Attaque de mon antivirus RESOLU

Bonjour,

J'ai voulu téléchargé pc show buzz, non pas sur le site recommandé par vote article du n°579 mais sur la toile, ne trouvant pas facilement le lien de téléchargement.
Dès l'installation mon antivirus avast a été attaqué et n'est plus opérationnel.
Je crains fort avoir un méchant virus.

Pouvez vous m'aidé.

Merci

As tu essayer de le désinstaller puis réinstallation.



Sinon tu peux faire un scan en ligne.

http://www.eset-nod32.fr/scanner.html (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
- C:\Program Files\EsetOnlineScanner\log.txt

Bonjour,

Il n'arrive pas à scanner, j'ai un message erreur "erreur inatendue 101" même après avoir désinstallé mon antivirus.


Que dois je faire ?

Merci

De plus j'ai réinstallé avast et il ne fonctionne toujours pas et mon pc est de plus en plus lent.

Au secours !!!!!

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau:

Double clique sur RSIT.exe qui se trouve sur ton bureau pour le lancer:
Pour VISTA :
Clic-droit et choisis "Exécuter en tant qu'administrateur".


Ensuite :
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Le rapport va se créer. Pour le mettre sur le forum.

Vous pouvez, une fois posté, le fermer. Ce rapport s’appelle.log.txt

Le rapport est sauvegardé à la racine du disque: C:\rsit\info.txt et C:\rsit\log.txt

Désolé mais je crains que mon virus bloque hijack this !!

Y a t-il une autre solution ?

Télécharge Combofix.exe sur ton Bureau (et pas ailleurs).
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

- Au moment de l'enregistrer sur ton Bureau renomme-le en: cmutu.exe

Double clique Combofix.exe.
Pour VISTA : Clic-droit et choisis "Exécuter en tant qu'administrateur".

[Pour VISTA : pas d'installation de la console de récupération.
>> Lors de son exécution, ComboFix va vérifier si la Console de récupération Microsoft Windows est installée.
Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir préinstallée sur votre PC avant toute suppression de nuisibles.
Elle permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de vous aider plus facilement si jamais votre ordinateur rencontre un problème après une tentative de nettoyage.

Suis les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows, et lorsque cela est demandé, accepte le Contrat de Licence Utilisateur Final pour l'installer.
>> Une fois sur ton bureau double clique dessus pour le lancer.
Note importante : Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.

Lorsque le scan sera complet, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt

>>Ne pas cliquer dans la fenêtre de Combofix durant l’analyse, ceci provoquerait le gel du programme

INFO
Si, par malchance, vous n'avez plus accès à votre connexion Internet après avoir fait tourner ComboFix, la première chose à essayer est de faire redémarrer votre ordinateur.
Cette seule manip devrait corriger la grande majorité des problèmes de non-connexion à Internet après l'utilisation de ComboFix. Si vous n'avez toujours pas de connexion Internet après avoir redémarré, exécutez les étapes suivantes:

1. Cliquez sur le bouton Démarrer.
2. Cliquez sur l'option de menu Paramètres.
3. Cliquez sur l'option Panneau de configuration.
4. Après l'ouverture du Panneau de configuration, faites un double clic sur l'icône Connexions réseau
5. . Si votre Panneau de configuration est paramétré pour un affichage en catégories, faites un double clic sur Connexions réseau et Internet. puis cliquez sur Connexions réseau .tout en bas.
6. Vous verrez alors une liste de toutes les connexions réseau disponibles. Repérez la connexion vers votre adaptateur Sans Fil ou Réseau local et faites un clic droit dessus.
7. Vous verrez alors un menu similaire à celui de l'image ci-dessous. Cliquez simplement sur l'option de menu Réparer. .



8. Laissez le processus de réparation se dérouler, et lorsqu'il a terminé, votre connexion Internet devrait être de nouveau opérationnelle.
Sinon, si une icône de votre réseau apparaît aussi dans la barre des tâches Windows, vous pouvez la réparer en faisant un clic droit sur l'icône et en choisissant Réparer comme le montre l'image ci-dessous:

Voici le message erreur après avoir lancé cmutu.exe

"vous ne pouvez pas renommer combofix en cmutu
veuillez choisir un autre nom de préférence en caracteres alphanumérique"

tu es sous XP ou Vista.

tu peux le renommer même en 123.exe si tu veux

voici le rapport

ComboFix 09-05-30.04 - Daniel 31/05/2009 18:22.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.728 [GMT 2:00]
Lancé depuis: c:\documents and settings\Daniel.VERBEKE\Bureau\123.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\100265.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\105921.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\106250.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\108156.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\109718.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\109875.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\110234.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\111375.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\113218.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\113468.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\115468.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\115703.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\116312.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\116578.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\117796.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\118265.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\119453.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\120453.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\122203.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\123453.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\124875.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\125375.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\126062.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\126078.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\127781.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\128921.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\129812.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\129859.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\130453.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\130968.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\131171.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\131187.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\131593.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\131609.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\132343.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\132703.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\132734.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\134875.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\137109.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\138031.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\139796.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\140812.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\141796.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\142296.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\143109.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\143828.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\144437.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\144796.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\144828.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\146296.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\147375.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\147843.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\148140.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\151828.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\152531.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\155359.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\155765.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\156234.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\157921.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\158296.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\158734.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\158828.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\159156.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\162015.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\162125.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\163453.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\164812.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\164937.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\168140.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\168828.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\170125.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\172109.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\174171.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\194812.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\275671.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\276484.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\276718.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\277203.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\277562.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\278187.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\278390.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\279328.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\279937.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\282578.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\283234.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\283250.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\283718.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\284546.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\285156.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\285390.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\285437.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\285609.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\285625.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\286640.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\286812.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\288125.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\288593.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\289187.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\289765.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\289859.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\292906.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\296453.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\298015.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\298359.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\298625.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\298953.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\299078.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\300109.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\301156.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\302500.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\302515.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\318031.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\322578.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\323671.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\324812.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\325812.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\326640.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\330531.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\334781.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\334937.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\339468.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\341812.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\342000.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\344562.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\345390.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\345968.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\349046.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\350421.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\350546.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\353156.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\354203.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\354265.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\356437.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\356453.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\362031.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\362703.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\363656.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\364218.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\365203.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\365593.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\365765.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\368796.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\369531.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\370812.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\374531.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\375062.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\375375.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\375484.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\378718.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\383734.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\389671.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\390328.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\392500.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\398609.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\400578.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\401812.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\423484.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\431328.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\433296.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\433546.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\433750.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\436312.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\437843.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\438312.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\444671.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\445656.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\446078.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\459125.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\459859.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\459953.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\463000.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\467281.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\468156.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\468328.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\468703.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\468828.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\469187.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\469234.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\469828.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\469890.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\471546.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\477390.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\478015.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\478140.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\478640.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\479312.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\479421.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\479515.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\481859.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\482062.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\484421.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\488640.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\490250.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\492093.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\493234.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\493390.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\493640.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\493656.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\493765.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\561656.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\563218.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\563578.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\565640.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\568750.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\569687.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\574062.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\575781.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\576687.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\591765.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\595812.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\598828.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\599625.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\599687.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\599953.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\601234.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\601812.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\603796.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\606281.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\606671.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\606953.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\607953.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\608218.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\608312.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\608656.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\608843.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\608890.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\609234.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\609531.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\612453.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\613375.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\613468.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\613875.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\618500.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\619890.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\621578.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\621640.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\622218.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\622687.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\622921.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\623500.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\623625.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\623890.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\624093.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\624812.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\625796.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\626046.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\642843.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\671718.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\677140.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\677625.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\677734.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\745328.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\746656.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\747187.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\768531.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\769406.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\769500.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\771828.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\775328.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\776000.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\776187.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\776671.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\777515.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\777562.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\95953.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\downld\97859.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\srosa2.sys
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\wfsintwq.sys
c:\documents and settings\Daniel.VERBEKE\Application Data\drivers\winupgro.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\m
c:\documents and settings\Daniel.VERBEKE\Application Data\m\data.oct
c:\documents and settings\Daniel.VERBEKE\Application Data\m\flec006.exe
c:\documents and settings\Daniel.VERBEKE\Application Data\m\list.oct
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\1728298 1.9.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\8051 Hex Code Explorer 1.0.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\abylon CRYPTDRIVE 6.5 Crack.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Almanac 1.0.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Antechinus C# Editor 6.1.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Any Weblock 1.1.0.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Armenian Screen Saver Pictures3 1.0.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\AUAU MP4 Converter 4.5.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Auction Messenger 4.6.4.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Audio Optimizer 2.2.1.1237.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\AVCam Basic 1.1.0.1.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\BlueCap 1.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Broken X Database Converter 1.4 Build 52.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Calc2Dokuwiki.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Calc98 5.3 (Cracked).zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\CDStartDummy 2.53.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Cetus AstroExp 1.01.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Chronos for AutoCAD 2.0.3.58 (Cracked).zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Clock.NET 1.2.9.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\CodeWallet Pro 2006 6.60.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\ComparatorPro 3.2.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Convertion Etalon 1.1.0.0.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Corpse Flower (Titan Arum) Webcam B 1.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\CP-8901 1.0.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Cresotech Easystart 2.0 (Patch).zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\CtrlView 3.1.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\CuteSITE Builder 5.0.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Daily Picture Of Zurich 1.0.1.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Daily Quotes Generator 2.0.4.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\dampfplatz font 1.0.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\DESlock+ 3.2.5.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\DeviceLock 6.3 Build 14161.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Diagnostic System for Sound Fields 3.1.5.9.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\DiskNumen 07.88 (With Crack).zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\DMSI (DivXMachine ShellIntegrated) 1.06.4.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\DownShift.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Dynacom Accounting Startup Edition 10.0.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\easyMule 1.0.10.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\EasyWay 1.0 (Cracked).zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\eCipher 1.65.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\EMS DB Comparer for Oracle 3.2.0.2.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Enclave gameclips 3 (low - WMV).zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Encrypt Web Pro 1.3 Build 81120.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Fast AVI MPEG Joiner 1.1.2.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\File Janitor 1.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Flv Recorder 3.02.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\foo setyear 0.8.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\foo ui columns 0.3.3.2.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Gabcast 1.0.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Get Access Pass 1.1.15.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Girafa Toolbar 2.12.37.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Hard Disk Sentinel 2.06 Beta.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\HypeMail 3.2.19.28.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\IE Quick Saver 1.2.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Informant Video Surveillance Software 1.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\InvestCalc 1.1.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Invisible KeyLogger Stealth 2.1.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\jTFlashManager 1.1.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Jupiter 3D ScreenSaver 1.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\KaTimeClock 2003.1.6 With Crack.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\KillaFing 3.10.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Liubasik PLATINUM 3.0 (Serial).zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\LooknBusy Screen Saver 1.07.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Masking Password Generator Pro 3.0.11.42.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Mathematics Quiz 2.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\McAfee.VirusScan.8.0.(2004)[sargentocuchillas].zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Meal Planning 2.0.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\MP4Converter-iPod Video Converter 3.1.26.0314b.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Music Mixer 4.0.3.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Navipane for Excel 2.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Nidesoft DVD to iPod Suite 2.0.50.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\NormalScrollbars 1.1.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Notes2 for Outlook 1.00.073.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\O&K Print Watch 4.3.1.1473.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\OddCraft 1.0.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\OddzBreaker 1.5.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\ONES 2.1.358.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\OOoSVN 0.3.8.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Opera Uptime 1.0.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Others Online 1.0.43.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Packpal Flash Gallery Maker 2.0.0.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\PAL PC SPY 1.01 Cracked.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Pendulum Divination E-book 1.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Photos Manager 1.0.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\PictPocket 1.0.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Picture Page 4.0 [With Crack].zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Pocket PasswordGen 1.01.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\PowerExif Standard 1.2.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\PowerOn 3.2.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\PowerTCP FTP Tool 1.8.6.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\RAM Booster Expert 1.30.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Repair Registry Pro 1.0.0.1.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Return to Castle Wolfenstein Military Complex 2 map.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Sacred v1.66 patch.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\ScreenSteps 1.0.6.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\ScriptFTP 2.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Shutdown Timer 1.0.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Slate Labyrinth 1.10.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\SQL Server Tools 1.0.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Subliminal Images 1.0.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Ticker 2.0.1.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\TNLMeans 1.0.3.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Tom BandPass 1.0.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Torque Game Engine 1.4u.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\TotalEdit 5.0.8.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\TrapperJohn.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Triple M Brisbane - Australia 1.0.2.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Tunbit WMA MP3 Converter 2.0.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Two Moon 1.0.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Unreal Tournament 2003 - Cold Wind skin.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Unreal Tournament 2004 Carball mod 2.5 (zip).zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Utility Library 1.0.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Vanga Rengi Mangaro 1.0.4.492 Crack.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Vista Battery Saver 1.02 Beta.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Visual DV Time Stamp 1.70.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Warcraft III - What Lurks Between the Green map.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Weather Model 1.0 Beta.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\WebSafe 2.0.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Wings Library 1.0.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\WinSQL 5.0.54.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Wise Tarot 4.1.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\WordScale Text Capture Engine SDK 2.1.1.48.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\x Chat Free 3 build 060815.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\XDenSer NetMPTree 1.1 KeyGen.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Xilisoft DVD to WMV Converter 4.0.74.0419 (Key).zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\XM Administrator 0.1-4.zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\shared\Xrefactory 2.0.13 [Cracked].zip
c:\documents and settings\Daniel.VERBEKE\Application Data\m\srvlist.oct
c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
c:\windows\ieocx.dll
c:\windows\system32\ban_list.txt
c:\windows\system32\mdelk.exe
c:\windows\system32\sqlite3.dll
c:\windows\system32\wintems.exe

----- BITS: Il y a peut-être des sites infectés -----

hxxp://videoporntrue.com
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SROSA
-------\Legacy_SROSA
-------\Legacy_SK9OU0S


((((((((((((((((((((((((((((( Fichiers créés du 2009-04-28 au 2009-05-31 ))))))))))))))))))))))))))))))))))))
.

2009-05-31 12:45 . 2009-05-31 12:46 -------- d-----w- C:\32788R22FWJFW.0.tmp
2009-05-31 11:53 . 2009-05-31 12:55 -------- d-----w- c:\program files\trend micro
2009-05-31 11:25 . 2009-05-31 11:25 -------- d-----w- C:\rsit
2009-05-31 09:37 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-05-31 09:37 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-05-31 09:37 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-05-31 08:54 . 2009-05-31 08:54 -------- d-----w- c:\program files\ESET
2009-05-31 07:28 . 2009-05-31 16:29 -------- d--h--w- c:\documents and settings\Daniel.VERBEKE\Application Data\drivers
2009-05-30 07:15 . 2009-05-30 07:38 -------- d-----w- c:\program files\MediaCoder 3GP Edition
2009-05-25 16:12 . 2009-05-25 16:12 -------- d-----w- c:\documents and settings\Daniel.VERBEKE\Application Data\Canon
2009-05-16 18:22 . 2009-05-16 18:22 -------- d-----w- c:\program files\iPod
2009-05-16 18:22 . 2009-05-16 18:23 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-16 17:58 . 2009-05-16 17:58 75048 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 16:30 . 2008-03-30 17:22 -------- d-----w- c:\program files\TomTom HOME 2
2009-05-31 09:33 . 2002-08-30 12:00 94800 ----a-w- c:\windows\system32\perfc00C.dat
2009-05-31 09:33 . 2002-08-30 12:00 557990 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-30 21:10 . 2008-08-25 12:25 -------- d-----w- c:\program files\adslTV
2009-05-26 19:03 . 2007-01-28 18:16 -------- d-----w- c:\program files\Quoiquipasse
2009-05-25 07:48 . 2006-08-31 18:12 -------- d-----w- c:\documents and settings\Daniel.VERBEKE\Application Data\uTorrent
2009-05-16 18:23 . 2006-12-04 14:13 -------- d-----w- c:\program files\iTunes
2009-05-16 18:22 . 2008-01-06 08:24 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-05-08 15:38 . 2009-05-08 15:38 43 ----a-w- c:\documents and settings\Daniel.VERBEKE\Application Data\~ygw.tmp
2009-04-27 19:13 . 2009-04-27 19:13 299352 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-04-18 19:12 . 2009-04-18 19:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2009-04-18 19:12 . 2009-04-18 19:12 69664 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-04-18 19:12 . 2009-04-18 19:12 274792 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-04-18 19:12 . 2009-04-18 19:12 73064 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-04-18 19:11 . 2009-04-18 19:11 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-04-18 19:11 . 2003-09-13 19:34 -------- d-----w- c:\program files\Lavasoft
2009-04-05 12:21 . 2009-04-05 12:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-04-05 12:18 . 2009-04-05 12:18 -------- d-----w- c:\program files\Bonjour
2009-04-05 12:18 . 2008-11-26 19:05 -------- d-----w- c:\program files\QuickTime
2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 14:32 . 2008-01-29 10:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-05 21:59 . 2009-04-05 12:12 1900544 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-03-05 21:59 . 2008-10-18 16:08 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-03-03 19:01 . 2009-03-03 19:01 45 ---h--w- c:\windows\dsez1263.dat
2005-05-25 18:22 . 2005-05-25 18:22 7 ----a-w- c:\program files\nomutil.txt
2001-09-30 04:32 . 2003-04-14 15:02 20110 ----a-w- c:\program files\NOTES_DE_VERSION.TXT
2001-09-30 04:32 . 2003-04-14 15:02 27135 ----a-w- c:\program files\GNU_LICENSE.TXT
2001-09-30 04:31 . 2003-04-14 15:02 10326 ----a-w- c:\program files\LISEZMOI.TXT
2001-09-29 11:20 . 2003-04-14 15:02 331 ----a-w- c:\program files\NIS.INI
2001-09-29 11:20 . 2003-04-14 15:02 380928 ----a-w- c:\program files\CDSTART.EXE
2001-09-29 11:20 . 2003-04-14 15:02 2949120 ----a-w- c:\program files\BOOTIMG.BIN
2001-09-29 11:20 . 2003-04-14 15:02 2048 ----a-w- c:\program files\BOOTCAT.BIN
2001-09-29 11:20 . 2003-04-14 15:02 2949120 ----a-w- c:\program files\Virtual Floppy Image
2001-09-29 11:20 . 2003-04-14 15:02 2048 ----a-w- c:\program files\BootCatalog
2002-07-31 17:55 . 2006-04-22 13:18 108 --sh--w- c:\windows\WSYS049.SYS
2006-05-03 10:06 . 2008-01-19 19:42 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2008-01-19 19:42 31744 --sh--r- c:\windows\system32\msfDX.dll
2007-06-26 16:17 . 2007-06-26 13:10 1164245 --sh--w- c:\windows\system32\tttss.tmp
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-22 1591808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-10-12 294912]
"VadeRetro Desktop"="c:\program files\Goto Software\Vade Retro\Vaderetro_Mgr.exe" [2008-05-26 1078272]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-08-12 185896]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-25 516440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-05-31 81000]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2002-08-15 46592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

c:\documents and settings\Daniel.VERBEKE\Menu D‚marrer\Programmes\D‚marrage\
ChkDisk.dll [2009-5-8 24064]
ChkDisk.lnk - c:\windows\system32\rundll32.exe [2004-8-19 33792]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^AutoStart IR.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\AutoStart IR.lnk
backup=c:\windows\pss\AutoStart IR.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^E-Compagnon.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\E-Compagnon.lnk
backup=c:\windows\pss\E-Compagnon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^GStartup.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\GStartup.lnk
backup=c:\windows\pss\GStartup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Daniel.VERBEKE^Menu Démarrer^Programmes^Démarrage^ChkDisk.dll]
path=c:\documents and settings\Daniel.VERBEKE\Menu Démarrer\Programmes\Démarrage\ChkDisk.dll
backup=c:\windows\pss\ChkDisk.dllStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Daniel.VERBEKE^Menu Démarrer^Programmes^Démarrage^ChkDisk.lnk]
path=c:\documents and settings\Daniel.VERBEKE\Menu Démarrer\Programmes\Démarrage\ChkDisk.lnk
backup=c:\windows\pss\ChkDisk.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Daniel.VERBEKE^Menu Démarrer^Programmes^Démarrage^HcwSyncIt.lnk]
path=c:\documents and settings\Daniel.VERBEKE\Menu Démarrer\Programmes\Démarrage\HcwSyncIt.lnk
backup=c:\windows\pss\HcwSyncIt.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Daniel.VERBEKE^Menu Démarrer^Programmes^Démarrage^Last.fm Helper.lnk]
path=c:\documents and settings\Daniel.VERBEKE\Menu Démarrer\Programmes\Démarrage\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Documents and Settings\\Catherine.VERBEKE.000\\Bureau\\Gym\\incredimail_install.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MyVideoSoft\\myvideosoft.exe"=
"c:\\Program Files\\Namo\\WebEditor 5 Trial\\bin\\WebEditor.exe"=
"c:\\Program Files\\LeechFTP\\Leechftp.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"c:\\Program Files\\adslTV\\adsltv.exe"=
"c:\\Program Files\\adslTV\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16820:TCP"= 16820:TCP:BitComet 16820 TCP
"16820:UDP"= 16820:UDP:BitComet 16820 UDP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18/04/2009 21:12 64160]
R2 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [04/04/2008 16:38 188416]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [08/04/2009 12:38 92008]
S1 aswSP;avast! Self Protection; [x]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
S2 CYUSB;Cypress Generic USB Driver;c:\windows\system32\DRIVERS\CyUsb.sys --> c:\windows\system32\DRIVERS\CyUsb.sys [?]
S2 EZUSBDEV;Cypress General Purpose USB Driver w/ Keil Monitor (ezmon.sys);c:\windows\system32\Drivers\ezmon.sys --> c:\windows\system32\Drivers\ezmon.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 953168]
S3 CEBDADTV;C&E DVB-T device;c:\windows\system32\drivers\CEBDA150.sys [05/07/2006 18:57 75520]
S3 ec88c80b-d3c3-41b5-a5e8-a5591b66fd01;ec88c80b-d3c3-41b5-a5e8-a5591b66fd01;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?]
S3 ForteUSB;NGS USB Driver Service;c:\windows\system32\drivers\ForteUSB.sys [30/12/2004 16:45 10658]
S3 HCW77BDA;Hauppauge Nova-T Stick DVB-T Tuner;c:\windows\system32\drivers\hcw70bda.sys [26/03/2007 17:13 118850]
S3 hcw99rc;Hauppauge Nova-DT IR Driver;c:\windows\system32\drivers\hcw99rc.sys [26/03/2007 17:14 56792]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
.
Contenu du dossier 'Tâches planifiées'

2009-05-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 19:12]

2009-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
SafeBoot-procexp90.Sys


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.free.fr/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Barre RoboForm - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Enregistrer le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Personnaliser le menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Remplir le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-31 18:36
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\cfexefile\DefaultIcon]
@DACL=(02 0000)
@SACL=
@="%1"

[HKEY_LOCAL_MACHINE\software\Classes\cfexefile\shell]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\cfexefile\shellex]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,2d,d9,df,60,1f,
02,95,56,e2,63,26,f1,3f,c8,ff,68,96,75,16,e4,b1,18,2c,a2,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,e9,37,ee,0c,bd,
37,b1,20,6a,9c,d6,61,af,45,84,18,2c,fc,81,3e,9a,4b,a2,ec,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,42,6a,05,4a,7b,
f7,0d,c4,ff,7c,85,e0,43,d4,0e,fe,e1,a8,c4,38,82,ca,45,e7,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,8b,65,21,ad,48,
8f,d6,4e,86,8c,21,01,be,91,eb,e7,b6,a0,62,26,29,ae,07,f9,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,d8,8e,40,f1,32,
c3,4e,b0,f5,1d,4d,73,a8,13,5c,05,d4,00,cc,7c,5b,66,76,45,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,bf,e2,15,26,31,
93,63,41,df,20,58,62,78,6b,cf,c8,ec,4a,00,c3,af,01,b7,28,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,a5,42,07,92,79,
fb,ee,0f,fb,a7,78,e6,12,2f,9a,ea,d6,1f,d4,b6,f0,48,33,96,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,a2,34,f6,e1,6a,
b7,ff,b0,01,3a,48,fc,e8,04,4a,f1,61,50,3f,d6,60,cc,f7,3a,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,41,ae,ed,e1,de,
71,c8,dd,f6,0f,4e,58,98,5b,89,c9,e6,7d,58,08,56,66,21,53,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,c4,20,9e,de,e5,
68,be,39,3d,ce,ea,26,2d,45,aa,78,ee,7f,6e,3a,de,eb,cb,97,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,62,3c,d3,50,9a,
35,81,87,2a,b7,cc,b5,b9,7f,41,e7,7f,9e,c5,4a,6e,ac,9d,7f,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,09,3c,42,82,d7,
57,9d,54,6c,43,2d,1e,aa,22,2f,9c,f9,2f,e2,ce,ff,4d,99,a4,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(3744)
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Unlocker\UnlockerCOM.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\Lavasoft\Ad-Aware\ShellExt.dll
c:\program files\WinZip\wzshlstb.dll
c:\program files\WinRAR\rarext.dll
c:\program files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
c:\program files\Siber Systems\AI RoboForm\roboform.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dantz\Retrospect\retrorun.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Heure de fin: 2009-05-31 18:49 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-31 16:49

Avant-CF: 12 434 919 424 octets libres
Après-CF: 12 632 395 776 octets libres

715 --- E O F --- 2009-01-15 02:04

OK je vois ton soucis.

tu es infecté par Beagle.
Celui-ci se propage suite a un téléchargement P2P ou un ckack Keygen ou dans le genre.

si tu as un crack, supprimes celui ci car il vas automatiquement réinfecté ton pc.

Ensuite fait ceci.

Téléchargeable ici : FindyKill

***Si tu es sous Vista (à exécuter en tant qu'administrateur sous vista)

Laisse l’installation se faire avec les paramètres affichés par défaut.

Branche les sources de données externes à son PC, (clé USB, disque dur externe, etc...)

* Double cliquer sur le raccourci FindyKill sur ton le bureau :



Double cliquer sur le raccourci FindyKill sur le bureau :

Au menu principal, choisir l'option 2 (Suppression)

il y aura 2 redémarrage du PC

1- la suppression des fichiers découverts
2-restaurer le Mode sans échec
3-réparer l'affichage des fichiers cachés
4-relancer les services
5-au final la suppression des mountpoints2 infectés

Poste le rapport ici :


je te prépare le suite.

Voila la suite.


Ouvre le Menu Démarrer > Exécuter (Touche Windows+ R : en raccourci)

Dans la boîte de dialogue, copie/colle tout ce qui est en citation ci-dessous :



Puis valide

2/ Ouvre CFScript.txt (sur ton Bureau) . > Copie dedans cette nouvelle citation :




Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe (que tu as renommer 123.exe ) comme sur la capture:



Une fenêtre bleue va apparaître et ComboFix vas de nouveau faire une analyse.

Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

voici le rapport Findkill


############################## [ FindyKill V4.731 ]

# User : Daniel (Administrateurs) # VERBEKE
# Update on 30/05/09 by Chiquitine29
# Start at: 20:23:34 | 31/05/2009
# Website : http://pagesperso-orange.fr/NosTools/findykill.html

# Intel(R) Pentium(R) 4 CPU 2.40GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Enabled

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 76,32 Go (11,84 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM
# G:\ # Disque fixe local # 189,92 Go (88,14 Go free) [Maxtor 200] # NTFS
# H:\ # Disque fixe local # 372,52 Go (97,88 Go free) [STOREX 400] # FAT32

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe

################## [ Infected Files \ Folders ]

Deleted ! C:\WINDOWS\Prefetch\123.EXE-089F0B48.pf
Deleted ! C:\WINDOWS\Prefetch\194812.EXE-27BF5183.pf
Deleted ! C:\WINDOWS\Prefetch\369531.EXE-298736C0.pf
Deleted ! C:\WINDOWS\Prefetch\378718.EXE-12787FD0.pf
Deleted ! C:\WINDOWS\Prefetch\490250.EXE-33783A1F.pf
Deleted ! C:\WINDOWS\Prefetch\618343.EXE-1BB4B37F.pf
Deleted ! C:\WINDOWS\Prefetch\642843.EXE-0F6E4691.pf
Deleted ! C:\WINDOWS\Prefetch\671718.EXE-003287A3.pf
Deleted ! C:\WINDOWS\Prefetch\771828.EXE-0CC29FAB.pf
Deleted ! C:\WINDOWS\Prefetch\FLEC006.EXE-0931B46A.pf
Deleted ! C:\WINDOWS\Prefetch\MDELK.EXE-1D176F91.pf
Deleted ! C:\WINDOWS\Prefetch\WINTEMS.EXE-2A563F9B.pf
Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-17681AA8.pf
Deleted ! "C:\Documents and Settings\Daniel.VERBEKE\Application Data\drivers"

################## [ Infected Temp Files ]


################## [ Registry / Infected keys ]

Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\TomTomHOMERunner
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro

################## [ Cleaning Removable drives ]

Deleted ! C:\Avenger
Deleted ! H:\autorun.inf

################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ States / Restarting of services ]

# Services : [ Auto=2 / Request=3 / Disable=4 ]

# Ndisuio -> # Type of startup =3
# EapHost -> # Type of startup =2
# Ip6Fw -> # Type of startup =2
# SharedAccess -> # Type of startup =2
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2

################## [ Searching Other Infections ]

# Références de comparaison Bagle MD5 :

File ... : C:\Qoobox\Quarantine\C\Documents and Settings\Daniel.VERBEKE\Application Data\drivers\winupgro.exe.vir
CRC32 .. : 15c5804e
MD5 .... : 6f2c848d66d1404288c8ba9787d8155e

Suspect ! : C:\Qoobox\Quarantine\C\Documents and Settings\Daniel.VERBEKE\Application Data\drivers\downld\106250.exe.vir
# Taille : 878596 # MD5 : 1442D66C31D85D54A23D8624745975E2
File was renamed : 106250.exe.vir.REN

Suspect ! : C:\Qoobox\Quarantine\C\Documents and Settings\Daniel.VERBEKE\Application Data\drivers\downld\109875.exe.vir
# Taille : 878596 # MD5 : 1442D66C31D85D54A23D8624745975E2
File was renamed : 109875.exe.vir.REN

Suspect ! : C:\Qoobox\Quarantine\C\Documents and Settings\Daniel.VERBEKE\Application Data\drivers\downld\110234.exe.vir
# Taille : 878596 # MD5 : 1442D66C31D85D54A23D8624745975E2
File was renamed : 110234.exe.vir.REN

Suspect ! : C:\Qoobox\Quarantine\C\Documents and Settings\Daniel.VERBEKE\Application Data\drivers\downld\111375.exe.vir
# Taille : 878596 # MD5 : 1442D66C31D85D54A23D8624745975E2
File was renamed : 111375.exe.vir.REN

Suspect ! : C:\Qoobox\Quarantine\C\Documents and Settings\Daniel.VERBEKE\Application Data\drivers\downld\162125.exe.vir
# Taille : 878596 # MD5 : 1442D66C31D85D54A23D8624745975E2
File was renamed : 162125.exe.vir.REN

Suspect ! : C:\Qoobox\Quarantine\C\Documents and Settings\Daniel.VERBEKE\Application Data\drivers\downld\194812.exe.vir
# Taille : 878596 # MD5 : 1442D66C31D85D54A23D8624745975E2
File was renamed : 194812.exe.vir.REN

Suspect ! : C:\Qoobox\Quarantine\C\Documents and Settings\Daniel.VERBEKE\Application Data\drivers\downld\318031.exe.vir
# Taille : 878596 # MD5 : 1442D66C31D85D54A23D8624745975E2
File was renamed : 318031.exe.vir.REN

Suspect ! : C:\Qoobox\Quarantine\C\Documents and Settings\Daniel.VERBEKE\Application Data\drivers\downld\322578.exe.vir
# Taille : 878596 # MD5 : 1442D66C31D85D54A23D8624745975E2
File was renamed : 322578.exe.vir.REN

Suspect ! : C:\Qoobox\Quarantine\C\Documents and Settings\Daniel.VERBEKE\Application Data\drivers\downld\324812.exe.vir
# Taille : 878596 # MD5 : 1442D66C31D85D54A23D8624745975E2
File was renamed : 324812.exe.vir.REN

Suspect ! : C:\Qoobox\Quarantine\C\Documents and Settings\Daniel.VERBEKE\Application Data\drivers\downld\356437.exe.vir
# Taille : 878596 # MD5 : 1442D66C31D85D54A23D8624745975E2
File was renamed : 356437.exe.vir.REN

Suspect ! : C:\Qoobox\Quarantine\C\Documents and Settings\Daniel.VERBEKE\Application Data\drivers\downld\392500.exe.vir
# Taille : 878596 # MD5 : 1442D66C31D85D54A23D8624745975E2
File was renamed : 392500.exe.vir.REN

Suspect ! : C:\Qoobox\Quarantine\C\Documents and Settings\Daniel.VERBEKE\Application Data\drivers\downld\423484.exe.vir
# Taille : 878596 # MD5 : 1442D66C31D85D54A23D8624745975E2
File was renamed : 423484.exe.vir.REN

Suspect ! : C:\Qoobox\Quarantine\C\Documents and Settings\Daniel.VERBEKE\Application Data\drivers\downld\431328.exe.vir
# Taille : 878596 # MD5 : 1442D66C31D85D54A23D8624745975E2
File was renamed : 431328.exe.vir.REN

Suspect ! : C:\Qoobox\Quarantine\C\Documents and Settings\Daniel.VERBEKE\Application Data\drivers\downld\484421.exe.vir
# Taille : 878596 # MD5 : 1442D66C31D85D54A23D8624745975E2
File was renamed : 484421.exe.vir.REN

Suspect ! : C:\Qoobox\Quarantine\C\Documents and Settings\Daniel.VERBEKE\Application Data\drivers\downld\488640.exe.vir
# Taille : 878596 # MD5 : 1442D66C31D85D54A23D8624745975E2
File was renamed : 488640.exe.vir.REN

Suspect ! : C:\Qoobox\Quarantine\C\Documents and Settings\Daniel.VERBEKE\Application Data\drivers\downld\642843.exe.vir
# Taille : 878596 # MD5 : 1442D66C31D85D54A23D8624745975E2
File was renamed : 642843.exe.vir.REN

Suspect ! : C:\Qoobox\Quarantine\C\Documents and Settings\Daniel.VERBEKE\Application Data\drivers\downld\671718.exe.vir
# Taille : 878596 # MD5 : 1442D66C31D85D54A23D8624745975E2
File was renamed : 671718.exe.vir.REN

Suspect ! : C:\Qoobox\Quarantine\C\Documents and Settings\Daniel.VERBEKE\Application Data\drivers\downld\95953.exe.vir
# Taille : 878596 # MD5 : 1442D66C31D85D54A23D8624745975E2
File was renamed : 95953.exe.vir.REN

Suspect ! : C:\Qoobox\Quarantine\C\Documents and Settings\Daniel.VERBEKE\Application Data\drivers\downld\97859.exe.vir
# Taille : 878596 # MD5 : 1442D66C31D85D54A23D8624745975E2
File was renamed : 97859.exe.vir.REN

Deleted ! : C:\Qoobox\Quarantine\C\Documents and Settings\Daniel.VERBEKE\Application Data\drivers\winupgro.exe.vir
# Taille : 868352 # MD5 : 6F2C848D66D1404288C8BA9787D8155E

Suspect ! : C:\Qoobox\Quarantine\C\Documents and Settings\Daniel.VERBEKE\Application Data\m\data.oct.vir
# Taille : 868352 # MD5 : A4AB9353936FC50279DAAA3DB23AB02F
File was renamed : data.oct.vir.REN

Deleted ! : C:\Qoobox\Quarantine\C\Program Files\TomTom HOME 2\TomTomHOMERunner.exe.vir
# Taille : 868352 # MD5 : 6F2C848D66D1404288C8BA9787D8155E


################## [ Corrupted files # Re-Installation required ]

C:\Program Files\Alwil Software\Avast4\ashAvast.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashLogV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashPopWz.exe
C:\Program Files\Alwil Software\Avast4\ashQuick.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashSimp2.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashSkPcc.exe
C:\Program Files\Alwil Software\Avast4\ashSkPck.exe
C:\Program Files\Alwil Software\Avast4\ashUpd.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\aswRegSvr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\sched.exe
C:\Program Files\Alwil Software\Avast4\VisthLic.exe
C:\Program Files\Alwil Software\Avast4\VisthUpd.exe
C:\Program Files\BitComet\Downloads\ComboFix.exe
C:\Program Files\BitComet\Downloads\SUPERAntiSpyware.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\trend micro\Daniel.exe
C:\Program Files\trend micro\hijackthis.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe

################################### [ Cracks / Keygens / Serials ]

# -> Nothing found !

################## [ ! End of Report # FindyKill V4.731 ! ]

voici le rapport Combofix

ComboFix 09-05-30.04 - Daniel 31/05/2009 21:32.6 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.657 [GMT 2:00]
Lancé depuis: c:\documents and settings\Daniel.VERBEKE\Bureau\123.exe
Commutateurs utilisés :: c:\documents and settings\Daniel.VERBEKE\Bureau\CFScript.txt
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-04-28 au 2009-05-31 ))))))))))))))))))))))))))))))))))))
.

2009-05-31 18:19 . 2009-05-31 18:48 -------- d-----w- C:\FindyKill
2009-05-31 12:45 . 2009-05-31 12:46 -------- d-----w- C:\32788R22FWJFW.0.tmp
2009-05-31 11:53 . 2009-05-31 12:55 -------- d-----w- c:\program files\trend micro
2009-05-31 11:25 . 2009-05-31 11:25 -------- d-----w- C:\rsit
2009-05-31 09:37 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-05-31 09:37 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-05-31 09:37 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-05-31 08:54 . 2009-05-31 08:54 -------- d-----w- c:\program files\ESET
2009-05-30 07:15 . 2009-05-30 07:38 -------- d-----w- c:\program files\MediaCoder 3GP Edition
2009-05-25 16:12 . 2009-05-25 16:12 -------- d-----w- c:\documents and settings\Daniel.VERBEKE\Application Data\Canon
2009-05-16 18:22 . 2009-05-16 18:22 -------- d-----w- c:\program files\iPod
2009-05-16 18:22 . 2009-05-16 18:23 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-16 17:58 . 2009-05-16 17:58 75048 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 18:25 . 2002-08-30 12:00 94800 ----a-w- c:\windows\system32\perfc00C.dat
2009-05-31 18:25 . 2002-08-30 12:00 557990 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-31 16:30 . 2008-03-30 17:22 -------- d-----w- c:\program files\TomTom HOME 2
2009-05-30 21:10 . 2008-08-25 12:25 -------- d-----w- c:\program files\adslTV
2009-05-26 19:03 . 2007-01-28 18:16 -------- d-----w- c:\program files\Quoiquipasse
2009-05-25 07:48 . 2006-08-31 18:12 -------- d-----w- c:\documents and settings\Daniel.VERBEKE\Application Data\uTorrent
2009-05-16 18:23 . 2006-12-04 14:13 -------- d-----w- c:\program files\iTunes
2009-05-16 18:22 . 2008-01-06 08:24 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-05-08 15:38 . 2009-05-08 15:38 43 ----a-w- c:\documents and settings\Daniel.VERBEKE\Application Data\~ygw.tmp
2009-04-27 19:13 . 2009-04-27 19:13 299352 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-04-18 19:12 . 2009-04-18 19:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2009-04-18 19:12 . 2009-04-18 19:12 69664 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-04-18 19:12 . 2009-04-18 19:12 274792 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-04-18 19:12 . 2009-04-18 19:12 73064 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-04-18 19:11 . 2009-04-18 19:11 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-04-18 19:11 . 2003-09-13 19:34 -------- d-----w- c:\program files\Lavasoft
2009-04-05 12:21 . 2009-04-05 12:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-04-05 12:18 . 2009-04-05 12:18 -------- d-----w- c:\program files\Bonjour
2009-04-05 12:18 . 2008-11-26 19:05 -------- d-----w- c:\program files\QuickTime
2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 14:32 . 2008-01-29 10:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-05 21:59 . 2009-04-05 12:12 1900544 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-03-05 21:59 . 2008-10-18 16:08 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-03-03 19:01 . 2009-03-03 19:01 45 ---h--w- c:\windows\dsez1263.dat
2005-05-25 18:22 . 2005-05-25 18:22 7 ----a-w- c:\program files\nomutil.txt
2001-09-30 04:32 . 2003-04-14 15:02 20110 ----a-w- c:\program files\NOTES_DE_VERSION.TXT
2001-09-30 04:32 . 2003-04-14 15:02 27135 ----a-w- c:\program files\GNU_LICENSE.TXT
2001-09-30 04:31 . 2003-04-14 15:02 10326 ----a-w- c:\program files\LISEZMOI.TXT
2001-09-29 11:20 . 2003-04-14 15:02 331 ----a-w- c:\program files\NIS.INI
2001-09-29 11:20 . 2003-04-14 15:02 380928 ----a-w- c:\program files\CDSTART.EXE
2001-09-29 11:20 . 2003-04-14 15:02 2949120 ----a-w- c:\program files\BOOTIMG.BIN
2001-09-29 11:20 . 2003-04-14 15:02 2048 ----a-w- c:\program files\BOOTCAT.BIN
2001-09-29 11:20 . 2003-04-14 15:02 2949120 ----a-w- c:\program files\Virtual Floppy Image
2001-09-29 11:20 . 2003-04-14 15:02 2048 ----a-w- c:\program files\BootCatalog
2002-07-31 17:55 . 2006-04-22 13:18 108 --sh--w- c:\windows\WSYS049.SYS
2006-05-03 10:06 . 2008-01-19 19:42 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2008-01-19 19:42 31744 --sh--r- c:\windows\system32\msfDX.dll
2007-06-26 16:17 . 2007-06-26 13:10 1164245 --sh--w- c:\windows\system32\tttss.tmp
.

((((((((((((((((((((((((((((( SnapShot@2009-05-31_16.36.38 )))))))))))))))))))))))))))))))))))))))))
.
- 2002-08-30 12:00 . 2009-05-31 09:33 78456 c:\windows\system32\perfc009.dat
+ 2002-08-30 12:00 . 2009-05-31 18:25 78456 c:\windows\system32\perfc009.dat
+ 2002-08-30 12:00 . 2009-05-31 18:25 480344 c:\windows\system32\perfh009.dat
- 2002-08-30 12:00 . 2009-05-31 09:33 480344 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-22 1591808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-10-12 294912]
"VadeRetro Desktop"="c:\program files\Goto Software\Vade Retro\Vaderetro_Mgr.exe" [2008-05-26 1078272]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-08-12 185896]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-25 516440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-05-31 81000]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2002-08-15 46592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

c:\documents and settings\Daniel.VERBEKE\Menu D‚marrer\Programmes\D‚marrage\
ChkDisk.dll [2009-5-8 24064]
ChkDisk.lnk - c:\windows\system32\rundll32.exe [2004-8-19 33792]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^AutoStart IR.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\AutoStart IR.lnk
backup=c:\windows\pss\AutoStart IR.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^E-Compagnon.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\E-Compagnon.lnk
backup=c:\windows\pss\E-Compagnon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^GStartup.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\GStartup.lnk
backup=c:\windows\pss\GStartup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Daniel.VERBEKE^Menu Démarrer^Programmes^Démarrage^ChkDisk.dll]
path=c:\documents and settings\Daniel.VERBEKE\Menu Démarrer\Programmes\Démarrage\ChkDisk.dll
backup=c:\windows\pss\ChkDisk.dllStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Daniel.VERBEKE^Menu Démarrer^Programmes^Démarrage^ChkDisk.lnk]
path=c:\documents and settings\Daniel.VERBEKE\Menu Démarrer\Programmes\Démarrage\ChkDisk.lnk
backup=c:\windows\pss\ChkDisk.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Daniel.VERBEKE^Menu Démarrer^Programmes^Démarrage^HcwSyncIt.lnk]
path=c:\documents and settings\Daniel.VERBEKE\Menu Démarrer\Programmes\Démarrage\HcwSyncIt.lnk
backup=c:\windows\pss\HcwSyncIt.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Daniel.VERBEKE^Menu Démarrer^Programmes^Démarrage^Last.fm Helper.lnk]
path=c:\documents and settings\Daniel.VERBEKE\Menu Démarrer\Programmes\Démarrage\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Documents and Settings\\Catherine.VERBEKE.000\\Bureau\\Gym\\incredimail_install.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MyVideoSoft\\myvideosoft.exe"=
"c:\\Program Files\\Namo\\WebEditor 5 Trial\\bin\\WebEditor.exe"=
"c:\\Program Files\\LeechFTP\\Leechftp.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"c:\\Program Files\\adslTV\\adsltv.exe"=
"c:\\Program Files\\adslTV\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16820:TCP"= 16820:TCP:BitComet 16820 TCP
"16820:UDP"= 16820:UDP:BitComet 16820 UDP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18/04/2009 21:12 64160]
R2 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [04/04/2008 16:38 188416]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [08/04/2009 12:38 92008]
S1 aswSP;avast! Self Protection; [x]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
S2 CYUSB;Cypress Generic USB Driver;c:\windows\system32\DRIVERS\CyUsb.sys --> c:\windows\system32\DRIVERS\CyUsb.sys [?]
S2 EZUSBDEV;Cypress General Purpose USB Driver w/ Keil Monitor (ezmon.sys);c:\windows\system32\Drivers\ezmon.sys --> c:\windows\system32\Drivers\ezmon.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 953168]
S3 CEBDADTV;C&E DVB-T device;c:\windows\system32\drivers\CEBDA150.sys [05/07/2006 18:57 75520]
S3 ec88c80b-d3c3-41b5-a5e8-a5591b66fd01;ec88c80b-d3c3-41b5-a5e8-a5591b66fd01;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?]
S3 ForteUSB;NGS USB Driver Service;c:\windows\system32\drivers\ForteUSB.sys [30/12/2004 16:45 10658]
S3 HCW77BDA;Hauppauge Nova-T Stick DVB-T Tuner;c:\windows\system32\drivers\hcw70bda.sys [26/03/2007 17:13 118850]
S3 hcw99rc;Hauppauge Nova-DT IR Driver;c:\windows\system32\drivers\hcw99rc.sys [26/03/2007 17:14 56792]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
.
Contenu du dossier 'Tâches planifiées'

2009-05-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 19:12]

2009-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.free.fr/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Barre RoboForm - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Enregistrer le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Personnaliser le menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Remplir le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-31 21:41
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\cfexefile\DefaultIcon]
@DACL=(02 0000)
@SACL=
@="%1"

[HKEY_LOCAL_MACHINE\software\Classes\cfexefile\shell]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\cfexefile\shellex]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,2d,d9,df,60,1f,
02,95,56,e2,63,26,f1,3f,c8,ff,68,96,75,16,e4,b1,18,2c,a2,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,e9,37,ee,0c,bd,
37,b1,20,6a,9c,d6,61,af,45,84,18,2c,fc,81,3e,9a,4b,a2,ec,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,42,6a,05,4a,7b,
f7,0d,c4,ff,7c,85,e0,43,d4,0e,fe,e1,a8,c4,38,82,ca,45,e7,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,8b,65,21,ad,48,
8f,d6,4e,86,8c,21,01,be,91,eb,e7,b6,a0,62,26,29,ae,07,f9,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,d8,8e,40,f1,32,
c3,4e,b0,f5,1d,4d,73,a8,13,5c,05,d4,00,cc,7c,5b,66,76,45,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,bf,e2,15,26,31,
93,63,41,df,20,58,62,78,6b,cf,c8,ec,4a,00,c3,af,01,b7,28,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,a5,42,07,92,79,
fb,ee,0f,fb,a7,78,e6,12,2f,9a,ea,d6,1f,d4,b6,f0,48,33,96,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,a2,34,f6,e1,6a,
b7,ff,b0,01,3a,48,fc,e8,04,4a,f1,61,50,3f,d6,60,cc,f7,3a,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,41,ae,ed,e1,de,
71,c8,dd,f6,0f,4e,58,98,5b,89,c9,e6,7d,58,08,56,66,21,53,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,c4,20,9e,de,e5,
68,be,39,3d,ce,ea,26,2d,45,aa,78,ee,7f,6e,3a,de,eb,cb,97,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,62,3c,d3,50,9a,
35,81,87,2a,b7,cc,b5,b9,7f,41,e7,7f,9e,c5,4a,6e,ac,9d,7f,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,09,3c,42,82,d7,
57,9d,54,6c,43,2d,1e,aa,22,2f,9c,f9,2f,e2,ce,ff,4d,99,a4,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(3760)
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2009-05-31 21:45
ComboFix-quarantined-files.txt 2009-05-31 19:45
ComboFix2.txt 2009-05-31 16:49

Avant-CF: 12 776 071 168 octets libres
Après-CF: 12 761 571 328 octets libres

283 --- E O F --- 2009-01-15 02:04

Bonjour,

J'ai réussi à remettre mon antivirus et l'ordi fonctionne correctement.

Très bien.

Juste un petit résidu encore.

fait ceci.

Télécharge >>OTMoveIt3<< (de Old_Timer) sur ton Bureau.

Pour VISTA : Clic-droit et choisis "Exécuter en tant qu'administrateur".

AVAST reconnait ce logiciel comme un intrus, donc le désactiver le temps des manipulations.

Double-clique sur OTMoveIt3.exe pour le lancer.

Copie la liste qui se trouve en citation ci-dessous:

et colle-la dans le cadre de gauche de OTMoveIt3



Clique sur pour lancer la suppression.
attendre la fin du travail de l'outil puis fermer OTMoveIt3.

Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles\*******_******.log


NB: Il te sera peut-être demandé de redémarrer le pc pour achever la suppression.
si c'est le cas accepte par Oui/Yes.



Ensuite ceci.

Installe Malewarebytes' Antimalware,
Téléchargement et tuto

Met-le à jour puis passe en mode sans échec :
http://www.pcloisirs.eu/mode_sans_echec.htm

Choisi, Exécuter un examen complet (environ 1 à 2 heures)
Si une infection est trouvée, coche la case a coté et valides avec l’Onglet Supprimer la sélection

Poste le rapport final.
il est conseillé de désactivé Tea-Timer si tu as Spybot-S&D juste le temps du scan.

voici le rapport moveit

========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^GStartup.lnk\\ not found.
Registry key HKLM\~\startupfolder\C:^Documents and Settings^Daniel.VERBEKE^Menu Démarrer^Programmes^Démarrage^ChkDisk.dll\\ not found.
Registry key HKLM\~\startupfolder\C:^Documents and Settings^Daniel.VERBEKE^Menu Démarrer^Programmes^Démarrage^ChkDisk.lnk\\ not found.
Registry key HKLM\~\startupfolder\C:^Documents and Settings^Daniel.VERBEKE^Menu Démarrer^Programmes^Démarrage^HcwSyncIt.lnk\\ not found.
Registry key HKLM\~\startupfolder\C:^Documents and Settings^Daniel.VERBEKE^Menu Démarrer^Programmes^Démarrage^Last.fm Helper.lnk\\ not found.
Registry key HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List not found.
========== FILES ==========
c:\windows\pss moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\DANIEL~1.VER\LOCALS~1\Temp\Perflib_Perfdata_7f4.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\DANIEL~1.VER\LOCALS~1\Temp\~DF5E0D.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Daniel.VERBEKE\Local Settings\Temporary Internet Files\Content.IE5\LPEFJ22A\st[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Daniel.VERBEKE\Local Settings\Temporary Internet Files\Content.IE5\8VY00NN2\st[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Daniel.VERBEKE\Local Settings\Temporary Internet Files\Content.IE5\8VY00NN2\_page_recommend[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Daniel.VERBEKE\Local Settings\Temporary Internet Files\Content.IE5\8T4W8Y2W\messageswithpost-5768221[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Daniel.VERBEKE\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Daniel.VERBEKE\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_624.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 06012009_120439

Files moved on Reboot...
File C:\DOCUME~1\DANIEL~1.VER\LOCALS~1\Temp\Perflib_Perfdata_7f4.dat not found!
C:\DOCUME~1\DANIEL~1.VER\LOCALS~1\Temp\~DF5E0D.tmp moved successfully.
C:\Documents and Settings\Daniel.VERBEKE\Local Settings\Temporary Internet Files\Content.IE5\LPEFJ22A\st[1] moved successfully.
C:\Documents and Settings\Daniel.VERBEKE\Local Settings\Temporary Internet Files\Content.IE5\8VY00NN2\st[1] moved successfully.
C:\Documents and Settings\Daniel.VERBEKE\Local Settings\Temporary Internet Files\Content.IE5\8VY00NN2\_page_recommend[1].htm moved successfully.
C:\Documents and Settings\Daniel.VERBEKE\Local Settings\Temporary Internet Files\Content.IE5\8T4W8Y2W\messageswithpost-5768221[1].htm moved successfully.
C:\Documents and Settings\Daniel.VERBEKE\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_624.dat moved successfully.

Voici le rapport Malwarebyte

Malwarebytes' Anti-Malware 1.37
Version de la base de données: 2206
Windows 5.1.2600 Service Pack 3

01/06/2009 17:16:32
mbam-log-2009-06-01 (17-16-32).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 278156
Temps écoulé: 4 hour(s), 48 minute(s), 17 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\Qoobox\quarantine\C\documents and settings\daniel.verbeke\application data\drivers\srosa2.sys.vir (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5957efba-0526-4a10-8c4c-27858b3c672a}\RP54\A0010352.exe (Rogue.WinDefender) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5957efba-0526-4a10-8c4c-27858b3c672a}\RP70\A0015344.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5957efba-0526-4a10-8c4c-27858b3c672a}\RP70\A0015360.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5957efba-0526-4a10-8c4c-27858b3c672a}\RP70\A0015535.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5957efba-0526-4a10-8c4c-27858b3c672a}\RP70\A0015558.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5957efba-0526-4a10-8c4c-27858b3c672a}\RP70\A0015598.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5957efba-0526-4a10-8c4c-27858b3c672a}\RP71\A0015662.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5957efba-0526-4a10-8c4c-27858b3c672a}\RP71\A0015713.dll (Trojan.BHO) -> Delete on reboot.
c:\system volume information\_restore{5957efba-0526-4a10-8c4c-27858b3c672a}\RP71\A0015983.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5957efba-0526-4a10-8c4c-27858b3c672a}\RP71\A0016313.dll (Worm.Autorun) -> Delete on reboot.
c:\_otmoveit\movedfiles\06012009_120439\windows\pss\ChkDisk.dllStartup (Worm.Autorun) -> Quarantined and deleted successfully.

Ok très bien.

Comment vas ton pc maintenant?

Bonjour,

Il m'a l'air d'être en meilleure forme que dimanche.

Un grand merci pour le coup de main.

Si tout va bien fait ceci.

Fait ceci pour supprimer les logiciels qui ont servis à cette désinfection.




Ensuite::

Maintenant on va mettre la restauration du système propre.
Pour cela:
1- Valides les touches Windows et Pause en même temps.
Sur cette fenêtre coche cette case :


Valide cela par l’onglet APPLIQUER et acceptes la demande sur la fenêtre que vas s’afficher.

Après quelques instants décoche cette même case et valides cela par l’onglet APPLIQUER .

Il te faut donc maintenant recrée un nouveau point de restauration.

2-Démarrer >exécuter et tapes.
Restore/rstrui.exe



Valides dans la fenêtre qui apparait : Créer un point de restauration


Puis Suivant et donne un nom au nouveau point de restauration : Valide :



L'écran suivant doit vous prévenir que le point de restauration a été créé avec succès.
Cliquez sur "Fermer" dans la prochaine fenêtre pour sortir de l'utilitaire.


ET::

un peu de lecture sur la manière de protéger ton surf et ton ordi.

un Compte Utilisateur limité accroît la sécurité de l'ordinateur.

quelques mesures préventives pour surfer couvert.

comment éviter les imprudences d'installation.

Reconnaitre et éviter les infections Msn

ET::

Clique sur puis à la suite de ton titre marque : RESOLU

voici le rapport Toolsclean

[ Rapport ToolsCleaner version 2.3.5 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\FindyKill.txt: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\FindyKill: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\Daniel.VERBEKE\Bureau\FindyKill.txt: trouvé !
C:\Documents and Settings\Daniel.VERBEKE\Menu Démarrer\Programmes\FindyKill: trouvé !
C:\Program Files\BitComet\Downloads\ComboFix.exe: trouvé !
C:\Program Files\BitComet\Downloads\OTMoveIt3.exe: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !

tu peux supprimer ce que Toolsclean a trouvé.