Votre question

resolu le 29/10/08 comment supprimer les pubs CID?

Tags :
  • Acer
  • Sécurité
Dernière réponse : dans Sécurité et virus
7 Octobre 2008 18:34:06

bonsoir

je suis touchée par ce problème (ca vient d'ou d'ailleurs??) et à la longue c'est franchement désagréable.

j'ai tenté des manoeuvres comme lu ici sur ce forum,mais le fichier qu'on me demande d'envoyé est introuvable. (cleanzip )

si qqun veut bien reprendre avec moi toutes les manips a faire,ce serait avec grand plaisir.

cordialement.

Autres pages sur : resolu supprimer pubs cid

a c 296 8 Sécurité
7 Octobre 2008 18:36:46

Salut,

- Télécharge HijackThis V 2.02 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytic...

- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

- Clique sur Install ensuite sur I Accept

- Clique sur Do a scan system and save log file

- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
7 Octobre 2008 18:42:18

merci bien,voici le copier/coller

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:41:01, on 07/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hercules\Deluxe Optical Glass\CamService.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Users\anne-sophie\Program Files\DNA\btdna.exe
C:\Users\anne-sophie\AppData\Local\ceguy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
C:\Program Files\Orange HSS\systray\systrayapp.exe
C:\Program Files\Orange HSS\Deskboard\deskboard.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Orange HSS\browser\browser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CamserviceDeluxe2] C:\Program Files\Hercules\Deluxe Optical Glass\Camservice.exe /startup
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\ANNE-S~1\AppData\Local\Temp\vturrQjJ.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\ANNE-S~1\AppData\Local\Temp\qoMghifc.dll,#1
O4 - HKCU\..\Run: [BM6b38692d] Rundll32.exe "C:\Users\ANNE-S~1\AppData\Local\Temp\tkeskkdi.dll",s
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\anne-sophie\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ceguy] "c:\users\anne-sophie\appdata\local\ceguy.exe" ceguy
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.orange.fr
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/cert...
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {8B1A14AF-E603-4356-B687-1F7D46522DD3} (Image Uploader Combo Control) - http://www.mesvacancesenphoto.com/Components/Upload/Ima...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/a...
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/Obe...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

--
End of file - 10413 bytes
Contenus similaires
a c 296 8 Sécurité
7 Octobre 2008 18:46:08

Plusieurs infections différentes.

---> Désactive l'UAC le temps de la désinfection :
http://www.commentcamarche.net/faq/sujet-8343-vista-des...

- Télécharge Navilog1 (de IL-MAFIOSO) et enregistre-le sur le bureau :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

- Double-clique sur Navilog1.exe afin de lancer l'installation

- Si le fix ne lance pas automatiquement après son installation, double-clique sur Navilog1 présent sur le bureau

- Appuie sur F ou f puis valide par Entrée

- Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options

- Choisis l'option 1 et appuie sur la touche Entrée pour valider ton choix

- Patiente jusqu'au message : *** Analyse Termine le ..... ***

- Le scan fini, le bloc-notes contenant le rapport sera affiché, poste le contenu de ce rapport dans ta prochaine réponse

- Si le résultat du scan ne s'affiche pas, tu le trouveras dans C:\fixnavi.txt

N'utilise pas l'option 2, 3 et 4 sans notre accord, des fichiers légitimes peuvent être inclus dans ce scan.
7 Octobre 2008 19:23:46

voici

Search Navipromo version 3.6.6 commencé le 07/10/2008 à 19:10:48,01

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "anne-sophie"

Mise à jour le 29.09.2008 à 17h30 par IL-MAFIOSO

Microsoft Windows Vista 6.0.6001
Internet Explorer : 7.0.6001.18000
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\Windows" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***


*** Recherche dossiers dans "C:\ProgramData" ***


*** Recherche dossiers dans "c:\users\anne-s~1\appdata\roaming\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "C:\Users\anne-sophie\AppData\Local\virtualstore\Program Files" ***


*** Recherche dossiers dans "C:\Users\anne-sophie\AppData\Roaming" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\Windows\system32" *

* Recherche dans "C:\Users\anne-sophie\AppData\Local\Microsoft" *

* Recherche dans "C:\Users\anne-sophie\AppData\Local\virtualstore\windows\system32" *

* Recherche dans "C:\Users\anne-sophie\AppData\Local" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\Windows\system32" :


* Dans "C:\Users\anne-sophie\AppData\Local\Microsoft" :


* Dans "C:\Users\anne-sophie\AppData\Local\virtualstore\windows\system32" :


* Dans "C:\Users\anne-sophie\AppData\Local" :

ceguy.dat trouvé !
ceguy.exe trouvé !
ceguy_nav.dat trouvé !
ceguy_navps.dat trouvé !

3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 07/10/2008 à 19:22:08,24 ***
a c 296 8 Sécurité
7 Octobre 2008 19:31:54

Relance Navilog1, fais l'option 2 et poste le rapport.
7 Octobre 2008 20:04:48

bonsoir
post pour suivre :) 
7 Octobre 2008 20:10:56

et le voila ,merci pour tout le temps que tu y passe

Clean Navipromo version 3.6.6 commencé le 07/10/2008 à 20:00:44,74

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "anne-sophie"

Mise à jour le 29.09.2008 à 17h30 par IL-MAFIOSO

Microsoft Windows Vista 6.0.6001
Internet Explorer : 7.0.6001.18000
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur


*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\Windows\System32" *


* Suppression dans "C:\Users\anne-sophie\AppData\Local\Microsoft" *


* Suppression dans "C:\Users\anne-sophie\AppData\Local\virtualstore\windows\system32" *


* Suppression dans "C:\Users\anne-sophie\AppData\Local" *



*** Suppression dossiers dans "C:\Windows" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***


*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***


*** Suppression dossiers dans "C:\ProgramData" ***


*** Suppression dossiers dans c:\users\anne-s~1\appdata\roaming\micros~1\windows\startm~1\programs ***


*** Suppression dossiers dans "C:\Users\anne-sophie\AppData\Local\virtualstore\Program Files" ***


*** Suppression dossiers dans "C:\Users\anne-sophie\AppData\Roaming" ***



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\ANNE-S~1\AppData\Local\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\Windows\system32" *


* Dans "C:\Users\anne-sophie\AppData\Local\Microsoft" *


* Dans "C:\Users\anne-sophie\AppData\Local\virtualstore\windows\system32" *


* Dans "C:\Users\anne-sophie\AppData\Local" *


ceguy.exe trouvé !
Copie ceguy.exe réalisée avec succès !
ceguy.exe supprimé !

ceguy.dat trouvé !
Copie ceguy.dat réalisée avec succès !
ceguy.dat supprimé !

ceguy_nav.dat trouvé !
Copie ceguy_nav.dat réalisée avec succès !
ceguy_nav.dat supprimé !

ceguy_navps.dat trouvé !
Copie ceguy_navps.dat réalisée avec succès !
ceguy_navps.dat supprimé !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !


*** Nettoyage terminé le 07/10/2008 à 20:05:20,87 ***
7 Octobre 2008 20:24:18

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:23:19, on 07/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Windows\notepad.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hercules\Deluxe Optical Glass\CamService.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
C:\Program Files\Orange HSS\systray\systrayapp.exe
C:\Program Files\Orange HSS\Deskboard\deskboard.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Orange HSS\browser\browser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CamserviceDeluxe2] C:\Program Files\Hercules\Deluxe Optical Glass\Camservice.exe /startup
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\ANNE-S~1\AppData\Local\Temp\vturrQjJ.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\ANNE-S~1\AppData\Local\Temp\qoMghifc.dll,#1
O4 - HKCU\..\Run: [BM6b38692d] Rundll32.exe "C:\Users\ANNE-S~1\AppData\Local\Temp\tkeskkdi.dll",s
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.orange.fr
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/cert...
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {8B1A14AF-E603-4356-B687-1F7D46522DD3} (Image Uploader Combo Control) - http://www.mesvacancesenphoto.com/Components/Upload/Ima...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/a...
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/Obe...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

--
End of file - 9721 bytes
a c 296 8 Sécurité
7 Octobre 2008 20:28:23



pas d'utilisation de ComboFix
la suite en mp :) 

Rappels de cette section

essaye un tool qui cible CID :) 
7 Octobre 2008 20:53:03

ComboFix 08-10-07.01 - anne-sophie 2008-10-07 20:39:01.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.152 [GMT 2:00]
Lancé depuis: C:\Users\anne-sophie\Desktop\combofix\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\AutoRun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-07 au 2008-10-07 ))))))))))))))))))))))))))))))))))))
.

