Se connecter / S'enregistrer
Votre question

[Résolu] Problème : apparitions de pubs intempestives sans arrêt

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
17 Août 2008 19:53:28

Salut à tous !

je sais que beaucoup de topics ont été faits sur ce sujet , mais je préfere créer un topic pour mon cas :) 

alors voilà , il y a 2 jours , j'ai acheté un nouveau PC : le toshiba A300 . Seulement , depuis ce matin , dès que mon pc est connecté à internet , que je sois sur le bureau , sur un jeu , ou sur internet explorer , je suis sans cesse gêné par des pubs : CID nottament , et d'autres ..

j'ai installé ad-aware et analysé mon ordi avec , suite aux conseils d'un ami , celui ci a trouvé beaucoup de cookies traceur , puis les a supprimé . Ensuite j'ai installé Google Toolbar , qui est sensé bloquer les fenetres publicitaires intempestives (tout comme internet explorer 7 ) , mais tout cela en vain ! les pubs me harcèlent toujours !

c'est pour cela que je vous demande de l'aide :D 

que me conseillez vous pour remédier à ce problème ?

pour info je suis sur windows vista , et mon antivirus est bitdefender 2008 ..

Autres pages sur : resolu probleme apparitions pubs intempestives arret

17 Août 2008 20:04:18

Bonjour,

Je vais m'occuper de toi. Merci de prendre en compte que je suis bénévole, que j'ai une vie privée et que j'aide plusieurs internautes à la fois, donc merci d'être patient. Cependant, je ne lâche jamais un internaute tant que son PC n'est pas propre ;) 

Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

  • Double clique sur HJTInstall.exe pour lancer l'installation.
  • Clique sur Install.
  • Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)
  • Accepte la licence en cliquant sur Yes.
  • Clique sur "Do a system scan and save a logfile".
  • Poste ici[ le rapport généré.

    Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

    Aide : Comment utiliser HijackThis.

    ;) 
    17 Août 2008 20:34:41

    pas de problèmes je saurais être patient :)  je te comprend :) 

    voilà mon rapport :
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:31:35, on 17/08/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    C:\tb_eula\EULALauncher.exe
    C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    C:\Program Files\Toshiba\SmoothView\SmoothView.exe
    C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
    C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\windows defender\MSASCui.exe
    C:\Program Files\Steam\Steam.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
    O4 - HKLM\..\Run: [toolbar_eula_launcher] c:\tb_eula\EULALauncher.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
    O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [the 1] "C:\ProgramData\Glue scr scr.8z9t6g5"
    O4 - HKCU\..\Run: [Okay Proxy Ooze Each] "C:\ProgramData\Show plus program.it3sqz"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\RunOnce: [!MMPermissions] C:\PROGRA~1\Sony\SHARED~1\MEDIAM~1\2.2\ADJUST~1.EXE /waitforservice MSSQL$SONY_MEDIAMGR SQLAgent$SONY_MEDIAMGR
    O4 - HKCU\..\RunOnce: [!MMUserGroups] C:\PROGRA~1\Sony\SHARED~1\MEDIAM~1\2.2\MEDIAM~3.EXE /forcestatus /scriptfilename: C:\PROGRA~1\Sony\SHARED~1\MEDIAM~1\2.2\ADDUSE~1.SQL
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
    O4 - Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing)
    O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/redirect-home?tag=Tosh... (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 9398 bytes
    Contenus similaires
    17 Août 2008 23:52:21

    Re,

    Infecté(e) par Lop.com ( pubs CiD ) :) 

    Télécharge Lop S&D.exe (d’ Eric 71 & Angeldark) sur ton bureau.

  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton bureau (Si tu es sous Vista, clique droit -> exécuter en tant qu'admin)
  • Séléctionne la langue souhaitée , puis choisis l'Option 1 (Recherche)
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré (C:\lopR.txt)

    Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
    Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
    Tapes explorer et valide. Cela te fera apparaitre ton bureau


    ;) 
    18 Août 2008 00:05:04

    voili voilou :D 

    --------------------\\ Lop S&D 4.2.3-0 XP/Vista

    [ Windows VISTA (NT 6.0) Workstation Build 6001, Service Pack 1 ]
    [ USER : Nardini Jean ] [ "C:\Lop SD" ] [ Selection : 1 ]
    [ 18/08/2008 | 0:02:10 ] [ PC : PC-DE-JEAN (Proc:x86) ]
    [ MAJ : 17-08-2008 | 01:58 ]
    [ UAC => 0 ]

    --------------------\\ Listing des dossiers dans Local

    [17/08/2008|15:27] C:\Users\NARDIN~1\AppData\Local\Adobe
    [15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Application Data
    [15/08/2008|17:50] C:\Users\NARDIN~1\AppData\Local\ATI
    [17/08/2008|14:47] C:\Users\NARDIN~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [16/08/2008|18:53] C:\Users\NARDIN~1\AppData\Local\GDIPFONTCACHEV1.DAT
    [16/08/2008|10:44] C:\Users\NARDIN~1\AppData\Local\Google
    [15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Historique
    [17/08/2008|20:35] C:\Users\NARDIN~1\AppData\Local\IconCache.db
    [17/08/2008|19:00] C:\Users\NARDIN~1\AppData\Local\Microsoft
    [15/08/2008|22:26] C:\Users\NARDIN~1\AppData\Local\Microsoft Games
    [16/08/2008|18:50] C:\Users\NARDIN~1\AppData\Local\MigWiz
    [16/08/2008|14:54] C:\Users\NARDIN~1\AppData\Local\Mozilla
    [17/08/2008|20:21] C:\Users\NARDIN~1\AppData\Local\Sony
    [18/08/2008|00:00] C:\Users\NARDIN~1\AppData\Local\Temp
    [15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Temporary Internet Files
    [15/08/2008|17:50] C:\Users\NARDIN~1\AppData\Local\Toshiba
    [15/08/2008|19:38] C:\Users\NARDIN~1\AppData\Local\VirtualStore

    --------------------\\ Tâches planifiées dans C:\Windows\tasks

    [17/08/2008 23:00][--ah-----] C:\Windows\tasks\SA.DAT
    [17/08/2008 20:35][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    --------------------\\ Listing des dossiers dans C:\ProgramData

    [29/04/2008|16:15] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    [16/08/2008|18:38] C:\ProgramData\Adobe
    [16/08/2008|18:32] C:\ProgramData\Adobe Systems
    [02/11/2006|15:02] C:\ProgramData\Application Data
    [15/08/2008|17:50] C:\ProgramData\ATI
    [15/08/2008|19:52] C:\ProgramData\BitDefender
    [15/08/2008|17:39] C:\ProgramData\Bureau
    [02/11/2006|15:02] C:\ProgramData\Desktop
    [02/11/2006|15:02] C:\ProgramData\Documents
    [15/08/2008|17:39] C:\ProgramData\Favoris
    [02/11/2006|15:02] C:\ProgramData\Favorites
    [16/08/2008|09:50] C:\ProgramData\Glue scr scr.8z9t6g5
    [16/08/2008|09:50] C:\ProgramData\Glue scr scr.mowln
    [17/08/2008|15:21] C:\ProgramData\Google
    [17/08/2008|16:20] C:\ProgramData\Google Updater
    [16/08/2008|09:51] C:\ProgramData\IDOL DOG
    [15/08/2008|20:15] C:\ProgramData\IsolatedStorage
    [17/08/2008|15:30] C:\ProgramData\Lavasoft
    [15/08/2008|18:21] C:\ProgramData\McAfee
    [15/08/2008|17:39] C:\ProgramData\Menu D‚marrer
    [16/08/2008|12:39] C:\ProgramData\Messenger Plus!
    [15/08/2008|23:31] C:\ProgramData\Microsoft
    [15/08/2008|19:34] C:\ProgramData\Microsoft Help
    [15/08/2008|17:39] C:\ProgramData\ModŠles
    [16/08/2008|09:50] C:\ProgramData\Second Atom Okay Proxy
    [16/08/2008|09:50] C:\ProgramData\Show plus program.it3sqz
    [17/08/2008|20:08] C:\ProgramData\Sony
    [02/11/2006|15:02] C:\ProgramData\Start Menu
    [02/11/2006|15:02] C:\ProgramData\Templates
    [17/08/2008|11:47] C:\ProgramData\TOSHIBA
    [15/08/2008|17:44] C:\ProgramData\ToshibaEurope
    [16/04/2008|14:00] C:\ProgramData\Ulead Systems
    [16/08/2008|09:46] C:\ProgramData\WLInstaller

    --------------------\\ Listing des dossiers dans C:\Program Files

    [29/04/2008|16:15] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
    [16/08/2008|18:38] C:\Program Files\Adobe
    [15/08/2008|17:30] C:\Program Files\ATI
    [15/08/2008|17:30] C:\Program Files\ATI Technologies
    [15/08/2008|18:18] C:\Program Files\BitDefender
    [15/08/2008|17:31] C:\Program Files\Camera Assistant Software for Toshiba
    [16/08/2008|09:49] C:\Program Files\Circle Developement
    [17/08/2008|11:47] C:\Program Files\Common Files
    [16/08/2008|11:41] C:\Program Files\DebugMode
    [21/01/2008|04:43] C:\Program Files\desktop.ini
    [15/08/2008|17:39] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
    [17/08/2008|15:21] C:\Program Files\Google
    [16/04/2008|14:11] C:\Program Files\IDM
    [17/08/2008|11:08] C:\Program Files\InstallShield Installation Information
    [15/08/2008|17:29] C:\Program Files\Intel
    [21/01/2008|04:35] C:\Program Files\Internet Explorer
    [16/04/2008|14:01] C:\Program Files\InterVideo
    [15/08/2008|19:30] C:\Program Files\Java
    [17/08/2008|15:28] C:\Program Files\Lavasoft
    [16/08/2008|11:03] C:\Program Files\MediaCoder
    [16/08/2008|09:49] C:\Program Files\Messenger Plus! Live
    [02/11/2006|14:37] C:\Program Files\Microsoft Games
    [15/08/2008|19:34] C:\Program Files\Microsoft Office
    [17/08/2008|11:33] C:\Program Files\Microsoft Silverlight
    [15/08/2008|19:34] C:\Program Files\Microsoft Works
    [15/08/2008|17:46] C:\Program Files\Motorola
    [21/01/2008|04:35] C:\Program Files\Movie Maker
    [02/11/2006|14:37] C:\Program Files\MSBuild
    [16/04/2008|13:22] C:\Program Files\MSXML 4.0
    [16/08/2008|10:39] C:\Program Files\PhotoFiltre
    [16/04/2008|13:39] C:\Program Files\Realtek
    [02/11/2006|14:37] C:\Program Files\Reference Assemblies
    [17/08/2008|20:06] C:\Program Files\Sony
    [17/08/2008|20:04] C:\Program Files\Sony Setup
    [17/08/2008|18:07] C:\Program Files\Sports Interactive
    [17/08/2008|23:47] C:\Program Files\Steam
    [16/04/2008|13:40] C:\Program Files\Synaptics
    [17/08/2008|11:08] C:\Program Files\THQ
    [17/08/2008|11:47] C:\Program Files\Toshiba
    [15/08/2008|20:14] C:\Program Files\Toshiba TEMPRO
    [16/08/2008|15:55] C:\Program Files\Total War
    [17/08/2008|20:31] C:\Program Files\Trend Micro
    [16/04/2008|13:58] C:\Program Files\Ulead Systems
    [02/11/2006|15:01] C:\Program Files\Uninstall Information
    [16/08/2008|10:47] C:\Program Files\VideoLAN
    [17/08/2008|20:06] C:\Program Files\Vstplugins
    [21/01/2008|04:35] C:\Program Files\Windows Calendar
    [21/01/2008|04:35] C:\Program Files\Windows Collaboration
    [21/01/2008|04:35] C:\Program Files\Windows Defender
    [21/01/2008|04:35] C:\Program Files\Windows Journal
    [16/08/2008|09:48] C:\Program Files\Windows Live
    [15/08/2008|23:07] C:\Program Files\Windows Mail
    [16/04/2008|14:00] C:\Program Files\Windows Media Components
    [21/01/2008|04:35] C:\Program Files\Windows Media Player
    [15/08/2008|17:39] C:\Program Files\Windows NT
    [21/01/2008|04:35] C:\Program Files\Windows Photo Gallery
    [21/01/2008|04:35] C:\Program Files\Windows Sidebar
    [17/08/2008|18:16] C:\Program Files\WinRAR
    [17/08/2008|18:11] C:\Program Files\Zero G Registry

    --------------------\\ Listing des dossiers dans C:\Program Files\Common Files

    [16/08/2008|18:38] C:\Program Files\Common Files\Adobe
    [15/08/2008|19:52] C:\Program Files\Common Files\BitDefender
    [16/08/2008|16:01] C:\Program Files\Common Files\InstallShield
    [16/04/2008|13:24] C:\Program Files\Common Files\Java
    [15/08/2008|21:02] C:\Program Files\Common Files\microsoft shared
    [02/11/2006|13:18] C:\Program Files\Common Files\Services
    [02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
    [15/08/2008|23:04] C:\Program Files\Common Files\Steam
    [21/01/2008|04:35] C:\Program Files\Common Files\System
    [17/08/2008|11:48] C:\Program Files\Common Files\Toshiba Shared
    [16/04/2008|14:01] C:\Program Files\Common Files\Ulead Systems
    [15/08/2008|20:50] C:\Program Files\Common Files\WindowsLiveInstaller
    [17/08/2008|15:27] C:\Program Files\Common Files\Wise Installation Wizard

    --------------------\\ Process

    ( 84 Processus )

    iexplore.exe ~ [PID:2532] ~ [Threads:17]
    iexplore.exe ~ [PID:2572] ~ [Threads:5]
    iexplore.exe ~ [PID:5956] ~ [Threads:24]

    --------------------\\ Recherche avec S_Lop

    C:\ProgramData\Glue scr scr.mowln
    C:\ProgramData\Show plus program.it3sqz
    C:\ProgramData\Glue scr scr.8z9t6g5
    C:\Users\NARDIN~1\AppData\Local\Temp\bis2693.exe

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\Program Files\Circle Developement
    C:\Program Files\Circle Developement\Uninstall.exe
    C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies\nardini_jean@advertstream[1].txt
    C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies\nardini_jean@www.adserver5[1].txt
    C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies\nardini_jean@advertising[1].txt

    --------------------\\ Verification du Registre

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "the 1"="\"C:\\ProgramData\\Glue scr scr.8z9t6g5\""
    "Okay Proxy Ooze Each"="\"C:\\ProgramData\\Show plus program.it3sqz\""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE


    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-18 00:02:25
    Windows 6.0.6001 Service Pack 1 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 1

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\Users\NARDIN~1\Downloads\keygen.exe


    [F:89][D:26]-> C:\Users\NARDIN~1\AppData\Local\Temp
    [F:259][D:1]-> C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies
    [F:2536][D:6]-> C:\Users\NARDIN~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
    [F:5][D:1]-> C:\$Recycle.Bin

    --------------------\\ Fin du rapport a 0:04:00,56
    [ UAC => 1 ]

    18 Août 2008 00:29:02

    Re,

    Relance Lop S&D

  • Choisis cette fois ci l'Option 2 ( Suppression )
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré ( C:\lopR.txt )

    (Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

    ;) 
    18 Août 2008 10:43:48

    voila le rapport :D 


    --------------------\\ Lop S&D 4.2.3-0 XP/Vista

    [ Windows VISTA (NT 6.0) Workstation Build 6001, Service Pack 1 ]
    [ USER : Nardini Jean ] [ "C:\Lop SD" ] [ Selection : 2 ]
    [ 18/08/2008 | 10:40:34 ] [ PC : PC-DE-JEAN (Proc:x86) ]
    [ MAJ : 17-08-2008 | 01:58 ]
    [ UAC => 1 ]


    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

    Supprime! - C:\Program Files\Circle Developement\Uninstall.exe
    Supprime! - C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies\nardini_jean@advertstream[1].txt
    Supprime! - C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies\nardini_jean@www.adserver5[1].txt
    Supprime! - C:\ProgramData\Glue scr scr.mowln
    Supprime! - C:\ProgramData\Show plus program.it3sqz
    Supprime! - C:\ProgramData\Glue scr scr.8z9t6g5
    Supprime! - C:\Users\NARDIN~1\AppData\Local\Temp\bis2693.exe
    Supprime! - C:\Program Files\Circle Developement
    -
    [ Fichier Hosts ] .. Restaure!

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    --------------------\\ Listing des dossiers dans Local

    [17/08/2008|15:27] C:\Users\NARDIN~1\AppData\Local\Adobe
    [15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Application Data
    [15/08/2008|17:50] C:\Users\NARDIN~1\AppData\Local\ATI
    [17/08/2008|14:47] C:\Users\NARDIN~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [16/08/2008|18:53] C:\Users\NARDIN~1\AppData\Local\GDIPFONTCACHEV1.DAT
    [16/08/2008|10:44] C:\Users\NARDIN~1\AppData\Local\Google
    [15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Historique
    [18/08/2008|00:14] C:\Users\NARDIN~1\AppData\Local\IconCache.db
    [17/08/2008|19:00] C:\Users\NARDIN~1\AppData\Local\Microsoft
    [15/08/2008|22:26] C:\Users\NARDIN~1\AppData\Local\Microsoft Games
    [16/08/2008|18:50] C:\Users\NARDIN~1\AppData\Local\MigWiz
    [16/08/2008|14:54] C:\Users\NARDIN~1\AppData\Local\Mozilla
    [17/08/2008|20:21] C:\Users\NARDIN~1\AppData\Local\Sony
    [18/08/2008|10:40] C:\Users\NARDIN~1\AppData\Local\Temp
    [15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Temporary Internet Files
    [15/08/2008|17:50] C:\Users\NARDIN~1\AppData\Local\Toshiba
    [15/08/2008|19:38] C:\Users\NARDIN~1\AppData\Local\VirtualStore

    --------------------\\ Tâches planifiées dans C:\Windows\tasks

    [18/08/2008 10:28][--ah-----] C:\Windows\tasks\SA.DAT
    [18/08/2008 00:15][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    --------------------\\ Listing des dossiers dans C:\ProgramData

    [29/04/2008|16:15] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    [16/08/2008|18:38] C:\ProgramData\Adobe
    [16/08/2008|18:32] C:\ProgramData\Adobe Systems
    [02/11/2006|15:02] C:\ProgramData\Application Data
    [15/08/2008|17:50] C:\ProgramData\ATI
    [15/08/2008|19:52] C:\ProgramData\BitDefender
    [15/08/2008|17:39] C:\ProgramData\Bureau
    [02/11/2006|15:02] C:\ProgramData\Desktop
    [02/11/2006|15:02] C:\ProgramData\Documents
    [15/08/2008|17:39] C:\ProgramData\Favoris
    [02/11/2006|15:02] C:\ProgramData\Favorites
    [17/08/2008|15:21] C:\ProgramData\Google
    [17/08/2008|16:20] C:\ProgramData\Google Updater
    [16/08/2008|09:51] C:\ProgramData\IDOL DOG
    [15/08/2008|20:15] C:\ProgramData\IsolatedStorage
    [17/08/2008|15:30] C:\ProgramData\Lavasoft
    [15/08/2008|18:21] C:\ProgramData\McAfee
    [15/08/2008|17:39] C:\ProgramData\Menu D‚marrer
    [16/08/2008|12:39] C:\ProgramData\Messenger Plus!
    [15/08/2008|23:31] C:\ProgramData\Microsoft
    [15/08/2008|19:34] C:\ProgramData\Microsoft Help
    [15/08/2008|17:39] C:\ProgramData\ModŠles
    [16/08/2008|09:50] C:\ProgramData\Second Atom Okay Proxy
    [17/08/2008|20:08] C:\ProgramData\Sony
    [02/11/2006|15:02] C:\ProgramData\Start Menu
    [02/11/2006|15:02] C:\ProgramData\Templates
    [17/08/2008|11:47] C:\ProgramData\TOSHIBA
    [15/08/2008|17:44] C:\ProgramData\ToshibaEurope
    [16/04/2008|14:00] C:\ProgramData\Ulead Systems
    [16/08/2008|09:46] C:\ProgramData\WLInstaller

    --------------------\\ Listing des dossiers dans C:\Program Files

    [29/04/2008|16:15] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
    [16/08/2008|18:38] C:\Program Files\Adobe
    [15/08/2008|17:30] C:\Program Files\ATI
    [15/08/2008|17:30] C:\Program Files\ATI Technologies
    [15/08/2008|18:18] C:\Program Files\BitDefender
    [15/08/2008|17:31] C:\Program Files\Camera Assistant Software for Toshiba
    [17/08/2008|11:47] C:\Program Files\Common Files
    [16/08/2008|11:41] C:\Program Files\DebugMode
    [21/01/2008|04:43] C:\Program Files\desktop.ini
    [15/08/2008|17:39] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
    [17/08/2008|15:21] C:\Program Files\Google
    [16/04/2008|14:11] C:\Program Files\IDM
    [17/08/2008|11:08] C:\Program Files\InstallShield Installation Information
    [15/08/2008|17:29] C:\Program Files\Intel
    [21/01/2008|04:35] C:\Program Files\Internet Explorer
    [16/04/2008|14:01] C:\Program Files\InterVideo
    [15/08/2008|19:30] C:\Program Files\Java
    [17/08/2008|15:28] C:\Program Files\Lavasoft
    [16/08/2008|11:03] C:\Program Files\MediaCoder
    [16/08/2008|09:49] C:\Program Files\Messenger Plus! Live
    [02/11/2006|14:37] C:\Program Files\Microsoft Games
    [15/08/2008|19:34] C:\Program Files\Microsoft Office
    [17/08/2008|11:33] C:\Program Files\Microsoft Silverlight
    [15/08/2008|19:34] C:\Program Files\Microsoft Works
    [15/08/2008|17:46] C:\Program Files\Motorola
    [21/01/2008|04:35] C:\Program Files\Movie Maker
    [02/11/2006|14:37] C:\Program Files\MSBuild
    [16/04/2008|13:22] C:\Program Files\MSXML 4.0
    [16/08/2008|10:39] C:\Program Files\PhotoFiltre
    [16/04/2008|13:39] C:\Program Files\Realtek
    [02/11/2006|14:37] C:\Program Files\Reference Assemblies
    [17/08/2008|20:06] C:\Program Files\Sony
    [17/08/2008|20:04] C:\Program Files\Sony Setup
    [17/08/2008|18:07] C:\Program Files\Sports Interactive
    [17/08/2008|23:47] C:\Program Files\Steam
    [16/04/2008|13:40] C:\Program Files\Synaptics
    [17/08/2008|11:08] C:\Program Files\THQ
    [17/08/2008|11:47] C:\Program Files\Toshiba
    [15/08/2008|20:14] C:\Program Files\Toshiba TEMPRO
    [16/08/2008|15:55] C:\Program Files\Total War
    [17/08/2008|20:31] C:\Program Files\Trend Micro
    [16/04/2008|13:58] C:\Program Files\Ulead Systems
    [02/11/2006|15:01] C:\Program Files\Uninstall Information
    [16/08/2008|10:47] C:\Program Files\VideoLAN
    [17/08/2008|20:06] C:\Program Files\Vstplugins
    [21/01/2008|04:35] C:\Program Files\Windows Calendar
    [21/01/2008|04:35] C:\Program Files\Windows Collaboration
    [21/01/2008|04:35] C:\Program Files\Windows Defender
    [21/01/2008|04:35] C:\Program Files\Windows Journal
    [16/08/2008|09:48] C:\Program Files\Windows Live
    [15/08/2008|23:07] C:\Program Files\Windows Mail
    [16/04/2008|14:00] C:\Program Files\Windows Media Components
    [21/01/2008|04:35] C:\Program Files\Windows Media Player
    [15/08/2008|17:39] C:\Program Files\Windows NT
    [21/01/2008|04:35] C:\Program Files\Windows Photo Gallery
    [21/01/2008|04:35] C:\Program Files\Windows Sidebar
    [17/08/2008|18:16] C:\Program Files\WinRAR
    [17/08/2008|18:11] C:\Program Files\Zero G Registry

    --------------------\\ Listing des dossiers dans C:\Program Files\Common Files

    [16/08/2008|18:38] C:\Program Files\Common Files\Adobe
    [15/08/2008|19:52] C:\Program Files\Common Files\BitDefender
    [16/08/2008|16:01] C:\Program Files\Common Files\InstallShield
    [16/04/2008|13:24] C:\Program Files\Common Files\Java
    [15/08/2008|21:02] C:\Program Files\Common Files\microsoft shared
    [02/11/2006|13:18] C:\Program Files\Common Files\Services
    [02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
    [15/08/2008|23:04] C:\Program Files\Common Files\Steam
    [21/01/2008|04:35] C:\Program Files\Common Files\System
    [17/08/2008|11:48] C:\Program Files\Common Files\Toshiba Shared
    [16/04/2008|14:01] C:\Program Files\Common Files\Ulead Systems
    [15/08/2008|20:50] C:\Program Files\Common Files\WindowsLiveInstaller
    [17/08/2008|15:27] C:\Program Files\Common Files\Wise Installation Wizard

    --------------------\\ Process

    ( 81 Processus )

    iexplore.exe ~ [PID:2064] ~ [Threads:3]
    iexplore.exe ~ [PID:4544] ~ [Threads:6]

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies\nardini_jean@advertising[2].txt

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE


    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-18 10:40:53
    Windows 6.0.6001 Service Pack 1 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 1

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\Users\NARDIN~1\Downloads\keygen.exe


    [F:86][D:27]-> C:\Users\NARDIN~1\AppData\Local\Temp
    [F:266][D:1]-> C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies
    [F:2939][D:6]-> C:\Users\NARDIN~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
    [F:5][D:1]-> C:\$Recycle.Bin

    --------------------\\ Fin du rapport a 10:42:27,48
    [ UAC => 1 ]

    18 Août 2008 11:21:47

    juste pour te signaler que j'ai changé de pseudo , mais c'est bel et bien moi encore ^^
    18 Août 2008 22:21:10

    Re,

    Oki :) 

    Supprime-moi ce keygen :

    C:\Users\NARDIN~1\Downloads\keygen.exe

    Je te conseille de désinstaller et de supprimer tous tes logiciels de p2p : 50% de ce que tu télécharges via p2p est piégé. Le p2p est le premier vecteur d'infection de nos jours.
    Plus d'informations disponibles en cliquant sur le lien suivant : Cracks / P2P

    Poste un nouveau rapport HijackThis et dis-moi comment va le PC.

    Toujours des problèmes ?

    ;) 
    18 Août 2008 22:39:21

    j'ai supprimé le keygen , c'était le seul logiciel de P2P que j'avais sur ce PC :) 

    voila le rapport : Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:35:36, on 18/08/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Toshiba\SmoothView\SmoothView.exe
    C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
    C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
    O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [the 1] "C:\ProgramData\Glue scr scr.yp6jcm"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing)
    O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/redirect-home?tag=Tosh... (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 8777 bytes




    faut-il régler autre chose ?
    pour le moment je ne suis gêné par aucune pub , je te tiens au courant si c'est de nouveau le cas .

    Sans vouloir trop t'en demander , est ce que tu pourrais faire une vérification de mon autre PC ? Il rame depuis pas mal de temps , alors j'aimerais bien que tu me dises ce qui ne va pas dans le pc , si il a des virus ou autre :) 

    si tu es ok je te poste un rapport hijackthis de mon autre pc !
    18 Août 2008 22:52:25

    encore des pubs finalement ...
    18 Août 2008 23:27:51

    Re,

    J'ai dû aller trop vite dans l'analyse du rapport :) 

    On va reprendre, t'inquiète pas ;) 

    Refais-moi un rapport LopS&D qu'on vérifie tout cela. Il se peut aussi que les pubs soient lié à autre chose.

    Tu utilises quel navigateur pour surfer ?

    ;) 
    18 Août 2008 23:41:36

    En fait au début j'avais ie7 , puis j'ai installé aussi firefox , mais vu que j'étais pas a l'aise sur ce dernier , je l'ai supprimé . Jprefere te le dire jsais pas si c'est important .. mais maintenant j'utilise internet explorer 7 que je trouve beaucoup mieux ..

    voila le rapport !


    --------------------\\ Lop S&D 4.2.3-0 XP/Vista

    [ Windows VISTA (NT 6.0) Workstation Build 6001, Service Pack 1 ]
    [ USER : Nardini Jean ] [ "C:\Lop SD" ] [ Selection : 1 ]
    [ 18/08/2008 | 23:37:01 ] [ PC : PC-DE-JEAN (Proc:x86) ]
    [ MAJ : 17-08-2008 | 01:58 ]
    [ UAC => 1 ]

    --------------------\\ Listing des dossiers dans Local

    [17/08/2008|15:27] C:\Users\NARDIN~1\AppData\Local\Adobe
    [15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Application Data
    [15/08/2008|17:50] C:\Users\NARDIN~1\AppData\Local\ATI
    [18/08/2008|12:27] C:\Users\NARDIN~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [18/08/2008|16:20] C:\Users\NARDIN~1\AppData\Local\GDIPFONTCACHEV1.DAT
    [16/08/2008|10:44] C:\Users\NARDIN~1\AppData\Local\Google
    [15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Historique
    [18/08/2008|16:37] C:\Users\NARDIN~1\AppData\Local\IconCache.db
    [17/08/2008|19:00] C:\Users\NARDIN~1\AppData\Local\Microsoft
    [15/08/2008|22:26] C:\Users\NARDIN~1\AppData\Local\Microsoft Games
    [16/08/2008|18:50] C:\Users\NARDIN~1\AppData\Local\MigWiz
    [16/08/2008|14:54] C:\Users\NARDIN~1\AppData\Local\Mozilla
    [17/08/2008|20:21] C:\Users\NARDIN~1\AppData\Local\Sony
    [18/08/2008|23:35] C:\Users\NARDIN~1\AppData\Local\Temp
    [15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Temporary Internet Files
    [15/08/2008|17:50] C:\Users\NARDIN~1\AppData\Local\Toshiba
    [15/08/2008|19:38] C:\Users\NARDIN~1\AppData\Local\VirtualStore

    --------------------\\ Tâches planifiées dans C:\Windows\tasks

    [18/08/2008 17:13][--ah-----] C:\Windows\tasks\SA.DAT
    [18/08/2008 16:38][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    --------------------\\ Listing des dossiers dans C:\ProgramData

    [29/04/2008|16:15] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    [16/08/2008|18:38] C:\ProgramData\Adobe
    [16/08/2008|18:32] C:\ProgramData\Adobe Systems
    [02/11/2006|15:02] C:\ProgramData\Application Data
    [15/08/2008|17:50] C:\ProgramData\ATI
    [15/08/2008|19:52] C:\ProgramData\BitDefender
    [15/08/2008|17:39] C:\ProgramData\Bureau
    [02/11/2006|15:02] C:\ProgramData\Desktop
    [02/11/2006|15:02] C:\ProgramData\Documents
    [15/08/2008|17:39] C:\ProgramData\Favoris
    [02/11/2006|15:02] C:\ProgramData\Favorites
    [18/08/2008|11:25] C:\ProgramData\Glue scr scr.qkddci
    [18/08/2008|11:47] C:\ProgramData\Glue scr scr.wv8kym3
    [18/08/2008|11:02] C:\ProgramData\Glue scr scr.wyxlw7c
    [18/08/2008|12:09] C:\ProgramData\Glue scr scr.yp6jcm
    [17/08/2008|15:21] C:\ProgramData\Google
    [18/08/2008|17:20] C:\ProgramData\Google Updater
    [16/08/2008|09:51] C:\ProgramData\IDOL DOG
    [15/08/2008|20:15] C:\ProgramData\IsolatedStorage
    [17/08/2008|15:30] C:\ProgramData\Lavasoft
    [15/08/2008|18:21] C:\ProgramData\McAfee
    [15/08/2008|17:39] C:\ProgramData\Menu D‚marrer
    [16/08/2008|12:39] C:\ProgramData\Messenger Plus!
    [15/08/2008|23:31] C:\ProgramData\Microsoft
    [15/08/2008|19:34] C:\ProgramData\Microsoft Help
    [15/08/2008|17:39] C:\ProgramData\ModŠles
    [16/08/2008|09:50] C:\ProgramData\Second Atom Okay Proxy
    [17/08/2008|20:08] C:\ProgramData\Sony
    [02/11/2006|15:02] C:\ProgramData\Start Menu
    [02/11/2006|15:02] C:\ProgramData\Templates
    [17/08/2008|11:47] C:\ProgramData\TOSHIBA
    [15/08/2008|17:44] C:\ProgramData\ToshibaEurope
    [16/04/2008|14:00] C:\ProgramData\Ulead Systems
    [16/08/2008|09:46] C:\ProgramData\WLInstaller

    --------------------\\ Listing des dossiers dans C:\Program Files

    [29/04/2008|16:15] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
    [16/08/2008|18:38] C:\Program Files\Adobe
    [15/08/2008|17:30] C:\Program Files\ATI
    [15/08/2008|17:30] C:\Program Files\ATI Technologies
    [15/08/2008|18:18] C:\Program Files\BitDefender
    [15/08/2008|17:31] C:\Program Files\Camera Assistant Software for Toshiba
    [17/08/2008|11:47] C:\Program Files\Common Files
    [16/08/2008|11:41] C:\Program Files\DebugMode
    [21/01/2008|04:43] C:\Program Files\desktop.ini
    [15/08/2008|17:39] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
    [17/08/2008|15:21] C:\Program Files\Google
    [16/04/2008|14:11] C:\Program Files\IDM
    [17/08/2008|11:08] C:\Program Files\InstallShield Installation Information
    [15/08/2008|17:29] C:\Program Files\Intel
    [21/01/2008|04:35] C:\Program Files\Internet Explorer
    [16/04/2008|14:01] C:\Program Files\InterVideo
    [15/08/2008|19:30] C:\Program Files\Java
    [17/08/2008|15:28] C:\Program Files\Lavasoft
    [16/08/2008|11:03] C:\Program Files\MediaCoder
    [16/08/2008|09:49] C:\Program Files\Messenger Plus! Live
    [02/11/2006|14:37] C:\Program Files\Microsoft Games
    [15/08/2008|19:34] C:\Program Files\Microsoft Office
    [17/08/2008|11:33] C:\Program Files\Microsoft Silverlight
    [15/08/2008|19:34] C:\Program Files\Microsoft Works
    [15/08/2008|17:46] C:\Program Files\Motorola
    [21/01/2008|04:35] C:\Program Files\Movie Maker
    [02/11/2006|14:37] C:\Program Files\MSBuild
    [16/04/2008|13:22] C:\Program Files\MSXML 4.0
    [16/08/2008|10:39] C:\Program Files\PhotoFiltre
    [16/04/2008|13:39] C:\Program Files\Realtek
    [02/11/2006|14:37] C:\Program Files\Reference Assemblies
    [17/08/2008|20:06] C:\Program Files\Sony
    [17/08/2008|20:04] C:\Program Files\Sony Setup
    [17/08/2008|18:07] C:\Program Files\Sports Interactive
    [18/08/2008|22:42] C:\Program Files\Steam
    [16/04/2008|13:40] C:\Program Files\Synaptics
    [17/08/2008|11:08] C:\Program Files\THQ
    [17/08/2008|11:47] C:\Program Files\Toshiba
    [15/08/2008|20:14] C:\Program Files\Toshiba TEMPRO
    [16/08/2008|15:55] C:\Program Files\Total War
    [17/08/2008|20:31] C:\Program Files\Trend Micro
    [16/04/2008|13:58] C:\Program Files\Ulead Systems
    [02/11/2006|15:01] C:\Program Files\Uninstall Information
    [16/08/2008|10:47] C:\Program Files\VideoLAN
    [17/08/2008|20:06] C:\Program Files\Vstplugins
    [21/01/2008|04:35] C:\Program Files\Windows Calendar
    [21/01/2008|04:35] C:\Program Files\Windows Collaboration
    [21/01/2008|04:35] C:\Program Files\Windows Defender
    [21/01/2008|04:35] C:\Program Files\Windows Journal
    [16/08/2008|09:48] C:\Program Files\Windows Live
    [15/08/2008|23:07] C:\Program Files\Windows Mail
    [16/04/2008|14:00] C:\Program Files\Windows Media Components
    [21/01/2008|04:35] C:\Program Files\Windows Media Player
    [15/08/2008|17:39] C:\Program Files\Windows NT
    [21/01/2008|04:35] C:\Program Files\Windows Photo Gallery
    [21/01/2008|04:35] C:\Program Files\Windows Sidebar
    [17/08/2008|18:16] C:\Program Files\WinRAR
    [17/08/2008|18:11] C:\Program Files\Zero G Registry

    --------------------\\ Listing des dossiers dans C:\Program Files\Common Files

    [16/08/2008|18:38] C:\Program Files\Common Files\Adobe
    [15/08/2008|19:52] C:\Program Files\Common Files\BitDefender
    [16/08/2008|16:01] C:\Program Files\Common Files\InstallShield
    [16/04/2008|13:24] C:\Program Files\Common Files\Java
    [15/08/2008|21:02] C:\Program Files\Common Files\microsoft shared
    [02/11/2006|13:18] C:\Program Files\Common Files\Services
    [02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
    [15/08/2008|23:04] C:\Program Files\Common Files\Steam
    [21/01/2008|04:35] C:\Program Files\Common Files\System
    [17/08/2008|11:48] C:\Program Files\Common Files\Toshiba Shared
    [16/04/2008|14:01] C:\Program Files\Common Files\Ulead Systems
    [15/08/2008|20:50] C:\Program Files\Common Files\WindowsLiveInstaller
    [17/08/2008|15:27] C:\Program Files\Common Files\Wise Installation Wizard

    --------------------\\ Process

    ( 80 Processus )

    iexplore.exe ~ [PID:2596] ~ [Threads:5]
    iexplore.exe ~ [PID:3540] ~ [Threads:15]
    iexplore.exe ~ [PID:8072] ~ [Threads:23]

    --------------------\\ Recherche avec S_Lop

    C:\ProgramData\Glue scr scr.qkddci
    C:\ProgramData\Glue scr scr.yp6jcm
    C:\ProgramData\Glue scr scr.wv8kym3
    C:\ProgramData\Glue scr scr.wyxlw7c

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies\nardini_jean@www.adserver5[1].txt
    C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies\nardini_jean@advertising[2].txt
    C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies\nardini_jean@adopt.euroclick[1].txt

    --------------------\\ Verification du Registre

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "the 1"="\"C:\\ProgramData\\Glue scr scr.yp6jcm\""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE


    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-18 23:37:15
    Windows 6.0.6001 Service Pack 1 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 2

    --------------------\\ Recherche d'autres infections


    Aucune autre infection trouvée !

    [F:110][D:27]-> C:\Users\NARDIN~1\AppData\Local\Temp
    [F:327][D:1]-> C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies
    [F:4102][D:6]-> C:\Users\NARDIN~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
    [F:29][D:3]-> C:\$Recycle.Bin

    --------------------\\ Fin du rapport a 23:38:55,82
    [ UAC => 1 ]

    19 Août 2008 11:46:18

    Re,

    Relance Lop S&D

  • Choisis cette fois ci l'Option 2 ( Suppression )
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré ( C:\lopR.txt )

    (Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

    Et poste un nouveau rapport HijackThis.

    ;) 
    19 Août 2008 14:14:48

    voilà le rapport lop :

    --------------------\\ Lop S&D 4.2.3-0 XP/Vista

    [ Windows VISTA (NT 6.0) Workstation Build 6001, Service Pack 1 ]
    [ USER : Nardini Jean ] [ "C:\Lop SD" ] [ Selection : 2 ]
    [ 19/08/2008 | 14:10:06 ] [ PC : PC-DE-JEAN (Proc:x86) ]
    [ MAJ : 17-08-2008 | 01:58 ]
    [ UAC => 1 ]


    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

    Supprime! - C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies\nardini_jean@adopt.euroclick[1].txt
    Supprime! - C:\ProgramData\Glue scr scr.qkddci
    Supprime! - C:\ProgramData\Glue scr scr.yp6jcm
    Supprime! - C:\ProgramData\Glue scr scr.wv8kym3
    Supprime! - C:\ProgramData\Glue scr scr.wyxlw7c

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    --------------------\\ Listing des dossiers dans Local

    [17/08/2008|15:27] C:\Users\NARDIN~1\AppData\Local\Adobe
    [15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Application Data
    [15/08/2008|17:50] C:\Users\NARDIN~1\AppData\Local\ATI
    [18/08/2008|12:27] C:\Users\NARDIN~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [18/08/2008|16:20] C:\Users\NARDIN~1\AppData\Local\GDIPFONTCACHEV1.DAT
    [16/08/2008|10:44] C:\Users\NARDIN~1\AppData\Local\Google
    [15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Historique
    [19/08/2008|00:14] C:\Users\NARDIN~1\AppData\Local\IconCache.db
    [17/08/2008|19:00] C:\Users\NARDIN~1\AppData\Local\Microsoft
    [15/08/2008|22:26] C:\Users\NARDIN~1\AppData\Local\Microsoft Games
    [16/08/2008|18:50] C:\Users\NARDIN~1\AppData\Local\MigWiz
    [16/08/2008|14:54] C:\Users\NARDIN~1\AppData\Local\Mozilla
    [17/08/2008|20:21] C:\Users\NARDIN~1\AppData\Local\Sony
    [19/08/2008|14:10] C:\Users\NARDIN~1\AppData\Local\Temp
    [15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Temporary Internet Files
    [15/08/2008|17:50] C:\Users\NARDIN~1\AppData\Local\Toshiba
    [15/08/2008|19:38] C:\Users\NARDIN~1\AppData\Local\VirtualStore

    --------------------\\ Tâches planifiées dans C:\Windows\tasks

    [19/08/2008 09:40][--ah-----] C:\Windows\tasks\SA.DAT
    [19/08/2008 00:14][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    --------------------\\ Listing des dossiers dans C:\ProgramData

    [29/04/2008|16:15] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    [16/08/2008|18:38] C:\ProgramData\Adobe
    [16/08/2008|18:32] C:\ProgramData\Adobe Systems
    [02/11/2006|15:02] C:\ProgramData\Application Data
    [15/08/2008|17:50] C:\ProgramData\ATI
    [15/08/2008|19:52] C:\ProgramData\BitDefender
    [15/08/2008|17:39] C:\ProgramData\Bureau
    [02/11/2006|15:02] C:\ProgramData\Desktop
    [02/11/2006|15:02] C:\ProgramData\Documents
    [15/08/2008|17:39] C:\ProgramData\Favoris
    [02/11/2006|15:02] C:\ProgramData\Favorites
    [17/08/2008|15:21] C:\ProgramData\Google
    [18/08/2008|17:20] C:\ProgramData\Google Updater
    [16/08/2008|09:51] C:\ProgramData\IDOL DOG
    [15/08/2008|20:15] C:\ProgramData\IsolatedStorage
    [17/08/2008|15:30] C:\ProgramData\Lavasoft
    [15/08/2008|18:21] C:\ProgramData\McAfee
    [15/08/2008|17:39] C:\ProgramData\Menu D‚marrer
    [16/08/2008|12:39] C:\ProgramData\Messenger Plus!
    [15/08/2008|23:31] C:\ProgramData\Microsoft
    [15/08/2008|19:34] C:\ProgramData\Microsoft Help
    [15/08/2008|17:39] C:\ProgramData\ModŠles
    [16/08/2008|09:50] C:\ProgramData\Second Atom Okay Proxy
    [17/08/2008|20:08] C:\ProgramData\Sony
    [02/11/2006|15:02] C:\ProgramData\Start Menu
    [02/11/2006|15:02] C:\ProgramData\Templates
    [17/08/2008|11:47] C:\ProgramData\TOSHIBA
    [15/08/2008|17:44] C:\ProgramData\ToshibaEurope
    [16/04/2008|14:00] C:\ProgramData\Ulead Systems
    [16/08/2008|09:46] C:\ProgramData\WLInstaller

    --------------------\\ Listing des dossiers dans C:\Program Files

    [29/04/2008|16:15] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
    [16/08/2008|18:38] C:\Program Files\Adobe
    [15/08/2008|17:30] C:\Program Files\ATI
    [15/08/2008|17:30] C:\Program Files\ATI Technologies
    [15/08/2008|18:18] C:\Program Files\BitDefender
    [15/08/2008|17:31] C:\Program Files\Camera Assistant Software for Toshiba
    [17/08/2008|11:47] C:\Program Files\Common Files
    [16/08/2008|11:41] C:\Program Files\DebugMode
    [21/01/2008|04:43] C:\Program Files\desktop.ini
    [15/08/2008|17:39] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
    [19/08/2008|10:54] C:\Program Files\GameSpy Arcade
    [17/08/2008|15:21] C:\Program Files\Google
    [16/04/2008|14:11] C:\Program Files\IDM
    [19/08/2008|10:56] C:\Program Files\InstallShield Installation Information
    [15/08/2008|17:29] C:\Program Files\Intel
    [21/01/2008|04:35] C:\Program Files\Internet Explorer
    [16/04/2008|14:01] C:\Program Files\InterVideo
    [15/08/2008|19:30] C:\Program Files\Java
    [17/08/2008|15:28] C:\Program Files\Lavasoft
    [16/08/2008|11:03] C:\Program Files\MediaCoder
    [16/08/2008|09:49] C:\Program Files\Messenger Plus! Live
    [02/11/2006|14:37] C:\Program Files\Microsoft Games
    [15/08/2008|19:34] C:\Program Files\Microsoft Office
    [17/08/2008|11:33] C:\Program Files\Microsoft Silverlight
    [15/08/2008|19:34] C:\Program Files\Microsoft Works
    [15/08/2008|17:46] C:\Program Files\Motorola
    [21/01/2008|04:35] C:\Program Files\Movie Maker
    [02/11/2006|14:37] C:\Program Files\MSBuild
    [16/04/2008|13:22] C:\Program Files\MSXML 4.0
    [16/08/2008|10:39] C:\Program Files\PhotoFiltre
    [16/04/2008|13:39] C:\Program Files\Realtek
    [02/11/2006|14:37] C:\Program Files\Reference Assemblies
    [17/08/2008|20:06] C:\Program Files\Sony
    [17/08/2008|20:04] C:\Program Files\Sony Setup
    [17/08/2008|18:07] C:\Program Files\Sports Interactive
    [19/08/2008|12:07] C:\Program Files\Steam
    [16/04/2008|13:40] C:\Program Files\Synaptics
    [17/08/2008|11:08] C:\Program Files\THQ
    [17/08/2008|11:47] C:\Program Files\Toshiba
    [15/08/2008|20:14] C:\Program Files\Toshiba TEMPRO
    [16/08/2008|15:55] C:\Program Files\Total War
    [17/08/2008|20:31] C:\Program Files\Trend Micro
    [16/04/2008|13:58] C:\Program Files\Ulead Systems
    [02/11/2006|15:01] C:\Program Files\Uninstall Information
    [16/08/2008|10:47] C:\Program Files\VideoLAN
    [17/08/2008|20:06] C:\Program Files\Vstplugins
    [21/01/2008|04:35] C:\Program Files\Windows Calendar
    [21/01/2008|04:35] C:\Program Files\Windows Collaboration
    [21/01/2008|04:35] C:\Program Files\Windows Defender
    [21/01/2008|04:35] C:\Program Files\Windows Journal
    [16/08/2008|09:48] C:\Program Files\Windows Live
    [15/08/2008|23:07] C:\Program Files\Windows Mail
    [16/04/2008|14:00] C:\Program Files\Windows Media Components
    [21/01/2008|04:35] C:\Program Files\Windows Media Player
    [15/08/2008|17:39] C:\Program Files\Windows NT
    [21/01/2008|04:35] C:\Program Files\Windows Photo Gallery
    [21/01/2008|04:35] C:\Program Files\Windows Sidebar
    [17/08/2008|18:16] C:\Program Files\WinRAR
    [17/08/2008|18:11] C:\Program Files\Zero G Registry

    --------------------\\ Listing des dossiers dans C:\Program Files\Common Files

    [16/08/2008|18:38] C:\Program Files\Common Files\Adobe
    [15/08/2008|19:52] C:\Program Files\Common Files\BitDefender
    [16/08/2008|16:01] C:\Program Files\Common Files\InstallShield
    [16/04/2008|13:24] C:\Program Files\Common Files\Java
    [15/08/2008|21:02] C:\Program Files\Common Files\microsoft shared
    [02/11/2006|13:18] C:\Program Files\Common Files\Services
    [02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
    [15/08/2008|23:04] C:\Program Files\Common Files\Steam
    [21/01/2008|04:35] C:\Program Files\Common Files\System
    [17/08/2008|11:48] C:\Program Files\Common Files\Toshiba Shared
    [16/04/2008|14:01] C:\Program Files\Common Files\Ulead Systems
    [15/08/2008|20:50] C:\Program Files\Common Files\WindowsLiveInstaller
    [17/08/2008|15:27] C:\Program Files\Common Files\Wise Installation Wizard

    --------------------\\ Process

    ( 76 Processus )

    iexplore.exe ~ [PID:5396] ~ [Threads:21]
    iexplore.exe ~ [PID:4144] ~ [Threads:3]
    iexplore.exe ~ [PID:172] ~ [Threads:6]

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies\nardini_jean@www.adserver5[2].txt
    C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies\nardini_jean@advertising[1].txt

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE


    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-19 14:10:29
    Windows 6.0.6001 Service Pack 1 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 2

    --------------------\\ Recherche d'autres infections


    Aucune autre infection trouvée !

    [F:113][D:27]-> C:\Users\NARDIN~1\AppData\Local\Temp
    [F:381][D:1]-> C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies
    [F:4390][D:10]-> C:\Users\NARDIN~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
    [F:34][D:4]-> C:\$Recycle.Bin

    --------------------\\ Fin du rapport a 14:12:36,71
    [ UAC => 1 ]



    et voila le rapport hijackthis
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:14:12, on 19/08/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    C:\Program Files\Toshiba\SmoothView\SmoothView.exe
    C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
    C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
    O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing)
    O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/redirect-home?tag=Tosh... (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 8845 bytes
    19 Août 2008 20:59:11

    Re,

    Normalement tu ne devrais plus avoir de pubs. Si tu en as toujours, c'est qu'il y a quelque chose qui relance l'infection, tiens-moi au courant. En attendant, fais ça ;) 

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    ;) 
    19 Août 2008 22:12:04

    MBAM n'a rien trouvé , et les pubs s'ouvrent encore :( 
    19 Août 2008 22:31:04

    Re,

    Relance LopS&D option 1.

    On va voir si l'infection est revenue.

    Je dois être aveugle, ce n'est pas possible :D 
    20 Août 2008 00:00:33

    j'espere pas ! ^^

    voila le rapport :

    --------------------\\ Lop S&D 4.2.3-0 XP/Vista

    [ Windows VISTA (NT 6.0) Workstation Build 6001, Service Pack 1 ]
    [ USER : Nardini Jean ] [ "C:\Lop SD" ] [ Selection : 1 ]
    [ 19/08/2008 | 23:53:05 ] [ PC : PC-DE-JEAN (Proc:x86) ]
    [ MAJ : 17-08-2008 | 01:58 ]
    [ UAC => 1 ]

    --------------------\\ Listing des dossiers dans Local

    [17/08/2008|15:27] C:\Users\NARDIN~1\AppData\Local\Adobe
    [15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Application Data
    [15/08/2008|17:50] C:\Users\NARDIN~1\AppData\Local\ATI
    [19/08/2008|23:49] C:\Users\NARDIN~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [18/08/2008|16:20] C:\Users\NARDIN~1\AppData\Local\GDIPFONTCACHEV1.DAT
    [16/08/2008|10:44] C:\Users\NARDIN~1\AppData\Local\Google
    [15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Historique
    [17/08/2008|19:00] C:\Users\NARDIN~1\AppData\Local\Microsoft
    [15/08/2008|22:26] C:\Users\NARDIN~1\AppData\Local\Microsoft Games
    [16/08/2008|18:50] C:\Users\NARDIN~1\AppData\Local\MigWiz
    [16/08/2008|14:54] C:\Users\NARDIN~1\AppData\Local\Mozilla
    [17/08/2008|20:21] C:\Users\NARDIN~1\AppData\Local\Sony
    [19/08/2008|23:52] C:\Users\NARDIN~1\AppData\Local\Temp
    [15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Temporary Internet Files
    [15/08/2008|17:50] C:\Users\NARDIN~1\AppData\Local\Toshiba
    [15/08/2008|19:38] C:\Users\NARDIN~1\AppData\Local\VirtualStore

    --------------------\\ Tâches planifiées dans C:\Windows\tasks

    [19/08/2008 22:08][--ah-----] C:\Windows\tasks\SA.DAT
    [19/08/2008 21:46][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    --------------------\\ Listing des dossiers dans C:\ProgramData

    [29/04/2008|16:15] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    [16/08/2008|18:38] C:\ProgramData\Adobe
    [16/08/2008|18:32] C:\ProgramData\Adobe Systems
    [02/11/2006|15:02] C:\ProgramData\Application Data
    [15/08/2008|17:50] C:\ProgramData\ATI
    [15/08/2008|19:52] C:\ProgramData\BitDefender
    [15/08/2008|17:39] C:\ProgramData\Bureau
    [02/11/2006|15:02] C:\ProgramData\Desktop
    [02/11/2006|15:02] C:\ProgramData\Documents
    [15/08/2008|17:39] C:\ProgramData\Favoris
    [02/11/2006|15:02] C:\ProgramData\Favorites
    [19/08/2008|14:31] C:\ProgramData\Glue scr scr.87whn4
    [17/08/2008|15:21] C:\ProgramData\Google
    [19/08/2008|18:20] C:\ProgramData\Google Updater
    [16/08/2008|09:51] C:\ProgramData\IDOL DOG
    [15/08/2008|20:15] C:\ProgramData\IsolatedStorage
    [17/08/2008|15:30] C:\ProgramData\Lavasoft
    [19/08/2008|21:37] C:\ProgramData\Malwarebytes
    [15/08/2008|18:21] C:\ProgramData\McAfee
    [15/08/2008|17:39] C:\ProgramData\Menu D‚marrer
    [16/08/2008|12:39] C:\ProgramData\Messenger Plus!
    [15/08/2008|23:31] C:\ProgramData\Microsoft
    [15/08/2008|19:34] C:\ProgramData\Microsoft Help
    [15/08/2008|17:39] C:\ProgramData\ModŠles
    [16/08/2008|09:50] C:\ProgramData\Second Atom Okay Proxy
    [17/08/2008|20:08] C:\ProgramData\Sony
    [02/11/2006|15:02] C:\ProgramData\Start Menu
    [02/11/2006|15:02] C:\ProgramData\Templates
    [17/08/2008|11:47] C:\ProgramData\TOSHIBA
    [15/08/2008|17:44] C:\ProgramData\ToshibaEurope
    [16/04/2008|14:00] C:\ProgramData\Ulead Systems
    [16/08/2008|09:46] C:\ProgramData\WLInstaller

    --------------------\\ Listing des dossiers dans C:\Program Files

    [29/04/2008|16:15] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
    [16/08/2008|18:38] C:\Program Files\Adobe
    [15/08/2008|17:30] C:\Program Files\ATI
    [15/08/2008|17:30] C:\Program Files\ATI Technologies
    [15/08/2008|18:18] C:\Program Files\BitDefender
    [15/08/2008|17:31] C:\Program Files\Camera Assistant Software for Toshiba
    [19/08/2008|21:33] C:\Program Files\CamStudio
    [17/08/2008|11:47] C:\Program Files\Common Files
    [19/08/2008|20:13] C:\Program Files\DebugMode
    [21/01/2008|04:43] C:\Program Files\desktop.ini
    [15/08/2008|17:39] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
    [19/08/2008|10:54] C:\Program Files\GameSpy Arcade
    [17/08/2008|15:21] C:\Program Files\Google
    [16/04/2008|14:11] C:\Program Files\IDM
    [19/08/2008|10:56] C:\Program Files\InstallShield Installation Information
    [15/08/2008|17:29] C:\Program Files\Intel
    [21/01/2008|04:35] C:\Program Files\Internet Explorer
    [16/04/2008|14:01] C:\Program Files\InterVideo
    [15/08/2008|19:30] C:\Program Files\Java
    [17/08/2008|15:28] C:\Program Files\Lavasoft
    [19/08/2008|21:38] C:\Program Files\Malwarebytes' Anti-Malware
    [16/08/2008|11:03] C:\Program Files\MediaCoder
    [16/08/2008|09:49] C:\Program Files\Messenger Plus! Live
    [02/11/2006|14:37] C:\Program Files\Microsoft Games
    [15/08/2008|19:34] C:\Program Files\Microsoft Office
    [17/08/2008|11:33] C:\Program Files\Microsoft Silverlight
    [15/08/2008|19:34] C:\Program Files\Microsoft Works
    [15/08/2008|17:46] C:\Program Files\Motorola
    [21/01/2008|04:35] C:\Program Files\Movie Maker
    [02/11/2006|14:37] C:\Program Files\MSBuild
    [16/04/2008|13:22] C:\Program Files\MSXML 4.0
    [19/08/2008|15:08] C:\Program Files\PhotoFiltre
    [16/04/2008|13:39] C:\Program Files\Realtek
    [02/11/2006|14:37] C:\Program Files\Reference Assemblies
    [17/08/2008|20:06] C:\Program Files\Sony
    [17/08/2008|20:04] C:\Program Files\Sony Setup
    [17/08/2008|18:07] C:\Program Files\Sports Interactive
    [19/08/2008|23:21] C:\Program Files\Steam
    [16/04/2008|13:40] C:\Program Files\Synaptics
    [17/08/2008|11:08] C:\Program Files\THQ
    [17/08/2008|11:47] C:\Program Files\Toshiba
    [15/08/2008|20:14] C:\Program Files\Toshiba TEMPRO
    [16/08/2008|15:55] C:\Program Files\Total War
    [17/08/2008|20:31] C:\Program Files\Trend Micro
    [16/04/2008|13:58] C:\Program Files\Ulead Systems
    [02/11/2006|15:01] C:\Program Files\Uninstall Information
    [16/08/2008|10:47] C:\Program Files\VideoLAN
    [17/08/2008|20:06] C:\Program Files\Vstplugins
    [21/01/2008|04:35] C:\Program Files\Windows Calendar
    [21/01/2008|04:35] C:\Program Files\Windows Collaboration
    [21/01/2008|04:35] C:\Program Files\Windows Defender
    [21/01/2008|04:35] C:\Program Files\Windows Journal
    [16/08/2008|09:48] C:\Program Files\Windows Live
    [15/08/2008|23:07] C:\Program Files\Windows Mail
    [16/04/2008|14:00] C:\Program Files\Windows Media Components
    [21/01/2008|04:35] C:\Program Files\Windows Media Player
    [15/08/2008|17:39] C:\Program Files\Windows NT
    [21/01/2008|04:35] C:\Program Files\Windows Photo Gallery
    [21/01/2008|04:35] C:\Program Files\Windows Sidebar
    [17/08/2008|18:16] C:\Program Files\WinRAR
    [17/08/2008|18:11] C:\Program Files\Zero G Registry

    --------------------\\ Listing des dossiers dans C:\Program Files\Common Files

    [16/08/2008|18:38] C:\Program Files\Common Files\Adobe
    [15/08/2008|19:52] C:\Program Files\Common Files\BitDefender
    [16/08/2008|16:01] C:\Program Files\Common Files\InstallShield
    [16/04/2008|13:24] C:\Program Files\Common Files\Java
    [15/08/2008|21:02] C:\Program Files\Common Files\microsoft shared
    [02/11/2006|13:18] C:\Program Files\Common Files\Services
    [02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
    [15/08/2008|23:04] C:\Program Files\Common Files\Steam
    [21/01/2008|04:35] C:\Program Files\Common Files\System
    [17/08/2008|11:48] C:\Program Files\Common Files\Toshiba Shared
    [16/04/2008|14:01] C:\Program Files\Common Files\Ulead Systems
    [15/08/2008|20:50] C:\Program Files\Common Files\WindowsLiveInstaller
    [19/08/2008|20:07] C:\Program Files\Common Files\Wise Installation Wizard

    --------------------\\ Process

    ( 76 Processus )

    iexplore.exe ~ [PID:3480] ~ [Threads:5]
    iexplore.exe ~ [PID:3664] ~ [Threads:14]
    iexplore.exe ~ [PID:5872] ~ [Threads:20]

    --------------------\\ Recherche avec S_Lop

    C:\ProgramData\Glue scr scr.87whn4

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies\nardini_jean@www.adserver5[2].txt
    C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies\nardini_jean@advertising[1].txt

    --------------------\\ Verification du Registre

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "the 1"="\"C:\\ProgramData\\Glue scr scr.87whn4\""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE


    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-19 23:53:20
    Windows 6.0.6001 Service Pack 1 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    C:\Users\NARDIN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GW5T5CYA\icon_chinese_buffalo_1[1].gif
    C:\Users\NARDIN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RSG9TP5Q\smilies[1].htm
    scan completed successfully
    hidden processes: 0
    hidden files: 5

    --------------------\\ Recherche d'autres infections


    Aucune autre infection trouvée !

    [F:144][D:31]-> C:\Users\NARDIN~1\AppData\Local\Temp
    [F:419][D:1]-> C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies
    [F:4189][D:10]-> C:\Users\NARDIN~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
    [F:2][D:1]-> C:\$Recycle.Bin

    --------------------\\ Fin du rapport a 23:55:35,73
    [ UAC => 1 ]

    20 Août 2008 01:03:13

    Re,

    Relance l'option 2... poste le rapport, puis :

    Séléctionne l'encadré ci dessous en entier , puis clique droit , choisis Copier
    @echo off & cls
    dir "C:\ProgramData" >> files.txt
    dir "C:\Windows\tasks" >> files.txt
    notepad files.txt

    Puis , menu Démarrer / Executer , tape cmd et valide par OK
    Fais un clique droit dans la fenêtre noire et choisis Coller
    il va sortir un rapport , poste le ici,

    ;) 
    20 Août 2008 11:00:29

    rapport lop :

    --------------------\\ Lop S&D 4.2.3-0 XP/Vista

    [ Windows VISTA (NT 6.0) Workstation Build 6001, Service Pack 1 ]
    [ USER : Nardini Jean ] [ "C:\Lop SD" ] [ Selection : 2 ]
    [ 20/08/2008 | 10:55:20 ] [ PC : PC-DE-JEAN (Proc:x86) ]
    [ MAJ : 17-08-2008 | 01:58 ]
    [ UAC => 1 ]


    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

    Supprime! - C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies\nardini_jean@www.adserver5[2].txt
    Supprime! - C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies\nardini_jean@advertising[1].txt
    Supprime! - C:\ProgramData\Glue scr scr.87whn4

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    --------------------\\ Listing des dossiers dans Local

    [17/08/2008|15:27] C:\Users\NARDIN~1\AppData\Local\Adobe
    [15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Application Data
    [15/08/2008|17:50] C:\Users\NARDIN~1\AppData\Local\ATI
    [19/08/2008|23:49] C:\Users\NARDIN~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [18/08/2008|16:20] C:\Users\NARDIN~1\AppData\Local\GDIPFONTCACHEV1.DAT
    [16/08/2008|10:44] C:\Users\NARDIN~1\AppData\Local\Google
    [15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Historique
    [20/08/2008|00:39] C:\Users\NARDIN~1\AppData\Local\IconCache.db
    [17/08/2008|19:00] C:\Users\NARDIN~1\AppData\Local\Microsoft
    [15/08/2008|22:26] C:\Users\NARDIN~1\AppData\Local\Microsoft Games
    [16/08/2008|18:50] C:\Users\NARDIN~1\AppData\Local\MigWiz
    [16/08/2008|14:54] C:\Users\NARDIN~1\AppData\Local\Mozilla
    [17/08/2008|20:21] C:\Users\NARDIN~1\AppData\Local\Sony
    [20/08/2008|10:55] C:\Users\NARDIN~1\AppData\Local\Temp
    [15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Temporary Internet Files
    [15/08/2008|17:50] C:\Users\NARDIN~1\AppData\Local\Toshiba
    [15/08/2008|19:38] C:\Users\NARDIN~1\AppData\Local\VirtualStore

    --------------------\\ Tâches planifiées dans C:\Windows\tasks

    [20/08/2008 10:18][--ah-----] C:\Windows\tasks\SA.DAT
    [20/08/2008 00:40][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    --------------------\\ Listing des dossiers dans C:\ProgramData

    [29/04/2008|16:15] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    [16/08/2008|18:38] C:\ProgramData\Adobe
    [16/08/2008|18:32] C:\ProgramData\Adobe Systems
    [02/11/2006|15:02] C:\ProgramData\Application Data
    [15/08/2008|17:50] C:\ProgramData\ATI
    [15/08/2008|19:52] C:\ProgramData\BitDefender
    [15/08/2008|17:39] C:\ProgramData\Bureau
    [02/11/2006|15:02] C:\ProgramData\Desktop
    [02/11/2006|15:02] C:\ProgramData\Documents
    [15/08/2008|17:39] C:\ProgramData\Favoris
    [02/11/2006|15:02] C:\ProgramData\Favorites
    [17/08/2008|15:21] C:\ProgramData\Google
    [19/08/2008|18:20] C:\ProgramData\Google Updater
    [16/08/2008|09:51] C:\ProgramData\IDOL DOG
    [15/08/2008|20:15] C:\ProgramData\IsolatedStorage
    [17/08/2008|15:30] C:\ProgramData\Lavasoft
    [19/08/2008|21:37] C:\ProgramData\Malwarebytes
    [15/08/2008|18:21] C:\ProgramData\McAfee
    [15/08/2008|17:39] C:\ProgramData\Menu D‚marrer
    [16/08/2008|12:39] C:\ProgramData\Messenger Plus!
    [15/08/2008|23:31] C:\ProgramData\Microsoft
    [15/08/2008|19:34] C:\ProgramData\Microsoft Help
    [15/08/2008|17:39] C:\ProgramData\ModŠles
    [16/08/2008|09:50] C:\ProgramData\Second Atom Okay Proxy
    [17/08/2008|20:08] C:\ProgramData\Sony
    [02/11/2006|15:02] C:\ProgramData\Start Menu
    [02/11/2006|15:02] C:\ProgramData\Templates
    [17/08/2008|11:47] C:\ProgramData\TOSHIBA
    [15/08/2008|17:44] C:\ProgramData\ToshibaEurope
    [16/04/2008|14:00] C:\ProgramData\Ulead Systems
    [16/08/2008|09:46] C:\ProgramData\WLInstaller

    --------------------\\ Listing des dossiers dans C:\Program Files

    [29/04/2008|16:15] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
    [16/08/2008|18:38] C:\Program Files\Adobe
    [15/08/2008|17:30] C:\Program Files\ATI
    [15/08/2008|17:30] C:\Program Files\ATI Technologies
    [15/08/2008|18:18] C:\Program Files\BitDefender
    [15/08/2008|17:31] C:\Program Files\Camera Assistant Software for Toshiba
    [19/08/2008|21:33] C:\Program Files\CamStudio
    [17/08/2008|11:47] C:\Program Files\Common Files
    [19/08/2008|20:13] C:\Program Files\DebugMode
    [21/01/2008|04:43] C:\Program Files\desktop.ini
    [15/08/2008|17:39] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
    [19/08/2008|10:54] C:\Program Files\GameSpy Arcade
    [17/08/2008|15:21] C:\Program Files\Google
    [16/04/2008|14:11] C:\Program Files\IDM
    [19/08/2008|10:56] C:\Program Files\InstallShield Installation Information
    [15/08/2008|17:29] C:\Program Files\Intel
    [21/01/2008|04:35] C:\Program Files\Internet Explorer
    [16/04/2008|14:01] C:\Program Files\InterVideo
    [15/08/2008|19:30] C:\Program Files\Java
    [17/08/2008|15:28] C:\Program Files\Lavasoft
    [19/08/2008|21:38] C:\Program Files\Malwarebytes' Anti-Malware
    [16/08/2008|11:03] C:\Program Files\MediaCoder
    [16/08/2008|09:49] C:\Program Files\Messenger Plus! Live
    [02/11/2006|14:37] C:\Program Files\Microsoft Games
    [15/08/2008|19:34] C:\Program Files\Microsoft Office
    [20/08/2008|00:40] C:\Program Files\Microsoft Silverlight
    [15/08/2008|19:34] C:\Program Files\Microsoft Works
    [15/08/2008|17:46] C:\Program Files\Motorola
    [21/01/2008|04:35] C:\Program Files\Movie Maker
    [02/11/2006|14:37] C:\Program Files\MSBuild
    [16/04/2008|13:22] C:\Program Files\MSXML 4.0
    [19/08/2008|15:08] C:\Program Files\PhotoFiltre
    [16/04/2008|13:39] C:\Program Files\Realtek
    [02/11/2006|14:37] C:\Program Files\Reference Assemblies
    [17/08/2008|20:06] C:\Program Files\Sony
    [17/08/2008|20:04] C:\Program Files\Sony Setup
    [17/08/2008|18:07] C:\Program Files\Sports Interactive
    [19/08/2008|23:21] C:\Program Files\Steam
    [16/04/2008|13:40] C:\Program Files\Synaptics
    [17/08/2008|11:08] C:\Program Files\THQ
    [17/08/2008|11:47] C:\Program Files\Toshiba
    [15/08/2008|20:14] C:\Program Files\Toshiba TEMPRO
    [16/08/2008|15:55] C:\Program Files\Total War
    [17/08/2008|20:31] C:\Program Files\Trend Micro
    [16/04/2008|13:58] C:\Program Files\Ulead Systems
    [02/11/2006|15:01] C:\Program Files\Uninstall Information
    [16/08/2008|10:47] C:\Program Files\VideoLAN
    [17/08/2008|20:06] C:\Program Files\Vstplugins
    [21/01/2008|04:35] C:\Program Files\Windows Calendar
    [21/01/2008|04:35] C:\Program Files\Windows Collaboration
    [21/01/2008|04:35] C:\Program Files\Windows Defender
    [21/01/2008|04:35] C:\Program Files\Windows Journal
    [16/08/2008|09:48] C:\Program Files\Windows Live
    [15/08/2008|23:07] C:\Program Files\Windows Mail
    [16/04/2008|14:00] C:\Program Files\Windows Media Components
    [21/01/2008|04:35] C:\Program Files\Windows Media Player
    [15/08/2008|17:39] C:\Program Files\Windows NT
    [21/01/2008|04:35] C:\Program Files\Windows Photo Gallery
    [21/01/2008|04:35] C:\Program Files\Windows Sidebar
    [17/08/2008|18:16] C:\Program Files\WinRAR
    [17/08/2008|18:11] C:\Program Files\Zero G Registry

    --------------------\\ Listing des dossiers dans C:\Program Files\Common Files

    [16/08/2008|18:38] C:\Program Files\Common Files\Adobe
    [15/08/2008|19:52] C:\Program Files\Common Files\BitDefender
    [16/08/2008|16:01] C:\Program Files\Common Files\InstallShield
    [16/04/2008|13:24] C:\Program Files\Common Files\Java
    [15/08/2008|21:02] C:\Program Files\Common Files\microsoft shared
    [02/11/2006|13:18] C:\Program Files\Common Files\Services
    [02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
    [15/08/2008|23:04] C:\Program Files\Common Files\Steam
    [21/01/2008|04:35] C:\Program Files\Common Files\System
    [17/08/2008|11:48] C:\Program Files\Common Files\Toshiba Shared
    [16/04/2008|14:01] C:\Program Files\Common Files\Ulead Systems
    [15/08/2008|20:50] C:\Program Files\Common Files\WindowsLiveInstaller
    [19/08/2008|20:07] C:\Program Files\Common Files\Wise Installation Wizard

    --------------------\\ Process

    ( 79 Processus )

    iexplore.exe ~ [PID:4768] ~ [Threads:3]
    iexplore.exe ~ [PID:1240] ~ [Threads:6]

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE


    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-20 10:55:39
    Windows 6.0.6001 Service Pack 1 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 3

    --------------------\\ Recherche d'autres infections


    Aucune autre infection trouvée !

    [F:144][D:30]-> C:\Users\NARDIN~1\AppData\Local\Temp
    [F:422][D:1]-> C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies
    [F:4210][D:10]-> C:\Users\NARDIN~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
    [F:2][D:1]-> C:\$Recycle.Bin

    --------------------\\ Fin du rapport a 10:58:04,96
    [ UAC => 1 ]

    rapport cmd :
    Le volume dans le lecteur C s'appelle Vista
    Le num‚ro de s‚rie du volume est 606E-7C57

    R‚pertoire de C:\ProgramData

    16/08/2008 18:38 <REP> Adobe
    16/08/2008 18:32 <REP> Adobe Systems
    15/08/2008 17:50 <REP> ATI
    15/08/2008 19:52 <REP> BitDefender
    17/08/2008 15:21 <REP> Google
    19/08/2008 18:20 <REP> Google Updater
    16/08/2008 09:51 <REP> IDOL DOG
    15/08/2008 20:15 <REP> IsolatedStorage
    17/08/2008 15:30 <REP> Lavasoft
    19/08/2008 21:37 <REP> Malwarebytes
    15/08/2008 18:21 <REP> McAfee
    16/08/2008 12:39 <REP> Messenger Plus!
    15/08/2008 19:34 <REP> Microsoft Help
    16/08/2008 09:50 <REP> Second Atom Okay Proxy
    17/08/2008 20:08 <REP> Sony
    17/08/2008 11:47 <REP> TOSHIBA
    15/08/2008 17:44 <REP> ToshibaEurope
    16/04/2008 14:00 <REP> Ulead Systems
    16/08/2008 09:46 <REP> WLInstaller
    29/04/2008 16:15 <REP> {174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    0 fichier(s) 0 octets
    20 R‚p(s) 34ÿ784ÿ382ÿ976 octets libres
    Le volume dans le lecteur C s'appelle Vista
    Le num‚ro de s‚rie du volume est 606E-7C57

    R‚pertoire de C:\Windows\tasks

    15/08/2008 17:57 <REP> .
    15/08/2008 17:57 <REP> ..
    20/08/2008 00:40 19ÿ174 SCHEDLGU.TXT
    1 fichier(s) 19ÿ174 octets
    2 R‚p(s) 34ÿ784ÿ382ÿ976 octets libres


    20 Août 2008 11:03:02

    Re,

    Le rapport me semble bon :) 

    As-tu désinstallé via ajout/suppression de programmes du panneau de configuration le sponsor de MSN 3+! , responsable de l'infection ?

    Toujours des pubs ?

    Redémarre le PC et envoie un nouveau rapport lopS&D option 1.

    ;) 
    20 Août 2008 12:25:41

    alors voilà jai réinstallé msn 3+ , mais j'ai refusé cette fois d'installer le programme sponsor de msn + . J'ai vu cette astuce sur 01.net , et pour le moment je n'ai plus de publicités .

    voila le rapport :
    --------------------\\ Lop S&D 4.2.3-0 XP/Vista

    [ Windows VISTA (NT 6.0) Workstation Build 6001, Service Pack 1 ]
    [ USER : Nardini Jean ] [ "C:\Lop SD" ] [ Selection : 1 ]
    [ 20/08/2008 | 12:21:59 ] [ PC : PC-DE-JEAN (Proc:x86) ]
    [ MAJ : 17-08-2008 | 01:58 ]
    [ UAC => 1 ]

    --------------------\\ Listing des dossiers dans Local

    [17/08/2008|15:27] C:\Users\NARDIN~1\AppData\Local\Adobe
    [15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Application Data
    [15/08/2008|17:50] C:\Users\NARDIN~1\AppData\Local\ATI
    [19/08/2008|23:49] C:\Users\NARDIN~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [18/08/2008|16:20] C:\Users\NARDIN~1\AppData\Local\GDIPFONTCACHEV1.DAT
    [16/08/2008|10:44] C:\Users\NARDIN~1\AppData\Local\Google
    [15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Historique
    [20/08/2008|11:49] C:\Users\NARDIN~1\AppData\Local\IconCache.db
    [17/08/2008|19:00] C:\Users\NARDIN~1\AppData\Local\Microsoft
    [15/08/2008|22:26] C:\Users\NARDIN~1\AppData\Local\Microsoft Games
    [16/08/2008|18:50] C:\Users\NARDIN~1\AppData\Local\MigWiz
    [16/08/2008|14:54] C:\Users\NARDIN~1\AppData\Local\Mozilla
    [17/08/2008|20:21] C:\Users\NARDIN~1\AppData\Local\Sony
    [20/08/2008|12:20] C:\Users\NARDIN~1\AppData\Local\Temp
    [15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Temporary Internet Files
    [15/08/2008|17:50] C:\Users\NARDIN~1\AppData\Local\Toshiba
    [15/08/2008|19:38] C:\Users\NARDIN~1\AppData\Local\VirtualStore

    --------------------\\ Tâches planifiées dans C:\Windows\tasks

    [20/08/2008 11:50][--ah-----] C:\Windows\tasks\SA.DAT
    [20/08/2008 11:50][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    --------------------\\ Listing des dossiers dans C:\ProgramData

    [29/04/2008|16:15] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    [16/08/2008|18:38] C:\ProgramData\Adobe
    [16/08/2008|18:32] C:\ProgramData\Adobe Systems
    [02/11/2006|15:02] C:\ProgramData\Application Data
    [15/08/2008|17:50] C:\ProgramData\ATI
    [15/08/2008|19:52] C:\ProgramData\BitDefender
    [15/08/2008|17:39] C:\ProgramData\Bureau
    [02/11/2006|15:02] C:\ProgramData\Desktop
    [02/11/2006|15:02] C:\ProgramData\Documents
    [15/08/2008|17:39] C:\ProgramData\Favoris
    [02/11/2006|15:02] C:\ProgramData\Favorites
    [20/08/2008|11:44] C:\ProgramData\Glue scr scr.14boiz
    [17/08/2008|15:21] C:\ProgramData\Google
    [19/08/2008|18:20] C:\ProgramData\Google Updater
    [16/08/2008|09:51] C:\ProgramData\IDOL DOG
    [15/08/2008|20:15] C:\ProgramData\IsolatedStorage
    [17/08/2008|15:30] C:\ProgramData\Lavasoft
    [19/08/2008|21:37] C:\ProgramData\Malwarebytes
    [15/08/2008|18:21] C:\ProgramData\McAfee
    [15/08/2008|17:39] C:\ProgramData\Menu D‚marrer
    [15/08/2008|23:31] C:\ProgramData\Microsoft
    [15/08/2008|19:34] C:\ProgramData\Microsoft Help
    [15/08/2008|17:39] C:\ProgramData\ModŠles
    [16/08/2008|09:50] C:\ProgramData\Second Atom Okay Proxy
    [17/08/2008|20:08] C:\ProgramData\Sony
    [02/11/2006|15:02] C:\ProgramData\Start Menu
    [02/11/2006|15:02] C:\ProgramData\Templates
    [17/08/2008|11:47] C:\ProgramData\TOSHIBA
    [15/08/2008|17:44] C:\ProgramData\ToshibaEurope
    [16/04/2008|14:00] C:\ProgramData\Ulead Systems
    [16/08/2008|09:46] C:\ProgramData\WLInstaller

    --------------------\\ Listing des dossiers dans C:\Program Files

    [29/04/2008|16:15] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
    [16/08/2008|18:38] C:\Program Files\Adobe
    [15/08/2008|17:30] C:\Program Files\ATI
    [15/08/2008|17:30] C:\Program Files\ATI Technologies
    [15/08/2008|18:18] C:\Program Files\BitDefender
    [15/08/2008|17:31] C:\Program Files\Camera Assistant Software for Toshiba
    [19/08/2008|21:33] C:\Program Files\CamStudio
    [17/08/2008|11:47] C:\Program Files\Common Files
    [19/08/2008|20:13] C:\Program Files\DebugMode
    [21/01/2008|04:43] C:\Program Files\desktop.ini
    [15/08/2008|17:39] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
    [19/08/2008|10:54] C:\Program Files\GameSpy Arcade
    [17/08/2008|15:21] C:\Program Files\Google
    [16/04/2008|14:11] C:\Program Files\IDM
    [19/08/2008|10:56] C:\Program Files\InstallShield Installation Information
    [15/08/2008|17:29] C:\Program Files\Intel
    [21/01/2008|04:35] C:\Program Files\Internet Explorer
    [16/04/2008|14:01] C:\Program Files\InterVideo
    [15/08/2008|19:30] C:\Program Files\Java
    [17/08/2008|15:28] C:\Program Files\Lavasoft
    [19/08/2008|21:38] C:\Program Files\Malwarebytes' Anti-Malware
    [16/08/2008|11:03] C:\Program Files\MediaCoder
    [20/08/2008|12:20] C:\Program Files\Messenger Plus! Live
    [02/11/2006|14:37] C:\Program Files\Microsoft Games
    [15/08/2008|19:34] C:\Program Files\Microsoft Office
    [20/08/2008|00:40] C:\Program Files\Microsoft Silverlight
    [15/08/2008|19:34] C:\Program Files\Microsoft Works
    [15/08/2008|17:46] C:\Program Files\Motorola
    [21/01/2008|04:35] C:\Program Files\Movie Maker
    [02/11/2006|14:37] C:\Program Files\MSBuild
    [16/04/2008|13:22] C:\Program Files\MSXML 4.0
    [19/08/2008|15:08] C:\Program Files\PhotoFiltre
    [16/04/2008|13:39] C:\Program Files\Realtek
    [02/11/2006|14:37] C:\Program Files\Reference Assemblies
    [17/08/2008|20:06] C:\Program Files\Sony
    [17/08/2008|20:04] C:\Program Files\Sony Setup
    [17/08/2008|18:07] C:\Program Files\Sports Interactive
    [20/08/2008|11:10] C:\Program Files\Steam
    [16/04/2008|13:40] C:\Program Files\Synaptics
    [17/08/2008|11:08] C:\Program Files\THQ
    [17/08/2008|11:47] C:\Program Files\Toshiba
    [15/08/2008|20:14] C:\Program Files\Toshiba TEMPRO
    [16/08/2008|15:55] C:\Program Files\Total War
    [17/08/2008|20:31] C:\Program Files\Trend Micro
    [16/04/2008|13:58] C:\Program Files\Ulead Systems
    [02/11/2006|15:01] C:\Program Files\Uninstall Information
    [16/08/2008|10:47] C:\Program Files\VideoLAN
    [17/08/2008|20:06] C:\Program Files\Vstplugins
    [21/01/2008|04:35] C:\Program Files\Windows Calendar
    [21/01/2008|04:35] C:\Program Files\Windows Collaboration
    [21/01/2008|04:35] C:\Program Files\Windows Defender
    [21/01/2008|04:35] C:\Program Files\Windows Journal
    [16/08/2008|09:48] C:\Program Files\Windows Live
    [15/08/2008|23:07] C:\Program Files\Windows Mail
    [16/04/2008|14:00] C:\Program Files\Windows Media Components
    [21/01/2008|04:35] C:\Program Files\Windows Media Player
    [15/08/2008|17:39] C:\Program Files\Windows NT
    [21/01/2008|04:35] C:\Program Files\Windows Photo Gallery
    [21/01/2008|04:35] C:\Program Files\Windows Sidebar
    [17/08/2008|18:16] C:\Program Files\WinRAR
    [17/08/2008|18:11] C:\Program Files\Zero G Registry

    --------------------\\ Listing des dossiers dans C:\Program Files\Common Files

    [16/08/2008|18:38] C:\Program Files\Common Files\Adobe
    [15/08/2008|19:52] C:\Program Files\Common Files\BitDefender
    [16/08/2008|16:01] C:\Program Files\Common Files\InstallShield
    [16/04/2008|13:24] C:\Program Files\Common Files\Java
    [15/08/2008|21:02] C:\Program Files\Common Files\microsoft shared
    [02/11/2006|13:18] C:\Program Files\Common Files\Services
    [02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
    [15/08/2008|23:04] C:\Program Files\Common Files\Steam
    [21/01/2008|04:35] C:\Program Files\Common Files\System
    [17/08/2008|11:48] C:\Program Files\Common Files\Toshiba Shared
    [16/04/2008|14:01] C:\Program Files\Common Files\Ulead Systems
    [15/08/2008|20:50] C:\Program Files\Common Files\WindowsLiveInstaller
    [19/08/2008|20:07] C:\Program Files\Common Files\Wise Installation Wizard

    --------------------\\ Process

    ( 78 Processus )

    iexplore.exe ~ [PID:156] ~ [Threads:24]
    iexplore.exe ~ [PID:324] ~ [Threads:5]
    iexplore.exe ~ [PID:2684] ~ [Threads:9]

    --------------------\\ Recherche avec S_Lop

    C:\ProgramData\Glue scr scr.14boiz

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Verification du Registre

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "the 1"="\"C:\\ProgramData\\Glue scr scr.14boiz\""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE


    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-20 12:22:12
    Windows 6.0.6001 Service Pack 1 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 3

    --------------------\\ Recherche d'autres infections


    Aucune autre infection trouvée !

    [F:149][D:30]-> C:\Users\NARDIN~1\AppData\Local\Temp
    [F:428][D:1]-> C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies
    [F:4123][D:10]-> C:\Users\NARDIN~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
    [F:8][D:5]-> C:\$Recycle.Bin

    --------------------\\ Fin du rapport a 12:24:26,51
    [ UAC => 1 ]

    20 Août 2008 12:58:27

    Re,

    Non c'est revenu :o  :/ 

    Bon, on va creuser plus en profondeur, comme ça j'en saurais plus, là je tourne en rond.

    C'est parti pour le gros calibre :D 
    1) Téléchargez ATF Cleaner sur votre Bureau.

  • Faites un double clic sur ATF-Cleaner.exe pour lancer le programme.
  • Cliquez sur Select All situé en bas de la liste.
  • Cliquez sur le bouton Empty Selected.

    Si vous utilisez le navigateur Firefox, faites aussi ceci :
  • Cliquez sur Firefox en haut et choisissez Select All dans la liste.
  • Cliquez sur le bouton Empty Selected.
  • NOTE : Si vous désirez conserver vos mots de passe enregistrés, cliquez sur No dans le message d'avertissement.

    Si vous utilisez le navigateur Opera, faites aussi ceci :
  • Cliquez sur Opera en haut et choisissez Select All dans la liste.
  • Fermez TOUS les navigateurs Internet (très important).
  • Cliquez sur le bouton Empty Selected.
  • NOTE : Si vous désirez conserver vos mots de passe enregistrés, cliquez sur No dans le message d'avertissement.
    Cliquez sur Exit dans le menu principal pour fermer le programme.

    2) Ensuite, téléchargez OTScanIt.exe sur votre Bureau, et faites un double clic dessus pour extraire les fichiers. Ceci va créer un dossier nommé OTScanIt sur votre Bureau.

    N.B : Si pendant le téléchargement et/ou l’installation tu reçois une alerte de ton antivirus, ignore-là. Certains composants de OTscanIT peuvent être détectés comme un virus par certains antivirus. Pense aussi à désactiver tes protections résidentes durant la procédure.

    Note : Vous devez avoir ouvert une session avec un compte ayant les droits Administrateur pour exécuter ce programme.

  • Fermez TOUS LES AUTRES PROGRAMMES.
  • Ouvrez le dossier OTScanIt et faites un double clic sur OTScanIt.exe pour lancer le programme (si vous êtes sous Windows Vista, faites un clic droit sur le programme et choisissez Exécuter en tant qu'Administrateur).
  • Dans la section Drivers cliquez sur Non-Microsoft.
  • Sous Additional Scans cochez la case située devant les éléments suivants afin de les sélectionner :

    Reg - BotCheck
    File - Additional Folder Scans


  • Ne modifiez aucun autre paramètre.
  • Ensuite, cliquez sur le bouton Run Scan dans la barre d'outils.
  • Laissez le programme tourner sans intervenir.
  • Lorsque l'analyse est terminée le Bloc-notes va s'ouvrir pour afficher le fichier rapport.
  • Cliquez sur le menu Format et vérifiez que Retour automatique à la ligne n'est pas coché. S'il l'est, cliquez dessus afin de le décocher.
    Utilisez le bouton Répondre et faites un copier/coller de ces informations ici. Je les examinerai dès leur arrivée. Vérifiez que la première ligne est code entouré de crochets [] et que la dernière ligne est /code entouré de crochets [].

    Si, après avoir envoyé votre message, la dernière ligne n'est pas <End of Report> cela signifie que le rapport est trop long pour tenir dans un seul message, et vous devez dans ce cas le découper en plusieurs messages, ou le mettre sur Mediafire : http://www.mediafire.com

    ;) 
    20 Août 2008 14:07:03

    [code]
    OTScanIt logfile created on: 20/08/2008 14:02:58
    OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Users\NARDIN~1\Desktop
    Windows Vista Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    2,00 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 86,97% Memory free
    4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
    Paging file location(s): ?:\pagefile.sys;

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 74,37 Gb Total Space | 30,48 Gb Free Space | 40,98% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    Drive E: | 73,21 Gb Total Space | 68,47 Gb Free Space | 93,52% Space Free | Partition Type: NTFS
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: PC-DE-JEAN
    Current User Name: Nardini Jean
    Logged in as Administrator.
    Current Boot Mode: Normal
    Scan Mode: Current user

    [Processes - Non-Microsoft Only]
    ati2evxx.exe -> %SystemRoot%\System32\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4188 | Size = 643072 bytes | Modified Date = 30/01/2008 16:28:06 | Attr = ]
    ati2evxx.exe -> %SystemRoot%\System32\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4188 | Size = 643072 bytes | Modified Date = 30/01/2008 16:28:06 | Attr = ]
    cfsvcs.exe -> %ProgramFiles%\TOSHIBA\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 7, 0, 1, 6 | Size = 40960 bytes | Modified Date = 25/12/2007 13:07:14 | Attr = ]
    googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.1175.1407.beta | Size = 137200 bytes | Modified Date = 17/08/2008 15:20:41 | Attr = ]
    temposvc.exe -> %ProgramFiles%\Toshiba TEMPRO\TempoSVC.exe -> Toshiba Europe GmbH [Ver = 1.1.0.0 | Size = 99720 bytes | Modified Date = 24/04/2008 10:21:56 | Attr = ]
    tnavisrv.exe -> %ProgramFiles%\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -> TOSHIBA Corporation [Ver = 1.00.0003 | Size = 83312 bytes | Modified Date = 05/06/2008 18:43:10 | Attr = ]
    toddsrv.exe -> %SystemRoot%\System32\TODDSrv.exe -> TOSHIBA Corporation [Ver = 1, 0, 0, 5 | Size = 129632 bytes | Modified Date = 21/11/2007 17:23:32 | Attr = ]
    toscosrv.exe -> %ProgramFiles%\Toshiba\Power Saver\TosCoSrv.exe -> TOSHIBA Corporation [Ver = 1.0.0.3 | Size = 431456 bytes | Modified Date = 17/01/2008 16:27:34 | Attr = ]
    tosipcsrv.exe -> %ProgramFiles%\TOSHIBA\SMARTLogService\TosIPCSrv.exe -> TOSHIBA Corporation [Ver = 1, 0, 0, 1 | Size = 126976 bytes | Modified Date = 03/12/2007 17:03:52 | Attr = ]
    ulcdrsvr.exe -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 23/08/2006 16:39:48 | Attr = ]
    xcommsvr.exe -> %CommonProgramFiles%\BitDefender\BitDefender Communicator\xcommsvr.exe -> BitDefender [Ver = 1, 8, 16, 0 | Size = 86016 bytes | Modified Date = 15/08/2008 19:58:50 | Attr = ]
    vsserv.exe -> %ProgramFiles%\BitDefender\BitDefender 2008\vsserv.exe -> BitDefender S.R.L. [Ver = 11, 0, 0, 444 | Size = 1253376 bytes | Modified Date = 15/08/2008 20:00:58 | Attr = ]
    livesrv.exe -> %CommonProgramFiles%\BitDefender\BitDefender Update Service\livesrv.exe -> BitDefender SRL [Ver = 11, 0, 1, 87 | Size = 1155072 bytes | Modified Date = 15/08/2008 20:01:06 | Attr = ]
    jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 22/02/2008 04:25:21 | Attr = ]
    rthdvcpl.exe -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1, 0, 0, 132 | Size = 4911104 bytes | Modified Date = 29/01/2008 19:51:52 | Attr = ]
    syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 11.1.16 17Jun08 | Size = 1295656 bytes | Modified Date = 17/06/2008 03:15:00 | Attr = ]
    traybar.exe -> %ProgramFiles%\Camera Assistant Software for Toshiba\traybar.exe -> Chicony [Ver = 1, 5, 4002, 79 | Size = 413696 bytes | Modified Date = 25/10/2007 17:41:18 | Attr = ]
    tpwrmain.exe -> %ProgramFiles%\Toshiba\Power Saver\TPwrMain.exe -> TOSHIBA Corporation [Ver = 1.0.0.2 | Size = 431456 bytes | Modified Date = 17/01/2008 16:27:52 | Attr = ]
    smoothview.exe -> %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe -> TOSHIBA Corporation [Ver = 3, 0, 8, 32 | Size = 509816 bytes | Modified Date = 25/01/2008 11:22:14 | Attr = ]
    tcrdmain.exe -> %ProgramFiles%\Toshiba\FlashCards\TCrdMain.exe -> TOSHIBA Corporation [Ver = 2.0.0.6 | Size = 712704 bytes | Modified Date = 22/01/2008 14:25:26 | Attr = ]
    toshibaregistration.exe -> %ProgramFiles%\Toshiba\Registration\ToshibaRegistration.exe -> Toshiba [Ver = 4.0.0.0 | Size = 571024 bytes | Modified Date = 04/05/2007 12:05:08 | Attr = ]
    sm56hlpr.exe -> %ProgramFiles%\Motorola\SMSERIAL\sm56hlpr.exe -> Motorola Inc. [Ver = 6.12.14 | Size = 1216512 bytes | Modified Date = 21/02/2008 20:23:38 | Attr = ]
    bdagent.exe -> %ProgramFiles%\BitDefender\BitDefender 2008\bdagent.exe -> BitDefender S.R.L. [Ver = 11, 0, 0, 179 | Size = 368640 bytes | Modified Date = 15/08/2008 20:00:58 | Attr = ]
    toshiba.tempo.ui.trayapplication.exe -> %ProgramFiles%\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe -> Toshiba Europe GmbH [Ver = 1.1.0.0 | Size = 103824 bytes | Modified Date = 24/04/2008 10:22:10 | Attr = ]
    mom.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE -> Advanced Micro Devices Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 17/07/2007 11:13:56 | Attr = ]
    cec_main.exe -> %ProgramFiles%\Camera Assistant Software for Toshiba\CEC_MAIN.exe -> [Ver = 1.7.8000.444 | Size = 4624384 bytes | Modified Date = 22/01/2008 11:00:30 | Attr = ]
    ccc.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CCC.exe -> ATI Technologies Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 17/07/2007 11:13:34 | Attr = ]
    syntphelper.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPHelper.exe -> Synaptics, Inc. [Ver = 11.1.16 17Jun08 | Size = 103720 bytes | Modified Date = 17/06/2008 03:16:00 | Attr = ]
    otscanit.exe -> %UserProfile%\Desktop\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 12/07/2008 09:29:54 | Attr = ]

    [Win32 Services - Non-Microsoft Only]
    (Ati External Event Utility) Ati External Event Utility [Win32_Own | Auto | Running] -> %SystemRoot%\System32\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4188 | Size = 643072 bytes | Modified Date = 30/01/2008 16:28:06 | Attr = ]
    (CertPropSvc) Propagation du certificat [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
    (ConfigFree Service) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\TOSHIBA\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 7, 0, 1, 6 | Size = 40960 bytes | Modified Date = 25/12/2007 13:07:14 | Attr = ]
    (DcomLaunch) Lanceur de processus serveur DCOM [Win32_Shared | Unknown | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
    (gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.1175.1407.beta | Size = 137200 bytes | Modified Date = 17/08/2008 15:20:41 | Attr = ]
    (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> File not found
    (LIVESRV) BitDefender Desktop Update Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\BitDefender\BitDefender Update Service\livesrv.exe -> BitDefender SRL [Ver = 11, 0, 1, 87 | Size = 1155072 bytes | Modified Date = 15/08/2008 20:01:06 | Attr = ]
    (MSDTC) Coordinateur de transactions distribuées [Win32_Own | Unknown | Stopped] -> %SystemRoot%\System32\msdtc.exe -> File not found
    (Schedule) Planificateur de tâches [Win32_Shared | Unknown | Running] -> %systemroot%\system32\svchost.exe -> File not found
    (SCPolicySvc) Stratégie de retrait de la carte à puce [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
    (Steam Client Service) Steam Client Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Steam\SteamService.exe -> Valve Corporation [Ver = 1, 0, 0, 1 | Size = 87288 bytes | Modified Date = 15/08/2008 23:03:42 | Attr = ]
    (TempoMonitoringService) Notebook Performance Tuning Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba TEMPRO\TempoSVC.exe -> Toshiba Europe GmbH [Ver = 1.1.0.0 | Size = 99720 bytes | Modified Date = 24/04/2008 10:21:56 | Attr = ]
    (TNaviSrv) TOSHIBA Navi Support Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -> TOSHIBA Corporation [Ver = 1.00.0003 | Size = 83312 bytes | Modified Date = 05/06/2008 18:43:10 | Attr = ]
    (TODDSrv) TOSHIBA Optical Disc Drive Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\TODDSrv.exe -> TOSHIBA Corporation [Ver = 1, 0, 0, 5 | Size = 129632 bytes | Modified Date = 21/11/2007 17:23:32 | Attr = ]
    (TosCoSrv) TOSHIBA Power Saver [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\Power Saver\TosCoSrv.exe -> TOSHIBA Corporation [Ver = 1.0.0.3 | Size = 431456 bytes | Modified Date = 17/01/2008 16:27:34 | Attr = ]
    (TOSHIBA Bluetooth Service) TOSHIBA Bluetooth Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -> File not found
    (TOSHIBA SMART Log Service) TOSHIBA SMART Log Service [Win32_Own | Auto | Running] -> %ProgramFiles%\TOSHIBA\SMARTLogService\TosIPCSrv.exe -> TOSHIBA Corporation [Ver = 1, 0, 0, 1 | Size = 126976 bytes | Modified Date = 03/12/2007 17:03:52 | Attr = ]
    (TrustedInstaller) Programme d’installation de modules Windows [Win32_Own | Unknown | Stopped] -> %SystemRoot%\servicing\TrustedInstaller.exe -> File not found
    (UleadBurningHelper) Ulead Burning Helper [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 23/08/2006 16:39:48 | Attr = ]
    (VSSERV) BitDefender Virus Shield [Win32_Own | Auto | Running] -> %ProgramFiles%\BitDefender\BitDefender 2008\vsserv.exe -> BitDefender S.R.L. [Ver = 11, 0, 0, 444 | Size = 1253376 bytes | Modified Date = 15/08/2008 20:00:58 | Attr = ]
    (WdiServiceHost) Service hôte WDIServiceHost [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
    (WdiSystemHost) Hôte système de diagnostics [Win32_Shared | Unknown | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
    (WMPNetworkSvc) Service Partage réseau du Lecteur Windows Media [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> File not found
    (XCOMM) BitDefender Communicator [Win32_Own | Auto | Running] -> %CommonProgramFiles%\BitDefender\BitDefender Communicator\xcommsvr.exe -> BitDefender [Ver = 1, 8, 16, 0 | Size = 86016 bytes | Modified Date = 15/08/2008 19:58:50 | Attr = ]

    [Driver Services - Non-Microsoft Only]
    (adp94xx) adp94xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adp94xx.sys -> Adaptec, Inc. [Ver = 1.6.0006.3 (1.070222-1720) | Size = 422968 bytes | Modified Date = 21/01/2008 04:23:21 | Attr = ]
    (adpahci) adpahci [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpahci.sys -> Adaptec, Inc. [Ver = 1.6.0006.1 (1.070222-1720) | Size = 300600 bytes | Modified Date = 21/01/2008 04:23:25 | Attr = ]
    (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpu160m.sys -> Adaptec, Inc. [Ver = 6.4.645.100 (NT.070221-1001) | Size = 101432 bytes | Modified Date = 21/01/2008 04:23:26 | Attr = ]
    (adpu320) adpu320 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpu320.sys -> Adaptec, Inc. [Ver = 7.2.000.000 (NT.070221-1245) | Size = 149560 bytes | Modified Date = 21/01/2008 04:23:27 | Attr = ]
    (AgereSoftModem) Modem Soft Agere Systems [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.69 | Size = 983552 bytes | Modified Date = 02/11/2006 09:41:50 | Attr = ]
    (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\djsvs.sys -> Adaptec, Inc. [Ver = 6.0.0.0 | Size = 71272 bytes | Modified Date = 02/11/2006 11:50:11 | Attr = ]
    (aliide) aliide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 17464 bytes | Modified Date = 21/01/2008 04:23:00 | Attr = ]
    (arc) arc [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\arc.sys -> Adaptec, Inc. [Ver = 5.2.0.10384 (NT.070222-1720) | Size = 79416 bytes | Modified Date = 21/01/2008 04:23:23 | Attr = ]
    (arcsas) arcsas [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\arcsas.sys -> Adaptec, Inc. [Ver = 5.2.0.10384 (NT.070222-1720) | Size = 79928 bytes | Modified Date = 21/01/2008 04:23:24 | Attr = ]
    (atikmdag) atikmdag [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\atikmdag.sys -> ATI Technologies Inc. [Ver = 7.01.01.730 | Size = 3483648 bytes | Modified Date = 30/01/2008 17:24:00 | Attr = ]
    (Bdfndisf) BitDefender Firewall NDIS Filter Service [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\bdfndisf.sys -> BitDefender SRL [Ver = 3.0.0.18 built by: WinDDK | Size = 86792 bytes | Modified Date = 15/08/2008 20:00:58 | Attr = ]
    (bdfsfltr) bdfsfltr [File_System | On_Demand | Running] -> %SystemRoot%\System32\drivers\bdfsfltr.sys -> BitDefender S.R.L. Bucharest, ROMANIA [Ver = 0.3.124.3908, RELEASE, built by: WinDDK | Size = 196368 bytes | Modified Date = 07/01/2008 17:41:34 | Attr = ]
    (bdftdif) bdftdif [Kernel | System | Running] -> %CommonProgramFiles%\BitDefender\BitDefender Firewall\bdftdif.sys -> BitDefender SRL [Ver = 3.0.0.11 | Size = 156688 bytes | Modified Date = 15/08/2008 19:58:51 | Attr = ]
    (BDSelfPr) BDSelfPr [Kernel | On_Demand | Running] -> %ProgramFiles%\BitDefender\BitDefender 2008\bdselfpr.sys -> BitDefender S.R.L. [Ver = 11.00 built by: WinDDK | Size = 8320 bytes | Modified Date = 15/08/2008 20:00:58 | Attr = ]
    (BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrFiltLo.sys -> Brother Industries, Ltd. [Ver = 1.10.000 (vbl_wcp_d2_drivers.060616-1619) | Size = 13568 bytes | Modified Date = 02/11/2006 10:24:45 | Attr = ]
    (BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrFiltUp.sys -> Brother Industries, Ltd. [Ver = 1.04.000 (vbl_wcp_d2_drivers.060616-1619) | Size = 5248 bytes | Modified Date = 02/11/2006 10:24:46 | Attr = ]
    (Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrSerId.sys -> Brother Industries Ltd. [Ver = 1.0.1.6 (vbl_wcp_d2_drivers.060616-1619) | Size = 71808 bytes | Modified Date = 02/11/2006 10:25:24 | Attr = ]
    (BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrSerWdm.sys -> Brother Industries Ltd. [Ver = 1.0.0.20 (vbl_wcp_d2_drivers.060616-1619) | Size = 62336 bytes | Modified Date = 02/11/2006 10:24:44 | Attr = ]
    (BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrUsbMdm.sys -> Brother Industries Ltd. [Ver = 1,0,0,12 (vbl_wcp_d2_drivers.060616-1619) | Size = 12160 bytes | Modified Date = 02/11/2006 10:24:44 | Attr = ]
    (BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrUsbSer.sys -> Brother Industries Ltd. [Ver = 1,0,1,3 (vbl_wcp_d2_drivers.060809-0459) | Size = 11904 bytes | Modified Date = 02/11/2006 10:24:47 | Attr = ]
    (CLFS) Common Log (CLFS) [Kernel | Unknown | Running] -> -> File not found
    (cmdide) cmdide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (longhorn_rtm.080118-1840) | Size = 19000 bytes | Modified Date = 21/01/2008 04:23:00 | Attr = ]
    (E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\E1G60I32.sys -> Intel Corporation [Ver = 8.3.2.8 built by: WinDDK | Size = 118784 bytes | Modified Date = 21/01/2008 04:23:24 | Attr = ]
    (elxstor) elxstor [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\elxstor.sys -> Emulex [Ver = 5-1.30M9 03/18/2007 WS2K3 32 bit (NT.070222-1720) | Size = 342584 bytes | Modified Date = 21/01/2008 04:23:22 | Attr = ]
    (FwLnk) FwLnk Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\FwLnk.sys -> TOSHIBA Corporation [Ver = 1.0.0.3V built by: WinDDK | Size = 7168 bytes | Modified Date = 20/11/2006 14:11:14 | Attr = ]
    (HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\HpCISSs.sys -> Hewlett-Packard Company [Ver = 6.0.0.32 Build 7 (x86) (NT.070221-1245) | Size = 40504 bytes | Modified Date = 21/01/2008 04:23:26 | Attr = ]
    (iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\iaStor.sys -> Intel Corporation [Ver = 7.8.0.1012 | Size = 308248 bytes | Modified Date = 29/09/2007 23:03:12 | Attr = ]
    (iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iaStorV.sys -> Intel Corporation [Ver = 6.2.0.1019 | Size = 235064 bytes | Modified Date = 21/01/2008 04:23:23 | Attr = ]
    (igfx) igfx [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\igdkmd32.sys -> File not found
    (iirsp) iirsp [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iirsp.sys -> Intel Corp./ICP vortex GmbH [Ver = 5.4.22.0 | Size = 41576 bytes | Modified Date = 02/11/2006 11:50:17 | Attr = ]
    (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\RTKVHDA.sys -> Realtek Semiconductor Corp. [Ver = 6.0.1.5559 built by: WinDDK | Size = 2058528 bytes | Modified Date = 30/01/2008 12:34:20 | Attr = ]
    (IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\ipinip.sys -> File not found
    (iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iteatapi.sys -> Integrated Technology Express, Inc. [Ver = v1.3.2.7 (NT.060726-2054) | Size = 35944 bytes | Modified Date = 02/11/2006 11:50:07 | Attr = ]
    (iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iteraid.sys -> Integrated Technology Express, Inc. [Ver = v1.7.1.91 (NT.060726-2054) | Size = 35944 bytes | Modified Date = 02/11/2006 11:50:09 | Attr = ]
    (LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_fc.sys -> LSI Logic [Ver = 1.25.06.22 (NT.070222-1242) | Size = 96312 bytes | Modified Date = 21/01/2008 04:23:23 | Attr = ]
    (LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_sas.sys -> LSI Logic [Ver = 1.25.06.22 (NT.070222-1242) | Size = 89656 bytes | Modified Date = 21/01/2008 04:23:25 | Attr = ]
    (LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_scsi.sys -> LSI Logic [Ver = 1.25.06.22 (NT.070222-1242) | Size = 96312 bytes | Modified Date = 21/01/2008 04:23:23 | Attr = ]
    (megasas) megasas [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\megasas.sys -> LSI Corporation [Ver = 2.13.0.32 (NT.070222-1720) | Size = 31288 bytes | Modified Date = 21/01/2008 04:23:27 | Attr = ]
    (MegaSR) MegaSR [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\MegaSR.sys -> LSI Corporation, Inc. [Ver = 09.06.0523.2007 | Size = 386616 bytes | Modified Date = 21/01/2008 04:23:27 | Attr = ]
    (Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\Mraid35x.sys -> LSI Logic Corporation [Ver = 6.50.2.32 (NT.060824-1234) | Size = 33384 bytes | Modified Date = 02/11/2006 11:49:59 | Attr = ]
    (NETw3v32) Pilote de carte Intel(R) PRO/sans fil 3945ABG pour Windows Vista 32 bits [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\NETw3v32.sys -> Intel Corporation [Ver = 11.1.1.20 | Size = 2225664 bytes | Modified Date = 21/01/2008 04:23:20 | Attr = ]
    (NETw4v32) Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\NETw4v32.sys -> Intel Corporation [Ver = 11.5.0.32 | Size = 2251776 bytes | Modified Date = 26/09/2007 07:12:22 | Attr = ]
    (nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nfrd960.sys -> IBM Corporation [Ver = 7.10.56 (NT.060601-1710) | Size = 45160 bytes | Modified Date = 02/11/2006 11:50:19 | Attr = ]
    (ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ntrigdigi.sys -> N-trig Innovative Technologies [Ver = 0.90.16.16384 (Vista_RC1.060509-2219) | Size = 20608 bytes | Modified Date = 02/11/2006 09:36:50 | Attr = ]
    (nvraid) NVIDIA nForce RAID Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nvraid.sys -> NVIDIA Corporation [Ver = 5.10.2600.0833 (NT.070222-1720) | Size = 102968 bytes | Modified Date = 21/01/2008 04:23:21 | Attr = ]
    (nvstor) nvstor [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nvstor.sys -> NVIDIA Corporation [Ver = 5.10.2600.0833 (NT.070222-1720) | Size = 45112 bytes | Modified Date = 21/01/2008 04:23:21 | Attr = ]
    (NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\nwlnkflt.sys -> File not found
    (NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\nwlnkfwd.sys -> File not found
    (PxHelp20) PxHelp20 [Kernel | Boot | Stopped] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> File not found
    (ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ql2300.sys -> QLogic Corporation [Ver = 9.1.4.5 | Size = 1122360 bytes | Modified Date = 21/01/2008 04:23:24 | Attr = ]
    (ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ql40xx.sys -> QLogic Corporation [Ver = 2.1.3.19 (STOR w32) | Size = 106088 bytes | Modified Date = 02/11/2006 11:50:35 | Attr = ]
    (rimmptsk) rimmptsk [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\rimmptsk.sys -> REDC [Ver = 6.00.03.05 | Size = 46592 bytes | Modified Date = 15/02/2008 18:01:18 | Attr = ]
    (rimsptsk) rimsptsk [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\rimsptsk.sys -> REDC [Ver = 6.00.01.11 | Size = 43008 bytes | Modified Date = 30/07/2007 10:42:58 | Attr = ]
    (rismxdp) Ricoh xD-Picture Card Driver [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\rixdptsk.sys -> REDC [Ver = 6.00.01.13 | Size = 38400 bytes | Modified Date = 30/07/2007 11:54:02 | Attr = ]
    (RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\Rtlh86.sys -> Realtek Corporation [Ver = 6.201.1228.2007 built by: WinDDK | Size = 104448 bytes | Modified Date = 28/12/2007 20:21:54 | Attr = ]
    (secdrv) Security Driver [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 02/11/2006 08:37:21 | Attr = ]
    (SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sisraid4.sys -> Silicon Integrated Systems [Ver = 3.00.02 (NT.070222-1720) | Size = 74808 bytes | Modified Date = 21/01/2008 04:23:26 | Attr = ]
    (smserial) smserial [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\smserial.sys -> Motorola Inc. [Ver = SM56 Rel. 6.12.14.03 | Size = 1092608 bytes | Modified Date = 21/02/2008 20:29:00 | Attr = ]
    (Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\symc8xx.sys -> LSI Logic [Ver = 4.16.06.00 (NT.051018-1332) | Size = 35944 bytes | Modified Date = 02/11/2006 11:50:05 | Attr = ]
    (Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sym_hi.sys -> LSI Logic [Ver = 4.16.06.00 (NT.051018-1332) | Size = 31848 bytes | Modified Date = 02/11/2006 11:49:56 | Attr = ]
    (Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.09.09.00 (NT.051018-1332) | Size = 34920 bytes | Modified Date = 02/11/2006 11:50:03 | Attr = ]
    (SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 11.1.16 17Jun08 | Size = 199728 bytes | Modified Date = 17/06/2008 03:16:00 | Attr = ]
    (tdcmdpst) TOSHIBA Writing Engine Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\tdcmdpst.sys -> TOSHIBA Corporation. [Ver = 2, 0, 0, 0 | Size = 16128 bytes | Modified Date = 18/10/2006 11:50:04 | Attr = ]
    (tos_sps32) TOSHIBA tos_sps32 Service [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\tos_sps32.sys -> TOSHIBA Corporation [Ver = 4, 0, 2007, 1115 | Size = 279376 bytes | Modified Date = 05/06/2008 18:13:40 | Attr = ]
    (TVALZ) TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\TVALZ_O.SYS -> TOSHIBA Corporation [Ver = 2, 0, 0, 1 | Size = 23640 bytes | Modified Date = 09/11/2007 14:00:52 | Attr = ]
    (uliahci) uliahci [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\uliahci.sys -> ULi Electronics Inc. [Ver = 6.302 | Size = 238648 bytes | Modified Date = 21/01/2008 04:23:20 | Attr = ]
    (UlSata) UlSata [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ulsata.sys -> Promise Technology, Inc. [Ver = 1.1.0.31 | Size = 98408 bytes | Modified Date = 02/11/2006 11:50:35 | Attr = ]
    (ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ulsata2.sys -> Promise Technology, Inc. [Ver = 1.0.0.38 | Size = 115816 bytes | Modified Date = 21/01/2008 04:23:23 | Attr = ]
    (UVCFTR) UVCFTR [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\UVCFTR_S.SYS -> Chicony Electronics Co., Ltd. [Ver = 1.1.1.238 | Size = 18432 bytes | Modified Date = 17/12/2007 11:45:20 | Attr = ]
    (viaide) viaide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\viaide.sys -> VIA Technologies, Inc. [Ver = 5.1.3790.150 | Size = 20024 bytes | Modified Date = 21/01/2008 04:23:00 | Attr = ]
    (vsmraid) vsmraid [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\vsmraid.sys -> VIA Technologies Inc.,Ltd [Ver = 6.0.6000,6161 | Size = 130616 bytes | Modified Date = 21/01/2008 04:23:23 | Attr = ]

    [Registry - Non-Microsoft Only]
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    00TCrdMain -> %SystemDrive%\Programmes\Toshiba\FlashCards\TCrdMain.exe [%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe] -> File not found
    Adobe Reader Speed Launcher -> %SystemDrive%\Programmes\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> File not found
    BDAgent -> %SystemDrive%\Programmes\BitDefender\BitDefender 2008\bdagent.exe ["C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"] -> File not found
    BitDefender Antiphishing Helper -> %SystemDrive%\Programmes\BitDefender\BitDefender 2008\IEShow.exe ["C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"] -> File not found
    Camera Assistant Software -> %SystemDrive%\Programmes\Camera Assistant Software for Toshiba\traybar.exe ["C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start] -> File not found
    HSON -> %SystemDrive%\Programmes\Toshiba\TBS\HSON.exe [%ProgramFiles%\TOSHIBA\TBS\HSON.exe] -> File not found
    ITSecMng -> %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [%ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START] -> File not found
    NDSTray.exe -> [NDSTray.exe] -> File not found
    RtHDVCpl -> %SystemRoot%\RtHDVCpl.exe [RtHDVCpl.exe] -> Realtek Semiconductor [Ver = 1, 0, 0, 132 | Size = 4911104 bytes | Modified Date = 29/01/2008 19:51:52 | Attr = ]
    SmoothView -> %SystemDrive%\Programmes\Toshiba\SmoothView\SmoothView.exe [%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe] -> File not found
    SMSERIAL -> %SystemDrive%\Programmes\Motorola\SMSERIAL\sm56hlpr.exe [C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe] -> File not found
    StartCCC -> %SystemDrive%\Programmes\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"] -> File not found
    SunJavaUpdateSched -> %SystemDrive%\Programmes\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> File not found
    SynTPEnh -> %SystemDrive%\Programmes\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> File not found
    topi -> %SystemDrive%\Programmes\Toshiba\Toshiba Online Product Information\TOPI.exe [C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup] -> File not found
    Toshiba Registration -> %SystemDrive%\Programmes\Toshiba\Registration\ToshibaRegistration.exe [C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe] -> File not found
    Toshiba TEMPO -> %SystemDrive%\Programmes\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe [C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe] -> File not found
    TPwrMain -> %SystemDrive%\Programmes\Toshiba\Power Saver\TPwrMain.exe [%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE] -> File not found
    Windows Defender -> %SystemDrive%\Programmes\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> File not found
    < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
    IMAIL-> Installed = 1 ->
    MAPI-> Installed = 1 ->
    MSFS-> Installed = 1 ->
    < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    MsnMsgr -> %SystemDrive%\Programmes\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background] -> File not found
    Sidebar -> %SystemDrive%\Programmes\Windows Sidebar\sidebar.exe [C:\Program Files\Windows Sidebar\sidebar.exe /autoRun] -> File not found
    the 1 -> %SystemDrive%\ProgramData\Glue scr scr.14b ["C:\ProgramData\Glue scr scr.14boiz"] -> File not found
    WMPNSCFG -> %SystemDrive%\Programmes\Windows Media Player\wmpnscfg.exe [C:\Program Files\Windows Media Player\WMPNSCFG.exe] -> File not found
    < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
    explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 2927104 bytes | Modified Date = 21/01/2008 04:24:24 | Attr = ]
    *MultiFile Done* -> ->
    *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
    C:\Windows\system32\userinit.exe -> %SystemRoot%\System32\userinit.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 25088 bytes | Modified Date = 21/01/2008 04:24:49 | Attr = ]
    *MultiFile Done* -> ->
    *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
    rundll32 shell32 -> %SystemRoot%\System32\shell32.dll -> Microsoft Corporation [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 11580416 bytes | Modified Date = 24/04/2008 06:58:20 | Attr = ]
    Control_RunDLL "sysdm.cpl" -> %SystemRoot%\System32\sysdm.cpl -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 242688 bytes | Modified Date = 21/01/2008 04:24:23 | Attr = ]
    *MultiFile Done* -> ->
    < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
    igfxcui -> -> File not found
    < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableUIADesktopToggle -> 0 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 ->
    < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
    < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
    *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
    TORiSAN CD-ROM CDR_C36 -> -> File not found
    NEC MBR-7 -> -> File not found
    NEC MBR-7.4 -> -> File not found
    PIONEER CHANGR DRM-1804X -> -> File not found
    PIONEER CD-ROM DRM-6324X -> -> File not found
    PIONEER CD-ROM DRM-624X -> -> File not found
    TORiSAN CD-ROM CDR_C36 -> -> File not found
    *MultiFile Done* -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> Pilote de CD-ROM ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\System32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 67072 bytes | Modified Date = 21/01/2008 04:23:02 | Attr = ]
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 3 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomMATSHITA_DVD-RAM_UJ-850S________________1.40____\5&2ed2b163&0&0.0.0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 ->
    < Drives - Autoruns > -> ->
    autoexec.bat [REM Dummy file for NTVDM | ] -> %SystemDrive%\autoexec.bat [ NTFS ] -> [Ver = | Size = 24 bytes | Modified Date = 18/09/2006 23:43:36 | Attr = ]
    < HOSTS File > (27 bytes) -> C:\Windows\System32\drivers\etc\Hosts ->
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
    HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.google.fr ->
    HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
    HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
    HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
    HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
    < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
    HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://www.google.fr ->
    HKEY_CURRENT_USER\: Main\\Local Page -> C:\Windows\system32\blank.htm ->
    HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
    HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.fr ->
    HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
    < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
    < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
    < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
    < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Programmes\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Aide pour le lien d'Adobe PDF Reader] -> File not found
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Programmes\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> File not found
    {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
    {9030D464-4C02-4ABF-8ECC-5164760863C6} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Programmes\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll [Programme d'aide de l'Assistant de connexion Windows Live] -> File not found
    {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Programmes\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> File not found
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Programmes\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll [Google Toolbar Notifier BHO] -> File not found
    < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Programmes\Google\GoogleToolbar1.dll [&Google] -> File not found
    {381FFDE8-2394-4f90-B10D-FC6124A40F8C} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Programmes\BitDefender\BitDefender 2008\IEToolbar.dll [BitDefender Toolbar] -> File not found
    < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
    WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Programmes\Google\GoogleToolbar1.dll [&Google] -> File not found
    < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Programmes\Java\jre1.6.0_05\bin\ssv.dll [Console Java (Sun)] -> File not found
    {76577871-04EC-495E-A12B-91F7C3600AFA}:Exec -> [eBay - Achetez, Vendez] -> File not found
    {8A918C1D-E123-4E36-B562-5C1519E434CE}:Exec -> [Amazon.fr] -> File not found
    < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
    PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
    PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&m... ->
    < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
    {6AEE4A6F-408E-4623-9686-B107507240BB} -> (Intel(R) PRO/Wireless 3945ABG Network Connection) ->
    {964B5F78-4539-4B8A-8AD7-93BA0BEFDA72} -> (Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)) ->
    < Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
    ldap -> 4 = Restricted sites (Not a Default Protocol) ->
    news -> 4 = Restricted sites (Not a Default Protocol) ->
    nntp -> 4 = Restricted sites (Not a Default Protocol) ->
    oecmd -> 4 = Restricted sites (Not a Default Protocol) ->
    snews -> 4 = Restricted sites (Not a Default Protocol) ->
    < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
    livecall:{828030A1-22C1-4009-854F-8E305202313F} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Programmes\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll[Reg Error: Value does not exist or could not be read.] -> File not found
    ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Programmes\Common Files\microsoft shared\Information Retrieval\msitss.dll[Microsoft Infotech Storage Protocol for IE 4.0] -> File not found
    msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Programmes\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll[Reg Error: Value does not exist or could not be read.] -> File not found
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
    {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-wind...[Java Plug-in 1.6.0_05] ->
    {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/curren...[Reg Error: Value does not exist or could not be read.] ->
    {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-wind...[Java Plug-in 1.6.0_03] ->
    {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-wind...[Java Plug-in 1.6.0_05] ->
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-wind...[Java Plug-in 1.6.0_05] ->
    {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...[Shockwave Flash Object] ->
    < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> ->


    [Registry - Additional Scans - Non-Microsoft Only]
    < BotCheck > -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\LegacyImpersonationLevel -> 2 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{C73106E0-AC80-11D1-8DF3-00C04FB6EF4F} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{835BEE60-8731-4159-8BFF-941301D76D05} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{D9F260BC-EE6A-4c66-A5C3-30B2ECF4C368} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{91BC037F-B58C-43cb-AD9C-1718ACA70E2F} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{9da0e0ea-86ce-11d1-8699-00c04fb98036} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{CA6C8347-120F-4122-873F-F89138694AC8} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{E8494122-79AD-11D2-909C-00A0C9AFE0AA} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A373F3DA-7A87-11D3-B1C1-00C04F68155C} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{C7310557-AC80-11D1-8DF3-00C04FB6EF4F} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Eventlog\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Eventlog\\SuppressDuplicateDuration -> 86400 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ($build.empty) ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\cval -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UacDisableNotify -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware\\DisableMonitoring -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\AntiVirusOverride -> 0 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\AntiSpywareOverride -> 0 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\FirewallOverride -> 0 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp1 -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol\ -> ->
    Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
    Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbasedirectories -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LimitBlankPasswordUse -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LmCompatibilityLevel -> 3 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\NoLmHash -> 1 ->
    *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
    scecli -> %SystemRoot%\System32\scecli.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 177152 bytes | Modified Date = 21/01/2008 04:24:50 | Attr = ]
    *MultiFile Done* -> ->
    *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
    kerberos -> %SystemRoot%\System32\kerberos.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 497664 bytes | Modified Date = 21/01/2008 04:24:41 | Attr = ]
    msv1_0 -> %SystemRoot%\System32\msv1_0.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 210432 bytes | Modified Date = 21/01/2008 04:24:18 | Attr = ]
    schannel -> %SystemRoot%\System32\schannel.dll -> Microsoft Corporation [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 268288 bytes | Modified Date = 21/01/2008 04:24:12 | Attr = ]
    wdigest -> %SystemRoot%\System32\wdigest.dll -> Microsoft Corporation [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 168448 bytes | Modified Date = 21/01/2008 04:24:25 | Attr = ]
    tspkg -> %SystemRoot%\System32\TSpkg.dll -> Microsoft Corporation [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 62464 bytes | Modified Date = 21/01/2008 04:24:37 | Attr = ]
    *MultiFile Done* -> ->
    *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
    msv1_0 -> %SystemRoot%\System32\msv1_0.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 210432 bytes | Modified Date = 21/01/2008 04:24:18 | Attr = ]
    *MultiFile Done* -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 744 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ProductType -> 3 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
    *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
    Windows NT Access Provider -> -> File not found
    *MultiFile Done* -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\System32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 121344 bytes | Modified Date = 21/01/2008 04:24:23 | Attr = ]
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\AuditPolicy\ -> ->
    -> Reg Error: Key does not exist or could not be opened. ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
    -> Reg Error: Key does not exist or could not be opened. ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\\DebugLogLevel -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 20 EE 17 78 7C BD 0C 21 26 39 E9 E4 4F 7D 51 8D [binary data] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\\Enabled -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 67 74 D3 D2 B6 B2 A8 95 A9 [binary data] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> C4 93 8B 56 5A AE [binary data] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\HostToRealm\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> IISSUBA ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\NtlmMinClientSec -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\NtlmMinServerSec -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 72 BD CE 71 36 81 17 36 7D 0B E2 A5 CB 56 C4 0F [binary data] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> @%SystemRoot%\system32\ipnathlp.dll,-106 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 21504 bytes | Modified Date = 21/01/2008 04:23:43 | Attr = ]
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> @%SystemRoot%\system32\ipnathlp.dll,-107 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 4 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt;RasMan;BFE; ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ServiceSidType -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\RequiredPrivileges -> SeChangeNotifyPrivilege;SeCreateGlobalPrivilege;SeImpersonatePrivilege;SeLoadDriverPrivilege;SeTakeOwnershipPrivilege; ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\FailureActions -> 84 03 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\\IPSecExempt -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\\DisableStatefulFTP -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\\DisableStatefulPPTP -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\\PolicyVersion -> 513 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\\DisableNotifications -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\\EnableFirewall -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging\\LogFileSize -> 4096 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging\\LogFilePath -> %SystemRoot%\System32\LogFiles\Firewall\pfirewall.log [%systemroot%\system32\LogFiles\Firewall\pfirewall.log] -> [Ver = | Size = 594772 bytes | Modified Date = 21/01/2008 04:57:52 | Attr = ]
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PerfLogsAlerts-PLASrv-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\plasrv.exe|Name=@PlaSrv.exe,-10000|Desc=@PlaSrv.exe,-10001|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE| ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PerfLogsAlerts-DCOM-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=rpcss|Name=@PlaSrv.exe,-10002|Desc=@PlaSrv.exe,-10003|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE| ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PerfLogsAlerts-PLASrv-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\plasrv.exe|Name=@PlaSrv.exe,-10000|Desc=@PlaSrv.exe,-10001|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE| ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PerfLogsAlerts-DCOM-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%systemroot%\system32\svchost.exe|Svc=rpcss|Name=@PlaSrv.exe,-10002|Desc=@PlaSrv.exe,-10003|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE| ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31003|Desc=@FirewallAPI.dll,-31006|EmbedCtxt=@FirewallAPI.dll,-31002|Edge=FALSE| ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMP-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31007|Desc=@FirewallAPI.dll,-31010|EmbedCtxt=@FirewallAPI.dll,-31002|Edge=FALSE| ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31011|Desc=@FirewallAPI.dll,-31014|EmbedCtxt=@FirewallAPI.dll,-31002|Edge=FALSE| ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31265|Desc=@FirewallAPI.dll,-31268|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-HTTPSTR-In-TCP-NoScope -> v2.0|Action=Allow|Ac
    20 Août 2008 18:51:13

    Re,

    Mets le rapport sur mediafire comme demandé.

    ;) 
    20 Août 2008 22:47:56

    Re,

    1) => Utilise ERUNT pour sauvegarder ton registre
    http://www.zebulon.fr/dossiers/57-6-sauvegarder-base-de...
    En cas de problème, il te sera ainsi possible d'annuler la manipulation,
    /!\ Etape importante à ne pas sauter ! /!\

    2) Ouvrez le dossier OTScanIt et faites un double clic sur OTScanIt.exe pour lancer le programme (si vous êtes sous Windows Vista, faites un clic droit sur le programme et choisissez Exécuter en tant qu'Administrateur).

    Faites un copier/coller des informations de la zone Code ci-dessous dans la zone de saisie intitulée "Paste fix here" puis cliquez sur le bouton Run Fix.

    [Registry - Non-Microsoft Only]
    < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    YN -> the 1 -> %SystemDrive%\ProgramData\Glue scr scr.14b ["C:\ProgramData\Glue scr scr.14boiz"]
    [Files Created - Additional Folder Scans - Non-Microsoft Only]
    NY -> Glue scr scr.14boiz -> %SystemDrive%\ProgramData\Glue scr scr.14boiz
    [Files/Folders - Modified Within 30 days]
    NY -> qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
    NY -> qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
    [Files Modified - Additional Folder Scans - Non-Microsoft Only]
    NY -> Glue scr scr.14boiz -> %SystemDrive%\ProgramData\Glue scr scr.14boiz


    L'exécution devrait être très rapide. Lorsque la correction est terminée, soit vous verrez un message vous annonçant que c'est fini (finished), soit vous serez invité à faire redémarrer le PC pour terminer l'exécution. Si c'est fini, cliquez sur le bouton Ok et le Bloc-notes va s'ouvrir pour afficher un rapport de toutes les actions réalisées. Envoyez ces informations en réponse.

    Si un redémarrage est nécessaire, cliquez sur le bouton "Yes" pour faire redémarrer la machine. Après ce redémarrage, OTScanIt va finir de déplacer les fichiers qui ne pouvaient pas l'être précédemment, puis le Bloc-notes va s'ouvrir et afficher à ce moment-là les résultats finaux. Envoyez ces informations en réponse.

    ;) 
    20 Août 2008 23:23:53

    voila le rapport :
    [Registry - Non-Microsoft Only]
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\the 1 deleted successfully.
    [Files Created - Additional Folder Scans - Non-Microsoft Only]
    C:\ProgramData\Glue scr scr.14boiz moved successfully.
    [Files/Folders - Modified Within 30 days]
    File move failed. C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
    File move failed. C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
    [Files Modified - Additional Folder Scans - Non-Microsoft Only]
    File C:\ProgramData\Glue scr scr.14boiz not found!
    < End of fix log >
    OTScanIt by OldTimer - Version 1.0.16.2 fix logfile created on 08202008_231800

    Files moved on Reboot...
    C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat moved successfully.
    C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat moved successfully.

    21 Août 2008 00:43:54

    Re,

    Refais-moi un rapport LopS&D option 1 ainsi qu'un nouveau rapport HijackTHis.

    Toujours des pubs ?

    ;) 
    21 Août 2008 11:46:30

    Pour le moment non ! :D 

    le rapport lop :

    --------------------\\ Lop S&D 4.2.3-0 XP/Vista

    [ Windows VISTA (NT 6.0) Workstation Build 6001, Service Pack 1 ]
    [ USER : Nardini Jean ] [ "C:\Lop SD" ] [ Selection : 1 ]
    [ 21/08/2008 | 11:42:24 ] [ PC : PC-DE-JEAN (Proc:x86) ]
    [ MAJ : 17-08-2008 | 01:58 ]
    [ UAC => 1 ]

    --------------------\\ Listing des dossiers dans Local

    [15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Application Data
    [15/08/2008|17:50] C:\Users\NARDIN~1\AppData\Local\ATI
    [20/08/2008|13:56] C:\Users\NARDIN~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [18/08/2008|16:20] C:\Users\NARDIN~1\AppData\Local\GDIPFONTCACHEV1.DAT
    [16/08/2008|10:44] C:\Users\NARDIN~1\AppData\Local\Google
    [15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Historique
    [21/08/2008|00:31] C:\Users\NARDIN~1\AppData\Local\IconCache.db
    [17/08/2008|19:00] C:\Users\NARDIN~1\AppData\Local\Microsoft
    [15/08/2008|22:26] C:\Users\NARDIN~1\AppData\Local\Microsoft Games
    [16/08/2008|18:50] C:\Users\NARDIN~1\AppData\Local\MigWiz
    [16/08/2008|14:54] C:\Users\NARDIN~1\AppData\Local\Mozilla
    [17/08/2008|20:21] C:\Users\NARDIN~1\AppData\Local\Sony
    [21/08/2008|11:41] C:\Users\NARDIN~1\AppData\Local\Temp
    [15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Temporary Internet Files
    [15/08/2008|17:50] C:\Users\NARDIN~1\AppData\Local\Toshiba
    [15/08/2008|19:38] C:\Users\NARDIN~1\AppData\Local\VirtualStore

    --------------------\\ Tâches planifiées dans C:\Windows\tasks

    [21/08/2008 11:34][--ah-----] C:\Windows\tasks\SA.DAT
    [21/08/2008 00:31][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    --------------------\\ Listing des dossiers dans C:\ProgramData

    [29/04/2008|16:15] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    [16/08/2008|18:38] C:\ProgramData\Adobe
    [16/08/2008|18:32] C:\ProgramData\Adobe Systems
    [02/11/2006|15:02] C:\ProgramData\Application Data
    [15/08/2008|17:50] C:\ProgramData\ATI
    [15/08/2008|19:52] C:\ProgramData\BitDefender
    [15/08/2008|17:39] C:\ProgramData\Bureau
    [02/11/2006|15:02] C:\ProgramData\Desktop
    [02/11/2006|15:02] C:\ProgramData\Documents
    [15/08/2008|17:39] C:\ProgramData\Favoris
    [02/11/2006|15:02] C:\ProgramData\Favorites
    [17/08/2008|15:21] C:\ProgramData\Google
    [20/08/2008|20:17] C:\ProgramData\Google Updater
    [16/08/2008|09:51] C:\ProgramData\IDOL DOG
    [15/08/2008|20:15] C:\ProgramData\IsolatedStorage
    [17/08/2008|15:30] C:\ProgramData\Lavasoft
    [19/08/2008|21:37] C:\ProgramData\Malwarebytes
    [15/08/2008|18:21] C:\ProgramData\McAfee
    [15/08/2008|17:39] C:\ProgramData\Menu D‚marrer
    [20/08/2008|17:32] C:\ProgramData\Messenger Plus!
    [15/08/2008|23:31] C:\ProgramData\Microsoft
    [15/08/2008|19:34] C:\ProgramData\Microsoft Help
    [15/08/2008|17:39] C:\ProgramData\ModŠles
    [16/08/2008|09:50] C:\ProgramData\Second Atom Okay Proxy
    [17/08/2008|20:08] C:\ProgramData\Sony
    [02/11/2006|15:02] C:\ProgramData\Start Menu
    [02/11/2006|15:02] C:\ProgramData\Templates
    [17/08/2008|11:47] C:\ProgramData\TOSHIBA
    [15/08/2008|17:44] C:\ProgramData\ToshibaEurope
    [16/04/2008|14:00] C:\ProgramData\Ulead Systems
    [16/08/2008|09:46] C:\ProgramData\WLInstaller

    --------------------\\ Listing des dossiers dans C:\Program Files

    [29/04/2008|16:15] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
    [16/08/2008|18:38] C:\Program Files\Adobe
    [15/08/2008|17:30] C:\Program Files\ATI
    [15/08/2008|17:30] C:\Program Files\ATI Technologies
    [15/08/2008|18:18] C:\Program Files\BitDefender
    [15/08/2008|17:31] C:\Program Files\Camera Assistant Software for Toshiba
    [19/08/2008|21:33] C:\Program Files\CamStudio
    [17/08/2008|11:47] C:\Program Files\Common Files
    [19/08/2008|20:13] C:\Program Files\DebugMode
    [21/01/2008|04:43] C:\Program Files\desktop.ini
    [20/08/2008|23:14] C:\Program Files\ERUNT
    [15/08/2008|17:39] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
    [19/08/2008|10:54] C:\Program Files\GameSpy Arcade
    [17/08/2008|15:21] C:\Program Files\Google
    [16/04/2008|14:11] C:\Program Files\IDM
    [19/08/2008|10:56] C:\Program Files\InstallShield Installation Information
    [15/08/2008|17:29] C:\Program Files\Intel
    [21/01/2008|04:35] C:\Program Files\Internet Explorer
    [16/04/2008|14:01] C:\Program Files\InterVideo
    [15/08/2008|19:30] C:\Program Files\Java
    [17/08/2008|15:28] C:\Program Files\Lavasoft
    [19/08/2008|21:38] C:\Program Files\Malwarebytes' Anti-Malware
    [16/08/2008|11:03] C:\Program Files\MediaCoder
    [20/08/2008|12:20] C:\Program Files\Messenger Plus! Live
    [02/11/2006|14:37] C:\Program Files\Microsoft Games
    [15/08/2008|19:34] C:\Program Files\Microsoft Office
    [20/08/2008|00:40] C:\Program Files\Microsoft Silverlight
    [15/08/2008|19:34] C:\Program Files\Microsoft Works
    [15/08/2008|17:46] C:\Program Files\Motorola
    [21/01/2008|04:35] C:\Program Files\Movie Maker
    [02/11/2006|14:37] C:\Program Files\MSBuild
    [16/04/2008|13:22] C:\Program Files\MSXML 4.0
    [19/08/2008|15:08] C:\Program Files\PhotoFiltre
    [16/04/2008|13:39] C:\Program Files\Realtek
    [02/11/2006|14:37] C:\Program Files\Reference Assemblies
    [17/08/2008|20:06] C:\Program Files\Sony
    [17/08/2008|20:04] C:\Program Files\Sony Setup
    [17/08/2008|18:07] C:\Program Files\Sports Interactive
    [20/08/2008|13:58] C:\Program Files\Steam
    [16/04/2008|13:40] C:\Program Files\Synaptics
    [17/08/2008|11:08] C:\Program Files\THQ
    [17/08/2008|11:47] C:\Program Files\Toshiba
    [15/08/2008|20:14] C:\Program Files\Toshiba TEMPRO
    [16/08/2008|15:55] C:\Program Files\Total War
    [17/08/2008|20:31] C:\Program Files\Trend Micro
    [16/04/2008|13:58] C:\Program Files\Ulead Systems
    [02/11/2006|15:01] C:\Program Files\Uninstall Information
    [16/08/2008|10:47] C:\Program Files\VideoLAN
    [17/08/2008|20:06] C:\Program Files\Vstplugins
    [21/01/2008|04:35] C:\Program Files\Windows Calendar
    [21/01/2008|04:35] C:\Program Files\Windows Collaboration
    [21/01/2008|04:35] C:\Program Files\Windows Defender
    [21/01/2008|04:35] C:\Program Files\Windows Journal
    [16/08/2008|09:48] C:\Program Files\Windows Live
    [15/08/2008|23:07] C:\Program Files\Windows Mail
    [16/04/2008|14:00] C:\Program Files\Windows Media Components
    [21/01/2008|04:35] C:\Program Files\Windows Media Player
    [15/08/2008|17:39] C:\Program Files\Windows NT
    [21/01/2008|04:35] C:\Program Files\Windows Photo Gallery
    [21/01/2008|04:35] C:\Program Files\Windows Sidebar
    [17/08/2008|18:16] C:\Program Files\WinRAR
    [17/08/2008|18:11] C:\Program Files\Zero G Registry

    --------------------\\ Listing des dossiers dans C:\Program Files\Common Files

    [16/08/2008|18:38] C:\Program Files\Common Files\Adobe
    [15/08/2008|19:52] C:\Program Files\Common Files\BitDefender
    [16/08/2008|16:01] C:\Program Files\Common Files\InstallShield
    [16/04/2008|13:24] C:\Program Files\Common Files\Java
    [15/08/2008|21:02] C:\Program Files\Common Files\microsoft shared
    [02/11/2006|13:18] C:\Program Files\Common Files\Services
    [02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
    [15/08/2008|23:04] C:\Program Files\Common Files\Steam
    [21/01/2008|04:35] C:\Program Files\Common Files\System
    [17/08/2008|11:48] C:\Program Files\Common Files\Toshiba Shared
    [16/04/2008|14:01] C:\Program Files\Common Files\Ulead Systems
    [15/08/2008|20:50] C:\Program Files\Common Files\WindowsLiveInstaller
    [19/08/2008|20:07] C:\Program Files\Common Files\Wise Installation Wizard

    --------------------\\ Process

    ( 77 Processus )

    iexplore.exe ~ [PID:4328] ~ [Threads:23]

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies\nardini_jean@www.adserver5[1].txt
    C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies\nardini_jean@advertising[1].txt
    C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies\nardini_jean@adopt.euroclick[1].txt

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE


    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-21 11:42:37
    Windows 6.0.6001 Service Pack 1 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 4

    --------------------\\ Recherche d'autres infections


    Aucune autre infection trouvée !

    [F:72][D:8]-> C:\Users\NARDIN~1\AppData\Local\Temp
    [F:398][D:1]-> C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies
    [F:496][D:10]-> C:\Users\NARDIN~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
    [F:20][D:1]-> C:\$Recycle.Bin

    --------------------\\ Fin du rapport a 11:43:46,62
    [ UAC => 1 ]

    le rapport hijackthis :
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:45:04, on 21/08/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Toshiba\SmoothView\SmoothView.exe
    C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
    C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
    C:\Windows\system32\conime.exe
    C:\Windows\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
    O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing)
    O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/redirect-home?tag=Tosh... (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 8736 bytes

    21 Août 2008 21:56:36

    Re,

    Toujours pas de pubs ? :D 

    ;) 
    21 Août 2008 23:19:56

    non toujours pas ! je te remercie énormément pour ce que tu as fait ! le gros calibre a fait effet :D 

    Alors voilà comme je te l'ai dis , sans vouloir trop t'en demander , je voulais savoir si tu pouvais jeter un coup d'oeil à mon autre pc : celui ci rame depuis pas mal de temps , alors j'aimerais faire une vérification si tu peux le faire bien sûr !

    si tu es partant , je poste un rapport hickjathis de mon pc dès demain . qu'en dis tu ?
    22 Août 2008 12:10:43

    Re,

    Bonne nouvelle :super:

    On finit d'abord celui-là ;) 

    Poste un nouveau rapport HijackThis.

    ;) 
    22 Août 2008 12:13:15

    voila le rapport :) 
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:12:16, on 22/08/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    C:\Program Files\Toshiba\SmoothView\SmoothView.exe
    C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
    C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
    O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing)
    O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/redirect-home?tag=Tosh... (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 8704 bytes
    22 Août 2008 18:30:46

    Re,

    Prévention :

    - Nettoyage des fichiers temporaires :

    Télécharge Ccleaner sur ton Bureau.

  • Clique sur "download the latest version"
  • Installe-le en laissant seulement les options suivantes cochées :
    - Ajouter un raccourci sur le Bureau
    - Contrôler automatiquement les mises à jour de CCleaner
  • Lance le Nettoyage
  • Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.

    Aide : Comment utiliser CCleaner.


    Telecharge ATFcleaner sur ton Bureau.

  • Double-clique sur l'exécutable téléchargé.
  • Dans l'onglet Main, coche simplement la case Select All (toutes les cases vont se cocher) puis sur le bouton Empty Selected.
  • Si tu possèdes Firefox ou Opera comme navigateur, pense à choisir ton navigateur en haut a gauche avant de sélectionner Select All puis Empty Selected.
  • Puis réponds Non au message qui s'affiche, si tu ne souhaites pas perdre tes mots de passe.

    Aide : Comment utiliser AFTCleaner.

    -- Restauration Système :

    Désactive-Réactive la restauration système.

    Méthode XP :
    Clique sur Démarrer, fais un clique droit sur le Poste de travail puis clique sur Propiétés. Sélectionne l'onglet Restauration du Système.
    Dans cet onglet, coche la case Désactiver la Restauration du système sur tous les lecteurs.
    Un message de confirmation va apparaître. Clique sur Oui, puis OK. Fais redémarrer ton ordinateur pour que les changements soient bien pris en compte.
    Pour réactiver la restauration système, il suffit de décocher cette même case et de faire redémarrer ton ordinateur (en ayant suivi les mêmes étapes).

    Méthode Vista :
    Clique sur Démarrer, fais un clique droit sur Ordinateur, puis clique sur Propriétés. Clique à gauche sur Paramètres système avancés. Sélectionne l'onglet Protection du Système.
    Dans cet onglet, décoche (une par une) tes partitions, un message de confirmation va apparaître, clique sur Désactiver la protection du système, Clique sur Appliquer, puis OK.
    Fais redémarrer ton ordinateur pour que les changements soient bien pris en compte.
    Pour réactiver la restauration système, il suffit de décocher cette même case et de faire redémarrer ton ordinateur (en ayant suivi les mêmes étapes).

    Aide : Comment Désactiver-Réactiver la Restauration Système.

    --- Affichage normal des fichiers :

    Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
    - Décoche Afficher les fichiers et dossiers cachés
    - Coche Masquer les fichiers protégés du système d'exploitation (recommandé)
    clique sur Appliquer, puis OK.

    ---- Suppression des outils installés :

    Télécharge ToolsCleaner2 (de A.Rothstein)

  • Installe le sur ton Bureau.
  • Clique sur Recherche pour lancer le scan.
  • Clique sur Supprimer pour nettoyer les outils utilisés.
  • Clique sur Quitter.
  • Supprime maintenant ToolsCleaner.

    ----- Remise en place des protections, protection du système avec les Mises à Jour ! :

    Je t'invite maintenant à (ré)activer toutes tes protections résidentes (Antivirus, Antispyware, Firewall..).
    Tu dois avoir accès à tes protections dans la zone systray à côté de la barre des tâches. Si tu as des difficultés, n'hésite pas à me questionner !
    Si ce n'est pas fait, assure-toi que les Mises à jour Automatiques Windows soient activées !
    Mets tes Softwares correctement à jour (Java, Adobe, Flash ..) grâce à Sotware Inspector (chez Secunia)

    Un petit mot à propos de Java :

    Une fois la nouvelle version téléchargée, installe-la et fais redémarrer ton ordinateur.
    Hélas, les anciennes version de Java (qui contiennent des failles, donc dangereuses !) sont toujours présentes !
    C'est donc très important que tu désinstalles les anciennes versions de Java.

  • Va dans Démarrer, Panneau de Configuration, Ajout/Suppression de Programmes
  • Déinstalles toutes les versions de Java exceptée la plus récente.

    Aide : Comment utiliser Secunia Software Inspector.

    ------ Ton infection, tu la dénonces ? :

    Tu n'es pas obligé mais ce serait bien que tu rapportes ton infection sur Malware Complaints
  • Ton(tes) infection(s) : Lop.com ( Pubs CiD ).
  • Si tu ne la trouves pas dans la liste, poste dans Autres infections.

    Aide : Comment dénoncer mon infection sur Malware Complaints.

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Je t'invite maintenant à regarder ces dossiers très instructifs en terme de prévention !

    - Sécurité/Prévention
    - Conséquences de la multi-protection
    - Toolbars : Inutilité et ralentissements

    Bonne journée/soirée :) 

    (Merci à XmichouX pour ce message de fin de désinfection)

    Une fois tout cela fait, on pourra passer à l'autre PC.

    ;) 
    22 Août 2008 19:29:55

    je fais tout cela dès ce soir ;) 
    22 Août 2008 20:26:34

    voila j'ai fais tout ce que tu m'as dis .

    Concernant Software inspecor , je n'ai pas réussi à mettre a jour java , pendant l'installation j'ai eu un message d'erreur de windows me signalant que je n'avais pas les droits nécessaires pour mettre a jour java . J'ai désactivé l'UAC mais rien à faire c'est pareil .

    23 Août 2008 00:53:52

    Re,

    Essaye ça pour java ;)  Lance cet outil en faisant un clic droit sur l'exécutable et en choisissant "lancer en tant qu'administrateur".

    Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries.
  • Décompresse le fichier sur le bureau (clic droit > Extraire tout)
  • Double-cliquer sur le répertoire JavaRa.
  • Puis double-cliquer sur le fichier JavaRa.exe (le exe peut ne pas s'afficher)
  • Clique sur Search For Updates.
  • Sélectionner Update Using jucheck.exe puis cliquer sur Search.
  • Autorise le processus à se connecter s'il le demande, cliquer sur Install et suivre les instructions d'installation qui prennent quelques minutes.
  • L'installation est terminée, revenez à l'écran de JavaRa et clique sur Remove Older Versions.
  • Clique sur Oui pour confirmer. Laisse travailler et cliquez ensuite sur Ok, puis une deuxième fois sur Ok.
  • Un rapport va s'ouvrir à copier-coller dans la prochaine réponse.
  • Fermer l'application
    Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log

    ;) 
    24 Août 2008 18:32:25

    Jejedu13 a dit :
    toujours la meme erreur lors de l'installation :
    "Erreur lors de la lecture du fichier http://javadl-esd.sun.com/update/1.6.0/sp-1.6.0_07/sp10.... Vérifiez que ce fichier existe et que vous êtes autorisé à y accéder . "


    Je n'ai pas vraiment d'idée là, fais une recherche sur google ;) 

    Tu peux me poster le HijackThis du deuxième PC.

    ;) 
    24 Août 2008 22:41:15

    ok pas de problème , je te le poste demain .
    merci à toi ;) 
    24 Août 2008 22:57:50

    pour java , j'ai trouvé le problème , il venait de mon antivirus bitdefender , qui bloquait l'installation . Je te le dis au cas ou ça pourrait aider quelqu'un d'autre la prochaine fois ;) 
    25 Août 2008 12:44:34

    Re,

    Oki, ça arrive souvent les antivirus qui bloquent certains programmes.

    ;) 
    25 Août 2008 18:09:47

    la prochaine fois je le saurais que c'est l'anti virus ^^

    sinon voila le rapport hijackthis de l'autre PC :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:42:39, on 25/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {624D75F5-10A9-4F15-828E-7174CB3C725B} - \
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON SX100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\WINDOWS\TEMP\E_S7F.tmp" /EF "HKCU"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} (PhotoBox uploader) - http://www.photobox.fr/assets/aurigma/ImageUploader4.ca...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} (Java Plug-in 1.5.0_08) -
    O20 - Winlogon Notify: mljjkjk - C:\WINDOWS\
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 7861 bytes
    25 Août 2008 22:04:40

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    ;) 
    26 Août 2008 22:43:37

    dsl du retard !

    alors MBAM a détecté quelques chevaux de troies et malwares , voici le rapport de celui ci :
    Malwarebytes' Anti-Malware 1.25
    Version de la base de données: 1088
    Windows 5.1.2600 Service Pack 2

    22:38:55 26/08/2008
    mbam-log-08-26-2008 (22-38-55).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 121789
    Temps écoulé: 2 hour(s), 39 minute(s), 56 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 11
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 4
    Fichier(s) infecté(s): 5

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DomainService (Trojan.Agent) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\WINDOWS\system32\b3 (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\WinAble (Trojan.Adloader) -> Quarantined and deleted successfully.
    C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Fonts\' (Trojan.Agent) -> Files: 2563 -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\n.bat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\x.dat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\z.dat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk (Rogue.Link) -> Quarantined and deleted successfully.
    27 Août 2008 12:35:25

    Re,

    ~Fais une analyse antivirus en ligne sur le site de Kaspersky
    http://www.kaspersky.com/kos/eng/partner/default/kavweb...
  • Clique sur Accept
  • Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
  • clique une nouvelle fois sur "Accept"
  • Les bases de mises à jour vont s'installer, patiente un moment
  • Clique sur Next.
  • Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

    ;) 
    27 Août 2008 18:26:46

    j'ai fais l'analyse , et kapersky n'a rien trouvé .
    29 Août 2008 17:21:59

    est ce que je dois faire autre chose , ou est ce que tu pense qu'il n'y a rien a faire de plus pour ce PC ?
        • 1 / 2
        • 2
        • Dernier
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS