Virue

Résolu
girafe25 -  
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
Bonjour,
Je suis infecter et n'arrive pas à localiser le virus, pouvez vous m'aider SVP
Rapport HIJACKTHIS :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:27, on 11/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\xxx1047.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\dllhost.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~tmpd.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~tmpc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\xxx1047.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.cg14.fr/sig/mg65ctrl_windows_activex_ie.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://familybelinda.spaces.live.com/PhotoUpload/MsnPUpld.cab
O20 - Winlogon Notify: jkkJyyaa - jkkJyyaa.dll (file missing)
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media WMPNetworkSvcupnphost (WMPNetworkSvcupnphost) - Unknown owner - C:\WINDOWS\

--
End of file - 11035 bytes

Je vous remercie par avance de l'aide que vous voudrez bien m'apporter

Cordialement
Configuration: Windows XP
Firefox 3.0.3

18 réponses

  1. douchka66 Messages postés 1693 Date d'inscription   Statut Membre Dernière intervention   48
     
    bonjour
    tu fais un scan complet avec malwarebytes affiche le rapport et ensuite ccleaner ok
    0
    1. girafe25
       
      Bonjour
      Je vous remercie de votre réponse voici le rapport de Malwarebyte

      Malwarebytes' Anti-Malware 1.18
      Version de la base de données: 895

      11:29:52 11/11/2008
      mbam-log-11-11-2008 (11-29-52).txt

      Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
      Eléments examinés: 155014
      Temps écoulé: 51 minute(s), 41 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)
      0
  2. girafe25
     
    Voici le rapport

    Malwarebytes' Anti-Malware 1.18
    Version de la base de données: 895

    11:29:52 11/11/2008
    mbam-log-11-11-2008 (11-29-52).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
    Eléments examinés: 155014
    Temps écoulé: 51 minute(s), 41 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  3. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Salut !!

    Malwarebytes n est pas à jour... On est à la version 1.30

    Fais une mise à jour de malwarebytes mais ne relance pas tout dessuite une analyse...

    Fais ceci stp :

    ▶ Télécharger et enregistrer lopSD sur le Bureau

    ▶ Double-clic Lop S&D

    ▶ Faire l'installation

    ▶ Fermer toutes les applications

    ▶ Le lancer par un double-clic sur le raccourci qui est sur le bureau
    Avec VISTA => clic-droit et => Exécuter en tant qu'administrateur

    ▶ Taper F pour français , puis presser entrée

    ▶ Taper 1

    ▶ Presser Entrée

    ▶ Le PC va redémarrer
    Note= si l'antivirus annonce une infection dans TEMP , l'ignorer

    ▶ Attendre l'apparition du rapport
    ▶ Copier le rapport et le coller dans la réponse
    le rapport se trouve aussi à C:\lopR
    0
  4. girafe25
     
    Rapport :

    --------------------\\ Lop S&D 4.2.4-9c XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3400+ )
    BIOS : Phoenix - Award BIOS v6.00PG
    USER : HP_Administrateur ( Administrator )
    BOOT : Normal boot
    Antivirus : avast! antivirus 4.8.1229 [VPS 081110-1] 4.8.1229 (Activated)
    C:\ (Local Disk) - NTFS - Total:179 Go (Free:48 Go)
    D:\ (Local Disk) - FAT32 - Total:6 Go (Free:1 Go)
    E:\ (Local Disk) - FAT32 - Total:37 Go (Free:13 Go)
    F:\ (CD or DVD)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)
    J:\ (USB)

    "C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
    Option : [1] ( 11/11/2008|11:41 )

    --------------------\\ Listing des dossiers dans APPLIC~1

    [18/10/2005|19:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
    [03/01/2005|06:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
    [03/01/2005|05:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
    [03/01/2005|05:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

    [26/08/2008|09:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [25/05/2006|10:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe(2)
    [05/05/2006|10:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
    [05/12/2007|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
    [09/11/2007|15:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
    [07/05/2007|14:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
    [29/12/2007|15:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [26/05/2008|17:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
    [09/06/2007|07:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [03/01/2005|05:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
    [08/11/2008|15:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
    [03/01/2005|05:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    [27/06/2008|15:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    [17/04/2008|20:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
    [17/04/2008|19:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
    [09/11/2007|16:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macromedia
    [26/06/2008|15:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [14/08/2007|19:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [29/03/2006|12:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies
    [26/03/2007|21:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
    [01/04/2006|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Otto
    [27/03/2006|11:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    [03/01/2005|05:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [18/08/2007|05:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\second regs grim software
    [28/06/2008|00:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns
    [03/01/2005|05:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
    [11/11/2008|09:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [21/03/2006|19:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    [11/06/2008|07:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [20/03/2006|19:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    [26/07/2006|16:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [05/07/2007|06:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
    [05/07/2007|06:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    [22/05/2006|18:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

    [18/10/2005|19:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [14/10/2007|17:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
    [03/01/2005|06:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [03/01/2005|05:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
    [03/01/2005|05:53] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

    [07/05/2007|14:47] C:\DOCUME~1\HP_ADM~1\APPLIC~1\acccore
    [11/04/2008|08:49] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Adobe
    [23/04/2007|10:42] C:\DOCUME~1\HP_ADM~1\APPLIC~1\AdobeUM
    [13/01/2007|20:12] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Ahead
    [01/10/2007|09:54] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Anuman Interactive
    [05/12/2007|11:56] C:\DOCUME~1\HP_ADM~1\APPLIC~1\AOL
    [29/12/2007|17:48] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Apple Computer
    [15/06/2007|15:38] C:\DOCUME~1\HP_ADM~1\APPLIC~1\BitDownload
    [14/09/2008|15:41] C:\DOCUME~1\HP_ADM~1\APPLIC~1\dvdcss
    [31/03/2006|15:20] C:\DOCUME~1\HP_ADM~1\APPLIC~1\eConf
    [14/08/2007|14:30] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Google
    [31/03/2006|13:46] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Help
    [09/09/2006|12:34] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Hemera
    [08/04/2006|17:03] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Hewlett-Packard
    [31/03/2006|12:59] C:\DOCUME~1\HP_ADM~1\APPLIC~1\HP
    [21/03/2006|17:22] C:\DOCUME~1\HP_ADM~1\APPLIC~1\HPQ
    [18/10/2005|19:24] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Identities
    [18/08/2007|13:48] C:\DOCUME~1\HP_ADM~1\APPLIC~1\IE7Pro
    [26/03/2006|10:33] C:\DOCUME~1\HP_ADM~1\APPLIC~1\InterVideo
    [02/04/2006|11:05] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Lavasoft
    [21/03/2006|18:54] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Leadertech
    [08/12/2007|13:13] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Logitech
    [20/03/2006|19:13] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Macromedia
    [26/06/2008|15:30] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Malwarebytes
    [23/10/2008|17:53] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Microsoft
    [29/07/2008|09:01] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Mozilla
    [31/03/2006|15:00] C:\DOCUME~1\HP_ADM~1\APPLIC~1\MSNInstaller
    [06/07/2007|10:12] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Musicmatch
    [29/10/2006|12:20] C:\DOCUME~1\HP_ADM~1\APPLIC~1\muvee Technologies
    [01/04/2006|10:53] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Otto
    [11/02/2007|10:36] C:\DOCUME~1\HP_ADM~1\APPLIC~1\PC Tools
    [03/01/2005|05:31] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Real
    [21/03/2006|18:54] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Sonic
    [26/03/2006|20:45] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Sun
    [21/03/2006|09:47] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Symantec
    [31/03/2006|13:00] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Template
    [02/06/2008|19:55] C:\DOCUME~1\HP_ADM~1\APPLIC~1\TmpRecentIcons
    [29/07/2008|09:01] C:\DOCUME~1\HP_ADM~1\APPLIC~1\TomTom
    [02/12/2006|20:09] C:\DOCUME~1\HP_ADM~1\APPLIC~1\vlc
    [09/01/2007|12:14] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Vso
    [20/03/2006|19:21] C:\DOCUME~1\HP_ADM~1\APPLIC~1\You've Got Pictures Screensaver

    [10/02/2007|12:23] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
    [03/01/2005|04:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [02/06/2008|15:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla

    [03/01/2005|04:55] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [08/06/2007 06:47][--ah-----] C:\WINDOWS\tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job
    [11/11/2008 09:03][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [10/08/2004 20:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [26/08/2008|09:59] C:\Program Files\Adobe
    [09/06/2007|07:11] C:\Program Files\Ahead
    [26/06/2008|16:00] C:\Program Files\Alwil Software
    [01/10/2007|09:51] C:\Program Files\Anuman Interactive
    [07/07/2008|11:01] C:\Program Files\a-squared Free
    [15/10/2006|16:38] C:\Program Files\AviSynth 2.5
    [11/11/2008|09:20] C:\Program Files\AxBx
    [05/08/2007|23:46] C:\Program Files\BitDownload
    [05/06/2008|16:40] C:\Program Files\BitTorrent Fastest Tool
    [28/06/2008|01:00] C:\Program Files\CCleaner
    [25/07/2008|10:30] C:\Program Files\DD PlayCam
    [09/06/2007|07:11] C:\Program Files\DivX
    [11/11/2008|09:04] C:\Program Files\eMule
    [29/05/2007|19:46] C:\Program Files\EZFace
    [15/10/2006|16:30] C:\Program Files\ffdshow
    [25/07/2008|10:43] C:\Program Files\Fichiers communs
    [04/06/2007|07:42] C:\Program Files\FrenchOtto
    [04/06/2007|07:42] C:\Program Files\GemMasterFrench
    [22/10/2007|08:09] C:\Program Files\Google
    [22/08/2008|04:41] C:\Program Files\Hewlett-Packard
    [22/08/2008|04:41] C:\Program Files\HP
    [18/08/2007|13:48] C:\Program Files\IE7Pro
    [28/10/2008|11:34] C:\Program Files\InstallShield Installation Information
    [28/10/2008|11:26] C:\Program Files\Internet Explorer
    [03/01/2005|05:33] C:\Program Files\InterVideo
    [07/10/2007|09:59] C:\Program Files\Java
    [27/06/2008|15:57] C:\Program Files\Lavasoft
    [20/03/2006|19:21] C:\Program Files\Learn2.com
    [06/04/2007|14:34] C:\Program Files\LHSP
    [08/12/2007|13:10] C:\Program Files\Logitech
    [25/07/2008|10:43] C:\Program Files\Look 312P
    [03/01/2005|05:17] C:\Program Files\MainConcept
    [26/06/2008|15:30] C:\Program Files\Malwarebytes' Anti-Malware
    [30/04/2006|11:30] C:\Program Files\McAfee.com
    [08/09/2008|11:12] C:\Program Files\Messenger
    [08/09/2007|07:59] C:\Program Files\MGI
    [26/10/2008|17:49] C:\Program Files\Micro Application
    [24/09/2007|11:19] C:\Program Files\Microsoft AutoRoute
    [05/07/2007|13:41] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [18/10/2005|19:27] C:\Program Files\microsoft frontpage
    [21/03/2006|17:57] C:\Program Files\Microsoft Money
    [21/03/2006|17:56] C:\Program Files\Microsoft Office
    [04/06/2007|07:42] C:\Program Files\Microsoft Picture It! 7
    [02/04/2007|09:35] C:\Program Files\Microsoft Sites publics fran‡ais
    [04/06/2007|07:42] C:\Program Files\Microsoft Works
    [21/03/2006|17:49] C:\Program Files\Microsoft Works Suite 2003
    [08/09/2008|10:52] C:\Program Files\Movie Maker
    [11/11/2008|11:38] C:\Program Files\Mozilla Firefox
    [30/04/2006|10:53] C:\Program Files\MP3Gain
    [08/09/2008|10:52] C:\Program Files\MSN
    [08/04/2006|17:03] C:\Program Files\MSN Apps
    [18/10/2005|19:27] C:\Program Files\MSN Gaming Zone
    [12/09/2008|14:31] C:\Program Files\MSN Messenger
    [16/08/2007|08:04] C:\Program Files\MSXML 4.0
    [06/07/2007|11:22] C:\Program Files\MUSICMATCH
    [03/01/2005|05:38] C:\Program Files\muvee Technologies
    [28/06/2008|00:21] C:\Program Files\Navilog1
    [03/01/2007|18:01] C:\Program Files\NeoDivx Suite
    [13/01/2007|20:11] C:\Program Files\Nero
    [09/08/2007|21:24] C:\Program Files\Nero 7.0.1.2 Premium
    [08/09/2008|10:47] C:\Program Files\NetMeeting
    [10/04/2008|10:58] C:\Program Files\Orange
    [08/09/2008|10:47] C:\Program Files\Outlook Express
    [04/06/2007|07:42] C:\Program Files\PC-Doctor 5 for Windows
    [20/01/2007|11:12] C:\Program Files\PhotoFiltre
    [03/06/2007|10:18] C:\Program Files\Player Tool
    [19/11/2006|10:30] C:\Program Files\QuickZip4
    [03/01/2005|05:30] C:\Program Files\Real
    [10/04/2008|10:45] C:\Program Files\SAGEM
    [10/04/2008|10:40] C:\Program Files\Securitoo
    [03/01/2005|05:48] C:\Program Files\Services en ligne
    [09/06/2007|07:15] C:\Program Files\Sonic
    [10/06/2008|07:57] C:\Program Files\Spybot - Search & Destroy
    [11/06/2008|02:15] C:\Program Files\Spyware Doctor
    [13/06/2007|09:03] C:\Program Files\TomTom DesktopSuite
    [29/07/2008|09:01] C:\Program Files\TomTom HOME
    [29/07/2008|09:01] C:\Program Files\TomTom HOME 2
    [26/06/2008|15:09] C:\Program Files\Trend Micro
    [02/12/2006|20:04] C:\Program Files\VideoLAN
    [20/03/2006|19:21] C:\Program Files\Viewpoint
    [29/12/2006|16:06] C:\Program Files\WinASPI
    [28/06/2008|00:39] C:\Program Files\Windows Live
    [04/06/2007|07:42] C:\Program Files\Windows Media Connect 2
    [26/05/2008|17:39] C:\Program Files\Windows Media Player
    [08/09/2008|10:47] C:\Program Files\Windows NT
    [18/10/2005|19:28] C:\Program Files\Windows Plus
    [06/01/2007|12:23] C:\Program Files\WMV9_VCM
    [18/10/2005|19:28] C:\Program Files\xerox

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [26/08/2008|09:57] C:\Program Files\Fichiers communs\Adobe
    [13/01/2007|20:13] C:\Program Files\Fichiers communs\Ahead
    [05/12/2007|12:00] C:\Program Files\Fichiers communs\AOL
    [20/03/2006|19:22] C:\Program Files\Fichiers communs\aolback
    [21/03/2006|17:53] C:\Program Files\Fichiers communs\Designer
    [10/04/2008|10:54] C:\Program Files\Fichiers communs\France Telecom
    [03/01/2005|05:21] C:\Program Files\Fichiers communs\Hewlett-Packard
    [03/01/2005|05:22] C:\Program Files\Fichiers communs\HP
    [09/06/2007|07:22] C:\Program Files\Fichiers communs\InstallShield
    [03/01/2005|05:34] C:\Program Files\Fichiers communs\InterVideo
    [03/01/2005|05:07] C:\Program Files\Fichiers communs\Java
    [15/05/2008|17:18] C:\Program Files\Fichiers communs\Logishrd
    [17/04/2008|19:44] C:\Program Files\Fichiers communs\Logitech
    [25/07/2008|10:43] C:\Program Files\Fichiers communs\Look312P
    [08/09/2007|07:59] C:\Program Files\Fichiers communs\MGI Shared
    [22/10/2008|16:38] C:\Program Files\Fichiers communs\Micro Application Shared
    [29/12/2007|15:32] C:\Program Files\Fichiers communs\Microsoft Shared
    [18/10/2005|19:26] C:\Program Files\Fichiers communs\MSSoap
    [03/01/2005|05:38] C:\Program Files\Fichiers communs\muvee Technologies
    [20/03/2006|19:21] C:\Program Files\Fichiers communs\Nullsoft
    [16/07/2007|08:25] C:\Program Files\Fichiers communs\ODBC
    [18/04/2008|11:34] C:\Program Files\Fichiers communs\Real
    [21/03/2006|20:04] C:\Program Files\Fichiers communs\Scanner
    [01/02/2005|09:23] C:\Program Files\Fichiers communs\Services
    [09/06/2007|07:23] C:\Program Files\Fichiers communs\Sonic Shared
    [18/10/2005|19:26] C:\Program Files\Fichiers communs\SpeechEngines
    [08/09/2008|10:47] C:\Program Files\Fichiers communs\System
    [18/04/2008|11:35] C:\Program Files\Fichiers communs\xing shared

    --------------------\\ Process

    ( 68 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\second regs grim software
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns
    C:\DOCUME~1\HP_ADM~1\APPLIC~1\Bitdownload
    C:\DOCUME~1\HP_ADM~1\APPLIC~1\BitDownload
    C:\DOCUME~1\HP_ADM~1\APPLIC~1\BitDownload\Data
    C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\BitDownload
    C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\BitDownload\BitDownload.lnk
    C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\BitDownload\Uninstall BitDownload.lnk
    C:\Program Files\BitDownload
    C:\Program Files\BitDownload\BitDownload.TRC
    C:\Program Files\BitDownload\BitDownload_1.TRC
    C:\Program Files\BitDownload\settings.ini
    C:\Program Files\BitDownload\settings.stp
    C:\Program Files\BitDownload\SkinCrafterDll.dll
    C:\Program Files\BitDownload\Skins
    C:\Program Files\BitDownload\Support
    C:\Program Files\BitDownload\unins000.dat
    C:\Program Files\BitDownload\unins000.exe
    C:\Program Files\BitTorrent Fastest Tool
    C:\Program Files\BitTorrent Fastest Tool\INSTALL.LOG

    --------------------\\ Verification du Registre

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\setup dead that]
    "DisplayName"="CiD Help"
    "UninstallString"="C:\\DOCUME~1\\HP_ADM~1\\APPLIC~1\\SECTDE~1\\upload bat deaf.exe -uninstall"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts MODIFIE

    127.0.0.1 bin.errorprotector.com ## added by CiD
    127.0.0.1 br.errorsafe.com ## added by CiD
    127.0.0.1 br.winantivirus.com ## added by CiD
    127.0.0.1 br.winfixer.com ## added by CiD
    127.0.0.1 cdn.drivecleaner.com ## added by CiD
    127.0.0.1 cdn.errorsafe.com ## added by CiD
    127.0.0.1 cdn.winsoftware.com ## added by CiD
    127.0.0.1 de.errorsafe.com ## added by CiD
    127.0.0.1 de.winantivirus.com ## added by CiD
    127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
    127.0.0.1 download.cdn.errorsafe.com ## added by CiD
    127.0.0.1 download.cdn.winsoftware.com ## added by CiD
    127.0.0.1 download.errorsafe.com ## added by CiD
    127.0.0.1 download.systemdoctor.com ## added by CiD
    127.0.0.1 download.winantispyware.com ## added by CiD
    127.0.0.1 download.windrivecleaner.com ## added by CiD
    127.0.0.1 download.winfixer.com ## added by CiD
    127.0.0.1 drivecleaner.com ## added by CiD
    127.0.0.1 dynamique.drivecleaner.com ## added by CiD
    127.0.0.1 errorprotector.com ## added by CiD
    127.0.0.1 errorsafe.com ## added by CiD
    127.0.0.1 es.winantivirus.com ## added by CiD
    127.0.0.1 fr.winantivirus.com ## added by CiD
    127.0.0.1 fr.winfixer.com ## added by CiD
    127.0.0.1 go.drivecleaner.com ## added by CiD
    127.0.0.1 go.errorsafe.com ## added by CiD
    127.0.0.1 go.winantispyware.com ## added by CiD
    127.0.0.1 go.winantivirus.com ## added by CiD
    127.0.0.1 hk.winantivirus.com ## added by CiD
    127.0.0.1 instlog.errorsafe.com ## added by CiD
    127.0.0.1 instlog.winantivirus.com ## added by CiD
    127.0.0.1 instlog.winfixer.com ## added by CiD
    127.0.0.1 jsp.drivecleaner.com ## added by CiD
    127.0.0.1 kb.errorsafe.com ## added by CiD
    127.0.0.1 kb.winantivirus.com ## added by CiD
    127.0.0.1 nl.errorsafe.com ## added by CiD
    127.0.0.1 se.errorsafe.com ## added by CiD
    127.0.0.1 secure.drivecleaner.com ## added by CiD
    127.0.0.1 secure.errorsafe.com ## added by CiD
    127.0.0.1 secure.winantispam.com ## added by CiD
    127.0.0.1 secure.winantispy.com ## added by CiD
    127.0.0.1 secure.winantivirus.com ## added by CiD
    127.0.0.1 support.winantivirus.com ## added by CiD
    127.0.0.1 trial.updates.winsoftware.com ## added by CiD
    127.0.0.1 ulog.winantivirus.com ## added by CiD
    127.0.0.1 utils.errorsafe.com ## added by CiD
    127.0.0.1 utils.winantivirus.com ## added by CiD
    127.0.0.1 utils.winfixer.com ## added by CiD
    127.0.0.1 winantispyware.com ## added by CiD
    127.0.0.1 winantivirus.com ## added by CiD
    127.0.0.1 winfixer.com ## added by CiD
    127.0.0.1 winfixer2006.com ## added by CiD
    127.0.0.1 winsoftware.com ## added by CiD
    127.0.0.1 [i]ww/iw.drivecleaner.com ## added by CiD
    127.0.0.1 [i]ww/iw.errorprotector.com ## added by CiD
    127.0.0.1 [i]ww/iw.errorsafe.com ## added by CiD
    127.0.0.1 [i]ww/iw.systemdoctor.com ## added by CiD
    127.0.0.1 [i]ww/iw.utils.winfixer.com ## added by CiD
    127.0.0.1 [i]ww/iw.win-anti-virus-pro.com ## added by CiD
    127.0.0.1 [i]ww/iw.win-virus-pro.com ## added by CiD
    127.0.0.1 [i]ww/iw.winantispam.com ## added by CiD
    127.0.0.1 [i]ww/iw.winantispy.com ## added by CiD
    127.0.0.1 [i]ww/iw.winantispyware.com ## added by CiD
    127.0.0.1 [i]ww/iw.winantivirus.com ## added by CiD
    127.0.0.1 [i]ww/iw.winantiviruspro.com ## added by CiD
    127.0.0.1 [i]ww/iw.windrivecleaner.com ## added by CiD
    127.0.0.1 [i]ww/iw.windrivesafe.com ## added by CiD
    127.0.0.1 [i]ww/iw.winfixer.com ## added by CiD
    127.0.0.1 [i]ww/iw.winfixer2006.com ## added by CiD
    127.0.0.1 [i]ww/iw.winsoftware.com ## added by CiD

    -> 8706 [ 70 ## added by CiD ]

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-11 11:42:48
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Recherche d'autres infections

    C:\WINDOWS\system32\VFOVuCdd.ini
    C:\WINDOWS\system32\VFOVuCdd.ini2
    [b]==> VUNDO <==/b

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\HP_ADM~1\Mes documents\Crack-FFF
    C:\DOCUME~1\HP_ADM~1\Mes documents\Crack-FFF\Crack.exe
    C:\DOCUME~1\HP_ADM~1\Mes documents\Crack-FFF\FFF.NFO

    [F:23][D:3]-> C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
    [F:8][D:0]-> C:\DOCUME~1\HP_ADM~1\Cookies
    [F:89][D:6]-> C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 11/11/2008|11:43 - Option : [1]

    --------------------\\ Fin du rapport a 11:43:53
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Ok maintenant :

    ▶ Relance Lop S&D

    ▶ Choisis cette fois-ci l'option 2 (Suppression)

    ▶ Ne ferme pas la fenêtre lors de la suppression !

    ▶ Poste le rapport généré (C:\lopR.txt)

    * (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

    ensuite supprimes ces cracks qui sont dans tes documents (supprime le dossier Crack) :

    C:\DOCUME~1\HP_ADM~1\Mes documents\Crack-FFF
    C:\DOCUME~1\HP_ADM~1\Mes documents\Crack-FFF\Crack.exe
    C:\DOCUME~1\HP_ADM~1\Mes documents\Crack-FFF\FFF.NFO

    Ensuite refais une analyse complète avec malwarebytes après avoir fait la mise à jour stp
    0
  7. girafe25
     
    --------------------\\ Lop S&D 4.2.4-9c XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3400+ )
    BIOS : Phoenix - Award BIOS v6.00PG
    USER : HP_Administrateur ( Administrator )
    BOOT : Normal boot
    Antivirus : avast! antivirus 4.8.1229 [VPS 081110-1] 4.8.1229 (Activated)
    C:\ (Local Disk) - NTFS - Total:179 Go (Free:48 Go)
    D:\ (Local Disk) - FAT32 - Total:6 Go (Free:1 Go)
    E:\ (Local Disk) - FAT32 - Total:37 Go (Free:13 Go)
    F:\ (CD or DVD)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)
    J:\ (USB)

    "C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
    Option : [2] ( 11/11/2008|11:54 )

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

    Supprime! - C:\DOCUME~1\HP_ADM~1\APPLIC~1\BitDownload\Data
    Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\BitDownload\BitDownload.lnk
    Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\BitDownload\Uninstall BitDownload.lnk
    Supprime! - C:\Program Files\BitDownload\BitDownload.TRC
    Supprime! - C:\Program Files\BitDownload\BitDownload_1.TRC
    Supprime! - C:\Program Files\BitDownload\settings.ini
    Supprime! - C:\Program Files\BitDownload\settings.stp
    Supprime! - C:\Program Files\BitDownload\SkinCrafterDll.dll
    Supprime! - C:\Program Files\BitDownload\Skins
    Supprime! - C:\Program Files\BitDownload\Support
    Supprime! - C:\Program Files\BitDownload\unins000.dat
    Supprime! - C:\Program Files\BitDownload\unins000.exe
    Supprime! - C:\Program Files\BitTorrent Fastest Tool\INSTALL.LOG
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\second regs grim software
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns
    Supprime! - C:\DOCUME~1\HP_ADM~1\APPLIC~1\Bitdownload
    Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\BitDownload
    Supprime! - C:\Program Files\BitDownload
    Supprime! - C:\Program Files\BitTorrent Fastest Tool
    -
    [ Fichier Hosts ] .. Restaure!

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    Supprime! - C:\Program Files\Viewpoint
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    --------------------\\ Listing des dossiers dans APPLIC~1

    [18/10/2005|19:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
    [03/01/2005|06:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
    [03/01/2005|05:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
    [03/01/2005|05:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

    [26/08/2008|09:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [25/05/2006|10:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe(2)
    [05/05/2006|10:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
    [05/12/2007|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
    [09/11/2007|15:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
    [07/05/2007|14:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
    [29/12/2007|15:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [26/05/2008|17:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
    [09/06/2007|07:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [03/01/2005|05:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
    [08/11/2008|15:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
    [03/01/2005|05:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    [27/06/2008|15:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    [17/04/2008|20:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
    [17/04/2008|19:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
    [09/11/2007|16:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macromedia
    [26/06/2008|15:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [14/08/2007|19:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [29/03/2006|12:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies
    [26/03/2007|21:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
    [01/04/2006|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Otto
    [27/03/2006|11:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    [03/01/2005|05:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [03/01/2005|05:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
    [11/11/2008|09:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [21/03/2006|19:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    [11/06/2008|07:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [26/07/2006|16:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [05/07/2007|06:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
    [05/07/2007|06:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    [22/05/2006|18:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

    [18/10/2005|19:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [14/10/2007|17:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
    [03/01/2005|06:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [03/01/2005|05:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
    [03/01/2005|05:53] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

    [07/05/2007|14:47] C:\DOCUME~1\HP_ADM~1\APPLIC~1\acccore
    [11/04/2008|08:49] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Adobe
    [23/04/2007|10:42] C:\DOCUME~1\HP_ADM~1\APPLIC~1\AdobeUM
    [13/01/2007|20:12] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Ahead
    [01/10/2007|09:54] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Anuman Interactive
    [05/12/2007|11:56] C:\DOCUME~1\HP_ADM~1\APPLIC~1\AOL
    [29/12/2007|17:48] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Apple Computer
    [14/09/2008|15:41] C:\DOCUME~1\HP_ADM~1\APPLIC~1\dvdcss
    [31/03/2006|15:20] C:\DOCUME~1\HP_ADM~1\APPLIC~1\eConf
    [14/08/2007|14:30] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Google
    [31/03/2006|13:46] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Help
    [09/09/2006|12:34] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Hemera
    [08/04/2006|17:03] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Hewlett-Packard
    [31/03/2006|12:59] C:\DOCUME~1\HP_ADM~1\APPLIC~1\HP
    [21/03/2006|17:22] C:\DOCUME~1\HP_ADM~1\APPLIC~1\HPQ
    [18/10/2005|19:24] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Identities
    [18/08/2007|13:48] C:\DOCUME~1\HP_ADM~1\APPLIC~1\IE7Pro
    [26/03/2006|10:33] C:\DOCUME~1\HP_ADM~1\APPLIC~1\InterVideo
    [02/04/2006|11:05] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Lavasoft
    [21/03/2006|18:54] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Leadertech
    [08/12/2007|13:13] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Logitech
    [20/03/2006|19:13] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Macromedia
    [26/06/2008|15:30] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Malwarebytes
    [23/10/2008|17:53] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Microsoft
    [29/07/2008|09:01] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Mozilla
    [31/03/2006|15:00] C:\DOCUME~1\HP_ADM~1\APPLIC~1\MSNInstaller
    [06/07/2007|10:12] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Musicmatch
    [29/10/2006|12:20] C:\DOCUME~1\HP_ADM~1\APPLIC~1\muvee Technologies
    [01/04/2006|10:53] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Otto
    [11/02/2007|10:36] C:\DOCUME~1\HP_ADM~1\APPLIC~1\PC Tools
    [03/01/2005|05:31] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Real
    [21/03/2006|18:54] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Sonic
    [26/03/2006|20:45] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Sun
    [21/03/2006|09:47] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Symantec
    [31/03/2006|13:00] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Template
    [02/06/2008|19:55] C:\DOCUME~1\HP_ADM~1\APPLIC~1\TmpRecentIcons
    [29/07/2008|09:01] C:\DOCUME~1\HP_ADM~1\APPLIC~1\TomTom
    [02/12/2006|20:09] C:\DOCUME~1\HP_ADM~1\APPLIC~1\vlc
    [09/01/2007|12:14] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Vso
    [20/03/2006|19:21] C:\DOCUME~1\HP_ADM~1\APPLIC~1\You've Got Pictures Screensaver

    [10/02/2007|12:23] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
    [03/01/2005|04:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [02/06/2008|15:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla

    [03/01/2005|04:55] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [08/06/2007 06:47][--ah-----] C:\WINDOWS\tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job
    [11/11/2008 09:03][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [10/08/2004 20:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [26/08/2008|09:59] C:\Program Files\Adobe
    [09/06/2007|07:11] C:\Program Files\Ahead
    [26/06/2008|16:00] C:\Program Files\Alwil Software
    [01/10/2007|09:51] C:\Program Files\Anuman Interactive
    [07/07/2008|11:01] C:\Program Files\a-squared Free
    [15/10/2006|16:38] C:\Program Files\AviSynth 2.5
    [11/11/2008|09:20] C:\Program Files\AxBx
    [28/06/2008|01:00] C:\Program Files\CCleaner
    [25/07/2008|10:30] C:\Program Files\DD PlayCam
    [09/06/2007|07:11] C:\Program Files\DivX
    [11/11/2008|09:04] C:\Program Files\eMule
    [29/05/2007|19:46] C:\Program Files\EZFace
    [15/10/2006|16:30] C:\Program Files\ffdshow
    [25/07/2008|10:43] C:\Program Files\Fichiers communs
    [04/06/2007|07:42] C:\Program Files\FrenchOtto
    [04/06/2007|07:42] C:\Program Files\GemMasterFrench
    [22/10/2007|08:09] C:\Program Files\Google
    [22/08/2008|04:41] C:\Program Files\Hewlett-Packard
    [22/08/2008|04:41] C:\Program Files\HP
    [18/08/2007|13:48] C:\Program Files\IE7Pro
    [28/10/2008|11:34] C:\Program Files\InstallShield Installation Information
    [28/10/2008|11:26] C:\Program Files\Internet Explorer
    [03/01/2005|05:33] C:\Program Files\InterVideo
    [07/10/2007|09:59] C:\Program Files\Java
    [27/06/2008|15:57] C:\Program Files\Lavasoft
    [20/03/2006|19:21] C:\Program Files\Learn2.com
    [06/04/2007|14:34] C:\Program Files\LHSP
    [08/12/2007|13:10] C:\Program Files\Logitech
    [25/07/2008|10:43] C:\Program Files\Look 312P
    [03/01/2005|05:17] C:\Program Files\MainConcept
    [26/06/2008|15:30] C:\Program Files\Malwarebytes' Anti-Malware
    [30/04/2006|11:30] C:\Program Files\McAfee.com
    [08/09/2008|11:12] C:\Program Files\Messenger
    [08/09/2007|07:59] C:\Program Files\MGI
    [26/10/2008|17:49] C:\Program Files\Micro Application
    [24/09/2007|11:19] C:\Program Files\Microsoft AutoRoute
    [05/07/2007|13:41] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [18/10/2005|19:27] C:\Program Files\microsoft frontpage
    [21/03/2006|17:57] C:\Program Files\Microsoft Money
    [21/03/2006|17:56] C:\Program Files\Microsoft Office
    [04/06/2007|07:42] C:\Program Files\Microsoft Picture It! 7
    [02/04/2007|09:35] C:\Program Files\Microsoft Sites publics fran‡ais
    [04/06/2007|07:42] C:\Program Files\Microsoft Works
    [21/03/2006|17:49] C:\Program Files\Microsoft Works Suite 2003
    [08/09/2008|10:52] C:\Program Files\Movie Maker
    [11/11/2008|11:44] C:\Program Files\Mozilla Firefox
    [30/04/2006|10:53] C:\Program Files\MP3Gain
    [08/09/2008|10:52] C:\Program Files\MSN
    [08/04/2006|17:03] C:\Program Files\MSN Apps
    [18/10/2005|19:27] C:\Program Files\MSN Gaming Zone
    [12/09/2008|14:31] C:\Program Files\MSN Messenger
    [16/08/2007|08:04] C:\Program Files\MSXML 4.0
    [06/07/2007|11:22] C:\Program Files\MUSICMATCH
    [03/01/2005|05:38] C:\Program Files\muvee Technologies
    [28/06/2008|00:21] C:\Program Files\Navilog1
    [03/01/2007|18:01] C:\Program Files\NeoDivx Suite
    [13/01/2007|20:11] C:\Program Files\Nero
    [09/08/2007|21:24] C:\Program Files\Nero 7.0.1.2 Premium
    [08/09/2008|10:47] C:\Program Files\NetMeeting
    [10/04/2008|10:58] C:\Program Files\Orange
    [08/09/2008|10:47] C:\Program Files\Outlook Express
    [04/06/2007|07:42] C:\Program Files\PC-Doctor 5 for Windows
    [20/01/2007|11:12] C:\Program Files\PhotoFiltre
    [03/06/2007|10:18] C:\Program Files\Player Tool
    [19/11/2006|10:30] C:\Program Files\QuickZip4
    [03/01/2005|05:30] C:\Program Files\Real
    [10/04/2008|10:45] C:\Program Files\SAGEM
    [10/04/2008|10:40] C:\Program Files\Securitoo
    [03/01/2005|05:48] C:\Program Files\Services en ligne
    [09/06/2007|07:15] C:\Program Files\Sonic
    [10/06/2008|07:57] C:\Program Files\Spybot - Search & Destroy
    [11/06/2008|02:15] C:\Program Files\Spyware Doctor
    [13/06/2007|09:03] C:\Program Files\TomTom DesktopSuite
    [29/07/2008|09:01] C:\Program Files\TomTom HOME
    [29/07/2008|09:01] C:\Program Files\TomTom HOME 2
    [26/06/2008|15:09] C:\Program Files\Trend Micro
    [02/12/2006|20:04] C:\Program Files\VideoLAN
    [29/12/2006|16:06] C:\Program Files\WinASPI
    [28/06/2008|00:39] C:\Program Files\Windows Live
    [04/06/2007|07:42] C:\Program Files\Windows Media Connect 2
    [26/05/2008|17:39] C:\Program Files\Windows Media Player
    [08/09/2008|10:47] C:\Program Files\Windows NT
    [18/10/2005|19:28] C:\Program Files\Windows Plus
    [06/01/2007|12:23] C:\Program Files\WMV9_VCM
    [18/10/2005|19:28] C:\Program Files\xerox

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [26/08/2008|09:57] C:\Program Files\Fichiers communs\Adobe
    [13/01/2007|20:13] C:\Program Files\Fichiers communs\Ahead
    [05/12/2007|12:00] C:\Program Files\Fichiers communs\AOL
    [20/03/2006|19:22] C:\Program Files\Fichiers communs\aolback
    [21/03/2006|17:53] C:\Program Files\Fichiers communs\Designer
    [10/04/2008|10:54] C:\Program Files\Fichiers communs\France Telecom
    [03/01/2005|05:21] C:\Program Files\Fichiers communs\Hewlett-Packard
    [03/01/2005|05:22] C:\Program Files\Fichiers communs\HP
    [09/06/2007|07:22] C:\Program Files\Fichiers communs\InstallShield
    [03/01/2005|05:34] C:\Program Files\Fichiers communs\InterVideo
    [03/01/2005|05:07] C:\Program Files\Fichiers communs\Java
    [15/05/2008|17:18] C:\Program Files\Fichiers communs\Logishrd
    [17/04/2008|19:44] C:\Program Files\Fichiers communs\Logitech
    [25/07/2008|10:43] C:\Program Files\Fichiers communs\Look312P
    [08/09/2007|07:59] C:\Program Files\Fichiers communs\MGI Shared
    [22/10/2008|16:38] C:\Program Files\Fichiers communs\Micro Application Shared
    [29/12/2007|15:32] C:\Program Files\Fichiers communs\Microsoft Shared
    [18/10/2005|19:26] C:\Program Files\Fichiers communs\MSSoap
    [03/01/2005|05:38] C:\Program Files\Fichiers communs\muvee Technologies
    [20/03/2006|19:21] C:\Program Files\Fichiers communs\Nullsoft
    [16/07/2007|08:25] C:\Program Files\Fichiers communs\ODBC
    [18/04/2008|11:34] C:\Program Files\Fichiers communs\Real
    [21/03/2006|20:04] C:\Program Files\Fichiers communs\Scanner
    [01/02/2005|09:23] C:\Program Files\Fichiers communs\Services
    [09/06/2007|07:23] C:\Program Files\Fichiers communs\Sonic Shared
    [18/10/2005|19:26] C:\Program Files\Fichiers communs\SpeechEngines
    [08/09/2008|10:47] C:\Program Files\Fichiers communs\System
    [18/04/2008|11:35] C:\Program Files\Fichiers communs\xing shared

    --------------------\\ Process

    ( 65 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-11 11:55:49
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Recherche d'autres infections

    C:\WINDOWS\system32\VFOVuCdd.ini
    C:\WINDOWS\system32\VFOVuCdd.ini2
    [b]==> VUNDO <==/b

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\HP_ADM~1\Mes documents\Crack-FFF
    C:\DOCUME~1\HP_ADM~1\Mes documents\Crack-FFF\Crack.exe
    C:\DOCUME~1\HP_ADM~1\Mes documents\Crack-FFF\FFF.NFO

    [F:24][D:3]-> C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
    [F:8][D:0]-> C:\DOCUME~1\HP_ADM~1\Cookies
    [F:89][D:6]-> C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 11/11/2008|11:43 - Option : [1]
    2 - "C:\Lop SD\LopR_2.txt" - 11/11/2008|11:57 - Option : [2]

    --------------------\\ Fin du rapport a 11:57:06
    0
  8. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Ok maintenant fais la suite stp
    0
  9. girafe25
     
    Malwarebytes' Anti-Malware 1.30
    Version de la base de données: 1306
    Windows 5.1.2600 Service Pack 3

    11/11/2008 13:10:06
    mbam-log-2008-11-11 (13-09-57).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
    Eléments examinés: 166254
    Temps écoulé: 58 minute(s), 48 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 3
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 8

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32 (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSFox (Trojan.FakeAlert) -> No action taken.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~tmpb.exe (Trojan.Agent) -> No action taken.
    C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~tmpe.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
    C:\WINDOWS\system32\ (Trojan.Agent) -> No action taken.
    C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\xxx1047.exe (Trojan.FakeAlert) -> No action taken.
    C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~tmpa.exe (Trojan.FakeAlert) -> No action taken.
    C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~tmpc.exe (Trojan.FakeAlert) -> No action taken.
    C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~tmpd.exe (Trojan.FakeAlert) -> No action taken.
    0
  10. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok... Vas vider la quarantaine de malwarebytes et refais un nouveau rapport hijackthis stp
    0
  11. girafe25
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:26:19, on 11/11/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Orange\Systray\SystrayApp.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\arservice.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Orange\Launcher\Launcher.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Orange\connectivity\connectivitymanager.exe
    C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
    O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
    O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: https://www.orange.fr/portail
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.cg14.fr/sig/mg65ctrl_windows_activex_ie.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://familybelinda.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O20 - Winlogon Notify: jkkJyyaa - jkkJyyaa.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media WMPNetworkSvcupnphost (WMPNetworkSvcupnphost) - Unknown owner - C:\WINDOWS\
    0
  12. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok maintenant fais ceci stp :

    ▶ Télécharge Combofix de sUBs

    ▶ et enregistre le sur le Bureau.

    ▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)

    Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    ensuite envois le rapport et refais un nouveau rapport hijackthis stp
    0
  13. girafe25
     
    ComboFix 08-11-10.01 - HP_Administrateur 2008-11-11 13:36:21.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.65 [GMT 1:00]
    Lancé depuis: c:\documents and settings\HP_Administrateur\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\Cache
    c:\windows\system32\hqwxttdf.ini
    c:\windows\system32\VFOVuCdd.ini
    c:\windows\system32\VFOVuCdd.ini2
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-11 au 2008-11-11 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-11 12:01 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-11-11 11:40 . 2008-11-11 11:57 <REP> d-------- C:\Lop SD
    2008-11-09 21:29 . 2008-11-09 21:29 102,172 --a------ c:\windows\system32\cont_offersfortoday-remove.exe
    2008-11-09 21:29 . 2008-11-09 21:29 79,085 --a------ c:\windows\system32\ccevtqhampspex.exe
    2008-11-08 15:51 . 2008-11-08 15:51 <REP> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
    2008-10-26 17:49 . 1995-09-20 16:13 977,680 --a------ c:\windows\system32\msjt3032.dll
    2008-10-26 17:49 . 1995-09-24 11:02 243,472 --a------ c:\windows\system32\vbar2232.dll
    2008-10-26 17:49 . 1995-09-20 16:16 35,088 --a------ c:\windows\system32\msjint32.dll
    2008-10-26 17:49 . 1995-09-20 16:16 23,824 --a------ c:\windows\system32\msjter32.dll
    2008-10-24 12:03 . 2008-10-24 12:03 1,044,480 -ra------ c:\windows\system32\roboex32.dll
    2008-10-24 12:03 . 2008-10-24 12:03 49,152 -ra------ c:\windows\system32\inetwh32.dll
    2008-10-24 05:55 . 2008-10-15 17:35 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
    2008-10-15 16:27 . 2008-09-15 16:26 1,846,528 --------- c:\windows\system32\dllcache\win32k.sys
    2008-10-15 16:27 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
    2008-10-15 16:26 . 2008-08-14 14:23 2,191,232 --------- c:\windows\system32\dllcache\ntoskrnl.exe
    2008-10-15 16:26 . 2008-08-14 14:23 2,147,328 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
    2008-10-15 16:26 . 2008-08-14 14:23 2,068,096 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
    2008-10-15 16:26 . 2008-08-14 14:23 2,025,984 --------- c:\windows\system32\dllcache\ntkrpamp.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-11 12:46 --------- d-----w c:\program files\eMule
    2008-11-11 11:04 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2008-11-11 08:31 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-11-11 08:20 --------- d-----w c:\program files\AxBx
    2008-11-07 09:07 38,386 ----a-w c:\documents and settings\HP_Administrateur\Application Data\wklnhst.dat
    2008-11-05 12:59 143,376 ----a-w c:\documents and settings\HP_Administrateur\Application Data\GDIPFONTCACHEV1.DAT
    2008-10-28 10:34 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-10-26 16:49 --------- d-----w c:\program files\Micro Application
    2008-10-26 15:36 40,960 ----a-w C:\HTGD0003.exe
    2008-10-22 15:38 --------- d-----w c:\program files\Fichiers communs\Micro Application Shared
    2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
    2008-09-14 14:41 --------- d-----w c:\documents and settings\HP_Administrateur\Application Data\dvdcss
    2008-09-12 13:31 --------- d-----w c:\program files\MSN Messenger
    2007-02-10 00:00 0 ----a-w c:\documents and settings\HP_Administrateur\svc012.exe
    2007-01-09 11:14 81,920 ----a-w c:\documents and settings\HP_Administrateur\Application Data\ezpinst.exe
    2007-01-09 11:14 47,360 ----a-w c:\documents and settings\HP_Administrateur\Application Data\pcouffin.sys
    2006-03-29 11:49 251 -c--a-w c:\program files\wt3d.ini
    2007-04-02 15:52 22 --sha-w c:\windows\SMINST\HPCD.sys
    2004-08-10 12:00 253,952 --sha-w c:\windows\system32\msvcrt20.dll
    2008-04-14 02:33 30,749 --sha-w c:\windows\system32\vbajet32.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
    "eMuleAutoStart"="c:\program files\eMule\emule.exe" [2006-09-14 4964352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
    "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 188416]
    "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
    "Microsoft Works Update Detection"="c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 28672]
    "mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
    "SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
    "ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-18 185896]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "ftutil2"="ftutil2.dll" [2004-06-07 c:\windows\system32\ftutil2.dll]
    "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 c:\windows\arpwrmsg.exe]
    "nwiz"="nwiz.exe" [2005-11-04 c:\windows\system32\nwiz.exe]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-01-20 c:\windows\KHALMNPR.Exe]

    c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-01-03 27136]

    c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-01-03 27136]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-04-17 784912]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= c:\windows\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2007-11-15 09:10 72208 c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wgO43.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpx64.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk
    backup=c:\windows\pss\AOL 9.0 Icône AOL.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
    "c:\\Program Files\\eMule\\eMule0.45b\\emule.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2005-10-03 2799488]
    R3 usbstor;Pilote de stockage de masse USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S0 wgO43;wgO43;c:\windows\system32\Drivers\wgO43.sys [ ]
    S0 Winpx64;Winpx64;c:\windows\system32\Drivers\Winpx64.sys [ ]
    S3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\DRIVERS\MosIrUsb.sys [2004-04-14 20736]
    S3 usbscan;Pilote de scanneur USB;c:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cf334f9-4389-11dd-a706-0013d3da2140}]
    \Shell\AutoRun\command - K:\i.exe
    \Shell\explore\Command - K:\i.exe
    \Shell\open\Command - K:\i.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2007-06-08 c:\windows\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job
    - c:\program files\Fichiers communs\Sonic Shared\Sonic Central\Main\Mediahub.exe []
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    Notify-jkkJyyaa - jkkJyyaa.dll

    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\b93b0srv.default\
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-11 13:44:30
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvcupnphost]
    "ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    PROCESSUS: c:\windows\explorer.exe
    -> c:\windows\system32\nview.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\windows\arservice.exe
    c:\windows\ehome\ehrecvr.exe
    c:\windows\ehome\ehSched.exe
    c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\HPZipm12.exe
    c:\windows\ehome\ehmsas.exe
    c:\windows\system32\snmp.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Orange\Launcher\Launcher.exe
    c:\progra~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\[u]0/u\AlertModule.exe
    c:\program files\Alwil Software\Avast4\ashMaiSv.exe
    c:\program files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
    c:\program files\Orange\Connectivity\ConnectivityManager.exe
    c:\program files\Orange\Connectivity\corecom\CoreCom.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Orange\Connectivity\corecom\OraConfigRecover.exe
    c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\[u]0/u\FTCOMModule.exe
    c:\program files\Alwil Software\Avast4\ashWebSv.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-11-11 13:52:47 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-11-11 12:52:34

    Avant-CF: 52 199 526 400 octets libres
    Après-CF: 52,097,978,368 octets libres

    202 --- E O F --- 2008-10-24 04:58:10
    0
  14. girafe25
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:57:29, on 11/11/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\arservice.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\ARPWRMSG.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Orange\Systray\SystrayApp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Orange\Launcher\Launcher.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Orange\connectivity\connectivitymanager.exe
    C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
    O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
    O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: https://www.orange.fr/portail
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.cg14.fr/sig/mg65ctrl_windows_activex_ie.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://familybelinda.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media WMPNetworkSvcupnphost (WMPNetworkSvcupnphost) - Unknown owner - C:\WINDOWS\
    0
  15. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    relance hijackthis en cliquant sur scan only et coches ces lignes stp :

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    puis tu cliques sur fix checked.

    ensuite vas faire la mise à jour de java à cette adresse stp : https://www.java.com/fr/download/manual.jsp

    et ensuite désinstalle la version antérieure.

    est ce que tu as encore des problèmes ??
    0
  16. girafe25
     
    Je pense que c'est résolu, mais n'étant pas une experte je ne peut confirmer.
    Je n'ai pas revue de message signalant un problème de sécurité, alors je pense que cela est bon signe!!!
    Je remercie toute les personne qui ont accordés de leur temps pour m'aider, vous faites un travail formidable, merci beaucoup!!

    cordialement
    0
  17. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Mais de rien, je t ai aidé avec plaisir ;-)

    tu peux faire ceci pour terminer stp :

    Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :

    ▶ Télécharge Toolscleaner sur ton Bureau

    ▶ Double-clique sur ToolsCleaner2.exe et laisse le travailler
    ▶ Clique sur Recherche et laisse le scan se terminer.
    ▶ Clique sur Suppression pour finaliser.
    ▶ Tu peux, si tu le souhaites, te servir des Options facultatives.
    ▶ Clique sur Quitter, pour que le rapport puisse se créer.
    ▶ Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse

    Désactive et réactive la Restauration du système :

    Le fait de faire cette manipulation va supprimer tous les virus qui auraient pu se loger dans les
    points de restauration que tu avais créé auparavant.. Il est donc recommandé de la faire :

    1 Dans la barre des tâches de Windows, clique sur Démarrer.

    2 Clique avec le bouton droit de la souris sur Poste de travail puis clique sur Propriétés.

    3 Dans l'onglet Restauration du système, coche "Désactiver la Restauration du système"

    4 Clique sur Appliquer.

    5 Ensuite décoche "Désactiver la restauration du systeme"

    6 clique sur appliquer puis ok

    7 vas créer un point de restauration en cliquant sur démarrer => tous les programmes => accessoires =>

    outils systeme => restauration du systeme => créer un point de restauration => tu mets un nom

    (exemple : après désinfection sur CCM) puis tu valides.

    pour XP : Voici un tutoriel en cas de problèmes.
    0
  18. girafe25
     
    [ Rapport ToolsCleaner version 2.2.6 (par A.Rothstein & dj QUIOU) ]

    -->- Recherche:

    C:\Combofix.txt: trouvé !
    C:\fixnavi.txt: trouvé !
    C:\lopR.txt: trouvé !
    C:\Lop SD: trouvé !
    C:\Qoobox: trouvé !
    C:\Documents and Settings\HP_Administrateur\Bureau\HijackThis.lnk: trouvé !
    C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe: trouvé !
    C:\Program Files\Navilog1: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
    C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\HP_Administrateur\Bureau\HijackThis.lnk: supprimé !
    C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Combofix.txt: supprimé !
    C:\fixnavi.txt: supprimé !
    C:\lopR.txt: supprimé !
    C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
    C:\Lop SD: supprimé !
    C:\Qoobox: supprimé !
    C:\Program Files\Navilog1: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !

    Point de restauration crée !
    Corbeille vidée!
    Fichiers temporaires nettoyés !
    Sauvegarde du registre crée !
    0
  19. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Tu peux supprimer combofix qui est sur ton bureau..

    Et fais bien la suite car c est tres important..

    Bonne journée @+
    0