2008-10-07 20:19 . 2008-10-07 20:19 <REP> d-------- C:\Users\All Users\NortonInstaller
2008-10-07 20:19 . 2008-10-07 20:19 <REP> d-------- C:\ProgramData\NortonInstaller
2008-10-07 19:09 . 2008-10-07 20:17 <REP> d-------- C:\Program Files\Navilog1
2008-10-07 18:40 . 2008-10-07 18:40 <REP> d-------- C:\Program Files\Trend Micro
2008-09-28 13:53 . 2008-09-28 13:56 19,561 --a------ C:\Windows\hpqins13.dat
2008-09-24 22:02 . 2008-09-24 22:03 <REP> d-------- C:\Program Files\VirtualDJ
2008-09-11 19:59 . 2008-09-11 19:59 <REP> d-------- C:\Users\anne-sophie\Program Files
2008-09-10 20:37 . 2008-09-11 18:30 <REP> d-------- C:\Users\anne-sophie\AppData\Roaming\BitTorrent
2008-09-10 20:36 . 2008-10-07 20:36 <REP> d-------- C:\Users\anne-sophie\AppData\Roaming\DNA
2008-09-10 20:36 . 2008-10-07 19:05 <REP> d-------- C:\Program Files\DNA
2008-09-10 20:36 . 2008-09-10 20:37 <REP> d-------- C:\Program Files\BitTorrent
2008-09-10 02:41 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 02:41 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 02:41 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-10 02:41 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 02:41 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 02:41 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-10 02:41 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-10 02:41 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-10 02:41 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-07 17:06 --------- d-----w C:\Users\anne-sophie\AppData\Roaming\skypePM
2008-09-29 15:31 --------- d-----w C:\Program Files\eMule
2008-09-10 01:03 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-10 01:01 --------- d-----w C:\Program Files\Microsoft Works
2008-08-26 12:56 --------- d-----w C:\Users\anne-sophie\AppData\Roaming\gtk-2.0
2008-08-26 11:56 --------- d-----w C:\Program Files\GIMP-2.0
2008-08-18 10:23 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-17 12:43 --------- d-----w C:\ProgramData\Adobe Systems
2008-08-17 11:43 --------- d-----w C:\Program Files\VistaCodecPack
2008-08-17 11:41 --------- d-----w C:\ProgramData\VistaCodecs
2008-08-17 07:34 --------- d-----w C:\ProgramData\WinZip
2008-08-17 07:29 --------- d-----w C:\Program Files\ffdshow
2008-08-16 20:03 --------- d-----w C:\Program Files\DivX
2008-08-15 01:14 --------- d-----w C:\Program Files\Windows Mail
2008-08-13 16:42 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-08-09 13:40 --------- d-----w C:\Program Files\Common Files\Vbox
2008-08-09 13:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-07 18:44 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-08-07 10:28 174 --sha-w C:\Program Files\desktop.ini
2008-08-07 10:19 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-07 10:19 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-08-07 10:19 --------- d-----w C:\Program Files\Windows Journal
2008-08-07 10:19 --------- d-----w C:\Program Files\Windows Defender
2008-08-07 10:19 --------- d-----w C:\Program Files\Windows Collaboration
2008-08-07 10:19 --------- d-----w C:\Program Files\Windows Calendar
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-04-03 20:16 70,176 ----a-w C:\Users\anne-sophie\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-01-27 08:54 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-27 08:54 32 ----a-w C:\ProgramData\ezsid.dat
2008-01-12 12:20 8,192 --sha-w C:\Windows\o2cLicStore.bin
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 360448]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 21686568]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-02-04 16384]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-10-07 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"CamserviceDeluxe2"="C:\Program Files\Hercules\Deluxe Optical Glass\Camservice.exe" [2007-08-10 81920]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 C:\Windows\RtHDVCpl.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-07-10 535336]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-02-04 169472]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-08-17 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9AB5D548-055F-46CC-AEBD-1CE92040AD12}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{1559055D-B1E4-4576-B221-EC793993CEC3}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{FC1886A6-5068-4ECA-82FE-876FAC0AC50E}"= UDP:C:\Windows\System32\lxbkcoms.exe:Lexmark Communications System
"{87FC381A-4AAE-415E-A3F0-4A858B241F53}"= TCP:C:\Windows\System32\lxbkcoms.exe:Lexmark Communications System
"{C4ADB162-AE35-4228-856D-376A3457BE24}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe:p rinter Status Window
"{14C65DD8-A469-45C9-8ABA-BF940D99974A}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe:p rinter Status Window
"TCP Query User{A59387ED-5F04-4C25-8FC8-C7E0ABD0FB64}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{51E64563-E92E-4A5D-9304-36CB700E1DBD}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{CC352DDD-77F4-455A-9F98-AA24EB08C1AC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{48AFB0C3-950B-4644-A9EF-F927DF830D3B}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{6354DB4F-2135-4EF9-B8EF-409B7AF42512}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{05B64C8E-7255-44C6-8CB3-082258DD5E3F}"= UDP:4662:Emule
"TCP Query User{38A19747-9B09-454F-8318-43C344338C33}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{8476525E-0A8C-4500-AFEB-A590EB9DC0E3}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{158327E9-A12D-4491-8976-D9CD17E46EDD}C:\\users\\anne-sophie\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\anne-sophie\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{D0FE77CE-58D9-428A-A3AB-04987803323F}C:\\users\\anne-sophie\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\anne-sophie\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"{8FD81052-3F1A-445D-A8C8-67DE5E94F534}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9554C172-BC88-48AA-A36F-435F02C0C822}"= UDP:C:\Program Files\DNA\btdna.exe:D NA (TCP-In)
"{9C11A62B-4B90-4FE5-9661-8A57EB6E3CAE}"= TCP:C:\Program Files\DNA\btdna.exe:D NA (UDP-In)
"TCP Query User{9CD42BAE-4CEF-4E58-A2B8-42BC50367823}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:µTorrent
"UDP Query User{B3D3B0DC-2227-4D70-A0EA-2FB9CD392987}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:µTorrent
"{A2D2C9C0-125F-4297-9F24-F2204C40D03F}"= C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
"{36451ADE-86C2-4E3C-9CA5-B4F983E50EBF}"= C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
"{BDF3CD03-1954-433D-896C-41234717177D}"= C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
"{81C5079B-FFE3-4C24-B970-C6675F9EDD82}"= C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
"{90CCCA69-C446-45DA-A4EE-61E302A1EA3B}"= UDP:C:\Program Files\DNA\btdna.exe:D NA
"{F129B8AF-1A51-449D-97EA-E27111524683}"= TCP:C:\Program Files\DNA\btdna.exe:D NA
"{F75CD25C-D65E-45AC-81E5-D1C0FC34B101}"= UDP:C:\Users\anne-sophie\AppData\Local\Temp\7zS5678.tmp\SymNRT.exe:Norton Removal Tool
"{1947AF57-17D2-4FA0-953C-1C04E445281A}"= TCP:C:\Users\anne-sophie\AppData\Local\Temp\7zS5678.tmp\SymNRT.exe:Norton Removal Tool

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\Orange HSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 50768]
R2 lxbk_device;lxbk_device;C:\Windows\system32\lxbkcoms.exe [2007-04-26 537520]
R3 camfilt2;camfilt2;C:\Windows\system32\DRIVERS\camfilt2.sys [2007-08-06 94720]
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 27072]
R3 SiS6350;SiS6350;C:\Windows\system32\DRIVERS\SISGRKMD.sys [2007-06-05 454520]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-01-22 46592]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\Windows\system32\DRIVERS\SE2Ebus.sys [2006-05-01 61600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{359218f4-03bb-11dd-8102-001c252f9c09}]
\shell\AutoRun\command - J:\Setup.exe -auto

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'

2008-10-07 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-Acer Tour Reminder - (no file)


.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R0 -: HKLM-Main,Start Page = hxxp://fr.fr.acer.yahoo.com
R1 -: HKCU-Internet Settings,ProxyOverride = localhost
R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 -: {04CB5B64-5915-4629-B869-8945CEBADD21} - hxxps://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
C:\Windows\Downloaded Program Files\CERTDGI1.dll

O16 -: {8B1A14AF-E603-4356-B687-1F7D46522DD3} - hxxp://www.mesvacancesenphoto.com/Components/Upload/ImageUploa...
C:\Windows\Downloaded Program Files\ImageUploader5.inf
C:\Windows\System32\unicows.dll
C:\Windows\Downloaded Program Files\ImageUploader5.ocx

O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game01.zylom.com/activex/zylomgamesplayer.cab
C:\Windows\Downloaded Program Files\ZylomGamesPlayer.inf
C:\Windows\Downloaded Program Files\zylomgamesplayer.dll

O16 -: {CAC677B6-4963-4305-9066-0BD135CD9233} - hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
C:\Windows\Downloaded Program Files\IPSUploader4.inf
C:\Windows\System32\unicows.dll
C:\Windows\Downloaded Program Files\IPSUploader4.ocx

O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
C:\Windows\Downloaded Program Files\OberonGameHost_dbg.inf
C:\Windows\Downloaded Program Files\OberonGameHost.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-07 20:44:06
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-10-07 20:48:20
ComboFix-quarantined-files.txt 2008-10-07 18:48:15

Avant-CF: 34 810 363 904 octets libres
Après-CF: 35,654,545,408 octets libres

203 --- E O F --- 2008-10-02 21:26:14
a c 296 8 Sécurité
7 Octobre 2008 20:58:18

ComboFix, c'est contre Vundo. Je sais ce que je fais.

---> Télécharge Lop S&D sur ton Bureau
http://eric.71.mespages.googlepages.com/LopSD.exe
---> Double-clique dessus pour lancer l'installation
---> Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
---> Séléctionne la langue souhaitée, puis choisis l'option 1 (Recherche)
---> Patiente jusqu'à la fin du scan
---> Poste le rapport généré (C:\lopR.txt)
7 Octobre 2008 21:13:30

utilitaire QGREP a cessé de fonctionné,c'est quoi??
a c 296 8 Sécurité
7 Octobre 2008 21:15:17

Je ne sais pas, le scan se poursuit quand même ?
7 Octobre 2008 21:17:12

il est ecrit exactement

recherche avec S_lop...

et y'a un petit curseur qui clignote

est-ce que c'est bon?ca continu?
7 Octobre 2008 21:20:45

ah a priori oui,ca continu,maintenant c'est "recherche de fichiers avec catchme"
a c 296 8 Sécurité
7 Octobre 2008 21:27:09

Ok.
7 Octobre 2008 22:01:24

ca semble etre bien long cette fois,je suis malade,je ne tient plus,je t'envoie le rapport demain
a c 296 8 Sécurité
7 Octobre 2008 22:13:07

Ok, sans problème.

Arrête le programme.
8 Octobre 2008 19:11:04


--------------------\\ Lop S&D 4.2.4-5 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 3.00GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : anne-sophie ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1201 [VPS 081007-0] 4.8.1201 (Activated)
C:\ (Local Disk) - NTFS - Total : 69 Go Free : 37 Go
D:\ (Local Disk) - NTFS - Total : 69 Go Free : 33 Go
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [1] ( 07/10/2008|21:09 )

[ UAC => 0 ]

--------------------\\ Listing des dossiers dans Local

[17/08/2008|14:40] C:\Users\ANNE-S~1\AppData\Local\Adobe
[18/05/2008|07:46] C:\Users\ANNE-S~1\AppData\Local\Ahead
[07/01/2008|12:51] C:\Users\ANNE-S~1\AppData\Local\Application Data
[07/10/2008|19:05] C:\Users\ANNE-S~1\AppData\Local\auauhth.bat
[09/04/2008|09:54] C:\Users\ANNE-S~1\AppData\Local\d3d9caps.dat
[05/10/2008|17:27] C:\Users\ANNE-S~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[10/09/2008|20:36] C:\Users\ANNE-S~1\AppData\Local\DNA
[14/03/2008|18:10] C:\Users\ANNE-S~1\AppData\Local\eMule
[28/09/2008|13:51] C:\Users\ANNE-S~1\AppData\Local\GDIPFONTCACHEV1.DAT
[06/04/2008|14:05] C:\Users\ANNE-S~1\AppData\Local\Google
[07/01/2008|12:51] C:\Users\ANNE-S~1\AppData\Local\Historique
[02/08/2008|17:57] C:\Users\ANNE-S~1\AppData\Local\HP
[07/10/2008|20:02] C:\Users\ANNE-S~1\AppData\Local\IconCache.db
[07/10/2008|20:05] C:\Users\ANNE-S~1\AppData\Local\Microsoft
[16/05/2008|15:40] C:\Users\ANNE-S~1\AppData\Local\Microsoft Games
[10/08/2008|10:40] C:\Users\ANNE-S~1\AppData\Local\Microsoft Help
[06/04/2008|10:57] C:\Users\ANNE-S~1\AppData\Local\Nero
[07/01/2008|12:52] C:\Users\ANNE-S~1\AppData\Local\PowerCinema
[24/01/2008|11:57] C:\Users\ANNE-S~1\AppData\Local\Sony Ericsson
[07/10/2008|21:06] C:\Users\ANNE-S~1\AppData\Local\Temp
[07/01/2008|12:51] C:\Users\ANNE-S~1\AppData\Local\Temporary Internet Files
[09/08/2008|17:07] C:\Users\ANNE-S~1\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[07/10/2008 20:12][--a------] C:\Windows\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
[07/10/2008 20:03][--ah-----] C:\Windows\tasks\SA.DAT
[07/10/2008 20:02][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[10/07/2007|15:21] C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[17/08/2008|14:26] C:\ProgramData\Adobe
[17/08/2008|14:43] C:\ProgramData\Adobe Systems
[02/11/2006|15:02] C:\ProgramData\Application Data
[17/08/2008|14:39] C:\ProgramData\BM6b38692d.txt
[18/08/2008|14:24] C:\ProgramData\BM6b38692d.xml
[07/01/2008|12:48] C:\ProgramData\Bureau
[24/01/2008|11:52] C:\ProgramData\BVRP Software
[10/07/2007|15:52] C:\ProgramData\CyberLink
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[14/03/2008|18:10] C:\ProgramData\eMule
[10/07/2007|15:53] C:\ProgramData\eSobi
[27/01/2008|10:54] C:\ProgramData\ezsid.dat
[07/01/2008|12:48] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[02/08/2008|17:42] C:\ProgramData\Hewlett-Packard
[02/08/2008|17:43] C:\ProgramData\HP
[02/08/2008|17:34] C:\ProgramData\HP Product Assistant
[02/08/2008|17:37] C:\ProgramData\HPSSUPPLY
[28/09/2008|13:56] C:\ProgramData\hpzinstall.log
[17/03/2008|14:04] C:\ProgramData\LightScribe
[07/01/2008|12:48] C:\ProgramData\Menu Démarrer
[01/04/2008|18:46] C:\ProgramData\Messenger Plus!
[17/08/2008|09:19] C:\ProgramData\Microsoft
[10/09/2008|03:03] C:\ProgramData\Microsoft Help
[07/01/2008|12:48] C:\ProgramData\Modèles
[17/03/2008|13:54] C:\ProgramData\Nero
[07/10/2008|20:19] C:\ProgramData\NortonInstaller
[18/08/2008|11:52] C:\ProgramData\pskt.ini
[27/01/2008|10:52] C:\ProgramData\Skype
[24/01/2008|11:32] C:\ProgramData\Sony Ericsson
[02/11/2006|15:02] C:\ProgramData\Start Menu
[02/11/2006|15:02] C:\ProgramData\Templates
[17/08/2008|13:41] C:\ProgramData\VistaCodecs
[02/08/2008|17:45] C:\ProgramData\WEBREG
[17/08/2008|09:34] C:\ProgramData\WinZip
[10/02/2008|22:57] C:\ProgramData\WLInstaller
[07/01/2008|16:00] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing des dossiers dans C:\Program Files

[11/04/2008|10:40] C:\Program Files\Acer Arcade Live
[24/09/2007|09:38] C:\Program Files\Acer Inc
[10/07/2007|15:21] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[18/08/2008|12:23] C:\Program Files\Adobe
[07/01/2008|14:32] C:\Program Files\Alwil Software
[15/07/2008|22:17] C:\Program Files\Avanquest update
[10/09/2008|20:37] C:\Program Files\BitTorrent
[07/10/2008|20:41] C:\Program Files\Common Files
[05/07/2008|08:14] C:\Program Files\Conduit
[10/07/2007|15:48] C:\Program Files\CyberLink
[06/04/2008|11:50] C:\Program Files\DAEMON Tools Lite
[16/08/2008|22:03] C:\Program Files\DivX
[07/10/2008|19:05] C:\Program Files\DNA
[29/09/2008|17:31] C:\Program Files\eMule
[22/06/2008|18:34] C:\Program Files\EoRezo
[11/04/2008|10:53] C:\Program Files\eSobi
[17/08/2008|09:29] C:\Program Files\ffdshow
[07/01/2008|12:48] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[26/08/2008|13:56] C:\Program Files\GIMP-2.0
[06/04/2008|14:04] C:\Program Files\Google
[04/08/2008|18:55] C:\Program Files\Hercules
[02/08/2008|17:33] C:\Program Files\Hewlett-Packard
[02/08/2008|17:37] C:\Program Files\HP
[09/08/2008|15:36] C:\Program Files\InstallShield Installation Information
[07/08/2008|12:19] C:\Program Files\Internet Explorer
[23/06/2008|09:12] C:\Program Files\ItsLabel
[10/01/2008|22:55] C:\Program Files\Lexmark X1100 Series
[27/01/2008|10:44] C:\Program Files\Logitech
[19/03/2008|16:15] C:\Program Files\Messenger Plus! Live
[08/01/2008|09:49] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[06/04/2008|12:14] C:\Program Files\Microsoft Office
[06/04/2008|12:14] C:\Program Files\Microsoft Visual Studio
[06/04/2008|12:23] C:\Program Files\Microsoft Visual Studio 8
[10/09/2008|03:01] C:\Program Files\Microsoft Works
[14/03/2008|15:29] C:\Program Files\Microsoft Works Suite 2003
[06/04/2008|12:12] C:\Program Files\Microsoft.NET
[07/08/2008|12:19] C:\Program Files\Movie Maker
[06/04/2008|12:15] C:\Program Files\MSBuild
[08/01/2008|09:36] C:\Program Files\MSXML 4.0
[07/10/2008|20:17] C:\Program Files\Navilog1
[17/03/2008|13:54] C:\Program Files\Nero
[11/04/2008|10:50] C:\Program Files\NewTech Infosystems
[12/05/2008|00:30] C:\Program Files\Norton Security Scan
[05/07/2008|08:14] C:\Program Files\Online_TV
[07/01/2008|13:48] C:\Program Files\Orange HSS
[10/05/2008|08:38] C:\Program Files\PacificPoker4
[18/03/2008|09:29] C:\Program Files\Real
[10/07/2007|15:07] C:\Program Files\Realtek
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[07/01/2008|13:20] C:\Program Files\SAGEM
[07/01/2008|13:18] C:\Program Files\Securitoo
[24/09/2007|09:32] C:\Program Files\SiS VGA Utilities
[27/01/2008|10:52] C:\Program Files\Skype
[24/01/2008|11:32] C:\Program Files\Sony Ericsson
[07/10/2008|18:40] C:\Program Files\Trend Micro
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[24/09/2008|22:03] C:\Program Files\VirtualDJ
[17/08/2008|13:43] C:\Program Files\VistaCodecPack
[07/08/2008|12:19] C:\Program Files\Windows Calendar
[07/08/2008|12:19] C:\Program Files\Windows Collaboration
[07/08/2008|12:19] C:\Program Files\Windows Defender
[07/08/2008|12:19] C:\Program Files\Windows Journal
[10/02/2008|23:02] C:\Program Files\Windows Live
[08/01/2008|10:07] C:\Program Files\Windows Live Toolbar
[15/08/2008|03:14] C:\Program Files\Windows Mail
[07/08/2008|12:19] C:\Program Files\Windows Media Player
[07/01/2008|12:48] C:\Program Files\Windows NT
[07/08/2008|12:19] C:\Program Files\Windows Photo Gallery
[07/08/2008|12:19] C:\Program Files\Windows Sidebar
[17/08/2008|14:55] C:\Program Files\WinRAR
[17/08/2008|14:53] C:\Program Files\WinZip
[07/01/2008|12:52] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[18/08/2008|12:23] C:\Program Files\Common Files\Adobe
[06/04/2008|12:29] C:\Program Files\Common Files\DESIGNER
[07/01/2008|13:46] C:\Program Files\Common Files\France Telecom
[02/08/2008|17:33] C:\Program Files\Common Files\Hewlett-Packard
[02/08/2008|17:34] C:\Program Files\Common Files\HP
[10/07/2007|15:47] C:\Program Files\Common Files\InstallShield
[10/07/2007|15:37] C:\Program Files\Common Files\LightScribe
[14/07/2008|10:38] C:\Program Files\Common Files\microsoft shared
[17/03/2008|13:57] C:\Program Files\Common Files\Nero
[10/07/2007|15:38] C:\Program Files\Common Files\NewTech Infosystems
[13/08/2008|18:42] C:\Program Files\Common Files\PX Storage Engine
[18/03/2008|09:30] C:\Program Files\Common Files\Real
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[27/01/2008|10:52] C:\Program Files\Common Files\Skype
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[12/05/2008|10:17] C:\Program Files\Common Files\Symantec Shared
[07/08/2008|12:19] C:\Program Files\Common Files\System
[09/08/2008|15:40] C:\Program Files\Common Files\Vbox
[10/02/2008|23:02] C:\Program Files\Common Files\WindowsLiveInstaller
[18/03/2008|09:30] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 77 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\Users\ANNE-S~1\AppData\Roaming\MICROS~1\Windows\Cookies\anne-sophie@advertstream[2].txt
C:\Users\ANNE-S~1\AppData\Roaming\MICROS~1\Windows\Cookies\anne-sophie@adultfriendfinder[1].txt
C:\Users\ANNE-S~1\AppData\Roaming\MICROS~1\Windows\Cookies\anne-sophie@advertising[1].txt
C:\Users\ANNE-S~1\AppData\Roaming\MICROS~1\Windows\Cookies\anne-sophie@ero-advertising[2].txt
C:\Users\ANNE-S~1\AppData\Roaming\MICROS~1\Windows\Cookies\anne-sophie@adopt.euroclick[2].txt
C:\Users\ANNE-S~1\AppData\Roaming\MICROS~1\Windows\Cookies\anne-sophie@2xmoinscher[2].txt
C:\Users\ANNE-S~1\AppData\Roaming\MICROS~1\Windows\Cookies\anne-sophie@www.2xmoinscher[2].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-07 21:18:13
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 610

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\ANNE-S~1\AppData\Roaming\Microsoft\Windows\Recent\Adobe Photoshop Cs2 v9.0 Multilanguage Keygen.lnk
C:\Users\ANNE-S~1\AppData\Roaming\Microsoft\Windows\Recent\WinRar 3.70 FINAL multi-languaje + crack + serial.rar.lnk
C:\Users\ANNE-S~1\AppData\Roaming\Microsoft\Windows\Recent\WinRAR.v3.51+ crack.lnk
C:\Users\ANNE-S~1\AppData\Roaming\Microsoft\Windows\Recent\winzip-Winrar_v.3.50_FINAL_Español_Spanish+Crack_Garantizado_por_Luismi.lnk


[F:30][D:4]-> C:\Users\ANNE-S~1\AppData\Local\Temp
[F:431][D:1]-> C:\Users\ANNE-S~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:2228][D:8]-> C:\Users\ANNE-S~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:4][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 08/10/2008|14:42 - Option : [1]

--------------------\\ Fin du rapport a 14:42:13
[ UAC => 1 ]

a c 296 8 Sécurité
8 Octobre 2008 19:14:22

---> Relance Lop S&D
---> Choisis cette fois-ci l'option 2 (Suppression)
---> Ne ferme pas la fenêtre lors de la suppression !
---> Poste le rapport généré (C:\lopR.txt)
8 Octobre 2008 19:53:33

voila

--------------------\\ Lop S&D 4.2.4-5 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 3.00GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : anne-sophie ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1201 [VPS 081007-0] 4.8.1201 (Activated)
C:\ (Local Disk) - NTFS - Total : 69 Go Free : 37 Go
D:\ (Local Disk) - NTFS - Total : 69 Go Free : 33 Go
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [1] ( 07/10/2008|21:09 )

[ UAC => 0 ]

--------------------\\ Listing des dossiers dans Local

[17/08/2008|14:40] C:\Users\ANNE-S~1\AppData\Local\Adobe
[18/05/2008|07:46] C:\Users\ANNE-S~1\AppData\Local\Ahead
[07/01/2008|12:51] C:\Users\ANNE-S~1\AppData\Local\Application Data
[07/10/2008|19:05] C:\Users\ANNE-S~1\AppData\Local\auauhth.bat
[09/04/2008|09:54] C:\Users\ANNE-S~1\AppData\Local\d3d9caps.dat
[05/10/2008|17:27] C:\Users\ANNE-S~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[10/09/2008|20:36] C:\Users\ANNE-S~1\AppData\Local\DNA
[14/03/2008|18:10] C:\Users\ANNE-S~1\AppData\Local\eMule
[28/09/2008|13:51] C:\Users\ANNE-S~1\AppData\Local\GDIPFONTCACHEV1.DAT
[06/04/2008|14:05] C:\Users\ANNE-S~1\AppData\Local\Google
[07/01/2008|12:51] C:\Users\ANNE-S~1\AppData\Local\Historique
[02/08/2008|17:57] C:\Users\ANNE-S~1\AppData\Local\HP
[07/10/2008|20:02] C:\Users\ANNE-S~1\AppData\Local\IconCache.db
[07/10/2008|20:05] C:\Users\ANNE-S~1\AppData\Local\Microsoft
[16/05/2008|15:40] C:\Users\ANNE-S~1\AppData\Local\Microsoft Games
[10/08/2008|10:40] C:\Users\ANNE-S~1\AppData\Local\Microsoft Help
[06/04/2008|10:57] C:\Users\ANNE-S~1\AppData\Local\Nero
[07/01/2008|12:52] C:\Users\ANNE-S~1\AppData\Local\PowerCinema
[24/01/2008|11:57] C:\Users\ANNE-S~1\AppData\Local\Sony Ericsson
[07/10/2008|21:06] C:\Users\ANNE-S~1\AppData\Local\Temp
[07/01/2008|12:51] C:\Users\ANNE-S~1\AppData\Local\Temporary Internet Files
[09/08/2008|17:07] C:\Users\ANNE-S~1\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[07/10/2008 20:12][--a------] C:\Windows\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
[07/10/2008 20:03][--ah-----] C:\Windows\tasks\SA.DAT
[07/10/2008 20:02][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[10/07/2007|15:21] C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[17/08/2008|14:26] C:\ProgramData\Adobe
[17/08/2008|14:43] C:\ProgramData\Adobe Systems
[02/11/2006|15:02] C:\ProgramData\Application Data
[17/08/2008|14:39] C:\ProgramData\BM6b38692d.txt
[18/08/2008|14:24] C:\ProgramData\BM6b38692d.xml
[07/01/2008|12:48] C:\ProgramData\Bureau
[24/01/2008|11:52] C:\ProgramData\BVRP Software
[10/07/2007|15:52] C:\ProgramData\CyberLink
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[14/03/2008|18:10] C:\ProgramData\eMule
[10/07/2007|15:53] C:\ProgramData\eSobi
[27/01/2008|10:54] C:\ProgramData\ezsid.dat
[07/01/2008|12:48] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[02/08/2008|17:42] C:\ProgramData\Hewlett-Packard
[02/08/2008|17:43] C:\ProgramData\HP
[02/08/2008|17:34] C:\ProgramData\HP Product Assistant
[02/08/2008|17:37] C:\ProgramData\HPSSUPPLY
[28/09/2008|13:56] C:\ProgramData\hpzinstall.log
[17/03/2008|14:04] C:\ProgramData\LightScribe
[07/01/2008|12:48] C:\ProgramData\Menu Démarrer
[01/04/2008|18:46] C:\ProgramData\Messenger Plus!
[17/08/2008|09:19] C:\ProgramData\Microsoft
[10/09/2008|03:03] C:\ProgramData\Microsoft Help
[07/01/2008|12:48] C:\ProgramData\Modèles
[17/03/2008|13:54] C:\ProgramData\Nero
[07/10/2008|20:19] C:\ProgramData\NortonInstaller
[18/08/2008|11:52] C:\ProgramData\pskt.ini
[27/01/2008|10:52] C:\ProgramData\Skype
[24/01/2008|11:32] C:\ProgramData\Sony Ericsson
[02/11/2006|15:02] C:\ProgramData\Start Menu
[02/11/2006|15:02] C:\ProgramData\Templates
[17/08/2008|13:41] C:\ProgramData\VistaCodecs
[02/08/2008|17:45] C:\ProgramData\WEBREG
[17/08/2008|09:34] C:\ProgramData\WinZip
[10/02/2008|22:57] C:\ProgramData\WLInstaller
[07/01/2008|16:00] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing des dossiers dans C:\Program Files

[11/04/2008|10:40] C:\Program Files\Acer Arcade Live
[24/09/2007|09:38] C:\Program Files\Acer Inc
[10/07/2007|15:21] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[18/08/2008|12:23] C:\Program Files\Adobe
[07/01/2008|14:32] C:\Program Files\Alwil Software
[15/07/2008|22:17] C:\Program Files\Avanquest update
[10/09/2008|20:37] C:\Program Files\BitTorrent
[07/10/2008|20:41] C:\Program Files\Common Files
[05/07/2008|08:14] C:\Program Files\Conduit
[10/07/2007|15:48] C:\Program Files\CyberLink
[06/04/2008|11:50] C:\Program Files\DAEMON Tools Lite
[16/08/2008|22:03] C:\Program Files\DivX
[07/10/2008|19:05] C:\Program Files\DNA
[29/09/2008|17:31] C:\Program Files\eMule
[22/06/2008|18:34] C:\Program Files\EoRezo
[11/04/2008|10:53] C:\Program Files\eSobi
[17/08/2008|09:29] C:\Program Files\ffdshow
[07/01/2008|12:48] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[26/08/2008|13:56] C:\Program Files\GIMP-2.0
[06/04/2008|14:04] C:\Program Files\Google
[04/08/2008|18:55] C:\Program Files\Hercules
[02/08/2008|17:33] C:\Program Files\Hewlett-Packard
[02/08/2008|17:37] C:\Program Files\HP
[09/08/2008|15:36] C:\Program Files\InstallShield Installation Information
[07/08/2008|12:19] C:\Program Files\Internet Explorer
[23/06/2008|09:12] C:\Program Files\ItsLabel
[10/01/2008|22:55] C:\Program Files\Lexmark X1100 Series
[27/01/2008|10:44] C:\Program Files\Logitech
[19/03/2008|16:15] C:\Program Files\Messenger Plus! Live
[08/01/2008|09:49] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[06/04/2008|12:14] C:\Program Files\Microsoft Office
[06/04/2008|12:14] C:\Program Files\Microsoft Visual Studio
[06/04/2008|12:23] C:\Program Files\Microsoft Visual Studio 8
[10/09/2008|03:01] C:\Program Files\Microsoft Works
[14/03/2008|15:29] C:\Program Files\Microsoft Works Suite 2003
[06/04/2008|12:12] C:\Program Files\Microsoft.NET
[07/08/2008|12:19] C:\Program Files\Movie Maker
[06/04/2008|12:15] C:\Program Files\MSBuild
[08/01/2008|09:36] C:\Program Files\MSXML 4.0
[07/10/2008|20:17] C:\Program Files\Navilog1
[17/03/2008|13:54] C:\Program Files\Nero
[11/04/2008|10:50] C:\Program Files\NewTech Infosystems
[12/05/2008|00:30] C:\Program Files\Norton Security Scan
[05/07/2008|08:14] C:\Program Files\Online_TV
[07/01/2008|13:48] C:\Program Files\Orange HSS
[10/05/2008|08:38] C:\Program Files\PacificPoker4
[18/03/2008|09:29] C:\Program Files\Real
[10/07/2007|15:07] C:\Program Files\Realtek
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[07/01/2008|13:20] C:\Program Files\SAGEM
[07/01/2008|13:18] C:\Program Files\Securitoo
[24/09/2007|09:32] C:\Program Files\SiS VGA Utilities
[27/01/2008|10:52] C:\Program Files\Skype
[24/01/2008|11:32] C:\Program Files\Sony Ericsson
[07/10/2008|18:40] C:\Program Files\Trend Micro
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[24/09/2008|22:03] C:\Program Files\VirtualDJ
[17/08/2008|13:43] C:\Program Files\VistaCodecPack
[07/08/2008|12:19] C:\Program Files\Windows Calendar
[07/08/2008|12:19] C:\Program Files\Windows Collaboration
[07/08/2008|12:19] C:\Program Files\Windows Defender
[07/08/2008|12:19] C:\Program Files\Windows Journal
[10/02/2008|23:02] C:\Program Files\Windows Live
[08/01/2008|10:07] C:\Program Files\Windows Live Toolbar
[15/08/2008|03:14] C:\Program Files\Windows Mail
[07/08/2008|12:19] C:\Program Files\Windows Media Player
[07/01/2008|12:48] C:\Program Files\Windows NT
[07/08/2008|12:19] C:\Program Files\Windows Photo Gallery
[07/08/2008|12:19] C:\Program Files\Windows Sidebar
[17/08/2008|14:55] C:\Program Files\WinRAR
[17/08/2008|14:53] C:\Program Files\WinZip
[07/01/2008|12:52] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[18/08/2008|12:23] C:\Program Files\Common Files\Adobe
[06/04/2008|12:29] C:\Program Files\Common Files\DESIGNER
[07/01/2008|13:46] C:\Program Files\Common Files\France Telecom
[02/08/2008|17:33] C:\Program Files\Common Files\Hewlett-Packard
[02/08/2008|17:34] C:\Program Files\Common Files\HP
[10/07/2007|15:47] C:\Program Files\Common Files\InstallShield
[10/07/2007|15:37] C:\Program Files\Common Files\LightScribe
[14/07/2008|10:38] C:\Program Files\Common Files\microsoft shared
[17/03/2008|13:57] C:\Program Files\Common Files\Nero
[10/07/2007|15:38] C:\Program Files\Common Files\NewTech Infosystems
[13/08/2008|18:42] C:\Program Files\Common Files\PX Storage Engine
[18/03/2008|09:30] C:\Program Files\Common Files\Real
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[27/01/2008|10:52] C:\Program Files\Common Files\Skype
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[12/05/2008|10:17] C:\Program Files\Common Files\Symantec Shared
[07/08/2008|12:19] C:\Program Files\Common Files\System
[09/08/2008|15:40] C:\Program Files\Common Files\Vbox
[10/02/2008|23:02] C:\Program Files\Common Files\WindowsLiveInstaller
[18/03/2008|09:30] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 77 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\Users\ANNE-S~1\AppData\Roaming\MICROS~1\Windows\Cookies\anne-sophie@advertstream[2].txt
C:\Users\ANNE-S~1\AppData\Roaming\MICROS~1\Windows\Cookies\anne-sophie@adultfriendfinder[1].txt
C:\Users\ANNE-S~1\AppData\Roaming\MICROS~1\Windows\Cookies\anne-sophie@advertising[1].txt
C:\Users\ANNE-S~1\AppData\Roaming\MICROS~1\Windows\Cookies\anne-sophie@ero-advertising[2].txt
C:\Users\ANNE-S~1\AppData\Roaming\MICROS~1\Windows\Cookies\anne-sophie@adopt.euroclick[2].txt
C:\Users\ANNE-S~1\AppData\Roaming\MICROS~1\Windows\Cookies\anne-sophie@2xmoinscher[2].txt
C:\Users\ANNE-S~1\AppData\Roaming\MICROS~1\Windows\Cookies\anne-sophie@www.2xmoinscher[2].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-07 21:18:13
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 610

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\ANNE-S~1\AppData\Roaming\Microsoft\Windows\Recent\Adobe Photoshop Cs2 v9.0 Multilanguage Keygen.lnk
C:\Users\ANNE-S~1\AppData\Roaming\Microsoft\Windows\Recent\WinRar 3.70 FINAL multi-languaje + crack + serial.rar.lnk
C:\Users\ANNE-S~1\AppData\Roaming\Microsoft\Windows\Recent\WinRAR.v3.51+ crack.lnk
C:\Users\ANNE-S~1\AppData\Roaming\Microsoft\Windows\Recent\winzip-Winrar_v.3.50_FINAL_Español_Spanish+Crack_Garantizado_por_Luismi.lnk


[F:30][D:4]-> C:\Users\ANNE-S~1\AppData\Local\Temp
[F:431][D:1]-> C:\Users\ANNE-S~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:2228][D:8]-> C:\Users\ANNE-S~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:4][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 08/10/2008|14:42 - Option : [1]

--------------------\\ Fin du rapport a 14:42:13
[ UAC => 1 ]

a c 296 8 Sécurité
8 Octobre 2008 19:54:43

Ce n'est pas le bon rapport. Celui-ci date d'hier.
8 Octobre 2008 20:05:09

--------------------\\ Lop S&D 4.2.4-5 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 3.00GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : anne-sophie ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1201 [VPS 081008-0] 4.8.1201 (Activated)
C:\ (Local Disk) - NTFS - Total : 69 Go Free : 41 Go
D:\ (Local Disk) - NTFS - Total : 69 Go Free : 33 Go
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [2] ( 08/10/2008|20:02 )

[ UAC => 1 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\Users\ANNE-S~1\AppData\Roaming\MICROS~1\Windows\Cookies\anne-sophie@adultfriendfinder[2].txt
Supprime! - C:\Users\ANNE-S~1\AppData\Roaming\MICROS~1\Windows\Cookies\anne-sophie@advertising[2].txt
Supprime! - C:\Users\ANNE-S~1\AppData\Roaming\MICROS~1\Windows\Cookies\anne-sophie@adopt.euroclick[1].txt
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans Local

[17/08/2008|14:40] C:\Users\ANNE-S~1\AppData\Local\Adobe
[18/05/2008|07:46] C:\Users\ANNE-S~1\AppData\Local\Ahead
[07/01/2008|12:51] C:\Users\ANNE-S~1\AppData\Local\Application Data
[07/10/2008|19:05] C:\Users\ANNE-S~1\AppData\Local\auauhth.bat
[09/04/2008|09:54] C:\Users\ANNE-S~1\AppData\Local\d3d9caps.dat
[08/10/2008|03:16] C:\Users\ANNE-S~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[10/09/2008|20:36] C:\Users\ANNE-S~1\AppData\Local\DNA
[14/03/2008|18:10] C:\Users\ANNE-S~1\AppData\Local\eMule
[28/09/2008|13:51] C:\Users\ANNE-S~1\AppData\Local\GDIPFONTCACHEV1.DAT
[06/04/2008|14:05] C:\Users\ANNE-S~1\AppData\Local\Google
[07/01/2008|12:51] C:\Users\ANNE-S~1\AppData\Local\Historique
[02/08/2008|17:57] C:\Users\ANNE-S~1\AppData\Local\HP
[08/10/2008|15:50] C:\Users\ANNE-S~1\AppData\Local\IconCache.db
[07/10/2008|20:05] C:\Users\ANNE-S~1\AppData\Local\Microsoft
[16/05/2008|15:40] C:\Users\ANNE-S~1\AppData\Local\Microsoft Games
[10/08/2008|10:40] C:\Users\ANNE-S~1\AppData\Local\Microsoft Help
[06/04/2008|10:57] C:\Users\ANNE-S~1\AppData\Local\Nero
[07/01/2008|12:52] C:\Users\ANNE-S~1\AppData\Local\PowerCinema
[24/01/2008|11:57] C:\Users\ANNE-S~1\AppData\Local\Sony Ericsson
[08/10/2008|20:02] C:\Users\ANNE-S~1\AppData\Local\Temp
[07/01/2008|12:51] C:\Users\ANNE-S~1\AppData\Local\Temporary Internet Files
[09/08/2008|17:07] C:\Users\ANNE-S~1\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[08/10/2008 19:12][--a------] C:\Windows\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[08/10/2008 16:07][--ah-----] C:\Windows\tasks\SA.DAT
[08/10/2008 15:50][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[10/07/2007|15:21] C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[17/08/2008|14:26] C:\ProgramData\Adobe
[17/08/2008|14:43] C:\ProgramData\Adobe Systems
[02/11/2006|15:02] C:\ProgramData\Application Data
[17/08/2008|14:39] C:\ProgramData\BM6b38692d.txt
[18/08/2008|14:24] C:\ProgramData\BM6b38692d.xml
[07/01/2008|12:48] C:\ProgramData\Bureau
[24/01/2008|11:52] C:\ProgramData\BVRP Software
[10/07/2007|15:52] C:\ProgramData\CyberLink
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[14/03/2008|18:10] C:\ProgramData\eMule
[10/07/2007|15:53] C:\ProgramData\eSobi
[27/01/2008|10:54] C:\ProgramData\ezsid.dat
[07/01/2008|12:48] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[02/08/2008|17:42] C:\ProgramData\Hewlett-Packard
[02/08/2008|17:43] C:\ProgramData\HP
[02/08/2008|17:34] C:\ProgramData\HP Product Assistant
[02/08/2008|17:37] C:\ProgramData\HPSSUPPLY
[28/09/2008|13:56] C:\ProgramData\hpzinstall.log
[17/03/2008|14:04] C:\ProgramData\LightScribe
[07/01/2008|12:48] C:\ProgramData\Menu D‚marrer
[01/04/2008|18:46] C:\ProgramData\Messenger Plus!
[17/08/2008|09:19] C:\ProgramData\Microsoft
[10/09/2008|03:03] C:\ProgramData\Microsoft Help
[07/01/2008|12:48] C:\ProgramData\ModŠles
[17/03/2008|13:54] C:\ProgramData\Nero
[07/10/2008|20:19] C:\ProgramData\NortonInstaller
[18/08/2008|11:52] C:\ProgramData\pskt.ini
[27/01/2008|10:52] C:\ProgramData\Skype
[24/01/2008|11:32] C:\ProgramData\Sony Ericsson
[02/11/2006|15:02] C:\ProgramData\Start Menu
[02/11/2006|15:02] C:\ProgramData\Templates
[17/08/2008|13:41] C:\ProgramData\VistaCodecs
[02/08/2008|17:45] C:\ProgramData\WEBREG
[17/08/2008|09:34] C:\ProgramData\WinZip
[10/02/2008|22:57] C:\ProgramData\WLInstaller
[07/01/2008|16:00] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing des dossiers dans C:\Program Files

[11/04/2008|10:40] C:\Program Files\Acer Arcade Live
[24/09/2007|09:38] C:\Program Files\Acer Inc
[10/07/2007|15:21] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[18/08/2008|12:23] C:\Program Files\Adobe
[07/01/2008|14:32] C:\Program Files\Alwil Software
[15/07/2008|22:17] C:\Program Files\Avanquest update
[10/09/2008|20:37] C:\Program Files\BitTorrent
[07/10/2008|20:41] C:\Program Files\Common Files
[05/07/2008|08:14] C:\Program Files\Conduit
[10/07/2007|15:48] C:\Program Files\CyberLink
[06/04/2008|11:50] C:\Program Files\DAEMON Tools Lite
[16/08/2008|22:03] C:\Program Files\DivX
[07/10/2008|19:05] C:\Program Files\DNA
[29/09/2008|17:31] C:\Program Files\eMule
[22/06/2008|18:34] C:\Program Files\EoRezo
[11/04/2008|10:53] C:\Program Files\eSobi
[17/08/2008|09:29] C:\Program Files\ffdshow
[07/01/2008|12:48] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[26/08/2008|13:56] C:\Program Files\GIMP-2.0
[06/04/2008|14:04] C:\Program Files\Google
[04/08/2008|18:55] C:\Program Files\Hercules
[02/08/2008|17:33] C:\Program Files\Hewlett-Packard
[02/08/2008|17:37] C:\Program Files\HP
[09/08/2008|15:36] C:\Program Files\InstallShield Installation Information
[07/08/2008|12:19] C:\Program Files\Internet Explorer
[23/06/2008|09:12] C:\Program Files\ItsLabel
[10/01/2008|22:55] C:\Program Files\Lexmark X1100 Series
[27/01/2008|10:44] C:\Program Files\Logitech
[19/03/2008|16:15] C:\Program Files\Messenger Plus! Live
[08/01/2008|09:49] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[06/04/2008|12:14] C:\Program Files\Microsoft Office
[06/04/2008|12:14] C:\Program Files\Microsoft Visual Studio
[06/04/2008|12:23] C:\Program Files\Microsoft Visual Studio 8
[10/09/2008|03:01] C:\Program Files\Microsoft Works
[14/03/2008|15:29] C:\Program Files\Microsoft Works Suite 2003
[06/04/2008|12:12] C:\Program Files\Microsoft.NET
[07/08/2008|12:19] C:\Program Files\Movie Maker
[06/04/2008|12:15] C:\Program Files\MSBuild
[08/01/2008|09:36] C:\Program Files\MSXML 4.0
[07/10/2008|20:17] C:\Program Files\Navilog1
[17/03/2008|13:54] C:\Program Files\Nero
[11/04/2008|10:50] C:\Program Files\NewTech Infosystems
[12/05/2008|00:30] C:\Program Files\Norton Security Scan
[05/07/2008|08:14] C:\Program Files\Online_TV
[07/01/2008|13:48] C:\Program Files\Orange HSS
[10/05/2008|08:38] C:\Program Files\PacificPoker4
[18/03/2008|09:29] C:\Program Files\Real
[10/07/2007|15:07] C:\Program Files\Realtek
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[07/01/2008|13:20] C:\Program Files\SAGEM
[07/01/2008|13:18] C:\Program Files\Securitoo
[24/09/2007|09:32] C:\Program Files\SiS VGA Utilities
[27/01/2008|10:52] C:\Program Files\Skype
[24/01/2008|11:32] C:\Program Files\Sony Ericsson
[07/10/2008|18:40] C:\Program Files\Trend Micro
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[24/09/2008|22:03] C:\Program Files\VirtualDJ
[17/08/2008|13:43] C:\Program Files\VistaCodecPack
[07/08/2008|12:19] C:\Program Files\Windows Calendar
[07/08/2008|12:19] C:\Program Files\Windows Collaboration
[07/08/2008|12:19] C:\Program Files\Windows Defender
[07/08/2008|12:19] C:\Program Files\Windows Journal
[10/02/2008|23:02] C:\Program Files\Windows Live
[08/01/2008|10:07] C:\Program Files\Windows Live Toolbar
[15/08/2008|03:14] C:\Program Files\Windows Mail
[07/08/2008|12:19] C:\Program Files\Windows Media Player
[07/01/2008|12:48] C:\Program Files\Windows NT
[07/08/2008|12:19] C:\Program Files\Windows Photo Gallery
[07/08/2008|12:19] C:\Program Files\Windows Sidebar
[17/08/2008|14:55] C:\Program Files\WinRAR
[17/08/2008|14:53] C:\Program Files\WinZip
[07/01/2008|12:52] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[18/08/2008|12:23] C:\Program Files\Common Files\Adobe
[06/04/2008|12:29] C:\Program Files\Common Files\DESIGNER
[07/01/2008|13:46] C:\Program Files\Common Files\France Telecom
[02/08/2008|17:33] C:\Program Files\Common Files\Hewlett-Packard
[02/08/2008|17:34] C:\Program Files\Common Files\HP
[10/07/2007|15:47] C:\Program Files\Common Files\InstallShield
[10/07/2007|15:37] C:\Program Files\Common Files\LightScribe
[14/07/2008|10:38] C:\Program Files\Common Files\microsoft shared
[17/03/2008|13:57] C:\Program Files\Common Files\Nero
[10/07/2007|15:38] C:\Program Files\Common Files\NewTech Infosystems
[13/08/2008|18:42] C:\Program Files\Common Files\PX Storage Engine
[18/03/2008|09:30] C:\Program Files\Common Files\Real
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[27/01/2008|10:52] C:\Program Files\Common Files\Skype
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[12/05/2008|10:17] C:\Program Files\Common Files\Symantec Shared
[07/08/2008|12:19] C:\Program Files\Common Files\System
[09/08/2008|15:40] C:\Program Files\Common Files\Vbox
[10/02/2008|23:02] C:\Program Files\Common Files\WindowsLiveInstaller
[18/03/2008|09:30] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 77 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

8 Octobre 2008 20:06:48


--------------------\\ Lop S&D 4.2.4-5 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 3.00GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : anne-sophie ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1201 [VPS 081008-0] 4.8.1201 (Activated)
C:\ (Local Disk) - NTFS - Total : 69 Go Free : 41 Go
D:\ (Local Disk) - NTFS - Total : 69 Go Free : 33 Go
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [2] ( 08/10/2008|20:02 )

[ UAC => 1 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\Users\ANNE-S~1\AppData\Roaming\MICROS~1\Windows\Cookies\anne-sophie@adultfriendfinder[2].txt
Supprime! - C:\Users\ANNE-S~1\AppData\Roaming\MICROS~1\Windows\Cookies\anne-sophie@advertising[2].txt
Supprime! - C:\Users\ANNE-S~1\AppData\Roaming\MICROS~1\Windows\Cookies\anne-sophie@adopt.euroclick[1].txt
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans Local

[17/08/2008|14:40] C:\Users\ANNE-S~1\AppData\Local\Adobe
[18/05/2008|07:46] C:\Users\ANNE-S~1\AppData\Local\Ahead
[07/01/2008|12:51] C:\Users\ANNE-S~1\AppData\Local\Application Data
[07/10/2008|19:05] C:\Users\ANNE-S~1\AppData\Local\auauhth.bat
[09/04/2008|09:54] C:\Users\ANNE-S~1\AppData\Local\d3d9caps.dat
[08/10/2008|03:16] C:\Users\ANNE-S~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[10/09/2008|20:36] C:\Users\ANNE-S~1\AppData\Local\DNA
[14/03/2008|18:10] C:\Users\ANNE-S~1\AppData\Local\eMule
[28/09/2008|13:51] C:\Users\ANNE-S~1\AppData\Local\GDIPFONTCACHEV1.DAT
[06/04/2008|14:05] C:\Users\ANNE-S~1\AppData\Local\Google
[07/01/2008|12:51] C:\Users\ANNE-S~1\AppData\Local\Historique
[02/08/2008|17:57] C:\Users\ANNE-S~1\AppData\Local\HP
[08/10/2008|15:50] C:\Users\ANNE-S~1\AppData\Local\IconCache.db
[07/10/2008|20:05] C:\Users\ANNE-S~1\AppData\Local\Microsoft
[16/05/2008|15:40] C:\Users\ANNE-S~1\AppData\Local\Microsoft Games
[10/08/2008|10:40] C:\Users\ANNE-S~1\AppData\Local\Microsoft Help
[06/04/2008|10:57] C:\Users\ANNE-S~1\AppData\Local\Nero
[07/01/2008|12:52] C:\Users\ANNE-S~1\AppData\Local\PowerCinema
[24/01/2008|11:57] C:\Users\ANNE-S~1\AppData\Local\Sony Ericsson
[08/10/2008|20:02] C:\Users\ANNE-S~1\AppData\Local\Temp
[07/01/2008|12:51] C:\Users\ANNE-S~1\AppData\Local\Temporary Internet Files
[09/08/2008|17:07] C:\Users\ANNE-S~1\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[08/10/2008 19:12][--a------] C:\Windows\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[08/10/2008 16:07][--ah-----] C:\Windows\tasks\SA.DAT
[08/10/2008 15:50][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[10/07/2007|15:21] C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[17/08/2008|14:26] C:\ProgramData\Adobe
[17/08/2008|14:43] C:\ProgramData\Adobe Systems
[02/11/2006|15:02] C:\ProgramData\Application Data
[17/08/2008|14:39] C:\ProgramData\BM6b38692d.txt
[18/08/2008|14:24] C:\ProgramData\BM6b38692d.xml
[07/01/2008|12:48] C:\ProgramData\Bureau
[24/01/2008|11:52] C:\ProgramData\BVRP Software
[10/07/2007|15:52] C:\ProgramData\CyberLink
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[14/03/2008|18:10] C:\ProgramData\eMule
[10/07/2007|15:53] C:\ProgramData\eSobi
[27/01/2008|10:54] C:\ProgramData\ezsid.dat
[07/01/2008|12:48] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[02/08/2008|17:42] C:\ProgramData\Hewlett-Packard
[02/08/2008|17:43] C:\ProgramData\HP
[02/08/2008|17:34] C:\ProgramData\HP Product Assistant
[02/08/2008|17:37] C:\ProgramData\HPSSUPPLY
[28/09/2008|13:56] C:\ProgramData\hpzinstall.log
[17/03/2008|14:04] C:\ProgramData\LightScribe
[07/01/2008|12:48] C:\ProgramData\Menu D‚marrer
[01/04/2008|18:46] C:\ProgramData\Messenger Plus!
[17/08/2008|09:19] C:\ProgramData\Microsoft
[10/09/2008|03:03] C:\ProgramData\Microsoft Help
[07/01/2008|12:48] C:\ProgramData\ModŠles
[17/03/2008|13:54] C:\ProgramData\Nero
[07/10/2008|20:19] C:\ProgramData\NortonInstaller
[18/08/2008|11:52] C:\ProgramData\pskt.ini
[27/01/2008|10:52] C:\ProgramData\Skype
[24/01/2008|11:32] C:\ProgramData\Sony Ericsson
[02/11/2006|15:02] C:\ProgramData\Start Menu
[02/11/2006|15:02] C:\ProgramData\Templates
[17/08/2008|13:41] C:\ProgramData\VistaCodecs
[02/08/2008|17:45] C:\ProgramData\WEBREG
[17/08/2008|09:34] C:\ProgramData\WinZip
[10/02/2008|22:57] C:\ProgramData\WLInstaller
[07/01/2008|16:00] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing des dossiers dans C:\Program Files

[11/04/2008|10:40] C:\Program Files\Acer Arcade Live
[24/09/2007|09:38] C:\Program Files\Acer Inc
[10/07/2007|15:21] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[18/08/2008|12:23] C:\Program Files\Adobe
[07/01/2008|14:32] C:\Program Files\Alwil Software
[15/07/2008|22:17] C:\Program Files\Avanquest update
[10/09/2008|20:37] C:\Program Files\BitTorrent
[07/10/2008|20:41] C:\Program Files\Common Files
[05/07/2008|08:14] C:\Program Files\Conduit
[10/07/2007|15:48] C:\Program Files\CyberLink
[06/04/2008|11:50] C:\Program Files\DAEMON Tools Lite
[16/08/2008|22:03] C:\Program Files\DivX
[07/10/2008|19:05] C:\Program Files\DNA
[29/09/2008|17:31] C:\Program Files\eMule
[22/06/2008|18:34] C:\Program Files\EoRezo
[11/04/2008|10:53] C:\Program Files\eSobi
[17/08/2008|09:29] C:\Program Files\ffdshow
[07/01/2008|12:48] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[26/08/2008|13:56] C:\Program Files\GIMP-2.0
[06/04/2008|14:04] C:\Program Files\Google
[04/08/2008|18:55] C:\Program Files\Hercules
[02/08/2008|17:33] C:\Program Files\Hewlett-Packard
[02/08/2008|17:37] C:\Program Files\HP
[09/08/2008|15:36] C:\Program Files\InstallShield Installation Information
[07/08/2008|12:19] C:\Program Files\Internet Explorer
[23/06/2008|09:12] C:\Program Files\ItsLabel
[10/01/2008|22:55] C:\Program Files\Lexmark X1100 Series
[27/01/2008|10:44] C:\Program Files\Logitech
[19/03/2008|16:15] C:\Program Files\Messenger Plus! Live
[08/01/2008|09:49] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[06/04/2008|12:14] C:\Program Files\Microsoft Office
[06/04/2008|12:14] C:\Program Files\Microsoft Visual Studio
[06/04/2008|12:23] C:\Program Files\Microsoft Visual Studio 8
[10/09/2008|03:01] C:\Program Files\Microsoft Works
[14/03/2008|15:29] C:\Program Files\Microsoft Works Suite 2003
[06/04/2008|12:12] C:\Program Files\Microsoft.NET
[07/08/2008|12:19] C:\Program Files\Movie Maker
[06/04/2008|12:15] C:\Program Files\MSBuild
[08/01/2008|09:36] C:\Program Files\MSXML 4.0
[07/10/2008|20:17] C:\Program Files\Navilog1
[17/03/2008|13:54] C:\Program Files\Nero
[11/04/2008|10:50] C:\Program Files\NewTech Infosystems
[12/05/2008|00:30] C:\Program Files\Norton Security Scan
[05/07/2008|08:14] C:\Program Files\Online_TV
[07/01/2008|13:48] C:\Program Files\Orange HSS
[10/05/2008|08:38] C:\Program Files\PacificPoker4
[18/03/2008|09:29] C:\Program Files\Real
[10/07/2007|15:07] C:\Program Files\Realtek
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[07/01/2008|13:20] C:\Program Files\SAGEM
[07/01/2008|13:18] C:\Program Files\Securitoo
[24/09/2007|09:32] C:\Program Files\SiS VGA Utilities
[27/01/2008|10:52] C:\Program Files\Skype
[24/01/2008|11:32] C:\Program Files\Sony Ericsson
[07/10/2008|18:40] C:\Program Files\Trend Micro
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[24/09/2008|22:03] C:\Program Files\VirtualDJ
[17/08/2008|13:43] C:\Program Files\VistaCodecPack
[07/08/2008|12:19] C:\Program Files\Windows Calendar
[07/08/2008|12:19] C:\Program Files\Windows Collaboration
[07/08/2008|12:19] C:\Program Files\Windows Defender
[07/08/2008|12:19] C:\Program Files\Windows Journal
[10/02/2008|23:02] C:\Program Files\Windows Live
[08/01/2008|10:07] C:\Program Files\Windows Live Toolbar
[15/08/2008|03:14] C:\Program Files\Windows Mail
[07/08/2008|12:19] C:\Program Files\Windows Media Player
[07/01/2008|12:48] C:\Program Files\Windows NT
[07/08/2008|12:19] C:\Program Files\Windows Photo Gallery
[07/08/2008|12:19] C:\Program Files\Windows Sidebar
[17/08/2008|14:55] C:\Program Files\WinRAR
[17/08/2008|14:53] C:\Program Files\WinZip
[07/01/2008|12:52] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[18/08/2008|12:23] C:\Program Files\Common Files\Adobe
[06/04/2008|12:29] C:\Program Files\Common Files\DESIGNER
[07/01/2008|13:46] C:\Program Files\Common Files\France Telecom
[02/08/2008|17:33] C:\Program Files\Common Files\Hewlett-Packard
[02/08/2008|17:34] C:\Program Files\Common Files\HP
[10/07/2007|15:47] C:\Program Files\Common Files\InstallShield
[10/07/2007|15:37] C:\Program Files\Common Files\LightScribe
[14/07/2008|10:38] C:\Program Files\Common Files\microsoft shared
[17/03/2008|13:57] C:\Program Files\Common Files\Nero
[10/07/2007|15:38] C:\Program Files\Common Files\NewTech Infosystems
[13/08/2008|18:42] C:\Program Files\Common Files\PX Storage Engine
[18/03/2008|09:30] C:\Program Files\Common Files\Real
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[27/01/2008|10:52] C:\Program Files\Common Files\Skype
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[12/05/2008|10:17] C:\Program Files\Common Files\Symantec Shared
[07/08/2008|12:19] C:\Program Files\Common Files\System
[09/08/2008|15:40] C:\Program Files\Common Files\Vbox
[10/02/2008|23:02] C:\Program Files\Common Files\WindowsLiveInstaller
[18/03/2008|09:30] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 77 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-08 20:02:31
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
C:\Users\ANNE-S~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VDXKJFRR\;var1=;var2=2;var3=79000;var4=;var7=;var8=0;var9=0;var10=0;var11=23;var11=30;var14=;sz=728x90,468x60;ord=4236832241789007[1].htm
scan completed successfully
hidden processes: 0
hidden files: 611

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\ANNE-S~1\AppData\Roaming\Microsoft\Windows\Recent\Adobe Photoshop Cs2 v9.0 Multilanguage Keygen.lnk
C:\Users\ANNE-S~1\AppData\Roaming\Microsoft\Windows\Recent\WinRar 3.70 FINAL multi-languaje + crack + serial.rar.lnk
C:\Users\ANNE-S~1\AppData\Roaming\Microsoft\Windows\Recent\WinRAR.v3.51+ crack.lnk
C:\Users\ANNE-S~1\AppData\Roaming\Microsoft\Windows\Recent\winzip-Winrar_v.3.50_FINAL_Espa¤ol_Spanish+Crack_Garantizado_por_Luismi.lnk


[F:62][D:8]-> C:\Users\ANNE-S~1\AppData\Local\Temp
[F:431][D:1]-> C:\Users\ANNE-S~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:2405][D:8]-> C:\Users\ANNE-S~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:4][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 08/10/2008|14:42 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 08/10/2008|19:52 - Option : [2]
3 - "C:\Lop SD\LopR_3.txt" - 08/10/2008|20:05 - Option : [2]

--------------------\\ Fin du rapport a 20:05:47
[ UAC => 1 ]
8 Octobre 2008 20:28:23

j'ai pas reussi a supprimer lop s&d,je ne le trouve pas,mais j'ai quand meme lancer malwarebytes qui est en train de travailler
a c 296 8 Sécurité
8 Octobre 2008 20:29:12

Le dossier est situé ici : C:\
8 Octobre 2008 20:31:21

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1244
Windows 6.0.6001 Service Pack 1

08/10/2008 20:30:33
mbam-log-2008-10-08 (20-30-33).txt

Type de recherche: Examen rapide
Eléments examinés: 46552
Temps écoulé: 4 minute(s), 6 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
8 Octobre 2008 20:32:13

pour le dossier slop on me dit qu'il ne peut etre supprimé car ouvert dans une autre application
a c 296 8 Sécurité
8 Octobre 2008 20:33:41

---> Relance MBAM, va dans Quarantaine et supprime tout

---> Poste un nouveau rapport HijackThis
a c 296 8 Sécurité
8 Octobre 2008 20:34:05

"pour le dossier slop on me dit qu'il ne peut etre supprimé car ouvert dans une autre application "
---> Redémarre ton PC et tu pourras ;) 
8 Octobre 2008 20:48:00

pour s lop c'est ok,merci

voici le nouveau rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:23:19, on 07/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Windows\notepad.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hercules\Deluxe Optical Glass\CamService.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
C:\Program Files\Orange HSS\systray\systrayapp.exe
C:\Program Files\Orange HSS\Deskboard\deskboard.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Orange HSS\browser\browser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CamserviceDeluxe2] C:\Program Files\Hercules\Deluxe Optical Glass\Camservice.exe /startup
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\ANNE-S~1\AppData\Local\Temp\vturrQjJ.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\ANNE-S~1\AppData\Local\Temp\qoMghifc.dll,#1
O4 - HKCU\..\Run: [BM6b38692d] Rundll32.exe "C:\Users\ANNE-S~1\AppData\Local\Temp\tkeskkdi.dll",s
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.orange.fr
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/cert...
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {8B1A14AF-E603-4356-B687-1F7D46522DD3} (Image Uploader Combo Control) - http://www.mesvacancesenphoto.com/Components/Upload/Ima...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/a...
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/Obe...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

--
End of file - 9721 bytes
8 Octobre 2008 20:59:10

bon ecoute,je vois que tu es offline,tant pis,je vais me coucher,j'ai passer une journée tres difficle (enterrement d'une cousine,34 ans ) de plus je suis toujours malade,j'en peut plus

a demain

en tous les cas,je m'appercoit que le probleme n'apparait plus
a c 296 8 Sécurité
8 Octobre 2008 21:05:38

---> Relance HijackThis et choisis Do a system scan only

---> Coche les cases qui sont devant les lignes suivantes :

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\ANNE-S~1\AppData\Local\Temp\vturrQjJ.dll,c

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\ANNE-S~1\AppData\Local\Temp\qoMghifc.dll,#1

O4 - HKCU\..\Run: [BM6b38692d] Rundll32.exe "C:\Users\ANNE-S~1\AppData\Local\Temp\tkeskkdi.dll",s

O16 - DPF: {8B1A14AF-E603-4356-B687-1F7D46522DD3} (Image Uploader Combo Control) - http://www.mesvacancesenphoto.com/ [...] oader5.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab

---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

---> Télécharge OTMoveIt2 à partir du lien ci-dessous :
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2...

---> Enregistre le fichier sur le Bureau.

---> Double-clique sur le fichier OTMoveIt2.exe pour lancer l'outil.
Assure-toi que la case Unregister Dll's and Ocx's soit bien cochée.

---> Copie l'intégralité du texte ci-dessous et colle-le dans la fenêtre intitulée Paste List Of Files/Folders to Move.




C:\Users\ANNE-S~1\AppData\Local\Temp\vturrQjJ.dll
C:\Users\ANNE-S~1\AppData\Local\Temp\qoMghifc.dll
C:\Users\ANNE-S~1\AppData\Local\Temp\tkeskkdi.dll
C:\ProgramData\BM6b38692d.txt
C:\ProgramData\BM6b38692d.xml




---> Clique sur MoveIt! pour lancer la suppression.
Lorsqu'un résultat apparaît dans le cadre Results, clique sur Exit.

Note : Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.

---> Poste le rapport de OTMoveIt qui se trouve dans C:\_OTMoveIt\MovedFiles.

---> Télécharge CCleaner (N'installe pas la Yahoo Toolbar) :
http://www.ccleaner.com/download/downloading

---> Lance-le. Va dans "Options" puis "Avancé", tu décoches la case "Effacer uniquement les fichiers etc...". Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage. Puis tu vas dans "Registre", tu fais "Chercher des erreurs". Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.

---> Redémarre ton PC et poste un nouveau rapport HijackThis
9 Octobre 2008 19:23:56

je ne trouve pas les deux lignes correspondante commencant par 04
a c 296 8 Sécurité
9 Octobre 2008 19:29:34

Ce n'est pas grave, passe à la suite ;) 
9 Octobre 2008 19:39:53

est-ce bien ca???

File/Folder C:\Users\ANNE-S~1\AppData\Local\Temp\vturrQjJ.dll not found.
File/Folder C:\Users\ANNE-S~1\AppData\Local\Temp\qoMghifc.dll not found.
File/Folder C:\Users\ANNE-S~1\AppData\Local\Temp\tkeskkdi.dll not found.
C:\ProgramData\BM6b38692d.txt moved successfully.
C:\ProgramData\BM6b38692d.xml moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10092008_193641
a c 296 8 Sécurité
9 Octobre 2008 19:49:06

Oui, c'est bien cela.

Tu as le nouveau rapport d'HijackThis ?
9 Octobre 2008 19:59:04

voila le nouveau rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:23:19, on 07/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Windows\notepad.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hercules\Deluxe Optical Glass\CamService.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
C:\Program Files\Orange HSS\systray\systrayapp.exe
C:\Program Files\Orange HSS\Deskboard\deskboard.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Orange HSS\browser\browser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CamserviceDeluxe2] C:\Program Files\Hercules\Deluxe Optical Glass\Camservice.exe /startup
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\ANNE-S~1\AppData\Local\Temp\vturrQjJ.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\ANNE-S~1\AppData\Local\Temp\qoMghifc.dll,#1
O4 - HKCU\..\Run: [BM6b38692d] Rundll32.exe "C:\Users\ANNE-S~1\AppData\Local\Temp\tkeskkdi.dll",s
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.orange.fr
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/cert...
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {8B1A14AF-E603-4356-B687-1F7D46522DD3} (Image Uploader Combo Control) - http://www.mesvacancesenphoto.com/Components/Upload/Ima...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/a...
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/Obe...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

--
End of file - 9721 bytes


a c 296 8 Sécurité
9 Octobre 2008 20:02:50

C'est le rapport du 7 octobre.

Pour lancer HijackThis, clique droit sur le raccourci d'HijackThis et choisis "Exécuter en tant qu'administrateur".
9 Octobre 2008 20:04:52

désolée,le voici

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:03:34, on 09/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hercules\Deluxe Optical Glass\CamService.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Users\anne-sophie\Program Files\DNA\btdna.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
C:\Program Files\Orange HSS\systray\systrayapp.exe
C:\Program Files\Orange HSS\Deskboard\deskboard.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Orange HSS\browser\browser.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CamserviceDeluxe2] C:\Program Files\Hercules\Deluxe Optical Glass\Camservice.exe /startup
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\anne-sophie\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.orange.fr
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/cert...
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {8B1A14AF-E603-4356-B687-1F7D46522DD3} (Image Uploader Combo Control) - http://www.mesvacancesenphoto.com/Components/Upload/Ima...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/a...
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/Obe...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

--
End of file - 9184 bytes
a c 296 8 Sécurité
9 Octobre 2008 20:16:02

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)

---> Fix ces trois lignes (Ouvre HijackThis en administrateur)
9 Octobre 2008 21:08:38

j'ai coché ces 3 lignes,j'ai cliquer sur fix checked,et apres??
a c 296 8 Sécurité
9 Octobre 2008 21:10:31

Redémarre ton PC et poste un nouveau rapport HijackThis.
9 Octobre 2008 21:31:13

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:28:57, on 09/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hercules\Deluxe Optical Glass\CamService.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Users\anne-sophie\Program Files\DNA\btdna.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CamserviceDeluxe2] C:\Program Files\Hercules\Deluxe Optical Glass\Camservice.exe /startup
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\anne-sophie\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.orange.fr
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/cert...
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {8B1A14AF-E603-4356-B687-1F7D46522DD3} (Image Uploader Combo Control) - http://www.mesvacancesenphoto.com/Components/Upload/Ima...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/a...
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/Obe...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

--
End of file - 8156 bytes
a c 296 8 Sécurité
9 Octobre 2008 21:39:10

---> Supprime les dossiers Qoobox et ComboFix situé dans C:\

---> Désinstalle HijackThis

---> Télécharge CCleaner (N'installe pas la Yahoo Toolbar) :
http://www.ccleaner.com/download/downloading

---> Lance-le. Va dans "Options" puis "Avancé", tu décoches la case "Effacer uniquement les fichiers etc...". Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage. Puis tu vas dans "Registre", tu fais "Chercher des erreurs". Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.

---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger :
http://www.commentcamarche.net/faq/sujet-13214-desactiv...

---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
http://www.pcentraide.com/index.php?showtopic=86401

---> Antivir est plus efficace qu'Avast.
9 Octobre 2008 21:51:58

il faut que je selectionne tous les disques disponibles?
      • 1 / 2
      • 2
      • Dernier
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS