Se connecter / S'enregistrer
Votre question

internet me redige vers des sites non voulus RÉSOLU

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
7 Août 2008 22:17:43

Bonjour,

Je ne peux plus aller sur aucun site sur internet, je suis toujours redirigévers des sites de recherche.

j'ai fait hijack this est-ce que quelqu'un pourrait m'aider s'ilvous plait

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:45:56, on 2008-08-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\raymond thibault.RAYMOND\Mes documents\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/news?ned=fr_ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WINXML2 Class - {314A5833-8490-4a3b-904A-110444F25E50} - C:\WINDOWS\wxmlua.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4F26BEDB-D89B-44A1-948B-5D523292DADF} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1CC506A7-1B8D-11D4-BDD5-0060977007E0} (CrazyTalk Player) - http://plug-in.reallusion.com/CrazyTalk.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.c...
O16 - DPF: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} (Photosynth Class) - http://media.labs.live.com/all/ps/_code_/Photosynth.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) - http://download.clickteam.com/vitalize3/vitalize.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Droppix Service - Droppix - C:\Program Files\Fichiers communs\Droppix\DxService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13285 bytes

Autres pages sur : internet redige vers sites voulus resolu

7 Août 2008 22:25:12

bonsoir

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    8 Août 2008 02:45:08

    Malwarebytes' Anti-Malware 1.24
    Version de la base de données: 1012
    Windows 5.1.2600 Service Pack 2

    20:21:19 2008-08-07
    mbam-log-8-7-2008 (20-21-19).txt

    Type de recherche: Examen complet (C:\|M:\|)
    Eléments examinés: 371198
    Temps écoulé: 1 hour(s), 44 minute(s), 28 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 15
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 5
    Fichier(s) infecté(s): 17

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\Typelib\{6d0111e3-3060-4d23-b2bc-42ed86cbe9a3} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{72a128e0-2240-40c8-9e92-5387d64f839e} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\SpywareRemover (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\SpywareRemover\Log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\SpywareRemover\Quarantine (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\SpywareRemover\Registry Backups (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\SpywareRemover\Settings (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
    M:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    M:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    M:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
    C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\SpywareRemover\Settings\CustomScan.stg (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\SpywareRemover\Settings\IgnoreList.stg (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\SpywareRemover\Settings\ScanInfo.stg (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\SpywareRemover\Settings\ScanResults.stg (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\SpywareRemover\Settings\SelectedFolders.stg (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\SpywareRemover\Settings\Settings.stg (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\yfqaqkwz_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\yfqaqkwz_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\raymond thibault.RAYMOND\Local Settings\Temp\s1265.php (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\raymond thibault.RAYMOND\Local Settings\Temp\bindsrv2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\raymond thibault.RAYMOND\Local Settings\Temp\atmadm2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    Contenus similaires
    8 Août 2008 10:18:34

    bonjour :) 

    Télécharge Navilog1.exe (IL-MAFIOSO)
    Enregistre-le sur ton Bureau.
    Lance l'installation en double cliquant sur navilog.exe.
    Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
    (Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

    Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
    [#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
    Patiente jusqu'à l'apparition de ce message :
    "*** Analyse Termine le ..... ***"
    Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

    -> Edition / Sélectionner tout
    -> Edition / Copier
    -> Clique-Droit / Coller dans ta réponse


    NOTE : Le rapport se trouve également ici : C:\fixnavi.txt

    8 Août 2008 15:14:54

    Search Navipromo version 3.6.2 commencé le 2008-08-08 à 9:04:24,75

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "raymond thibault"

    Mise à jour le 07.08.2008 à 20h00 par IL-MAFIOSO


    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.11
    Système de fichiers :

    Recherche executé en mode normal

    *** Recherche Programmes installés ***


    *** Recherche dossiers dans "C:\WINDOWS" ***


    *** Recherche dossiers dans "C:\Program Files" ***


    *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


    *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\raymond thibault.RAYMOND\applic~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\raymond thibault.RAYMOND\locals~1\applic~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\raymond thibault.RAYMOND\menudm~1\progra~1" ***


    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans "C:\WINDOWS\system32" *

    * Recherche dans "C:\Documents and Settings\raymond thibault.RAYMOND\locals~1\applic~1" *



    *** Recherche fichiers ***


    C:\WINDOWS\pack.epk trouvé !

    *** Recherche clés spécifiques dans le Registre ***

    HKEY_CURRENT_USER\Software\Lanconfig trouvé !

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :


    2)Recherche Heuristique :

    * Dans "C:\WINDOWS\system32" :


    * Dans "C:\Documents and Settings\raymond thibault.RAYMOND\locals~1\applic~1" :


    3)Recherche Certificats :

    Certificat Egroup trouvé !
    Certificat Electronic-Group absent !
    Certificat OOO-Favorit absent !
    Certificat Sunny-Day-Design-Ltd absent !

    4)Recherche fichiers connus :

    C:\WINDOWS\system32\Nprtwvut.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


    *** Analyse terminée le 2008-08-08 à 9:05:17,07 ***
    8 Août 2008 22:18:29

    re

    1

    Double clique sur le raccourci de Navilog1 présent sur ton Bureau.
    Suis les instructions. Choisis ensuite l'option 2 puis valide.
    Laisse toi guider et réponds aux questions éventuelles.

    L'utilitaire va t'informer qu'il va redémarrer l'ordinateur.
    **Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts**[/#f]
    Appuie maintenant sur une touche, comme demandé.
    (si ton PC ne redémarre pas automatiquement, fais-le manuellement)

    Patiente jusqu'à l'apparition de ce message :
    "*** Nettoyage Termine le ..... ***"

    Le Bloc-notes va s'ouvrir.
    Sauvegarde le rapport de manière à le retrouver.
    Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

    NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
    Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
    Tape explorer puis valide.

    Poste le rapport sauvegardé auparavant (C:\cleannavi.txt)
    Ainsi qu'un nouveau rapport Hijackthis.

    Ferme Internet Explorer puis Démarrer/Panneau de Configuration/Options Internet.
    Choisis l'onglet Contenu puis onglet Certificats.
    Si tu trouves les programmes suivant (en particulier dans Editeurs approuvés), Dis-le moi :

    Montorgueil
    VIP



    2

    [#ff0000]Désactive ton antivirus et tout autre type de protection.

    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    3

    ajoute un nouveau rapport Hijackthis.
    9 Août 2008 07:12:30

    Clean Navipromo version 3.6.2 commencé le 2008-08-09 à 0:01:20,75

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "raymond thibault"

    Mise à jour le 07.08.2008 à 20h00 par IL-MAFIOSO


    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.11
    Système de fichiers :

    Mode suppression automatique
    avec prise en charge résultats Catchme et GNS


    Nettoyage exécuté au redémarrage de l'ordinateur


    *** fsbl1.txt non trouvé ***
    (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


    *** Suppression avec sauvegardes résultats GenericNaviSearch ***

    * Suppression dans "C:\WINDOWS\System32" *


    * Suppression dans "C:\Documents and Settings\raymond thibault.RAYMOND\locals~1\applic~1" *



    *** Suppression dossiers dans "C:\WINDOWS" ***


    *** Suppression dossiers dans "C:\Program Files" ***


    *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


    *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\raymond thibault.RAYMOND\applic~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\raymond thibault.RAYMOND\locals~1\applic~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\raymond thibault.RAYMOND\menudm~1\progra~1" ***



    *** Suppression fichiers ***

    C:\WINDOWS\pack.epk supprimé !

    *** Suppression fichiers temporaires ***

    Nettoyage contenu C:\WINDOWS\Temp effectué !
    Nettoyage contenu C:\Documents and Settings\raymond thibault.RAYMOND\locals~1\Temp effectué !

    *** Traitement Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

    2)Recherche, création sauvegardes et suppression Heuristique :


    * Dans "C:\WINDOWS\system32" *


    * Dans "C:\Documents and Settings\raymond thibault.RAYMOND\locals~1\applic~1" *


    *** Sauvegarde du Registre vers dossier Safebackup ***

    sauvegarde du Registre réalisée avec succès !

    *** Nettoyage Registre ***

    Nettoyage Registre Ok


    *** Certificats ***

    Certificat Egroup supprimé !
    Certificat Electronic-Group absent !
    Certificat OOO-Favorit absent !
    Certificat Sunny-Day-Design-Ltdt absent !

    *** Nettoyage terminé le 2008-08-09 à 0:06:16,67 ***Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:09:31, on 2008-08-09
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
    C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\PRISMSVR.EXE
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\raymond thibault.RAYMOND\Mes documents\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/news?ned=fr_ca
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
    O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
    O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {1CC506A7-1B8D-11D4-BDD5-0060977007E0} (CrazyTalk Player) - http://plug-in.reallusion.com/CrazyTalk.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.c...
    O16 - DPF: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} (Photosynth Class) - http://media.labs.live.com/all/ps/_code_/Photosynth.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
    O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) - http://download.clickteam.com/vitalize3/vitalize.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: Droppix Service - Droppix - C:\Program Files\Fichiers communs\Droppix\DxService.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe (file missing)
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE
    O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 13065 bytesComboFix 08-08-08.04 - raymond thibault 2008-08-09 0:23:57.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1479 [GMT -4:00]
    Endroit: C:\Documents and Settings\raymond thibault.RAYMOND\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\msmovies
    C:\WINDOWS\system32\actskn43.ocx
    C:\WINDOWS\system32\AutoRun.inf
    C:\WINDOWS\system32\drivers\npf.sys
    C:\WINDOWS\system32\hssbpakd.ini
    C:\WINDOWS\system32\lxxwqopi.ini
    C:\WINDOWS\system32\MSINET.oca
    C:\WINDOWS\system32\Nprtwvut.ini
    C:\WINDOWS\system32\Nprtwvut.ini2
    C:\WINDOWS\system32\packet.dll
    C:\WINDOWS\system32\pthreadVC.dll
    C:\WINDOWS\system32\sysdm.exe
    C:\WINDOWS\system32\tdssadw.dll
    C:\WINDOWS\system32\tdssinit.dll
    C:\WINDOWS\system32\tdssl.dll
    C:\WINDOWS\system32\tdsslog.dll
    C:\WINDOWS\system32\tdssmain.dll
    C:\WINDOWS\system32\tdssservers.dat
    C:\WINDOWS\system32\wanpacket.dll
    C:\WINDOWS\system32\wpcap.dll
    C:\WINDOWS\system32\xyblmwxbdm_navtmp.dat
    M:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NPF
    -------\Service_NPF


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-09 to 2008-08-09 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-08 08:59 . 2008-08-09 00:06 <REP> d-------- C:\Program Files\Navilog1
    2008-08-07 17:59 . 2008-08-07 18:24 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-07 17:59 . 2008-08-07 17:59 <REP> d-------- C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\Malwarebytes
    2008-08-07 17:59 . 2008-08-07 17:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-07 17:59 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-07 17:59 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-03 23:38 . 2008-08-07 15:42 134,656 --a------ C:\WINDOWS\system32\av.dat
    2008-07-29 21:45 . 2008-08-01 19:00 230 --a------ C:\config.xml
    2008-07-29 21:42 . 2008-07-29 21:42 <REP> d-------- C:\temp
    2008-07-29 21:41 . 2008-07-29 21:41 <REP> d-------- C:\Program Files\Microsoft Research
    2008-07-25 12:36 . 2008-08-07 22:27 18,891 --a------ C:\grab00000.jpg
    2008-07-24 09:31 . 2008-07-24 09:31 <REP> d-------- C:\Program Files\AskSBar
    2008-07-24 09:31 . 2008-07-24 09:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
    2008-07-24 09:30 . 2008-07-24 09:44 <REP> d-------- C:\Program Files\Vuze
    2008-07-18 21:36 . 2008-07-18 21:36 <REP> d-------- C:\Program Files\Fichiers communs\NSV
    2008-07-18 14:39 . 2008-07-18 14:39 587,264 --a------ C:\WINDOWS\WLXPGSS.SCR
    2008-07-17 09:09 . 2008-07-17 09:09 <REP> d-------- C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\aignes
    2008-07-11 23:18 . 2008-08-09 00:22 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
    2008-07-11 23:18 . 2008-07-13 11:31 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
    2008-07-11 23:17 . 2008-07-13 11:30 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-07-11 18:19 . 2008-07-11 18:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-07-11 16:07 . 2008-08-09 00:35 29,390,880 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-07-11 16:07 . 2008-08-09 00:29 345,236 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-07-10 08:42 . 2008-07-10 08:42 <REP> d-------- C:\Program Files\Vstplugins
    2008-07-10 08:42 . 2008-07-10 08:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sony
    2008-07-09 09:46 . 2006-08-16 07:59 100,352 --------- C:\WINDOWS\system32\dllcache\6to4svc.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-09 04:30 --------- d-----w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\WTablet
    2008-08-09 03:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-08-09 00:27 --------- d-----w C:\Program Files\Stellarium
    2008-08-08 22:15 --------- d-----w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\Azureus
    2008-08-08 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-08-07 15:41 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-08-06 03:29 --------- d-----w C:\Program Files\Planetwide Games
    2008-08-06 00:50 --------- d-----w C:\Program Files\MagicISO
    2008-08-06 00:50 --------- d-----w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\LimeWire
    2008-08-05 12:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-08-05 12:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-08-04 23:43 --------- d-----w C:\Program Files\AKVIS
    2008-08-03 13:52 --------- d-----w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\Corel
    2008-08-02 03:53 --------- d-----w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\Canon
    2008-07-25 01:49 --------- d-----w C:\Program Files\TrackMania Nations ESWC
    2008-07-24 13:16 --------- d-----w C:\Program Files\Azureus
    2008-07-21 13:40 --------- d-----w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\HPAppData
    2008-07-20 02:47 --------- d-----w C:\Program Files\ICQ6
    2008-07-12 03:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
    2008-07-10 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
    2008-07-10 19:41 --------- d-----w C:\Program Files\exPressit S.E. 2.1
    2008-07-10 12:42 --------- d-----w C:\Program Files\Sony
    2008-07-10 12:41 --------- d-----w C:\Program Files\Sony Setup
    2008-07-09 19:55 --------- d-----w C:\Program Files\Roxio
    2008-07-09 19:55 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
    2008-07-09 19:55 --------- d-----w C:\Program Files\Fichiers communs\Roxio Shared
    2008-07-09 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
    2008-07-09 19:42 --------- d-----w C:\Program Files\splus
    2008-07-08 23:58 --------- d-----w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\Backup MyPC
    2008-07-08 23:32 512 --sha-w C:\FARSBOOT.BIN
    2008-07-07 04:03 --------- d-----w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\Sony
    2008-07-05 19:04 --------- d-----w C:\Program Files\Vstplugins(2)
    2008-07-01 21:31 --------- d-----w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\Publish Providers
    2008-06-27 16:03 --------- d-----w C:\Program Files\HP
    2008-06-27 16:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
    2008-06-27 16:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
    2008-06-27 16:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
    2008-06-27 01:05 --------- d-----w C:\Program Files\Aquatica 3D
    2008-06-26 20:46 --------- d-----w C:\Program Files\ICQToolbar
    2008-06-26 11:54 --------- d-----w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\TomTom
    2008-06-26 11:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom
    2008-06-24 20:18 --------- d-----w C:\Program Files\Common Files
    2008-06-20 10:45 360,320 ------w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 09:52 225,920 ------w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-19 13:13 --------- d-----w C:\Program Files\ffdshow
    2008-06-19 12:00 --------- d-----w C:\Program Files\DAEMON Tools
    2008-06-17 16:07 --------- d-----w C:\Program Files\LimeWire
    2008-06-15 12:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-15 12:46 --------- d-----w C:\Program Files\STOIK
    2008-06-14 21:48 --------- d-----w C:\Program Files\Microsoft LifeCam
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-12 21:48 --------- d-----w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\GARMIN
    2008-05-17 17:16 0 -c--a-w C:\Program Files\temp01
    2008-04-28 22:51 4,394 -c----w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\SAS7_000.DAT
    2008-03-11 22:20 816 ------w C:\Program Files\INSTALL.LOG
    2008-01-28 15:17 4 -csh--r C:\Documents and Settings\All Users\Application Data\sysqcl1129139270.dat
    2007-03-14 14:05 382 ------w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\internaldb1942.dat
    2007-01-10 15:32 20,480 ------w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\internaldb4827.dat
    2006-12-12 01:06 2,840 ------w C:\Documents and Settings\raymond thibault.RAYMOND\master.dat
    2006-11-16 20:57 0 -c----w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\internaldb5436.dat
    2006-11-04 21:30 49 ------w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\internaldb41.dat
    2006-11-03 19:40 9,216 ------w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\internaldb8467.dat
    2006-11-03 19:40 0 -c----w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\internaldb6334.dat
    2006-05-24 21:38 233,472 ------w C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll
    2006-05-18 22:00 204,895 ------w C:\Program Files\mozilla firefox\plugins\ctdomemhelper.dll
    2005-09-29 19:41 77,824 ------w C:\Program Files\mozilla firefox\plugins\ctframeplayerobject.dll
    2006-05-18 21:59 426,081 ------w C:\Program Files\mozilla firefox\plugins\ctplayerobject.dll
    2005-02-02 17:19 458,752 ------w C:\Program Files\mozilla firefox\plugins\imagickrt.dll
    2006-04-10 23:35 139,264 ------w C:\Program Files\mozilla firefox\plugins\rlcontentclass.dll
    2005-11-09 16:10 204,800 ------w C:\Program Files\mozilla firefox\plugins\RLMusicPacker.dll
    2005-11-09 16:42 106,496 ------w C:\Program Files\mozilla firefox\plugins\RLMusicUnpacker.dll
    2006-01-04 16:22 212,992 ------w C:\Program Files\mozilla firefox\plugins\RLVoicePacker.dll
    2006-01-04 16:21 167,936 ------w C:\Program Files\mozilla firefox\plugins\RLVoiceUnpacker.dll
    2006-01-28 14:57 80 --sh--r C:\WINDOWS\Ct4set.bin
    2005-05-13 22:12 217,073 --sh--r C:\WINDOWS\meta4.exe
    2005-10-24 16:13 66,560 --sh--r C:\WINDOWS\MOTA113.exe
    2006-07-04 18:42 104 --sh--r C:\WINDOWS\system32\09B324950E.sys
    2007-01-28 15:40 88 --sh--r C:\WINDOWS\system32\4628F0FC56.sys
    2005-07-14 17:31 27,648 --sh--r C:\WINDOWS\system32\AVSredirect.dll
    2005-06-26 20:32 616,448 --sh--r C:\WINDOWS\system32\cygwin1.dll
    2005-06-22 03:37 45,568 --sh--r C:\WINDOWS\system32\cygz.dll
    2004-01-25 05:00 70,656 --sh--r C:\WINDOWS\system32\i420vfw.dll
    2005-02-28 18:16 240,128 --sh--r C:\WINDOWS\system32\x.264.exe
    2004-01-25 05:00 70,656 --sh--r C:\WINDOWS\system32\yv12vfw.dll
    .

    ------- Sigcheck -------

    2007-06-13 09:22 1188352 2d70ef2adc4ca0c8cb1e40d150be8b25 C:\WINDOWS\explorer.exe
    2007-06-13 09:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2004-08-05 14:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
    2007-06-13 09:22 1188352 2d70ef2adc4ca0c8cb1e40d150be8b25 C:\WINDOWS\system32\dllcache\explorer.exe
    2004-08-05 14:00 1884672 90e794c5d2d368686fe71b4a0354462c C:\WINDOWS\VCP_SAVE\explorer.exe
    2004-08-05 14:00 1884672 90e794c5d2d368686fe71b4a0354462c C:\WINDOWS\VCP_TEMP\explorer.exe
    2007-06-13 09:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\XPize\Backup\explorer.exe

    2004-08-05 14:00 30208 978e23bbab5af4d474da11814d542392 C:\WINDOWS\system32\ctfmon.exe
    2004-08-05 14:00 15360 5584247b568c2e53934873f4b655fe6a C:\WINDOWS\XPize\Backup\ctfmon.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-19 18:36 1267040]

    [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 30208]
    "Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe" [2007-09-23 22:55 533944]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-09 01:57 7110656]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-13 11:31 1232152]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 30208]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 21:23 443968]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-04-24 13:13 282624]
    "{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= "C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll" [2005-10-05 13:00 69632]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2005-11-23 03:47 53248 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWlgn.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.yv12"= yv12vfw.dll
    "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
    "msacm.MPEGacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
    "msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
    "msacm.l3codec"= l3codecp.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    --------- 2005-08-11 16:30 249856 C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    --------- 2006-10-25 09:03 210472 C:\Program Files\Fichiers communs\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX6000]
    --a------ 2006-10-13 18:04 994096 C:\WINDOWS\vVX6000.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "L07FXLRD_53931343"="C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" -m

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
    "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "SerialNumber"="A109A-K13-3ZXD-BAP5-TE"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "C:\\Program Files\\ICQ6\\ICQ.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
    "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
    "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "57310:TCP"= 57310:TCP:p ando P2P TCP Listening Port
    "57310:UDP"= 57310:UDP:p ando P2P UDP Listening Port

    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-13 11:30]
    R1 c2scsi;c2scsi;C:\WINDOWS\system32\drivers\c2scsi.sys [2005-05-11 08:00]
    R1 DCDisk;DCDisk;C:\WINDOWS\system32\drivers\DCDisk.sys [2007-07-28 21:12]
    R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-13 11:31]
    R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2006-10-13 18:01]
    R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 09:34]
    R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
    R2 portD;CMS PortIO Service;C:\WINDOWS\system32\DRIVERS\portd2k.sys [2004-02-23 08:40]
    R3 tenCapture;tenCapture;C:\WINDOWS\system32\DRIVERS\tenCapture.sys [2007-04-21 10:15]
    R3 VX6000;Microsoft LifeCam VX-6000;C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys [2006-10-13 18:04]
    R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 15:12]
    R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 14:30]
    S3 Droppix Service;Droppix Service;C:\Program Files\Fichiers communs\Droppix\DxService.exe [2007-09-14 10:16]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
    S4 PRISMSVC;PRISMSVC;C:\WINDOWS\system32\PRISMSVC.EXE [2004-10-04 16:12]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Nil-0iapy4pri3n#D]
    \Shell\applet\command - X:\install\autorun\autorun.exe /s
    \Shell\AutoRun\command - X:\install\autorun\autorun.exe
    \Shell\install\command - X:\setup.exe
    \Shell\readfile\command - notepad readme.txt

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \Shell\AutoRun\command - F:\MA.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83f12dad-8310-11da-af55-806d6172696f}]
    \Shell\AutoRun\command - D:\AUTORUN\AUTORUN.EXE
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

    2008-08-08 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe []
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file)


    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\Mozilla\Firefox\Profiles\8dc1hg0a.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.icq.com/start
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://uk.msn.com/


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-09 00:35:51
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\userinit.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\system32\PRISMSVR.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\system32\searchindexer.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-09 0:41:57 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-08-09 04:41:50

    Pre-Run: 111,171,555,328 octets libres
    Post-Run: 111,023,702,016 octets libres

    327 --- E O F --- 2008-08-08 03:58:52
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:44:49, on 2008-08-09
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\userinit.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\system32\PRISMSVR.EXE
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\raymond thibault.RAYMOND\Mes documents\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/news?ned=fr_ca
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
    O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
    O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {1CC506A7-1B8D-11D4-BDD5-0060977007E0} (CrazyTalk Player) - http://plug-in.reallusion.com/CrazyTalk.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.c...
    O16 - DPF: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} (Photosynth Class) - http://media.labs.live.com/all/ps/_code_/Photosynth.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
    O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) - http://download.clickteam.com/vitalize3/vitalize.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: Droppix Service - Droppix - C:\Program Files\Fichiers communs\Droppix\DxService.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe (file missing)
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE
    O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 13025 bytes
    il n'y a pas de Montorgueuil vip dans les certificats

    Je peux maintenant faire des recherches sur googles et mettre à jour mon antivirus, je continue à surveiller si tu as trouver autre chose En attendant merci infiniment


    9 Août 2008 14:04:48

    bonjour

    encore quelques bricoles

    Télécharge Toolbar S&D de la Team IDN sur ton bureau.

  • Double-clique dessus pour lancer l'installation.
  • Accepte le contrat de licence.
  • Puis double-clique sur le raccourci Toolbar S&D présent sur ton bureau.
  • Sélectionne la langue souhaitée et valide par la touche entrée.
  • Choisis l'option 1 ( Recherche ).
  • Patiente jusqu'à la fin du scan.
  • Poste le rapport généré. ( C:\TB.txt )
    9 Août 2008 16:05:17

    Bonjour,

    -----------\\ ToolBar S&D 1.0.8 XP/Vista

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : raymond thibault ] [ "C:\Toolbar SD" ] [ Selection : 1 ]
    [ 2008-08-09 | 9:54:10,76 ] [ PC : RAYMOND ]
    [ MAJ : 04-08-2008 | 23:15 ]

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\Program Files\AskSBar
    C:\Program Files\AskSBar\bar
    C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll

    -----------\\ Extensions

    (raymond thibault.RAYMOND) - {0b38152b-1b20-484d-a11f-5e04a9b0661f} => winamptoolbar
    (raymond thibault.RAYMOND) - {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} => flashgot
    (raymond thibault.RAYMOND) - {800b5000-a755-47e1-992b-48a1c1357f07} => icqtoolbar
    (raymond thibault.RAYMOND) - {D02B1E87-A8C6-433f-9B5C-2CEC4A072736} => signupshield


    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://news.google.com/news?ned=fr_ca"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
    "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
    "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Start Page"="http://www.msn.com/"
    "Home_Page"="http://www1.ca.dell.com/content/default.aspx?c=ca&l=FR&..."
    "Help_Page"="http://www1.ca.dell.com/content/topics/reftopic.aspx/ge..."


    -----------\\ Fin du rapport a 9:55:53,01
    9 Août 2008 17:26:45

    bonjour,

    Javais oublié, Surprise quand j'ai ouvert l'ordie ce matin, les icones ne se chargent pas sur le bureau donc je dois ouvrir le gestionnaire des tâches et faire nouvelle tacche exécuter pour qu'il finisse de se loader.
    9 Août 2008 18:27:50

    Bonsoir tibp,

    C'est un tout petit oublie de l'amis Sham_Rock !

    Citation :
    NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
    Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
    Tape explorer puis valide.
    9 Août 2008 20:56:34

    bonsoir,

    c'est ce que j'ai fait, mais chaque fois que je démarre l'ordi je dois faire la même manipulation
    9 Août 2008 23:09:25

    bonsoir bob, tibp :) 

    pour ce qui est le problème de bureau, ToolBar S&D n'avait pas encore travaillé. Je vais voir avec le développeur.

    1

    Relance Toolbar S&D

  • Choisis cette fois-ci l'option 2. ( Suppression )
    Ton bureau va disparaitre, c'est normal. Laisse l'outil travailler.
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré. ( C:\TB.txt )

    2


    Rends toi sur ce lien : Virus Total
  • Clique sur Parcourir
  • Rends toi jusque sur ce fichier si tu le trouves :

    C:\WINDOWS\system32\av.dat

  • Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image :
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
    Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.


    9 Août 2008 23:50:02

    BONJOUR !

    j'ai exactement le meme problème. Est-ce que tu peux egalement m'aider ? Est-ce que je peux faire toutes les manipulations que tu as conseillé à celui qui a ouvert cette disucssion ?

    pour info, spybot m'indique une menace DeepDive et j'ai fait fonctionner spybot search and destroy et ccleaner en mode sans echec : aucun resultat.

    10 Août 2008 02:07:34

    -----------\\ ToolBar S&D 1.0.8 XP/Vista

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : raymond thibault ] [ "C:\Toolbar SD" ] [ Selection : 2 ]
    [ 2008-08-09 | 19:56:19,37 ] [ PC : RAYMOND ]
    [ MAJ : 04-08-2008 | 23:15 ]

    -----------\\ SUPPRESSION

    Supprime! - C:\Program Files\AskSBar\bar
    Supprime! - C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
    Supprime! - C:\Program Files\AskSBar

    -----------\\ Recherche de Fichiers / Dossiers ...


    -----------\\ Extensions

    (raymond thibault.RAYMOND) - {0b38152b-1b20-484d-a11f-5e04a9b0661f} => winamptoolbar
    (raymond thibault.RAYMOND) - {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} => flashgot
    (raymond thibault.RAYMOND) - {800b5000-a755-47e1-992b-48a1c1357f07} => icqtoolbar
    (raymond thibault.RAYMOND) - {D02B1E87-A8C6-433f-9B5C-2CEC4A072736} => signupshield


    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://news.google.com/news?ned=fr_ca"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
    "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
    "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Start Page"="http://www.msn.com/"
    "Home_Page"="http://www1.ca.dell.com/content/default.aspx?c=ca&l=FR&..."
    "Help_Page"="http://www1.ca.dell.com/content/topics/reftopic.aspx/ge..."


    -----------\\ Fin du rapport a 19:59:40,92
    10 Août 2008 02:21:55

    -----------\\ ToolBar S&D 1.0.8 XP/Vista

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : raymond thibault ] [ "C:\Toolbar SD" ] [ Selection : 2 ]
    [ 2008-08-09 | 19:56:19,37 ] [ PC : RAYMOND ]
    [ MAJ : 04-08-2008 | 23:15 ]

    -----------\\ SUPPRESSION

    Supprime! - C:\Program Files\AskSBar\bar
    Supprime! - C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
    Supprime! - C:\Program Files\AskSBar

    -----------\\ Recherche de Fichiers / Dossiers ...


    -----------\\ Extensions

    (raymond thibault.RAYMOND) - {0b38152b-1b20-484d-a11f-5e04a9b0661f} => winamptoolbar
    (raymond thibault.RAYMOND) - {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} => flashgot
    (raymond thibault.RAYMOND) - {800b5000-a755-47e1-992b-48a1c1357f07} => icqtoolbar
    (raymond thibault.RAYMOND) - {D02B1E87-A8C6-433f-9B5C-2CEC4A072736} => signupshield


    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://news.google.com/news?ned=fr_ca"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
    "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
    "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Start Page"="http://www.msn.com/"
    "Home_Page"="http://www1.ca.dell.com/content/default.aspx?c=ca&l=FR&..."
    "Help_Page"="http://www1.ca.dell.com/content/topics/reftopic.aspx/ge..."


    -----------\\ Fin du rapport a 19:59:40,92

    Fichier av.dat reçu le 2008.08.10 02:11:30 (CET)Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.8.9.0 2008.08.08 -
    AntiVir 7.8.1.19 2008.08.09 -
    Authentium 5.1.0.4 2008.08.09 -
    Avast 4.8.1195.0 2008.08.09 -
    AVG 8.0.0.156 2008.08.09 -
    BitDefender 7.2 2008.08.10 -
    CAT-QuickHeal 9.50 2008.08.08 (Suspicious) - DNAScan
    ClamAV 0.93.1 2008.08.09 -
    DrWeb 4.44.0.09170 2008.08.09 -
    eSafe 7.0.17.0 2008.08.07 Suspicious File
    eTrust-Vet 31.6.6021 2008.08.08 -
    Ewido 4.0 2008.08.09 -
    F-Prot 4.4.4.56 2008.08.10 -
    F-Secure 7.60.13501.0 2008.08.09 -
    Fortinet 3.14.0.0 2008.08.09 -
    GData 2.0.7306.1023 2008.08.10 -
    Ikarus T3.1.1.34.0 2008.08.10 Trojan-Downloader.Win32.Renos.AQ
    K7AntiVirus 7.10.408 2008.08.09 -
    Kaspersky 7.0.0.125 2008.08.10 -
    McAfee 5357 2008.08.08 -
    Microsoft 1.3807 2008.08.09 TrojanDownloader:Win32/Renos.gen!AQ
    NOD32v2 3342 2008.08.09 a variant of Win32/TrojanDownloader.FakeAlert.FT
    Norman 5.80.02 2008.08.08 -
    Panda 9.0.0.4 2008.08.09 -
    PCTools 4.4.2.0 2008.08.09 -
    Prevx1 V2 2008.08.10 -
    Rising 20.56.41.00 2008.08.08 -
    Sophos 4.32.0 2008.08.09 Mal/EncPk-CZ
    Sunbelt 3.1.1538.1 2008.08.09 -
    Symantec 10 2008.08.10 -
    TheHacker 6.2.96.395 2008.08.08 -
    TrendMicro 8.700.0.1004 2008.08.08 -
    VBA32 3.12.8.3 2008.08.09 -
    ViRobot 2008.8.8.1329 2008.08.08 -
    VirusBuster 4.5.11.0 2008.08.09 -
    Webwasher-Gateway 6.6.2 2008.08.09 -

    Information additionnelle
    File size: 134656 bytes
    MD5...: 6d6ab3dc15b38109358ac992f3508072
    SHA1..: 12fbe2c4e171388a93263bbbc3147638bbd15f33
    SHA256: a2f6d40d53f7d63fda6b13262e5232088993d5a34fdd7ccd89859d3cc9b02634
    SHA512: d304184f7cd18c8472f7e1cc88334474e64dcf13d4c264c0090573dba876823d<BR>09317d514c117c93205ee6171587a032a3da06c72db57d01e3b429720801a172
    PEiD..: -
    PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x40313e<BR>timedatestamp.....: 0x489afa0d (Thu Aug 07 13:35:09 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.code 0x1000 0x3303c 0x3a00 4.82 f6d700e95696aa078a46e1e2c49d5a85<BR>.data 0x35000 0x1b9ec 0x1ac00 8.00 e211e952f4df9897dff571b636d16fd8<BR>.rsrc 0x51000 0x1000 0x400 7.41 655a0840e585084ebd52cc34d8bb467b<BR><BR>( 0 imports ) <BR><BR>( 0 exports ) <BR>

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.8.9.0 2008.08.08 -
    AntiVir 7.8.1.19 2008.08.09 -
    Authentium 5.1.0.4 2008.08.09 -
    Avast 4.8.1195.0 2008.08.09 -
    AVG 8.0.0.156 2008.08.09 -
    BitDefender 7.2 2008.08.10 -
    CAT-QuickHeal 9.50 2008.08.08 (Suspicious) - DNAScan
    ClamAV 0.93.1 2008.08.09 -
    DrWeb 4.44.0.09170 2008.08.09 -
    eSafe 7.0.17.0 2008.08.07 Suspicious File
    eTrust-Vet 31.6.6021 2008.08.08 -
    Ewido 4.0 2008.08.09 -
    F-Prot 4.4.4.56 2008.08.10 -
    F-Secure 7.60.13501.0 2008.08.09 -
    Fortinet 3.14.0.0 2008.08.09 -
    GData 2.0.7306.1023 2008.08.10 -
    Ikarus T3.1.1.34.0 2008.08.10 Trojan-Downloader.Win32.Renos.AQ
    K7AntiVirus 7.10.408 2008.08.09 -
    Kaspersky 7.0.0.125 2008.08.10 -
    McAfee 5357 2008.08.08 -
    Microsoft 1.3807 2008.08.09 TrojanDownloader:Win32/Renos.gen!AQ
    NOD32v2 3342 2008.08.09 a variant of Win32/TrojanDownloader.FakeAlert.FT
    Norman 5.80.02 2008.08.08 -
    Panda 9.0.0.4 2008.08.09 -
    PCTools 4.4.2.0 2008.08.09 -
    Prevx1 V2 2008.08.10 -
    Rising 20.56.41.00 2008.08.08 -
    Sophos 4.32.0 2008.08.09 Mal/EncPk-CZ
    Sunbelt 3.1.1538.1 2008.08.09 -
    Symantec 10 2008.08.10 -
    TheHacker 6.2.96.395 2008.08.08 -
    TrendMicro 8.700.0.1004 2008.08.08 -
    VBA32 3.12.8.3 2008.08.09 -
    ViRobot 2008.8.8.1329 2008.08.08 -
    VirusBuster 4.5.11.0 2008.08.09 -
    Webwasher-Gateway 6.6.2 2008.08.09 -

    Information additionnelle
    File size: 134656 bytes
    MD5...: 6d6ab3dc15b38109358ac992f3508072
    SHA1..: 12fbe2c4e171388a93263bbbc3147638bbd15f33
    SHA256: a2f6d40d53f7d63fda6b13262e5232088993d5a34fdd7ccd89859d3cc9b02634
    SHA512: d304184f7cd18c8472f7e1cc88334474e64dcf13d4c264c0090573dba876823d<BR>09317d514c117c93205ee6171587a032a3da06c72db57d01e3b429720801a172
    PEiD..: -
    PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x40313e<BR>timedatestamp.....: 0x489afa0d (Thu Aug 07 13:35:09 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.code 0x1000 0x3303c 0x3a00 4.82 f6d700e95696aa078a46e1e2c49d5a85<BR>.data 0x35000 0x1b9ec 0x1ac00 8.00 e211e952f4df9897dff571b636d16fd8<BR>.rsrc 0x51000 0x1000 0x400 7.41 655a0840e585084ebd52cc34d8bb467b<BR><BR>( 0 imports ) <BR><BR>( 0 exports ) <BR>


    10 Août 2008 18:45:03

    bonjour

    1

    Copie (Ctrl+C) le texte ci-dessous :
    File::
    C:\WINDOWS\system32\av.dat



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    2

    Cette procédure doit être imprimée pour que tu puisses l’avoir sous les yeux quand tu seras en mode sans échec.

    Télécharge SDFix(créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    ***Si le lien ne fonctionne pas, essaie celui-ci : http://download.bleepingcomputer.com/andymanchesta/SDFi... ***

    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
  • Redémarre ton ordinateur
  • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
  • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !



    10 Août 2008 19:50:36

    ComboFix 08-08-09.06 - raymond thibault 2008-08-10 13:40:02.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1332 [GMT -4:00]
    Endroit: C:\Documents and Settings\raymond thibault.RAYMOND\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\raymond thibault.RAYMOND\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\system32\av.dat
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-07-10 to 2008-08-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-09 09:52 . 2008-08-10 08:16 <REP> d-------- C:\Toolbar SD
    2008-08-08 08:59 . 2008-08-09 00:06 <REP> d-------- C:\Program Files\Navilog1
    2008-08-07 17:59 . 2008-08-07 18:24 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-07 17:59 . 2008-08-07 17:59 <REP> d-------- C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\Malwarebytes
    2008-08-07 17:59 . 2008-08-07 17:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-07 17:59 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-07 17:59 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-07-29 21:45 . 2008-08-01 19:00 230 --a------ C:\config.xml
    2008-07-29 21:42 . 2008-07-29 21:42 <REP> d-------- C:\temp
    2008-07-29 21:41 . 2008-07-29 21:41 <REP> d-------- C:\Program Files\Microsoft Research
    2008-07-25 12:36 . 2008-08-07 22:27 18,891 --a------ C:\grab00000.jpg
    2008-07-24 09:31 . 2008-07-24 09:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
    2008-07-24 09:30 . 2008-07-24 09:44 <REP> d-------- C:\Program Files\Vuze
    2008-07-18 21:36 . 2008-07-18 21:36 <REP> d-------- C:\Program Files\Fichiers communs\NSV
    2008-07-18 14:39 . 2008-07-18 14:39 587,264 --a------ C:\WINDOWS\WLXPGSS.SCR
    2008-07-17 09:09 . 2008-07-17 09:09 <REP> d-------- C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\aignes
    2008-07-11 23:18 . 2008-08-09 14:52 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
    2008-07-11 23:18 . 2008-07-13 11:31 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
    2008-07-11 23:17 . 2008-07-13 11:30 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-07-11 18:19 . 2008-07-11 18:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-07-11 16:07 . 2008-08-10 13:43 32,520,224 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-07-11 16:07 . 2008-08-10 10:07 379,604 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-07-10 08:42 . 2008-07-10 08:42 <REP> d-------- C:\Program Files\Vstplugins
    2008-07-10 08:42 . 2008-07-10 08:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sony

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-10 14:09 --------- d-----w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\WTablet
    2008-08-10 12:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-08-10 01:11 --------- d-----w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\Azureus
    2008-08-09 00:27 --------- d-----w C:\Program Files\Stellarium
    2008-08-08 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-08-07 15:41 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-08-06 03:29 --------- d-----w C:\Program Files\Planetwide Games
    2008-08-06 00:50 --------- d-----w C:\Program Files\MagicISO
    2008-08-06 00:50 --------- d-----w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\LimeWire
    2008-08-05 12:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-08-05 12:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-08-04 23:43 --------- d-----w C:\Program Files\AKVIS
    2008-08-03 13:52 --------- d-----w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\Corel
    2008-08-02 03:53 --------- d-----w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\Canon
    2008-07-25 01:49 --------- d-----w C:\Program Files\TrackMania Nations ESWC
    2008-07-24 13:16 --------- d-----w C:\Program Files\Azureus
    2008-07-21 13:40 --------- d-----w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\HPAppData
    2008-07-20 02:47 --------- d-----w C:\Program Files\ICQ6
    2008-07-15 14:55 28,053,645 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
    2008-07-12 03:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
    2008-07-10 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
    2008-07-10 19:41 --------- d-----w C:\Program Files\exPressit S.E. 2.1
    2008-07-10 12:42 --------- d-----w C:\Program Files\Sony
    2008-07-10 12:41 --------- d-----w C:\Program Files\Sony Setup
    2008-07-09 19:55 --------- d-----w C:\Program Files\Roxio
    2008-07-09 19:55 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
    2008-07-09 19:55 --------- d-----w C:\Program Files\Fichiers communs\Roxio Shared
    2008-07-09 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
    2008-07-09 19:42 --------- d-----w C:\Program Files\splus
    2008-07-08 23:58 --------- d-----w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\Backup MyPC
    2008-07-08 23:32 512 --sha-w C:\FARSBOOT.BIN
    2008-07-07 04:03 --------- d-----w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\Sony
    2008-07-06 12:46 115,598 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_07_05_20_47_17_small.dmp.zip
    2008-07-05 19:04 --------- d-----w C:\Program Files\Vstplugins(2)
    2008-07-01 21:31 --------- d-----w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\Publish Providers
    2008-06-27 16:03 --------- d-----w C:\Program Files\HP
    2008-06-27 16:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
    2008-06-27 16:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
    2008-06-27 16:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
    2008-06-27 01:05 --------- d-----w C:\Program Files\Aquatica 3D
    2008-06-26 20:46 --------- d-----w C:\Program Files\ICQToolbar
    2008-06-26 11:54 --------- d-----w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\TomTom
    2008-06-26 11:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom
    2008-06-24 20:18 --------- d-----w C:\Program Files\Common Files
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 10:45 360,320 ------w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-20 09:52 225,920 ------w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-20 09:52 225,920 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-06-19 13:13 --------- d-----w C:\Program Files\ffdshow
    2008-06-19 12:00 --------- d-----w C:\Program Files\DAEMON Tools
    2008-06-17 16:07 --------- d-----w C:\Program Files\LimeWire
    2008-06-15 12:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-15 12:46 --------- d-----w C:\Program Files\STOIK
    2008-06-14 21:48 --------- d-----w C:\Program Files\Microsoft LifeCam
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-12 21:48 --------- d-----w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\GARMIN
    2008-06-06 16:29 93,056 ----a-w C:\WINDOWS\system32\rnfwsprk.dll.vir
    2008-05-17 17:16 0 -c--a-w C:\Program Files\temp01
    2008-04-28 22:51 4,394 -c----w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\SAS7_000.DAT
    2008-03-11 22:20 816 ------w C:\Program Files\INSTALL.LOG
    2008-01-28 15:17 4 -csh--r C:\Documents and Settings\All Users\Application Data\sysqcl1129139270.dat
    2007-03-14 14:05 382 ------w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\internaldb1942.dat
    2007-01-10 15:32 20,480 ------w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\internaldb4827.dat
    2006-12-12 01:06 2,840 ------w C:\Documents and Settings\raymond thibault.RAYMOND\master.dat
    2006-11-16 20:57 0 -c----w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\internaldb5436.dat
    2006-11-04 21:30 49 ------w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\internaldb41.dat
    2006-11-03 19:40 9,216 ------w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\internaldb8467.dat
    2006-11-03 19:40 0 -c----w C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\internaldb6334.dat
    2006-05-24 21:38 233,472 ------w C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll
    2006-05-18 22:00 204,895 ------w C:\Program Files\mozilla firefox\plugins\ctdomemhelper.dll
    2005-09-29 19:41 77,824 ------w C:\Program Files\mozilla firefox\plugins\ctframeplayerobject.dll
    2006-05-18 21:59 426,081 ------w C:\Program Files\mozilla firefox\plugins\ctplayerobject.dll
    2005-02-02 17:19 458,752 ------w C:\Program Files\mozilla firefox\plugins\imagickrt.dll
    2006-04-10 23:35 139,264 ------w C:\Program Files\mozilla firefox\plugins\rlcontentclass.dll
    2005-11-09 16:10 204,800 ------w C:\Program Files\mozilla firefox\plugins\RLMusicPacker.dll
    2005-11-09 16:42 106,496 ------w C:\Program Files\mozilla firefox\plugins\RLMusicUnpacker.dll
    2006-01-04 16:22 212,992 ------w C:\Program Files\mozilla firefox\plugins\RLVoicePacker.dll
    2006-01-04 16:21 167,936 ------w C:\Program Files\mozilla firefox\plugins\RLVoiceUnpacker.dll
    2006-01-28 14:57 80 --sh--r C:\WINDOWS\Ct4set.bin
    2005-05-13 22:12 217,073 --sh--r C:\WINDOWS\meta4.exe
    2005-10-24 16:13 66,560 --sh--r C:\WINDOWS\MOTA113.exe
    2006-07-04 18:42 104 --sh--r C:\WINDOWS\system32\09B324950E.sys
    2007-01-28 15:40 88 --sh--r C:\WINDOWS\system32\4628F0FC56.sys
    2005-07-14 17:31 27,648 --sh--r C:\WINDOWS\system32\AVSredirect.dll
    2005-06-26 20:32 616,448 --sh--r C:\WINDOWS\system32\cygwin1.dll
    2005-06-22 03:37 45,568 --sh--r C:\WINDOWS\system32\cygz.dll
    2004-01-25 05:00 70,656 --sh--r C:\WINDOWS\system32\i420vfw.dll
    2005-02-28 18:16 240,128 --sh--r C:\WINDOWS\system32\x.264.exe
    2004-01-25 05:00 70,656 --sh--r C:\WINDOWS\system32\yv12vfw.dll
    .

    ------- Sigcheck -------

    2007-06-13 09:22 1188352 2d70ef2adc4ca0c8cb1e40d150be8b25 C:\WINDOWS\explorer.exe
    2007-06-13 09:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2004-08-05 14:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
    2007-06-13 09:22 1188352 2d70ef2adc4ca0c8cb1e40d150be8b25 C:\WINDOWS\system32\dllcache\explorer.exe
    2004-08-05 14:00 1884672 90e794c5d2d368686fe71b4a0354462c C:\WINDOWS\VCP_SAVE\explorer.exe
    2004-08-05 14:00 1884672 90e794c5d2d368686fe71b4a0354462c C:\WINDOWS\VCP_TEMP\explorer.exe
    2007-06-13 09:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\XPize\Backup\explorer.exe

    2004-08-05 14:00 30208 978e23bbab5af4d474da11814d542392 C:\WINDOWS\system32\ctfmon.exe
    2004-08-05 14:00 15360 5584247b568c2e53934873f4b655fe6a C:\WINDOWS\XPize\Backup\ctfmon.exe
    .
    ((((((((((((((((((((((((((((( snapshot@2008-08-09_ 0.40.57.23 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-08-10 14:09:20 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_61c.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-19 18:36 1267040]

    [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 30208]
    "Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe" [2007-09-23 22:55 533944]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-09 01:57 7110656]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-13 11:31 1232152]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-21 19:08 98304]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 30208]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 21:23 443968]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-04-24 13:13 282624]
    "{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= "C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll" [2005-10-05 13:00 69632]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2005-11-23 03:47 53248 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWlgn.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.yv12"= yv12vfw.dll
    "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
    "msacm.MPEGacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
    "msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
    "msacm.l3codec"= l3codecp.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    --------- 2005-08-11 16:30 249856 C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    --------- 2006-10-25 09:03 210472 C:\Program Files\Fichiers communs\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX6000]
    --a------ 2006-10-13 18:04 994096 C:\WINDOWS\vVX6000.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "L07FXLRD_53931343"="C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" -m

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
    "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "SerialNumber"="A109A-K13-3ZXD-BAP5-TE"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "C:\\Program Files\\ICQ6\\ICQ.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
    "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
    "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "57310:TCP"= 57310:TCP:p ando P2P TCP Listening Port
    "57310:UDP"= 57310:UDP:p ando P2P UDP Listening Port

    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-13 11:30]
    R1 c2scsi;c2scsi;C:\WINDOWS\system32\drivers\c2scsi.sys [2005-05-11 08:00]
    R1 DCDisk;DCDisk;C:\WINDOWS\system32\drivers\DCDisk.sys [2007-07-28 21:12]
    R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-13 11:31]
    R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2006-10-13 18:01]
    R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 09:34]
    R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
    R2 portD;CMS PortIO Service;C:\WINDOWS\system32\DRIVERS\portd2k.sys [2004-02-23 08:40]
    R3 tenCapture;tenCapture;C:\WINDOWS\system32\DRIVERS\tenCapture.sys [2007-04-21 10:15]
    R3 VX6000;Microsoft LifeCam VX-6000;C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys [2006-10-13 18:04]
    R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 15:12]
    R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 14:30]
    S3 Droppix Service;Droppix Service;C:\Program Files\Fichiers communs\Droppix\DxService.exe [2007-09-14 10:16]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
    S4 PRISMSVC;PRISMSVC;C:\WINDOWS\system32\PRISMSVC.EXE [2004-10-04 16:12]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Nil-0iapy4pri3n#D]
    \Shell\applet\command - X:\install\autorun\autorun.exe /s
    \Shell\AutoRun\command - X:\install\autorun\autorun.exe
    \Shell\install\command - X:\setup.exe
    \Shell\readfile\command - notepad readme.txt

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \Shell\AutoRun\command - F:\MA.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83f12dad-8310-11da-af55-806d6172696f}]
    \Shell\AutoRun\command - D:\AUTORUN\AUTORUN.EXE

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

    2008-08-08 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe []
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-10 13:42:55
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-10 13:44:24
    ComboFix-quarantined-files.txt 2008-08-10 17:44:08
    ComboFix2.txt 2008-08-10 17:35:12
    ComboFix3.txt 2008-08-09 04:41:59

    Pre-Run: 110,456,881,152 octets libres
    Post-Run: 110,424,797,184 octets libres

    282 --- E O F --- 2008-08-08 03:58:52
    10 Août 2008 20:40:32


    SDFix: Version 1.214
    Run by raymond thibault on 2008-08-10 at 14:15

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\DOCUME~1\RAYMON~1.RAY\Bureau\SDFix\SDFix

    Checking Services :


    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\WINDOWS\PART0100.DAT - Deleted





    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-10 14:27:43
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:6c,da,87,0f,53,90,27,b3,36,e4,f6,7b,14,0c,f9,0b,c9,b0,5b,76,0a,..
    "p0"="C:\Program Files\DAEMON Tools\"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "khjeh"=hex:82,05,fa,07,91,a7,98,73,b1,27,ae,db,b2,5f,87,37,ed,21,6d,19,09,..
    "a0"=hex:20,01,00,00,6f,c0,d6,e8,94,9d,07,f0,83,7c,ee,85,11,8e,51,64,f1,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:40,1b,7b,da,5c,55,f8,55,99,94,e9,2e,2d,ff,a8,12,f7,07,f4,55,87,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:6c,da,87,0f,53,90,27,b3,36,e4,f6,7b,14,0c,f9,0b,c9,b0,5b,76,0a,..
    "p0"="C:\Program Files\DAEMON Tools\"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "khjeh"=hex:82,05,fa,07,91,a7,98,73,b1,27,ae,db,b2,5f,87,37,ed,21,6d,19,09,..
    "a0"=hex:20,01,00,00,6f,c0,d6,e8,94,9d,07,f0,83,7c,ee,85,11,8e,51,64,f1,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:40,1b,7b,da,5c,55,f8,55,99,94,e9,2e,2d,ff,a8,12,f7,07,f4,55,87,..

    scanning hidden registry entries ...

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.\x2550å\xa4\OpenWithProgids]
    "P%å?\xa4?_?a?u?t?o?_?f?i?l?e?"=hex(0):

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
    "C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
    "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
    "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:o rb"
    "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:o rbTray"
    "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:o rb Stream Client"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\SimpleSizer\\SimpleSizer.exe"="C:\\Program Files\\SimpleSizer\\SimpleSizer.exe:*:Enabled:SimpleSizer"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Remaining Files :


    File Backups: - C:\DOCUME~1\RAYMON~1.RAY\Bureau\SDFix\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Fri 13 May 2005 217,073 ..SHR --- "C:\WINDOWS\meta4.exe"
    Mon 24 Oct 2005 66,560 ..SHR --- "C:\WINDOWS\MOTA113.exe"
    Wed 23 Apr 2008 6,104,632 ...H. --- "C:\Program Files\Picasa2\setup.exe"
    Tue 4 Jul 2006 104 ..SHR --- "C:\WINDOWS\system32\09B324950E.sys"
    Sun 28 Jan 2007 88 ..SHR --- "C:\WINDOWS\system32\4628F0FC56.sys"
    Thu 14 Jul 2005 27,648 ..SHR --- "C:\WINDOWS\system32\AVSredirect.dll"
    Sun 26 Jun 2005 616,448 ..SHR --- "C:\WINDOWS\system32\cygwin1.dll"
    Tue 21 Jun 2005 45,568 ..SHR --- "C:\WINDOWS\system32\cygz.dll"
    Sun 25 Jan 2004 70,656 ..SHR --- "C:\WINDOWS\system32\i420vfw.dll"
    Sun 3 Aug 2008 1,420 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
    Mon 28 Feb 2005 240,128 ..SHR --- "C:\WINDOWS\system32\x.264.exe"
    Sun 25 Jan 2004 70,656 ..SHR --- "C:\WINDOWS\system32\yv12vfw.dll"
    Sat 1 Apr 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Tue 4 Dec 2007 0 ..SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Wed 30 Aug 2006 1,516 ..SHR --- "C:\Documents and Settings\raymond thibault.RAYMOND\Local Settings\Application Data\SZPSS1.DLL"
    Tue 4 Apr 2006 1,527 ..SHR --- "C:\Documents and Settings\raymond thibault.RAYMOND\Local Settings\Application Data\SZPSV1.dll"
    Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT6.tmp"
    Thu 28 Jun 2007 3,096,576 ...H. --- "C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\U3\temp\Launchpad Removal.exe"
    Tue 8 Jul 2008 4,170 A.SH. --- "C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\Roxio\Dragon\3.x\DiscInfoCache\HL-DT-ST_DVD-ROM_GDR8164B_0L06_300_DICV018_DRGV300005B.TMP"
    Tue 23 Oct 2007 4,212 ..SH. --- "C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\Roxio\Dragon\3.x\DiscInfoCache\MM7502S_SMJ232T_1.0_100_DICV018_DRGV300005B.TMP"
    Wed 2 Apr 2008 1,582 ..SH. --- "C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\Roxio\Dragon\3.x\DiscInfoCache\SanDisk_Cruzer_Slide_4.05_700_DICV018_DRGV300005B.TMP"
    Tue 23 Oct 2007 2,187 ..SH. --- "C:\Documents and Settings\raymond thibault.RAYMOND\Application Data\Roxio\Dragon\3.x\DiscInfoCache\SONY_DVD-ROM_DDU1615_FDS1_300_DICV018_DRGV300005B.TMP"

    Finished!
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:39:55, on 2008-08-10
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\system32\PRISMSVR.EXE
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
    C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\raymond thibault.RAYMOND\Mes documents\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/news?ned=fr_ca
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
    O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
    O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {1CC506A7-1B8D-11D4-BDD5-0060977007E0} (CrazyTalk Player) - http://plug-in.reallusion.com/CrazyTalk.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.c...
    O16 - DPF: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} (Photosynth Class) - http://media.labs.live.com/all/ps/_code_/Photosynth.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
    O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) - http://download.clickteam.com/vitalize3/vitalize.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: Droppix Service - Droppix - C:\Program Files\Fichiers communs\Droppix\DxService.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe (file missing)
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE
    O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 12999 bytes

    10 Août 2008 21:34:52

    re

    où en sont tes problèmes de chargement de bureau?
    10 Août 2008 22:00:01

    Je viens de réessayer, j'ai attendu environ 5 minutes mais j'ai dû passer par gestionnaire des t^ches même chose tout à l'heure en mode sans échec . ?????
    10 Août 2008 23:29:54

    Bonsoir,
    à l'achat de l,ordinateur, windows était installé et il n'y avait pas de cd. On m'a dit que c'était comme ça maintenant., alors comment faire pour réparer , je sais pas . Je vais fouiller
    Est-ce que l'ordie est maintenant libre de virus?

    merci beaucoup
    11 Août 2008 21:27:20

    bonsoir

    tu peux te faire prêter un cd, pour une réparation (pas un formatage), ça marchera. :) 

    ~Fais une analyse antivirus en ligne sur le site de Kaspersky
    http://www.kaspersky.com/kos/eng/partner/default/kavweb...

    * Clique sur Accept
    * Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
    * clique une nouvelle fois sur "Accept"
    * Les bases de mises à jour vont s'installer, patiente un moment
    * Clique sur Next.
    * Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

    Tuto du scan en ligne
    12 Août 2008 05:27:54

    KASPERSKY ONLINE SCANNER 7 REPORT
    Monday, August 11, 2008
    Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Monday, August 11, 2008 21:32:49
    Records in database: 1083444


    Scan settings
    Scan using the following database extended
    Scan archives yes
    Scan mail databases yes

    Scan area My Computer
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\
    K:\
    L:\
    M:\
    N:\
    O:\
    P:\

    Scan statistics
    Files scanned 347017
    Threat name 13
    Infected objects 20
    Suspicious objects 0
    Duration of the scan 06:54:20

    File name Threat name Threats count
    C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll/C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll Infected: not-a-virus:AdWare.Win32.Mostofate.dt 1

    C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll Infected: not-a-virus:AdWare.Win32.Mostofate.dt 1

    C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1

    C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i 1

    C:\QooBox\Quarantine\C\WINDOWS\system32\av.dat.vir Infected: Trojan-Downloader.Win32.Small.aarm 1

    C:\QooBox\Quarantine\C\WINDOWS\system32\tdssadw.dll.vir Infected: Rootkit.Win32.Clbd.hf 1

    C:\Toolbar SD\Backup-TB\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i 1

    C:\WINDOWS\system32\rnfwsprk.dll.vir Infected: Trojan.Win32.Monderb.gen 1

    M:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP512\A0145937.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au 1

    M:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP512\A0145938.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au 1

    M:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP512\A0145939.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch 1

    M:\Documents and Settings\raymond thibault.RAYMOND\Mes documents\Nero-8.1.1.4_fra_trial.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1

    M:\Documents and Settings\raymond thibault.RAYMOND\Mes documents\avatar\MSN Emoticons.Winks.Avatars.Packz.VR.6-[NoFS]\MSN.Messenger.Monitor.Sniffer.v3.5-BEAN\msnmonitor.exe Infected: not-a-virus:Monitor.Win32.MonitorSniffer.b 1

    M:\Documents and Settings\raymond thibault.RAYMOND\Mes documents\avatar\MSN Emoticons.Winks.Avatars.Packz.VR.6-[NoFS]\MsnPassWordRecovery\mspass.exe Infected: not-a-virus:p SWTool.Win32.Messen.110 1

    M:\Documents and Settings\raymond thibault.RAYMOND\Mes documents\avatar\MSN Emoticons.Winks.Avatars.Packz.VR.6-[NoFS]\MySpaceIM.Monitor.Sniffer.v1.0-BEAN\myspaceimmonitor.exe Infected: not-a-virus:Monitor.Win32.MonitorSniffer.i 1

    M:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll Infected: not-a-virus:AdWare.Win32.Mostofate.dt 1

    M:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1

    M:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i 1

    M:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i 1

    P:\mspass.zip Infected: not-a-virus:p SWTool.Win32.Messen.106 1

    The selected area was scanned.
    12 Août 2008 21:18:17

    bonsoir

    ~Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.


    Sélectionne TOUS les emplacements en gras ci-dessous :

    C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll
    C:\Toolbar SD\Backup-TB\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
    C:\WINDOWS\system32\rnfwsprk.dll.vir
    M:\Documents and Settings\raymond thibault.RAYMOND\Mes documents\Nero-8.1.1.4_fra_trial.exe
    M:\Documents and Settings\raymond thibault.RAYMOND\Mes documents\avatar\MSN Emoticons.Winks.Avatars.Packz.VR.6-[NoFS]\MSN.Messenger.Monitor.Sniffer.v3.5-BEAN\msnmonitor.exe
    M:\Documents and Settings\raymond thibault.RAYMOND\Mes documents\avatar\MSN Emoticons.Winks.Avatars.Packz.VR.6-[NoFS]\MsnPassWordRecovery\mspass.exe
    M:\Documents and Settings\raymond thibault.RAYMOND\Mes documents\avatar\MSN Emoticons.Winks.Avatars.Packz.VR.6-[NoFS]\MySpaceIM.Monitor.Sniffer.v1.0-BEAN\myspaceimmonitor.exe
    M:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    M:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll
    M:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
    P:\mspass.zip


    ---> Clique-droit puis Copier (ou Ctrl+C)

    Double-clique sur OTMoveIt.exe afin de le lancer.
    Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
    Clique maintenant sur MoveIt![/#f]

    [#ff0e00]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.

    Accepte en cliquant sur YES.

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log



    12 Août 2008 22:27:06

    C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll unregistered successfully.
    C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll moved successfully.
    DllUnregisterServer procedure not found in C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll
    C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll NOT unregistered.
    C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll moved successfully.
    DllUnregisterServer procedure not found in C:\Toolbar SD\Backup-TB\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
    C:\Toolbar SD\Backup-TB\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll NOT unregistered.
    C:\Toolbar SD\Backup-TB\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll moved successfully.
    C:\WINDOWS\system32\rnfwsprk.dll.vir moved successfully.
    M:\Documents and Settings\raymond thibault.RAYMOND\Mes documents\Nero-8.1.1.4_fra_trial.exe moved successfully.
    < M:\Documents and Settings\raymond thibault.RAYMOND\Mes documents\avatar\MSN Emoticons.Winks.Avatars.Packz.VR.6-[NoFS]\MSN.Messenger.Monitor.Sniffer.v3.5-BEAN\msnmonitor.exe >
    M:\Documents and Settings\raymond thibault.RAYMOND\Mes documents\avatar\MSN Emoticons.Winks.Avatars.Packz.VR.6-[NoFS]\MSN.Messenger.Monitor.Sniffer.v3.5-BEAN\msnmonitor.exe moved successfully.
    < M:\Documents and Settings\raymond thibault.RAYMOND\Mes documents\avatar\MSN Emoticons.Winks.Avatars.Packz.VR.6-[NoFS]\MsnPassWordRecovery\mspass.exe >
    M:\Documents and Settings\raymond thibault.RAYMOND\Mes documents\avatar\MSN Emoticons.Winks.Avatars.Packz.VR.6-[NoFS]\MsnPassWordRecovery\mspass.exe moved successfully.
    < M:\Documents and Settings\raymond thibault.RAYMOND\Mes documents\avatar\MSN Emoticons.Winks.Avatars.Packz.VR.6-[NoFS]\MySpaceIM.Monitor.Sniffer.v1.0-BEAN\myspaceimmonitor.exe >
    M:\Documents and Settings\raymond thibault.RAYMOND\Mes documents\avatar\MSN Emoticons.Winks.Avatars.Packz.VR.6-[NoFS]\MySpaceIM.Monitor.Sniffer.v1.0-BEAN\myspaceimmonitor.exe moved successfully.
    M:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll unregistered successfully.
    File move failed. M:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll scheduled to be moved on reboot.
    DllUnregisterServer procedure not found in M:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll
    M:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll NOT unregistered.
    M:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll moved successfully.
    DllUnregisterServer procedure not found in M:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
    M:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll NOT unregistered.
    M:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll moved successfully.
    P:\mspass.zip moved successfully.

    OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08122008_161424

    Files moved on Reboot...
    M:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll unregistered successfully.
    M:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll moved successfully.
    12 Août 2008 22:40:56

    comment se comporte ton pc?
    13 Août 2008 00:39:48

    Bonsoir,

    Tout semble se dérouler nnarmalement,

    Un gros merci!
    13 Août 2008 14:31:42

    re

    Supprime tous les programmes installés pour la désinfection.


    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

    ~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.

    :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS