généré (C:\lopR.txt)

sonic43 · Answer

Voilà le rapport : (j'ai actuellement une de ces satanées fenêtres à l'écran)

   --------------------\  Lop S&D 4.2.4-5   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Multiprocessor Free :               Intel(R) Pentium(R) 4 CPU 3.00GHz )
   BIOS : Phoenix ROM BIOS PLUS Version 1.10 A03
   USER : Laurent EYRARD ( Administrator )
   BOOT : Normal boot
   Antivirus : Trend Micro PC-cillin Internet Security 14 14.00.1487 (Activated)
   Firewall  : Trend Micro PC-cillin Internet Security (Firewall) 14 (Not Activated)
   C:\ (Local Disk) - NTFS - Total : 228 Go Free : 147 Go
   D:\ (CD or DVD)
   E:\ (Local Disk) - FAT - Total : 0 Go Free : 0 Go
   F:\ (Local Disk) - FAT32 - Total : 4 Go Free : 1 Go
   G:\ (USB)
   H:\ (USB)
   I:\ (USB)
   J:\ (USB)
   K:\ (Local Disk) - NTFS - Total : 465 Go Free : 206 Go
   M:\ (CD or DVD)

   "C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
   Option : [2] ( 06/10/2008|18:06 )

 
   \\\\\\\\\\\\\\\ 

   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
 
   \\\\\\\\\\\\\\\

 
   --------------------\  Listing des dossiers dans APPLIC~1  

   [22/01/2006|13:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\Corel
   [01/09/2005|08:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
   [01/09/2005|08:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
   [22/01/2006|13:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
   [24/06/2008|17:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Vso
   [22/01/2006|13:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver

   [12/04/2007|22:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems
   [27/08/2008|21:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [27/01/2006|21:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
   [17/05/2006|11:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
   [05/06/2008|18:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
   [05/06/2008|18:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [04/09/2008|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
   [15/09/2008|14:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\cfgapien
   [01/10/2008|17:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CfgSrvEn
   [24/06/2008|17:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Citrix
   [22/01/2006|13:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative Labs
   [25/01/2006|22:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Dell Photo Printer 720
   [26/12/2006|23:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
   [18/09/2006|18:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
   [23/08/2008|00:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
   [05/10/2008|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\gruncrkf
   [22/01/2006|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
   [23/06/2008|22:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
   [23/08/2008|09:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [22/01/2006|13:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
   [17/05/2006|11:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
   [17/05/2006|11:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com Personal Firewall
   [29/09/2008|16:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [23/09/2008|22:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
   [17/05/2006|11:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MVTLogs
   [27/08/2008|21:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
   [06/05/2006|16:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
   [22/01/2006|13:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
   [10/06/2006|17:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
   [29/08/2008|11:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
   [27/01/2006|23:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

   [29/09/2008|15:40] C:\DOCUME~1\Damien\APPLIC~1\Adobe
   [02/10/2008|14:31] C:\DOCUME~1\Damien\APPLIC~1\Apple Computer
   [06/10/2008|07:29] C:\DOCUME~1\Damien\APPLIC~1\BitTorrent
   [22/01/2006|13:27] C:\DOCUME~1\Damien\APPLIC~1\Corel
   [06/10/2008|00:54] C:\DOCUME~1\Damien\APPLIC~1\EPSON
   [29/09/2008|16:08] C:\DOCUME~1\Damien\APPLIC~1\Google
   [29/09/2008|13:19] C:\DOCUME~1\Damien\APPLIC~1\Grisoft
   [01/09/2005|08:25] C:\DOCUME~1\Damien\APPLIC~1\Identities
   [29/09/2008|15:40] C:\DOCUME~1\Damien\APPLIC~1\Macromedia
   [05/10/2008|19:36] C:\DOCUME~1\Damien\APPLIC~1\Microsoft
   [29/09/2008|13:24] C:\DOCUME~1\Damien\APPLIC~1\Mozilla
   [29/09/2008|13:19] C:\DOCUME~1\Damien\APPLIC~1\Real
   [22/01/2006|13:15] C:\DOCUME~1\Damien\APPLIC~1\Sun
   [29/09/2008|16:34] C:\DOCUME~1\Damien\APPLIC~1\vlc
   [22/01/2006|13:26] C:\DOCUME~1\Damien\APPLIC~1\You've Got Pictures Screensaver

   [22/01/2006|13:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Corel
   [01/09/2005|08:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
   [01/09/2005|08:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
   [22/01/2006|13:15] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
   [22/01/2006|13:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

   [15/09/2008|17:33] C:\DOCUME~1\INVIT~1\APPLIC~1\Adobe
   [22/01/2006|13:27] C:\DOCUME~1\INVIT~1\APPLIC~1\Corel
   [15/09/2008|14:32] C:\DOCUME~1\INVIT~1\APPLIC~1\EPSON
   [15/09/2008|14:33] C:\DOCUME~1\INVIT~1\APPLIC~1\Grisoft
   [01/09/2005|08:25] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities
   [15/09/2008|14:38] C:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia
   [23/09/2008|16:20] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft
   [15/09/2008|14:34] C:\DOCUME~1\INVIT~1\APPLIC~1\Mozilla
   [19/03/2007|18:51] C:\DOCUME~1\INVIT~1\APPLIC~1\Real
   [22/01/2006|13:15] C:\DOCUME~1\INVIT~1\APPLIC~1\Sun
   [25/09/2008|11:31] C:\DOCUME~1\INVIT~1\APPLIC~1\vlc
   [22/01/2006|13:26] C:\DOCUME~1\INVIT~1\APPLIC~1\You've Got Pictures Screensaver

   [12/04/2007|22:57] C:\DOCUME~1\LAUREN~1\APPLIC~1\ACD Systems
   [07/09/2008|18:36] C:\DOCUME~1\LAUREN~1\APPLIC~1\Adobe
   [01/05/2006|18:54] C:\DOCUME~1\LAUREN~1\APPLIC~1\Ahead
   [09/04/2007|17:18] C:\DOCUME~1\LAUREN~1\APPLIC~1\Apple Computer
   [06/09/2008|12:21] C:\DOCUME~1\LAUREN~1\APPLIC~1\ArcSoft
   [24/09/2008|23:42] C:\DOCUME~1\LAUREN~1\APPLIC~1\BitTorrent
   [13/01/2008|11:45] C:\DOCUME~1\LAUREN~1\APPLIC~1\BSplayer
   [12/01/2008|19:03] C:\DOCUME~1\LAUREN~1\APPLIC~1\BSplayer Pro
   [19/09/2008|00:17] C:\DOCUME~1\LAUREN~1\APPLIC~1\CopyToDvd
   [27/01/2006|22:56] C:\DOCUME~1\LAUREN~1\APPLIC~1\Corel Photo Album
   [24/05/2006|13:36] C:\DOCUME~1\LAUREN~1\APPLIC~1\Creative
   [15/09/2008|20:18] C:\DOCUME~1\LAUREN~1\APPLIC~1\DAEMON Tools
   [06/10/2008|17:58] C:\DOCUME~1\LAUREN~1\APPLIC~1\DNA
   [24/06/2008|20:39] C:\DOCUME~1\LAUREN~1\APPLIC~1\dvdcss
   [06/09/2008|12:10] C:\DOCUME~1\LAUREN~1\APPLIC~1\EPSON
   [12/01/2008|12:46] C:\DOCUME~1\LAUREN~1\APPLIC~1\FMZilla
   [11/05/2006|22:23] C:\DOCUME~1\LAUREN~1\APPLIC~1\Google
   [06/10/2008|14:30] C:\DOCUME~1\LAUREN~1\APPLIC~1\GrabIt
   [23/08/2008|00:46] C:\DOCUME~1\LAUREN~1\APPLIC~1\Grisoft
   [27/01/2006|23:21] C:\DOCUME~1\LAUREN~1\APPLIC~1\Help
   [01/09/2005|08:25] C:\DOCUME~1\LAUREN~1\APPLIC~1\Identities
   [19/10/2007|17:15] C:\DOCUME~1\LAUREN~1\APPLIC~1\InstallShield
   [11/02/2006|15:34] C:\DOCUME~1\LAUREN~1\APPLIC~1\Leadertech
   [25/01/2006|22:45] C:\DOCUME~1\LAUREN~1\APPLIC~1\Macromedia
   [23/08/2008|09:39] C:\DOCUME~1\LAUREN~1\APPLIC~1\Malwarebytes
   [17/05/2006|11:51] C:\DOCUME~1\LAUREN~1\APPLIC~1\McAfee.com Personal Firewall
   [17/09/2008|15:13] C:\DOCUME~1\LAUREN~1\APPLIC~1\Microsoft
   [19/06/2008|17:33] C:\DOCUME~1\LAUREN~1\APPLIC~1\Mozilla
   [16/07/2006|19:51] C:\DOCUME~1\LAUREN~1\APPLIC~1\MSNInstaller
   [10/09/2008|22:02] C:\DOCUME~1\LAUREN~1\APPLIC~1\OpenOffice.org2
   [17/08/2008|20:57] C:\DOCUME~1\LAUREN~1\APPLIC~1\Real
   [28/05/2008|18:26] C:\DOCUME~1\LAUREN~1\APPLIC~1\Sonic
   [10/06/2006|17:44] C:\DOCUME~1\LAUREN~1\APPLIC~1\Sony Corporation
   [22/01/2006|13:15] C:\DOCUME~1\LAUREN~1\APPLIC~1\Sun
   [28/01/2006|21:56] C:\DOCUME~1\LAUREN~1\APPLIC~1\Template
   [02/01/2007|13:32] C:\DOCUME~1\LAUREN~1\APPLIC~1\U3
   [03/10/2008|15:32] C:\DOCUME~1\LAUREN~1\APPLIC~1\vlc
   [19/09/2008|00:17] C:\DOCUME~1\LAUREN~1\APPLIC~1\Vso
   [08/07/2007|16:02] C:\DOCUME~1\LAUREN~1\APPLIC~1\XnView
   [22/01/2006|13:26] C:\DOCUME~1\LAUREN~1\APPLIC~1\You've Got Pictures Screensaver

   [17/05/2006|11:49] C:\DOCUME~1\LOCALS~1\APPLIC~1\McAfee.com Personal Firewall
   [26/12/2006|11:29] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
   [22/05/2006|22:23] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla

   [16/04/2008|22:55] C:\DOCUME~1\MARIAE~1\APPLIC~1\Adobe
   [22/01/2006|13:27] C:\DOCUME~1\MARIAE~1\APPLIC~1\Corel
   [19/03/2007|19:02] C:\DOCUME~1\MARIAE~1\APPLIC~1\Google
   [23/08/2008|08:45] C:\DOCUME~1\MARIAE~1\APPLIC~1\Grisoft
   [01/09/2005|08:25] C:\DOCUME~1\MARIAE~1\APPLIC~1\Identities
   [29/09/2007|17:50] C:\DOCUME~1\MARIAE~1\APPLIC~1\Macromedia
   [16/04/2008|23:09] C:\DOCUME~1\MARIAE~1\APPLIC~1\Microsoft
   [29/09/2007|09:37] C:\DOCUME~1\MARIAE~1\APPLIC~1\Mozilla
   [19/03/2007|18:57] C:\DOCUME~1\MARIAE~1\APPLIC~1\Real
   [22/01/2006|13:15] C:\DOCUME~1\MARIAE~1\APPLIC~1\Sun
   [22/01/2006|13:26] C:\DOCUME~1\MARIAE~1\APPLIC~1\You've Got Pictures Screensaver

   [01/09/2005|08:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [01/10/2008 14:26][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [03/10/2008 18:30][--a------] C:\WINDOWS	asks\Recherche de virus de McAfee.com - Mon ordinateur (BUREAU-Laurent EYRARD).job
   [27/01/2006 00:45][---------] C:\WINDOWS	asks\Rappel d'abonnement 1 auprŠs de l'ISP.job
   [06/10/2008 13:27][--ah-----] C:\WINDOWS	asks\SA.DAT
   [10/08/2004 14:00][-r-h-----] C:\WINDOWS	asks\desktop.ini

   --------------------\  Listing des dossiers dans C:\Program Files

   [18/11/2006|20:16] C:\Program Files\2BrightSparks
   [06/09/2008|11:47] C:\Program Files\ABBYY FineReader 6.0 Sprint
   [26/04/2007|13:20] C:\Program Files\ACD Systems
   [27/08/2008|21:34] C:\Program Files\Adobe
   [29/09/2008|16:16] C:\Program Files\adslTV
   [25/06/2008|10:59] C:\Program Files\Ahead
   [05/06/2008|18:46] C:\Program Files\Apple Software Update
   [06/09/2008|11:45] C:\Program Files\ArcSoft
   [24/12/2006|16:27] C:\Program Files\AviSynth 2.5
   [24/09/2008|17:53] C:\Program Files\BitTorrent
   [04/09/2008|17:45] C:\Program Files\Canon
   [04/09/2008|17:34] C:\Program Files\CanonBJ
   [25/10/2007|17:32] C:\Program Files\cbgeo
   [18/11/2006|19:32] C:\Program Files\CCleaner
   [24/06/2008|17:21] C:\Program Files\Citrix
   [11/09/2008|16:41] C:\Program Files\ColiPoste
   [26/12/2006|13:54] C:\Program Files\Combined Community Codec Pack
   [09/03/2006|20:08] C:\Program Files\Common Files
   [18/11/2006|20:09] C:\Program Files\Corel
   [18/11/2006|20:08] C:\Program Files\Creative
   [15/09/2008|20:22] C:\Program Files\DAEMON Tools Lite
   [26/09/2007|10:33] C:\Program Files\Dell
   [25/01/2006|22:27] C:\Program Files\Dell Photo Printer 720
   [24/09/2008|17:52] C:\Program Files\DNA
   [02/09/2008|00:22] C:\Program Files\EasyScan
   [06/09/2008|11:47] C:\Program Files\epson
   [16/10/2007|20:03] C:\Program Files\eRightSoft
   [28/01/2006|23:30] C:\Program Files\Euromat
   [17/05/2007|15:33] C:\Program Files\Exact Audio Copy
   [27/08/2008|21:33] C:\Program Files\Ex‚cutables
   [15/09/2008|20:37] C:\Program Files\Fichiers communs
   [18/08/2007|18:31] C:\Program Files\FileZilla
   [18/11/2006|20:10] C:\Program Files\FpTest
   [14/01/2008|19:22] C:\Program Files\Free Music Zilla
   [02/11/2006|17:51] C:\Program Files\Freeplayer
   [01/09/2005|08:27] C:\Program Files\FrenchOtto
   [01/09/2005|08:27] C:\Program Files\GemMasterFrench
   [06/11/2007|10:14] C:\Program Files\Google
   [17/05/2006|12:33] C:\Program Files\grab153_vf
   [26/12/2007|11:39] C:\Program Files\GrabIt
   [23/08/2008|00:46] C:\Program Files\Grisoft
   [23/09/2008|01:31] C:\Program Files\GUILD WARS
   [22/09/2008|17:01] C:\Program Files\HomePlayer
   [21/02/2008|11:31] C:\Program Files\HomePlayer1.5.4
   [28/01/2006|10:08] C:\Program Files\HP
   [03/01/2008|13:45] C:\Program Files\IncrediMail
   [03/10/2008|00:46] C:\Program Files\InstallShield Installation Information
   [22/01/2006|13:21] C:\Program Files\Intel
   [22/01/2006|13:21] C:\Program Files\InterActual
   [12/08/2008|22:01] C:\Program Files\Internet Explorer
   [21/03/2007|19:06] C:\Program Files\iTunes
   [01/09/2008|19:56] C:\Program Files\Java
   [21/05/2006|23:14] C:\Program Files\Le Nouveau Littr‚
   [23/06/2008|22:11] C:\Program Files\ma-config.com
   [23/08/2008|09:39] C:\Program Files\Malwarebytes' Anti-Malware
   [24/05/2006|13:53] C:\Program Files\Matroska Playback Pack
   [23/09/2008|17:04] C:\Program Files\Messenger
   [03/10/2008|00:46] C:\Program Files\Micro Application
   [01/09/2005|08:18] C:\Program Files\microsoft frontpage
   [27/01/2006|21:09] C:\Program Files\Microsoft Money
   [15/09/2008|20:38] C:\Program Files\Microsoft Office
   [15/09/2008|20:37] C:\Program Files\Microsoft Visual Studio
   [15/09/2008|20:38] C:\Program Files\Microsoft Works
   [15/09/2008|20:34] C:\Program Files\Microsoft.NET
   [23/09/2008|16:59] C:\Program Files\Movie Maker
   [06/10/2008|18:00] C:\Program Files\Mozilla Firefox
   [16/07/2006|19:50] C:\Program Files\MSN
   [01/09/2005|08:12] C:\Program Files\MSN Gaming Zone
   [29/09/2008|16:08] C:\Program Files\MSN Messenger
   [17/11/2006|18:46] C:\Program Files\MSXML 4.0
   [22/01/2006|13:27] C:\Program Files\MyWaySA
   [23/09/2008|16:53] C:\Program Files\NetMeeting
   [27/08/2008|21:58] C:\Program Files\NOS
   [01/09/2005|08:13] C:\Program Files\Online Services
   [17/03/2007|15:33] C:\Program Files\OpenOffice.org 2.1
   [17/03/2007|15:33] C:\Program Files\OpenOffice.org 2.1 Installation Files
   [23/09/2008|16:53] C:\Program Files\Outlook Express
   [10/01/2007|18:02] C:\Program Files\PDF2W
   [23/09/2008|16:34] C:\Program Files\PDFCreator
   [20/03/2007|21:02] C:\Program Files\PhotoBox
   [31/05/2008|10:36] C:\Program Files\Picasa2
   [08/07/2007|16:45] C:\Program Files\PixRecovery
   [17/05/2006|11:51] C:\Program Files\Pochette Express 2
   [17/01/2007|16:17] C:\Program Files\QuickPar
   [05/06/2008|18:48] C:\Program Files\QuickTime
   [23/08/2006|16:37] C:\Program Files\Radio net FR
   [22/01/2006|13:26] C:\Program Files\Real
   [27/12/2006|00:02] C:\Program Files\Rippackv3
   [25/06/2008|10:25] C:\Program Files\Roxio
   [01/09/2005|08:15] C:\Program Files\Services en ligne
   [23/08/2006|16:36] C:\Program Files\Setup_RnetFR
   [22/01/2006|13:19] C:\Program Files\Sigmatel
   [22/01/2006|13:29] C:\Program Files\Sonic
   [10/06/2006|17:09] C:\Program Files\Sony
   [10/06/2006|17:09] C:\Program Files\Sony Corporation
   [05/10/2008|23:37] C:\Program Files\Spybot - Search & Destroy
   [28/01/2006|22:34] C:\Program Files\TLC-EDUSOFT
   [27/01/2006|21:24] C:\Program Files\Trellix2
   [06/10/2008|17:42] C:\Program Files\Trend Micro
   [05/12/2006|14:58] C:\Program Files\Uninstall Information
   [05/10/2008|19:20] C:\Program Files\uqbjlwd
   [29/09/2008|16:17] C:\Program Files\VideoLAN
   [06/10/2008|18:07] C:\Program Files\Viewpoint
   [25/06/2008|15:47] C:\Program Files\VSO
   [12/01/2008|19:03] C:\Program Files\Webteh
   [22/09/2007|11:55] C:\Program Files\Western Digital Technologies
   [26/12/2006|11:20] C:\Program Files\Windows Media Connect 2
   [26/12/2006|11:21] C:\Program Files\Windows Media Player
   [23/09/2008|16:53] C:\Program Files\Windows NT
   [01/09/2005|08:12] C:\Program Files\Windows Plus
   [26/10/2006|18:45] C:\Program Files\WinPcap
   [16/05/2007|16:01] C:\Program Files\WinRAR
   [26/04/2007|21:52] C:\Program Files\winstars
   [01/09/2005|08:18] C:\Program Files\xerox
   [17/05/2006|11:52] C:\Program Files\Yahoo!
   [24/06/2008|20:39] C:\Program Files\Zoom Player

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [21/05/2007|18:12] C:\Program Files\Fichiers communs\ACD Systems
   [27/08/2008|21:34] C:\Program Files\Fichiers communs\Adobe
   [25/06/2008|10:59] C:\Program Files\Fichiers communs\Ahead
   [17/05/2006|11:50] C:\Program Files\Fichiers communs\AOL
   [06/09/2008|11:45] C:\Program Files\Fichiers communs\ArcSoft
   [22/01/2006|13:21] C:\Program Files\Fichiers communs\Creative Labs Shared
   [15/09/2008|20:37] C:\Program Files\Fichiers communs\DESIGNER
   [27/01/2006|21:23] C:\Program Files\Fichiers communs\FotoNation
   [22/01/2006|13:26] C:\Program Files\Fichiers communs\InstallShield
   [22/01/2006|13:15] C:\Program Files\Fichiers communs\Java
   [17/09/2008|22:05] C:\Program Files\Fichiers communs\Microsoft Shared
   [01/09/2005|08:15] C:\Program Files\Fichiers communs\MSSoap
   [27/01/2006|21:15] C:\Program Files\Fichiers communs\Nero
   [22/01/2006|13:26] C:\Program Files\Fichiers communs\Nullsoft
   [05/06/2006|23:08] C:\Program Files\Fichiers communs\ODBC
   [20/08/2008|07:47] C:\Program Files\Fichiers communs\Real
   [22/01/2006|13:21] C:\Program Files\Fichiers communs\Roxio Shared
   [01/09/2005|08:15] C:\Program Files\Fichiers communs\Services
   [25/06/2008|10:25] C:\Program Files\Fichiers communs\Sonic Shared
   [10/06/2006|17:09] C:\Program Files\Fichiers communs\Sony Shared
   [01/09/2005|08:08] C:\Program Files\Fichiers communs\SpeechEngines
   [02/01/2007|13:33] C:\Program Files\Fichiers communs\SWF Studio
   [23/09/2008|16:53] C:\Program Files\Fichiers communs\System
   [20/08/2008|07:48] C:\Program Files\Fichiers communs\xing shared

   --------------------\  Process

   ( 56 Processes )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   disk not found C:\
   please note that you need administrator rights to perform deep scan
 
   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !

   [F:5][D:1]-> C:\DOCUME~1\LAUREN~1\LOCALS~1\Temp
   [F:6][D:0]-> C:\DOCUME~1\LAUREN~1\Cookies
   [F:215][D:4]-> C:\DOCUME~1\LAUREN~1\LOCALS~1\TEMPOR~1\content.IE5

   1 - "C:\Lop SD\LopR_1.txt" - 06/10/2008|17:54 - Option : [1]
   2 - "C:\Lop SD\LopR_2.txt" - 06/10/2008|18:09 - Option : [2]

   --------------------\  Fin du rapport a 18:09:13

toptitbal · Answer

Refais un Hijackthis

sonic43 · Answer

Voilà :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:15:43, on 06/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GRUNCRKF\GVADQXYD.EXE
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\PROGRA~1\SONY\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\DOCUME~1\LAUREN~1\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE
C:\WINDOWS\SYSTEM32\CXEXAVUX.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRAM FILES\DNA\BTDNA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\SYSTEM32\CXEXAVUX.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Barre d'outils du menu Anti-fraude de Trend Micro - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Barre d'outils du menu Anti-fraude de Trend Micro - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\SONY\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE" /minimized
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\PROGRAM FILES\DNA\BTDNA.EXE"
O4 - HKCU\..\Run: [SetStrMsg] C:\WINDOWS\system32\cxexavux.exe
O4 - HKLM\..\Policies\Explorer\Run: [eUFe1nv2jZ] C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GRUNCRKF\GVADQXYD.EXE
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.fr/clients/ImageUploader3.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O21 - SSODL: CmdMsg - {2E5A65BB-B055-C0DD-0118-09975F2EE086} - C:\Program Files\uqbjlwd\CmdMsg.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcappcapd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1	mproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

toptitbal · Answer

Télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. 

Relance HijackThis. 

Clique sur Scan Only et coche la lignes suivante : 

O4 - HKLM\..\Policies\Explorer\Run: [eUFe1nv2jZ] C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GRUNCRKF\GVADQXYD.EXE 

Ferme toutes les autres fenêtres, tous les autres programmes. Pas de connection Internet. 

Clique sur Fix checked puis clique sur OK 
Puis ferme HijackThis.


Double-clique sur OTMoveIt.exe pour le lancer. 
Assure toi que la case Unregister Dll's and Ocx's soit bien cochée 
copie la liste qui se trouve en gras ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GRUNCRKF\GVADQXYD.EXE 


clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

Il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches. 
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..." 
Tape explorer puis valide.

sonic43 · Answer

Voilà le rapport :

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GRUNCRKF\GVADQXYD.EXE moved successfully.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10062008_183524

toptitbal · Answer

OK
Comment se comporte le PC ?

sonic43 · Answer

Je vais attendre un peu avant de me réjouir, mais je n'ai pas vu d'"alertes sécurités windows" depuis un moment.
Je te tiens au courant.

toptitbal · Answer

OK, si tout va bien il restera un outil à utiliser pour désinstaller ce qui a servi à la désinfection.

sonic43 · Answer

Eh bien non, les fenêtres réapparaissent et le processus responsable est toujours cxexavux.exe dans system32.
Que peut-on faire d'autre ?

toptitbal · Answer

Refais un Hijackthis

sonic43 · Answer

Voici le rapport, ah tiens encore une de ces satanées fenêtres qui vient de s'ouvrir.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:13:56, on 06/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\SONY\SONICS~1\SsAAD.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRAM FILES\DNA\BTDNA.EXE
C:\WINDOWS\SYSTEM32\CXEXAVUX.EXE
C:\DOCUME~1\LAUREN~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\cxexavux.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Barre d'outils du menu Anti-fraude de Trend Micro - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Barre d'outils du menu Anti-fraude de Trend Micro - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\SONY\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE" /minimized
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\PROGRAM FILES\DNA\BTDNA.EXE"
O4 - HKCU\..\Run: [SetStrMsg] C:\WINDOWS\system32\cxexavux.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.fr/clients/ImageUploader3.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O21 - SSODL: CmdMsg - {2E5A65BB-B055-C0DD-0118-09975F2EE086} - C:\Program Files\uqbjlwd\CmdMsg.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcappcapd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1	mproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

toptitbal · Answer

Bizarre !

On va faire un nettoyage général, il y a peut-être des résidus

Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse. 

Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre-le sur ton Bureau à partir de ce lien : 

http://www.commentcamarche.net/telecharger/telechargement 34055379 malwarebyte s anti malware

A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci. 

Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation. 

Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées. 

Redémarre ton ordinateur en mode sans échec

Relance MBAM grâce au raccourci présent sur ton bureau.
 
Dans l'onglet analyse, vérifie que "Exécuter un examen complet" est coché et clique sur le bouton Rechercher pour démarrer l'analyse. 

MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement. 

A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre. 

Si des malwares ont été détectés, leur liste s'affiche. 
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine. 

MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs) 

Ferme MBAM en cliquant sur Quitter. 

Poste le rapport dans ta réponse

sonic43 · Answer

L'analyse a été longue mais MBAM n'a rien trouvé et j'ai toujours le même problème causé par le même exécutable.

toptitbal · Answer

On essaie de le supprimer directement :

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. 
double-clique sur OTMoveIt.exe pour le lancer. 
Assure toi que la case Unregister Dll's and Ocx's soit bien cochée 
copie la liste qui se trouve en gras ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\WINDOWS\SYSTEM32\CXEXAVUX.EXE 

clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches. 
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..." 
Tape explorer puis valide.

sonic43 · Answer

Bonjour, voilà le rapport.
C:\WINDOWS\SYSTEM32\CXEXAVUX.EXE moved successfully.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10072008_201313

sonic43 · Answer

Plus de problèmes !
Merci pour l'aide.

toptitbal · Answer

Super !
Donc :

Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques : 

Télécharge toolscleaner sur ton Bureau : 
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
* Double-clique sur ToolsCleaner2.exe et laisse le travailler 
* Clique sur Recherche et laisse le scan se terminer. 
* Clique sur Suppression pour finaliser. 
* Tu peux, si tu le souhaites, te servir des Options facultatives. 
* Clique sur Quitter, pour que le rapport puisse se créer. 
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse

PC infecté par trojan

23 réponses

Votre réponse

Newsletters