Se connecter / S'enregistrer
Votre question

messsage intempestives malware????? (RESOLU)

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
9 Novembre 2008 01:01:17

Bonsoir, j'ai des messages intempestifs qui s ouvre quand j ouvre internet explorer, qui me dit de télécharger des anti spywares.

La personne qui utilise mon ordi télécharge beaucoup sur emule.

On me propose d acheter des tas de trucs bref j arrive plus à surfer correctement sur ie, je suis meme obliger de prendre firefoox pour rentrer dns le site de toms guide car sur ie il me l ouvre pas, une redirection vers un autre site s organise.

Merci pour votre aide d avance.

Autres pages sur : messsage intempestives malware resolu

9 Novembre 2008 05:48:43

bonjour
tu est surement infecte par un virus ou un spyware je te conseille de telecharger Malwarebytes' anti-malware est de faire une annalyse complete de ton pc est en mode sans echec si possible.
9 Novembre 2008 14:45:34

bonjour, mon ordi portable est infesté gravement, voici le rapport malwresbytes mais je l'ai fait en mode normal, je n arrive pas a mettre en sans echec.


Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1375
Windows 5.1.2600 Service Pack 2

09/11/2008 14:41:36
mbam-log-2008-11-09 (14-41-29).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 108510
Temps écoulé: 21 minute(s), 12 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 31
Fichier(s) infecté(s): 59

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{460ac4db-b0de-4626-a0f0-175dd84dcb9b} (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4b18dd50-c996-44fc-ac52-0fecff82ed58} (Spyware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\SoftLand Ltd (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Solt Lake Software (Rogue.ProAntispyware2009) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gxzlvmprqgs (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> No action taken.

Dossier(s) infecté(s):
C:\Documents and Settings\Default User\Application Data\Starware370 (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware370\Manager (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware370\Configurator (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware370\BrowserSearch (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware370\ErrorSearch (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware370\RelatedSearch (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware370\TravelSearch (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware370\Toolbar (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware370\ToolbarLogo (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware370\Button_8 (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware370\Button_7 (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009 (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\SAVED (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\DELETED (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\BASE (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware370 (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware370 (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware370\Manager (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware370\Configurator (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware370\BrowserSearch (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware370\ErrorSearch (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware370\RelatedSearch (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware370\TravelSearch (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd (Rogue.XPAntivirus) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP (Rogue.XPAntivirus) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\SAVED (Rogue.XPAntivirus) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\DELETED (Rogue.XPAntivirus) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG (Rogue.XPAntivirus) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\BASE (Rogue.XPAntivirus) -> No action taken.

Fichier(s) infecté(s):
C:\Documents and Settings\Default User\Application Data\Starware370\Manager\ManagerOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware370\Manager\ManagerOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware370\Configurator\Configurator.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware370\Configurator\Configurator.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware370\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware370\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware370\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware370\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware370\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware370\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware370\Toolbar\TBProductsOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware370\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware370\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware370\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware370\Button_8\Button_8Options.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware370\Button_8\Button_8Options.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware370\Button_7\Button_7Options.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware370\Button_7\Button_7Options.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\proas2009.exe (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\20081108234708203.log (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081029092317664.log (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081029093714828.log (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081031170205828.log (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081031175138500.log (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081101145942828.log (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081102213647890.log (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081103205403796.log (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081103222122437.log (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081104195029421.log (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081104210603046.log (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081104212500515.log (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081104214606796.log (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081108171255625.log (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081108173535000.log (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081108174104843.log (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081108192704156.log (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081108203158843.log (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware370\Tem12.tmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware370\Manager\ManagerOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware370\Manager\ManagerOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware370\Configurator\Configurator.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware370\Configurator\Configurator.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware370\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware370\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware370\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware370\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware370\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware370\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware370\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\Starware370\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\av2008xp.exe (Rogue.XPAntivirus) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080727202928484.log (Rogue.XPAntivirus) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080728202431281.log (Rogue.XPAntivirus) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080728215851718.log (Rogue.XPAntivirus) -> No action taken.
C:\WINDOWS\system32\bnzpuegktmilgspy.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\ (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Default User\results.txt (Malware.Trace) -> No action taken.
C:\Documents and Settings\santos\results.txt (Malware.Trace) -> No action taken.
Contenus similaires
a b 8 Sécurité
9 Novembre 2008 14:52:35

Bonjour,

Tu as bien supprimé les infections avec MBAM ?
9 Novembre 2008 14:56:36

non, j'ai juste fait un scan
9 Novembre 2008 17:47:08

là j'ai juste fait une analyse complete de mon disque dur, et là je vois que c'est gravement infecté, quand j'essai de rentrer dans un site de dépannage ça me fait une redirection vers un site pour acheter des trucs donc pour aller à toms guide j'ai telecharger firefox, je réusi des le premier coup pour rentrer dans toms guide mais là je n 'arrive plus donc pour y rentrer, je passe par mon historique.
a b 8 Sécurité
9 Novembre 2008 18:13:15

Tu dois supprimé les infections avec MBAM.
9 Novembre 2008 19:15:57

j'ai supprimer les éléments mais j'ai toujours ces messages,

copie du rapport :

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1375
Windows 5.1.2600 Service Pack 2

09/11/2008 19:07:11
mbam-log-2008-11-09 (19-07-11).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 108559
Temps écoulé: 25 minute(s), 41 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 31
Fichier(s) infecté(s): 59

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{460ac4db-b0de-4626-a0f0-175dd84dcb9b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4b18dd50-c996-44fc-ac52-0fecff82ed58} (Spyware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SoftLand Ltd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Solt Lake Software (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gxzlvmprqgs (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Documents and Settings\Default User\Application Data\Starware370 (Adware.Starware) -> Delete on reboot.
C:\Documents and Settings\Default User\Application Data\Starware370\Manager (Adware.Starware) -> Delete on reboot.
C:\Documents and Settings\Default User\Application Data\Starware370\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware370\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware370\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware370\RelatedSearch (Adware.Starware) -> Delete on reboot.
C:\Documents and Settings\Default User\Application Data\Starware370\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware370\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware370\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware370\Button_8 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware370\Button_7 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009 (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\SAVED (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\DELETED (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\BASE (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware370 (Adware.Starware) -> Delete on reboot.
C:\Documents and Settings\LocalService\Application Data\Starware370 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware370\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware370\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware370\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware370\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware370\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware370\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\SAVED (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\DELETED (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\BASE (Rogue.XPAntivirus) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\Default User\Application Data\Starware370\Manager\ManagerOptions.xml (Adware.Starware) -> Delete on reboot.
C:\Documents and Settings\Default User\Application Data\Starware370\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware370\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware370\Configurator\Configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware370\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware370\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware370\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware370\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware370\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware370\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware370\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware370\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware370\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware370\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware370\Button_8\Button_8Options.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware370\Button_8\Button_8Options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware370\Button_7\Button_7Options.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware370\Button_7\Button_7Options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\proas2009.exe (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\20081108234708203.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081029092317664.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081029093714828.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081031170205828.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081031175138500.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081101145942828.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081102213647890.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081103205403796.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081103222122437.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081104195029421.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081104210603046.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081104212500515.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081104214606796.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081108171255625.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081108173535000.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081108174104843.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081108192704156.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081108203158843.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware370\Tem12.tmp (Adware.Starware) -> Delete on reboot.
C:\Documents and Settings\LocalService\Application Data\Starware370\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware370\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware370\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware370\Configurator\Configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware370\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware370\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware370\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware370\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware370\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware370\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware370\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware370\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\av2008xp.exe (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080727202928484.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080728202431281.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080728215851718.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bnzpuegktmilgspy.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\santos\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
9 Novembre 2008 20:03:05

je suis un peu lent désolé mais j'ai eu du mal à le telecharger, le malare m en empeche donc j ai contourner par d autre lien pour le télécharger mais voila c'est fait voici le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01:34, on 09/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: mxlivemedia browser enhancer - {A817BB21-717E-4DBE-966A-3C2C0CEED8E7} - C:\WINDOWS\system32\bnzpuegktmilgspy.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WinButler] C:\Documents and Settings\santos\Application Data\WinButler\WinButler.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by136fd.bay136.hotmail.msn.com/resources/MsnPUpl...
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7121 bytes
10 Novembre 2008 00:06:47

je fais quoi docteur?

bonne nuit
a b 8 Sécurité
10 Novembre 2008 17:31:08

Re,

[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    10 Novembre 2008 20:49:00

    bonsoir,

    jai essayé ton lien de combofix puis j'ai fais des recherches malheureusement, je ne trouve pas de liens valables

    as tu un autre logiciel?
    10 Novembre 2008 23:35:48

    merci pour le lien,

    voici pour le rapport combofix :

    ComboFix 08-11-09.04 - santos 2008-11-10 23:29:43.1 - FAT32x86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.293 [GMT 1:00]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\santos\Application Data\HbTools
    c:\documents and settings\santos\Application Data\HbTools\HbTools.log
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\dynamic\1.sdf
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\dynamic\1383356.sdf
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\dynamic\3248883.sdf
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\dynamic\3251993.sdf
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027037
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000063686
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\19052
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\212398
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\22254
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\23923
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\372500
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44320
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\576702
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\6612
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\66274
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705036
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705284
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705316
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\744472
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\753084
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\dynamic\ustat\35cc.dat
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\ads.cdf
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\btntrans1.dat
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\business_promo.htm
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\buttondir.txt
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\components.cdf
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\cursors.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_1000.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_2000.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_3000.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bar.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar1.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_logos.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_other.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_weather.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\default.cdf
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_511745-514279.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz1.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz10.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz11.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz12.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz13.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz14.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz15.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz16.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz17.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz18.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz19.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz2.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz20.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz3.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz4.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz5.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz6.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz7.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz8.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz9.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_categorize.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_comparison.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-Mails.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-people.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_favorites.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_Games.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hide.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_hotbarcom.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hotmail.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_hsskin.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemster.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemsterie.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemsteruk.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_jobsearch.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_Mails.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_new.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_premium.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_reun.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_ringtones.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_SearchBoxTrapper.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchfor.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchgo.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_weather.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Default_yellowpages.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-548964.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-9595.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\email-t1-bg.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\gamesmenu.cdf
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\gamesMenu.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\hb_ie_menu.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-premium-hotbar-premium.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-premium.cdf
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\hotbar_promo.htm
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\icons2.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\ie_games_icon.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\ie_video.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\keywords.idx
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\keywords1.dat
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\layout.cdf
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\linkpathlegal.txt
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\more.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\new_games.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\progress.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\s_icons_buttons.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\sales_buttons.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\t2_bg.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\theweb.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\top7.cdf
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\Top7_theweb.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\tsd_bg.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\1\weathericon.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\ads.cdf
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\btntrans.idx
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\btntrans1.dat
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\business_promo.htm
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\buttondir.txt
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\components.cdf
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\cursors.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_1000.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_2000.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_3000.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_bar.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_bbar1.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_logos.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_other.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_weather.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\default.cdf
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_511745-514279.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz1.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz10.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz11.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz12.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz13.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz14.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz15.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz16.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz17.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz18.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz19.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz2.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz20.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz3.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz4.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz5.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz6.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz7.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz8.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz9.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_categorize.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_comparison.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_em_PROFL_CA_flow_b_IEB.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_explorer-Mails.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_explorer-people.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_favorites.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_Games.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_Hide.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_hotbarcom.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_Hotmail.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_hsskin.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_jemster.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_jemsterie.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_jemsteruk.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_jobsearch.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_Mails.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_new.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_premium.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_reun.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_ringtones.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_SearchBoxTrapper.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_searchfor.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_searchgo.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_weather.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Default_yellowpages.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\email-def-511724-548964.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\email-def-511724-9595.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\email-t1-bg.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\gamesmenu.cdf
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\gamesMenu.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\hb_ie_menu.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\hotbar-premium-hotbar-premium.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\hotbar-premium.cdf
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\hotbar_promo.htm
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\icons2.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\ie_games_icon.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\ie_video.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\keywords1.dat
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\layout.cdf
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\linkpathlegal.txt
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\more.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\new_games.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\progress.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\s_icons_buttons.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\sales_buttons.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\t2_bg.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\theweb.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\top7.cdf
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\Top7_theweb.mnu
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\tsd_bg.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\2\weathericon.res
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\ads.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans1.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\business_promo.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\buttondir.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\cursors.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_1000.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_2000.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_3000.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bar.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar1.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_logos.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_other.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_weather.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\default.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\email-t1-bg.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\gamesmenu.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hb_ie_menu.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar-premium.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar_promo.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\icons2.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\ie_games_icon.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\ie_video.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords.idx
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords1.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\layout.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\linkpathlegal.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\more.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\progress.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\s_icons_buttons.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\sales_buttons.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.txt
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\t2_bg.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\top7.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\tsd_bg.xip
    c:\documents and settings\santos\Application Data\HbTools\v3.0\HbTools\static\DownLoad\weathericon.xip
    c:\windows\system32\autorun.ini
    c:\windows\system32\config\systemprofile\Application Data\Starware370
    c:\windows\system32\config\systemprofile\Application Data\Starware370\BrowserSearch\BrowserSearch.xml
    c:\windows\system32\config\systemprofile\Application Data\Starware370\BrowserSearch\BrowserSearch.xml.backup
    c:\windows\system32\config\systemprofile\Application Data\Starware370\Button_6\Button_6Options.xml
    c:\windows\system32\config\systemprofile\Application Data\Starware370\Button_6\Button_6Options.xml.backup
    c:\windows\system32\config\systemprofile\Application Data\Starware370\Button_7\Button_7Options.xml
    c:\windows\system32\config\systemprofile\Application Data\Starware370\Button_7\Button_7Options.xml.backup
    c:\windows\system32\config\systemprofile\Application Data\Starware370\Button_8\Button_8Options.xml
    c:\windows\system32\config\systemprofile\Application Data\Starware370\Button_8\Button_8Options.xml.backup
    c:\windows\system32\config\systemprofile\Application Data\Starware370\Configurator\Configurator.xml
    c:\windows\system32\config\systemprofile\Application Data\Starware370\Configurator\Configurator.xml.backup
    c:\windows\system32\config\systemprofile\Application Data\Starware370\ErrorSearch\ErrorSearchOptions.xml
    c:\windows\system32\config\systemprofile\Application Data\Starware370\ErrorSearch\ErrorSearchOptions.xml.backup
    c:\windows\system32\config\systemprofile\Application Data\Starware370\Layouts\ToolbarLayout.xml
    c:\windows\system32\config\systemprofile\Application Data\Starware370\Layouts\ToolbarLayout.xml.backup
    c:\windows\system32\config\systemprofile\Application Data\Starware370\Manager\ManagerOptions.xml
    c:\windows\system32\config\systemprofile\Application Data\Starware370\Manager\ManagerOptions.xml.backup
    c:\windows\system32\config\systemprofile\Application Data\Starware370\Paroles\ParolesOptions.xml
    c:\windows\system32\config\systemprofile\Application Data\Starware370\Paroles\ParolesOptions.xml.backup
    c:\windows\system32\config\systemprofile\Application Data\Starware370\Radio_FR\Radio_FROptions.xml
    c:\windows\system32\config\systemprofile\Application Data\Starware370\Radio_FR\Radio_FROptions.xml.backup
    c:\windows\system32\config\systemprofile\Application Data\Starware370\Recherche_de_musique\Recherche_de_musiqueOptions.xml
    c:\windows\system32\config\systemprofile\Application Data\Starware370\Recherche_de_musique\Recherche_de_musiqueOptions.xml.backup
    c:\windows\system32\config\systemprofile\Application Data\Starware370\RelatedSearch\RelatedSearchOptions.xml
    c:\windows\system32\config\systemprofile\Application Data\Starware370\RelatedSearch\RelatedSearchOptions.xml.backup
    c:\windows\system32\config\systemprofile\Application Data\Starware370\Telechargement\TelechargementOptions.xml
    c:\windows\system32\config\systemprofile\Application Data\Starware370\Telechargement\TelechargementOptions.xml.backup
    c:\windows\system32\config\systemprofile\Application Data\Starware370\Toolbar\TBProductsOptions.xml
    c:\windows\system32\config\systemprofile\Application Data\Starware370\Toolbar\TBProductsOptions.xml.backup
    c:\windows\system32\config\systemprofile\Application Data\Starware370\ToolbarLogo\ToolbarLogoOptions.xml
    c:\windows\system32\config\systemprofile\Application Data\Starware370\ToolbarLogo\ToolbarLogoOptions.xml.backup
    c:\windows\system32\config\systemprofile\Application Data\Starware370\ToolbarSearch\ToolbarSearchOptions.xml
    c:\windows\system32\config\systemprofile\Application Data\Starware370\ToolbarSearch\ToolbarSearchOptions.xml.backup
    c:\windows\system32\config\systemprofile\Application Data\Starware370\TravelSearch\TravelSearchOptions.xml
    c:\windows\system32\config\systemprofile\Application Data\Starware370\TravelSearch\TravelSearchOptions.xml.backup
    c:\windows\system32\drivers\TDSSserv.sys
    c:\windows\system32\tdssadw.dll
    c:\windows\system32\TDSSerrors.log
    c:\windows\system32\tdssinit.dll
    c:\windows\system32\tdssl.dll
    c:\windows\system32\tdsslog.dll
    c:\windows\system32\TDSSmain.dll
    c:\windows\system32\TDSSserf.dll
    c:\windows\system32\tdssserf1.dll
    c:\windows\system32\TDSSservers.dat
    c:\windows\Temp\log.txt
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_TDSSSERV
    -------\Legacy_TDSSSERV


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-10 au 2008-11-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-10 23:28 . 2008-11-10 23:28 <REP> d--hs---- C:\FOUND.000
    2008-11-09 20:00 . 2008-11-09 20:00 <REP> d-------- c:\program files\Trend Micro
    2008-11-09 14:08 . 2008-11-09 14:08 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-11-09 14:08 . 2008-11-09 14:08 <REP> d-------- c:\documents and settings\santos\Application Data\Malwarebytes
    2008-11-09 14:08 . 2008-11-09 14:08 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-11-09 14:08 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-11-09 14:08 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-11-09 00:54 . 2008-11-09 00:54 0 --a------ c:\windows\nsreg.dat
    2008-11-08 19:33 . 2008-11-08 19:33 54,156 --ah----- c:\windows\QTFont.qfn
    2008-11-08 19:33 . 2008-11-08 19:33 1,409 --a------ c:\windows\QTFont.for
    2008-11-02 22:01 . 2008-11-02 22:01 <REP> d-------- c:\windows\system32\Lang
    2008-11-02 22:01 . 2008-11-02 22:01 940,794 --a------ c:\windows\system32\LoopyMusic.wav
    2008-11-02 22:01 . 2008-11-02 22:01 146,650 --a------ c:\windows\system32\BuzzingBee.wav
    2008-11-02 22:01 . 2008-11-09 18:36 60,416 --a------ c:\windows\ALCFDRTM.VER
    2008-11-02 22:01 . 2008-11-02 22:01 60,416 --a------ c:\windows\ALCFDRTM.EXE
    2008-10-29 09:23 . 2008-11-04 21:50 77,937 --a------ c:\windows\system32\uikshnrjezz.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-08 18:42 362 ----a-w c:\program files\Raccourci vers eMule.lnk
    2008-08-30 11:13 315,392 ----a-w c:\windows\HideWin.exe
    2008-06-15 16:25 1,148 ----a-w c:\documents and settings\santos\Application Data\wklnhst.dat
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
    "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-25 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "preload"="c:\windows\RUNXMLPL.exe" [2005-05-19 32768]
    "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-06-01 192512]
    "ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-15 2893824]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
    "eRecoveryService"="c:\program files\Acer\eRecovery\Monitor.exe" [2005-06-29 352256]
    "EPSON Stylus CX3600 Series (Copie 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 98304]
    "Autoconfigurateur WiFi Neuf"="c:\program files\Neuf\Kit\WiFi\9wifi.exe" [2006-07-06 122880]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.ACDV"= ACDV.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk
    backup=c:\windows\pss\Logiciel Kodak EasyShare.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
    backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Pack Securite.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Pack Securite.lnk
    backup=c:\windows\pss\Pack Securite.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^santos^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
    path=c:\documents and settings\santos\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
    backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3600 Series]
    --a------ 2004-03-04 04:00 98304 c:\windows\system32\spool\drivers\w32x86\3\E_FATI9BE.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    --a------ 2005-01-23 10:31 126976 c:\windows\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    --a------ 2005-01-23 10:36 155648 c:\windows\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2007-07-31 18:44 271672 c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-01-19 12:55 5674352 c:\program files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
    --a------ 2006-03-21 13:19 69632 c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    --a------ 2004-08-05 05:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    --a------ 2004-08-05 05:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    -ra------ 2003-09-30 00:14 155648 c:\program files\Fichiers communs\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-07-25 20:54 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    --a------ 2005-02-04 11:11 708698 c:\program files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
    --a------ 2005-02-04 11:12 102490 c:\program files\Synaptics\SynTP\SynTPLpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    --a------ 2006-07-21 16:14 86016 c:\windows\SoundMan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\MSMSGS.EXE"=
    "c:\\Program Files\\MSN Messenger\\MsnMsgr.Exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2004-07-19 4096]
    R2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2005-04-07 78208]
    R2 int15.sys;int15.sys;c:\program files\Acer\eRecovery\int15.sys [2005-01-13 69632]
    R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2005-03-04 8704]
    R2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2005-01-14 4010]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2005-11-19 20096]
    S3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.sys [ ]
    S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\DRIVERS\WlanBZXP.sys [2006-03-21 402944]
    S3 USBSTOR;Pilote de stockage de masse USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90
    .
    Contenu du dossier 'Tâches planifiées'

    2008-11-09 c:\windows\Tasks\EasyShare Registration Task.job
    - c:\windows\system32\rundll32.exe [2004-08-05 05:00]

    2007-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{A817BB21-717E-4DBE-966A-3C2C0CEED8E7} - c:\windows\system32\bnzpuegktmilgspy.dll
    HKCU-Run-WinButler - c:\documents and settings\santos\Application Data\WinButler\WinButler.exe
    MSConfigStartUp-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
    MSConfigStartUp-F-Secure Manager - c:\program files\Pack Securite\Common\FSM32.EXE
    MSConfigStartUp-F-Secure Startup Wizard - c:\program files\Pack Securite\FSGUI\FSSW.EXE
    MSConfigStartUp-F-Secure TNB - c:\program files\Pack Securite\TNB\TNBUtil.exe
    MSConfigStartUp-HotbarOE - c:\program files\Hotbar\bin\10.0.356.0\OEAddOn.exe
    MSConfigStartUp-HotbarSA - c:\program files\Hotbar\bin\10.0.356.0\HotbarSA.exe
    MSConfigStartUp-LaunchAp - c:\program files\Launch Manager\LaunchAp.exe
    MSConfigStartUp-LManager - c:\program files\Launch Manager\HotkeyApp.exe
    MSConfigStartUp-LMgrOSD - c:\program files\Launch Manager\OSDCtrl.exe
    MSConfigStartUp-PowerKey - c:\program files\Launch Manager\PowerKey.exe
    MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
    MSConfigStartUp-Wbutton - c:\program files\Launch Manager\Wbutton.exe


    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - c:\documents and settings\santos\Application Data\Mozilla\Firefox\Profiles\yh0w2953.default\
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-10 23:32:26
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv]
    "imagepath"="\systemroot\system32\drivers\TDSSserv.sys"
    .
    Heure de fin: 2008-11-10 23:32:55
    ComboFix-quarantined-files.txt 2008-11-10 22:32:54

    Avant-CF: 16,800,579,584 octets libres
    Après-CF: 18,404,147,200 octets libres

    WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

    457 --- E O F --- 2008-11-08 16:46:29
    10 Novembre 2008 23:44:05

    ça à l'air d etre pas mal, est ce qu il reste des méchants intrus?
    a b 8 Sécurité
    11 Novembre 2008 13:43:22

    Re,

    [#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    c:\windows\system32\uikshnrjezz.exe

    Folder::
    C:\FOUND.000


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
    Sauvegarde ce fichier sous le nom de "CFScript.txt" [#ff0000](les guillemets sont importantes)[/#f].

    Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :


    Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
    [#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
    * le nom de la partition peut changer
    11 Novembre 2008 14:33:38

    bonjour,

    je ne vois pas l'image pour faire glisser le fichier dans combofix donc j'ai fait comme je le pense mais tu verras au rapport je pense. j'ai glissé le fichier au moment de l'alumage du logiciel.
    voici les rapports combofix :

    ComboFix 08-11-10.01 - santos 2008-11-11 14:20:48.4 - FAT32x86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.252 [GMT 1:00]
    Lancé depuis: c:\documents and settings\santos\Bureau\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-11 au 2008-11-11 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-10 23:28 . 2008-11-10 23:28 <REP> d--hs---- C:\FOUND.000
    2008-11-09 20:00 . 2008-11-09 20:00 <REP> d-------- c:\program files\Trend Micro
    2008-11-09 14:08 . 2008-11-09 14:08 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-11-09 14:08 . 2008-11-09 14:08 <REP> d-------- c:\documents and settings\santos\Application Data\Malwarebytes
    2008-11-09 14:08 . 2008-11-09 14:08 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-11-09 14:08 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-11-09 14:08 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-11-09 00:54 . 2008-11-09 00:54 0 --a------ c:\windows\nsreg.dat
    2008-11-08 19:33 . 2008-11-08 19:33 54,156 --ah----- c:\windows\QTFont.qfn
    2008-11-08 19:33 . 2008-11-08 19:33 1,409 --a------ c:\windows\QTFont.for
    2008-11-02 22:01 . 2008-11-02 22:01 <REP> d-------- c:\windows\system32\Lang
    2008-11-02 22:01 . 2008-11-02 22:01 940,794 --a------ c:\windows\system32\LoopyMusic.wav
    2008-11-02 22:01 . 2008-11-02 22:01 146,650 --a------ c:\windows\system32\BuzzingBee.wav
    2008-11-02 22:01 . 2008-11-09 18:36 60,416 --a------ c:\windows\ALCFDRTM.VER
    2008-11-02 22:01 . 2008-11-02 22:01 60,416 --a------ c:\windows\ALCFDRTM.EXE
    2008-10-29 09:23 . 2008-11-04 21:50 77,937 --a------ c:\windows\system32\uikshnrjezz.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-08 18:42 362 ----a-w c:\program files\Raccourci vers eMule.lnk
    2008-08-30 11:13 315,392 ----a-w c:\windows\HideWin.exe
    2008-06-15 16:25 1,148 ----a-w c:\documents and settings\santos\Application Data\wklnhst.dat
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
    "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-25 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "preload"="c:\windows\RUNXMLPL.exe" [2005-05-19 32768]
    "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-06-01 192512]
    "ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-15 2893824]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
    "eRecoveryService"="c:\program files\Acer\eRecovery\Monitor.exe" [2005-06-29 352256]
    "EPSON Stylus CX3600 Series (Copie 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 98304]
    "Autoconfigurateur WiFi Neuf"="c:\program files\Neuf\Kit\WiFi\9wifi.exe" [2006-07-06 122880]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.ACDV"= ACDV.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk
    backup=c:\windows\pss\Logiciel Kodak EasyShare.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
    backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Pack Securite.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Pack Securite.lnk
    backup=c:\windows\pss\Pack Securite.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^santos^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
    path=c:\documents and settings\santos\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
    backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3600 Series]
    --a------ 2004-03-04 04:00 98304 c:\windows\system32\spool\drivers\w32x86\3\E_FATI9BE.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    --a------ 2005-01-23 10:31 126976 c:\windows\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    --a------ 2005-01-23 10:36 155648 c:\windows\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2007-07-31 18:44 271672 c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-01-19 12:55 5674352 c:\program files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
    --a------ 2006-03-21 13:19 69632 c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    --a------ 2004-08-05 05:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    --a------ 2004-08-05 05:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    -ra------ 2003-09-30 00:14 155648 c:\program files\Fichiers communs\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-07-25 20:54 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    --a------ 2005-02-04 11:11 708698 c:\program files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
    --a------ 2005-02-04 11:12 102490 c:\program files\Synaptics\SynTP\SynTPLpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    --a------ 2006-07-21 16:14 86016 c:\windows\SoundMan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\MSMSGS.EXE"=
    "c:\\Program Files\\MSN Messenger\\MsnMsgr.Exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2004-07-19 4096]
    R2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2005-04-07 78208]
    R2 int15.sys;int15.sys;c:\program files\Acer\eRecovery\int15.sys [2005-01-13 69632]
    R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2005-03-04 8704]
    R2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2005-01-14 4010]
    R3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2005-11-19 20096]
    S3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.sys [ ]
    S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\DRIVERS\WlanBZXP.sys [2006-03-21 402944]
    S3 USBSTOR;Pilote de stockage de masse USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    .
    Contenu du dossier 'Tâches planifiées'

    2008-11-09 c:\windows\Tasks\EasyShare Registration Task.job
    - c:\windows\system32\rundll32.exe [2004-08-05 05:00]

    2007-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
    .
    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - c:\documents and settings\santos\Application Data\Mozilla\Firefox\Profiles\yh0w2953.default\
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-11 14:21:54
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-11-11 14:22:30
    ComboFix-quarantined-files.txt 2008-11-11 13:22:30
    ComboFix3.txt 2008-11-10 22:32:58
    ComboFix2.txt 2008-11-11 13:15:38

    Avant-CF: 18,297,716,736 octets libres
    Après-CF: 18,292,146,176 octets libres

    140 --- E O F --- 2008-11-08 16:46:29

    ET celui de hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:23:07, on 11/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\acer\epm\epm-dm.exe
    C:\Program Files\Acer\eRecovery\Monitor.exe
    C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O6 "USB001" /M "Stylus CX3600"
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by136fd.bay136.hotmail.msn.com/resources/MsnPUpl...
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    --
    End of file - 6149 bytes

    11 Novembre 2008 17:18:05

    malheureusement ton image ne s affiche pas.

    j'ai copié le script sur le bloc comme tu m as dis j'ai enregistré sur le bureau apres en ouvrant combofix, je fais glissé au moment du demarage le fichier bloc note.
    a b 8 Sécurité
    11 Novembre 2008 18:28:25

    Nan, tu glisses le fichier texte sur l'icone.
    11 Novembre 2008 18:52:04

    RE

    alors j'ai effectué le travail demandé alors le problème c'est que à la fin du traitement du logiciel combofix j'ai oublié d enregister le bloc note mais j'ai fais ce que tu m as dis dernierement. alors j'ai recommencé j'ai glissé le script sur l icone combofix une deuxieme fois voici le rapport combofix:

    ComboFix 08-11-10.01 - santos 2008-11-11 18:44:05.6 - FAT32x86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.250 [GMT 1:00]
    Lancé depuis: c:\documents and settings\santos\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\santos\Bureau\CFScript.txt
    * Un nouveau point de restauration a été créé

    FILE ::
    c:\windows\system32\uikshnrjezz.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-11 au 2008-11-11 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-09 20:00 . 2008-11-09 20:00 <REP> d-------- c:\program files\Trend Micro
    2008-11-09 14:08 . 2008-11-09 14:08 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-11-09 14:08 . 2008-11-09 14:08 <REP> d-------- c:\documents and settings\santos\Application Data\Malwarebytes
    2008-11-09 14:08 . 2008-11-09 14:08 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-11-09 14:08 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-11-09 14:08 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-11-09 00:54 . 2008-11-09 00:54 0 --a------ c:\windows\nsreg.dat
    2008-11-08 19:33 . 2008-11-08 19:33 54,156 --ah----- c:\windows\QTFont.qfn
    2008-11-08 19:33 . 2008-11-08 19:33 1,409 --a------ c:\windows\QTFont.for
    2008-11-02 22:01 . 2008-11-02 22:01 <REP> d-------- c:\windows\system32\Lang
    2008-11-02 22:01 . 2008-11-02 22:01 940,794 --a------ c:\windows\system32\LoopyMusic.wav
    2008-11-02 22:01 . 2008-11-02 22:01 146,650 --a------ c:\windows\system32\BuzzingBee.wav
    2008-11-02 22:01 . 2008-11-09 18:36 60,416 --a------ c:\windows\ALCFDRTM.VER
    2008-11-02 22:01 . 2008-11-02 22:01 60,416 --a------ c:\windows\ALCFDRTM.EXE

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-08 18:42 362 ----a-w c:\program files\Raccourci vers eMule.lnk
    2008-08-30 11:13 315,392 ----a-w c:\windows\HideWin.exe
    2008-06-15 16:25 1,148 ----a-w c:\documents and settings\santos\Application Data\wklnhst.dat
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
    "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-25 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "preload"="c:\windows\RUNXMLPL.exe" [2005-05-19 32768]
    "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-06-01 192512]
    "ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-15 2893824]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
    "eRecoveryService"="c:\program files\Acer\eRecovery\Monitor.exe" [2005-06-29 352256]
    "EPSON Stylus CX3600 Series (Copie 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 98304]
    "Autoconfigurateur WiFi Neuf"="c:\program files\Neuf\Kit\WiFi\9wifi.exe" [2006-07-06 122880]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.ACDV"= ACDV.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk
    backup=c:\windows\pss\Logiciel Kodak EasyShare.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
    backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Pack Securite.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Pack Securite.lnk
    backup=c:\windows\pss\Pack Securite.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^santos^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
    path=c:\documents and settings\santos\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
    backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3600 Series]
    --a------ 2004-03-04 04:00 98304 c:\windows\system32\spool\drivers\w32x86\3\E_FATI9BE.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    --a------ 2005-01-23 10:31 126976 c:\windows\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    --a------ 2005-01-23 10:36 155648 c:\windows\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2007-07-31 18:44 271672 c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-01-19 12:55 5674352 c:\program files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
    --a------ 2006-03-21 13:19 69632 c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    --a------ 2004-08-05 05:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    --a------ 2004-08-05 05:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    -ra------ 2003-09-30 00:14 155648 c:\program files\Fichiers communs\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-07-25 20:54 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    --a------ 2005-02-04 11:11 708698 c:\program files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
    --a------ 2005-02-04 11:12 102490 c:\program files\Synaptics\SynTP\SynTPLpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    --a------ 2006-07-21 16:14 86016 c:\windows\SoundMan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\MSMSGS.EXE"=
    "c:\\Program Files\\MSN Messenger\\MsnMsgr.Exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2004-07-19 4096]
    R2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2005-04-07 78208]
    R2 int15.sys;int15.sys;c:\program files\Acer\eRecovery\int15.sys [2005-01-13 69632]
    R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2005-03-04 8704]
    R2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2005-01-14 4010]
    R3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2005-11-19 20096]
    S3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.sys [ ]
    S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\DRIVERS\WlanBZXP.sys [2006-03-21 402944]
    S3 USBSTOR;Pilote de stockage de masse USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Tâches planifiées'

    2008-11-09 c:\windows\Tasks\EasyShare Registration Task.job
    - c:\windows\system32\rundll32.exe [2004-08-05 05:00]

    2007-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-11 18:45:04
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-11-11 18:45:28
    ComboFix-quarantined-files.txt 2008-11-11 17:45:28
    ComboFix4.txt 2008-11-11 13:15:38
    ComboFix3.txt 2008-11-11 13:22:32
    ComboFix5.txt 2008-11-11 17:43:42
    ComboFix2.txt 2008-11-11 17:39:20

    Avant-CF: 18 183 290 880 octets libres
    Après-CF: 18,176,180,224 octets libres

    140 --- E O F --- 2008-11-08 16:46:29


    rapport hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:50:19, on 11/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\acer\epm\epm-dm.exe
    C:\Program Files\Acer\eRecovery\Monitor.exe
    C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O6 "USB001" /M "Stylus CX3600"
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by136fd.bay136.hotmail.msn.com/resources/MsnPUpl...
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    --
    End of file - 6280 bytes
    11 Novembre 2008 22:00:37

    il en reste encore des malfras?
    a b 8 Sécurité
    12 Novembre 2008 14:45:48

    Quel est ton antivirus ?
    12 Novembre 2008 19:56:04

    Bonsoir,

    Là je n'ai plus d antivirus. J'ai désinstallé y a 3 jours antivir, je ne sais pas s il était vraiment efficace.

    Que me conseilles tu?

    Y a t il encore des résidus de malwares dans mon pc?

    En tout c'est super sympa pour le boulot que vous faites, merci beaucoup
    a b 8 Sécurité
    13 Novembre 2008 19:04:45

    En gratuit tu as AntiVir :) 
    13 Novembre 2008 20:40:19

    ok, mon problème est resolu? moi je ne constate plus de messages intempestifs
    a b 8 Sécurité
    14 Novembre 2008 18:07:01

    Je pense que c'est ok.
    18 Novembre 2008 22:57:43

    Merci beaucoup pour le service rendu, c'est super sympa
    a b 8 Sécurité
    19 Novembre 2008 15:15:52

    Bon surf.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS