Trojan keylogger win 32 fung

LLB -  
evasion60/PCA Messages postés 827 Statut Contributeur sécurité -
Bonjour,

le trojan keylogger win 32 fung est detecté sur mon ordi, antimalware ne peut toutefois m'en débarrasser tout comme Ad-aware, j'ai lancé une analyse Spybot encours.

En attendant je vous soumet le rapport Hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:49, on 29/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Google\mupd1_2_1165664.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Compaq_Propriétaire\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [asus32] "C:\Documents and Settings\Compaq_Propriétaire\Application Data\Google\mupd1_2_1165664.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6770 bytes
Configuration: Windows XP
Firefox 3.0.3

22 réponses

  • 1
  • 2
  1. evasion60/PCA Messages postés 827 Statut Contributeur sécurité 92
     
    Bp,jour et bienvenue sur CCM

    Télécharge lopS&D d'Eric71 et AngelDark,
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
    Double-clique sur le fichier téléchargé pour installer le logiciel.
    Double-clique sur le racourci créé pour lancer le programme,
    Choisis la langue,
    Sélectionne l'option 1. L'outil scanne plusieurs dossiers sensibles. Cela peut durer quelques minutes. Laisse l'analyse se dérouler.
    Le bloc-note va s'ouvrir. Poste son contenu dans ta prochaine réponse.

    Bonne réception
    3
  2. evasion60/PCA Messages postés 827 Statut Contributeur sécurité 92
     
    Re, Oui

    ... Je suis bénévole,et comme chacun a une vie privée, ton LOP est tjrs présent
    J'avais bien écris " si cela ne passe pas avec LOP-S&D" , je passe avec une autre proposition PCA.reg

    Patience t'es pas tout seul, je reviens avec un script PCA.reg
    Bonne réception
    2
  3. evasion60/PCA Messages postés 827 Statut Contributeur sécurité 92
     
    Bien, me voici de retour :

    Note comment démarrer en mode sans échec, tu vas t'en servir un peu plus bas
    Au démarrage du PC, après le premier bip, tapote la touche F8

    Télécharge :
    ...CCleaner http://www.filehippo.com/download_ccleaner.html
    ("Download Latest Version", sur la droite). Ce logiciel va permettre de supprimer tous les fichiers temporaires. Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.

    Crée un nouveau document texte : clic droit de souris sur le bureau, "Nouveau"> "Document Texte". Ouvre-le et copie-colle dedans de ce qui est en citation ci-dessous, (copie tout d'un trait) :

    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "asus32"=-


    Puis " fichier "/ " enregistrer sous " :
    dans : sur le bureau
    Nom du fichier : PCA.reg
    Type de fichier : " tous les fichiers "
    clique sur "enregistrer"

    *****Copie ce qui suit dans un fichier texte et redémarre en mode sans échec (choisis ta session habituelle, pas le compte "Administrateur" ou autre)*****

    ...Assure toi d'avoir accès aux dossiers/fichiers cachés :

    Ouvrir un dossier, n'importe lequel. Aller dans :
    Outils/Options des dossiers/Affichage et
    - cocher " afficher les dossiers et fichiers cachés "
    - décocher " masquer les extensions des fichiers dont le type est connu "
    - décocher " masquer les fichiers protégés du système d'exploitation (recommandé) "
    " appliquer " et " ok "

    ...Recherche avec l'explorateur Windows, et supprime ces dossiers ou fichiers, si tu les trouves :

    c:\documents and settings\compaq_propriétaire\application data\google\mupd1_2_1165664.exe

    <- le fichier

    Vide ta corbeille ( important )

    Décoche l'accès aux dossiers, fichiers cachés
    L'inverse donc de ci dessus

    ...Double clique sur PCA.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
    Si c'est bien le cas, clique sur " oui "

    ...Lance CCleaner : " Analyse "/, puis " Lancer le nettoyage " et c'est tout.

    ...Reste en mode sans échec / OK
    Lance HijackThis pour un " do a system scan only "
    Coche à gauche les lignes suivantes :

    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKCU\..\Run: [asus32] "C:\Documents and Settings\Compaq_Propriétaire\Application Data\Google\mupd1_2_1165664.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll


    Clique en bas sur " Fix checked "

    Redémarre la machine normalement
    Reviens dans ta réponse avec un nouveau log HijackThis / STP
    A te lire

    Bonne réception, et à te lire
    2
  4. evasion60/PCA Messages postés 827 Statut Contributeur sécurité 92
     
    Ok LLB

    Tu peux marquer ton sujet comme résolu ;))

    Bonne continuation, et merci de nous avoir fait confiance
    Attention sur le Web

    Cordialement
    2
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. scrableuse Messages postés 142 Statut Membre 199
     
    Salut !
    Tu as sûrement un "visiteur indésirable" qui s'est installé en même temps que ton téléchargement.

    Je te conseille un outil très performant pour éviter cet ennui pour toujours: Télécharge Spyware Terminator,c'est très efficace comme protection,mais aussi pour rechercher et éliminer tout ce qu'il détecte de nuisible sur ton ordi.

    Voici le lien pour l'installer et en français !

    https://spyware-terminator.fr.malavida.com/

    Bonne chance !
    0
  7. LLB
     
    le voila :
    --------------------\\ Lop S&D 4.2.4-8 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ )
    BIOS : Phoenix - Award BIOS v6.00PG
    USER : Compaq_Propriétaire ( Administrator )
    BOOT : Normal boot
    Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.27 (Activated)
    C:\ (Local Disk) - NTFS - Total:143 Go (Free:63 Go)
    D:\ (Local Disk) - NTFS - Total:149 Go (Free:1 Go)
    E:\ (Local Disk) - FAT32 - Total:5 Go (Free:2 Go)
    F:\ (CD or DVD)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)
    J:\ (USB)

    "C:\Lop SD" ( MAJ : 27-10-2008|09:15 )
    Option : [1] ( 29/10/2008|12:17 )

    --------------------\\ Listing des dossiers dans APPLIC~1

    [15/01/2006|17:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

    [27/05/2006|22:49] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Microsoft

    [27/05/2006|22:49] C:\DOCUME~1\ADMINI~1.000\APPLIC~1\Microsoft

    [27/05/2006|22:47] C:\DOCUME~1\ADMINI~1.001\APPLIC~1\Microsoft

    [27/05/2006|22:41] C:\DOCUME~1\ADMINI~1.002\APPLIC~1\Microsoft

    [28/05/2006|11:49] C:\DOCUME~1\ADMINI~1.003\APPLIC~1\Microsoft

    [28/05/2006|11:32] C:\DOCUME~1\ADMINI~1.004\APPLIC~1\Microsoft

    [27/05/2006|21:33] C:\DOCUME~1\ADMINI~1.005\APPLIC~1\Microsoft

    [27/05/2006|12:30] C:\DOCUME~1\ADMINI~1.006\APPLIC~1\Macromedia
    [27/05/2006|20:14] C:\DOCUME~1\ADMINI~1.006\APPLIC~1\Microsoft

    [28/05/2006|10:52] C:\DOCUME~1\ADMINI~1.007\APPLIC~1\Microsoft

    [01/01/2005|20:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [01/01/2005|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [29/08/2008|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    [09/07/2006|11:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EnterNHelp
    [04/06/2007|14:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
    [01/01/2005|20:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    [17/10/2008|10:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\jwbwhmvw
    [29/08/2008|14:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    [30/11/2005|00:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macromedia
    [18/08/2008|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [01/01/2005|20:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [09/07/2006|11:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies
    [01/01/2005|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    [01/01/2005|20:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [04/06/2007|14:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
    [25/12/2006|22:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [29/08/2008|13:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [09/07/2006|11:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ultima_T15
    [27/06/2007|09:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [14/05/2008|18:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    [15/01/2006|17:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

    [05/04/2007|22:40] C:\DOCUME~1\APPLIC~1\APPLIC~1\Microsoft

    [05/04/2007|22:40] C:\DOCUME~1\COMPAQ~2\APPLIC~1\Microsoft

    [30/11/2005|13:53] C:\DOCUME~1\COMPAQ~3\APPLIC~1\Macromedia
    [05/04/2007|22:40] C:\DOCUME~1\COMPAQ~3\APPLIC~1\Microsoft

    [29/10/2008|10:44] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Adobe
    [29/10/2008|10:44] C:\DOCUME~1\COMPAQ~1\APPLIC~1\AdobeUM
    [29/10/2008|10:44] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Apple Computer
    [29/10/2008|10:44] C:\DOCUME~1\COMPAQ~1\APPLIC~1\ArcSoft
    [29/10/2008|10:44] C:\DOCUME~1\COMPAQ~1\APPLIC~1\bang
    [25/12/2006|23:31] C:\DOCUME~1\COMPAQ~1\APPLIC~1\DivX
    [03/10/2007|17:45] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Free Download Manager
    [27/11/2005|21:12] C:\DOCUME~1\COMPAQ~1\APPLIC~1\GlobalSCAPE
    [29/10/2008|10:43] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Google
    [17/01/2006|12:16] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Help
    [04/06/2007|14:45] C:\DOCUME~1\COMPAQ~1\APPLIC~1\HP
    [29/08/2008|08:54] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Identities
    [31/10/2005|19:30] C:\DOCUME~1\COMPAQ~1\APPLIC~1\InterVideo
    [27/01/2008|20:04] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Lavasoft
    [12/11/2005|20:25] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Leadertech
    [24/02/2006|14:28] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Macromedia
    [18/08/2008|11:57] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Malwarebytes
    [29/08/2008|08:54] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Microsoft
    [28/05/2007|13:09] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Mind Control Software
    [17/01/2006|11:29] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Morpheus(2)
    [26/08/2008|16:28] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Mozilla
    [06/02/2006|22:15] C:\DOCUME~1\COMPAQ~1\APPLIC~1\MSNInstaller
    [09/07/2006|11:31] C:\DOCUME~1\COMPAQ~1\APPLIC~1\muvee Technologies
    [05/04/2007|22:40] C:\DOCUME~1\COMPAQ~1\APPLIC~1\MySpace
    [09/07/2006|11:20] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Nikon
    [29/10/2008|12:14] C:\DOCUME~1\COMPAQ~1\APPLIC~1\OpenOffice.org2
    [28/05/2007|13:09] C:\DOCUME~1\COMPAQ~1\APPLIC~1\PlayFirst
    [09/09/2006|13:19] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Real
    [01/01/2005|20:55] C:\DOCUME~1\COMPAQ~1\APPLIC~1\SampleView
    [02/03/2007|11:28] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Skype
    [12/11/2005|20:26] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Sonic
    [24/11/2005|11:37] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Sun
    [16/07/2008|19:38] C:\DOCUME~1\COMPAQ~1\APPLIC~1\U3
    [23/10/2008|16:27] C:\DOCUME~1\COMPAQ~1\APPLIC~1\uTorrent
    [26/12/2006|00:09] C:\DOCUME~1\COMPAQ~1\APPLIC~1\vlc
    [17/10/2008|13:24] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Vso

    [01/01/2005|20:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
    [25/11/2004|04:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [01/01/2005|21:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [01/01/2005|20:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
    [01/01/2005|21:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

    [17/10/2008|08:27] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [01/01/2005|20:17] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [29/10/2008 12:14][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [05/08/2004 19:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [29/08/2006|07:45] C:\Program Files\Acoustica Audio Converter Pro
    [01/01/2005|20:43] C:\Program Files\Adobe
    [29/05/2006|22:33] C:\Program Files\Alwil Software
    [31/05/2007|22:27] C:\Program Files\Apple Software Update
    [09/07/2006|11:19] C:\Program Files\ArcSoft
    [26/12/2006|11:27] C:\Program Files\AsfTools 3.1
    [01/01/2005|21:10] C:\Program Files\ATI Technologies
    [19/03/2006|15:12] C:\Program Files\Audacity
    [29/08/2008|09:48] C:\Program Files\Avira
    [27/09/2006|11:01] C:\Program Files\Badongo
    [09/09/2006|23:09] C:\Program Files\BitManSoft
    [29/11/2005|11:56] C:\Program Files\Bradbury
    [23/09/2006|19:19] C:\Program Files\CDex_150
    [24/11/2004|02:37] C:\Program Files\ComPlus Applications
    [15/01/2006|17:21] C:\Program Files\DAEMON Tools
    [28/05/2007|15:36] C:\Program Files\Deirdra Kiai Productions
    [21/05/2007|12:39] C:\Program Files\DivX
    [27/01/2008|19:03] C:\Program Files\E.M. Youtube Video Download Tool
    [01/01/2005|20:53] C:\Program Files\Easy Internet signup
    [03/09/2006|12:17] C:\Program Files\Elecard
    [24/10/2008|15:24] C:\Program Files\eMule
    [03/09/2006|12:30] C:\Program Files\ffdshow
    [01/01/2005|21:03] C:\Program Files\Fichiers communs
    [26/12/2006|23:46] C:\Program Files\Free Download Manager
    [04/03/2006|20:36] C:\Program Files\Games
    [27/02/2006|20:07] C:\Program Files\GlobalSCAPE
    [17/10/2008|10:56] C:\Program Files\gnzwuze
    [31/08/2008|18:31] C:\Program Files\Google
    [04/06/2007|14:42] C:\Program Files\Hewlett-Packard
    [29/08/2008|09:28] C:\Program Files\HP
    [01/01/2005|20:48] C:\Program Files\HPQ
    [10/02/2006|23:59] C:\Program Files\IceChat5
    [26/09/2006|13:44] C:\Program Files\Image Grabber II
    [01/01/2005|21:10] C:\Program Files\InstallShield Installation Information
    [01/01/2005|20:24] C:\Program Files\Internet Explorer
    [01/01/2005|21:10] C:\Program Files\InterVideo
    [15/01/2006|18:42] C:\Program Files\Inventel
    [15/01/2006|17:27] C:\Program Files\Inventel(2)
    [01/01/2005|20:44] C:\Program Files\iPod
    [01/01/2005|20:44] C:\Program Files\iTunes
    [16/01/2006|18:19] C:\Program Files\iTunes(2)
    [16/01/2006|18:20] C:\Program Files\iTunes(3)
    [01/01/2005|20:26] C:\Program Files\Java
    [29/08/2008|14:28] C:\Program Files\Lavasoft
    [27/01/2008|19:21] C:\Program Files\lycos
    [30/11/2005|00:04] C:\Program Files\Macromedia(2)
    [17/10/2008|09:56] C:\Program Files\Malwarebytes' Anti-Malware
    [01/01/2005|20:29] C:\Program Files\Messenger
    [08/01/2008|08:50] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [25/11/2004|04:27] C:\Program Files\microsoft frontpage
    [08/02/2006|10:04] C:\Program Files\Microsoft R‚f‚rence
    [15/01/2006|17:27] C:\Program Files\Microsoft R‚f‚rence(2)
    [16/01/2006|18:19] C:\Program Files\Microsoft R‚f‚rence(3)
    [28/09/2006|07:01] C:\Program Files\Morpheus
    [15/01/2006|15:52] C:\Program Files\MotoRacer
    [25/11/2004|04:27] C:\Program Files\Movie Maker
    [29/10/2008|12:15] C:\Program Files\Mozilla Firefox
    [25/11/2004|04:27] C:\Program Files\MSN
    [25/11/2004|04:27] C:\Program Files\MSN Gaming Zone
    [04/10/2007|05:41] C:\Program Files\MSN Messenger
    [26/06/2007|23:31] C:\Program Files\MSXML 4.0
    [05/04/2007|22:40] C:\Program Files\MySpace
    [27/02/2006|17:14] C:\Program Files\MySpeed Personal Edition
    [29/08/2008|16:40] C:\Program Files\NetMeeting
    [09/09/2006|13:12] C:\Program Files\NewLive Rm To Mp3 Converter
    [19/08/2006|15:30] C:\Program Files\Nikon
    [28/05/2007|14:18] C:\Program Files\Oasis
    [25/11/2004|04:27] C:\Program Files\Online Services
    [22/05/2007|16:40] C:\Program Files\OpenOffice.org 2.0
    [29/08/2008|09:04] C:\Program Files\OpenOffice.org 2.4
    [29/09/2006|21:20] C:\Program Files\orange
    [29/08/2008|16:40] C:\Program Files\Outlook Express
    [01/01/2005|20:50] C:\Program Files\PC-Doctor for Windows
    [16/10/2006|16:03] C:\Program Files\Philips
    [01/01/2005|20:44] C:\Program Files\QuickTime
    [16/01/2006|18:19] C:\Program Files\QuickTime(2)
    [09/09/2006|13:18] C:\Program Files\Real
    [28/05/2007|13:08] C:\Program Files\ReflexiveArcade
    [30/05/2006|20:32] C:\Program Files\RegCleaner
    [17/10/2008|11:52] C:\Program Files\SDHelper (Spybot - Search & Destroy)
    [01/01/2005|20:53] C:\Program Files\Services en ligne
    [22/08/2006|22:23] C:\Program Files\Software River Solutions
    [01/01/2005|20:41] C:\Program Files\Sonic
    [22/07/2008|16:12] C:\Program Files\SopCast
    [16/05/2007|18:05] C:\Program Files\Soulseek-Test
    [29/08/2008|14:09] C:\Program Files\Spybot - Search & Destroy
    [25/12/2006|18:32] C:\Program Files\SuperCopier2
    [17/10/2008|11:52] C:\Program Files\TeaTimer (Spybot - Search & Destroy)
    [07/02/2006|20:09] C:\Program Files\Thomson multimedia
    [24/11/2004|02:37] C:\Program Files\Uninstall Information
    [27/09/2006|09:41] C:\Program Files\uTorrent
    [26/12/2006|00:06] C:\Program Files\VideoLAN
    [28/11/2005|10:58] C:\Program Files\Virtual Mechanics
    [27/02/2006|17:19] C:\Program Files\VisualRoute
    [31/08/2008|19:12] C:\Program Files\VSO
    [29/10/2008|12:15] C:\Program Files\Wanadoo
    [29/08/2008|09:08] C:\Program Files\Wanadoo Messager
    [24/10/2007|12:32] C:\Program Files\Winamp
    [06/01/2008|16:07] C:\Program Files\Windows Live
    [29/08/2008|16:40] C:\Program Files\Windows Media Player
    [29/08/2008|16:40] C:\Program Files\Windows NT
    [24/11/2004|02:37] C:\Program Files\WindowsUpdate
    [20/01/2006|15:02] C:\Program Files\WinRAR
    [29/08/2008|10:26] C:\Program Files\WinZip
    [25/11/2004|04:28] C:\Program Files\xerox
    [11/09/2008|13:01] C:\Program Files\XviD
    [15/01/2006|17:24] C:\Program Files\Yahoo!

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [18/04/2006|15:36] C:\Program Files\Fichiers communs\Adobe
    [04/06/2007|14:43] C:\Program Files\Fichiers communs\HP
    [01/01/2005|21:10] C:\Program Files\Fichiers communs\InstallShield
    [01/01/2005|20:26] C:\Program Files\Fichiers communs\Java
    [15/01/2006|17:21] C:\Program Files\Fichiers communs\Macromedia
    [29/11/2005|11:56] C:\Program Files\Fichiers communs\Macromedia
    [25/11/2004|04:26] C:\Program Files\Fichiers communs\Microsoft Shared
    [25/11/2004|04:26] C:\Program Files\Fichiers communs\MSSoap
    [09/07/2006|11:20] C:\Program Files\Fichiers communs\muvee Technologies
    [09/07/2006|11:21] C:\Program Files\Fichiers communs\Nikon
    [25/11/2004|04:26] C:\Program Files\Fichiers communs\ODBC
    [09/09/2006|13:18] C:\Program Files\Fichiers communs\Real
    [29/08/2008|16:40] C:\Program Files\Fichiers communs\Services
    [29/08/2008|09:34] C:\Program Files\Fichiers communs\Sonic Shared
    [25/11/2004|04:26] C:\Program Files\Fichiers communs\SpeechEngines
    [01/01/2005|20:40] C:\Program Files\Fichiers communs\SureThing Shared
    [29/08/2008|09:20] C:\Program Files\Fichiers communs\Symantec Shared
    [25/11/2004|04:27] C:\Program Files\Fichiers communs\System
    [01/01/2005|20:41] C:\Program Files\Fichiers communs\TiVo Shared
    [06/01/2008|16:07] C:\Program Files\Fichiers communs\WindowsLiveInstaller
    [29/08/2008|14:27] C:\Program Files\Fichiers communs\Wise Installation Wizard
    [09/09/2006|13:18] C:\Program Files\Fichiers communs\xing shared

    --------------------\\ Process

    ( 35 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\nsh78.tmp
    C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\nso81.tmp
    C:\DOCUME~1\COMPAQ~1\Cookies\compaq_propriétaire@advertstream[2].txt
    C:\DOCUME~1\COMPAQ~1\Cookies\compaq_propriétaire@d2.advertserve[1].txt
    C:\DOCUME~1\COMPAQ~1\Cookies\compaq_propriétaire@adin.bigpoint[2].txt
    C:\DOCUME~1\COMPAQ~1\Cookies\compaq_propriétaire@bigpoint[1].txt
    C:\DOCUME~1\COMPAQ~1\Cookies\compaq_propriétaire@fr1.seafight.bigpoint[1].txt
    C:\DOCUME~1\COMPAQ~1\Cookies\compaq_propriétaire@banner.cotedazurpalace[2].txt
    C:\DOCUME~1\COMPAQ~1\Cookies\compaq_propriétaire@cotedazurpalace[2].txt
    C:\DOCUME~1\COMPAQ~1\Cookies\compaq_propriétaire@adopt.euroclick[1].txt
    C:\DOCUME~1\COMPAQ~1\Cookies\compaq_propriétaire@partypoker[2].txt
    C:\DOCUME~1\COMPAQ~1\Cookies\compaq_propriétaire@fr1.seafight.bigpoint[1].txt

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-29 12:18:12
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\COMPAQ~1\Application Data\bang\rsrc\bounties\frontier_town\most_wanted\extreme\crackshot_maude
    C:\DOCUME~1\COMPAQ~1\Application Data\bang\rsrc\bounties\frontier_town\most_wanted\extreme\crackshot_maude\bounty.properties
    C:\DOCUME~1\COMPAQ~1\Application Data\bang\rsrc\bounties\frontier_town\most_wanted\extreme\crackshot_maude\crackshot_maude.png
    C:\DOCUME~1\COMPAQ~1\Application Data\bang\rsrc\bounties\frontier_town\most_wanted\extreme\crackshot_maude\gully.game
    C:\DOCUME~1\COMPAQ~1\Application Data\bang\rsrc\bounties\frontier_town\most_wanted\extreme\crackshot_maude\high_shooter.game
    C:\DOCUME~1\COMPAQ~1\Application Data\bang\rsrc\bounties\frontier_town\most_wanted\extreme\crackshot_maude\keep_em.game

    [F:751][D:255]-> C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
    [F:2498][D:0]-> C:\DOCUME~1\COMPAQ~1\Cookies
    [F:159][D:5]-> C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 29/10/2008|12:19 - Option : [1]

    --------------------\\ Fin du rapport a 12:19:41
    0
  8. evasion60/PCA Messages postés 827 Statut Contributeur sécurité 92
     
    re

    Double-clique sur le raccourci et choisis l'option 2. Cela va supprimer l'infection et provoquer une réinitialisation du fichier hosts.
    A la fin de la suppression, une recherche sera re-lancée.
    Le bloc-note s'ouvre. Edite son contenu dans ta prochaine réponse.

    Si LOP S&D, ne les choute pas, je te fais passer par un PCA.reg

    Reviens dans ta réponse avec le rapport LOP, puis un nouveau log HijackThis / STP

    Edité :
    Supprime moi tous tes cracks et Keygen

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\COMPAQ~1\Application Data\bang\rsrc\bounties\frontier_town\most_wanted\extreme\crackshot_maude
    C:\DOCUME~1\COMPAQ~1\Application Data\bang\rsrc\bounties\frontier_town\most_wanted\extreme\crackshot_maude\bounty.properties
    C:\DOCUME~1\COMPAQ~1\Application Data\bang\rsrc\bounties\frontier_town\most_wanted\extreme\crackshot_maude\crackshot_maude.png
    C:\DOCUME~1\COMPAQ~1\Application Data\bang\rsrc\bounties\frontier_town\most_wanted\extreme\crackshot_maude\gully.game
    C:\DOCUME~1\COMPAQ~1\Application Data\bang\rsrc\bounties\frontier_town\most_wanted\extreme\crackshot_maude\high_shooter.game
    C:\DOCUME~1\COMPAQ~1\Application Data\bang\rsrc\bounties\frontier_town\most_wanted\extreme\crackshot_maude\keep_em.game
    0
  9. LLB
     
    le rapportlop suite à suppression:

    --------------------\\ Lop S&D 4.2.4-8 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ )
    BIOS : Phoenix - Award BIOS v6.00PG
    USER : Compaq_Propriétaire ( Administrator )
    BOOT : Normal boot
    Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.27 (Activated)
    C:\ (Local Disk) - NTFS - Total:143 Go (Free:63 Go)
    D:\ (Local Disk) - NTFS - Total:149 Go (Free:1 Go)
    E:\ (Local Disk) - FAT32 - Total:5 Go (Free:2 Go)
    F:\ (CD or DVD)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)
    J:\ (USB)

    "C:\Lop SD" ( MAJ : 27-10-2008|09:15 )
    Option : [2] ( 29/10/2008|12:50 )

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

    Supprime! - C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\nsh78.tmp
    Supprime! - C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\nso81.tmp
    Supprime! - C:\DOCUME~1\COMPAQ~1\Cookies\compaq_propriétaire@advertstream[2].txt
    Supprime! - C:\DOCUME~1\COMPAQ~1\Cookies\compaq_propriétaire@d2.advertserve[1].txt
    Supprime! - C:\DOCUME~1\COMPAQ~1\Cookies\compaq_propriétaire@adin.bigpoint[2].txt
    Supprime! - C:\DOCUME~1\COMPAQ~1\Cookies\compaq_propriétaire@bigpoint[1].txt
    Supprime! - C:\DOCUME~1\COMPAQ~1\Cookies\compaq_propriétaire@fr1.seafight.bigpoint[1].txt
    Supprime! - C:\DOCUME~1\COMPAQ~1\Cookies\compaq_propriétaire@banner.cotedazurpalace[2].txt
    Supprime! - C:\DOCUME~1\COMPAQ~1\Cookies\compaq_propriétaire@cotedazurpalace[2].txt
    Supprime! - C:\DOCUME~1\COMPAQ~1\Cookies\compaq_propriétaire@adopt.euroclick[1].txt
    Supprime! - C:\DOCUME~1\COMPAQ~1\Cookies\compaq_propriétaire@partypoker[2].txt

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    --------------------\\ Listing des dossiers dans APPLIC~1

    [15/01/2006|17:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

    [27/05/2006|22:49] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Microsoft

    [27/05/2006|22:49] C:\DOCUME~1\ADMINI~1.000\APPLIC~1\Microsoft

    [27/05/2006|22:47] C:\DOCUME~1\ADMINI~1.001\APPLIC~1\Microsoft

    [27/05/2006|22:41] C:\DOCUME~1\ADMINI~1.002\APPLIC~1\Microsoft

    [28/05/2006|11:49] C:\DOCUME~1\ADMINI~1.003\APPLIC~1\Microsoft

    [28/05/2006|11:32] C:\DOCUME~1\ADMINI~1.004\APPLIC~1\Microsoft

    [27/05/2006|21:33] C:\DOCUME~1\ADMINI~1.005\APPLIC~1\Microsoft

    [27/05/2006|12:30] C:\DOCUME~1\ADMINI~1.006\APPLIC~1\Macromedia
    [27/05/2006|20:14] C:\DOCUME~1\ADMINI~1.006\APPLIC~1\Microsoft

    [28/05/2006|10:52] C:\DOCUME~1\ADMINI~1.007\APPLIC~1\Microsoft

    [01/01/2005|20:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [01/01/2005|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [29/08/2008|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    [09/07/2006|11:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EnterNHelp
    [04/06/2007|14:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
    [01/01/2005|20:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    [17/10/2008|10:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\jwbwhmvw
    [29/08/2008|14:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    [30/11/2005|00:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macromedia
    [18/08/2008|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [01/01/2005|20:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [09/07/2006|11:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies
    [01/01/2005|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    [01/01/2005|20:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [04/06/2007|14:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
    [25/12/2006|22:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [29/08/2008|13:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [09/07/2006|11:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ultima_T15
    [27/06/2007|09:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [14/05/2008|18:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    [15/01/2006|17:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

    [05/04/2007|22:40] C:\DOCUME~1\APPLIC~1\APPLIC~1\Microsoft

    [05/04/2007|22:40] C:\DOCUME~1\COMPAQ~2\APPLIC~1\Microsoft

    [30/11/2005|13:53] C:\DOCUME~1\COMPAQ~3\APPLIC~1\Macromedia
    [05/04/2007|22:40] C:\DOCUME~1\COMPAQ~3\APPLIC~1\Microsoft

    [29/10/2008|10:44] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Adobe
    [29/10/2008|10:44] C:\DOCUME~1\COMPAQ~1\APPLIC~1\AdobeUM
    [29/10/2008|10:44] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Apple Computer
    [29/10/2008|10:44] C:\DOCUME~1\COMPAQ~1\APPLIC~1\ArcSoft
    [29/10/2008|10:44] C:\DOCUME~1\COMPAQ~1\APPLIC~1\bang
    [25/12/2006|23:31] C:\DOCUME~1\COMPAQ~1\APPLIC~1\DivX
    [03/10/2007|17:45] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Free Download Manager
    [27/11/2005|21:12] C:\DOCUME~1\COMPAQ~1\APPLIC~1\GlobalSCAPE
    [29/10/2008|10:43] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Google
    [17/01/2006|12:16] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Help
    [04/06/2007|14:45] C:\DOCUME~1\COMPAQ~1\APPLIC~1\HP
    [29/08/2008|08:54] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Identities
    [31/10/2005|19:30] C:\DOCUME~1\COMPAQ~1\APPLIC~1\InterVideo
    [27/01/2008|20:04] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Lavasoft
    [12/11/2005|20:25] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Leadertech
    [24/02/2006|14:28] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Macromedia
    [18/08/2008|11:57] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Malwarebytes
    [29/08/2008|08:54] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Microsoft
    [28/05/2007|13:09] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Mind Control Software
    [17/01/2006|11:29] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Morpheus(2)
    [26/08/2008|16:28] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Mozilla
    [06/02/2006|22:15] C:\DOCUME~1\COMPAQ~1\APPLIC~1\MSNInstaller
    [09/07/2006|11:31] C:\DOCUME~1\COMPAQ~1\APPLIC~1\muvee Technologies
    [05/04/2007|22:40] C:\DOCUME~1\COMPAQ~1\APPLIC~1\MySpace
    [09/07/2006|11:20] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Nikon
    [29/10/2008|12:46] C:\DOCUME~1\COMPAQ~1\APPLIC~1\OpenOffice.org2
    [28/05/2007|13:09] C:\DOCUME~1\COMPAQ~1\APPLIC~1\PlayFirst
    [09/09/2006|13:19] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Real
    [01/01/2005|20:55] C:\DOCUME~1\COMPAQ~1\APPLIC~1\SampleView
    [02/03/2007|11:28] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Skype
    [12/11/2005|20:26] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Sonic
    [24/11/2005|11:37] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Sun
    [16/07/2008|19:38] C:\DOCUME~1\COMPAQ~1\APPLIC~1\U3
    [23/10/2008|16:27] C:\DOCUME~1\COMPAQ~1\APPLIC~1\uTorrent
    [26/12/2006|00:09] C:\DOCUME~1\COMPAQ~1\APPLIC~1\vlc
    [17/10/2008|13:24] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Vso

    [01/01/2005|20:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
    [25/11/2004|04:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [01/01/2005|21:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [01/01/2005|20:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
    [01/01/2005|21:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

    [17/10/2008|08:27] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [01/01/2005|20:17] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [29/10/2008 12:46][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [05/08/2004 19:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [29/08/2006|07:45] C:\Program Files\Acoustica Audio Converter Pro
    [01/01/2005|20:43] C:\Program Files\Adobe
    [29/05/2006|22:33] C:\Program Files\Alwil Software
    [31/05/2007|22:27] C:\Program Files\Apple Software Update
    [09/07/2006|11:19] C:\Program Files\ArcSoft
    [26/12/2006|11:27] C:\Program Files\AsfTools 3.1
    [01/01/2005|21:10] C:\Program Files\ATI Technologies
    [19/03/2006|15:12] C:\Program Files\Audacity
    [29/08/2008|09:48] C:\Program Files\Avira
    [27/09/2006|11:01] C:\Program Files\Badongo
    [09/09/2006|23:09] C:\Program Files\BitManSoft
    [29/11/2005|11:56] C:\Program Files\Bradbury
    [23/09/2006|19:19] C:\Program Files\CDex_150
    [24/11/2004|02:37] C:\Program Files\ComPlus Applications
    [15/01/2006|17:21] C:\Program Files\DAEMON Tools
    [28/05/2007|15:36] C:\Program Files\Deirdra Kiai Productions
    [21/05/2007|12:39] C:\Program Files\DivX
    [27/01/2008|19:03] C:\Program Files\E.M. Youtube Video Download Tool
    [01/01/2005|20:53] C:\Program Files\Easy Internet signup
    [03/09/2006|12:17] C:\Program Files\Elecard
    [24/10/2008|15:24] C:\Program Files\eMule
    [03/09/2006|12:30] C:\Program Files\ffdshow
    [01/01/2005|21:03] C:\Program Files\Fichiers communs
    [26/12/2006|23:46] C:\Program Files\Free Download Manager
    [04/03/2006|20:36] C:\Program Files\Games
    [27/02/2006|20:07] C:\Program Files\GlobalSCAPE
    [17/10/2008|10:56] C:\Program Files\gnzwuze
    [31/08/2008|18:31] C:\Program Files\Google
    [04/06/2007|14:42] C:\Program Files\Hewlett-Packard
    [29/08/2008|09:28] C:\Program Files\HP
    [01/01/2005|20:48] C:\Program Files\HPQ
    [10/02/2006|23:59] C:\Program Files\IceChat5
    [26/09/2006|13:44] C:\Program Files\Image Grabber II
    [01/01/2005|21:10] C:\Program Files\InstallShield Installation Information
    [01/01/2005|20:24] C:\Program Files\Internet Explorer
    [01/01/2005|21:10] C:\Program Files\InterVideo
    [15/01/2006|18:42] C:\Program Files\Inventel
    [15/01/2006|17:27] C:\Program Files\Inventel(2)
    [01/01/2005|20:44] C:\Program Files\iPod
    [01/01/2005|20:44] C:\Program Files\iTunes
    [16/01/2006|18:19] C:\Program Files\iTunes(2)
    [16/01/2006|18:20] C:\Program Files\iTunes(3)
    [01/01/2005|20:26] C:\Program Files\Java
    [29/08/2008|14:28] C:\Program Files\Lavasoft
    [27/01/2008|19:21] C:\Program Files\lycos
    [30/11/2005|00:04] C:\Program Files\Macromedia(2)
    [17/10/2008|09:56] C:\Program Files\Malwarebytes' Anti-Malware
    [01/01/2005|20:29] C:\Program Files\Messenger
    [08/01/2008|08:50] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [25/11/2004|04:27] C:\Program Files\microsoft frontpage
    [08/02/2006|10:04] C:\Program Files\Microsoft R‚f‚rence
    [15/01/2006|17:27] C:\Program Files\Microsoft R‚f‚rence(2)
    [16/01/2006|18:19] C:\Program Files\Microsoft R‚f‚rence(3)
    [28/09/2006|07:01] C:\Program Files\Morpheus
    [15/01/2006|15:52] C:\Program Files\MotoRacer
    [25/11/2004|04:27] C:\Program Files\Movie Maker
    [29/10/2008|12:47] C:\Program Files\Mozilla Firefox
    [25/11/2004|04:27] C:\Program Files\MSN
    [25/11/2004|04:27] C:\Program Files\MSN Gaming Zone
    [04/10/2007|05:41] C:\Program Files\MSN Messenger
    [26/06/2007|23:31] C:\Program Files\MSXML 4.0
    [05/04/2007|22:40] C:\Program Files\MySpace
    [27/02/2006|17:14] C:\Program Files\MySpeed Personal Edition
    [29/08/2008|16:40] C:\Program Files\NetMeeting
    [09/09/2006|13:12] C:\Program Files\NewLive Rm To Mp3 Converter
    [19/08/2006|15:30] C:\Program Files\Nikon
    [28/05/2007|14:18] C:\Program Files\Oasis
    [25/11/2004|04:27] C:\Program Files\Online Services
    [22/05/2007|16:40] C:\Program Files\OpenOffice.org 2.0
    [29/08/2008|09:04] C:\Program Files\OpenOffice.org 2.4
    [29/09/2006|21:20] C:\Program Files\orange
    [29/08/2008|16:40] C:\Program Files\Outlook Express
    [01/01/2005|20:50] C:\Program Files\PC-Doctor for Windows
    [16/10/2006|16:03] C:\Program Files\Philips
    [01/01/2005|20:44] C:\Program Files\QuickTime
    [16/01/2006|18:19] C:\Program Files\QuickTime(2)
    [09/09/2006|13:18] C:\Program Files\Real
    [28/05/2007|13:08] C:\Program Files\ReflexiveArcade
    [30/05/2006|20:32] C:\Program Files\RegCleaner
    [17/10/2008|11:52] C:\Program Files\SDHelper (Spybot - Search & Destroy)
    [01/01/2005|20:53] C:\Program Files\Services en ligne
    [22/08/2006|22:23] C:\Program Files\Software River Solutions
    [01/01/2005|20:41] C:\Program Files\Sonic
    [22/07/2008|16:12] C:\Program Files\SopCast
    [16/05/2007|18:05] C:\Program Files\Soulseek-Test
    [29/08/2008|14:09] C:\Program Files\Spybot - Search & Destroy
    [25/12/2006|18:32] C:\Program Files\SuperCopier2
    [17/10/2008|11:52] C:\Program Files\TeaTimer (Spybot - Search & Destroy)
    [07/02/2006|20:09] C:\Program Files\Thomson multimedia
    [24/11/2004|02:37] C:\Program Files\Uninstall Information
    [27/09/2006|09:41] C:\Program Files\uTorrent
    [26/12/2006|00:06] C:\Program Files\VideoLAN
    [28/11/2005|10:58] C:\Program Files\Virtual Mechanics
    [27/02/2006|17:19] C:\Program Files\VisualRoute
    [31/08/2008|19:12] C:\Program Files\VSO
    [29/10/2008|12:47] C:\Program Files\Wanadoo
    [29/08/2008|09:08] C:\Program Files\Wanadoo Messager
    [24/10/2007|12:32] C:\Program Files\Winamp
    [06/01/2008|16:07] C:\Program Files\Windows Live
    [29/08/2008|16:40] C:\Program Files\Windows Media Player
    [29/08/2008|16:40] C:\Program Files\Windows NT
    [24/11/2004|02:37] C:\Program Files\WindowsUpdate
    [20/01/2006|15:02] C:\Program Files\WinRAR
    [29/08/2008|10:26] C:\Program Files\WinZip
    [25/11/2004|04:28] C:\Program Files\xerox
    [11/09/2008|13:01] C:\Program Files\XviD
    [15/01/2006|17:24] C:\Program Files\Yahoo!

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [18/04/2006|15:36] C:\Program Files\Fichiers communs\Adobe
    [04/06/2007|14:43] C:\Program Files\Fichiers communs\HP
    [01/01/2005|21:10] C:\Program Files\Fichiers communs\InstallShield
    [01/01/2005|20:26] C:\Program Files\Fichiers communs\Java
    [15/01/2006|17:21] C:\Program Files\Fichiers communs\Macromedia
    [29/11/2005|11:56] C:\Program Files\Fichiers communs\Macromedia
    [25/11/2004|04:26] C:\Program Files\Fichiers communs\Microsoft Shared
    [25/11/2004|04:26] C:\Program Files\Fichiers communs\MSSoap
    [09/07/2006|11:20] C:\Program Files\Fichiers communs\muvee Technologies
    [09/07/2006|11:21] C:\Program Files\Fichiers communs\Nikon
    [25/11/2004|04:26] C:\Program Files\Fichiers communs\ODBC
    [09/09/2006|13:18] C:\Program Files\Fichiers communs\Real
    [29/08/2008|16:40] C:\Program Files\Fichiers communs\Services
    [29/08/2008|09:34] C:\Program Files\Fichiers communs\Sonic Shared
    [25/11/2004|04:26] C:\Program Files\Fichiers communs\SpeechEngines
    [01/01/2005|20:40] C:\Program Files\Fichiers communs\SureThing Shared
    [29/08/2008|09:20] C:\Program Files\Fichiers communs\Symantec Shared
    [25/11/2004|04:27] C:\Program Files\Fichiers communs\System
    [01/01/2005|20:41] C:\Program Files\Fichiers communs\TiVo Shared
    [06/01/2008|16:07] C:\Program Files\Fichiers communs\WindowsLiveInstaller
    [29/08/2008|14:27] C:\Program Files\Fichiers communs\Wise Installation Wizard
    [09/09/2006|13:18] C:\Program Files\Fichiers communs\xing shared

    --------------------\\ Process

    ( 35 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-29 12:51:55
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\COMPAQ~1\Application Data\bang\rsrc\bounties\frontier_town\most_wanted\extreme\crackshot_maude
    C:\DOCUME~1\COMPAQ~1\Application Data\bang\rsrc\bounties\frontier_town\most_wanted\extreme\crackshot_maude\bounty.properties
    C:\DOCUME~1\COMPAQ~1\Application Data\bang\rsrc\bounties\frontier_town\most_wanted\extreme\crackshot_maude\crackshot_maude.png
    C:\DOCUME~1\COMPAQ~1\Application Data\bang\rsrc\bounties\frontier_town\most_wanted\extreme\crackshot_maude\gully.game
    C:\DOCUME~1\COMPAQ~1\Application Data\bang\rsrc\bounties\frontier_town\most_wanted\extreme\crackshot_maude\high_shooter.game
    C:\DOCUME~1\COMPAQ~1\Application Data\bang\rsrc\bounties\frontier_town\most_wanted\extreme\crackshot_maude\keep_em.game

    [F:751][D:253]-> C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
    [F:2489][D:0]-> C:\DOCUME~1\COMPAQ~1\Cookies
    [F:159][D:5]-> C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 29/10/2008|12:19 - Option : [1]
    2 - "C:\Lop SD\LopR_2.txt" - 29/10/2008|12:52 - Option : [2]

    --------------------\\ Fin du rapport a 12:52:55

    et celui d'hijack:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:59:45, on 29/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Google\mupd1_2_1165664.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Compaq_Propriétaire\Bureau\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [asus32] "C:\Documents and Settings\Compaq_Propriétaire\Application Data\Google\mupd1_2_1165664.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    0
  10. LLB
     
    pour supprimer ces trucs je fais comment ?

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\COMPAQ~1\Application Data\bang\rsrc\bounties\frontier_town\most_wanted\extreme\crackshot_maude
    C:\DOCUME~1\COMPAQ~1\Application Data\bang\rsrc\bounties\frontier_town\most_wanted\extreme\crackshot_maude\bounty.properties
    C:\DOCUME~1\COMPAQ~1\Application Data\bang\rsrc\bounties\frontier_town\most_wanted\extreme\crackshot_maude\crackshot_maude.png
    C:\DOCUME~1\COMPAQ~1\Application Data\bang\rsrc\bounties\frontier_town\most_wanted\extreme\crackshot_maude\gully.game
    C:\DOCUME~1\COMPAQ~1\Application Data\bang\rsrc\bounties\frontier_town\most_wanted\extreme\crackshot_maude\high_shooter.game
    C:\DOCUME~1\COMPAQ~1\Application Data\bang\rsrc\bounties\frontier_town\most_wanted\extreme\crackshot_maude\keep_em.game
    0
  11. LLB
     
    c'est bon j'ai supprimer manuellement, j'ai refais les log lop et hijack que je te soumet :) :

    Lop

    --------------------\\ Lop S&D 4.2.4-8 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ )
    BIOS : Phoenix - Award BIOS v6.00PG
    USER : Compaq_Propriétaire ( Administrator )
    BOOT : Normal boot
    Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.27 (Activated)
    C:\ (Local Disk) - NTFS - Total:143 Go (Free:63 Go)
    D:\ (Local Disk) - NTFS - Total:149 Go (Free:1 Go)
    E:\ (Local Disk) - FAT32 - Total:5 Go (Free:2 Go)
    F:\ (CD or DVD)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)
    J:\ (USB)

    "C:\Lop SD" ( MAJ : 27-10-2008|09:15 )
    Option : [1] ( 29/10/2008|13:13 )

    --------------------\\ Listing des dossiers dans APPLIC~1

    [15/01/2006|17:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

    [27/05/2006|22:49] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Microsoft

    [27/05/2006|22:49] C:\DOCUME~1\ADMINI~1.000\APPLIC~1\Microsoft

    [27/05/2006|22:47] C:\DOCUME~1\ADMINI~1.001\APPLIC~1\Microsoft

    [27/05/2006|22:41] C:\DOCUME~1\ADMINI~1.002\APPLIC~1\Microsoft

    [28/05/2006|11:49] C:\DOCUME~1\ADMINI~1.003\APPLIC~1\Microsoft

    [28/05/2006|11:32] C:\DOCUME~1\ADMINI~1.004\APPLIC~1\Microsoft

    [27/05/2006|21:33] C:\DOCUME~1\ADMINI~1.005\APPLIC~1\Microsoft

    [27/05/2006|12:30] C:\DOCUME~1\ADMINI~1.006\APPLIC~1\Macromedia
    [27/05/2006|20:14] C:\DOCUME~1\ADMINI~1.006\APPLIC~1\Microsoft

    [28/05/2006|10:52] C:\DOCUME~1\ADMINI~1.007\APPLIC~1\Microsoft

    [01/01/2005|20:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [01/01/2005|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [29/08/2008|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    [09/07/2006|11:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EnterNHelp
    [04/06/2007|14:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
    [01/01/2005|20:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    [17/10/2008|10:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\jwbwhmvw
    [29/08/2008|14:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    [30/11/2005|00:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macromedia
    [18/08/2008|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [01/01/2005|20:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [09/07/2006|11:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies
    [01/01/2005|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    [01/01/2005|20:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [04/06/2007|14:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
    [25/12/2006|22:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [29/08/2008|13:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [09/07/2006|11:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ultima_T15
    [27/06/2007|09:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [14/05/2008|18:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    [15/01/2006|17:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

    [05/04/2007|22:40] C:\DOCUME~1\APPLIC~1\APPLIC~1\Microsoft

    [05/04/2007|22:40] C:\DOCUME~1\COMPAQ~2\APPLIC~1\Microsoft

    [30/11/2005|13:53] C:\DOCUME~1\COMPAQ~3\APPLIC~1\Macromedia
    [05/04/2007|22:40] C:\DOCUME~1\COMPAQ~3\APPLIC~1\Microsoft

    [29/10/2008|10:44] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Adobe
    [29/10/2008|10:44] C:\DOCUME~1\COMPAQ~1\APPLIC~1\AdobeUM
    [29/10/2008|10:44] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Apple Computer
    [29/10/2008|10:44] C:\DOCUME~1\COMPAQ~1\APPLIC~1\ArcSoft
    [29/10/2008|10:44] C:\DOCUME~1\COMPAQ~1\APPLIC~1\bang
    [25/12/2006|23:31] C:\DOCUME~1\COMPAQ~1\APPLIC~1\DivX
    [03/10/2007|17:45] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Free Download Manager
    [27/11/2005|21:12] C:\DOCUME~1\COMPAQ~1\APPLIC~1\GlobalSCAPE
    [29/10/2008|10:43] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Google
    [17/01/2006|12:16] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Help
    [04/06/2007|14:45] C:\DOCUME~1\COMPAQ~1\APPLIC~1\HP
    [29/08/2008|08:54] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Identities
    [31/10/2005|19:30] C:\DOCUME~1\COMPAQ~1\APPLIC~1\InterVideo
    [27/01/2008|20:04] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Lavasoft
    [12/11/2005|20:25] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Leadertech
    [24/02/2006|14:28] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Macromedia
    [18/08/2008|11:57] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Malwarebytes
    [29/08/2008|08:54] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Microsoft
    [28/05/2007|13:09] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Mind Control Software
    [17/01/2006|11:29] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Morpheus(2)
    [26/08/2008|16:28] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Mozilla
    [06/02/2006|22:15] C:\DOCUME~1\COMPAQ~1\APPLIC~1\MSNInstaller
    [09/07/2006|11:31] C:\DOCUME~1\COMPAQ~1\APPLIC~1\muvee Technologies
    [05/04/2007|22:40] C:\DOCUME~1\COMPAQ~1\APPLIC~1\MySpace
    [09/07/2006|11:20] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Nikon
    [29/10/2008|12:46] C:\DOCUME~1\COMPAQ~1\APPLIC~1\OpenOffice.org2
    [28/05/2007|13:09] C:\DOCUME~1\COMPAQ~1\APPLIC~1\PlayFirst
    [09/09/2006|13:19] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Real
    [01/01/2005|20:55] C:\DOCUME~1\COMPAQ~1\APPLIC~1\SampleView
    [02/03/2007|11:28] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Skype
    [12/11/2005|20:26] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Sonic
    [24/11/2005|11:37] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Sun
    [16/07/2008|19:38] C:\DOCUME~1\COMPAQ~1\APPLIC~1\U3
    [23/10/2008|16:27] C:\DOCUME~1\COMPAQ~1\APPLIC~1\uTorrent
    [26/12/2006|00:09] C:\DOCUME~1\COMPAQ~1\APPLIC~1\vlc
    [17/10/2008|13:24] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Vso

    [01/01/2005|20:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
    [25/11/2004|04:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [01/01/2005|21:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [01/01/2005|20:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
    [01/01/2005|21:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

    [17/10/2008|08:27] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [01/01/2005|20:17] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [29/10/2008 12:46][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [05/08/2004 19:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [29/08/2006|07:45] C:\Program Files\Acoustica Audio Converter Pro
    [01/01/2005|20:43] C:\Program Files\Adobe
    [29/05/2006|22:33] C:\Program Files\Alwil Software
    [31/05/2007|22:27] C:\Program Files\Apple Software Update
    [09/07/2006|11:19] C:\Program Files\ArcSoft
    [26/12/2006|11:27] C:\Program Files\AsfTools 3.1
    [01/01/2005|21:10] C:\Program Files\ATI Technologies
    [19/03/2006|15:12] C:\Program Files\Audacity
    [29/08/2008|09:48] C:\Program Files\Avira
    [27/09/2006|11:01] C:\Program Files\Badongo
    [09/09/2006|23:09] C:\Program Files\BitManSoft
    [29/11/2005|11:56] C:\Program Files\Bradbury
    [23/09/2006|19:19] C:\Program Files\CDex_150
    [24/11/2004|02:37] C:\Program Files\ComPlus Applications
    [15/01/2006|17:21] C:\Program Files\DAEMON Tools
    [28/05/2007|15:36] C:\Program Files\Deirdra Kiai Productions
    [21/05/2007|12:39] C:\Program Files\DivX
    [27/01/2008|19:03] C:\Program Files\E.M. Youtube Video Download Tool
    [01/01/2005|20:53] C:\Program Files\Easy Internet signup
    [03/09/2006|12:17] C:\Program Files\Elecard
    [24/10/2008|15:24] C:\Program Files\eMule
    [03/09/2006|12:30] C:\Program Files\ffdshow
    [01/01/2005|21:03] C:\Program Files\Fichiers communs
    [26/12/2006|23:46] C:\Program Files\Free Download Manager
    [04/03/2006|20:36] C:\Program Files\Games
    [27/02/2006|20:07] C:\Program Files\GlobalSCAPE
    [17/10/2008|10:56] C:\Program Files\gnzwuze
    [31/08/2008|18:31] C:\Program Files\Google
    [04/06/2007|14:42] C:\Program Files\Hewlett-Packard
    [29/08/2008|09:28] C:\Program Files\HP
    [01/01/2005|20:48] C:\Program Files\HPQ
    [10/02/2006|23:59] C:\Program Files\IceChat5
    [26/09/2006|13:44] C:\Program Files\Image Grabber II
    [01/01/2005|21:10] C:\Program Files\InstallShield Installation Information
    [01/01/2005|20:24] C:\Program Files\Internet Explorer
    [01/01/2005|21:10] C:\Program Files\InterVideo
    [15/01/2006|18:42] C:\Program Files\Inventel
    [15/01/2006|17:27] C:\Program Files\Inventel(2)
    [01/01/2005|20:44] C:\Program Files\iPod
    [01/01/2005|20:44] C:\Program Files\iTunes
    [16/01/2006|18:19] C:\Program Files\iTunes(2)
    [16/01/2006|18:20] C:\Program Files\iTunes(3)
    [01/01/2005|20:26] C:\Program Files\Java
    [29/08/2008|14:28] C:\Program Files\Lavasoft
    [27/01/2008|19:21] C:\Program Files\lycos
    [30/11/2005|00:04] C:\Program Files\Macromedia(2)
    [17/10/2008|09:56] C:\Program Files\Malwarebytes' Anti-Malware
    [01/01/2005|20:29] C:\Program Files\Messenger
    [08/01/2008|08:50] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [25/11/2004|04:27] C:\Program Files\microsoft frontpage
    [08/02/2006|10:04] C:\Program Files\Microsoft R‚f‚rence
    [15/01/2006|17:27] C:\Program Files\Microsoft R‚f‚rence(2)
    [16/01/2006|18:19] C:\Program Files\Microsoft R‚f‚rence(3)
    [28/09/2006|07:01] C:\Program Files\Morpheus
    [15/01/2006|15:52] C:\Program Files\MotoRacer
    [25/11/2004|04:27] C:\Program Files\Movie Maker
    [29/10/2008|12:47] C:\Program Files\Mozilla Firefox
    [25/11/2004|04:27] C:\Program Files\MSN
    [25/11/2004|04:27] C:\Program Files\MSN Gaming Zone
    [04/10/2007|05:41] C:\Program Files\MSN Messenger
    [26/06/2007|23:31] C:\Program Files\MSXML 4.0
    [05/04/2007|22:40] C:\Program Files\MySpace
    [27/02/2006|17:14] C:\Program Files\MySpeed Personal Edition
    [29/08/2008|16:40] C:\Program Files\NetMeeting
    [09/09/2006|13:12] C:\Program Files\NewLive Rm To Mp3 Converter
    [19/08/2006|15:30] C:\Program Files\Nikon
    [28/05/2007|14:18] C:\Program Files\Oasis
    [25/11/2004|04:27] C:\Program Files\Online Services
    [22/05/2007|16:40] C:\Program Files\OpenOffice.org 2.0
    [29/08/2008|09:04] C:\Program Files\OpenOffice.org 2.4
    [29/09/2006|21:20] C:\Program Files\orange
    [29/08/2008|16:40] C:\Program Files\Outlook Express
    [01/01/2005|20:50] C:\Program Files\PC-Doctor for Windows
    [16/10/2006|16:03] C:\Program Files\Philips
    [01/01/2005|20:44] C:\Program Files\QuickTime
    [16/01/2006|18:19] C:\Program Files\QuickTime(2)
    [09/09/2006|13:18] C:\Program Files\Real
    [28/05/2007|13:08] C:\Program Files\ReflexiveArcade
    [30/05/2006|20:32] C:\Program Files\RegCleaner
    [17/10/2008|11:52] C:\Program Files\SDHelper (Spybot - Search & Destroy)
    [01/01/2005|20:53] C:\Program Files\Services en ligne
    [22/08/2006|22:23] C:\Program Files\Software River Solutions
    [01/01/2005|20:41] C:\Program Files\Sonic
    [22/07/2008|16:12] C:\Program Files\SopCast
    [16/05/2007|18:05] C:\Program Files\Soulseek-Test
    [29/08/2008|14:09] C:\Program Files\Spybot - Search & Destroy
    [25/12/2006|18:32] C:\Program Files\SuperCopier2
    [17/10/2008|11:52] C:\Program Files\TeaTimer (Spybot - Search & Destroy)
    [07/02/2006|20:09] C:\Program Files\Thomson multimedia
    [24/11/2004|02:37] C:\Program Files\Uninstall Information
    [27/09/2006|09:41] C:\Program Files\uTorrent
    [26/12/2006|00:06] C:\Program Files\VideoLAN
    [28/11/2005|10:58] C:\Program Files\Virtual Mechanics
    [27/02/2006|17:19] C:\Program Files\VisualRoute
    [31/08/2008|19:12] C:\Program Files\VSO
    [29/10/2008|12:47] C:\Program Files\Wanadoo
    [29/08/2008|09:08] C:\Program Files\Wanadoo Messager
    [24/10/2007|12:32] C:\Program Files\Winamp
    [06/01/2008|16:07] C:\Program Files\Windows Live
    [29/08/2008|16:40] C:\Program Files\Windows Media Player
    [29/08/2008|16:40] C:\Program Files\Windows NT
    [24/11/2004|02:37] C:\Program Files\WindowsUpdate
    [20/01/2006|15:02] C:\Program Files\WinRAR
    [29/08/2008|10:26] C:\Program Files\WinZip
    [25/11/2004|04:28] C:\Program Files\xerox
    [11/09/2008|13:01] C:\Program Files\XviD
    [15/01/2006|17:24] C:\Program Files\Yahoo!

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [18/04/2006|15:36] C:\Program Files\Fichiers communs\Adobe
    [04/06/2007|14:43] C:\Program Files\Fichiers communs\HP
    [01/01/2005|21:10] C:\Program Files\Fichiers communs\InstallShield
    [01/01/2005|20:26] C:\Program Files\Fichiers communs\Java
    [15/01/2006|17:21] C:\Program Files\Fichiers communs\Macromedia
    [29/11/2005|11:56] C:\Program Files\Fichiers communs\Macromedia
    [25/11/2004|04:26] C:\Program Files\Fichiers communs\Microsoft Shared
    [25/11/2004|04:26] C:\Program Files\Fichiers communs\MSSoap
    [09/07/2006|11:20] C:\Program Files\Fichiers communs\muvee Technologies
    [09/07/2006|11:21] C:\Program Files\Fichiers communs\Nikon
    [25/11/2004|04:26] C:\Program Files\Fichiers communs\ODBC
    [09/09/2006|13:18] C:\Program Files\Fichiers communs\Real
    [29/08/2008|16:40] C:\Program Files\Fichiers communs\Services
    [29/08/2008|09:34] C:\Program Files\Fichiers communs\Sonic Shared
    [25/11/2004|04:26] C:\Program Files\Fichiers communs\SpeechEngines
    [01/01/2005|20:40] C:\Program Files\Fichiers communs\SureThing Shared
    [29/08/2008|09:20] C:\Program Files\Fichiers communs\Symantec Shared
    [25/11/2004|04:27] C:\Program Files\Fichiers communs\System
    [01/01/2005|20:41] C:\Program Files\Fichiers communs\TiVo Shared
    [06/01/2008|16:07] C:\Program Files\Fichiers communs\WindowsLiveInstaller
    [29/08/2008|14:27] C:\Program Files\Fichiers communs\Wise Installation Wizard
    [09/09/2006|13:18] C:\Program Files\Fichiers communs\xing shared

    --------------------\\ Process

    ( 33 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-29 13:15:03
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    [F:751][D:253]-> C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
    [F:2489][D:0]-> C:\DOCUME~1\COMPAQ~1\Cookies
    [F:159][D:5]-> C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 29/10/2008|12:19 - Option : [1]
    2 - "C:\Lop SD\LopR_2.txt" - 29/10/2008|12:52 - Option : [2]
    3 - "C:\Lop SD\LopR_3.txt" - 29/10/2008|13:15 - Option : [1]

    --------------------\\ Fin du rapport a 13:15:33

    hijack

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:14:05, on 29/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Google\mupd1_2_1165664.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Documents and Settings\Compaq_Propriétaire\Bureau\HiJackThis.exe
    C:\WINDOWS\system32\cmd.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [asus32] "C:\Documents and Settings\Compaq_Propriétaire\Application Data\Google\mupd1_2_1165664.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    0
  12. LLB
     
    mon trojan est toujours là, quelqu'un pour m'indiquer la suite des opérations ?
    merci :)
    0
  13. LLB
     
    me revoila,

    effectivement je comprend que ça t'ai pris du temps, j'ai eu du mal à lancer le mode sans echec mais j'ai réussi :)
    j'ai pu effacer le fichier dont tu parlais, je me suis dit que c'était normal de pas le retrouver dans hijack par contre dans les éléments à décocher le S-1-5-19 n'y était pas.

    voila le log hijack:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:23:53, on 29/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Compaq_Propriétaire\Bureau\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    0
  14. evasion60/PCA Messages postés 827 Statut Contributeur sécurité 92
     
    Bonsoir LLB

    ... Bien joué pour le PCA.reg ;))
    Tjrs en difficulté avec cette machine ?

    ...Fait ce scan en ligne : https://www.bitdefender.fr/
    Pas d'installation, mais juste utiliser la fonction : scanner

    Tuto en image : https://forum.pcastuces.com/default.asp

    Poste moi son rapport / STP
    Bonne réception, et à te lire
    0
  15. LLB
     
    bon app à toi et bonne soirée :) ,

    le trojan semble avoir été éradiqué, je n'ai pas revu le message d'alerte du pare-feu depuis , par contre pendant le scan de bitdefender , Antivir a détecté TR/Trash.Gen' [trojan] dans C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP11\A0007190.exe' et lui a refusé l'accès.

    le rapport bit defender:

    BitDefender Online Scanner

    Rapport d'analyse généré à: Wed, Oct 29, 2008 - 19:27:05

    Voie d'analyse: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;

    Statistiques

    Temps
    00:31:04

    Fichiers
    104928

    Directoires
    9243

    Secteurs de boot
    0

    Archives
    2261

    Paquets programmes
    8140

    Résultats

    Virus identifiés
    1

    Fichiers infectés
    1

    Fichiers suspects
    0

    Avertissements
    0

    Désinfectés
    0

    Fichiers effacés
    1

    Info sur les moteurs

    Définition virus
    1979338

    Version des moteurs
    AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

    Analyse des plugins
    16

    Archive des plugins
    43

    Unpack des plugins
    7

    E-mail plugins
    6

    Système plugins
    4

    Paramètres d'analyse

    Première action
    Désinfecté

    Seconde Action
    Supprimé

    Heuristique
    Oui

    Acceptez les avertissements
    Oui

    Extensions analysées
    exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

    Excludez les extensions

    Analyse d'emails
    Oui

    Analyse des Archives
    Oui

    Analyser paquets programmes
    Oui

    Analyse des fichiers
    Oui

    Analyse de boot
    Oui

    Fichier analysé
    Statut

    C:\WINDOWS\Downloaded Program Files\installer2.dll
    Détecté avec: Adware.Clickmedia.A

    C:\WINDOWS\Downloaded Program Files\installer2.dll
    Supprimé
    0
  16. LLB
     
    y a eu un ti bug dans le message précédent on dirait :D

    je disais:
    pendant le scan bit defender, mon antivirus antivir a répéré
    TR/Trash.Gen' [trojan] situé dans :
    'C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP11\A0007190.exe'
    0
  17. evasion60/PCA Messages postés 827 Statut Contributeur sécurité 92
     
    Re, bonsoir

    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\R­P11\A0007190.exe'

    ... ceci n'est pas grave et attendu !! ( une partie de l'infection est tjrs présente dans la restauration système de Windows )

    ... Si la machine se comporte bien, nous allons créer un nouveau point de restauration // OK

    Pour désactiver le système de Restauration :

    démarrer-----------panneau de configuration------------système----------
    onglet Restauration système-----------coche la case (Désactiver la restauration système)--------------

    Arreter / Redémarrer l'ordinateur

    Recoche ( Activer la restauration système )

    Bonne réception, et à te lire
    0
  18. LLB
     
    curieux la manip n'a pas crée de point de restauration, pourtant je me souviens avoir déjà réusi à en créer un de la même manière.

    je réessaierais demain
    0
    1. evasion60/PCA Messages postés 827 Statut Contributeur sécurité 92
       
      Re / OK

      A demain
      Bonne fin de soirée
      0
  19. LLB
     
    je comprends pas j'arrive pas à créér un point de restauration

    est-ce que tout est normal dans ce log hijack ?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:53:48, on 29/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Compaq_Propriétaire\Bureau\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/...
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/...
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\RunOnce: [KB926239] rundll32.exe apphelp.dll,ShimFlushCache
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    0
  20. LLB
     
    tout semble nickel,

    Malwarebytes' Anti-Malware 1.30
    Version de la base de données: 1338
    Windows 5.1.2600 Service Pack 2

    30/10/2008 12:05:07
    mbam-log-2008-10-30 (12-05-07).txt

    Type de recherche: Examen rapide
    Eléments examinés: 34494
    Temps écoulé: 3 minute(s), 51 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  • 1
  • 2