Se connecter avec
S'enregistrer | Connectez-vous
Votre question

[Résolu] Pages internets très longues à afficher

Tags :
Dernière réponse : dans Sécurité et virus
Partagez
20 Mars 2010 14:58:40

Bonjour !

je pense que j'ai un ch'tit problème sur mon pc... depuis ce matin j'ai l'ouverture de mes pages internet qui sont très très longues.

Ci joint un rapport hijackthis si un gentil st bernard peut venir à mon aide... merci d'avance !!!

Bonjour !

Un petit soucis sur mon pc depuis ce matin... j'ai mes pages internet qui mettent un temps énorme à s'ouvrir... ça ne me parait pas normal du tout.

Voici un rapport hijackthis si quelqu'un peu me donner un ch'tit coup d'main !

Merci d'avance ! :bounce: 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:41:47, on 20/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\Program Files\UltraVNC\repeater.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\Philips\SPC220NC\Monitor.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\Philips\SPC220NC\Monitor.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SGPUpdater] C:\Program Files\Search Guard PlusU\sgpUpdaters.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)" -"http://jeuxenligne.jeux.fr/gameshell/app/gameshell.aspx..."
O4 - Startup: syspck32.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/Install...
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/F...
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.ca...
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applications/pconnector...
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sourc...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - http://nathaliede.spaces.live.com/PhotoUpload/MsnPUpld....
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD3D5E1A-B6F9-4C0C-93A4-C75F82D40484}: NameServer = 192.168.1.1
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
O23 - Service: repeater_service - - C:\Program Files\UltraVNC\repeater.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13240 bytes
a b 8 Sécurité
20 Mars 2010 15:04:00

Bonjour,

  • Désinstalle pdfforge Toolbar.

  • Télécharge Ad-Remover (de C_XX) sur ton Bureau.
  • Déconnecte-toi et ferme toutes applications en cours.
  • Double-clique sur AD-R situé sur ton Bureau pour le lancer.
  • Choisis Nettoyer puis valide.
  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
    20 Mars 2010 17:35:05

    Bonjour Helper et merci pour ton aide...

    Jai desinstallé Pdfforge toolbar. Par contre, impossible d'aller jusqu'au bout d'Ad-remover au bout de 30 % il m'indique un message d'erreur : line -1 : error : variable used without being declared...

    Merci encore
    Contenus similaires
    a b 8 Sécurité
    20 Mars 2010 18:32:03

    Retélécharge-le puis réessaie.
    20 Mars 2010 19:47:58

    même chose ça reste bloqué à 30 %..
    a b 8 Sécurité
    20 Mars 2010 20:14:53

    Avec le même message d'erreur ?

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    21 Mars 2010 09:20:55

    bonjour !!

    Voici le rapport MBAM :

    Malwarebytes' Anti-Malware 1.44
    Version de la base de données: 3888
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    21/03/2010 09:19:51
    mbam-log-2010-03-21 (09-19-51).txt

    Type de recherche: Examen rapide
    Eléments examinés: 172727
    Temps écoulé: 6 hour(s), 29 minute(s), 16 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\drivers\yrciudam.sys (Rootkit.Agent) -> Delete on reboot.
    C:\Documents and Settings\utilisateur1\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
    a b 8 Sécurité
    21 Mars 2010 14:26:35

  • Relance MBAM, va dans Quarantaine et supprime tout.

    [#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    21 Mars 2010 20:26:56

    bonsoir,

    Voici le rapport de combofix. Mes pages internet mettent toujours au moins 5mn à arriver.... c'est la cata !!! snif :

    ComboFix 10-03-20.04 - utilisateur1 21/03/2010 15:35:10.2.1 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2046.1495 [GMT 1:00]
    Lancé depuis: C:\Documents and Settings\utilisateur1\Bureau\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: avast! antivirus 4.7.1001 [VPS 000747-3] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: ZoneAlarm Antivirus *On-access scanning enabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
    FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    * Un antivirus résident est actif

    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\marion\Application Data\Dossier de téléchargement Share-to-Web
    C:\Documents and Settings\televente\Application Data\Dossier de téléchargement Share-to-Web
    C:\Documents and Settings\utilisateur1\Application Data\Dossier de téléchargement Share-to-Web
    C:\Program Files\Search Guard Plus
    C:\Program Files\Search Guard Plus\fbsProtection.xml
    C:\Program Files\Search Guard Plus\fbsSearchProvider.xml
    C:\Program Files\Search Guard Plus\FbsSearchProviderIE8.exe
    C:\Program Files\Search Guard Plus\SearchGuardPlus.ico
    C:\Program Files\Search Guard Plus\uninstalSGP.exe
    C:\Program Files\Search Guard PlusU
    C:\Program Files\Search Guard PlusU\SGPU.ico
    C:\Program Files\Search Guard PlusU\sgpUpdater.exe
    C:\Program Files\Search Guard PlusU\sgpUpdater.xml
    C:\Program Files\Search Guard PlusU\sgpUpdaters.exe
    C:\Program Files\Search Guard PlusU\Tmp\removesgp.exe
    C:\Program Files\Search Guard PlusU\Tmp\removesgp0.exe
    C:\Program Files\Search Guard PlusU\uninstalSGPU.exe
    C:\Program Files\SGPSA
    C:\Program Files\SGPSA\SearchAssistant.dll
    C:\WINDOWS\system32\AVSredirect.dll
    C:\WINDOWS\system32\fjhdyfhsn.bat
    .
    ---- Exécution préalable -------
    .
    C:\Documents and Settings\utilisateur1\Application Data\Dossier de téléchargement Share-to-Web \Asterix---Obelix-XXL-2---Mission-Ouifix.nds.torrent
    C:\Documents and Settings\utilisateur1\Application Data\Dossier de téléchargement Share-to-Web \utorrent.exe
    C:\InfoSat.txt
    C:\Program Files\Internet Explorer\fxavx.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BOONTY_GAMES
    -------\Legacy_M_HOOK
    -------\Legacy_BOONTY_GAMES
    -------\Service_Boonty Games


    ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-21 au 2010-03-21 ))))))))))))))))))))))))))))))))))))
    .

    2010-03-21 18:06:18 . 2010-03-21 18:06:18 -------- d-----w- C:\Documents and Settings\utilisateur1\Application Data\Dossier de téléchargement Share-to-Web
    2010-03-21 18:06:18 . 2010-03-21 18:06:18 -------- d-----w- C:\Documents and Settings\utilisateur1\Application Data\Dossier de téléchargement Share-to-Web
    2010-03-21 10:05:55 . 2010-03-21 10:05:55 -------- d-----w- C:\Documents and Settings\utilisateur1\temp
    2010-03-21 10:05:26 . 2010-03-21 10:05:29 -------- d-----w- C:\Documents and Settings\utilisateur1\Application Data\TeamViewer
    2010-03-20 14:30:42 . 2010-03-20 18:01:10 -------- d-----w- C:\Ad-Remover
    2010-03-19 20:46:04 . 2007-01-18 12:00:28 3968 ----a-w- C:\WINDOWS\system32\drivers\AvgArCln.sys
    2010-03-19 19:27:05 . 2010-03-19 19:27:05 -------- d-----w- C:\Program Files\Sophos
    2010-03-19 19:25:53 . 2010-03-21 18:07:48 838144 ----a-w- C:\WINDOWS\system32\drivers\yrciudam.sys
    2010-03-19 19:20:42 . 2008-04-13 19:40:58 8192 ----a-w- C:\WINDOWS\system32\drivers\changer.sys
    2010-03-19 19:20:42 . 2008-04-13 19:40:58 8192 ----a-w- C:\WINDOWS\system32\dllcache\changer.sys
    2010-03-18 21:59:54 . 2010-03-18 21:59:54 -------- d-----w- C:\Documents and Settings\utilisateur1\Application Data\Foxit Software
    2010-03-11 06:04:54 . 2009-10-23 15:28:37 3558912 ------w- C:\WINDOWS\system32\dllcache\moviemk.exe
    2010-03-05 17:04:33 . 2010-03-05 17:04:41 59704 ----a-w- C:\Documents and Settings\marion\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-03-05 16:55:41 . 2010-03-05 16:55:41 -------- d-----w- C:\Documents and Settings\marion\Application Data\Search Settings
    2010-03-05 16:55:24 . 2010-03-05 16:56:02 -------- d-----w- C:\Documents and Settings\marion\Application Data\pdfforge
    2010-03-03 07:35:41 . 2010-02-12 10:03:03 293376 ------w- C:\WINDOWS\system32\browserchoice.exe
    2010-02-25 19:33:24 . 2010-03-18 19:34:32 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\Application Data\Nitro PDF
    2010-02-24 20:09:46 . 2010-02-24 20:09:46 -------- d-----w- C:\Documents and Settings\utilisateur1\Application Data\Nitro PDF
    2010-02-24 20:09:05 . 2009-12-18 09:31:10 17728 ----a-w- C:\WINDOWS\system32\nitrolocalui.dll
    2010-02-24 20:09:05 . 2009-12-18 09:30:52 26432 ----a-w- C:\WINDOWS\system32\nitrolocalmon.dll
    2010-02-24 20:08:44 . 2010-02-24 20:08:44 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Nitro PDF
    2010-02-24 20:08:43 . 2010-02-24 20:08:43 -------- d-----w- C:\Program Files\Fichiers communs\Nitro PDF
    2010-02-24 20:08:41 . 2010-02-24 20:08:41 -------- d-----w- C:\Program Files\Nitro PDF
    2010-02-24 20:07:46 . 2010-02-24 20:07:46 -------- d-----w- C:\Documents and Settings\utilisateur1\Application Data\Downloaded Installations
    2010-02-24 19:58:06 . 2010-02-24 19:58:06 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\Application Data\Application Updater

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-03-21 11:37:25 . 2010-01-21 19:12:57 -------- d-----w- C:\Documents and Settings\utilisateur1\Application Data\Software Informer
    2010-03-20 20:15:44 . 2009-11-29 11:24:50 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
    2010-03-19 19:47:32 . 2007-08-29 07:15:57 -------- d-----w- C:\Program Files\Spybot - Search & Destroy
    2010-03-19 19:13:39 . 2010-03-18 22:01:54 12 ----a-w- C:\WINDOWS\system32\config\systemprofile\Application Data\jasltw.dat
    2010-03-18 20:07:09 . 2008-02-08 22:14:43 -------- d-----w- C:\Documents and Settings\utilisateur1\Application Data\uTorrent
    2010-03-10 15:15:35 . 2009-07-18 21:27:38 -------- d-----w- C:\Documents and Settings\utilisateur1\Application Data\MeizuManager
    2010-03-09 21:20:27 . 2007-08-29 07:16:01 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2010-03-08 22:26:53 . 2009-10-05 21:39:27 747464 ----a-w- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-03-06 17:56:57 . 2008-12-24 11:21:30 -------- d-----w- C:\Program Files\uTorrent
    2010-02-25 16:24:15 . 2007-12-28 14:03:17 -------- d-----w- C:\Program Files\JS Nature
    2010-02-24 19:26:37 . 2007-03-18 21:56:10 -------- d-----w- C:\Program Files\PDF Editeur 2
    2010-02-24 09:39:16 . 2007-03-18 21:56:11 73216 ----a-w- C:\WINDOWS\cadkasdeinst01f.exe
    2010-02-19 15:20:11 . 2010-02-19 15:20:11 -------- d-----w- C:\Program Files\eRightSoft
    2010-02-01 05:50:41 . 2008-02-06 17:06:00 664 ----a-w- C:\WINDOWS\system32\d3d9caps.dat
    2010-01-21 19:12:57 . 2010-01-21 19:12:56 -------- d-----w- C:\Program Files\Software Informer
    2010-01-21 06:28:40 . 2008-12-17 11:49:40 -------- d-----w- C:\Program Files\Microsoft Silverlight
    2010-01-13 13:08:42 . 2004-08-20 10:24:14 85396 ----a-w- C:\WINDOWS\system32\perfc00C.dat
    2010-01-13 13:08:42 . 2004-08-20 10:24:14 511874 ----a-w- C:\WINDOWS\system32\perfh00C.dat
    2010-01-07 15:07:14 . 2009-11-29 11:24:55 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2010-01-07 15:07:04 . 2009-11-29 11:24:51 19160 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
    2009-12-31 16:50:03 . 2006-01-30 22:02:05 353792 ----a-w- C:\WINDOWS\system32\drivers\srv.sys
    2009-12-27 10:36:56 . 2008-01-23 14:30:21 4212 ---ha-w- C:\WINDOWS\system32\zllictbl.dat
    2009-12-21 19:07:01 . 2004-08-20 10:24:09 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
    2006-05-28 11:35:20 . 2006-05-28 11:35:26 774144 ----a-w- C:\Program Files\RngInterstitial.dll
    2006-02-03 08:00:57 . 2006-02-03 08:00:57 56 --sh--r- C:\WINDOWS\system32\6316059473.sys
    2006-05-03 10:06:54 . 2010-02-19 15:21:32 163328 --sh--r- C:\WINDOWS\system32\flvDX.dll
    2006-02-03 08:00:57 . 2006-02-03 08:00:53 2516 --sha-w- C:\WINDOWS\system32\KGyGaAvL.sys
    2007-02-21 11:47:16 . 2010-02-19 15:21:33 31232 --sh--r- C:\WINDOWS\system32\msfDX.dll
    2008-03-16 13:30:52 . 2010-02-19 15:21:34 216064 --sh--r- C:\WINDOWS\system32\nbDX.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 19:36:57 68856]
    "Software Informer"="C:\Program Files\Software Informer\softinfo.exe" [2009-11-25 17:50:10 2011205]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Shockwave Updater"="C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 13:40:48 468408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 19:42:54 1404928]
    "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 03:12:00 94208]
    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20:00 122940]
    "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 03:19:34 69632]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 07:35:40 94208]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 07:32:24 77824]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 07:36:20 114688]
    "Monitor"="C:\WINDOWS\Philips\SPC220NC\Monitor.exe" [2006-11-03 09:01:16 319488]
    "Google Quick Search Box"="C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-10 17:06:28 68592]
    "avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 12:08:11 209153]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2009-09-05 00:54:42 417792]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-09 17:11:09 185896]

    C:\Documents and Settings\marion\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

    C:\Documents and Settings\televente\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

    C:\Documents and Settings\utilisateur1\Menu D‚marrer\Programmes\D‚marrage\
    syspck32.exe [2008-4-14 35840]
    wkcalrem.LNK - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2005-1-21 24651]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-10-28 19:21:26 141600 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
    2009-10-17 00:39:40 1037192 ----a-w- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Documents and Settings\\utilisateur1\\Bureau\\Truf\\Truf.exe"=
    "C:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "C:\\WINDOWS\\system32\\mcoinstall.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4672:UDP"= 4672:UDP:udp emule
    "4662:TCP"= 4662:TCP:emule tcp
    "4711:TCP"= 4711:TCP:emule

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMHELPR.SYS [08/06/2006 22:27:40 4064]
    S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\drivers\camdrv21.sys [01/12/2006 21:41:16 223232]
    S3 MEMSWEEP2;MEMSWEEP2;\??\C:\WINDOWS\system32\39.tmp --> C:\WINDOWS\system32\39.tmp [?]

    --- Autres Services/Pilotes en mémoire ---

    *Deregistered* - yrciudam
    .
    Contenu du dossier 'Tâches planifiées'

    2010-02-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34:12 . 2008-07-30 11:34:12]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mWindow Title =
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    TCP: {FD3D5E1A-B6F9-4C0C-93A4-C75F82D40484} = 192.168.1.1
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-Run-SGPUpdater - C:\Program Files\Search Guard PlusU\sgpUpdaters.exe
    SafeBoot-AVG Anti-Spyware Driver
    SafeBoot-sglfb.sys
    SafeBoot-tga.sys
    MSConfigStartUp-AVPCC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe


    a b 8 Sécurité
    21 Mars 2010 20:38:28

    Il manque la fin.
    21 Mars 2010 21:25:17

    je sais... ca tourne depuis + de 2h avec un message : cette fenetre va se fermer merci d'attendre quelque instant.... et ca ne fait rien ce qui fait qu'il doit manquer la fin...
    21 Mars 2010 21:48:36

    autant pour moi voici la fin qui vient de s'afficher :

    ComboFix 10-03-20.04 - utilisateur1 21/03/2010 15:35:10.2.1 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2046.1495 [GMT 1:00]
    Lancé depuis: c:\documents and settings\utilisateur1\Bureau\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: avast! antivirus 4.7.1001 [VPS 000747-3] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: ZoneAlarm Antivirus *On-access scanning enabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
    FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    * Un antivirus résident est actif

    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\marion\Application Data\Dossier de téléchargement Share-to-Web
    c:\documents and settings\televente\Application Data\Dossier de téléchargement Share-to-Web
    c:\documents and settings\utilisateur1\Application Data\Dossier de téléchargement Share-to-Web
    c:\program files\Search Guard Plus
    c:\program files\Search Guard Plus\fbsProtection.xml
    c:\program files\Search Guard Plus\fbsSearchProvider.xml
    c:\program files\Search Guard Plus\FbsSearchProviderIE8.exe
    c:\program files\Search Guard Plus\SearchGuardPlus.ico
    c:\program files\Search Guard Plus\uninstalSGP.exe
    c:\program files\Search Guard PlusU
    c:\program files\Search Guard PlusU\SGPU.ico
    c:\program files\Search Guard PlusU\sgpUpdater.exe
    c:\program files\Search Guard PlusU\sgpUpdater.xml
    c:\program files\Search Guard PlusU\sgpUpdaters.exe
    c:\program files\Search Guard PlusU\Tmp\removesgp.exe
    c:\program files\Search Guard PlusU\Tmp\removesgp0.exe
    c:\program files\Search Guard PlusU\uninstalSGPU.exe
    c:\program files\SGPSA
    c:\program files\SGPSA\SearchAssistant.dll
    c:\windows\system32\AVSredirect.dll
    c:\windows\system32\fjhdyfhsn.bat
    .
    ---- Exécution préalable -------
    .
    c:\documents and settings\utilisateur1\Application Data\Dossier de téléchargement Share-to-Web \Asterix---Obelix-XXL-2---Mission-Ouifix.nds.torrent
    c:\documents and settings\utilisateur1\Application Data\Dossier de téléchargement Share-to-Web \utorrent.exe
    C:\InfoSat.txt
    c:\program files\Internet Explorer\fxavx.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BOONTY_GAMES
    -------\Legacy_M_HOOK
    -------\Legacy_BOONTY_GAMES
    -------\Service_Boonty Games


    ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-21 au 2010-03-21 ))))))))))))))))))))))))))))))))))))
    .

    2010-03-21 18:06 . 2010-03-21 18:06 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\Dossier de téléchargement Share-to-Web
    2010-03-21 18:06 . 2010-03-21 18:06 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\Dossier de téléchargement Share-to-Web
    2010-03-21 10:05 . 2010-03-21 10:05 -------- d-----w- c:\documents and settings\utilisateur1\temp
    2010-03-21 10:05 . 2010-03-21 10:05 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\TeamViewer
    2010-03-20 14:30 . 2010-03-20 18:01 -------- d-----w- C:\Ad-Remover
    2010-03-19 20:46 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
    2010-03-19 19:27 . 2010-03-19 19:27 -------- d-----w- c:\program files\Sophos
    2010-03-19 19:25 . 2010-03-21 18:07 838144 ----a-w- c:\windows\system32\drivers\yrciudam.sys
    2010-03-19 19:20 . 2008-04-13 19:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
    2010-03-19 19:20 . 2008-04-13 19:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
    2010-03-18 21:59 . 2010-03-18 21:59 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\Foxit Software
    2010-03-11 06:04 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
    2010-03-05 17:04 . 2010-03-05 17:04 59704 ----a-w- c:\documents and settings\marion\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-03-05 16:55 . 2010-03-05 16:55 -------- d-----w- c:\documents and settings\marion\Application Data\Search Settings
    2010-03-05 16:55 . 2010-03-05 16:56 -------- d-----w- c:\documents and settings\marion\Application Data\pdfforge
    2010-03-03 07:35 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
    2010-02-25 19:33 . 2010-03-18 19:34 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Nitro PDF
    2010-02-24 20:09 . 2010-02-24 20:09 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\Nitro PDF
    2010-02-24 20:09 . 2009-12-18 09:31 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
    2010-02-24 20:09 . 2009-12-18 09:30 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
    2010-02-24 20:08 . 2010-02-24 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Nitro PDF
    2010-02-24 20:08 . 2010-02-24 20:08 -------- d-----w- c:\program files\Fichiers communs\Nitro PDF
    2010-02-24 20:08 . 2010-02-24 20:08 -------- d-----w- c:\program files\Nitro PDF
    2010-02-24 20:07 . 2010-02-24 20:07 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\Downloaded Installations
    2010-02-24 19:58 . 2010-02-24 19:58 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-03-21 11:37 . 2010-01-21 19:12 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\Software Informer
    2010-03-20 20:15 . 2009-11-29 11:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-03-19 19:47 . 2007-08-29 07:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-03-19 19:13 . 2010-03-18 22:01 12 ----a-w- c:\windows\system32\config\systemprofile\Application Data\jasltw.dat
    2010-03-18 20:07 . 2008-02-08 22:14 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\uTorrent
    2010-03-10 15:15 . 2009-07-18 21:27 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\MeizuManager
    2010-03-09 21:20 . 2007-08-29 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-03-08 22:26 . 2009-10-05 21:39 747464 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-03-06 17:56 . 2008-12-24 11:21 -------- d-----w- c:\program files\uTorrent
    2010-02-25 16:24 . 2007-12-28 14:03 -------- d-----w- c:\program files\JS Nature
    2010-02-24 19:26 . 2007-03-18 21:56 -------- d-----w- c:\program files\PDF Editeur 2
    2010-02-24 09:39 . 2007-03-18 21:56 73216 ----a-w- c:\windows\cadkasdeinst01f.exe
    2010-02-19 15:20 . 2010-02-19 15:20 -------- d-----w- c:\program files\eRightSoft
    2010-02-01 05:50 . 2008-02-06 17:06 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-01-21 19:12 . 2010-01-21 19:12 -------- d-----w- c:\program files\Software Informer
    2010-01-21 06:28 . 2008-12-17 11:49 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-01-13 13:08 . 2004-08-20 10:24 85396 ----a-w- c:\windows\system32\perfc00C.dat
    2010-01-13 13:08 . 2004-08-20 10:24 511874 ----a-w- c:\windows\system32\perfh00C.dat
    2010-01-07 15:07 . 2009-11-29 11:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-07 15:07 . 2009-11-29 11:24 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-31 16:50 . 2006-01-30 22:02 353792 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-27 10:36 . 2008-01-23 14:30 4212 ---ha-w- c:\windows\system32\zllictbl.dat
    2009-12-21 19:07 . 2004-08-20 10:24 916480 ----a-w- c:\windows\system32\wininet.dll
    2006-05-28 11:35 . 2006-05-28 11:35 774144 ----a-w- c:\program files\RngInterstitial.dll
    2006-02-03 08:00 . 2006-02-03 08:00 56 --sh--r- c:\windows\system32\6316059473.sys
    2006-05-03 10:06 . 2010-02-19 15:21 163328 --sh--r- c:\windows\system32\flvDX.dll
    2006-02-03 08:00 . 2006-02-03 08:00 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2007-02-21 11:47 . 2010-02-19 15:21 31232 --sh--r- c:\windows\system32\msfDX.dll
    2008-03-16 13:30 . 2010-02-19 15:21 216064 --sh--r- c:\windows\system32\nbDX.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 68856]
    "Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-11-25 2011205]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
    "Monitor"="c:\windows\Philips\SPC220NC\Monitor.exe" [2006-11-03 319488]
    "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-10 68592]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-09 185896]

    c:\documents and settings\marion\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

    c:\documents and settings\televente\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

    c:\documents and settings\utilisateur1\Menu D‚marrer\Programmes\D‚marrage\
    syspck32.exe [2008-4-14 35840]
    wkcalrem.LNK - c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2005-1-21 24651]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-10-28 19:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
    2009-10-17 00:39 1037192 ----a-w- c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Documents and Settings\\utilisateur1\\Bureau\\Truf\\Truf.exe"=
    "c:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "c:\\WINDOWS\\system32\\mcoinstall.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4672:UDP"= 4672:UDP:udp emule
    "4662:TCP"= 4662:TCP:emule tcp
    "4711:TCP"= 4711:TCP:emule

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [08/06/2006 22:27 4064]
    S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [01/12/2006 21:41 223232]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\39.tmp --> c:\windows\system32\39.tmp [?]

    --- Autres Services/Pilotes en mémoire ---

    *Deregistered* - yrciudam
    .
    Contenu du dossier 'Tâches planifiées'

    2010-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mWindow Title =
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    TCP: {FD3D5E1A-B6F9-4C0C-93A4-C75F82D40484} = 192.168.1.1
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-Run-SGPUpdater - c:\program files\Search Guard PlusU\sgpUpdaters.exe
    SafeBoot-AVG Anti-Spyware Driver
    SafeBoot-sglfb.sys
    SafeBoot-tga.sys
    MSConfigStartUp-AVPCC - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-03-21 19:06
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    SGPUpdater = c:\program files\Search Guard PlusU\sgpUpdaters.exe??o?caption="Galerie de boutons" visibility="1" e

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\39.tmp"

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\yrciudam]

    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-1015457174-881130128-1800161634-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:bf,1f,af,0f,ff,52,e0,d2,40,de,8e,2a,05,43,a7,6e,6b,ef,30,9f,bf,be,f1,
    21,3b,58,1b,1c,71,07,de,60,54,79,e6,db,1e,e1,36,ee,d1,f6,8f,7a,9d,c1,f0,fa,\
    "??"=hex:2a,b0,63,e8,2d,cf,c5,c2,dc,50,dd,e5,73,c7,04,14

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'explorer.exe'(7968)
    c:\program files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll
    c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\WinSCP\DragExt.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\ZoneLabs\vsmon.exe
    c:\windows\system32\LEXBCES.EXE
    c:\windows\system32\LEXPPS.EXE
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    c:\program files\Avira\AntiVir Desktop\sched.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\drivers\CDAC11BA.EXE
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe
    c:\program files\UltraVNC\repeater.exe
    c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\internet explorer\iexplore.exe
    c:\program files\internet explorer\iexplore.exe
    c:\program files\Windows Live\Messenger\msnmsgr.exe
    c:\program files\Windows Live\Contacts\wlcomm.exe
    c:\program files\internet explorer\iexplore.exe
    c:\program files\Real\RealPlayer\RealPlay.exe
    c:\windows\system32\mstsc.exe
    .
    **************************************************************************
    .
    Heure de fin: 2010-03-21 21:33:37 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-03-21 20:32

    Avant-CF: 22 511 357 952 octets libres
    Après-CF: 23 231 541 248 octets libres

    WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

    Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
    - - End Of File - - BA573F0588B219276B9E223D75992A7F
    a b 8 Sécurité
    21 Mars 2010 22:12:12

    /!\ Seul Nathaliede peut suivre cette procédure /!\

    Désactive toute protection résidente (Antivirus...) !

    ---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

    KillAll::

    Driver::
    MEMSWEEP2

    File::
    c:\documents and settings\utilisateur1\Menu Démarrer\Programmes\Démarrage\syspck32.exe
    c:\windows\system32\config\systemprofile\Application Data\jasltw.dat
    c:\windows\system32\drivers\yrciudam.sys

    Folder::
    c:\documents and settings\marion\Application Data\Search Settings

    Registry::
    [-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
    [-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\yrciudam]

    ---> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes.

    - Colle (CTRL+V) le texte dans le Bloc-notes.
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer.
    - Quitte le Bloc-notes.

    ---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



  • Cela va relancer Combofix : au message qui apparaît, accepte.
  • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
  • Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
  • Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

    ;) 
    22 Mars 2010 07:33:00

    bonjour !

    ci-joint nouveau rapport combofix :

    ComboFix 10-03-21.01 - utilisateur1 21/03/2010 23:20:51.3.1 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2046.1480 [GMT 1:00]
    Lancé depuis: c:\documents and settings\utilisateur1\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\utilisateur1\Bureau\CFScript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: avast! antivirus 4.7.1001 [VPS 000747-3] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: ZoneAlarm Antivirus *On-access scanning enabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
    FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

    FILE ::
    "c:\documents and settings\utilisateur1\Menu Démarrer\Programmes\Démarrage\syspck32.exe"
    "c:\windows\system32\config\systemprofile\Application Data\jasltw.dat"
    "c:\windows\system32\drivers\yrciudam.sys"
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\marion\Application Data\Search Settings
    c:\documents and settings\marion\Application Data\Search Settings\kb130\temp\ws-14683.log
    c:\documents and settings\utilisateur1\Application Data\Dossier de téléchargement Share-to-Web
    c:\documents and settings\utilisateur1\Menu Démarrer\Programmes\Démarrage\syspck32.exe
    c:\windows\system32\config\systemprofile\Application Data\jasltw.dat
    c:\windows\system32\drivers\yrciudam.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MEMSWEEP2
    -------\Legacy_yrciudam
    -------\Service_yrciudam


    ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-22 au 2010-03-22 ))))))))))))))))))))))))))))))))))))
    .

    2010-03-21 18:06 . 2010-03-21 18:06 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\Dossier de téléchargement Share-to-Web
    2010-03-21 10:05 . 2010-03-21 10:05 -------- d-----w- c:\documents and settings\utilisateur1\temp
    2010-03-21 10:05 . 2010-03-21 10:05 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\TeamViewer
    2010-03-20 14:30 . 2010-03-20 18:01 -------- d-----w- C:\Ad-Remover
    2010-03-19 20:46 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
    2010-03-19 19:27 . 2010-03-19 19:27 -------- d-----w- c:\program files\Sophos
    2010-03-19 19:20 . 2008-04-13 19:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
    2010-03-19 19:20 . 2008-04-13 19:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
    2010-03-18 21:59 . 2010-03-18 21:59 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\Foxit Software
    2010-03-11 06:04 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
    2010-03-05 17:04 . 2010-03-05 17:04 59704 ----a-w- c:\documents and settings\marion\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-03-05 16:55 . 2010-03-05 16:56 -------- d-----w- c:\documents and settings\marion\Application Data\pdfforge
    2010-03-03 07:35 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
    2010-02-25 19:33 . 2010-03-18 19:34 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Nitro PDF
    2010-02-24 20:09 . 2010-02-24 20:09 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\Nitro PDF
    2010-02-24 20:09 . 2009-12-18 09:31 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
    2010-02-24 20:09 . 2009-12-18 09:30 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
    2010-02-24 20:08 . 2010-02-24 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Nitro PDF
    2010-02-24 20:08 . 2010-02-24 20:08 -------- d-----w- c:\program files\Fichiers communs\Nitro PDF
    2010-02-24 20:08 . 2010-02-24 20:08 -------- d-----w- c:\program files\Nitro PDF
    2010-02-24 20:07 . 2010-02-24 20:07 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\Downloaded Installations
    2010-02-24 19:58 . 2010-02-24 19:58 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-03-21 21:41 . 2010-01-21 19:12 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\Software Informer
    2010-03-20 20:15 . 2009-11-29 11:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-03-19 19:47 . 2007-08-29 07:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-03-18 20:07 . 2008-02-08 22:14 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\uTorrent
    2010-03-10 15:15 . 2009-07-18 21:27 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\MeizuManager
    2010-03-09 21:20 . 2007-08-29 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-03-08 22:26 . 2009-10-05 21:39 747464 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-03-06 17:56 . 2008-12-24 11:21 -------- d-----w- c:\program files\uTorrent
    2010-02-25 16:24 . 2007-12-28 14:03 -------- d-----w- c:\program files\JS Nature
    2010-02-24 19:26 . 2007-03-18 21:56 -------- d-----w- c:\program files\PDF Editeur 2
    2010-02-24 09:39 . 2007-03-18 21:56 73216 ----a-w- c:\windows\cadkasdeinst01f.exe
    2010-02-19 15:20 . 2010-02-19 15:20 -------- d-----w- c:\program files\eRightSoft
    2010-02-01 05:50 . 2008-02-06 17:06 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-01-21 19:12 . 2010-01-21 19:12 -------- d-----w- c:\program files\Software Informer
    2010-01-21 06:28 . 2008-12-17 11:49 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-01-13 13:08 . 2004-08-20 10:24 85396 ----a-w- c:\windows\system32\perfc00C.dat
    2010-01-13 13:08 . 2004-08-20 10:24 511874 ----a-w- c:\windows\system32\perfh00C.dat
    2010-01-07 15:07 . 2009-11-29 11:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-07 15:07 . 2009-11-29 11:24 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-31 16:50 . 2006-01-30 22:02 353792 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-27 10:36 . 2008-01-23 14:30 4212 ---ha-w- c:\windows\system32\zllictbl.dat
    2006-05-28 11:35 . 2006-05-28 11:35 774144 ----a-w- c:\program files\RngInterstitial.dll
    2006-02-03 08:00 . 2006-02-03 08:00 56 --sh--r- c:\windows\system32\6316059473.sys
    2006-05-03 10:06 . 2010-02-19 15:21 163328 --sh--r- c:\windows\system32\flvDX.dll
    2006-02-03 08:00 . 2006-02-03 08:00 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2007-02-21 11:47 . 2010-02-19 15:21 31232 --sh--r- c:\windows\system32\msfDX.dll
    2008-03-16 13:30 . 2010-02-19 15:21 216064 --sh--r- c:\windows\system32\nbDX.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 68856]
    "Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-11-25 2011205]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
    "Monitor"="c:\windows\Philips\SPC220NC\Monitor.exe" [2006-11-03 319488]
    "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-10 68592]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-09 185896]

    c:\documents and settings\marion\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

    c:\documents and settings\televente\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

    c:\documents and settings\utilisateur1\Menu D‚marrer\Programmes\D‚marrage\
    wkcalrem.LNK - c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2005-1-21 24651]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-10-28 19:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
    2009-10-17 00:39 1037192 ----a-w- c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Documents and Settings\\utilisateur1\\Bureau\\Truf\\Truf.exe"=
    "c:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "c:\\WINDOWS\\system32\\mcoinstall.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4672:UDP"= 4672:UDP:udp emule
    "4662:TCP"= 4662:TCP:emule tcp
    "4711:TCP"= 4711:TCP:emule

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [08/06/2006 22:27 4064]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [29/11/2009 12:37 108289]
    R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [18/12/2009 10:49 188736]
    R2 repeater_service;repeater_service;c:\program files\UltraVNC\repeater.exe [27/06/2007 08:35 176128]
    S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [01/12/2006 21:41 223232]
    S3 SPC220NC;Philips SPC220NC Webcam;c:\windows\system32\drivers\SPC220NC.SYS [08/10/2008 14:56 507136]
    S4 AVPCC;AVP Control Centre Service;"c:\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /service --> c:\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe [?]
    S4 KAVMonitorService;KAV Monitor Service;"c:\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe" /service --> c:\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe [?]
    .
    Contenu du dossier 'Tâches planifiées'

    2010-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mWindow Title =
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    TCP: {FD3D5E1A-B6F9-4C0C-93A4-C75F82D40484} = 192.168.1.1
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-03-22 07:05
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-1015457174-881130128-1800161634-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:bf,1f,af,0f,ff,52,e0,d2,40,de,8e,2a,05,43,a7,6e,6b,ef,30,9f,bf,be,f1,
    21,3b,58,1b,1c,71,07,de,60,54,79,e6,db,1e,e1,36,ee,d1,f6,8f,7a,9d,c1,f0,fa,\
    "??"=hex:2a,b0,63,e8,2d,cf,c5,c2,dc,50,dd,e5,73,c7,04,14

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'explorer.exe'(6156)
    c:\program files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll
    c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\WinSCP\DragExt.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\ZoneLabs\vsmon.exe
    c:\windows\system32\LEXBCES.EXE
    c:\windows\system32\LEXPPS.EXE
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\drivers\CDAC11BA.EXE
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    .
    **************************************************************************
    .
    Heure de fin: 2010-03-22 07:19:19 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-03-22 06:19
    ComboFix2.txt 2010-03-21 20:34

    Avant-CF: 23 239 069 696 octets libres
    Après-CF: 23 196 999 680 octets libres

    Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
    - - End Of File - - 796A4BD39D9A5DBDFF07D56A52F7AD07
    a b 8 Sécurité
    22 Mars 2010 15:50:57

  • Menu Démarrer > Exécuter > Tape ComboFix /uninstall et valide.

  • Réessaie la manip' avec Ad-Remover.
    22 Mars 2010 19:31:31

    Super c'est passé ! voici le rapport :

    .
    ======= RAPPORT D'AD-REMOVER 2.0.0.0,B | UNIQUEMENT XP/VISTA/7 =======
    .
    Mis à jour par C_XX le 19/03/10 à 18:30
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 18:25:47 le 22/03/2010 | Mode normal | Option: CLEAN
    Exécuté de: C:\Ad-Remover\ADR.exe
    SE: Microsoft® Windows XP™ Service Pack 3 - X86
    Nom du PC: DCK0M22J | Utilisateur actuel: utilisateur1 (Administrateur)
    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .
    .
    C:\Documents and Settings\All Users\Application Data\Trymedia
    C:\Documents and Settings\All Users\Application Data\Viewpoint
    C:\Documents and Settings\marion\Application Data\pdfforge
    C:\Documents and Settings\utilisateur1\Application Data\Viewpoint
    C:\Program Files\AGI
    C:\Program Files\Mozilla FireFox\Components\AskSearch.js

    (!) -- Fichiers temporaires supprimés.
    .
    HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{197058E9-09DC-41B4-9D4C-7035E609BECD}
    HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
    HKLM\Software\AskBarDis
    HKLM\Software\Classes\CLSID\{4260e0cc-0f75-462e-88a3-1e05c248bf4c}
    HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
    HKLM\Software\MetaStream
    HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    HKLM\Software\Microsoft\Code Store Database\Distribution Units\CabBuilder
    HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1489E0BE-F7F5-456e-9326-588E3F9A1647}
    HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E09159C-93AC-4690-9415-7C0ED4B70AEB}
    .
    ============== SCAN ADDITIONNEL ==============
    .
    .
    * Internet Explorer Version 8.0.6001.18702 *
    .
    [HKCU\Software\Microsoft\Internet Explorer\Main]
    .
    AutoHide: yes
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Do404Search: 0x01000000
    Enable Browser Extensions: yes
    Local Page: C:\WINDOWS\SYSTEM32\blank.htm
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Show_ToolBar: yes
    Start Page: hxxp://fr.msn.com/
    .
    [HKLM\Software\Microsoft\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Local Page: C:\WINDOWS\SYSTEM32\blank.htm
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/
    .
    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    .
    Tabs: res://ieframe.dll/tabswelcome.htm
    Blank: res://mshtml.dll/blank.htm
    .
    ============== SUSPECT(S) ==============
    .
    C:\Documents and Settings\utilisateur1\Application Data\uTorrent\The Legend of Zelda - Spirit Tracks patché Supercard slot 2.rar.torrent
    C:\Documents and Settings\utilisateur1\Application Data\uTorrent\xpa-lzst-cracked.rar.torrent
    C:\Documents and Settings\utilisateur1\Mes documents\Downloads\Les Sims 2 la Totale\02 - Patch pour les Sims 2\thesims2_update.exe
    C:\Documents and Settings\utilisateur1\Mes documents\Downloads\Les Sims 2 la Totale\04 - Académie\crack\The Sims 2 - University (EURO) MI.rar
    C:\Documents and Settings\utilisateur1\Mes documents\Downloads\Les Sims 2 la Totale\05 - Patch pour les Sims 2 Académie\sims2ep1_patch.exe
    C:\Documents and Settings\utilisateur1\Mes documents\Downloads\Les Sims 2 la Totale\07 - Patch pour les Sims 2 Nuits de Folie\sims2ep2_patch.exe
    C:\Documents and Settings\utilisateur1\Mes documents\Downloads\Les Sims 2 la Totale\08 - La Bonne Affaire\crack\rld-sofb.rar
    C:\Documents and Settings\utilisateur1\Mes documents\Downloads\Les Sims 2 la Totale\09 - Patch pour les Sims 2 La Bonne Affaire\sims2ep3_patch.exe
    C:\Documents and Settings\utilisateur1\Mes documents\Downloads\Les Sims 2 la Totale\11 - Patch pour les Sims 2 Fun en Famille\sims2sp1_patch.exe
    C:\Documents and Settings\utilisateur1\Mes documents\Downloads\The Legend of Zelda - Spirit Tracks patché Supercard slot 2.rar
    C:\Documents and Settings\utilisateur1\Mes documents\Downloads\xpa-lzst-cracked.rar
    C:\Documents and Settings\utilisateur1\Mes documents\EA Games\Les Sims 2\teléchargement fichier\Patch_pr_coce.rar
    C:\Documents and Settings\utilisateur1\Mes documents\Téléchargements\patch51.exe
    .
    ========================================
    .
    C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp: 3 Fichier(s), 4 Dossier(s)
    C:\WINDOWS\temp: 11 Fichier(s), 5 Dossier(s)
    Temporary Internet Files: 2 Fichier(s), 11 Dossier(s)
    .
    C:\Ad-Remover\Quarantine: 1 Fichier(s)
    C:\Ad-Remover\Backup: 25 Fichier(s)
    .
    C:\Ad-Report-CLEAN[1].txt - 510 Octet(s)
    C:\Ad-Report-CLEAN[2].txt - 510 Octet(s)
    C:\Ad-Report-CLEAN[3].txt - 510 Octet(s)
    C:\Ad-Report-CLEAN[4].txt - 510 Octet(s)
    C:\Ad-Report-CLEAN[5].txt - 5029 Octet(s)
    .
    Fin à: 18:44:34, 22/03/2010
    .
    ============== E.O.F - CLEAN[5] ==============
    a b 8 Sécurité
    22 Mars 2010 19:41:27

  • Relance Ad-Remover et choisis Nettoyer.

    Tu as deux antivirus ?
    22 Mars 2010 20:30:58

    je n'ai qu'un seul antivirus : avira

    Voici le 2e rapport ad-remover :

    .
    ======= RAPPORT D'AD-REMOVER 2.0.0.0,B | UNIQUEMENT XP/VISTA/7 =======
    .
    Mis à jour par C_XX le 19/03/10 à 18:30
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 19:51:09 le 22/03/2010 | Mode normal | Option: CLEAN
    Exécuté de: C:\Ad-Remover\ADR.exe
    SE: Microsoft® Windows XP™ Service Pack 3 - X86
    Nom du PC: DCK0M22J | Utilisateur actuel: utilisateur1 (Administrateur)
    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .
    .

    (!) -- Fichiers temporaires supprimés.
    .
    .
    ============== SCAN ADDITIONNEL ==============
    .
    .
    * Internet Explorer Version 8.0.6001.18702 *
    .
    [HKCU\Software\Microsoft\Internet Explorer\Main]
    .
    AutoHide: yes
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Do404Search: 0x01000000
    Enable Browser Extensions: yes
    Local Page: C:\WINDOWS\SYSTEM32\blank.htm
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Show_ToolBar: yes
    Start Page: hxxp://fr.msn.com/
    .
    [HKLM\Software\Microsoft\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Local Page: C:\WINDOWS\SYSTEM32\blank.htm
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/
    .
    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    .
    Tabs: res://ieframe.dll/tabswelcome.htm
    Blank: res://mshtml.dll/blank.htm
    .
    ============== SUSPECT(S) ==============
    .
    C:\Documents and Settings\utilisateur1\Application Data\uTorrent\The Legend of Zelda - Spirit Tracks patché Supercard slot 2.rar.torrent
    C:\Documents and Settings\utilisateur1\Application Data\uTorrent\xpa-lzst-cracked.rar.torrent
    C:\Documents and Settings\utilisateur1\Mes documents\Downloads\Les Sims 2 la Totale\02 - Patch pour les Sims 2\thesims2_update.exe
    C:\Documents and Settings\utilisateur1\Mes documents\Downloads\Les Sims 2 la Totale\04 - Académie\crack\The Sims 2 - University (EURO) MI.rar
    C:\Documents and Settings\utilisateur1\Mes documents\Downloads\Les Sims 2 la Totale\05 - Patch pour les Sims 2 Académie\sims2ep1_patch.exe
    C:\Documents and Settings\utilisateur1\Mes documents\Downloads\Les Sims 2 la Totale\07 - Patch pour les Sims 2 Nuits de Folie\sims2ep2_patch.exe
    C:\Documents and Settings\utilisateur1\Mes documents\Downloads\Les Sims 2 la Totale\08 - La Bonne Affaire\crack\rld-sofb.rar
    C:\Documents and Settings\utilisateur1\Mes documents\Downloads\Les Sims 2 la Totale\09 - Patch pour les Sims 2 La Bonne Affaire\sims2ep3_patch.exe
    C:\Documents and Settings\utilisateur1\Mes documents\Downloads\Les Sims 2 la Totale\11 - Patch pour les Sims 2 Fun en Famille\sims2sp1_patch.exe
    C:\Documents and Settings\utilisateur1\Mes documents\Downloads\The Legend of Zelda - Spirit Tracks patché Supercard slot 2.rar
    C:\Documents and Settings\utilisateur1\Mes documents\Downloads\xpa-lzst-cracked.rar
    C:\Documents and Settings\utilisateur1\Mes documents\EA Games\Les Sims 2\teléchargement fichier\Patch_pr_coce.rar
    C:\Documents and Settings\utilisateur1\Mes documents\Téléchargements\patch51.exe
    .
    ========================================
    .
    C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp: 3 Fichier(s), 4 Dossier(s)
    C:\WINDOWS\temp: 14 Fichier(s), 5 Dossier(s)
    Temporary Internet Files: 2 Fichier(s), 11 Dossier(s)
    .
    C:\Ad-Remover\Quarantine: 1 Fichier(s)
    C:\Ad-Remover\Backup: 25 Fichier(s)
    .
    C:\Ad-Report-CLEAN[1].txt - 510 Octet(s)
    C:\Ad-Report-CLEAN[2].txt - 510 Octet(s)
    C:\Ad-Report-CLEAN[3].txt - 510 Octet(s)
    C:\Ad-Report-CLEAN[4].txt - 510 Octet(s)
    C:\Ad-Report-CLEAN[5].txt - 5155 Octet(s)
    C:\Ad-Report-CLEAN[6].txt - 3870 Octet(s)
    .
    Fin à: 20:09:39, 22/03/2010
    .
    ============== E.O.F - CLEAN[6] ==============
    a b 8 Sécurité
    22 Mars 2010 21:10:20

    Dans le rapport ComboFix, je vois Kaspersky.

    Pour Ad-Remover, je voulais dire Désinstaller et non Nettoyer (tu l'avais déjà fait).
    22 Mars 2010 21:16:56

    mdr... désolée je ne fais que suivre tes consignes à la lettre ! pas grave on aura fait un 2e scan ça ne fait pas de mal... ok je desinstalle ad-remover.

    Quand à Kaspersky, effectivement c'etait un de mes 1er antivirus... je vais regarder pour le desintaller totalement
    a b 8 Sécurité
    23 Mars 2010 04:08:36

  • Télécharge OTL (de OldTimer) sur ton Bureau.
  • Double-clique sur OTL pour le lancer.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Une fenêtre apparaît. Dans la section Output en haut de cette fenêtre, coche Minimal Output.
  • Coche également les cases à côté de LOP Check et Purity Check.
  • Enfin, clique sur le bouton Run Scan. Le scan ne prendra pas beaucoup de temps.
  • Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau).

    Pour me transmettre les rapports :
  • Clique sur ce lien : http://www.cijoint.fr/
  • Clique sur Parcourir... et cherche le fichier du rapport que tu souhaites me transmettre.
  • Clique sur Ouvrir.
  • Clique sur Cliquez ici pour déposer le fichier.
  • Un lien de cette forme, hxxp://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt, est ajouté dans la page.
  • Copie-colle ce lien dans ta réponse.
    a b 8 Sécurité
    23 Mars 2010 21:09:06

    Car le rapport est long et tu risques de ne pas pouvoir le poster entièrement.

  • Désinstalle AVG Anti-Spyware qui est obsolète.

  • Double-clique sur OTL pour le lancer.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Sous l'onglet Custom Scans/Fixes en bas de la fenêtre, copie-colle le texte suivant (entre les deux espaces) :

    :OTL
    SRV - (KAVMonitorService) -- File not found
    SRV - (AVPCC) -- File not found
    SRV - (avast! Web Scanner) -- File not found
    SRV - (avast! Mail Scanner) -- File not found
    SRV - (avast! Antivirus) -- File not found
    SRV - (aswUpdSv) -- File not found
    DRV - (Klif) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
    DRV - (kl1) -- C:\WINDOWS\System32\DRIVERS\kl1.sys (Kaspersky Lab)
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

    :commands
    [emptytemp]
    [reboot]

  • Puis clique sur le bouton Run Fix en haut de la fenêtre.
  • Laisse le programme travailler, redémarre une fois le fix terminé.
  • Poste le rapport qui s'affichera après redémarrage.
    23 Mars 2010 21:52:01

    Ok... voici le rapport :

    All processes killed
    ========== OTL ==========
    Service KAVMonitorService stopped successfully!
    Service KAVMonitorService deleted successfully!
    File File not found not found.
    Service AVPCC stopped successfully!
    Service AVPCC deleted successfully!
    File File not found not found.
    Service avast! Web Scanner stopped successfully!
    Service avast! Web Scanner deleted successfully!
    File File not found not found.
    Service avast! Mail Scanner stopped successfully!
    Service avast! Mail Scanner deleted successfully!
    File File not found not found.
    Service avast! Antivirus stopped successfully!
    Service avast! Antivirus deleted successfully!
    File File not found not found.
    Service aswUpdSv stopped successfully!
    Service aswUpdSv deleted successfully!
    File File not found not found.
    Error: Unable to stop service Klif!
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Klif deleted successfully.
    C:\WINDOWS\system32\drivers\klif.sys moved successfully.
    Error: Unable to stop service kl1!
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kl1 deleted successfully.
    C:\WINDOWS\system32\drivers\kl1.sys moved successfully.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrateur
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: LocalService
    ->Temp folder emptied: 65748 bytes
    ->Temporary Internet Files folder emptied: 49286 bytes

    User: marion
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 7647 bytes
    ->FireFox cache emptied: 34993575 bytes
    ->Flash cache emptied: 1768 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Propriétaire

    User: televente
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 377715 bytes
    ->Java cache emptied: 3630266 bytes
    ->Flash cache emptied: 33291 bytes

    User: utilisateur1
    ->Temp folder emptied: 562075 bytes
    ->Temporary Internet Files folder emptied: 1571935 bytes
    ->Java cache emptied: 118677 bytes
    ->Google Chrome cache emptied: 103868163 bytes
    ->Flash cache emptied: 1660 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 19569 bytes
    %systemroot%\System32 .tmp files removed: 1060024 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 542634 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 2040 bytes

    Total Files Cleaned = 140,00 mb


    OTL by OldTimer - Version 3.1.37.3 log created on 03232010_213647

    Files\Folders moved on Reboot...
    C:\Documents and Settings\utilisateur1\Local Settings\Temporary Internet Files\Content.IE5\RLD2QWEF\292494-11-pages-internets-tres-longues-afficher[1].htm moved successfully.
    C:\Documents and Settings\utilisateur1\Local Settings\Temporary Internet Files\Content.IE5\0B016LND\favicon[6].ico moved successfully.
    C:\Documents and Settings\utilisateur1\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

    Registry entries deleted on Reboot...
    a b 8 Sécurité
    24 Mars 2010 01:05:51

    Le PC va bien ?

  • Refais un scan OTL et poste le rapport OTL.
    24 Mars 2010 07:53:55

    Bonjour !

    Plus de signe de fièvre, toux passé... à priori le pc se comporte parfaitement bien... je rigole... les pages internet sont revenues à la bonne vitesse...

    Concernant Kaspersky, je ne le vois pas dans mon menu de desintallation. As tu une idée comment l'enlever ?

    Voici le nouveau rapport OTL :

    OTL logfile created on: 24/03/2010 07:28:55 - Run 2
    OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\utilisateur1\Bureau
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 73,00% Memory free
    4,00 Gb Paging File | 3,00 Gb Available in Paging File | 91,00% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 145,96 Gb Total Space | 22,08 Gb Free Space | 15,13% Space Free | Partition Type: NTFS
    Drive D: | 211,76 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: DCK0M22J
    Current User Name: utilisateur1
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\utilisateur1\Bureau\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software)
    PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
    PRC - C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
    PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
    PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    PRC - c:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
    PRC - C:\WINDOWS\Philips\SPC220NC\Monitor.exe (PixArt Imaging Incorporation)
    PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)
    PRC - C:\Program Files\UltraVNC\repeater.exe ( )
    PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
    PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    PRC - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
    PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
    PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\utilisateur1\Bureau\OTL.exe (OldTimer Tools)
    MOD - C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll (Logitech Inc.)


    ========== Win32 Services (SafeList) ==========

    SRV - (NitroDriverReadSpool) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software)
    SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
    SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
    SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
    SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (LVPrcSrv) -- c:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
    SRV - (C-DillaCdaC11BA) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)
    SRV - (repeater_service) -- C:\Program Files\UltraVNC\repeater.exe ( )
    SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
    DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
    DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
    DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
    DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
    DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
    DRV - (Changer) -- C:\WINDOWS\system32\drivers\changer.sys (Microsoft Corporation)
    DRV - (usbaudio) Pilote USB audio (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
    DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
    DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
    DRV - (BlueletAudio) -- C:\WINDOWS\system32\drivers\blueletaudio.sys (IVT Corporation.)
    DRV - (Btcsrusb) -- C:\WINDOWS\system32\drivers\btcusb.sys (IVT Corporation.)
    DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
    DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
    DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
    DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
    DRV - (BlueletSCOAudio) -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys (IVT Corporation.)
    DRV - (BT) -- C:\WINDOWS\system32\drivers\btnetdrv.sys (IVT Corporation.)
    DRV - (BTHidMgr) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys (IVT Corporation.)
    DRV - (BTHidEnum) -- C:\WINDOWS\System32\Drivers\vbtenum.sys (IVT Corporation.)
    DRV - (VcommMgr) -- C:\WINDOWS\system32\drivers\VcommMgr.sys (IVT Corporation.)
    DRV - (VComm) -- C:\WINDOWS\system32\drivers\VComm.sys (IVT Corporation.)
    DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
    DRV - (SPC220NC) -- C:\WINDOWS\system32\drivers\SPC220NC.SYS (PixArt Imaging Inc.)
    DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
    DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys ()
    DRV - (CdaC15BA) -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS (Macrovision Europe Ltd)
    DRV - (AFS2K) -- C:\WINDOWS\system32\drivers\AFS2K.SYS (Oak Technology Inc.)
    DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
    DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
    DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
    DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
    DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
    DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
    DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
    DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
    DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
    DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
    DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
    DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
    DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
    DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
    DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
    DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
    DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
    DRV - (vncdrv) -- C:\WINDOWS\system32\drivers\vncdrv.sys (RDV Soft)
    DRV - (QCDonner) Logitech QuickCam Express(PID_0840) -- C:\WINDOWS\system32\drivers\lvcd.sys (Logitech Inc.)
    DRV - (prohlp02) -- C:\WINDOWS\System32\drivers\prohlp02.sys (Protection Technology)
    DRV - (sfhlp01) -- C:\WINDOWS\System32\drivers\sfhlp01.sys (Protection Technology)
    DRV - (prodrv06) -- C:\WINDOWS\System32\drivers\prodrv06.sys (Protection Technology)
    DRV - (prosync1) -- C:\WINDOWS\System32\drivers\prosync1.sys (Protection Technology)
    DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
    DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
    DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
    DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
    DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
    DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
    DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
    DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
    DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
    DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
    DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
    DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
    DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
    DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
    DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
    DRV - (camvid20) -- C:\WINDOWS\system32\drivers\camdrv21.sys (Microsoft Corporation)
    DRV - (ATMhelpr) -- C:\WINDOWS\system32\drivers\ATMHELPR.SYS (Adobe Systems Incorporated)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/04/09 18:12:52 | 000,000,000 | ---D | M]

    [2010/02/24 20:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\utilisateur1\Application Data\Mozilla\Extensions
    [2009/03/13 21:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\utilisateur1\Application Data\Mozilla\Extensions\mozswing@mozswing.org

    O1 HOSTS File: ([2010/03/22 07:04:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
    O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
    O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
    O4 - HKLM..\Run: [Monitor] C:\WINDOWS\Philips\SPC220NC\Monitor.exe (PixArt Imaging Incorporation)
    O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Documents and Settings\utilisateur1\Menu Démarrer\Programmes\Démarrage\wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/F... (Facebook Photo Uploader 5 Control)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.... (Checkers Class)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/direc... (Shockwave ActiveX Control)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.ca... (MSN Photo Upload Tool)
    O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applications/pconnector... (Keynote Connector Launcher 2)
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.extrafilm.fr/ImageUploader5.cab (Image Uploader Control)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca... (UnoCtrl Class)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sourc... (BDSCANONLINE Control)
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://nathaliede.spaces.live.com/PhotoUpload/MsnPUpld.... (Reg Error: Key error.)
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} http://www.inoculer.com/antivirus/Msie/bitdefender.cab (Reg Error: Key error.)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1... (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/curren... (Reg Error: Key error.)
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca... (MSN Games - Installer)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPACl... (MessengerStatsClient Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/fl... (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol... (Windows Live Hotmail Photo Upload Tool)
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\utilisateur1\Application Data\Microsoft\Internet Explorer\Papier peint de Internet Explorer.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\utilisateur1\Application Data\Microsoft\Internet Explorer\Papier peint de Internet Explorer.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/20 11:37:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2008/12/03 12:37:10 | 000,000,027 | R--- | M] () - D:\autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/03/23 22:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\WinDirStat
    [2010/03/23 21:36:47 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/03/23 18:53:47 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\utilisateur1\Bureau\OTL.exe
    [2010/03/22 18:24:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/03/22 06:52:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2010/03/21 19:06:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\utilisateur1\Application Data\Dossier de téléchargement Share-to-Web
    [2010/03/21 19:06:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\utilisateur1\Application Data\Dossier de téléchargement Share-to-Web
    [2010/03/21 15:16:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/03/21 11:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\utilisateur1\temp
    [2010/03/21 11:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\utilisateur1\Application Data\TeamViewer
    [2010/03/19 20:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
    [2010/03/19 20:20:42 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
    [2010/03/19 20:20:42 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
    [2010/03/18 22:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\utilisateur1\Application Data\Foxit Software
    [2010/03/17 18:10:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\utilisateur1\Bureau\flo travail lycee
    [2010/03/11 07:04:54 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
    [2010/03/10 07:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\utilisateur1\Bureau\LAON
    [2010/03/09 22:17:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\utilisateur1\Recent
    [2010/03/08 21:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
    [2010/03/03 08:35:41 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
    [2010/02/24 21:09:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\utilisateur1\Application Data\Nitro PDF
    [2010/02/24 21:09:05 | 000,026,432 | ---- | C] (Nitro PDF Software) -- C:\WINDOWS\System32\nitrolocalmon.dll
    [2010/02/24 21:09:05 | 000,017,728 | ---- | C] (Nitro PDF Software) -- C:\WINDOWS\System32\nitrolocalui.dll
    [2010/02/24 21:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
    [2010/02/24 21:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Nitro PDF
    [2010/02/24 21:08:41 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
    [2010/02/24 21:07:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\utilisateur1\Application Data\Downloaded Installations
    [2010/01/21 18:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
    [2009/08/05 23:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
    [2009/05/21 12:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
    [2008/03/01 23:54:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
    [2006/05/28 12:35:26 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
    [2006/02/03 08:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
    [2005/04/20 17:16:54 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
    [2004/08/20 11:30:08 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

    ========== Files - Modified Within 30 Days ==========

    [2010/03/24 07:27:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/03/24 07:27:10 | 000,000,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
    [2010/03/24 07:26:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/03/24 07:26:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/03/23 22:51:02 | 013,631,488 | ---- | M] () -- C:\Documents and Settings\utilisateur1\ntuser.dat
    [2010/03/23 22:51:02 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\utilisateur1\ntuser.ini
    [2010/03/23 22:01:19 | 000,001,898 | -H-- | M] () -- C:\Documents and Settings\utilisateur1\Mes documents\Default.rdp
    [2010/03/23 18:53:55 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\utilisateur1\Bureau\OTL.exe
    [2010/03/22 19:48:12 | 000,000,271 | ---- | M] () -- C:\WINDOWS\hpqcopy.INI
    [2010/03/22 07:05:08 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/03/22 07:04:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/03/21 15:17:01 | 000,000,286 | RHS- | M] () -- C:\boot.ini
    [2010/03/20 21:15:40 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
    [2010/03/17 18:05:21 | 000,001,086 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/03/12 22:29:39 | 000,000,518 | ---- | M] () -- C:\WINDOWS\LEXSTAT.INI
    [2010/03/12 20:38:49 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\utilisateur1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/03/12 20:22:46 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk
    [2010/03/10 19:00:46 | 000,000,811 | ---- | M] () -- C:\WINDOWS\EZPHOTO.INI
    [2010/03/10 19:00:35 | 002,953,216 | ---- | M] () -- C:\Documents and Settings\utilisateur1\Mes documents\Money.mny
    [2010/03/10 19:00:34 | 002,954,318 | R--- | M] () -- C:\Documents and Settings\utilisateur1\Mes documents\Money Sauvegarde.mbf
    [2010/03/09 23:04:42 | 000,000,537 | ---- | M] () -- C:\WINDOWS\wininit.ini
    [2010/03/06 10:04:01 | 000,035,193 | ---- | M] () -- C:\Documents and Settings\utilisateur1\Bureau\flo.jpg
    [2010/03/04 19:03:06 | 001,524,736 | ---- | M] () -- C:\Documents and Settings\utilisateur1\Bureau\FACTURE SARL.xls
    [2010/03/03 19:25:07 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\utilisateur1\Bureau\etat des lieux.xls
    [2010/03/03 11:09:38 | 000,001,503 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Choix de navigateur .lnk
    [2010/03/01 07:13:47 | 001,106,432 | ---- | M] () -- C:\Documents and Settings\utilisateur1\Mes documents\famille nucleaire.doc
    [2010/02/28 18:14:05 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\utilisateur1\Mes documents\~$mille nucleaire.doc
    [2010/02/28 18:12:16 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\utilisateur1\Mes documents\Les évolutions de la famille et ses conséquences.doc
    [2010/02/28 15:41:45 | 000,365,056 | ---- | M] () -- C:\Documents and Settings\utilisateur1\Mes documents\famille monoparentale.doc
    [2010/02/26 16:16:17 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\utilisateur1\Mes documents\+.doc
    [2010/02/25 13:57:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/02/24 21:09:01 | 000,001,770 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Nitro PDF Professional.lnk
    [2010/02/24 10:49:06 | 000,302,719 | ---- | M] () -- C:\Documents and Settings\utilisateur1\Bureau\essqa.rtf
    [2010/02/24 10:39:16 | 000,073,216 | ---- | M] () -- C:\WINDOWS\cadkasdeinst01f.exe

    ========== Files Created - No Company Name ==========

    [2010/03/06 10:04:01 | 000,035,193 | ---- | C] () -- C:\Documents and Settings\utilisateur1\Bureau\flo.jpg
    [2010/03/03 19:25:07 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\utilisateur1\Bureau\etat des lieux.xls
    [2010/03/03 11:09:37 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Choix de navigateur .lnk
    [2010/02/28 18:14:05 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\utilisateur1\Mes documents\~$mille nucleaire.doc
    [2010/02/26 16:16:02 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\utilisateur1\Mes documents\+.doc
    [2010/02/24 21:09:01 | 000,001,770 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Nitro PDF Professional.lnk
    [2010/02/24 10:48:58 | 000,302,719 | ---- | C] () -- C:\Documents and Settings\utilisateur1\Bureau\essqa.rtf
    [2010/02/23 17:40:10 | 001,106,432 | ---- | C] () -- C:\Documents and Settings\utilisateur1\Mes documents\famille nucleaire.doc
    [2009/12/04 14:45:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
    [2009/10/05 22:39:27 | 000,747,464 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2009/07/18 22:05:54 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2009/07/18 22:05:48 | 000,532,498 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
    [2009/07/18 22:05:47 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009/07/18 22:05:47 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2009/07/18 22:05:46 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2009/07/18 22:05:43 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2009/07/18 22:05:41 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
    [2009/06/17 11:13:30 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
    [2009/01/25 18:11:50 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\utilisateur1\Application Data\winscp.rnd
    [2008/12/25 13:57:47 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
    [2008/12/25 13:57:24 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
    [2008/11/26 08:50:44 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\utilisateur1\Local Settings\Application Data\keyfile3.drm
    [2008/10/08 14:56:23 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SPC220NC.INI
    [2008/06/04 10:48:05 | 000,000,052 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI
    [2008/02/10 12:50:52 | 000,029,472 | ---- | C] () -- C:\WINDOWS\jonaIII.ini
    [2008/01/23 15:29:48 | 000,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc040c.dll
    [2008/01/23 15:29:48 | 000,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc040c.dll
    [2008/01/23 15:27:52 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
    [2007/09/08 09:21:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bbcauto.INI
    [2007/07/25 10:56:35 | 000,000,261 | ---- | C] () -- C:\WINDOWS\TMConverter.ini
    [2007/07/19 13:33:22 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
    [2007/03/27 18:26:53 | 000,000,022 | ---- | C] () -- C:\WINDOWS\lmps.INI
    [2007/02/13 21:36:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\awras32.INI
    [2006/12/30 17:09:25 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2006/12/25 23:34:10 | 000,153,761 | ---- | C] () -- C:\WINDOWS\System32\U2FRTF.DLL
    [2006/12/25 23:34:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\U2FXLS.DLL
    [2006/12/25 23:34:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\U2FWKS.DLL
    [2006/12/25 23:34:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\U2FTEXT.DLL
    [2006/12/25 23:34:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\U2FSEPV.DLL
    [2006/12/25 23:34:09 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\U2FHTML.DLL
    [2006/12/25 23:34:09 | 000,097,489 | ---- | C] () -- C:\WINDOWS\System32\U2FCR.DLL
    [2006/12/25 23:34:09 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\U2FREC.DLL
    [2006/12/25 23:34:09 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\U2FDIF.DLL
    [2006/12/25 23:34:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\U2DDISK.DLL
    [2006/12/25 23:34:05 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2IRDAO.DLL
    [2006/12/25 23:34:05 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2CTDAO.DLL
    [2006/12/25 23:34:05 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\P2BBND.DLL
    [2006/12/24 00:04:25 | 000,000,042 | ---- | C] () -- C:\WINDOWS\iltwain.ini
    [2006/11/27 21:15:21 | 000,000,016 | ---- | C] () -- C:\WINDOWS\RealityFusion.ini
    [2006/11/15 22:03:12 | 000,024,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
    [2006/11/15 22:00:56 | 001,678,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
    [2006/10/28 17:21:10 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
    [2006/10/28 17:21:10 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
    [2006/10/09 19:15:29 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
    [2006/09/29 17:37:54 | 000,000,352 | ---- | C] () -- C:\WINDOWS\hegames.ini
    [2006/09/20 11:15:31 | 000,000,085 | ---- | C] () -- C:\WINDOWS\hpqwrap.INI
    [2006/08/10 09:51:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
    [2006/07/18 23:09:47 | 000,000,977 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2006/06/08 22:26:34 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
    [2006/06/08 22:26:34 | 000,000,114 | ---- | C] () -- C:\WINDOWS\kpcms.ini
    [2006/06/08 22:26:32 | 000,000,811 | ---- | C] () -- C:\WINDOWS\EZPHOTO.INI
    [2006/06/03 18:05:27 | 000,000,053 | ---- | C] () -- C:\WINDOWS\styliste.ini
    [2006/03/12 23:25:29 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\utilisateur1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/03/11 09:39:04 | 000,000,271 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
    [2006/03/09 17:40:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
    [2006/02/16 22:58:37 | 000,000,518 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
    [2006/02/03 09:00:57 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\6316059473.sys
    [2006/02/03 09:00:53 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2006/02/03 08:57:33 | 000,000,861 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/02/03 08:50:42 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2006/02/03 08:46:43 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\utilisateur1\Local Settings\Application Data\fusioncache.dat
    [2006/01/30 23:29:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/01/30 23:25:22 | 000,000,537 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/01/30 23:04:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
    [2006/01/30 23:03:42 | 000,000,537 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/11/10 09:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/04/20 17:16:54 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\P2SODBC.DLL
    [2005/04/20 17:16:54 | 000,124,256 | ---- | C] () -- C:\WINDOWS\System32\U2DMAPI.DLL
    [2005/04/20 17:16:54 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\U2FWORDW.DLL
    [2005/04/20 17:16:54 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\CRXLAT32.DLL
    [2005/04/20 17:16:53 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
    [2005/03/01 15:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
    [2004/08/20 11:45:35 | 000,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/20 11:34:09 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [1997/08/29 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
    [1997/08/29 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
    [1997/08/29 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\VAFR232.DLL
    [1997/08/29 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\Zapotec.bmp:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\wmprfFRA.prx:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\winnt256.bmp:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\winnt.bmp:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\winhelp.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\vmmreg32.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\Vent de prairie.bmp:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\vbaddin.ini:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\vb.ini:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\utpath.inf:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\Tasse à café.bmp:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\TASKMAN.EXE:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xenroll.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wshisn.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wshatm.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wpdtrace.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wpdmtpdr.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wowfaxui.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wowfax.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wowdeb.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMSUI32.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmiprop.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmimgmt.msc:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmerrFRA.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wisptis.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winstrm.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINSSPI.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINSIZE.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winnls.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winmsd.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winhlp32.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winhelp.hlp:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winfax.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winchat.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\win.com:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wifeman.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\webhits.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wdl.trm:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wbdbase.sve:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wbdbase.nld:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wbdbase.ita:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wbdbase.fra:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wbdbase.esn:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wbdbase.enu:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wbdbase.deu:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wbcache.sve:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wbcache.nld:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wbcache.ita:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wbcache.fra:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wbcache.esn:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wbcache.enu:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wbcache.deu:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\w32topl.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\w32tm.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vxdmdcdlg.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vssadmin.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vss_ps.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vjoy.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga64k.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga256.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vfpodbc.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\verifier.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ver.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VEN2232.OLB:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VBAME.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VBAFR32.OLB:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VBAEND32.OLB:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VBAEN32.OLB:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VB5DB.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VAFR232.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\v7vga.rom:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrvpa.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrvoica.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrv80a.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrv42a.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrsvpia.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrshuta.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrsdpia.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrrtosa.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrprbda.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrmlnka.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrlogon.cmd:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrlbva.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrfaxa.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrdtea.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrdpa.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrcoina.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrcntra.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\USASCII.TRN:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ureg.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unlodctr.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\umdmxfrm.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ufat.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\typelib.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tsshutdn.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tslabels.ini:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tslabels.h:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tskill.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tsdiscon.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tsd32.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tscupgrd.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tscon.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tracert6.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tftp.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\telephon.cpl:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tcpsvcs.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tcpmon.ini:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tcmsetup.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tcmlang.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TcmEchiquier.ocx:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\taskman.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tapiui.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tapiperf.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tapi.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\systray.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sysprtj.sep:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sysprint.sep:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\syskey.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sysinv.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sysedit.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\syncapp.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\swprv.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SWEDISH.TRN:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\svcpack.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\subst.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\subrange.uce:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\storage.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sqlwoa.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sqlwid.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sqlsrv32.rll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sqlsodbc.chm:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\spxcoins.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sprio800.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sprio600.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sprestrt.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\spnike.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\softpub.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Snap32n.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\slbrccsp.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\slbcsp.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sisbkup.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shiftjis.uce:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\share.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shadow.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sfmapi.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sfc.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\setver.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\setupdll.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\setup.bmp:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\serwvdrv.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\services.msc:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\serialui.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\senscfg.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\secupd.sig:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\secupd.dat:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sdpblb.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\scrrnfr.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\scredir.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SCP32.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\scofr.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sccbase.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\scardssp.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SCANPST.HLP:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rwinsta.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\runas.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rtm.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsvpperf.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsvpmsg.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsvpcnts.h:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsvp.ini:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsmui.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsmsink.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsm.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsaci.rat:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rpcns4.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\routetab.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\routemon.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\route.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ROBOEX32.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rnr20.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rfmsglog.txt:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\reset.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\replace.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rend.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\regwiz.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\regini.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\regedt32.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RefEdit.TWD:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\recover.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasser.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasrad.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasmxs.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasmontr.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasdial.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasctrs.ini:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasctrs.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasctrnm.h:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasautou.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\qwinsta.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\qosname.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\qappsrv.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pubprn.vbs:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Pubole32.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PUBDLG.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\psnppagn.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pscript.sep:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pschdprf.ini:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pschdprf.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pschdcnt.h:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PRONtObj.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\prodspec.ini:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\print.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\prflbmsg.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PostProc.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\popup.ocx:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pmspl.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\plustab.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ping6.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PICSTORE.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\perfwci.ini:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\perfwci.h:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\perfts.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\perfi00C.dat:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\perfi009.dat:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\perffilt.ini:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\perffilt.h:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\perfd00C.dat:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\perfd009.dat:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\perfci.ini:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\perfci.h:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pentnt.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pcl.sep:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pathping.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\paqsp.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\panmap.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OUTLCOMM.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\osuninst.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olesvr.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OLEMSG32.REG:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OLEMSG32.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OLEMSG.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olecli.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ole2nls.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ole2disp.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ole2.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OEMBKGN1.BMP:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ODBCTL32.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ODBCSTF.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ODBCKEY.INF:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ODBCJTNW.HLP:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ODBCJTNW.CNT:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ODBCJET.HLP:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ODBCJET.CNT:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ODBCINST.HLP:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ODBCINST.CNT:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\odbc16gt.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ochlp30e.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntsd.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntmsoprq.msc:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntmsmgr.msc:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntmsevt.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntlanui2.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntlanui.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntio804.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntio412.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntio411.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntio404.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntimage.gif:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntdos804.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntdos412.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntdos411.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntdos404.sys:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NORWEG.TRN:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.tha:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.sve:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.nld:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.ita:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.fra:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.esn:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.enu:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.eng:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.deu:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.dat:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.cht:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.chs:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nmevtmsg.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nlsfunc.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netui2.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\neth.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netfxperf.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netapi.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\net.hlp:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ncxpnt.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ncpa.cpl:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nbtstat.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\narrhook.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msxml4r.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msxml2r.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSXBSE35.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSWINSCK.oca:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSUNI10.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSTEXT35.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msswchx.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msswch.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mssip32.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msrecr40.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msrclr40.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msratelc.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msr2cenu.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msr2c.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSPST32.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSPRPFR.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSOTHUNK.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msobjs.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSJet35.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSISAM10.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSFS32.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSEXCL35.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msdtcprf.ini:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msdtcprf.h:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msacm.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msaatext.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mrinfo.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mprui.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mprmsg.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mprddm.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mpnotify.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mountvol.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\modex.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mode.com:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmutilse.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmtask.tsk:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmdriver.inf:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mll_qic.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mll_mtf.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mll_hp.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MLCFG32.CPL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mlang.dat:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ML3XEC16.EXE:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MISC2.SRG:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MINET32.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\migpwd.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mib.bin:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mfcuia32.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MFC71u.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mfc70u.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mfc70.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MFC42FRA.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mem.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mdwmdmsp.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mdhcp.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mcoinstall.exe:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mciwave.drv:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mciseq.drv:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mciole32.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mciole16.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mciavi.drv:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mchgrcoi.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mcdsrv32.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MAPISRVR.EXE:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MAPISP32.EXE:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MAPI.DLL:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\main.cpl:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lzexpand.dll:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lusrmgr.msc:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lrnxp.ico:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lprmonui.dll:KAVICHS
    @Altern
    24 Mars 2010 19:07:31

    ok c'est fait !
    a b 8 Sécurité
    24 Mars 2010 19:20:04

    Tu n'as pas eu de rapport ?
    24 Mars 2010 20:14:16

    non j'viens de vérifier pas de rapport à la suite du scan
    a b 8 Sécurité
    24 Mars 2010 20:25:46

    1/

  • Télécharge ToolsCleaner2 sur ton Bureau.
  • Double-clique sur ToolsCleaner2.exe pour le lancer.
  • Clique sur Recherche et laisse le scan agir.
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options Facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


    2/

  • Télécharge et installe CCleaner (N'installe pas la Yahoo! Toolbar).
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.


    3/

  • Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.


    ==Prévention==

    Pour supprimer les popups d'AntiVir : Lien

    Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

    Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, Propriétés, onglet Mises à jour automatiques).

    Par rapport au P2P : Lien

    Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


    ==Problème résolu ?==

    --> Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre. Pour cela :
  • Clique, dans ton premier message, sur le bouton Editer .
  • Ajoute la mention [Résolu] devant le titre.
  • Clique ensuite sur Valider votre message.


    Sois plus vigilant(e) sur Internet ;) 
    24 Mars 2010 21:13:48

    bonsoir !

    voici le rapport demandé !

    Oui je pense que mon problème est résolu à présent....

    Merci beaucoup pour ton aide précieuse ainsi que les conseils donnés que j'essaierai d'appliquer à la lettre :-)

    Encore merci !

    [ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

    --> Recherche:

    C:\Combofix.txt: trouvé !
    C:\fixnavi.txt: trouvé !
    C:\rapport_clean.txt: trouvé !
    C:\TB.txt: trouvé !
    C:\FindyKill.txt: trouvé !
    C:\HijackThis: trouvé !
    C:\Toolbar SD: trouvé !
    C:\FindyKill: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
    C:\Documents and Settings\utilisateur1\Bureau\HijackThis.lnk: trouvé !
    C:\Documents and Settings\utilisateur1\Bureau\nat\EliBaglA.exe: trouvé !
    C:\Documents and Settings\utilisateur1\Bureau\Raccourcis Bureau non utilisés\HijackThis.lnk: trouvé !
    C:\HijackThis\hijackthis.log: trouvé !
    C:\Program Files\Navilog1: trouvé !
    C:\Program Files\Ad-remover: trouvé !
    C:\Program Files\Ad-Remover\BACKUP\Ad-R.exe: trouvé !
    C:\Program Files\Hijackthis Version Française\hijackthis.log: trouvé !
    C:\Program Files\Navilog1\Navilog1.bat: trouvé !
    C:\Program Files\Navilog1\catchme.exe: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
    C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

    ---------------------------------
    --> Suppression:

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
    C:\Documents and Settings\utilisateur1\Bureau\HijackThis.lnk: supprimé !
    C:\Documents and Settings\utilisateur1\Bureau\nat\EliBaglA.exe: supprimé !
    C:\Documents and Settings\utilisateur1\Bureau\Raccourcis Bureau non utilisés\HijackThis.lnk: supprimé !
    C:\Program Files\Ad-Remover\BACKUP\Ad-R.exe: supprimé !
    C:\Program Files\Navilog1\Navilog1.bat: supprimé !
    C:\Program Files\Navilog1\catchme.exe: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Combofix.txt: supprimé !
    C:\fixnavi.txt: supprimé !
    C:\rapport_clean.txt: supprimé !
    C:\TB.txt: supprimé !
    C:\FindyKill.txt: supprimé !
    C:\HijackThis\hijackthis.log: supprimé !
    C:\Program Files\Hijackthis Version Française\hijackthis.log: supprimé !
    C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
    C:\HijackThis: supprimé !
    C:\Toolbar SD: supprimé !
    C:\FindyKill: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
    C:\Program Files\Navilog1: supprimé !
    C:\Program Files\Ad-remover: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !
    a b 8 Sécurité
    24 Mars 2010 21:25:01

    Tu peux supprimer ToolsCleaner.

    Bonne soirée ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter