Se connecter / S'enregistrer
Votre question

"Warning spyware dectected on computer ..." [résolu]

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
23 Août 2008 23:06:11

Personne ne peut m'aider?....
Orientez moi s'il vous plait, que dois je faire pour supprimer cet ecran bleu et cette fenetre jaune avec son WARNING?

Autres pages sur : warning spyware dectected computer resolu

24 Août 2008 14:16:06

bonjour

1

~Télécharge SmitfraudFix

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

~Dezippe la totalité de l'archive SmitfraudFix.zip
Recherche:
~Double clique sur SmitfraudFix.cmd
~Sélectionne 1 et presse Entrée dans le menu pour créer un rapport des fichiers responsables de l'infection. Le rapport se trouve à la racine du disque système C:\rapport.txt
~Poste ce rapport.
process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

2

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
24 Août 2008 21:02:03

Merci merci de prendre du temps pour m'aider.... Et comme je suis une brelle en informatique je bloque déjà sur le premier truc que tu m'as dis de faire. Le rapport je le poste où? Ici? ou je le poste après avoir le truc avec Hijackthis?
Contenus similaires
24 Août 2008 21:10:50

Re

Voilà le rapport de Smitfraudfix

SmitFraudFix v2.339

Rapport fait à 21:12:37,84, 24/08/2008
Executé à partir de C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\fleurdo


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\fleurdo\Application Data

C:\Documents and Settings\fleurdo\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Donc la prochaine étape c'est quoi?
24 Août 2008 22:39:47

tu me postes le rapport hijackthis :) 
25 Août 2008 00:44:46

Alors voila pour le deuxieme rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:46:04, on 25/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\WINDOWS\faceback1974.exe
C:\WINDOWS\system32\lphclcrj0e1dg.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Documents and Settings\fleurdo\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\fleurdo\Application Data\Microsoft\Windows\uojohrk.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\17PHolmes1974.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\18344.exe
C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\18344.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_BAND_SEARCHBAR_HTML
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Webtools\webtools.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Mjcore\Mjcore.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\faceback1974.exe 61A847B5BBF728133B9C3C466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [lphclcrj0e1dg] C:\WINDOWS\system32\lphclcrj0e1dg.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\fleurdo\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\fleurdo\Application Data\Microsoft\Windows\uojohrk.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jh...
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/
O15 - Trusted Zone: http://ed2k-series.new.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe

--
End of file - 11190 bytes

Et maintenant que dois je faire?
25 Août 2008 19:14:18

bonsoir

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    25 Août 2008 19:30:04

    Je n'arrive pas à télécharger MalwareByte's
    25 Août 2008 20:31:40

    Ouf j'y suis enfin arriver.
    Donc voilà le rapport de MalwareByte's Anti-Malware

    Malwarebytes' Anti-Malware 1.25
    Version de la base de données: 1087
    Windows 5.1.2600 Service Pack 2

    20:29:47 25/08/2008
    mbam-log-08-25-2008 (20-29-47).txt

    Type de recherche: Examen rapide
    Eléments examinés: 51774
    Temps écoulé: 10 minute(s), 23 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 151
    Valeur(s) du Registre infectée(s): 13
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 32
    Fichier(s) infecté(s): 120

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1 (Adware.WebHancer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcgcrj0e1dg (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\rhcgcrj0e1dg (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Webtools (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\SpeedRunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj (Adware.WebHancer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent (Adware.WebHancer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\webHancer (Adware.WebHancer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\speedrunner (Adware.SpeedRunner) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sfkg6wip (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\webhancer agent (Adware.Webhancer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft WinUpdate (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphclcrj0e1dg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\webHancer (Adware.Webhancer) -> Quarantined and deleted successfully.
    C:\Program Files\webHancer\Programs (Adware.Webhancer) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Skra (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\rhcgcrj0e1dg (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\rhcgcrj0e1dg (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\rhcgcrj0e1dg\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\rhcgcrj0e1dg\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\rhcgcrj0e1dg\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\rhcgcrj0e1dg\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\rhcgcrj0e1dg\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\rhcgcrj0e1dg\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\rhcgcrj0e1dg\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\rhcgcrj0e1dg\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\rhcgcrj0e1dg\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\rhcgcrj0e1dg\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Documents and Settings\fleurdo\Application Data\SpeedRunner\SpeedRunner.exe (Adware.SpeedRunner) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\Windows\uojohrk.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\faceback1974.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Program Files\Mjcore\Mjcore.dll (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\Webtools\webtools.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\webHancer\Programs\whiehlpr.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\WINDOWS\b128.MSNFix (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\b156.MSNFix (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\WINDOWS\meane.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\20.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\2C.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\2D.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\3.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\8.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\blphclcrj0e1dg.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\D.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pphclcrj0e1dg.exe (Rogue.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.MSNFix (Adware.ClickSpring) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\Components\srff.dll (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Local Settings\Temp\sys.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Local Settings\Temporary Internet Files\Content.IE5\2K04LPHN\sys[1].exe (Adware.Webhancer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Local Settings\Temporary Internet Files\Content.IE5\9UK2W366\17PHolmes[1].cmt (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Local Settings\Temporary Internet Files\Content.IE5\E0QDFAHO\td1[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Local Settings\Temporary Internet Files\Content.IE5\R4LXI5SI\oyknus[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\InetGet2\YazzleBundle-1560.MSNFix (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\webHancer\whAgent_update.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
    C:\Program Files\webHancer\Programs\license.txt (Adware.Webhancer) -> Quarantined and deleted successfully.
    C:\Program Files\webHancer\Programs\readme.txt (Adware.Webhancer) -> Quarantined and deleted successfully.
    C:\Program Files\webHancer\Programs\sporder.dll (Adware.Webhancer) -> Quarantined and deleted successfully.
    C:\Program Files\webHancer\Programs\webhdll.dll (Adware.Webhancer) -> Quarantined and deleted successfully.
    C:\Program Files\webHancer\Programs\whagent.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
    C:\Program Files\webHancer\Programs\whagent.ini (Adware.Webhancer) -> Quarantined and deleted successfully.
    C:\Program Files\webHancer\Programs\whinstaller.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\Skra\Skra.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\rhcgcrj0e1dg\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcgcrj0e1dg\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcgcrj0e1dg\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcgcrj0e1dg\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcgcrj0e1dg\rhcgcrj0e1dg.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcgcrj0e1dg\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\12926.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\13151.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\13435.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\18344.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\3691.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\ABBYY FineReader 5 Pro (Try and Buy) - Windows XP patch by EVC.torrent (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\ABBYY FineReader 5 Pro (Try and Buy) - Windows XP patch by EVC.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\ABC Amber PDF Converter v1.03.torrent (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\ABC Amber PDF Converter v1.03.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\Aboilsoft PowerPoint To DVD v1.8 crack by SSG.torrent (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\Aboilsoft PowerPoint To DVD v1.8 crack by SSG.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\AcePics v2.0 patch by DBC.torrent (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\AcePics v2.0 patch by DBC.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\ACON Acoustica 2.0.torrent (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\ACON Acoustica 2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\Adobe Audition v1.0 by SSG.torrent (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\Adobe Audition v1.0 by SSG.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\Adobe.Photoshop.9.Acrobat.7.0.Pro.Illustrator.InDesign.GoLive.CS2.torrent (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\Adobe.Photoshop.9.Acrobat.7.0.Pro.Illustrator.InDesign.GoLive.CS2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\Advanced Audio Plugin for Nero 7 serial by Net Guru.torrent (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\Advanced Audio Plugin for Nero 7 serial by Net Guru.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\avast.antivirus.4.1.357.keygen-tsrh.torrent (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\avast.antivirus.4.1.357.keygen-tsrh.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\BricsCad Architecturals for AutoCAD v3.3.0009 by RENEGADE.torrent (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\BricsCad Architecturals for AutoCAD v3.3.0009 by RENEGADE.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\Fish Tycoon v1.0 keygen by TSRh.torrent (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\Fish Tycoon v1.0 keygen by TSRh.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\Kingdia.Video.to.AVI.WMV.MPEG.MOV.SWF.FLV.Converter.v1.0.4 KEYGEN-FFF.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\muvee autoProducer v2.0.363 patch by Saltine.torrent (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\muvee autoProducer v2.0.363 patch by Saltine.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\Pro-ENGINEER Wildfire v2.0 Datecode F000 (2004110).torrent (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\Pro-ENGINEER Wildfire v2.0 Datecode F000 (2004110).zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\Replay Converter 2.80 [04-18-2007] patch.torrent (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\Replay Converter 2.80 [04-18-2007] patch.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\s (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\Spyware Doctor 3.5.0.478 serial.zip~ (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\speedrunner\config.cfg (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\speedrunner\config.MSNFix (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\speedrunner\SRUninstall.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\speedrunner\SRUninstall.MSNFix (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msupdte.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lphclcrj0e1dg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\phclcrj0e1dg.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\fleurdo\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.


    Quelle est la suite des manip à faire?
    25 Août 2008 23:14:14

    re

    Malwarebytes' Anti-Malware a bien travaillé... :) 


    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    ajoute un nouveau rapport Hijackthis.
    25 Août 2008 23:29:07

    Ok alors voilà le rapport Combofix

    ComboFix 08-08-24.03 - fleurdo 2008-08-25 23:23:40.1 - NTFSx86
    Endroit: C:\Documents and Settings\fleurdo\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Antivirus XP 2008.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\License Agreement.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Register Antivirus XP 2008.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Uninstall.lnk
    C:\Documents and Settings\fleurdo\Cookies\fleurdo@ad.yieldmanager[1].txt
    C:\Documents and Settings\fleurdo\Cookies\fleurdo@mediatraffic[1].txt
    C:\Documents and Settings\fleurdo\Local Settings\Temporary Internet Files\bestwiner.stt
    C:\Documents and Settings\fleurdo\Local Settings\Temporary Internet Files\CPV.stt
    C:\WINDOWS\system32\9.tmp
    C:\WINDOWS\system32\msupdte.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-07-25 to 2008-08-25 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-25 19:47 . 2008-08-25 19:47 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-08-25 19:44 . 2008-08-25 19:48 1,374 --a------ C:\WINDOWS\imsins.BAK
    2008-08-25 19:41 . 2008-08-25 19:41 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-25 19:41 . 2008-08-25 19:41 <REP> d-------- C:\Documents and Settings\fleurdo\Application Data\Malwarebytes
    2008-08-25 19:41 . 2008-08-25 19:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-25 19:41 . 2008-08-17 15:05 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-25 19:41 . 2008-08-17 15:05 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-25 13:44 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-08-25 13:44 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-08-24 21:12 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-08-24 21:12 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-08-24 21:12 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-08-24 21:12 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-08-24 21:12 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
    2008-08-24 21:12 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
    2008-08-24 21:12 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-08-24 21:12 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-08-24 21:12 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-08-24 21:12 . 2008-08-24 21:12 3,164 --a------ C:\WINDOWS\system32\tmp.reg
    2008-08-20 12:37 . 2008-08-20 12:37 <REP> d-------- C:\Program Files\ENJOY Plus!
    2008-08-20 12:37 . 2008-08-20 12:37 <REP> d-------- C:\Program Files\Club World Casinos
    2008-08-20 12:37 . 2008-08-20 12:37 <REP> d-------- C:\Documents and Settings\fleurdo\Application Data\ENJOY Plus!
    2008-08-20 12:37 . 2008-08-20 12:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ENJOY Plus!
    2008-08-20 12:36 . 2008-08-20 12:36 <REP> d-------- C:\Program Files\webHancer(2)
    2008-08-20 12:36 . 2008-08-20 12:36 <REP> d-------- C:\Program Files\neuf Talk
    2008-08-20 12:36 . 2008-08-25 20:32 <REP> d-------- C:\Program Files\lg_fwupdate
    2008-08-20 00:05 . 2008-08-20 12:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-08-15 12:32 . 2008-08-20 12:38 109,150 --a------ C:\WINDOWS\system32\drivers\81edea32.sys
    2008-08-15 12:19 . 2008-08-24 21:12 0 --a------ C:\WINDOWS\system32\tmp.MSNFix
    2008-08-14 12:41 . 2008-08-25 20:12 8,784 --ah----- C:\Documents and Settings\fleurdo\runUpdater.exe
    2008-08-14 00:31 . 2008-08-14 00:31 <REP> d-------- C:\Program Files\Trend Micro
    2008-08-13 18:28 . 2008-08-13 18:28 <REP> d-------- C:\Program Files\AxBx
    2008-08-13 09:20 . 2008-08-13 09:20 <REP> d-------- C:\Program Files\uTorrent
    2008-08-12 22:43 . 2008-08-12 22:43 <REP> d-------- C:\games
    2008-08-12 22:42 . 2008-08-25 12:48 21,818 --a------ C:\WINDOWS\system32\msupdte.MSNFix
    2008-08-12 21:08 . 2008-08-12 21:09 <REP> d-------- C:\Documents and Settings\fleurdo\Application Data\Winamp
    2008-08-12 21:08 . 2007-03-08 01:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
    2008-08-12 21:08 . 2007-03-08 01:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-08-12 21:08 . 2007-03-08 01:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2008-07-30 21:04 . 2008-08-24 21:52 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-07-30 20:17 . 2008-07-30 20:17 <REP> d-------- C:\Program Files\Nero
    2008-07-30 20:17 . 2008-07-30 20:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
    2008-07-30 20:06 . 1998-07-22 00:00 102,160 --a------ C:\WINDOWS\system32\VB6KO.DLL
    2008-07-30 20:06 . 2006-02-17 14:19 16,384 --a------ C:\WINDOWS\system32\lgfwunis.exe
    2008-07-30 20:06 . 2008-08-25 20:32 359 --a------ C:\WINDOWS\lgfwup.ini
    2008-07-30 20:03 . 2008-07-30 20:03 <REP> d-------- C:\MyWorks

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-25 18:37 --------- d-----w C:\Documents and Settings\fleurdo\Application Data\EoRezo
    2008-08-25 08:09 --------- d-----w C:\Program Files\eChanblard
    2008-08-20 10:37 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-08-20 10:37 --------- d-----w C:\Program Files\Unlocker
    2008-08-20 10:37 --------- d-----w C:\Program Files\hilopoker
    2008-08-20 10:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
    2008-08-19 22:45 --------- d-----w C:\Program Files\MSN Messenger
    2008-08-19 22:05 --------- d-----w C:\Program Files\Lavasoft
    2008-08-19 21:46 --------- d-----w C:\Program Files\MySpace
    2008-08-13 21:26 --------- d-----w C:\Documents and Settings\fleurdo\Application Data\CyberLink
    2008-08-13 20:45 --------- d-----w C:\Program Files\BoontyGames
    2008-08-12 19:09 --------- d-----w C:\Program Files\Winamp
    2008-07-30 18:19 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2008-07-30 18:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
    2008-07-30 18:13 --------- d-----w C:\Program Files\Ahead
    2008-07-30 18:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-30 18:03 --------- d-----w C:\Program Files\CyberLink
    2008-07-23 11:43 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
    2008-07-23 11:43 249,856 ------w C:\WINDOWS\Setup1.exe
    2008-07-23 11:28 --------- d-----w C:\Program Files\Absolutist.com
    2008-07-23 11:23 --------- d-----w C:\Program Files\ppoker
    2008-07-16 17:12 --------- d-----w C:\Program Files\PopCap Games
    2008-07-13 15:37 --------- d-----w C:\Program Files\Fichiers communs\BOONTY Shared
    2008-07-13 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOONTY
    2008-07-13 15:36 --------- d-----w C:\Program Files\Boonty
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-03-30 18:53 24,496 -c--a-w C:\Documents and Settings\fleurdo\Application Data\GDIPFONTCACHEV1.DAT
    2001-01-30 14:18 397,312 ------r C:\Program Files\ikoExplore.exe
    1998-03-13 10:28 22,728 ------w C:\Program Files\PICTRS.EXE
    1997-11-13 09:09 23,552 ------r C:\Program Files\RestartApp.exe
    1995-05-22 22:00 520,552 ------w C:\Program Files\LEAD50.DLL
    1995-04-09 23:00 38,720 ------w C:\Program Files\LEADDIB.DRV
    2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
    2007-02-28 17:51 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 15:20 401491]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 22:07 7110656]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
    "LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2008-08-12 15:03 249856]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-07-09 23:33 36352]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
    "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-18 01:27 9117696]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLogOff"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.X264"= x264vfw.dll
    "VIDC.3iv2"= 3ivxVfWCodec.dll
    "VIDC.VP31"= vp31vfw.dll
    "msacm.l3fhg"= mp3fhg.acm
    "MSACM.CEGSM"= mobilev.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    --a------ 2007-05-15 15:55 1057328 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    --a------ 2007-03-09 18:09 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    --a------ 2005-06-08 15:24 458752 C:\Program Files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    --a------ 2005-06-08 15:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
    --a------ 2008-04-18 01:27 9117696 C:\Program Files\MySpace\IM\MySpaceIM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2007-03-01 15:57 153136 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
    --a------ 2007-05-15 15:55 1628208 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
    -ra------ 2008-01-02 21:15 103712 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusKeeper]
    --a------ 2008-07-21 12:26 3000192 C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\NetMeeting\\Conf.exe"=
    "C:\\Program Files\\eChanblard\\emule.exe"=
    "C:\\mcoinstall.exe"=
    "C:\\StubInstaller.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\neuf Talk\\neuf Talk.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
    "C:\Program Files\neuf telecom\MP9\VLC\vlc.exe"= C:\Program Files\neuf telecom\MP9\VLC\vlc.exe:172.16.255.0/255.255.255.0:Enabled:Serveur VLC/MP9 (player neuf telecom)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "139:TCP"= 139:TCP:LocalSubNet,172.16.255.0/255.255.255.0:Enabled:@xpsp2res.dll,-22004
    "445:TCP"= 445:TCP:LocalSubNet,172.16.255.0/255.255.255.0:Enabled:@xpsp2res.dll,-22005
    "137:UDP"= 137:UDP:LocalSubNet,172.16.255.0/255.255.255.0:Enabled:@xpsp2res.dll,-22001
    "138:UDP"= 138:UDP:LocalSubNet,172.16.255.0/255.255.255.0:Enabled:@xpsp2res.dll,-22002

    R2 vkservice;VirusKeeper antivirus/antispyware;C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe [2008-05-22 15:27]
    R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 14:39]
    S2 713xTVCard;SAA7133 TV Card;C:\WINDOWS\system32\DRIVERS\SAA713x.sys [2005-03-15 12:00]
    S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2008-07-13 17:37]
    S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10]
    S4 Nulioecoen;Nulioecoen;C:\WINDOWS\system32\pathping.exe [2004-08-05 14:00]

    *Newly Created Service* - PROCEXP90
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-Eraser - C:\Program Files\Eraser\eraser.exe
    HKLM-Run-Microsoft WinUpdate - C:\WINDOWS\system32\msupdte.exe
    Notify-AtiExtEvent - (no file)
    MSConfigStartUp-lphclcrj0e1dg - C:\WINDOWS\system32\lphclcrj0e1dg.exe
    MSConfigStartUp-MyWebSearch Email Plugin - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    MSConfigStartUp-runner1 - C:\WINDOWS\faceback1974.exe
    MSConfigStartUp-Skra - C:\Program Files\Skra\Skra.exe
    MSConfigStartUp-SMrhcgcrj0e1dg - C:\Program Files\rhcgcrj0e1dg\rhcgcrj0e1dg.exe
    MSConfigStartUp-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe


    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\fleurdo\Application Data\Mozilla\Firefox\Profiles\8uh15zzd.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-25 23:26:14
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-25 23:27:40
    ComboFix-quarantined-files.txt 2008-08-25 21:27:11

    Pre-Run: 21,297,061,888 octets libres
    Post-Run: 21,614,346,240 octets libres

    229 --- E O F --- 2008-08-25 17:48:22


    Et le nouveau rapport hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:32:44, on 25/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Nero\Nero 7\Core\nero.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/
    O15 - Trusted Zone: http://ed2k-series.new.fr
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe

    --
    End of file - 9270 bytes

    Voilà
    26 Août 2008 00:22:01

    re

    faut arrêter de télécharger tout et n'importe quoi.
    genre:
    C:\Program Files\ENJOY Plus!
    C:\Program Files\Club World Casinos
    C:\Program Files\eoRezo

    fais le ménage dans tout ça... ajout/suppression de programmes et tu vires tout ce qui ne te sert à rien.

    vu les logiciels de p2p que tu as, en prime,je m'attends en plus à voir des tas de cracks...

    1

    Rends toi sur ce lien : Virus Total
  • Clique sur Parcourir
  • Rends toi jusque sur ce fichier si tu le trouves :

    C:\WINDOWS\system32\drivers\81edea32.sys

  • Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image :
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
    Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.


    2

    ~Fais une analyse antivirus en ligne sur le site de Kaspersky
    http://www.kaspersky.com/kos/eng/partner/default/kavweb...

    * Clique sur Accept
    * Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
    * clique une nouvelle fois sur "Accept"
    * Les bases de mises à jour vont s'installer, patiente un moment
    * Clique sur Next.
    * Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
    * Poste le rapport de scan.
    Tuto du scan en ligne
    26 Août 2008 13:40:40

    Lol oui c'est vrai que je télécharge n'importe quoi, je vais arrêter.

    Alors le rapport de virus total:


    Fichier 81edea32.sys reçu le 2008.08.26 13:30:37 (CET)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.8.21.0 2008.08.26 -
    AntiVir 7.8.1.23 2008.08.26 TR/Fakealert.YN
    Authentium 5.1.0.4 2008.08.25 -
    Avast 4.8.1195.0 2008.08.25 Win32:Trojan-gen {Other}
    AVG 8.0.0.161 2008.08.26 BackDoor.Generic10.CVI
    BitDefender 7.2 2008.08.26 Trojan.Fakealert.YN
    CAT-QuickHeal 9.50 2008.08.25 -
    ClamAV 0.93.1 2008.08.26 -
    DrWeb 4.44.0.09170 2008.08.26 -
    eSafe 7.0.17.0 2008.08.24 -
    eTrust-Vet 31.6.6048 2008.08.25 Win32/Rustock.BI
    Ewido 4.0 2008.08.26 -
    F-Prot 4.4.4.56 2008.08.26 -
    F-Secure 7.60.13501.0 2008.08.26 -
    Fortinet 3.14.0.0 2008.08.26 W32/Tibs.CTL!tr
    Ikarus T3.1.1.34.0 2008.08.26 Trojan.Fakealert.YN
    K7AntiVirus 7.10.428 2008.08.25 -
    Kaspersky 7.0.0.125 2008.08.26 -
    McAfee 5369 2008.08.25 -
    Microsoft 1.3807 2008.08.25 Backdoor:Win32/Rustock.gen!E
    NOD32v2 3388 2008.08.26 Win32/Rustock
    Norman 5.80.02 2008.08.26 W32/Renos.AER
    Panda 9.0.0.4 2008.08.25 Trj/Agent.JPR
    PCTools 4.4.2.0 2008.08.25 -
    Prevx1 V2 2008.08.26 Worm
    Rising 20.59.11.00 2008.08.26 -
    Sophos 4.32.0 2008.08.26 -
    Sunbelt 3.1.1582.1 2008.08.26 Trojan.FakeAlert
    Symantec 10 2008.08.26 Trojan Horse
    TheHacker 6.3.0.6.060 2008.08.23 -
    TrendMicro 8.700.0.1004 2008.08.26 TROJ_TIBS.CTL
    VBA32 3.12.8.4 2008.08.25 suspected of Malware-Cryptor.Win32.General.3
    ViRobot 2008.8.26.1350 2008.08.26 -
    VirusBuster 4.5.11.0 2008.08.25 -
    Webwasher-Gateway 6.6.2 2008.08.26 Trojan.Fakealert.YN
    Information additionnelle
    File size: 109150 bytes
    MD5...: 5f52cfa27216129b8190e28445d45e9c
    SHA1..: 395172d630da0eb076b1dbb35665c0dbef826274
    SHA256: 2141035804b2f7c047dc2dd669489f54a9351cf4885b055a9e45642daa5d7589
    SHA512: dce36eed2b0f216afe7675ce88f865d29b0a8c6dab98760bdc9b91820ef2ce55<br>b038808fdb237b31b0ab05516c1584691fb8dab3418f014bd7afef2e208e9523
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x13560<br>timedatestamp.....: 0x488eee22 (Tue Jul 29 10:17:06 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x280 0x335c 0x3380 7.99 3840f29d626c087232d748c1f157b0de<br>.rdata 0x3600 0x3050 0x3080 7.98 a844bc9d52b199b36e0bbe88f6402dbe<br>.data 0x6680 0x98aa 0x9900 0.00 61436252a401141bfc6b15160ff76e35<br>INIT 0xff80 0x16c 0x180 4.47 3b4ad5781d707083915d6305d4d4cb90<br>.reloc 0x10100 0xe6 0x100 1.03 2a83e875df178cbe8754bdf39c2d2650<br><br>( 2 imports ) <br>> ntoskrnl.exe: KeInitializeEvent, KeInitializeDpc, KeInitializeMutex, memcpy, IoAllocateIrp, IoAttachDevice, memset, IoFreeIrp, IoFreeWorkItem, ExFreePoolWithTag, IofCallDriver, ObfReferenceObject<br>> HAL.dll: ExAcquireFastMutex<br><br>( 0 exports ) <br>
    Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=3486794C...

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.8.21.0 2008.08.26 -
    AntiVir 7.8.1.23 2008.08.26 TR/Fakealert.YN
    Authentium 5.1.0.4 2008.08.25 -
    Avast 4.8.1195.0 2008.08.25 Win32:Trojan-gen {Other}
    AVG 8.0.0.161 2008.08.26 BackDoor.Generic10.CVI
    BitDefender 7.2 2008.08.26 Trojan.Fakealert.YN
    CAT-QuickHeal 9.50 2008.08.25 -
    ClamAV 0.93.1 2008.08.26 -
    DrWeb 4.44.0.09170 2008.08.26 -
    eSafe 7.0.17.0 2008.08.24 -
    eTrust-Vet 31.6.6048 2008.08.25 Win32/Rustock.BI
    Ewido 4.0 2008.08.26 -
    F-Prot 4.4.4.56 2008.08.26 -
    F-Secure 7.60.13501.0 2008.08.26 -
    Fortinet 3.14.0.0 2008.08.26 W32/Tibs.CTL!tr
    Ikarus T3.1.1.34.0 2008.08.26 Trojan.Fakealert.YN
    K7AntiVirus 7.10.428 2008.08.25 -
    Kaspersky 7.0.0.125 2008.08.26 -
    McAfee 5369 2008.08.25 -
    Microsoft 1.3807 2008.08.25 Backdoor:Win32/Rustock.gen!E
    NOD32v2 3388 2008.08.26 Win32/Rustock
    Norman 5.80.02 2008.08.26 W32/Renos.AER
    Panda 9.0.0.4 2008.08.25 Trj/Agent.JPR
    PCTools 4.4.2.0 2008.08.25 -
    Prevx1 V2 2008.08.26 Worm
    Rising 20.59.11.00 2008.08.26 -
    Sophos 4.32.0 2008.08.26 -
    Sunbelt 3.1.1582.1 2008.08.26 Trojan.FakeAlert
    Symantec 10 2008.08.26 Trojan Horse
    TheHacker 6.3.0.6.060 2008.08.23 -
    TrendMicro 8.700.0.1004 2008.08.26 TROJ_TIBS.CTL
    VBA32 3.12.8.4 2008.08.25 suspected of Malware-Cryptor.Win32.General.3
    ViRobot 2008.8.26.1350 2008.08.26 -
    VirusBuster 4.5.11.0 2008.08.25 -
    Webwasher-Gateway 6.6.2 2008.08.26 Trojan.Fakealert.YN

    Information additionnelle
    File size: 109150 bytes
    MD5...: 5f52cfa27216129b8190e28445d45e9c
    SHA1..: 395172d630da0eb076b1dbb35665c0dbef826274
    SHA256: 2141035804b2f7c047dc2dd669489f54a9351cf4885b055a9e45642daa5d7589
    SHA512: dce36eed2b0f216afe7675ce88f865d29b0a8c6dab98760bdc9b91820ef2ce55<br>b038808fdb237b31b0ab05516c1584691fb8dab3418f014bd7afef2e208e9523
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x13560<br>timedatestamp.....: 0x488eee22 (Tue Jul 29 10:17:06 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x280 0x335c 0x3380 7.99 3840f29d626c087232d748c1f157b0de<br>.rdata 0x3600 0x3050 0x3080 7.98 a844bc9d52b199b36e0bbe88f6402dbe<br>.data 0x6680 0x98aa 0x9900 0.00 61436252a401141bfc6b15160ff76e35<br>INIT 0xff80 0x16c 0x180 4.47 3b4ad5781d707083915d6305d4d4cb90<br>.reloc 0x10100 0xe6 0x100 1.03 2a83e875df178cbe8754bdf39c2d2650<br><br>( 2 imports ) <br>> ntoskrnl.exe: KeInitializeEvent, KeInitializeDpc, KeInitializeMutex, memcpy, IoAllocateIrp, IoAttachDevice, memset, IoFreeIrp, IoFreeWorkItem, ExFreePoolWithTag, IofCallDriver, ObfReferenceObject<br>> HAL.dll: ExAcquireFastMutex<br><br>( 0 exports ) <br>
    Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=3486794C...
    26 Août 2008 17:08:36

    bonjour
    poste le rapport du scan en ligne kaspersky stp
    on va faire le grand ménage après. :D 
    26 Août 2008 20:02:19

    Ok voila pour le rapport du scan en ligne:

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Tuesday, August 26, 2008
    Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Tuesday, August 26, 2008 16:27:40
    Records in database: 1148360
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    F:\
    H:\
    I:\
    J:\
    K:\
    L:\

    Scan statistics:
    Files scanned: 85503
    Threat name: 19
    Infected objects: 36
    Suspicious objects: 1
    Duration of the scan: 01:17:43


    File name / Threat name / Threats count
    C:\Documents and Settings\fleurdo\Bureau\MSNFix\25082008_13415017.zip Infected: Trojan-Downloader.Win32.Agent.ezc 1
    C:\Documents and Settings\fleurdo\Bureau\MSNFix\25082008_13415017.zip Infected: Trojan-Spy.Win32.Agent.due 1
    C:\Documents and Settings\fleurdo\Bureau\MSNFix\25082008_13415017.zip Infected: Trojan.Win32.Multis.cw 1
    C:\Documents and Settings\fleurdo\Bureau\MSNFix\25082008_13415017.zip Infected: Trojan-Downloader.Win32.Agent.jih 1
    C:\Documents and Settings\fleurdo\Bureau\MSNFix\25082008_13415017.zip Infected: Trojan-Downloader.Win32.Agent.ucq 1
    C:\Documents and Settings\fleurdo\Bureau\MSNFix\25082008_13415017.zip Infected: Trojan-Downloader.Win32.Agent.abqa 1
    C:\Documents and Settings\fleurdo\Bureau\MSNFix\25082008_13415017.zip Infected: not-a-virus:AdWare.Win32.PurityScan.gp 1
    C:\Documents and Settings\fleurdo\Bureau\MSNFix\25082008_13415017.zip Infected: Trojan.Win32.Scapur.k 1
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix\SmitfraudFix.zip Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix.zip Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
    C:\Documents and Settings\fleurdo\Bureau\Upload_Me.zip Infected: Trojan-Downloader.Win32.Agent.ezc 1
    C:\Documents and Settings\fleurdo\Bureau\Upload_Me.zip Infected: Trojan-Spy.Win32.Agent.due 1
    C:\Documents and Settings\fleurdo\Bureau\Upload_Me.zip Infected: Trojan.Win32.Multis.cw 1
    C:\Documents and Settings\fleurdo\Bureau\Upload_Me.zip Infected: Trojan-Downloader.Win32.Agent.jih 1
    C:\Documents and Settings\fleurdo\Bureau\Upload_Me.zip Infected: Trojan-Downloader.Win32.Agent.ucq 1
    C:\Documents and Settings\fleurdo\Bureau\Upload_Me.zip Infected: Trojan-Downloader.Win32.Agent.abqa 1
    C:\Documents and Settings\fleurdo\Bureau\Upload_Me.zip Infected: not-a-virus:AdWare.Win32.PurityScan.gp 1
    C:\Documents and Settings\fleurdo\Bureau\Upload_Me.zip Infected: Trojan.Win32.Scapur.k 1
    C:\Documents and Settings\fleurdo\Local Settings\Application Data\Identities\{5795F9D5-3B48-4029-A6FB-2B2D2F3D0754}\Microsoft\Outlook Express\Boîte de réception.dbx Infected: Trojan-Spy.HTML.Paylap.jv 1
    C:\Documents and Settings\fleurdo\Local Settings\Application Data\Identities\{5795F9D5-3B48-4029-A6FB-2B2D2F3D0754}\Microsoft\Outlook Express\Boîte de réception.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
    C:\Documents and Settings\fleurdo\Mes documents\Mes fichiers reçus\Jean Marc\vnc-4.0-x86_win32.7z Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 3
    C:\Documents and Settings\fleurdo\runUpdater.exe Infected: Trojan-Downloader.Win32.Small.xnu 1
    C:\Documents and Settings\fleurdo\Shared\02 Track 2.wma Infected: Trojan-Downloader.WMA.Wimad.l 1
    C:\Documents and Settings\fleurdo\Shared\03 Track 3.wma Infected: Trojan-Downloader.WMA.Wimad.l 1
    C:\Documents and Settings\fleurdo\Shared\06 Track 6.wma Infected: Trojan-Downloader.WMA.Wimad.l 1
    C:\Documents and Settings\fleurdo\Shared\les voisins les voisines.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
    C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll Infected: not-a-virus:AdWare.Win32.Mostofate.dt 1
    C:\Program Files\MSN Messenger\riched20.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
    C:\Program Files\webHancer(2)\Programs(2)\webhdll(2).dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 1
    C:\Program Files\webHancer(2)\Programs(2)\webhdll(3).dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 1
    C:\Program Files\webHancer(2)\Programs(2)\whagent(2).exe Infected: not-a-virus:AdWare.Win32.WebHancer.423 1
    C:\Program Files\webHancer(2)\Programs(2)\whiehlpr(2).dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 1
    C:\QooBox\Quarantine\C\WINDOWS\system32\msupdte.exe.vir Infected: Trojan-Downloader.Win32.Agent.ucq 1
    C:\WINDOWS\system32\msupdte.MSNFix Infected: Trojan-Downloader.Win32.Agent.ucq 1

    The selected area was scanned.
    26 Août 2008 22:33:19

    re
    comme convenu, je fais le ménage dans tes programmes. les jeux de poker sont des nids d'infection...

    Copie (Ctrl+C) le texte ci-dessous :
    File::
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix.zip
    C:\Documents and Settings\fleurdo\Bureau\Upload_Me.zip
    C:\Documents and Settings\fleurdo\runUpdater.exe
    C:\Documents and Settings\fleurdo\Shared\02 Track 2.wma
    C:\Documents and Settings\fleurdo\Shared\03 Track 3.wma
    C:\Documents and Settings\fleurdo\Shared\06 Track 6.wma
    C:\Documents and Settings\fleurdo\Shared\les voisins les voisines.mp3
    C:\WINDOWS\system32\msupdte.MSNFix
    C:\WINDOWS\system32\drivers\81edea32.sys
    C:\WINDOWS\system32\tmp.MSNFix
    C:\Program Files\ikoExplore.exe

    Folder::
    C:\Documents and Settings\fleurdo\Bureau\MSNFix
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix
    C:\Program Files\Macrogaming\SweetIMBarForIE
    C:\Program Files\webHancer(2)
    C:\Program Files\ENJOY Plus!
    C:\Program Files\Club World Casinos
    C:\Documents and Settings\fleurdo\Application Data\ENJOY Plus!
    C:\Documents and Settings\All Users\Application Data\ENJOY Plus!
    C:\Program Files\neuf Talk
    C:\Documents and Settings\fleurdo\Application Data\EoRezo
    C:\Program Files\hilopoker
    C:\Program Files\Absolutist.com
    C:\Program Files\ppoker
    C:\Program Files\PopCap Games
    C:\Program Files\eoRezo



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


    26 Août 2008 23:33:48

    Et voilà le scan demandé :

    ComboFix 08-08-26.01 - fleurdo 2008-08-26 23:31:30.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.564 [GMT 2:00]
    Endroit: C:\Documents and Settings\fleurdo\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\fleurdo\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix.zip
    C:\Documents and Settings\fleurdo\Bureau\Upload_Me.zip
    C:\Documents and Settings\fleurdo\runUpdater.exe
    C:\Documents and Settings\fleurdo\Shared\02 Track 2.wma
    C:\Documents and Settings\fleurdo\Shared\03 Track 3.wma
    C:\Documents and Settings\fleurdo\Shared\06 Track 6.wma
    C:\Documents and Settings\fleurdo\Shared\les voisins les voisines.mp3
    C:\Program Files\ikoExplore.exe
    C:\WINDOWS\system32\drivers\81edea32.sys
    C:\WINDOWS\system32\msupdte.MSNFix
    C:\WINDOWS\system32\tmp.MSNFix
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\fleurdo\Application Data\EoRezo
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\cmhost.cyp
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\ConfMedia.cyp
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\db\1.txt
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\db\10.txt
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\db\11.txt
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\db\12.txt
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\db\13.txt
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\db\14.txt
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\db\15.txt
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\db\16.txt
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\db\17.txt
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\db\18.txt
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\db\19.txt
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\db\2.txt
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\db\3.txt
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\db\33.txt
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\db\4.txt
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\db\5.txt
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\db\6.txt
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\db\7.txt
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\db\8.txt
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\db\9.txt
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\db\cat.cyp
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\db\cat.nfo
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\eoDesktop\config.xml
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\eoDesktop\eoDesktop.html
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\eoDesktop\userConfig.xml
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\eoStats\eoStats.txt
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather.cfg
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\EoWeather.cfg
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\EoWeatherVal_02EC282.cfg
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\67_day.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\67_night.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\69_day.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\69_night.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\70_day.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\70_night.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\78_day.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\78_night.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\82_day.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\82_night.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\83_day.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\83_night.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\84_day.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\84_night.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\85_day.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\85_night.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\89_day.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\89_night.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\back.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\background.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\background_1.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\background_1days.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\background_2days.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\background_7days.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\backPressed.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\band.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\band_small.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\close.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\closePressed.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\dayPrevisionBackground.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\dayPrevisionClose.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\earth.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\fonds_écran.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\help.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\helpPressed.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\minimise.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\minimisePressed.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\next.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\nextPressed.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\option.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\optionPressed.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\reflet_ecran.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\small_background.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_classic\Thumbs.db
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\67_day.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\67_night.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\69_day.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\69_night.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\70_day.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\70_night.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\78_day.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\78_night.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\82_day.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\82_night.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\83_day.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\83_night.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\84_day.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\84_night.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\85_day.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\85_night.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\89_day.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\89_night.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\about.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\back.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\background.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\background_1.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\background_1days.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\background_2days.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\background_7days.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\backPressed.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\close.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\closePressed.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\dayPrevisionBackground.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\dayPrevisionClose.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\earth.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\fonds_écran.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\help.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\helpPressed.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\minimise.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\minimisePressed.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\next.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\nextPressed.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\option.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\optionPressed.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\reflet_ecran.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\Thumbs.db
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeather\images_station_meteo\txt_14x13.png
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\EoWeatherVal_02EC282.cfg
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\host.cyp
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\tmp.exe
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\towns.cfg
    C:\Documents and Settings\fleurdo\Application Data\EoRezo\user.cyp
    C:\Documents and Settings\fleurdo\Application Data\macromedia\Flash Player\#SharedObjects\93SSCDSL\bin.clearspring.com
    C:\Documents and Settings\fleurdo\Application Data\macromedia\Flash Player\#SharedObjects\93SSCDSL\bin.clearspring.com\clearspring.sol
    C:\Documents and Settings\fleurdo\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
    C:\Documents and Settings\fleurdo\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
    C:\Documents and Settings\fleurdo\Bureau\MSNFix
    C:\Documents and Settings\fleurdo\Bureau\MSNFix\25082008_13415017.txt
    C:\Documents and Settings\fleurdo\Bureau\MSNFix\25082008_13415017.zip
    C:\Documents and Settings\fleurdo\Bureau\MSNFix\incl\banker.reg
    C:\Documents and Settings\fleurdo\Bureau\MSNFix\incl\catchme.exe
    C:\Documents and Settings\fleurdo\Bureau\MSNFix\incl\f2chck.vbs
    C:\Documents and Settings\fleurdo\Bureau\MSNFix\incl\Hostsclean.exe
    C:\Documents and Settings\fleurdo\Bureau\MSNFix\incl\MD5File.exe
    C:\Documents and Settings\fleurdo\Bureau\MSNFix\incl\Process.exe
    C:\Documents and Settings\fleurdo\Bureau\MSNFix\incl\service.zip
    C:\Documents and Settings\fleurdo\Bureau\MSNFix\incl\setpath.exe
    C:\Documents and Settings\fleurdo\Bureau\MSNFix\incl\swreg.exe
    C:\Documents and Settings\fleurdo\Bureau\MSNFix\incl\zip.exe
    C:\Documents and Settings\fleurdo\Bureau\MSNFix\MSNFix.bat
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix.zip
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix\404Fix.exe
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix\AntiXPVSTFix.exe
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix\beep_2K_original.sys
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix\beep_XP_original.sys
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix\dumphive.exe
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix\exit.exe
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix\GenericRenosFix.exe
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix\HostsChk.exe
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix\IEDFix.C.exe
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix\IEDFix.exe
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix\Policies.exe
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix\Process.exe
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix\Reboot.exe
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix\restart.exe
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix\SmitfraudFix.cmd
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix\SmitfraudFix.zip
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix\SmiUpdate.exe
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix\SrchSTS.exe
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix\swreg.exe
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix\swsc.exe
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix\swxcacls.exe
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix\UIFix.exe
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix\unzip.exe
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix\VACFix.exe
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix\VCCLSID.exe
    C:\Documents and Settings\fleurdo\Bureau\SmitfraudFix\WS2Fix.exe
    C:\Documents and Settings\fleurdo\Bureau\Upload_Me.zip
    C:\Documents and Settings\fleurdo\runUpdater.exe
    C:\Documents and Settings\fleurdo\Shared\02 Track 2.wma
    C:\Documents and Settings\fleurdo\Shared\03 Track 3.wma
    C:\Documents and Settings\fleurdo\Shared\06 Track 6.wma
    C:\Documents and Settings\fleurdo\Shared\les voisins les voisines.mp3
    C:\Program Files\Absolutist.com
    C:\Program Files\Absolutist.com\Mahjong\abs.ico
    C:\Program Files\Absolutist.com\Mahjong\del.ICO
    C:\Program Files\Absolutist.com\Mahjong\Mahjong.url
    C:\Program Files\Absolutist.com\Mahjong\Mahjongg.exe
    C:\Program Files\Absolutist.com\Mahjong\unins000.dat
    C:\Program Files\Absolutist.com\Mahjong\unins000.exe
    C:\Program Files\Absolutist.com\Mahjong\web.ico
    C:\Program Files\hilopoker
    C:\Program Files\hilopoker\Chrys.ini
    C:\Program Files\hilopoker\demo.ini
    C:\Program Files\hilopoker\Laure.ini
    C:\Program Files\hilopoker\poker.exe
    C:\Program Files\hilopoker\poker.ini
    C:\Program Files\ikoExplore.exe
    C:\Program Files\Macrogaming\SweetIMBarForIE
    C:\Program Files\Macrogaming\SweetIMBarForIE\affid.dat
    C:\Program Files\Macrogaming\SweetIMBarForIE\basis.xml
    C:\Program Files\Macrogaming\SweetIMBarForIE\Bookmarks_23x18.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\Cache\cd2005c66fba47ff715ecc444d3bc1fb.xml
    C:\Program Files\Macrogaming\SweetIMBarForIE\Cache\eec75c2bc0eb13d9bc317ee99170020c.xml
    C:\Program Files\Macrogaming\SweetIMBarForIE\Email_23x18.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\Games_23x18.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\Greetingcards_23x18.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\Mobile_23x18.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\Music_23x18.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\News_23x18.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\Shoping_23x18.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\SmileySmile.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\SmileyWink.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\sweetimicons.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.crc
    C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.xml
    C:\Program Files\Macrogaming\SweetIMBarForIE\version.txt
    C:\Program Files\neuf Talk
    C:\Program Files\neuf Talk\avcodec.dll
    C:\Program Files\neuf Talk\download.exe
    C:\Program Files\neuf Talk\kdefx.dll
    C:\Program Files\neuf Talk\memorydump.exe
    C:\Program Files\neuf Talk\mgwz.dll
    C:\Program Files\neuf Talk\msvcp71.dll
    C:\Program Files\neuf Talk\msvcr71.dll
    C:\Program Files\neuf Talk\neuf Talk.exe
    C:\Program Files\neuf Talk\phapi.dll
    C:\Program Files\neuf Talk\portaudio.dll
    C:\Program Files\neuf Talk\qt-mt335.dll
    C:\Program Files\neuf Talk\styles\neuf_Talk_theme.dll
    C:\Program Files\neuf Talk\uninst.exe
    C:\Program Files\neuf Talk\webcam.dll
    C:\Program Files\neuf Talk\wengocurl.dll
    C:\Program Files\PopCap Games
    C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\users\hiscores.dat
    C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\users\laure\profile.dat
    C:\Program Files\PopCap Games\Chuzzle Deluxe\bass.dll
    C:\Program Files\PopCap Games\Chuzzle Deluxe\cached\cacheinfo.cfg
    C:\Program Files\PopCap Games\Chuzzle Deluxe\Chuzzle.exe
    C:\Program Files\PopCap Games\Chuzzle Deluxe\data\gamedata.cfg
    C:\Program Files\PopCap Games\Chuzzle Deluxe\PopUninstall.exe
    C:\Program Files\PopCap Games\Chuzzle Deluxe\Profiles\config.cfg
    C:\Program Files\PopCap Games\Chuzzle Deluxe\Profiles\HSChuzzlePuzzle.cfg
    C:\Program Files\PopCap Games\Chuzzle Deluxe\Profiles\HSSpeedChuzzle.cfg
    C:\Program Files\PopCap Games\Chuzzle Deluxe\Profiles\Tony\INFO.CFG
    C:\Program Files\PopCap Games\Chuzzle Deluxe\Profiles\Tony\SAVEGAME-CHUZZLEPUZZLE.DAT
    C:\Program Files\PopCap Games\Chuzzle Deluxe\Profiles\Tony\SAVEGAME-ZENCHUZZLE.DAT
    C:\Program Files\ppoker
    C:\Program Files\ppoker\current
    C:\Program Files\webHancer(2)
    C:\Program Files\webHancer(2)\Programs(2)\webhdll(2).dll
    C:\Program Files\webHancer(2)\Programs(2)\webhdll(3).dll
    C:\Program Files\webHancer(2)\Programs(2)\whagent(2).exe
    C:\Program Files\webHancer(2)\Programs(2)\whiehlpr(2).dll
    C:\WINDOWS\system32\drivers\81edea32.sys
    C:\WINDOWS\system32\msupdte.exe
    C:\WINDOWS\system32\msupdte.MSNFix
    C:\WINDOWS\system32\tmp.MSNFix

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-07-26 to 2008-08-26 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-25 19:47 . 2008-08-25 19:47 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-08-25 19:44 . 2008-08-25 19:48 1,374 --a------ C:\WINDOWS\imsins.BAK
    2008-08-25 19:41 . 2008-08-25 19:41 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-25 19:41 . 2008-08-25 19:41 <REP> d-------- C:\Documents and Settings\fleurdo\Application Data\Malwarebytes
    2008-08-25 19:41 . 2008-08-25 19:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-25 19:41 . 2008-08-17 15:05 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-25 19:41 . 2008-08-17 15:05 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-25 13:44 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-08-25 13:44 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-08-24 21:12 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-08-24 21:12 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-08-24 21:12 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-08-24 21:12 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-08-24 21:12 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
    2008-08-24 21:12 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
    2008-08-24 21:12 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-08-24 21:12 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-08-24 21:12 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-08-24 21:12 . 2008-08-24 21:12 3,164 --a------ C:\WINDOWS\system32\tmp.reg
    2008-08-20 00:05 . 2008-08-20 12:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-08-14 00:31 . 2008-08-14 00:31 <REP> d-------- C:\Program Files\Trend Micro
    2008-08-13 18:28 . 2008-08-13 18:28 <REP> d-------- C:\Program Files\AxBx
    2008-08-13 09:20 . 2008-08-13 09:20 <REP> d-------- C:\Program Files\uTorrent
    2008-08-12 22:43 . 2008-08-12 22:43 <REP> d-------- C:\games
    2008-08-12 21:08 . 2008-08-12 21:09 <REP> d-------- C:\Documents and Settings\fleurdo\Application Data\Winamp
    2008-08-12 21:08 . 2007-03-08 01:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
    2008-08-12 21:08 . 2007-03-08 01:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-08-12 21:08 . 2007-03-08 01:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2008-07-30 21:04 . 2008-08-26 23:12 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-07-30 20:17 . 2008-07-30 20:17 <REP> d-------- C:\Program Files\Nero
    2008-07-30 20:17 . 2008-07-30 20:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
    2008-07-30 20:06 . 1998-07-22 00:00 102,160 --a------ C:\WINDOWS\system32\VB6KO.DLL
    2008-07-30 20:06 . 2006-02-17 14:19 16,384 --a------ C:\WINDOWS\system32\lgfwunis.exe
    2008-07-30 20:06 . 2008-08-26 13:12 359 --a------ C:\WINDOWS\lgfwup.ini
    2008-07-30 20:03 . 2008-07-30 20:03 <REP> d-------- C:\MyWorks

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-26 21:32 --------- d-----w C:\Program Files\Macrogaming
    2008-08-26 11:21 --------- d-----w C:\Program Files\ScummVM
    2008-08-26 11:21 --------- d-----w C:\Program Files\MySpace
    2008-08-25 08:09 --------- d-----w C:\Program Files\eChanblard
    2008-08-20 10:37 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-08-20 10:37 --------- d-----w C:\Program Files\Unlocker
    2008-08-20 10:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
    2008-08-19 22:45 --------- d-----w C:\Program Files\MSN Messenger
    2008-08-19 22:05 --------- d-----w C:\Program Files\Lavasoft
    2008-08-13 21:26 --------- d-----w C:\Documents and Settings\fleurdo\Application Data\CyberLink
    2008-08-13 20:45 --------- d-----w C:\Program Files\BoontyGames
    2008-08-12 19:09 --------- d-----w C:\Program Files\Winamp
    2008-07-30 18:19 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2008-07-30 18:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
    2008-07-30 18:13 --------- d-----w C:\Program Files\Ahead
    2008-07-30 18:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-30 18:03 --------- d-----w C:\Program Files\CyberLink
    2008-07-23 11:43 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
    2008-07-23 11:43 249,856 ------w C:\WINDOWS\Setup1.exe
    2008-07-13 15:37 --------- d-----w C:\Program Files\Fichiers communs\BOONTY Shared
    2008-07-13 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOONTY
    2008-07-13 15:36 --------- d-----w C:\Program Files\Boonty
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-03-30 18:53 24,496 -c--a-w C:\Documents and Settings\fleurdo\Application Data\GDIPFONTCACHEV1.DAT
    1998-03-13 10:28 22,728 ------w C:\Program Files\PICTRS.EXE
    1997-11-13 09:09 23,552 ------r C:\Program Files\RestartApp.exe
    1995-05-22 22:00 520,552 ------w C:\Program Files\LEAD50.DLL
    1995-04-09 23:00 38,720 ------w C:\Program Files\LEADDIB.DRV
    2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
    2007-02-28 17:51 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-08-25_23.26.56.39 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-08-26 16:25:10 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_1fc.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 15:20 401491]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 22:07 7110656]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-07-09 23:33 36352]
    "Microsoft WinUpdate"="C:\WINDOWS\system32\msupdte.exe" [BU]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLogOff"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.X264"= x264vfw.dll
    "VIDC.3iv2"= 3ivxVfWCodec.dll
    "VIDC.VP31"= vp31vfw.dll
    "msacm.l3fhg"= mp3fhg.acm
    "MSACM.CEGSM"= mobilev.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    --a------ 2007-05-15 15:55 1057328 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    --a------ 2007-03-09 18:09 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    --a------ 2005-06-08 15:24 458752 C:\Program Files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    --a------ 2005-06-08 15:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2007-03-01 15:57 153136 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
    --a------ 2007-05-15 15:55 1628208 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
    -ra------ 2008-01-02 21:15 103712 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusKeeper]
    --a------ 2008-07-21 12:26 3000192 C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\NetMeeting\\Conf.exe"=
    "C:\\Program Files\\eChanblard\\emule.exe"=
    "C:\\mcoinstall.exe"=
    "C:\\StubInstaller.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\Program Files\neuf telecom\MP9\VLC\vlc.exe"= C:\Program Files\neuf telecom\MP9\VLC\vlc.exe:172.16.255.0/255.255.255.0:Enabled:Serveur VLC/MP9 (player neuf telecom)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "139:TCP"= 139:TCP:LocalSubNet,172.16.255.0/255.255.255.0:Enabled:@xpsp2res.dll,-22004
    "445:TCP"= 445:TCP:LocalSubNet,172.16.255.0/255.255.255.0:Enabled:@xpsp2res.dll,-22005
    "137:UDP"= 137:UDP:LocalSubNet,172.16.255.0/255.255.255.0:Enabled:@xpsp2res.dll,-22001
    "138:UDP"= 138:UDP:LocalSubNet,172.16.255.0/255.255.255.0:Enabled:@xpsp2res.dll,-22002

    R2 vkservice;VirusKeeper antivirus/antispyware;C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe [2008-05-22 15:27]
    R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 14:39]
    S2 713xTVCard;SAA7133 TV Card;C:\WINDOWS\system32\DRIVERS\SAA713x.sys [2005-03-15 12:00]
    S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2008-07-13 17:37]
    S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10]
    S4 Nulioecoen;Nulioecoen;C:\WINDOWS\system32\pathping.exe [2004-08-05 14:00]
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-LGODDFU - C:\Program Files\lg_fwupdate\fwupdate.exe
    HKLM-Run-EoEngine - (no file)
    MSConfigStartUp-MySpaceIM - C:\Program Files\MySpace\IM\MySpaceIM.exe



    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-26 23:34:06
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-26 23:35:24
    ComboFix-quarantined-files.txt 2008-08-26 21:34:55
    ComboFix2.txt 2008-08-25 21:27:41

    Pre-Run: 21,479,358,464 octets libres
    Post-Run: 21,519,458,304 octets libres

    454 --- E O F --- 2008-08-25 17:48:22
    27 Août 2008 19:14:52

    Bonsoir,

    Je pensais que ça allait mieux pour mon pc, qu'il était en voie de guérison mais là je doute lol. Je n'avais plus que le fond d'écran bleu le message Warning avait disparu et Virus xp 2008 avait disparu aussi. Mais là, surprise, il se relance et maintenant j'ai un fond d'écran blanc avec une autre fenetre Warning... c'est à n'y rien comprendre.
    Voila le rapport Hijachthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:16:57, on 27/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\lphclcrj0e1dg.exe
    C:\Program Files\webHancer\Programs\whagent.exe
    C:\WINDOWS\faceback.exe
    C:\Program Files\rhcgcrj0e1dg\rhcgcrj0e1dg.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe
    C:\WINDOWS\system32\pphclcrj0e1dg.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
    O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Mjcore\Mjcore.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe
    O4 - HKLM\..\Run: [lphclcrj0e1dg] C:\WINDOWS\system32\lphclcrj0e1dg.exe
    O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\faceback.exe 61A847B5BBF728133B9C3C466188719AB689201522886B092CBD44BD8689220221DD3257
    O4 - HKLM\..\Run: [SMrhcgcrj0e1dg] C:\Program Files\rhcgcrj0e1dg\rhcgcrj0e1dg.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/
    O15 - Trusted Zone: http://ed2k-series.new.fr
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe

    --
    End of file - 10191 bytes

    Sinon j'avais une autre question à part savoir si mon pc va survivre ou pas hi hi, ce que tu fais, aider les gens comme moi qui font n'importe quoi avec leur ordi, c'est ton job ou c'est parce que tu es une bonne ame?
    28 Août 2008 21:13:01

    bonsoir
    Citation :
    Sinon j'avais une autre question à part savoir si mon pc va survivre ou pas hi hi, ce que tu fais, aider les gens comme moi qui font n'importe quoi avec leur ordi, c'est ton job ou c'est parce que tu es une bonne ame?

    c'est parce qu'il y a rien à la télé :D 
    et oui, on est tous bénévoles

    on va faire les choses autrement:
    installation d'un antivirus...
    Antivir.

    -->Tuto<--


    fais un scan avec et poste le rapport.
    28 Août 2008 22:38:41

    Bonsoir,

    Lol, alors je me réjouis des programmes pourris qui passe à la télé...Mais c'st quand même énorme ce que tu fais parce que j'imagine que des "Au secours, j'ai fait n'importe quoi avec mon ordi" comme moi, il doit y en avoir un bon nombre quand meme non? (rassure moi je suis pas la seule nouille?

    Concernant Antivir, je suis pas sur de l'avoir installé correctement et dans le tuto ça dit de faire un scan en mode sans echec mais j'ai pas réussi, je sais pas pourquoi donc j'en ai fait un en mode normal mais je sais pas si le rapport est bon ou pas.
    28 Août 2008 23:10:31

    Bon je te le mets quand même des fois que ce soit bon



    Avira AntiVir Personal
    Report file date: jeudi 28 août 2008 22:25

    Scanning for 1581048 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: NOM-B1AF0E90865

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 19:44:43
    ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 24/08/2008 19:44:53
    ANTIVIR3.VDF : 7.0.6.88 171520 Bytes 28/08/2008 19:44:54
    Engineversion : 8.1.1.23
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.68 315770 Bytes 28/08/2008 19:45:06
    AESCN.DLL : 8.1.0.23 119156 Bytes 28/08/2008 19:45:05
    AERDL.DLL : 8.1.0.20 418165 Bytes 28/08/2008 19:45:05
    AEPACK.DLL : 8.1.2.1 364917 Bytes 28/08/2008 19:45:04
    AEOFFICE.DLL : 8.1.0.22 192890 Bytes 28/08/2008 19:45:03
    AEHEUR.DLL : 8.1.0.50 1388918 Bytes 28/08/2008 19:45:01
    AEHELP.DLL : 8.1.0.15 115063 Bytes 28/08/2008 19:44:59
    AEGEN.DLL : 8.1.0.36 315764 Bytes 28/08/2008 19:44:58
    AEEMU.DLL : 8.1.0.7 430452 Bytes 28/08/2008 19:44:57
    AECORE.DLL : 8.1.1.8 172406 Bytes 28/08/2008 19:44:56
    AEBB.DLL : 8.1.0.1 53617 Bytes 28/08/2008 19:44:55
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
    AVREP.DLL : 8.0.0.2 98344 Bytes 28/08/2008 19:44:55
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:, E:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
    Macro heuristic..................: on
    File heuristic...................: medium
    Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

    Start of the scan: jeudi 28 août 2008 22:25

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned
    Scan process 'vk_service.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'snmp.exe' - '1' Module(s) have been scanned
    Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'pphclcrj0e1dg.exe' - '1' Module(s) have been scanned
    Module is infected -> 'C:\WINDOWS\system32\pphclcrj0e1dg.exe'
    Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'sysrest32.exe' - '1' Module(s) have been scanned
    Module is infected -> 'C:\WINDOWS\system32\sysrest32.exe'
    Scan process 'rhcgcrj0e1dg.exe' - '1' Module(s) have been scanned
    Module is infected -> 'C:\Program Files\rhcgcrj0e1dg\rhcgcrj0e1dg.exe'
    Scan process 'faceback.exe' - '1' Module(s) have been scanned
    Module is infected -> 'C:\WINDOWS\faceback.exe'
    Scan process 'whagent.exe' - '1' Module(s) have been scanned
    Scan process 'lphclcrj0e1dg.exe' - '1' Module(s) have been scanned
    Module is infected -> 'C:\WINDOWS\system32\lphclcrj0e1dg.exe'
    Scan process 'winampa.exe' - '1' Module(s) have been scanned
    Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
    Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
    Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    Process 'pphclcrj0e1dg.exe' has been terminated
    Process 'sysrest32.exe' has been terminated
    Process 'rhcgcrj0e1dg.exe' has been terminated
    Process 'faceback.exe' has been terminated
    Process 'lphclcrj0e1dg.exe' has been terminated
    C:\WINDOWS\system32\pphclcrj0e1dg.exe
    [DETECTION] Is the Trojan horse TR/Dldr.FraudLoa.NC
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\sysrest32.exe
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Backdoor.Gen Backdoor server programs
    [NOTE] The file was deleted!
    C:\Program Files\rhcgcrj0e1dg\rhcgcrj0e1dg.exe
    [DETECTION] Is the Trojan horse TR/Fraud.AV2008.J
    [NOTE] The file was deleted!
    C:\WINDOWS\faceback.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.adjw.1
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\lphclcrj0e1dg.exe
    [DETECTION] Is the Trojan horse TR/Fakealert.Ace.33
    [NOTE] The file was deleted!

    48 processes with 43 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!
    Boot sector 'E:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    C:\WINDOWS\system32\msupdte.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.ucq.1
    [NOTE] The file was deleted!

    The registry was scanned ( '23' files ).


    Starting the file scan:

    Begin scan in 'C:\' <BOOT>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\15701.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.adiv
    [NOTE] The file was deleted!
    C:\Documents and Settings\fleurdo\Bureau\ComboFix.exe
    [0] Archive type: RAR SFX (self extracting)
    --> 327882R2FWJFW\hidec.exe
    [DETECTION] Contains detection pattern of the SPR/Tool.Hide.A program
    --> 327882R2FWJFW\NirCmd.cfexe
    [DETECTION] Contains detection pattern of the application APPL/NirCmd.E.2.B
    --> 327882R2FWJFW\nircmd.com
    [DETECTION] Contains detection pattern of the application APPL/NirCmd.E.2.B
    --> 327882R2FWJFW\NirCmdC.cfexe
    [DETECTION] Contains detection pattern of the application APPL/NirCmd.E.1.B
    --> 327882R2FWJFW\psexec.cfexe
    [1] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the application APPL/PsExec.E
    [WARNING] The file was ignored!
    C:\Documents and Settings\fleurdo\Local Settings\temp\.tt1.tmp.vbs
    [DETECTION] Contains detection pattern of the VBS script virus VBS/Agent.1002
    [NOTE] The file was deleted!
    C:\Documents and Settings\fleurdo\Local Settings\temp\.tt12.tmp.vbs
    [DETECTION] Contains detection pattern of the VBS script virus VBS/Agent.1002
    [NOTE] The file was deleted!
    C:\Documents and Settings\fleurdo\Local Settings\temp\.tt13.tmp.vbs
    [DETECTION] Contains detection pattern of the VBS script virus VBS/Agent.1002
    [NOTE] The file was moved to '492b0bb3.qua'!
    C:\Documents and Settings\fleurdo\Local Settings\temp\.tt14.tmp
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Backdoor.Gen Backdoor server programs
    [NOTE] The file was moved to '492b0bc2.qua'!
    C:\Documents and Settings\fleurdo\Local Settings\temp\.tt16.tmp.vbs
    [DETECTION] Contains detection pattern of the VBS script virus VBS/Agent.1002
    [NOTE] The file was moved to '492b0bc9.qua'!
    C:\Documents and Settings\fleurdo\Local Settings\temp\.tt1B.tmp.vbs
    [DETECTION] Contains detection pattern of the VBS script virus VBS/Agent.1002
    [NOTE] The file was moved to '492b0bcb.qua'!
    C:\Documents and Settings\fleurdo\Local Settings\temp\.tt1E.tmp.vbs
    [DETECTION] Contains detection pattern of the VBS script virus VBS/Agent.1002
    [NOTE] The file was moved to '492b0bd0.qua'!
    C:\Documents and Settings\fleurdo\Local Settings\temp\.tt2.tmp.vbs
    [DETECTION] Contains detection pattern of the VBS script virus VBS/Agent.1002
    [NOTE] The file was moved to '492b0bd3.qua'!
    C:\Documents and Settings\fleurdo\Local Settings\temp\.tt3.tmp.vbs
    [DETECTION] Contains detection pattern of the VBS script virus VBS/Agent.1002
    [NOTE] The file was moved to '492b0bd7.qua'!
    C:\Documents and Settings\fleurdo\Local Settings\temp\.tt4.tmp.vbs
    [DETECTION] Contains detection pattern of the VBS script virus VBS/Agent.1002
    [NOTE] The file was moved to '492b0bda.qua'!
    C:\Documents and Settings\fleurdo\Local Settings\temp\.tt5.tmp
    [DETECTION] Is the Trojan horse TR/Drop.Frau.AV08.A
    [NOTE] The file was deleted!
    C:\Documents and Settings\fleurdo\Local Settings\temp\.tt6.tmp.vbs
    [DETECTION] Contains detection pattern of the VBS script virus VBS/Agent.1002
    [NOTE] The file was deleted!
    C:\Documents and Settings\fleurdo\Local Settings\temp\.tt9.tmp.vbs
    [DETECTION] Contains detection pattern of the VBS script virus VBS/Agent.1002
    [NOTE] The file was deleted!
    C:\Documents and Settings\fleurdo\Local Settings\temp\.ttC.tmp.vbs
    [DETECTION] Contains detection pattern of the VBS script virus VBS/Agent.1002
    [NOTE] The file was deleted!
    C:\Documents and Settings\fleurdo\Local Settings\temp\nsm9.tmp\euladlg.dll
    [DETECTION] Is the Trojan horse TR/FakeAV.AM
    [NOTE] The file was deleted!
    C:\Documents and Settings\fleurdo\Local Settings\Temporary Internet Files\Content.IE5\4YU1Z5HK\17PHolmes[1].cmt
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.adjw.1
    [NOTE] The file was deleted!
    C:\Documents and Settings\fleurdo\Local Settings\Temporary Internet Files\Content.IE5\DKXQH9F4\dkf[1].exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.adiv
    [NOTE] The file was moved to '491d0c03.qua'!
    C:\Documents and Settings\fleurdo\Local Settings\Temporary Internet Files\Content.IE5\K3381VK6\sjdhk[1].exe
    [DETECTION] Is the Trojan horse TR/Fakealert.Ace.33
    [NOTE] The file was moved to '491b0c0b.qua'!
    C:\Documents and Settings\fleurdo\Local Settings\Temporary Internet Files\Content.IE5\Q2LGHJLS\td1[1].exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.pmd.2
    [NOTE] The file was moved to '48e80c0d.qua'!
    C:\Documents and Settings\fleurdo\Local Settings\Temporary Internet Files\Content.IE5\Q2LGHJLS\Updater[1].exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.ucq.1
    [NOTE] The file was moved to '491b0c1b.qua'!
    C:\Documents and Settings\fleurdo\Mes documents\pas\Corel Paint Shop Pro X - Installation Files\replacer.exe
    [DETECTION] Is the Trojan horse TR/Crackpai.A.19
    [NOTE] The file was deleted!
    C:\Documents and Settings\fleurdo\Mes documents\pas\crack\replacer.exe
    [DETECTION] Is the Trojan horse TR/Crackpai.A.19
    [NOTE] The file was deleted!
    C:\Program Files\Corel\Corel Paint Shop Pro X\replacer.exe
    [DETECTION] Is the Trojan horse TR/Crackpai.A.19
    [NOTE] The file was deleted!
    C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    [DETECTION] Contains detection pattern of the application APPL/BoontyGames
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\fleurdo\runUpdater.exe.vir
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\fleurdo\Bureau\SmitfraudFix.zip.vir
    [0] Archive type: ZIP
    --> SmitfraudFix/restart.exe
    [DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\fleurdo\Bureau\Upload_Me.zip.vir
    [0] Archive type: ZIP
    --> DOCUME~1/fleurdo/Bureau/Upload_Me/b128.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.ezc.1
    --> DOCUME~1/fleurdo/Bureau/Upload_Me/b152.exe
    [DETECTION] Is the Trojan horse TR/Spy.Agent.due
    --> DOCUME~1/fleurdo/Bureau/Upload_Me/b156.exe
    [DETECTION] Is the Trojan horse TR/Multis.CW
    --> DOCUME~1/fleurdo/Bureau/Upload_Me/b157.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.jih.1
    --> DOCUME~1/fleurdo/Bureau/Upload_Me/msupdte.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.ucq.1
    --> DOCUME~1/fleurdo/Bureau/Upload_Me/SRUninstall.exe
    [DETECTION] Is the Trojan horse TR/Agent.52736.K
    --> DOCUME~1/fleurdo/Bureau/Upload_Me/Yazzle1560OinUninstaller.exe
    [DETECTION] Contains detection pattern of the dropper DR/PurityScan.GP.1
    --> DOCUME~1/fleurdo/Bureau/Upload_Me/YazzleBundle-1560.exe
    [DETECTION] Contains detection pattern of the dropper DR/Scapur.K.16
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\fleurdo\Bureau\MSNFix\25082008_13415017.zip.vir
    [0] Archive type: ZIP
    --> backup/b128.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.ezc.1
    --> backup/b152.exe
    [DETECTION] Is the Trojan horse TR/Spy.Agent.due
    --> backup/b156.exe
    [DETECTION] Is the Trojan horse TR/Multis.CW
    --> backup/b157.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.jih.1
    --> backup/msupdte.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.ucq.1
    --> backup/SRUninstall.exe
    [DETECTION] Is the Trojan horse TR/Agent.52736.K
    --> backup/Yazzle1560OinUninstaller.exe
    [DETECTION] Contains detection pattern of the dropper DR/PurityScan.GP.1
    --> backup/YazzleBundle-1560.exe
    [DETECTION] Contains detection pattern of the dropper DR/Scapur.K.16
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\fleurdo\Bureau\SmitfraudFix\restart.exe.vir
    [DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\fleurdo\Bureau\SmitfraudFix\SmitfraudFix.zip.vir
    [0] Archive type: ZIP
    --> SmitfraudFix/restart.exe
    [DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program
    [NOTE] The file was moved to '4920113e.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\fleurdo\Shared\02 Track 2.wma.vir
    [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.L
    [NOTE] The file was moved to '48d71106.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\fleurdo\Shared\03 Track 3.wma.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Age.3566386
    [NOTE] The file was moved to '48d71109.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\fleurdo\Shared\06 Track 6.wma.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Age.3566386
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\fleurdo\Shared\les voisins les voisines.mp3.vir
    [DETECTION] Contains detection pattern of the SPR/ASF.GetCodec.Gen program
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\9.tmp.vir
    [DETECTION] Contains detection pattern of the joke program JOKE/BSOD.B
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\msupdte.exe.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.ucq.1
    [NOTE] The file was moved to '492c1160.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\msupdte.MSNFix.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.ucq.1
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\81edea32.sys.vir
    [DETECTION] Is the Trojan horse TR/Fakealert.YN
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{07AD3D7A-3822-4B84-9AC4-4B06CF406753}\RP2\A0000018.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{07AD3D7A-3822-4B84-9AC4-4B06CF406753}\RP2\A0000019.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{07AD3D7A-3822-4B84-9AC4-4B06CF406753}\RP2\A0000020.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.pmd.2
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{07AD3D7A-3822-4B84-9AC4-4B06CF406753}\RP2\A0000021.exe
    [DETECTION] Is the Trojan horse TR/Dldr.FraudLoa.NC
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{07AD3D7A-3822-4B84-9AC4-4B06CF406753}\RP2\A0000022.exe
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Backdoor.Gen Backdoor server programs
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{07AD3D7A-3822-4B84-9AC4-4B06CF406753}\RP2\A0000023.exe
    [DETECTION] Is the Trojan horse TR/Fraud.AV2008.J
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{07AD3D7A-3822-4B84-9AC4-4B06CF406753}\RP2\A0000024.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.adjw.1
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{07AD3D7A-3822-4B84-9AC4-4B06CF406753}\RP2\A0000025.exe
    [DETECTION] Is the Trojan horse TR/Fakealert.Ace.33
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{07AD3D7A-3822-4B84-9AC4-4B06CF406753}\RP2\A0000026.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.ucq.1
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{07AD3D7A-3822-4B84-9AC4-4B06CF406753}\RP2\A0000027.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.adiv
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{07AD3D7A-3822-4B84-9AC4-4B06CF406753}\RP2\A0000029.exe
    [DETECTION] Is the Trojan horse TR/Crackpai.A.19
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{07AD3D7A-3822-4B84-9AC4-4B06CF406753}\RP2\A0000030.exe
    [DETECTION] Contains detection pattern of the application APPL/BoontyGames
    [NOTE] The file was deleted!
    C:\WINDOWS\17PHolmes1974.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.adjw.1
    [NOTE] The file was deleted!
    C:\WINDOWS\Nircmd.exe
    [DETECTION] Contains detection pattern of the application APPL/NirCmd.E.2.B
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\blphclcrj0e1dg.scr
    [DETECTION] Contains detection pattern of the joke program JOKE/BlueScreen.B
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\phclcrj0e1dg.bmp
    [DETECTION] Is the Trojan horse TR/Fakealert.AAF
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\drivers\dtscsi.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\drivers\sptd9661.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <BACKUP>
    Begin scan in 'E:\' <RECOVER>


    End of the scan: jeudi 28 août 2008 23:13
    Used time: 47:37 min

    The scan has been done completely.

    8538 Scanning directories
    258791 Files were scanned
    85 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    45 files were deleted
    0 files were repaired
    16 files were moved to quarantine
    0 files were renamed
    5 Files cannot be scanned
    258706 Files not concerned
    9707 Archives were scanned
    9 Warnings
    61 Notes

    29 Août 2008 22:06:00

    bonsoir
    bien...
    maintenant, ça devrait mieux marcher. :) 

    Désinstalle combofix en suivant cette procédure:

  • Menu démarrer puis exécuter
  • Tape maintenant Combofix /u dans la fenêtre que apparaît puis valide par OK. Veille à bien laisser un espace entre le X et le /U, car cela est nécessaire ici.



    après tu recommences:
    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    ajoute un nouveau rapport Hijackthis.
    31 Août 2008 17:07:43

    Bonjour,

    Je n'arrive pas à désinstaller ComboFix comme tu dis, ça me met un message comme quoi il ne trouve pas un fichier et qu'il peut pas le faire.
    31 Août 2008 21:45:23

    bonsoir
    supprime le manuellement alors :) 
    1 Septembre 2008 13:05:12

    Bonjour,

    Alors voilà le rapport ComboFix:

    ComboFix 08-08-31.01 - fleurdo 2008-09-01 12:59:05.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.624 [GMT 2:00]
    Endroit: C:\Documents and Settings\fleurdo\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Antivirus XP 2008.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\License Agreement.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Register Antivirus XP 2008.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Uninstall.lnk
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\dtsc\s
    C:\Documents and Settings\fleurdo\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
    C:\Documents and Settings\fleurdo\Application Data\rhcgcrj0e1dg
    C:\Program Files\rhcgcrj0e1dg
    C:\Program Files\webHancer
    C:\Program Files\webhancer\Programs\license.txt
    C:\Program Files\webhancer\Programs\readme.txt
    C:\Program Files\webhancer\Programs\sporder.dll
    C:\Program Files\webhancer\Programs\webhdll.dll
    C:\Program Files\webhancer\Programs\whagent.exe
    C:\Program Files\webhancer\Programs\whagent.ini
    C:\Program Files\webhancer\Programs\whiehlpr.dll
    C:\Program Files\webhancer\Programs\whinstaller.exe
    C:\Program Files\webhancer\whAgent_update.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_SYSREST.SYS
    -------\Service_sysrest.sys


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-01 to 2008-09-01 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-28 21:41 . 2008-08-28 21:41 <REP> d-------- C:\Program Files\Avira
    2008-08-28 21:41 . 2008-08-28 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-08-27 17:55 . 2008-08-27 17:55 <REP> d-------- C:\Program Files\Mjcore
    2008-08-25 19:47 . 2008-08-25 19:47 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-08-25 19:44 . 2008-08-25 19:48 1,374 --a------ C:\WINDOWS\imsins.BAK
    2008-08-25 19:41 . 2008-08-25 19:41 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-25 19:41 . 2008-08-25 19:41 <REP> d-------- C:\Documents and Settings\fleurdo\Application Data\Malwarebytes
    2008-08-25 19:41 . 2008-08-25 19:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-25 19:41 . 2008-08-17 15:05 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-25 19:41 . 2008-08-17 15:05 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-25 13:44 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-08-25 13:44 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-08-24 21:12 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-08-24 21:12 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-08-24 21:12 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-08-24 21:12 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-08-24 21:12 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
    2008-08-24 21:12 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
    2008-08-24 21:12 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-08-24 21:12 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-08-24 21:12 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-08-24 21:12 . 2008-08-24 21:12 3,164 --a------ C:\WINDOWS\system32\tmp.reg
    2008-08-20 00:05 . 2008-08-20 12:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-08-14 00:31 . 2008-08-14 00:31 <REP> d-------- C:\Program Files\Trend Micro
    2008-08-13 18:28 . 2008-08-13 18:28 <REP> d-------- C:\Program Files\AxBx
    2008-08-13 09:20 . 2008-08-13 09:20 <REP> d-------- C:\Program Files\uTorrent
    2008-08-12 22:43 . 2008-08-12 22:43 <REP> d-------- C:\games
    2008-08-12 21:08 . 2008-08-28 21:20 <REP> d-------- C:\Documents and Settings\fleurdo\Application Data\Winamp
    2008-08-12 21:08 . 2007-03-08 01:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
    2008-08-12 21:08 . 2007-03-08 01:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-08-12 21:08 . 2007-03-08 01:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-27 17:48 --------- d-----w C:\Program Files\eChanblard
    2008-08-26 21:32 --------- d-----w C:\Program Files\Macrogaming
    2008-08-26 11:21 --------- d-----w C:\Program Files\ScummVM
    2008-08-26 11:21 --------- d-----w C:\Program Files\MySpace
    2008-08-20 10:37 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-08-20 10:37 --------- d-----w C:\Program Files\Unlocker
    2008-08-20 10:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
    2008-08-19 22:45 --------- d-----w C:\Program Files\MSN Messenger
    2008-08-19 22:05 --------- d-----w C:\Program Files\Lavasoft
    2008-08-13 21:26 --------- d-----w C:\Documents and Settings\fleurdo\Application Data\CyberLink
    2008-08-13 20:45 --------- d-----w C:\Program Files\BoontyGames
    2008-08-12 19:09 --------- d-----w C:\Program Files\Winamp
    2008-07-30 18:19 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2008-07-30 18:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
    2008-07-30 18:17 --------- d-----w C:\Program Files\Nero
    2008-07-30 18:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
    2008-07-30 18:13 --------- d-----w C:\Program Files\Ahead
    2008-07-30 18:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-30 18:03 --------- d-----w C:\Program Files\CyberLink
    2008-07-23 11:43 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
    2008-07-23 11:43 249,856 ------w C:\WINDOWS\Setup1.exe
    2008-07-13 15:37 --------- d-----w C:\Program Files\Fichiers communs\BOONTY Shared
    2008-07-13 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOONTY
    2008-07-13 15:36 --------- d-----w C:\Program Files\Boonty
    2008-03-30 18:53 24,496 -c--a-w C:\Documents and Settings\fleurdo\Application Data\GDIPFONTCACHEV1.DAT
    1998-03-13 10:28 22,728 ------w C:\Program Files\PICTRS.EXE
    1997-11-13 09:09 23,552 ------r C:\Program Files\RestartApp.exe
    1995-05-22 22:00 520,552 ------w C:\Program Files\LEAD50.DLL
    1995-04-09 23:00 38,720 ------w C:\Program Files\LEADDIB.DRV
    2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
    2007-02-28 17:51 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-08-25_23.26.56.39 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    + 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
    + 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
    + 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    + 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
    + 2008-09-01 11:01:54 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_418.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 15:20 401491]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 22:07 7110656]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-07-09 23:33 36352]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
    "Microsoft WinUpdate"="C:\WINDOWS\system32\msupdte.exe" [BU]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLogOff"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.X264"= x264vfw.dll
    "VIDC.3iv2"= 3ivxVfWCodec.dll
    "VIDC.VP31"= vp31vfw.dll
    "msacm.l3fhg"= mp3fhg.acm
    "MSACM.CEGSM"= mobilev.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    --a------ 2007-05-15 15:55 1057328 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    --a------ 2007-03-09 18:09 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    --a------ 2005-06-08 15:24 458752 C:\Program Files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    --a------ 2005-06-08 15:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2007-03-01 15:57 153136 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
    --a------ 2007-05-15 15:55 1628208 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
    -ra------ 2008-01-02 21:15 103712 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\NetMeeting\\Conf.exe"=
    "C:\\Program Files\\eChanblard\\emule.exe"=
    "C:\\mcoinstall.exe"=
    "C:\\StubInstaller.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "139:TCP"= 139:TCP:LocalSubNet,172.16.255.0/255.255.255.0:Enabled:@xpsp2res.dll,-22004
    "445:TCP"= 445:TCP:LocalSubNet,172.16.255.0/255.255.255.0:Enabled:@xpsp2res.dll,-22005
    "137:UDP"= 137:UDP:LocalSubNet,172.16.255.0/255.255.255.0:Enabled:@xpsp2res.dll,-22001
    "138:UDP"= 138:UDP:LocalSubNet,172.16.255.0/255.255.255.0:Enabled:@xpsp2res.dll,-22002

    R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 14:39]
    S2 713xTVCard;SAA7133 TV Card;C:\WINDOWS\system32\DRIVERS\SAA713x.sys [2005-03-15 12:00]
    S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe []
    S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10]
    S4 Nulioecoen;Nulioecoen;C:\WINDOWS\system32\pathping.exe [2004-08-05 14:00]
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-lphclcrj0e1dg - C:\WINDOWS\system32\lphclcrj0e1dg.exe
    HKLM-Run-SMrhcgcrj0e1dg - C:\Program Files\rhcgcrj0e1dg\rhcgcrj0e1dg.exe
    HKLM-Run-sysrest32.exe - C:\WINDOWS\system32\sysrest32.exe
    MSConfigStartUp-VirusKeeper - C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe


    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\fleurdo\Application Data\Mozilla\Firefox\Profiles\8uh15zzd.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-01 13:02:51
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\snmp.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-09-01 13:06:21 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-09-01 11:06:18

    Pre-Run: 23,683,371,008 octets libres
    Post-Run: 23,642,529,792 octets libres

    232 --- E O F --- 2008-08-25 17:48:22


    et voila pour le rapport Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:09:13, on 01/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/
    O15 - Trusted Zone: http://ed2k-series.new.fr
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

    --
    End of file - 9652 bytes
    1 Septembre 2008 21:17:34

    bonsoir

    Copie (Ctrl+C) le texte ci-dessous :
    dirlook::
    C:\games

    Folder::
    C:\Program Files\Mjcore
    C:\Program Files\eoRezo
    C:\Program Files\Macrogaming\SweetIMBarForIE
    C:\Program Files\Macrogaming\SweetIM

    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    1 Septembre 2008 21:40:55

    Le rapport:

    ComboFix 08-08-31.01 - fleurdo 2008-09-01 21:39:53.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.683 [GMT 2:00]
    Endroit: C:\Documents and Settings\fleurdo\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\fleurdo\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Macrogaming\SweetIM
    C:\Program Files\Macrogaming\SweetIM\conf\adapter.xml
    C:\Program Files\Macrogaming\SweetIM\conf\autoupdate.xml
    C:\Program Files\Macrogaming\SweetIM\conf\logger.xml
    C:\Program Files\Macrogaming\SweetIM\conf\messages.xml
    C:\Program Files\Macrogaming\SweetIM\conf\sweetim.xml
    C:\Program Files\Macrogaming\SweetIM\conf\sweetimapp.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\aline106@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\aline106@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\fleurdoranger2@hotmail.com\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\fleurdoranger2@hotmail.com\lastuse_Audibles.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\fleurdoranger2@hotmail.com\lastuse_SoundFX.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\fleurdoranger2@hotmail.com\lastuse_SpecialFX.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\fleurdoranger2@hotmail.com\lastuse_Winks.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\fleurdoranger2@hotmail.com\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\kamini_77_om@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\kamini_77_om@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\lindacamille@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\lindacamille@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\lylyetlamouchefolle@hotmail.com\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\lylyetlamouchefolle@hotmail.com\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\main_user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\mpau@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\mpau@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\navar1503@yahoo.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\navar1503@yahoo.fr\user_config.doc
    C:\Program Files\Macrogaming\SweetIM\conf\users\navar1503@yahoo.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\russ77@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\russ77@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\usualghetto@hotmail.com\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\usualghetto@hotmail.com\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\vail.xav@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\vail.xav@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\willou123@123.com\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\willou123@123.com\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100AA.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B0.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B3.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B4.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B5.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B6.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100BB.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100BE.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100C0.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100C6.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100CB.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100CC.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100CD.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100CE.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D2.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D3.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D5.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100DF.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100E2.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100E5.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100E8.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100F9.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100FA.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100FD.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100FE.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100FF.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010100.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010104.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010106.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001010A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010119.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001011A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001011D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001011E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010121.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010818.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001081B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001084D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010850.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010857.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010859.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001085D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010867.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010893.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010894.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010896.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010897.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089C.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A0.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A1.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A7.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A8.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108AE.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020059.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002005C.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002005F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020060.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020069.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006C.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020071.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020072.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020073.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020075.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020076.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020077.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020079.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002007D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002007E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002007F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020080.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020082.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020085.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002008A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002008B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002008E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020096.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200A9.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200AB.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200AD.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200B8.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200B9.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200BA.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200BB.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200BD.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200C0.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200C1.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200C2.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200C9.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020114.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020150.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002015A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020191.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030001.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030003.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030005.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030007.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003000D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003000F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030011.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030013.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030017.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003001B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003001D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030025.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030027.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030033.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030042.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030045.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003004B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003004D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030052.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030053.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030059.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003005C.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003005E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003005F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030060.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030061.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040011.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040013.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040014.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040015.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040017.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040018.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004001A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004001B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004001F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040020.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040021.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040022.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040024.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040025.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040027.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040028.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040029.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004002B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004002F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040030.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040036.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040037.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040039.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004003C.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040043.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040048.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040062.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040066.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040077.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000400B2.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00050001.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00050002.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00050004.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00050005.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00050007.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0006001D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060027.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060032.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0006003F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060040.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0006007D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000600D1.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\010108A7.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\01050001.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\01050002.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\cache_indx.dat
    C:\Program Files\Macrogaming\SweetIM\default.xml
    C:\Program Files\Macrogaming\SweetIM\mgAdaptersProxy.dll
    C:\Program Files\Macrogaming\SweetIM\mgAIMAuto.dll
    C:\Program Files\Macrogaming\SweetIM\mgAIMMessengerAdapter.dll
    C:\Program Files\Macrogaming\SweetIM\mgArchive.dll
    C:\Program Files\Macrogaming\SweetIM\mgcommon.dll
    C:\Program Files\Macrogaming\SweetIM\mgcommunication.dll
    C:\Program Files\Macrogaming\SweetIM\mgconfig.dll
    C:\Program Files\Macrogaming\SweetIM\mgFlashPlayer.dll
    C:\Program Files\Macrogaming\SweetIM\mghooking.dll
    C:\Program Files\Macrogaming\SweetIM\mgIEPlayer.dll
    C:\Program Files\Macrogaming\SweetIM\mglogger.dll
    C:\Program Files\Macrogaming\SweetIM\mgMediaPlayer.dll
    C:\Program Files\Macrogaming\SweetIM\mgMsnAuto.dll
    C:\Program Files\Macrogaming\SweetIM\mgMsnMessengerAdapter.dll
    C:\Program Files\Macrogaming\SweetIM\mgSweetIM.dll
    C:\Program Files\Macrogaming\SweetIM\mgUpdateSupport.dll
    C:\Program Files\Macrogaming\SweetIM\mgxml_wrapper.dll
    C:\Program Files\Macrogaming\SweetIM\mgYahooAuto.dll
    C:\Program Files\Macrogaming\SweetIM\mgYahooMessengerAdapter.dll
    C:\Program Files\Macrogaming\SweetIM\msvcp71.dll
    C:\Program Files\Macrogaming\SweetIM\msvcr71.dll
    C:\Program Files\Macrogaming\SweetIM\resources\images\AudibleButton.png
    C:\Program Files\Macrogaming\SweetIM\resources\images\DisplayPicturesButton.png
    C:\Program Files\Macrogaming\SweetIM\resources\images\EmoticonButton.png
    C:\Program Files\Macrogaming\SweetIM\resources\images\NudgeButton.png
    C:\Program Files\Macrogaming\SweetIM\resources\images\SoundFxButton.png
    C:\Program Files\Macrogaming\SweetIM\resources\images\WinksButton.png
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\Macrogaming\SweetIM\update\lastversioninfo.xml
    C:\Program Files\Mjcore
    C:\Program Files\Mjcore\Mjcore.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-08-01 to 2008-09-01 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-28 21:41 . 2008-08-28 21:41 <REP> d-------- C:\Program Files\Avira
    2008-08-28 21:41 . 2008-08-28 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-08-25 19:47 . 2008-08-25 19:47 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-08-25 19:44 . 2008-08-25 19:48 1,374 --a------ C:\WINDOWS\imsins.BAK
    2008-08-25 19:41 . 2008-08-25 19:41 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-25 19:41 . 2008-08-25 19:41 <REP> d-------- C:\Documents and Settings\fleurdo\Application Data\Malwarebytes
    2008-08-25 19:41 . 2008-08-25 19:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-25 19:41 . 2008-08-17 15:05 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-25 19:41 . 2008-08-17 15:05 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-25 13:44 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-08-25 13:44 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-08-24 21:12 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-08-24 21:12 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-08-24 21:12 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-08-24 21:12 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-08-24 21:12 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
    2008-08-24 21:12 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
    2008-08-24 21:12 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-08-24 21:12 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-08-24 21:12 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-08-24 21:12 . 2008-08-24 21:12 3,164 --a------ C:\WINDOWS\system32\tmp.reg
    2008-08-20 00:05 . 2008-08-20 12:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-08-14 00:31 . 2008-08-14 00:31 <REP> d-------- C:\Program Files\Trend Micro
    2008-08-13 18:28 . 2008-08-13 18:28 <REP> d-------- C:\Program Files\AxBx
    2008-08-13 09:20 . 2008-08-13 09:20 <REP> d-------- C:\Program Files\uTorrent
    2008-08-12 22:43 . 2008-08-12 22:43 <REP> d-------- C:\games
    2008-08-12 21:08 . 2008-08-28 21:20 <REP> d-------- C:\Documents and Settings\fleurdo\Application Data\Winamp
    2008-08-12 21:08 . 2007-03-08 01:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
    2008-08-12 21:08 . 2007-03-08 01:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-08-12 21:08 . 2007-03-08 01:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-01 19:40 --------- d-----w C:\Program Files\Macrogaming
    2008-08-27 17:48 --------- d-----w C:\Program Files\eChanblard
    2008-08-26 11:21 --------- d-----w C:\Program Files\ScummVM
    2008-08-26 11:21 --------- d-----w C:\Program Files\MySpace
    2008-08-20 10:37 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-08-20 10:37 --------- d-----w C:\Program Files\Unlocker
    2008-08-20 10:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
    2008-08-19 22:45 --------- d-----w C:\Program Files\MSN Messenger
    2008-08-19 22:05 --------- d-----w C:\Program Files\Lavasoft
    2008-08-13 21:26 --------- d-----w C:\Documents and Settings\fleurdo\Application Data\CyberLink
    2008-08-13 20:45 --------- d-----w C:\Program Files\BoontyGames
    2008-08-12 19:09 --------- d-----w C:\Program Files\Winamp
    2008-07-30 18:19 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2008-07-30 18:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
    2008-07-30 18:17 --------- d-----w C:\Program Files\Nero
    2008-07-30 18:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
    2008-07-30 18:13 --------- d-----w C:\Program Files\Ahead
    2008-07-30 18:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-30 18:03 --------- d-----w C:\Program Files\CyberLink
    2008-07-23 11:43 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
    2008-07-23 11:43 249,856 ------w C:\WINDOWS\Setup1.exe
    2008-07-13 15:37 --------- d-----w C:\Program Files\Fichiers communs\BOONTY Shared
    2008-07-13 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOONTY
    2008-07-13 15:36 --------- d-----w C:\Program Files\Boonty
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-03-30 18:53 24,496 -c--a-w C:\Documents and Settings\fleurdo\Application Data\GDIPFONTCACHEV1.DAT
    1998-03-13 10:28 22,728 ------w C:\Program Files\PICTRS.EXE
    1997-11-13 09:09 23,552 ------r C:\Program Files\RestartApp.exe
    1995-05-22 22:00 520,552 ------w C:\Program Files\LEAD50.DLL
    1995-04-09 23:00 38,720 ------w C:\Program Files\LEADDIB.DRV
    2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
    2007-02-28 17:51 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ---- Directory of C:\games ----

    2008-06-23 21:42 4194 --ah----- C:\games\Governor of Poker\Config data\---=TAC-CM.nfo
    2008-06-23 21:42 4194 --a------ C:\games\Governor of Poker\Config data\config.dll
    2008-06-23 21:42 4194 --a------ C:\games\Governor of Poker\---=TAC-CM.nfo
    2008-06-23 21:36 95 --a------ C:\games\Governor of Poker\Config data\registered data.dat
    2008-06-23 21:01 36572509 --a------ C:\games\Governor of Poker\GovernorofPoker.exe
    2008-05-26 12:24 6400 --ah----- C:\games\Governor of Poker\Config data\HitzWarez.nfo
    2008-05-26 12:24 6400 --a------ C:\games\Governor of Poker\HitzWarez.nfo
    2008-05-26 12:24 6400 --a------ C:\games\Governor of Poker\Config data\registered.dll
    2008-04-22 18:33 178 --ah----- C:\games\Governor of Poker\Config data\Click here for the best games!.url
    2008-04-22 18:33 178 --a------ C:\games\Governor of Poker\Click here for the best games!.url


    ((((((((((((((((((((((((((((( snapshot@2008-08-25_23.26.56.39 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    + 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
    + 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
    + 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    + 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
    + 2008-09-01 19:29:24 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4a4.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 15:20 401491]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 22:07 7110656]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-07-09 23:33 36352]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
    "Microsoft WinUpdate"="C:\WINDOWS\system32\msupdte.exe" [BU]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLogOff"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.X264"= x264vfw.dll
    "VIDC.3iv2"= 3ivxVfWCodec.dll
    "VIDC.VP31"= vp31vfw.dll
    "msacm.l3fhg"= mp3fhg.acm
    "MSACM.CEGSM"= mobilev.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    --a------ 2007-05-15 15:55 1057328 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    --a------ 2007-03-09 18:09 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    --a------ 2005-06-08 15:24 458752 C:\Program Files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    --a------ 2005-06-08 15:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2007-03-01 15:57 153136 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
    --a------ 2007-05-15 15:55 1628208 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\NetMeeting\\Conf.exe"=
    "C:\\Program Files\\eChanblard\\emule.exe"=
    "C:\\mcoinstall.exe"=
    "C:\\StubInstaller.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "139:TCP"= 139:TCP:LocalSubNet,172.16.255.0/255.255.255.0:Enabled:@xpsp2res.dll,-22004
    "445:TCP"= 445:TCP:LocalSubNet,172.16.255.0/255.255.255.0:Enabled:@xpsp2res.dll,-22005
    "137:UDP"= 137:UDP:LocalSubNet,172.16.255.0/255.255.255.0:Enabled:@xpsp2res.dll,-22001
    "138:UDP"= 138:UDP:LocalSubNet,172.16.255.0/255.255.255.0:Enabled:@xpsp2res.dll,-22002

    R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 14:39]
    S2 713xTVCard;SAA7133 TV Card;C:\WINDOWS\system32\DRIVERS\SAA713x.sys [2005-03-15 12:00]
    S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe []
    S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10]
    S4 Nulioecoen;Nulioecoen;C:\WINDOWS\system32\pathping.exe [2004-08-05 14:00]

    *Newly Created Service* - CATCHME
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-01 21:42:18
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-09-01 21:43:36
    ComboFix-quarantined-files.txt 2008-09-01 19:43:11
    ComboFix2.txt 2008-09-01 11:06:22

    Pre-Run: 23,639,928,832 octets libres
    Post-Run: 23,623,356,416 octets libres

    436 --- E O F --- 2008-08-25 17:48:22
    2 Septembre 2008 20:44:17

    bonsoir
    reposte un log hijackthis stp
    2 Septembre 2008 20:49:46

    voila voila

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:53:41, on 02/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\eChanblard\emule.exe
    C:\WINDOWS\system32\sndvol32.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Windows Live Toolbar\msn_sl.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/
    O15 - Trusted Zone: http://ed2k-series.new.fr
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

    --
    End of file - 9879 bytes

    2 Septembre 2008 21:30:02

    re

    Cette procédure doit être imprimée pour que tu puisses l’avoir sous les yeux quand tu seras en mode sans échec.

    Télécharge SDFix(créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    ***Si le lien ne fonctionne pas, essaie celui-ci : http://download.bleepingcomputer.com/andymanchesta/SDFi... ***

    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
  • Redémarre ton ordinateur
  • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
  • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !



    2 Septembre 2008 23:50:41

    Re
    Alors le rappor SDFix:


    SDFix: Version 1.220
    Run by fleurdo on 02/09/2008 at 23:43

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\WINDOWS\system32\msupdte.exe - Deleted





    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-02 23:49:08
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:37,bb,f3,3a,d0,1b,d9,7d,dc,f1,7e,be,05,7b,7d,78,24,1c,42,a9,ee,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,07,9d,dc,e8,8c,12,43,01,cb,56,93,3a,99,b5,70,db,d9,..
    "khjeh"=hex:8a,68,e2,14,5f,68,17,21,1d,1e,76,79,00,d5,bd,cd,30,cb,f6,9a,25,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:a0,52,59,2c,11,e3,61,d7,d7,59,11,4f,b4,a2,d6,ef,39,b7,21,9e,7b,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:ce,c7,32,7c,84,8b,85,6a,56,18,a3,99,93,ef,25,f0,0a,53,f8,ec,03,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s0"=dword:ab36e992
    "s1"=dword:b18ac3b3
    "s2"=dword:210e3682
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:37,bb,f3,3a,d0,1b,d9,7d,dc,f1,7e,be,05,7b,7d,78,24,1c,42,a9,ee,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,07,9d,dc,e8,8c,12,43,01,cb,56,93,3a,99,b5,70,db,d9,..
    "khjeh"=hex:8a,68,e2,14,5f,68,17,21,1d,1e,76,79,00,d5,bd,cd,30,cb,f6,9a,25,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:a0,52,59,2c,11,e3,61,d7,d7,59,11,4f,b4,a2,d6,ef,39,b7,21,9e,7b,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:ce,c7,32,7c,84,8b,85,6a,56,18,a3,99,93,ef,25,f0,0a,53,f8,ec,03,..

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\Program Files\\NetMeeting\\Conf.exe"="C:\\Program Files\\NetMeeting\\Conf.exe:*:enabled:NetMeeting"
    "C:\\Program Files\\eChanblard\\emule.exe"="C:\\Program Files\\eChanblard\\emule.exe:*:Enabled:eMule"
    "C:\\mcoinstall.exe"="C:\\mcoinstall.exe:*:Enabled:mcoinstall"
    "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
    "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:D isabled:Assistance … distance"
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:enabled:Assistance … distance"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:enabled:Windows Messenger"
    "C:\\Program Files\\AOL 9.0\\AOL.exe"="C:\\Program Files\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0"
    "C:\\Program Files\\AOL 9.0\\WAOL.exe"="C:\\Program Files\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0"
    "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)"
    "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)"
    "C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:enabled:Microsoft Fax"
    "C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe"="C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner"
    "C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe"="C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor"
    "C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe"="C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server"
    "C:\\Program Files\\NetMeeting\\Conf.exe"="C:\\Program Files\\NetMeeting\\Conf.exe:*:enabled:NetMeeting"
    "C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"="C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe:*:enabled:Nero MediaHome"
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Remaining Files :


    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Wed 28 Feb 2007 2,516 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
    Wed 5 Apr 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Thu 30 Nov 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
    Mon 25 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\405ae8e48aa46e265982686e1678047b\BIT22.tmp"

    Finished!

    et pour jack:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:54:28, on 02/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/
    O15 - Trusted Zone: http://ed2k-series.new.fr
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

    --
    End of file - 9549 bytes
    3 Septembre 2008 18:36:27

    re

    ~Lance Hijackthis “Do a system scan only”.
    Coche les lignes qui suivent si encore présentes et uniquement celles-là.

    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)


    Clique sur Fix checked (en bas à gauche)

    supprime les dossiers en gras si toujours présents:
    C:\Program Files\Macrogaming\SweetIMBarForIE
    C:\Program Files\Macrogaming\SweetIM
    C:\Program Files\eoRezo

    tu n'es pas infecté par lop, mais je voudrais vérifier un truc :D 

    Télécharge Lop S&D.exe sur ton bureau

  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
  • Séléctionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré ( C:\lopR.txt )

    ( Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
    3 Septembre 2008 20:53:39

    Re,

    Voilà le rapport:


    --------------------\\ Lop S&D 4.2.3-9 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.06GHz )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : fleurdo ( Administrator )
    BOOT : Normal boot
    Antivirus : Avira AntiVir PersonalEdition 8.0.1.15 (Activated)

    "C:\Lop SD" ( MAJ : 02-09-2008|17:30 )
    Option : [1] ( 03/09/2008|20:47 )

    --------------------\\ Listing des dossiers dans APPLIC~1

    [19/08/2005|19:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
    [19/08/2005|18:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
    [19/08/2005|18:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
    [07/05/2007|22:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
    [07/05/2007|22:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real

    [31/03/2008|06:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [30/07/2008|20:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
    [14/02/2006|00:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
    [10/03/2006|16:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [28/08/2008|21:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    [13/07/2008|17:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
    [20/08/2008|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
    [26/02/2008|20:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FreeTest
    [08/04/2007|14:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [28/02/2007|19:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    [20/08/2008|12:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    [01/04/2006|22:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
    [25/08/2008|19:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [14/09/2007|19:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [22/08/2008|10:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [30/07/2008|20:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
    [14/02/2006|12:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
    [19/08/2005|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [13/08/2006|19:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
    [07/12/2005|15:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    [19/08/2005|18:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [19/02/2007|12:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
    [22/01/2008|21:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
    [01/03/2008|01:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    [13/08/2006|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

    [19/08/2005|19:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
    [19/08/2005|18:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Ahead
    [14/02/2006|00:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\AOL
    [05/10/2005|09:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\CyberLink
    [19/08/2005|17:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [19/08/2005|18:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
    [05/10/2005|09:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [19/08/2005|18:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
    [19/08/2005|18:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
    [19/08/2005|18:33] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

    [01/06/2008|22:44] C:\DOCUME~1\fleurdo\APPLIC~1\Adobe
    [08/03/2007|19:08] C:\DOCUME~1\fleurdo\APPLIC~1\AdobeUM
    [19/08/2005|18:49] C:\DOCUME~1\fleurdo\APPLIC~1\Ahead
    [14/02/2006|00:45] C:\DOCUME~1\fleurdo\APPLIC~1\AOL
    [05/10/2006|11:33] C:\DOCUME~1\fleurdo\APPLIC~1\Apple Computer
    [26/10/2006|10:59] C:\DOCUME~1\fleurdo\APPLIC~1\ArcSoft
    [20/02/2007|13:15] C:\DOCUME~1\fleurdo\APPLIC~1\Copernic
    [28/02/2007|19:42] C:\DOCUME~1\fleurdo\APPLIC~1\Corel
    [13/08/2008|23:26] C:\DOCUME~1\fleurdo\APPLIC~1\CyberLink
    [12/02/2006|00:50] C:\DOCUME~1\fleurdo\APPLIC~1\dvdcss
    [11/04/2006|21:16] C:\DOCUME~1\fleurdo\APPLIC~1\FotoWire
    [02/10/2006|14:05] C:\DOCUME~1\fleurdo\APPLIC~1\Google
    [04/03/2006|02:14] C:\DOCUME~1\fleurdo\APPLIC~1\Help
    [14/08/2006|18:24] C:\DOCUME~1\fleurdo\APPLIC~1\Identities
    [18/02/2008|20:34] C:\DOCUME~1\fleurdo\APPLIC~1\iScreensaver
    [08/05/2007|14:04] C:\DOCUME~1\fleurdo\APPLIC~1\ItsLabel
    [26/02/2006|21:17] C:\DOCUME~1\fleurdo\APPLIC~1\Lavasoft
    [19/08/2005|18:22] C:\DOCUME~1\fleurdo\APPLIC~1\Macromedia
    [25/08/2008|19:41] C:\DOCUME~1\fleurdo\APPLIC~1\Malwarebytes
    [30/04/2006|21:10] C:\DOCUME~1\fleurdo\APPLIC~1\Media Player Classic
    [01/09/2008|12:59] C:\DOCUME~1\fleurdo\APPLIC~1\Microsoft
    [12/02/2006|15:28] C:\DOCUME~1\fleurdo\APPLIC~1\Mozilla
    [30/04/2006|14:14] C:\DOCUME~1\fleurdo\APPLIC~1\MSNInstaller
    [30/04/2006|21:27] C:\DOCUME~1\fleurdo\APPLIC~1\Musicmatch
    [25/09/2007|19:10] C:\DOCUME~1\fleurdo\APPLIC~1\MySpace
    [19/08/2005|18:04] C:\DOCUME~1\fleurdo\APPLIC~1\Real
    [19/08/2005|18:32] C:\DOCUME~1\fleurdo\APPLIC~1\Sun
    [08/05/2007|14:02] C:\DOCUME~1\fleurdo\APPLIC~1\Talkback
    [01/06/2006|17:59] C:\DOCUME~1\fleurdo\APPLIC~1\vlc
    [28/08/2008|21:20] C:\DOCUME~1\fleurdo\APPLIC~1\Winamp
    [19/08/2005|18:33] C:\DOCUME~1\fleurdo\APPLIC~1\You've Got Pictures Screensaver
    [14/08/2006|18:24] C:\DOCUME~1\fleurdo\APPLIC~1\Zylom

    [30/04/2006|14:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
    [08/03/2007|18:34] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [19/08/2005|17:39] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [06/03/2006|03:15] C:\DOCUME~1\PROPRI~1\APPLIC~1\Real
    [14/02/2006|00:48] C:\DOCUME~1\PROPRI~1\APPLIC~1\You've Got Pictures Screensaver

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
    [02/09/2008 23:46][--ah-----] C:\WINDOWS\tasks\SA.DAT

    --------------------\\ Listing des dossiers dans C:\Program Files

    [13/02/2006|14:58] C:\Program Files\7-Zip
    [31/03/2008|06:25] C:\Program Files\Adobe
    [26/10/2006|12:26] C:\Program Files\ADS Tech
    [30/07/2008|20:13] C:\Program Files\Ahead
    [28/02/2007|18:22] C:\Program Files\Alwil Software
    [25/10/2006|15:06] C:\Program Files\AvantGo Connect
    [28/08/2008|21:41] C:\Program Files\Avira
    [13/08/2008|18:28] C:\Program Files\AxBx
    [13/07/2008|17:36] C:\Program Files\Boonty
    [13/08/2008|22:45] C:\Program Files\BoontyGames
    [28/09/2006|22:01] C:\Program Files\Cain
    [06/06/2007|23:44] C:\Program Files\Captures
    [30/04/2006|22:14] C:\Program Files\CCleaner
    [06/06/2007|23:44] C:\Program Files\Clips
    [21/12/2006|19:31] C:\Program Files\Codemasters
    [25/10/2006|15:06] C:\Program Files\Common Files
    [06/06/2007|23:44] C:\Program Files\Contours
    [20/02/2007|13:15] C:\Program Files\Copernic Agent
    [28/02/2007|19:50] C:\Program Files\Corel
    [06/06/2007|23:44] C:\Program Files\Coupes
    [09/06/2007|19:45] C:\Program Files\Creative Zone
    [30/04/2006|14:10] C:\Program Files\CVitae
    [30/07/2008|20:03] C:\Program Files\CyberLink
    [05/09/2006|16:44] C:\Program Files\DAEMON Tools
    [21/12/2006|19:12] C:\Program Files\directx
    [22/01/2008|22:55] C:\Program Files\DivX
    [03/09/2008|18:36] C:\Program Files\eChanblard
    [22/07/2007|16:57] C:\Program Files\Eggiz
    [23/11/2006|23:01] C:\Program Files\Eraser
    [06/06/2007|23:44] C:\Program Files\eVAOPack
    [01/09/2008|21:41] C:\Program Files\Fichiers communs
    [21/12/2006|18:12] C:\Program Files\FileDeleter
    [06/06/2007|23:44] C:\Program Files\Fonds
    [06/06/2007|23:44] C:\Program Files\Gammes
    [21/02/2007|19:34] C:\Program Files\Gimp
    [19/05/2008|20:32] C:\Program Files\Google
    [21/02/2007|20:42] C:\Program Files\Graphex3
    [19/08/2005|19:07] C:\Program Files\HighMAT CD Writing Wizard
    [05/10/2005|09:38] C:\Program Files\Home Cinema
    [06/06/2007|23:44] C:\Program Files\Images
    [30/07/2008|20:06] C:\Program Files\InstallShield Installation Information
    [19/08/2005|17:49] C:\Program Files\Intel
    [25/08/2008|19:45] C:\Program Files\Internet Explorer
    [07/12/2005|15:10] C:\Program Files\Java
    [18/02/2008|20:44] C:\Program Files\Kit ADSL
    [25/05/2006|17:40] C:\Program Files\K-Lite Codec Pack
    [20/08/2008|00:05] C:\Program Files\Lavasoft
    [07/12/2005|15:40] C:\Program Files\Learn2.com
    [21/09/2006|12:43] C:\Program Files\LimeWire
    [11/04/2006|21:16] C:\Program Files\Logitech
    [01/09/2008|21:40] C:\Program Files\Macrogaming
    [25/08/2008|19:41] C:\Program Files\Malwarebytes' Anti-Malware
    [21/02/2007|16:48] C:\Program Files\Matroska Playback Pack
    [05/10/2006|11:32] C:\Program Files\Media Player Classic
    [19/08/2005|17:53] C:\Program Files\Medion Tools
    [30/04/2006|21:44] C:\Program Files\Messenger
    [18/05/2008|14:03] C:\Program Files\Messenger Plus! Live
    [28/09/2006|22:06] C:\Program Files\MessengerPlus! 3
    [23/11/2006|18:35] C:\Program Files\MICRO APPLICATION
    [25/10/2006|15:38] C:\Program Files\Microsoft ActiveSync
    [25/08/2008|19:47] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [19/08/2005|17:39] C:\Program Files\microsoft frontpage
    [01/04/2006|22:32] C:\Program Files\Microsoft Office
    [28/02/2006|13:58] C:\Program Files\Movie Maker
    [03/09/2008|18:30] C:\Program Files\Mozilla Firefox
    [19/08/2005|17:37] C:\Program Files\MSN Gaming Zone
    [20/08/2008|00:45] C:\Program Files\MSN Messenger
    [08/04/2007|18:19] C:\Program Files\MSXML 4.0
    [02/05/2006|15:21] C:\Program Files\Musicmatch
    [26/08/2008|13:21] C:\Program Files\MySpace
    [30/07/2008|20:17] C:\Program Files\Nero
    [28/02/2006|13:58] C:\Program Files\NetMeeting
    [13/09/2007|11:52] C:\Program Files\neuf telecom
    [06/06/2007|23:44] C:\Program Files\Objets
    [07/12/2005|15:22] C:\Program Files\OfficeUpdate11
    [16/08/2006|00:54] C:\Program Files\orange
    [01/03/2008|00:44] C:\Program Files\Outlook Express
    [21/02/2007|20:56] C:\Program Files\Paint.NET
    [05/10/2006|11:33] C:\Program Files\QuickTime
    [26/10/2006|20:56] C:\Program Files\QuickTime Alternative
    [16/05/2008|19:48] C:\Program Files\Raveille
    [19/08/2005|18:03] C:\Program Files\Real
    [20/12/2006|20:48] C:\Program Files\SC
    [26/08/2008|13:21] C:\Program Files\ScummVM
    [19/08/2005|17:38] C:\Program Files\Services en ligne
    [06/06/2007|23:44] C:\Program Files\Sounds
    [07/12/2005|15:31] C:\Program Files\StarOffice7
    [02/01/2007|20:55] C:\Program Files\Super Logiciels
    [06/06/2007|23:44] C:\Program Files\Sys
    [06/06/2007|23:44] C:\Program Files\Temp
    [06/06/2007|23:44] C:\Program Files\Themes
    [14/08/2008|00:31] C:\Program Files\Trend Micro
    [13/08/2006|21:02] C:\Program Files\TryMedia
    [22/12/2006|11:41] C:\Program Files\Uninstall Information
    [20/08/2008|12:37] C:\Program Files\Unlocker
    [13/08/2008|09:20] C:\Program Files\uTorrent
    [26/05/2006|15:44] C:\Program Files\VDCodecPack3.1
    [12/02/2006|00:50] C:\Program Files\VideoLAN
    [07/12/2005|15:40] C:\Program Files\Viewpoint
    [06/06/2007|23:44] C:\Program Files\Visages
    [21/12/2006|19:11] C:\Program Files\Warthog
    [06/06/2007|23:44] C:\Program Files\WebPub
    [12/08/2008|21:09] C:\Program Files\Winamp
    [19/08/2005|18:13] C:\Program Files\Windows Journal Viewer
    [01/03/2008|01:07] C:\Program Files\Windows Live
    [20/08/2008|12:37] C:\Program Files\Windows Live Toolbar
    [07/12/2005|15:06] C:\Program Files\Windows Media Connect
    [30/11/2006|18:42] C:\Program Files\Windows Media Connect 2
    [30/11/2006|18:45] C:\Program Files\Windows Media Player
    [28/02/2006|13:58] C:\Program Files\Windows NT
    [04/11/2006|14:15] C:\Program Files\WinHTTrack
    [28/09/2006|18:19] C:\Program Files\WinPcap
    [22/01/2008|21:18] C:\Program Files\WinZip
    [19/08/2005|17:39] C:\Program Files\xerox
    [30/04/2006|21:41] C:\Program Files\xp-AntiSpy
    [29/07/2006|18:14] C:\Program Files\Yahoo!
    [16/03/2007|16:56] C:\Program Files\Zoom Player
    [28/05/2008|19:42] C:\Program Files\Zylom Games

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [31/03/2008|06:25] C:\Program Files\Fichiers communs\Adobe
    [01/04/2006|22:59] C:\Program Files\Fichiers communs\Adobe Systems Shared
    [30/07/2008|20:19] C:\Program Files\Fichiers communs\Ahead
    [30/04/2006|14:11] C:\Program Files\Fichiers communs\AOL
    [13/07/2008|17:37] C:\Program Files\Fichiers communs\BOONTY Shared
    [20/02/2007|13:15] C:\Program Files\Fichiers communs\Copernic
    [28/02/2007|19:50] C:\Program Files\Fichiers communs\Corel
    [01/04/2006|22:32] C:\Program Files\Fichiers communs\Designer
    [21/12/2006|19:14] C:\Program Files\Fichiers communs\DirectX
    [11/04/2006|21:16] C:\Program Files\Fichiers communs\FotoWire
    [28/02/2007|19:42] C:\Program Files\Fichiers communs\InstallShield
    [07/12/2005|15:10] C:\Program Files\Fichiers communs\Java
    [11/04/2006|21:07] C:\Program Files\Fichiers communs\Logitech
    [14/08/2006|19:35] C:\Program Files\Fichiers communs\Macrovision Shared
    [01/03/2008|01:07] C:\Program Files\Fichiers communs\Microsoft Shared
    [19/08/2005|17:38] C:\Program Files\Fichiers communs\MSSoap
    [05/10/2005|09:42] C:\Program Files\Fichiers communs\Nero
    [07/12/2005|15:39] C:\Program Files\Fichiers communs\Nullsoft
    [04/11/2006|17:18] C:\Program Files\Fichiers communs\ODBC
    [13/09/2007|14:39] C:\Program Files\Fichiers communs\Real
    [19/08/2005|17:38] C:\Program Files\Fichiers communs\Services
    [30/04/2006|14:11] C:\Program Files\Fichiers communs\Softwin
    [19/08/2005|19:34] C:\Program Files\Fichiers communs\SpeechEngines
    [01/03/2008|00:44] C:\Program Files\Fichiers communs\System
    [01/03/2008|01:07] C:\Program Files\Fichiers communs\WindowsLiveInstaller
    [13/09/2007|14:39] C:\Program Files\Fichiers communs\xing shared

    --------------------\\ Process

    ( 41 Processus )

    iexplore.exe ~ [PID:3804]

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\DOCUME~1\fleurdo\Cookies\fleurdo@advertising[1].txt
    C:\DOCUME~1\fleurdo\Cookies\fleurdo@advertising[2].txt
    C:\DOCUME~1\fleurdo\Cookies\fleurdo@adopt.euroclick[1].txt
    C:\DOCUME~1\fleurdo\Cookies\fleurdo@sr2.livemediasrv[1].txt
    C:\DOCUME~1\fleurdo\Cookies\fleurdo@sr2.livemediasrv[3].txt
    C:\DOCUME~1\fleurdo\Cookies\fleurdo@32vegas[2].txt
    C:\DOCUME~1\fleurdo\Cookies\fleurdo@banner.32vegas[2].txt
    C:\DOCUME~1\fleurdo\Cookies\fleurdo@www.vegasaffiliates[1].txt
    C:\DOCUME~1\fleurdo\Cookies\fleurdo@888[2].txt

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE


    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-03 20:48:23
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 999

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\fleurdo\Mes documents\Ma musique\Eric Benet - Hurricane (2005) - R&B - www.torrentazos.com By FEFE2003\12 - Eric Benet - Cracks Of My Broken Heart - www.torrentazos.com.mp3
    C:\DOCUME~1\fleurdo\Mes documents\Ma musique\Kanye_West-Late_Registration-2005-RNS\08-kanye_west-crack_music_(feat_the_game).mp3
    C:\DOCUME~1\fleurdo\Mes documents\pas\crack
    C:\DOCUME~1\fleurdo\Mes documents\pas\crack\Keygen.exe
    C:\DOCUME~1\fleurdo\Mes documents\pas\crack\pspXCrack.exe
    C:\DOCUME~1\fleurdo\Mes documents\pas\crack\Serial_PSP10.txt
    C:\DOCUME~1\fleurdo\Mes documents\Tools\Nero\Content\Content\MenuTemplates\Pictures\tenniscrack4_3.jpg
    C:\DOCUME~1\fleurdo\Recent\Popcap Chuzzle Deluxe v1.0 + crack.rar.lnk


    [F:18][D:3]-> C:\DOCUME~1\fleurdo\LOCALS~1\Temp
    [F:242][D:0]-> C:\DOCUME~1\fleurdo\Cookies
    [F:1377][D:4]-> C:\DOCUME~1\fleurdo\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 03/09/2008|20:50 - Option : [1]

    --------------------\\ Fin du rapport a 20:50:10
    3 Septembre 2008 21:16:01

    re

    1

    vire tout tes cracks pourris

    Citation :
    C:\DOCUME~1\fleurdo\Mes documents\Ma musique\Eric Benet - Hurricane (2005) - R&B - www.torrentazos.com By FEFE2003\12 - Eric Benet - Cracks Of My Broken Heart - www.torrentazos.com.mp3
    C:\DOCUME~1\fleurdo\Mes documents\Ma musique\Kanye_West-Late_Registration-2005-RNS\08-kanye_west-crack_music_(feat_the_game).mp3
    C:\DOCUME~1\fleurdo\Mes documents\pas\crack
    C:\DOCUME~1\fleurdo\Mes documents\pas\crack\Keygen.exe
    C:\DOCUME~1\fleurdo\Mes documents\pas\crack\pspXCrack.exe
    C:\DOCUME~1\fleurdo\Mes documents\pas\crack\Serial_PSP10.txt
    C:\DOCUME~1\fleurdo\Mes documents\Tools\Nero\Content\Content\MenuTemplates\Pictures\tenniscrack4_3.jpg
    C:\DOCUME~1\fleurdo\Recent\Popcap Chuzzle Deluxe v1.0 + crack.rar.lnk


    lis:
    cracks/P2P


    2
    seulement après :

    Relance Lop S&D

  • Choisis cette fois ci l'Option 2 ( Suppression )
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré ( C:\lopR.txt )

    ( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
    3 Septembre 2008 21:49:13

    Coment je fais? je vais les supprimer manuellement?
    4 Septembre 2008 20:53:34

    bonsoir
    oui, tu as bien su les installer, tu devrais savoir les supprimer... :D 
    4 Septembre 2008 21:14:26

    Hello

    Après le ménage voici le rapport:


    --------------------\\ Lop S&D 4.2.3-9 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.06GHz )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : fleurdo ( Administrator )
    BOOT : Normal boot
    Antivirus : Avira AntiVir PersonalEdition 8.0.1.15 (Activated)

    "C:\Lop SD" ( MAJ : 02-09-2008|17:30 )
    Option : [2] ( 04/09/2008|21:15 )


    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

    Supprime! - C:\DOCUME~1\fleurdo\Cookies\fleurdo@advertising[1].txt
    Supprime! - C:\DOCUME~1\fleurdo\Cookies\fleurdo@advertising[2].txt
    Supprime! - C:\DOCUME~1\fleurdo\Cookies\fleurdo@sr2.livemediasrv[1].txt
    Supprime! - C:\DOCUME~1\fleurdo\Cookies\fleurdo@sr2.livemediasrv[3].txt
    Supprime! - C:\DOCUME~1\fleurdo\Cookies\fleurdo@32vegas[2].txt
    Supprime! - C:\DOCUME~1\fleurdo\Cookies\fleurdo@banner.32vegas[2].txt
    Supprime! - C:\DOCUME~1\fleurdo\Cookies\fleurdo@www.vegasaffiliates[1].txt
    Supprime! - C:\DOCUME~1\fleurdo\Cookies\fleurdo@888[2].txt
    -
    [ Fichier Hosts ] .. Restaure!

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    Supprime! - C:\Program Files\Viewpoint
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    --------------------\\ Listing des dossiers dans APPLIC~1

    [19/08/2005|19:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
    [19/08/2005|18:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
    [19/08/2005|18:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
    [07/05/2007|22:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
    [07/05/2007|22:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real

    [31/03/2008|06:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [30/07/2008|20:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
    [14/02/2006|00:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
    [10/03/2006|16:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [28/08/2008|21:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    [13/07/2008|17:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
    [20/08/2008|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
    [26/02/2008|20:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FreeTest
    [08/04/2007|14:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [28/02/2007|19:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    [20/08/2008|12:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    [01/04/2006|22:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
    [25/08/2008|19:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [14/09/2007|19:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [22/08/2008|10:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [30/07/2008|20:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
    [14/02/2006|12:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
    [19/08/2005|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [13/08/2006|19:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
    [19/08/2005|18:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [19/02/2007|12:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
    [22/01/2008|21:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
    [01/03/2008|01:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    [13/08/2006|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

    [19/08/2005|19:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
    [19/08/2005|18:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Ahead
    [14/02/2006|00:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\AOL
    [05/10/2005|09:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\CyberLink
    [19/08/2005|17:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [19/08/2005|18:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
    [05/10/2005|09:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [19/08/2005|18:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
    [19/08/2005|18:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
    [19/08/2005|18:33] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

    [01/06/2008|22:44] C:\DOCUME~1\fleurdo\APPLIC~1\Adobe
    [08/03/2007|19:08] C:\DOCUME~1\fleurdo\APPLIC~1\AdobeUM
    [19/08/2005|18:49] C:\DOCUME~1\fleurdo\APPLIC~1\Ahead
    [14/02/2006|00:45] C:\DOCUME~1\fleurdo\APPLIC~1\AOL
    [05/10/2006|11:33] C:\DOCUME~1\fleurdo\APPLIC~1\Apple Computer
    [26/10/2006|10:59] C:\DOCUME~1\fleurdo\APPLIC~1\ArcSoft
    [20/02/2007|13:15] C:\DOCUME~1\fleurdo\APPLIC~1\Copernic
    [28/02/2007|19:42] C:\DOCUME~1\fleurdo\APPLIC~1\Corel
    [13/08/2008|23:26] C:\DOCUME~1\fleurdo\APPLIC~1\CyberLink
    [12/02/2006|00:50] C:\DOCUME~1\fleurdo\APPLIC~1\dvdcss
    [11/04/2006|21:16] C:\DOCUME~1\fleurdo\APPLIC~1\FotoWire
    [02/10/2006|14:05] C:\DOCUME~1\fleurdo\APPLIC~1\Google
    [04/03/2006|02:14] C:\DOCUME~1\fleurdo\APPLIC~1\Help
    [14/08/2006|18:24] C:\DOCUME~1\fleurdo\APPLIC~1\Identities
    [18/02/2008|20:34] C:\DOCUME~1\fleurdo\APPLIC~1\iScreensaver
    [08/05/2007|14:04] C:\DOCUME~1\fleurdo\APPLIC~1\ItsLabel
    [26/02/2006|21:17] C:\DOCUME~1\fleurdo\APPLIC~1\Lavasoft
    [19/08/2005|18:22] C:\DOCUME~1\fleurdo\APPLIC~1\Macromedia
    [25/08/2008|19:41] C:\DOCUME~1\fleurdo\APPLIC~1\Malwarebytes
    [30/04/2006|21:10] C:\DOCUME~1\fleurdo\APPLIC~1\Media Player Classic
    [01/09/2008|12:59] C:\DOCUME~1\fleurdo\APPLIC~1\Microsoft
    [12/02/2006|15:28] C:\DOCUME~1\fleurdo\APPLIC~1\Mozilla
    [30/04/2006|14:14] C:\DOCUME~1\fleurdo\APPLIC~1\MSNInstaller
    [30/04/2006|21:27] C:\DOCUME~1\fleurdo\APPLIC~1\Musicmatch
    [25/09/2007|19:10] C:\DOCUME~1\fleurdo\APPLIC~1\MySpace
    [19/08/2005|18:04] C:\DOCUME~1\fleurdo\APPLIC~1\Real
    [19/08/2005|18:32] C:\DOCUME~1\fleurdo\APPLIC~1\Sun
    [08/05/2007|14:02] C:\DOCUME~1\fleurdo\APPLIC~1\Talkback
    [01/06/2006|17:59] C:\DOCUME~1\fleurdo\APPLIC~1\vlc
    [28/08/2008|21:20] C:\DOCUME~1\fleurdo\APPLIC~1\Winamp
    [19/08/2005|18:33] C:\DOCUME~1\fleurdo\APPLIC~1\You've Got Pictures Screensaver
    [14/08/2006|18:24] C:\DOCUME~1\fleurdo\APPLIC~1\Zylom

    [30/04/2006|14:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
    [08/03/2007|18:34] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [19/08/2005|17:39] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [06/03/2006|03:15] C:\DOCUME~1\PROPRI~1\APPLIC~1\Real
    [14/02/2006|00:48] C:\DOCUME~1\PROPRI~1\APPLIC~1\You've Got Pictures Screensaver

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
    [04/09/2008 18:38][--ah-----] C:\WINDOWS\tasks\SA.DAT

    --------------------\\ Listing des dossiers dans C:\Program Files

    [13/02/2006|14:58] C:\Program Files\7-Zip
    [31/03/2008|06:25] C:\Program Files\Adobe
    [26/10/2006|12:26] C:\Program Files\ADS Tech
    [30/07/2008|20:13] C:\Program Files\Ahead
    [28/02/2007|18:22] C:\Program Files\Alwil Software
    [25/10/2006|15:06] C:\Program Files\AvantGo Connect
    [28/08/2008|21:41] C:\Program Files\Avira
    [13/08/2008|18:28] C:\Program Files\AxBx
    [13/07/2008|17:36] C:\Program Files\Boonty
    [13/08/2008|22:45] C:\Program Files\BoontyGames
    [28/09/2006|22:01] C:\Program Files\Cain
    [06/06/2007|23:44] C:\Program Files\Captures
    [30/04/2006|22:14] C:\Program Files\CCleaner
    [06/06/2007|23:44] C:\Program Files\Clips
    [21/12/2006|19:31] C:\Program Files\Codemasters
    [25/10/2006|15:06] C:\Program Files\Common Files
    [06/06/2007|23:44] C:\Program Files\Contours
    [20/02/2007|13:15] C:\Program Files\Copernic Agent
    [28/02/2007|19:50] C:\Program Files\Corel
    [06/06/2007|23:44] C:\Program Files\Coupes
    [09/06/2007|19:45] C:\Program Files\Creative Zone
    [30/04/2006|14:10] C:\Program Files\CVitae
    [30/07/2008|20:03] C:\Program Files\CyberLink
    [05/09/2006|16:44] C:\Program Files\DAEMON Tools
    [21/12/2006|19:12] C:\Program Files\directx
    [22/01/2008|22:55] C:\Program Files\DivX
    [03/09/2008|18:36] C:\Program Files\eChanblard
    [22/07/2007|16:57] C:\Program Files\Eggiz
    [23/11/2006|23:01] C:\Program Files\Eraser
    [06/06/2007|23:44] C:\Program Files\eVAOPack
    [01/09/2008|21:41] C:\Program Files\Fichiers communs
    [21/12/2006|18:12] C:\Program Files\FileDeleter
    [06/06/2007|23:44] C:\Program Files\Fonds
    [06/06/2007|23:44] C:\Program Files\Gammes
    [21/02/2007|19:34] C:\Program Files\Gimp
    [19/05/2008|20:32] C:\Program Files\Google
    [21/02/2007|20:42] C:\Program Files\Graphex3
    [19/08/2005|19:07] C:\Program Files\HighMAT CD Writing Wizard
    [05/10/2005|09:38] C:\Program Files\Home Cinema
    [06/06/2007|23:44] C:\Program Files\Images
    [30/07/2008|20:06] C:\Program Files\InstallShield Installation Information
    [19/08/2005|17:49] C:\Program Files\Intel
    [25/08/2008|19:45] C:\Program Files\Internet Explorer
    [07/12/2005|15:10] C:\Program Files\Java
    [18/02/2008|20:44] C:\Program Files\Kit ADSL
    [25/05/2006|17:40] C:\Program Files\K-Lite Codec Pack
    [20/08/2008|00:05] C:\Program Files\Lavasoft
    [07/12/2005|15:40] C:\Program Files\Learn2.com
    [21/09/2006|12:43] C:\Program Files\LimeWire
    [11/04/2006|21:16] C:\Program Files\Logitech
    [01/09/2008|21:40] C:\Program Files\Macrogaming
    [25/08/2008|19:41] C:\Program Files\Malwarebytes' Anti-Malware
    [21/02/2007|16:48] C:\Program Files\Matroska Playback Pack
    [05/10/2006|11:32] C:\Program Files\Media Player Classic
    [19/08/2005|17:53] C:\Program Files\Medion Tools
    [30/04/2006|21:44] C:\Program Files\Messenger
    [18/05/2008|14:03] C:\Program Files\Messenger Plus! Live
    [28/09/2006|22:06] C:\Program Files\MessengerPlus! 3
    [23/11/2006|18:35] C:\Program Files\MICRO APPLICATION
    [25/10/2006|15:38] C:\Program Files\Microsoft ActiveSync
    [25/08/2008|19:47] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [19/08/2005|17:39] C:\Program Files\microsoft frontpage
    [01/04/2006|22:32] C:\Program Files\Microsoft Office
    [28/02/2006|13:58] C:\Program Files\Movie Maker
    [04/09/2008|21:04] C:\Program Files\Mozilla Firefox
    [19/08/2005|17:37] C:\Program Files\MSN Gaming Zone
    [20/08/2008|00:45] C:\Program Files\MSN Messenger
    [08/04/2007|18:19] C:\Program Files\MSXML 4.0
    [02/05/2006|15:21] C:\Program Files\Musicmatch
    [26/08/2008|13:21] C:\Program Files\MySpace
    [30/07/2008|20:17] C:\Program Files\Nero
    [28/02/2006|13:58] C:\Program Files\NetMeeting
    [13/09/2007|11:52] C:\Program Files\neuf telecom
    [06/06/2007|23:44] C:\Program Files\Objets
    [07/12/2005|15:22] C:\Program Files\OfficeUpdate11
    [16/08/2006|00:54] C:\Program Files\orange
    [01/03/2008|00:44] C:\Program Files\Outlook Express
    [21/02/2007|20:56] C:\Program Files\Paint.NET
    [05/10/2006|11:33] C:\Program Files\QuickTime
    [26/10/2006|20:56] C:\Program Files\QuickTime Alternative
    [16/05/2008|19:48] C:\Program Files\Raveille
    [19/08/2005|18:03] C:\Program Files\Real
    [20/12/2006|20:48] C:\Program Files\SC
    [26/08/2008|13:21] C:\Program Files\ScummVM
    [19/08/2005|17:38] C:\Program Files\Services en ligne
    [06/06/2007|23:44] C:\Program Files\Sounds
    [07/12/2005|15:31] C:\Program Files\StarOffice7
    [02/01/2007|20:55] C:\Program Files\Super Logiciels
    [06/06/2007|23:44] C:\Program Files\Sys
    [06/06/2007|23:44] C:\Program Files\Temp
    [06/06/2007|23:44] C:\Program Files\Themes
    [14/08/2008|00:31] C:\Program Files\Trend Micro
    [13/08/2006|21:02] C:\Program Files\TryMedia
    [22/12/2006|11:41] C:\Program Files\Uninstall Information
    [20/08/2008|12:37] C:\Program Files\Unlocker
    [13/08/2008|09:20] C:\Program Files\uTorrent
    [26/05/2006|15:44] C:\Program Files\VDCodecPack3.1
    [12/02/2006|00:50] C:\Program Files\VideoLAN
    [06/06/2007|23:44] C:\Program Files\Visages
    [21/12/2006|19:11] C:\Program Files\Warthog
    [06/06/2007|23:44] C:\Program Files\WebPub
    [12/08/2008|21:09] C:\Program Files\Winamp
    [19/08/2005|18:13] C:\Program Files\Windows Journal Viewer
    [01/03/2008|01:07] C:\Program Files\Windows Live
    [20/08/2008|12:37] C:\Program Files\Windows Live Toolbar
    [07/12/2005|15:06] C:\Program Files\Windows Media Connect
    [30/11/2006|18:42] C:\Program Files\Windows Media Connect 2
    [30/11/2006|18:45] C:\Program Files\Windows Media Player
    [28/02/2006|13:58] C:\Program Files\Windows NT
    [04/11/2006|14:15] C:\Program Files\WinHTTrack
    [28/09/2006|18:19] C:\Program Files\WinPcap
    [22/01/2008|21:18] C:\Program Files\WinZip
    [19/08/2005|17:39] C:\Program Files\xerox
    [30/04/2006|21:41] C:\Program Files\xp-AntiSpy
    [29/07/2006|18:14] C:\Program Files\Yahoo!
    [16/03/2007|16:56] C:\Program Files\Zoom Player
    [28/05/2008|19:42] C:\Program Files\Zylom Games

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [31/03/2008|06:25] C:\Program Files\Fichiers communs\Adobe
    [01/04/2006|22:59] C:\Program Files\Fichiers communs\Adobe Systems Shared
    [30/07/2008|20:19] C:\Program Files\Fichiers communs\Ahead
    [30/04/2006|14:11] C:\Program Files\Fichiers communs\AOL
    [13/07/2008|17:37] C:\Program Files\Fichiers communs\BOONTY Shared
    [20/02/2007|13:15] C:\Program Files\Fichiers communs\Copernic
    [28/02/2007|19:50] C:\Program Files\Fichiers communs\Corel
    [01/04/2006|22:32] C:\Program Files\Fichiers communs\Designer
    [21/12/2006|19:14] C:\Program Files\Fichiers communs\DirectX
    [11/04/2006|21:16] C:\Program Files\Fichiers communs\FotoWire
    [28/02/2007|19:42] C:\Program Files\Fichiers communs\InstallShield
    [07/12/2005|15:10] C:\Program Files\Fichiers communs\Java
    [11/04/2006|21:07] C:\Program Files\Fichiers communs\Logitech
    [14/08/2006|19:35] C:\Program Files\Fichiers communs\Macrovision Shared
    [01/03/2008|01:07] C:\Program Files\Fichiers communs\Microsoft Shared
    [19/08/2005|17:38] C:\Program Files\Fichiers communs\MSSoap
    [05/10/2005|09:42] C:\Program Files\Fichiers communs\Nero
    [07/12/2005|15:39] C:\Program Files\Fichiers communs\Nullsoft
    [04/11/2006|17:18] C:\Program Files\Fichiers communs\ODBC
    [13/09/2007|14:39] C:\Program Files\Fichiers communs\Real
    [19/08/2005|17:38] C:\Program Files\Fichiers communs\Services
    [30/04/2006|14:11] C:\Program Files\Fichiers communs\Softwin
    [19/08/2005|19:34] C:\Program Files\Fichiers communs\SpeechEngines
    [01/03/2008|00:44] C:\Program Files\Fichiers communs\System
    [01/03/2008|01:07] C:\Program Files\Fichiers communs\WindowsLiveInstaller
    [13/09/2007|14:39] C:\Program Files\Fichiers communs\xing shared

    --------------------\\ Process

    ( 41 Processus )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\DOCUME~1\fleurdo\Cookies\fleurdo@adopt.euroclick[2].txt

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE


    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-04 21:16:31
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 999

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\fleurdo\Local Settings\Temporary Internet Files\Content.IE5\GO4FT96Q\273143-7-cracks-risques[1].htm


    [F:15][D:3]-> C:\DOCUME~1\fleurdo\LOCALS~1\Temp
    [F:249][D:0]-> C:\DOCUME~1\fleurdo\Cookies
    [F:2869][D:4]-> C:\DOCUME~1\fleurdo\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 03/09/2008|20:50 - Option : [1]
    2 - "C:\Lop SD\LopR_2.txt" - 04/09/2008|21:18 - Option : [2]

    --------------------\\ Fin du rapport a 21:18:06

    4 Septembre 2008 21:49:44

    re

    ~Fais une analyse antivirus en ligne sur le site de Kaspersky
    http://www.kaspersky.com/kos/eng/partner/default/kavweb...

    * Clique sur Accept
    * Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
    * clique une nouvelle fois sur "Accept"
    * Les bases de mises à jour vont s'installer, patiente un moment
    * Clique sur Next.
    * Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
    * Poste le rapport de scan.
    5 Septembre 2008 23:44:47

    re voila pour le rapport:

    KASPERSKY ONLINE SCANNER 7 REPORT
    Friday, September 5, 2008
    Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Friday, September 05, 2008 18:23:56
    Records in database: 1194745
    Scan settings
    Scan using the following database extended
    Scan archives yes
    Scan mail databases yes
    Scan area My Computer
    C:\
    D:\
    E:\
    F:\
    H:\
    I:\
    J:\
    K:\
    L:\
    Scan statistics
    Files scanned 90776
    Threat name 8
    Infected objects 13
    Suspicious objects 1
    Duration of the scan 01:25:42

    File name Threat name Threats count
    C:\Documents and Settings\fleurdo\Local Settings\Application Data\Identities\{5795F9D5-3B48-4029-A6FB-2B2D2F3D0754}\Microsoft\Outlook Express\Boîte de réception.dbx Infected: Trojan-Spy.HTML.Paylap.jv 1
    C:\Documents and Settings\fleurdo\Local Settings\Application Data\Identities\{5795F9D5-3B48-4029-A6FB-2B2D2F3D0754}\Microsoft\Outlook Express\Boîte de réception.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
    C:\Documents and Settings\fleurdo\Mes documents\Mes fichiers reçus\Jean Marc\vnc-4.0-x86_win32.7z Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 3
    C:\Program Files\MSN Messenger\riched20.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
    C:\QooBox\Quarantine\C\Documents and Settings\fleurdo\Bureau\SmitfraudFix\Reboot.exe.vir Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
    C:\QooBox\Quarantine\C\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll.vir Infected: not-a-virus:AdWare.Win32.Mostofate.dt 1
    C:\QooBox\Quarantine\C\Program Files\webHancer\Programs\webhdll.dll.vir Infected: not-a-virus:AdWare.Win32.WebHancer.390 1
    C:\QooBox\Quarantine\C\Program Files\webHancer\whAgent_update.exe.vir Infected: not-a-virus:AdWare.Win32.WebHancer.390 1
    C:\QooBox\Quarantine\C\Program Files\webHancer(2)\Programs(2)\webhdll(2).dll.vir Infected: not-a-virus:AdWare.Win32.WebHancer.390 1
    C:\QooBox\Quarantine\C\Program Files\webHancer(2)\Programs(2)\webhdll(3).dll.vir Infected: not-a-virus:AdWare.Win32.WebHancer.390 1
    C:\QooBox\Quarantine\C\Program Files\webHancer(2)\Programs(2)\whagent(2).exe.vir Infected: not-a-virus:AdWare.Win32.WebHancer.423 1
    C:\QooBox\Quarantine\C\Program Files\webHancer(2)\Programs(2)\whiehlpr(2).dll.vir Infected: not-a-virus:AdWare.Win32.WebHancer.390 1
    The selected area was scanned.
    6 Septembre 2008 11:00:05

    bonjour

    une dernière chose et c'est bon

    Télécharge Toolbar S&D de la Team IDN sur ton bureau.

  • Double-clique dessus pour lancer l'installation.
  • Accepte le contrat de licence.
  • Puis double-clique sur le raccourci Toolbar S&D présent sur ton bureau.
  • Sélectionne la langue souhaitée et valide par la touche entrée.
  • Choisis l'option 1 ( Recherche ).
  • Patiente jusqu'à la fin du scan.
  • Poste le rapport généré. ( C:\TB.txt )
    6 Septembre 2008 17:09:00

    bonjour,
    chic chic voilà pour le dernier rapport alors:


    -----------\\ ToolBar S&D 1.1.7 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.06GHz )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : fleurdo ( Administrator )
    BOOT : Normal boot
    Antivirus : Avira AntiVir PersonalEdition 8.0.1.15 (Activated)

    "C:\ToolBar SD" ( MAJ : 04-09-2008|15:03 )
    Option : [1] ( 06/09/2008|17:10 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\Program Files\MSN Messenger\riched20.dll

    -----------\\ Extensions

    (fleurdo) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
    (fleurdo) - {F807FACD-E46A-4793-B345-D58CB177673C} => performancing


    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
    "Start Page"="http://www.ustart.org"
    "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Start Page"="http://www.ustart.org"
    "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
    "Search Bar"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"


    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\fleurdo\Local Settings\Temporary Internet Files\Content.IE5\GO4FT96Q\273143-7-cracks-risques[1].htm



    1 - "C:\ToolBar SD\TB_1.txt" - 06/09/2008|17:11 - Option : [1]

    -----------\\ Fin du rapport a 17:11:49,10

    6 Septembre 2008 18:06:30

    re

    Relance Toolbar S&D

  • Choisis cette fois-ci l'option 2. ( Suppression )
    Ton bureau va disparaitre, c'est normal. Laisse l'outil travailler.
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré. ( C:\TB.txt )


    6 Septembre 2008 19:44:08

    ok voila le rapport:


    -----------\\ ToolBar S&D 1.1.7 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.06GHz )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : fleurdo ( Administrator )
    BOOT : Normal boot
    Antivirus : Avira AntiVir PersonalEdition 8.0.1.15 (Activated)

    "C:\ToolBar SD" ( MAJ : 04-09-2008|15:03 )
    Option : [2] ( 06/09/2008|19:45 )

    -----------\\ SUPPRESSION

    Supprime! - C:\Program Files\MSN Messenger\riched20.dll

    -----------\\ Recherche de Fichiers / Dossiers ...


    -----------\\ Extensions

    (fleurdo) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
    (fleurdo) - {F807FACD-E46A-4793-B345-D58CB177673C} => performancing


    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
    "Start Page"="http://www.ustart.org"
    "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Start Page"="http://www.msn.com/"
    "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
    "Search Bar"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"


    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\fleurdo\Local Settings\Temporary Internet Files\Content.IE5\GO4FT96Q\273143-7-cracks-risques[1].htm



    1 - "C:\ToolBar SD\TB_1.txt" - 06/09/2008|17:11 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - 06/09/2008|19:46 - Option : [2]

    -----------\\ Fin du rapport a 19:46:35,81

    6 Septembre 2008 21:32:03

    re

    Supprime tous les programmes installés pour la désinfection.


    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

    ~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.

    :hello: 
    6 Septembre 2008 22:20:45

    Ca veut dire que c'est fini, tu as guéri mon ordi?
    7 Septembre 2008 20:42:24

    Et bien un grand merci du temps que tu as pris.
    Sinon j'ai un autre petit probleme mais ça reste un détail...
    Quand je mets le son, ça me fait des changement de volume tout seul, d'un coup ça devient super fort et hop ça se baisse tout seul. Alors ma question, même si je ne sais pas si tu pourra m'éclaircir sur ce point, c'est est ce que j'ai quelque chose dans mon ordi qui provoque ça, un truc malveillant ou si c'est un défaut de la carte son ou autre chose?
    8 Septembre 2008 20:32:26

    bonsoir
    ce n'est pas lié à un virus je pense...

    essaye de créer un sujet ici: Section hardware


    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS