Votre question

Problème : Virus , Popups CiD

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
22 Juin 2008 17:47:04

Bonjour

Il y a deux mois , des pages internet ont commencées a s'ouvrir toutes seules sur mon pc , commencant toutes par CiD .
J'ai fait plusieurs scan avec Avast! , mais aucun virus n'etait trouvé.
Apres 2 semaines , ces pages ont arrétées de s'afficher , et j'etais tranquille jusqu'a aujourd'hui .
Je surfais tranquillement et d'un coup , mon pc c'est mis a ramer , beaucoup de mal a ouvrir les pages internet , beaucoup de pop-ups CiD et , au bout d'un moment , affichage d'un fond d'écran bleu avec un texte en anglais comme quoi mon PC etait infecté par un spyware ainsi qu'un lien vers un site me proposant d'acheter deux sortes d'antivirus.
De plus , un panneau jaune avec point d'exclamation s'affiche régulierement a coté de l'horloge , comme quoi mon PC est infécté et que je dois acheter un spyware , toujours en anglais.

Le scan avast! n'a rien trouvé , comme la derniere fois.

Besoin d'aide SVP :( 

Autres pages sur : probleme virus popups cid

a b 8 Sécurité
22 Juin 2008 20:06:21

Bonjour,

Poste pour suivre.
Contenus similaires
22 Juin 2008 20:07:06

Voici le rapport malwarebytes :

Malwarebytes' Anti-Malware 1.18
Version de la base de données: 878

20:10:38 22/06/2008
mbam-log-6-22-2008 (20-10-29).txt

Type de recherche: Examen rapide
Eléments examinés: 58561
Temps écoulé: 15 minute(s), 1 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 5
Clé(s) du Registre infectée(s): 38
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 88

Processus mémoire infecté(s):
C:\WINDOWS\system32\iftuyszv.exe (Trojan.FakeAlert) -> No action taken.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\gmvocisl.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\khfgEXQg.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\opnomkLE.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\somgabdk.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rqRhHAPg.dll (Trojan.Vundo) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9a7f168e-dc6d-4663-8afe-02721d356c3e} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9a7f168e-dc6d-4663-8afe-02721d356c3e} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4e06327d-0415-475f-898b-6acfb316073e} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrhhapg (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1b3cb3b5-8931-4878-baf3-47e717507087} (Rogue.SpyMaxx) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bca83b3b-5d57-431e-9c04-f5a7ac4af4d7} (Rogue.SpyMaxx) -> No action taken.
HKEY_CLASSES_ROOT\sm_ie_monitor.ie_monitor (Rogue.SpyMaxx) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyMaxx (Rogue.SpyMaxx) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SpyMaxx (Rogue.SpyMaxx) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8424aefd (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4e06327d-0415-475f-898b-6acfb316073e} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpyMaxx (Rogue.SpyMaxx) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AntiSpyware\InstalledApplication (Rogue.SpyMaxx) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\Wallpaper (Hijack.Desktop) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\khfgexqg -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\iftuyszv.exe -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\khfgexqg -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,) Good: (userinit.exe) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
C:\Program Files\SpyMaxx (Rogue.SpyMaxx) -> No action taken.
C:\WINDOWS\system32\modtrux05 (Trojan.Agent) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\system32\eqygiufa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\afuigyqe.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gmvocisl.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lsicovmg.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\khfgEXQg.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gQXEgfhk.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gQXEgfhk.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\opnomkLE.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ELkmonpo.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ELkmonpo.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\somgabdk.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\kdbagmos.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rqRhHAPg.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\iftuyszv.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\SpyMaxx\config.dat (Rogue.SpyMaxx) -> No action taken.
C:\Program Files\SpyMaxx\filesbase.bin (Rogue.SpyMaxx) -> No action taken.
C:\Program Files\SpyMaxx\global_virus_table.bin (Rogue.SpyMaxx) -> No action taken.
C:\Program Files\SpyMaxx\ignoredomainsbase.bin (Rogue.SpyMaxx) -> No action taken.
C:\Program Files\SpyMaxx\ignorefilesbase.bin (Rogue.SpyMaxx) -> No action taken.
C:\Program Files\SpyMaxx\ignoreregsbase.bin (Rogue.SpyMaxx) -> No action taken.
C:\Program Files\SpyMaxx\mdReg.dll (Rogue.SpyMaxx) -> No action taken.
C:\Program Files\SpyMaxx\parser.exe (Rogue.SpyMaxx) -> No action taken.
C:\Program Files\SpyMaxx\regbase.bin (Rogue.SpyMaxx) -> No action taken.
C:\Program Files\SpyMaxx\sm_ie_monitor.dll (Rogue.SpyMaxx) -> No action taken.
C:\Program Files\SpyMaxx\SpyMaxx.exe (Rogue.SpyMaxx) -> No action taken.
C:\Program Files\SpyMaxx\SpyMaxx.exe.MANIFEST (Rogue.SpyMaxx) -> No action taken.
C:\Program Files\SpyMaxx\stat.bin (Rogue.SpyMaxx) -> No action taken.
C:\Program Files\SpyMaxx\uninstall.exe (Rogue.SpyMaxx) -> No action taken.
C:\Program Files\SpyMaxx\uninstall.log (Rogue.SpyMaxx) -> No action taken.
C:\Program Files\SpyMaxx\urlbase.bin (Rogue.SpyMaxx) -> No action taken.
C:\WINDOWS\system32\modtrux05\modtrux051080.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\explore.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\x.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\y.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\xxxvideo.hta (Trojan.Agent) -> No action taken.
C:\WINDOWS\default.htm (Trojan.Agent) -> No action taken.
C:\WINDOWS\svchost32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\loader.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\internet.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\accesss.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\astctl32.ocx (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\clrssn.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\cpan.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\ctfmon32.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\directx32.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\dnsrelay.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\editpad.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\explorer32.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\funniest.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\funny.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\gfmnaaa.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\helpcvs.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\iedll.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\inetinf.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\msspi.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\mssys.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\msupdate.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\mswsc10.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\mswsc20.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\mtwirl32.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\notepad32.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\quicken.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\rundll32.vbe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\searchword.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\svcinit.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\systeem.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\systemcritical.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\time.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\users32.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\waol.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\win32e.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\win64.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\winajbm.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\window.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\winmgnt.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\xplugin.dll (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\All Users\Bureau\SpyMaxx.lnk (Rogue.SpyMaxx) -> No action taken.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> No action taken.
a b 8 Sécurité
22 Juin 2008 20:16:40

Tu as bien supprimé les infections ?
22 Juin 2008 20:25:14

Non désolé j'avais oublié , je viens de le faire voici le nouveau rapport :

Malwarebytes' Anti-Malware 1.18
Version de la base de données: 878

20:28:31 22/06/2008
mbam-log-6-22-2008 (20-28-31).txt

Type de recherche: Examen rapide
Eléments examinés: 58561
Temps écoulé: 15 minute(s), 1 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 5
Clé(s) du Registre infectée(s): 38
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 88

Processus mémoire infecté(s):
C:\WINDOWS\system32\iftuyszv.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\gmvocisl.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\khfgEXQg.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\opnomkLE.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\somgabdk.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\rqRhHAPg.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9a7f168e-dc6d-4663-8afe-02721d356c3e} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9a7f168e-dc6d-4663-8afe-02721d356c3e} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{4e06327d-0415-475f-898b-6acfb316073e} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrhhapg (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1b3cb3b5-8931-4878-baf3-47e717507087} (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bca83b3b-5d57-431e-9c04-f5a7ac4af4d7} (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sm_ie_monitor.ie_monitor (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyMaxx (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SpyMaxx (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8424aefd (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4e06327d-0415-475f-898b-6acfb316073e} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpyMaxx (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AntiSpyware\InstalledApplication (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\Wallpaper (Hijack.Desktop) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\khfgexqg -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\iftuyszv.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\khfgexqg -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\SpyMaxx (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\modtrux05 (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\eqygiufa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\afuigyqe.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gmvocisl.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\lsicovmg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfgEXQg.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\gQXEgfhk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gQXEgfhk.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnomkLE.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ELkmonpo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ELkmonpo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\somgabdk.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\kdbagmos.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRhHAPg.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iftuyszv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\config.dat (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\filesbase.bin (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\global_virus_table.bin (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\ignoredomainsbase.bin (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\ignorefilesbase.bin (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\ignoreregsbase.bin (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\mdReg.dll (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\parser.exe (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\regbase.bin (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\sm_ie_monitor.dll (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\SpyMaxx.exe (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\SpyMaxx.exe.MANIFEST (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\stat.bin (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\uninstall.exe (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\uninstall.log (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\urlbase.bin (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\modtrux05\modtrux051080.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\x.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\y.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\xxxvideo.hta (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\default.htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\loader.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\internet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\accesss.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\astctl32.ocx (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\clrssn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\cpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ctfmon32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\directx32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\dnsrelay.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\editpad.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\explorer32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funniest.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funny.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\gfmnaaa.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\helpcvs.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\iedll.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\inetinf.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msspi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mssys.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msupdate.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc10.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc20.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mtwirl32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\notepad32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\quicken.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll32.vbe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\searchword.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\svcinit.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systeem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systemcritical.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\time.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\users32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\waol.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win32e.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win64.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winajbm.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\window.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winmgnt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\xplugin.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Bureau\SpyMaxx.lnk (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
22 Juin 2008 21:19:00

Re,

Voici le rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:22:28, on 22/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\ADS Tech\INSTANT TV PVR\Scheduled.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ADS Tech\Instant TV Remote\ADSRMT.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NI.UERSV_0001_N68M0602] "C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\M5LEJAH0\ErrorSafeScannerInstall_fr[1].exe" -nag
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\Fenpowernet.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [ADS TVR Agent] C:\Program Files\ADS Tech\INSTANT TV PVR\Scheduled.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Love default global mess] C:\Documents and Settings\All Users\Application Data\great coal love default\show gram.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tick heart] C:\DOCUME~1\UTILIS~1\APPLIC~1\TYPECA~1\toolhtm.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Registration Assassin's Creed.LNK = C:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe
O4 - Startup: Registration Silent Hunter III.LNK = C:\Program Files\Ubisoft\SilentHunterIII\Support\Register\RegistrationReminder.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\ADS Tech\Instant TV Remote\ADSRMT.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.ca...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10025 bytes
a b 8 Sécurité
22 Juin 2008 21:25:10

Re,

Télécharge Lop S&D.exe ([#ff0000]Eric_71[/#f]) sur ton Bureau.
  • Lance l'installation du programme en exécutant le fichier téléchargé.
  • Double-clique maintenant sur le raccourci de LopS&D.
  • Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
  • Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
  • Poste le rapport généré (C:\lopR.txt*)

    (Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
    * le nom de la partition peut changer
    22 Juin 2008 22:24:47

    Re ,

    Voici le rapport Lop S&D :


    -----------------------[ Lop S&D 4.2.1-7 XP/Vista ]---------------------

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : Utilisateur ] [ "C:\Lop SD" ] [ Selection : 1 ]
    [ 22/06/2008 | 22:25:23,07 ] [ PC : SY5PAC21 ]
    [ MAJ : 21-06-2008 | 15:15 ]

    -------------[ Listing des dossiers dans Application Data ]------------

    [25/12/2006|13:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [02/04/2008|16:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AutoClic
    [31/12/2004|13:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
    [26/09/2006|16:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [22/06/2008|12:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default
    [22/06/2008|19:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [09/05/2008|12:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
    [26/12/2006|13:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
    [31/05/2008|16:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [26/08/2007|18:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
    [05/10/2007|19:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
    [03/06/2006|23:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    [31/12/2004|12:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [30/12/2006|12:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    [17/06/2007|18:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [14/06/2008|17:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ubisoft
    [25/11/2006|13:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
    [31/05/2006|17:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

    [31/12/2004|12:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
    [31/12/2004|13:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
    [31/12/2004|12:46] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [31/12/2004|12:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust
    [31/12/2004|13:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [26/12/2006|12:14] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
    [31/12/2004|12:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [31/12/2004|12:48] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [13/02/2008|19:34] C:\DOCUME~1\UTILIS~1\APPLIC~1\Adobe
    [25/12/2006|13:19] C:\DOCUME~1\UTILIS~1\APPLIC~1\Apple Computer
    [10/03/2007|22:32] C:\DOCUME~1\UTILIS~1\APPLIC~1\AVSMedia
    [04/02/2008|13:20] C:\DOCUME~1\UTILIS~1\APPLIC~1\Command & Conquer 3 Les guerres du Tiberium
    [31/12/2004|13:39] C:\DOCUME~1\UTILIS~1\APPLIC~1\desktop.ini
    [28/10/2006|19:24] C:\DOCUME~1\UTILIS~1\APPLIC~1\EPSON
    [21/02/2006|19:27] C:\DOCUME~1\UTILIS~1\APPLIC~1\Google
    [23/04/2006|20:32] C:\DOCUME~1\UTILIS~1\APPLIC~1\Help
    [31/12/2004|12:46] C:\DOCUME~1\UTILIS~1\APPLIC~1\Identities
    [05/09/2007|11:37] C:\DOCUME~1\UTILIS~1\APPLIC~1\InstallShield
    [31/12/2004|12:57] C:\DOCUME~1\UTILIS~1\APPLIC~1\InterTrust
    [03/06/2006|23:08] C:\DOCUME~1\UTILIS~1\APPLIC~1\iShell
    [22/06/2008|16:47] C:\DOCUME~1\UTILIS~1\APPLIC~1\LimeWire
    [05/02/2006|11:30] C:\DOCUME~1\UTILIS~1\APPLIC~1\Macromedia
    [22/06/2008|19:53] C:\DOCUME~1\UTILIS~1\APPLIC~1\Malwarebytes
    [03/09/2006|18:12] C:\DOCUME~1\UTILIS~1\APPLIC~1\Media Player Classic
    [26/08/2007|19:09] C:\DOCUME~1\UTILIS~1\APPLIC~1\Microsoft
    [19/09/2007|18:26] C:\DOCUME~1\UTILIS~1\APPLIC~1\MSNInstaller
    [22/06/2008|20:32] C:\DOCUME~1\UTILIS~1\APPLIC~1\OpenOffice.org2
    [02/02/2008|21:10] C:\DOCUME~1\UTILIS~1\APPLIC~1\SecuROM
    [05/11/2007|11:57] C:\DOCUME~1\UTILIS~1\APPLIC~1\Shareaza
    [25/05/2008|18:57] C:\DOCUME~1\UTILIS~1\APPLIC~1\Skype
    [30/09/2007|19:44] C:\DOCUME~1\UTILIS~1\APPLIC~1\Sun
    [22/06/2008|12:24] C:\DOCUME~1\UTILIS~1\APPLIC~1\teamspeak2
    [03/06/2006|22:54] C:\DOCUME~1\UTILIS~1\APPLIC~1\The Rasmus Player
    [22/06/2008|12:14] C:\DOCUME~1\UTILIS~1\APPLIC~1\Type Camp Roam
    [14/06/2008|17:04] C:\DOCUME~1\UTILIS~1\APPLIC~1\Ubisoft
    [14/06/2008|17:36] C:\DOCUME~1\UTILIS~1\APPLIC~1\WinRAR

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [22/06/2008 22:00][--ah-----] C:\WINDOWS\tasks\AB8327249188A0A0.job
    [26/10/2007 18:38][--a------] C:\WINDOWS\tasks\LifeChatTask.job
    [18/06/2008 18:52][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
    [22/06/2008 20:31][--ah-----] C:\WINDOWS\tasks\SA.DAT

    AB8327249188A0A0.job <--> c:\docume~1\utilis~1\applic~1\typeca~1\thesectkind.exe

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [01/05/2006|20:20] C:\Program Files\Activision
    [31/12/2004|12:57] C:\Program Files\Adobe
    [10/01/2005|10:59] C:\Program Files\ADS Tech
    [09/05/2008|11:27] C:\Program Files\Alwil Software
    [10/01/2007|20:45] C:\Program Files\Apple Software Update
    [04/05/2008|19:17] C:\Program Files\AutoClic
    [10/03/2007|22:30] C:\Program Files\AVSMedia
    [15/05/2008|23:19] C:\Program Files\BitDownload
    [23/04/2006|20:32] C:\Program Files\CDisplay
    [31/12/2004|12:44] C:\Program Files\ComPlus Applications
    [03/01/2005|16:01] C:\Program Files\Cr‚ez votre site Web
    [23/11/2007|16:42] C:\Program Files\DivX
    [26/12/2006|12:15] C:\Program Files\DMSetup.exe
    [17/03/2006|11:30] C:\Program Files\EA GAMES
    [02/02/2008|19:12] C:\Program Files\Electronic Arts
    [25/11/2006|13:16] C:\Program Files\EPSON
    [03/01/2005|16:01] C:\Program Files\FenAffiche
    [20/05/2008|14:33] C:\Program Files\Fichiers communs
    [17/06/2007|18:59] C:\Program Files\Game Cam v1.4
    [29/05/2008|17:48] C:\Program Files\Google
    [31/12/2004|12:52] C:\Program Files\HighMAT CD Writing Wizard
    [14/06/2008|16:08] C:\Program Files\InstallShield Installation Information
    [31/12/2004|13:00] C:\Program Files\Intel
    [11/06/2008|23:53] C:\Program Files\Internet Explorer
    [28/03/2007|19:08] C:\Program Files\iPod
    [25/12/2006|15:32] C:\Program Files\iPodSetup.exe
    [05/10/2006|19:02] C:\Program Files\IrfanView
    [28/03/2007|19:09] C:\Program Files\iTunes
    [25/12/2006|14:58] C:\Program Files\iTunesSetup.exe
    [30/09/2007|19:46] C:\Program Files\Java
    [30/08/2006|16:48] C:\Program Files\K-Lite Codec Pack
    [01/05/2008|11:39] C:\Program Files\LimeWire
    [14/07/2007|16:36] C:\Program Files\LucasArts
    [22/06/2008|20:09] C:\Program Files\Malwarebytes' Anti-Malware
    [13/06/2006|20:57] C:\Program Files\Maxis
    [30/06/2007|18:08] C:\Program Files\Messenger
    [31/12/2004|12:46] C:\Program Files\microsoft frontpage
    [04/11/2007|16:38] C:\Program Files\Microsoft Games
    [17/04/2008|19:09] C:\Program Files\Microsoft IntelliPoint
    [30/06/2007|18:08] C:\Program Files\Movie Maker
    [04/06/2006|21:24] C:\Program Files\MP3 Player Utilities
    [20/05/2008|14:26] C:\Program Files\MP3 Remix
    [26/05/2007|17:54] C:\Program Files\MSN
    [04/02/2006|17:23] C:\Program Files\MSN Apps
    [31/12/2004|12:43] C:\Program Files\MSN Gaming Zone
    [08/02/2008|15:04] C:\Program Files\MSN Messenger
    [19/11/2006|20:58] C:\Program Files\MSXML 4.0
    [17/10/2007|14:14] C:\Program Files\NETGEAR
    [30/06/2007|18:01] C:\Program Files\NetMeeting
    [19/09/2007|16:09] C:\Program Files\Neuf
    [31/12/2004|12:43] C:\Program Files\Online Services
    [30/09/2007|19:47] C:\Program Files\OpenOffice.org 2.3
    [30/06/2007|18:01] C:\Program Files\Outlook Express
    [15/05/2008|23:20] C:\Program Files\pfoc
    [31/12/2004|12:52] C:\Program Files\Phoenix Technologies Ltd
    [31/12/2004|13:48] C:\Program Files\Pinnacle
    [28/03/2007|18:58] C:\Program Files\QuickTime
    [27/11/2006|22:46] C:\Program Files\SEGA
    [31/12/2004|12:44] C:\Program Files\Services en ligne
    [25/12/2006|14:04] C:\Program Files\Shareaza_2.2.3.0.exe
    [30/12/2006|12:33] C:\Program Files\Skype
    [11/05/2008|00:09] C:\Program Files\Steam
    [14/06/2008|01:43] C:\Program Files\Teamspeak2_RC2
    [22/06/2008|21:21] C:\Program Files\Trend Micro
    [22/06/2008|12:10] C:\Program Files\Type Camp Roam
    [14/06/2008|16:08] C:\Program Files\Ubisoft
    [31/12/2004|12:49] C:\Program Files\Uninstall Information
    [04/02/2006|16:49] C:\Program Files\USB Driver-Express
    [31/12/2004|13:31] C:\Program Files\VIA
    [31/03/2006|21:08] C:\Program Files\Vimicro
    [04/11/2006|12:31] C:\Program Files\Vstep
    [17/06/2008|17:31] C:\Program Files\Warcraft III
    [31/12/2004|12:49] C:\Program Files\Windows Journal Viewer
    [14/12/2006|22:43] C:\Program Files\Windows Media Connect
    [13/01/2007|21:48] C:\Program Files\Windows Media Connect 2
    [30/06/2007|18:08] C:\Program Files\Windows Media Player
    [30/06/2007|18:01] C:\Program Files\Windows NT
    [31/12/2004|12:44] C:\Program Files\WindowsUpdate
    [14/06/2008|17:32] C:\Program Files\WinRAR
    [08/06/2008|00:43] C:\Program Files\World of Warcraft
    [05/04/2008|19:05] C:\Program Files\WowCartographe
    [31/12/2004|12:46] C:\Program Files\xerox

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    [31/12/2004|12:57] C:\Program Files\Fichiers communs\Adobe
    [15/05/2008|23:22] C:\Program Files\Fichiers communs\AVSMedia
    [23/12/2006|19:04] C:\Program Files\Fichiers communs\Blizzard Entertainment
    [31/12/2004|13:50] C:\Program Files\Fichiers communs\Fellowes
    [29/03/2006|21:41] C:\Program Files\Fichiers communs\InstallShield
    [30/09/2007|19:44] C:\Program Files\Fichiers communs\Java
    [19/09/2007|18:25] C:\Program Files\Fichiers communs\Microsoft Shared
    [31/12/2004|12:44] C:\Program Files\Fichiers communs\MSSoap
    [31/12/2004|13:39] C:\Program Files\Fichiers communs\ODBC
    [31/12/2004|12:44] C:\Program Files\Fichiers communs\Services
    [30/12/2006|12:33] C:\Program Files\Fichiers communs\Skype
    [31/12/2004|13:39] C:\Program Files\Fichiers communs\SpeechEngines
    [30/06/2007|18:01] C:\Program Files\Fichiers communs\System

    ---------------------------[ Process ]--------------------------

    ... 50

    iexplore.exe ~ [1604]
    iexplore.exe ~ [1896]
    iexplore.exe ~ [4064]

    ----------------------[ Recherche avec S_Lop ]---------------------

    C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\bis24.exe
    C:\DOCUME~1\UTILIS~1\APPLIC~1\TYPECA~1
    C:\DOCUME~1\UTILIS~1\APPLIC~1\TYPECA~1\hqwcfmli.exe
    C:\DOCUME~1\UTILIS~1\APPLIC~1\TYPECA~1\lcdlwwqe.exe
    C:\DOCUME~1\UTILIS~1\APPLIC~1\TYPECA~1\mnhvvwjx.exe
    C:\DOCUME~1\UTILIS~1\APPLIC~1\TYPECA~1\the sect kind.exe
    C:\DOCUME~1\UTILIS~1\APPLIC~1\TYPECA~1\toolhtm.exe

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default\show gram.exe
    C:\DOCUME~1\UTILIS~1\APPLIC~1\typeca~1
    C:\DOCUME~1\UTILIS~1\APPLIC~1\typeca~1\hqwcfmli.exe
    C:\DOCUME~1\UTILIS~1\APPLIC~1\typeca~1\lcdlwwqe.exe
    C:\DOCUME~1\UTILIS~1\APPLIC~1\typeca~1\mnhvvwjx.exe
    C:\DOCUME~1\UTILIS~1\APPLIC~1\typeca~1\the sect kind.exe
    C:\DOCUME~1\UTILIS~1\APPLIC~1\typeca~1\toolhtm.exe
    C:\Program Files\typeca~1
    C:\Program Files\Bitdownload
    C:\WINDOWS\Prefetch\SHOW GRAM.EXE-0BD0526E.pf
    C:\WINDOWS\Prefetch\LCDLWWQE.EXE-23E633ED.pf
    C:\WINDOWS\Prefetch\THE SECT KIND.EXE-0141F8CF.pf
    C:\WINDOWS\Prefetch\TOOLHTM.EXE-033F0AD0.pf
    C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@www.adserver5[2].txt
    C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@adultfriendfinder[1].txt
    C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@adin.bigpoint[1].txt
    C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@bigpoint[2].txt
    C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@bigpoint[3].txt
    C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@fr1.darkorbit.bigpoint[2].txt
    C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@fr1.seafight.bigpoint[2].txt
    C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@www.bigpoint[1].txt
    C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@banner.casinoking[2].txt
    C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@casinoking[2].txt
    C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@banner.cotedazurpalace[2].txt
    C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@cotedazurpalace[2].txt
    C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@adopt.euroclick[2].txt
    C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@pacificpoker[1].txt
    C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@partygaming.122.2o7[1].txt
    C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@partypoker[2].txt
    C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@fr1.seafight.bigpoint[2].txt
    C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@32vegas[1].txt
    C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@banner.32vegas[2].txt
    C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@2xmoinscher[1].txt
    C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@cc.2xmoinscher[1].txt
    C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@www.2xmoinscher[1].txt
    C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@rakoonz.free[1].txt
    C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@eurogrand[7].txt
    C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@888[1].txt
    C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@888[2].txt
    C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@www.888casino[1].txt
    C:\WINDOWS\Tasks\AB8327249188A0A0.job

    ----------------------[ Verification du Registre ]----------------------

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\About book title]
    "DisplayName"="CiD Help"
    "UninstallString"="C:\\DOCUME~1\\UTILIS~1\\APPLIC~1\\TYPECA~1\\toolhtm.exe -uninstall"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Tick heart"="C:\\DOCUME~1\\UTILIS~1\\APPLIC~1\\TYPECA~1\\toolhtm.exe"
    "Tick heart"="C:\\DOCUME~1\\UTILIS~1\\APPLIC~1\\TYPECA~1\\toolhtm.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Love default global mess"="C:\\Documents and Settings\\All Users\\Application Data\\great coal love default\\show gram.exe"

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-22 22:26:38
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------


    Aucune autre infection trouvée !

    [F:2382][D:255]-> C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp
    [F:2426][D:0]-> C:\DOCUME~1\UTILIS~1\Cookies
    [F:17125][D:28]-> C:\DOCUME~1\UTILIS~1\LOCALS~1\TEMPOR~1\content.IE5

    --------------------[ Fin du rapport a 22:28:21,89 ]----------------------
    a b 8 Sécurité
    23 Juin 2008 12:33:27

    Un peu de patience ? :) 

    Relance Lop S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
    [#ff0000]! Ne ferme pas la fenêtre lors de la suppression ! [/#f]
    Un rapport sera généré, poste son contenu ici.

    NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
    Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
    Tape explorer puis valide.
    23 Juin 2008 14:55:15

    voici le nouveau rapport :


    -----------------------[ Lop S&D 4.2.1-7 XP/Vista ]---------------------

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : Utilisateur ] [ "C:\Lop SD" ] [ Selection : 2 ]
    [ 23/06/2008 | 14:55:13,67 ] [ PC : SY5PAC21 ]
    [ MAJ : 21-06-2008 | 15:15 ]


    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default\show gram.exe
    Supprime! - C:\DOCUME~1\UTILIS~1\APPLIC~1\typeca~1\hqwcfmli.exe
    Supprime! - C:\DOCUME~1\UTILIS~1\APPLIC~1\typeca~1\lcdlwwqe.exe
    Supprime! - C:\DOCUME~1\UTILIS~1\APPLIC~1\typeca~1\mnhvvwjx.exe
    Supprime! - C:\DOCUME~1\UTILIS~1\APPLIC~1\typeca~1\the sect kind.exe
    Supprime! - C:\DOCUME~1\UTILIS~1\APPLIC~1\typeca~1\toolhtm.exe
    Supprime! - C:\WINDOWS\Prefetch\SHOW GRAM.EXE-0BD0526E.pf
    Supprime! - C:\WINDOWS\Prefetch\THE SECT KIND.EXE-0141F8CF.pf
    Supprime! - C:\WINDOWS\Prefetch\TOOLHTM.EXE-033F0AD0.pf
    Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@www.adserver5[2].txt
    Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@adultfriendfinder[1].txt
    Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@adin.bigpoint[1].txt
    Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@bigpoint[2].txt
    Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@bigpoint[3].txt
    Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@fr1.darkorbit.bigpoint[2].txt
    Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@fr1.seafight.bigpoint[2].txt
    Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@www.bigpoint[1].txt
    Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@banner.casinoking[2].txt
    Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@casinoking[2].txt
    Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@banner.cotedazurpalace[2].txt
    Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@cotedazurpalace[2].txt
    Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@pacificpoker[1].txt
    Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@partygaming.122.2o7[1].txt
    Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@partypoker[2].txt
    Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@banner.32vegas[2].txt
    Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@2xmoinscher[1].txt
    Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@cc.2xmoinscher[1].txt
    Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@www.2xmoinscher[1].txt
    Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@rakoonz.free[1].txt
    Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@eurogrand[7].txt
    Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@888[1].txt
    Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@888[2].txt
    Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@www.888casino[1].txt
    Supprime! - C:\WINDOWS\Tasks\AB8327249188A0A0.job
    Supprime! - C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\bis24.exe
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default
    Supprime! - C:\DOCUME~1\UTILIS~1\APPLIC~1\typeca~1
    Supprime! - C:\Program Files\typeca~1
    Supprime! - C:\Program Files\Bitdownload

    //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    -------------[ Listing des dossiers dans Application Data ]------------

    [25/12/2006|13:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [02/04/2008|16:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AutoClic
    [31/12/2004|13:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
    [26/09/2006|16:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [22/06/2008|19:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [09/05/2008|12:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
    [26/12/2006|13:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
    [31/05/2008|16:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [26/08/2007|18:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
    [05/10/2007|19:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
    [03/06/2006|23:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    [31/12/2004|12:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [30/12/2006|12:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    [17/06/2007|18:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [14/06/2008|17:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ubisoft
    [25/11/2006|13:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
    [31/05/2006|17:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

    [31/12/2004|12:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
    [31/12/2004|13:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
    [31/12/2004|12:46] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [31/12/2004|12:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust
    [31/12/2004|13:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [26/12/2006|12:14] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
    [31/12/2004|12:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [31/12/2004|12:48] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [13/02/2008|19:34] C:\DOCUME~1\UTILIS~1\APPLIC~1\Adobe
    [25/12/2006|13:19] C:\DOCUME~1\UTILIS~1\APPLIC~1\Apple Computer
    [10/03/2007|22:32] C:\DOCUME~1\UTILIS~1\APPLIC~1\AVSMedia
    [04/02/2008|13:20] C:\DOCUME~1\UTILIS~1\APPLIC~1\Command & Conquer 3 Les guerres du Tiberium
    [31/12/2004|13:39] C:\DOCUME~1\UTILIS~1\APPLIC~1\desktop.ini
    [28/10/2006|19:24] C:\DOCUME~1\UTILIS~1\APPLIC~1\EPSON
    [21/02/2006|19:27] C:\DOCUME~1\UTILIS~1\APPLIC~1\Google
    [23/04/2006|20:32] C:\DOCUME~1\UTILIS~1\APPLIC~1\Help
    [31/12/2004|12:46] C:\DOCUME~1\UTILIS~1\APPLIC~1\Identities
    [05/09/2007|11:37] C:\DOCUME~1\UTILIS~1\APPLIC~1\InstallShield
    [31/12/2004|12:57] C:\DOCUME~1\UTILIS~1\APPLIC~1\InterTrust
    [03/06/2006|23:08] C:\DOCUME~1\UTILIS~1\APPLIC~1\iShell
    [22/06/2008|16:47] C:\DOCUME~1\UTILIS~1\APPLIC~1\LimeWire
    [05/02/2006|11:30] C:\DOCUME~1\UTILIS~1\APPLIC~1\Macromedia
    [22/06/2008|19:53] C:\DOCUME~1\UTILIS~1\APPLIC~1\Malwarebytes
    [03/09/2006|18:12] C:\DOCUME~1\UTILIS~1\APPLIC~1\Media Player Classic
    [26/08/2007|19:09] C:\DOCUME~1\UTILIS~1\APPLIC~1\Microsoft
    [19/09/2007|18:26] C:\DOCUME~1\UTILIS~1\APPLIC~1\MSNInstaller
    [23/06/2008|09:51] C:\DOCUME~1\UTILIS~1\APPLIC~1\OpenOffice.org2
    [02/02/2008|21:10] C:\DOCUME~1\UTILIS~1\APPLIC~1\SecuROM
    [05/11/2007|11:57] C:\DOCUME~1\UTILIS~1\APPLIC~1\Shareaza
    [25/05/2008|18:57] C:\DOCUME~1\UTILIS~1\APPLIC~1\Skype
    [30/09/2007|19:44] C:\DOCUME~1\UTILIS~1\APPLIC~1\Sun
    [22/06/2008|12:24] C:\DOCUME~1\UTILIS~1\APPLIC~1\teamspeak2
    [03/06/2006|22:54] C:\DOCUME~1\UTILIS~1\APPLIC~1\The Rasmus Player
    [14/06/2008|17:04] C:\DOCUME~1\UTILIS~1\APPLIC~1\Ubisoft
    [14/06/2008|17:36] C:\DOCUME~1\UTILIS~1\APPLIC~1\WinRAR

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [26/10/2007 18:38][--a------] C:\WINDOWS\tasks\LifeChatTask.job
    [18/06/2008 18:52][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
    [23/06/2008 09:50][--ah-----] C:\WINDOWS\tasks\SA.DAT

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [01/05/2006|20:20] C:\Program Files\Activision
    [31/12/2004|12:57] C:\Program Files\Adobe
    [10/01/2005|10:59] C:\Program Files\ADS Tech
    [09/05/2008|11:27] C:\Program Files\Alwil Software
    [10/01/2007|20:45] C:\Program Files\Apple Software Update
    [04/05/2008|19:17] C:\Program Files\AutoClic
    [10/03/2007|22:30] C:\Program Files\AVSMedia
    [23/04/2006|20:32] C:\Program Files\CDisplay
    [31/12/2004|12:44] C:\Program Files\ComPlus Applications
    [03/01/2005|16:01] C:\Program Files\Cr‚ez votre site Web
    [23/11/2007|16:42] C:\Program Files\DivX
    [26/12/2006|12:15] C:\Program Files\DMSetup.exe
    [17/03/2006|11:30] C:\Program Files\EA GAMES
    [02/02/2008|19:12] C:\Program Files\Electronic Arts
    [25/11/2006|13:16] C:\Program Files\EPSON
    [03/01/2005|16:01] C:\Program Files\FenAffiche
    [20/05/2008|14:33] C:\Program Files\Fichiers communs
    [17/06/2007|18:59] C:\Program Files\Game Cam v1.4
    [29/05/2008|17:48] C:\Program Files\Google
    [31/12/2004|12:52] C:\Program Files\HighMAT CD Writing Wizard
    [14/06/2008|16:08] C:\Program Files\InstallShield Installation Information
    [31/12/2004|13:00] C:\Program Files\Intel
    [11/06/2008|23:53] C:\Program Files\Internet Explorer
    [28/03/2007|19:08] C:\Program Files\iPod
    [25/12/2006|15:32] C:\Program Files\iPodSetup.exe
    [05/10/2006|19:02] C:\Program Files\IrfanView
    [28/03/2007|19:09] C:\Program Files\iTunes
    [25/12/2006|14:58] C:\Program Files\iTunesSetup.exe
    [30/09/2007|19:46] C:\Program Files\Java
    [30/08/2006|16:48] C:\Program Files\K-Lite Codec Pack
    [01/05/2008|11:39] C:\Program Files\LimeWire
    [14/07/2007|16:36] C:\Program Files\LucasArts
    [22/06/2008|20:09] C:\Program Files\Malwarebytes' Anti-Malware
    [13/06/2006|20:57] C:\Program Files\Maxis
    [30/06/2007|18:08] C:\Program Files\Messenger
    [31/12/2004|12:46] C:\Program Files\microsoft frontpage
    [04/11/2007|16:38] C:\Program Files\Microsoft Games
    [17/04/2008|19:09] C:\Program Files\Microsoft IntelliPoint
    [30/06/2007|18:08] C:\Program Files\Movie Maker
    [04/06/2006|21:24] C:\Program Files\MP3 Player Utilities
    [20/05/2008|14:26] C:\Program Files\MP3 Remix
    [26/05/2007|17:54] C:\Program Files\MSN
    [04/02/2006|17:23] C:\Program Files\MSN Apps
    [31/12/2004|12:43] C:\Program Files\MSN Gaming Zone
    [08/02/2008|15:04] C:\Program Files\MSN Messenger
    [19/11/2006|20:58] C:\Program Files\MSXML 4.0
    [17/10/2007|14:14] C:\Program Files\NETGEAR
    [30/06/2007|18:01] C:\Program Files\NetMeeting
    [19/09/2007|16:09] C:\Program Files\Neuf
    [31/12/2004|12:43] C:\Program Files\Online Services
    [30/09/2007|19:47] C:\Program Files\OpenOffice.org 2.3
    [30/06/2007|18:01] C:\Program Files\Outlook Express
    [15/05/2008|23:20] C:\Program Files\pfoc
    [31/12/2004|12:52] C:\Program Files\Phoenix Technologies Ltd
    [31/12/2004|13:48] C:\Program Files\Pinnacle
    [28/03/2007|18:58] C:\Program Files\QuickTime
    [27/11/2006|22:46] C:\Program Files\SEGA
    [31/12/2004|12:44] C:\Program Files\Services en ligne
    [25/12/2006|14:04] C:\Program Files\Shareaza_2.2.3.0.exe
    [30/12/2006|12:33] C:\Program Files\Skype
    [11/05/2008|00:09] C:\Program Files\Steam
    [14/06/2008|01:43] C:\Program Files\Teamspeak2_RC2
    [22/06/2008|21:21] C:\Program Files\Trend Micro
    [14/06/2008|16:08] C:\Program Files\Ubisoft
    [31/12/2004|12:49] C:\Program Files\Uninstall Information
    [04/02/2006|16:49] C:\Program Files\USB Driver-Express
    [31/12/2004|13:31] C:\Program Files\VIA
    [31/03/2006|21:08] C:\Program Files\Vimicro
    [04/11/2006|12:31] C:\Program Files\Vstep
    [23/06/2008|14:26] C:\Program Files\Warcraft III
    [31/12/2004|12:49] C:\Program Files\Windows Journal Viewer
    [14/12/2006|22:43] C:\Program Files\Windows Media Connect
    [13/01/2007|21:48] C:\Program Files\Windows Media Connect 2
    [30/06/2007|18:08] C:\Program Files\Windows Media Player
    [30/06/2007|18:01] C:\Program Files\Windows NT
    [31/12/2004|12:44] C:\Program Files\WindowsUpdate
    [14/06/2008|17:32] C:\Program Files\WinRAR
    [08/06/2008|00:43] C:\Program Files\World of Warcraft
    [05/04/2008|19:05] C:\Program Files\WowCartographe
    [31/12/2004|12:46] C:\Program Files\xerox

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    [31/12/2004|12:57] C:\Program Files\Fichiers communs\Adobe
    [15/05/2008|23:22] C:\Program Files\Fichiers communs\AVSMedia
    [23/12/2006|19:04] C:\Program Files\Fichiers communs\Blizzard Entertainment
    [31/12/2004|13:50] C:\Program Files\Fichiers communs\Fellowes
    [29/03/2006|21:41] C:\Program Files\Fichiers communs\InstallShield
    [30/09/2007|19:44] C:\Program Files\Fichiers communs\Java
    [19/09/2007|18:25] C:\Program Files\Fichiers communs\Microsoft Shared
    [31/12/2004|12:44] C:\Program Files\Fichiers communs\MSSoap
    [31/12/2004|13:39] C:\Program Files\Fichiers communs\ODBC
    [31/12/2004|12:44] C:\Program Files\Fichiers communs\Services
    [30/12/2006|12:33] C:\Program Files\Fichiers communs\Skype
    [31/12/2004|13:39] C:\Program Files\Fichiers communs\SpeechEngines
    [30/06/2007|18:01] C:\Program Files\Fichiers communs\System

    ---------------------------[ Process ]--------------------------

    ... 47

    ... OK !

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@adopt.euroclick[1].txt
    C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@32vegas[2].txt

    ----------------------[ Verification du Registre ]----------------------

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-23 14:56:58
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------


    Aucune autre infection trouvée !

    [F:2378][D:255]-> C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp
    [F:2406][D:0]-> C:\DOCUME~1\UTILIS~1\Cookies
    [F:17296][D:28]-> C:\DOCUME~1\UTILIS~1\LOCALS~1\TEMPOR~1\content.IE5

    --------------------[ Fin du rapport a 14:58:16,21 ]----------------------
    a b 8 Sécurité
    23 Juin 2008 14:57:17

    Reposte un rapport Hijackthis.
    23 Juin 2008 16:45:34

    Voila :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:49:27, on 23/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
    C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\VM303_STI.EXE
    C:\Program Files\ADS Tech\INSTANT TV PVR\Scheduled.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
    C:\Program Files\ADS Tech\Instant TV Remote\ADSRMT.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Teamspeak2_RC2\TeamspeakHack.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gophersearch.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [NI.UERSV_0001_N68M0602] "C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\M5LEJAH0\ErrorSafeScannerInstall_fr[1].exe" -nag
    O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
    O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\Fenpowernet.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
    O4 - HKLM\..\Run: [ADS TVR Agent] C:\Program Files\ADS Tech\INSTANT TV PVR\Scheduled.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
    O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Startup: Registration Assassin's Creed.LNK = C:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe
    O4 - Startup: Registration Silent Hunter III.LNK = C:\Program Files\Ubisoft\SilentHunterIII\Support\Register\RegistrationReminder.exe
    O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
    O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\ADS Tech\Instant TV Remote\ADSRMT.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.ca...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 9709 bytes
    a b 8 Sécurité
    23 Juin 2008 16:52:56

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS