Se connecter / S'enregistrer
Votre question

help cheval de troie et autre RESOLU

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
17 Avril 2008 19:00:24

Bonjour,

Avast me détecte un cheval de troie sur :

C:\WINDOWS\SYSTEM32\WVUNMKAX.DLL

Win32:tratBHO [trj]

avast ne peut pas le mettre en quarantaine car il dit que le fichier est utilisé.

Je ne sait pas quoi faire de plus je n'arrive pas a désinfecter mon PC qui me met souvent des alertes (bidons je suppose) pour me dire justement qu'il est infecté.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:56, on 2008-04-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Documents and Settings\All Users\Application Data\bybmpqhq\vinyjkvk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sonic\Sonic Solutions Product CD\Media Experience\DMXLauncher.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ryfufuxm.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Casino\BetClic Poker\poker.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\sbsm.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\sbsm.exe
C:\Casino\BetClic Poker\poker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {150B0CB9-8CC5-4C31-B100-35FA6476BF71} - C:\WINDOWS\system32\fccdbcCU.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {47B8F5D3-408E-426E-A415-80D144A3AC4E} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {613BD612-755E-4AE5-923F-37A20D069DF4} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A98D0065-7326-41B5-B8D9-C5B692CDB82F} - C:\WINDOWS\system32\wvUnmKax.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {F6A3CF07-ABE7-476E-9BE0-F2DF48ED63F8} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {49D8D988-6D77-4E24-8A27-914FBCCC782F} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Sonic\Sonic Solutions Product CD\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ppzpmgnb] C:\WINDOWS\system32\ryfufuxm.exe
O4 - HKLM\..\Policies\Explorer\Run: [DSYeLhBCJX] C:\Documents and Settings\All Users\Application Data\bybmpqhq\vinyjkvk.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-3361232125-835192129-3529576560-1005\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-3361232125-835192129-3529576560-1005\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-3361232125-835192129-3529576560-1005\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (User '?')
O4 - HKUS\S-1-5-21-3361232125-835192129-3529576560-1005\..\Run: [ppzpmgnb] C:\WINDOWS\system32\ryfufuxm.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Farm Frenzy\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Farm Frenzy\Images\armhelper.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: wvUnmKax - C:\WINDOWS\SYSTEM32\wvUnmKax.dll
O21 - SSODL: AvpUnknown - {80b16cef-1d34-45a6-8361-48947811abf6} - C:\WINDOWS\Resources\AvpUnknown.dll
O21 - SSODL: CheckWin - {ce413333-792c-4a67-a821-6f5fa41f5bbf} - C:\WINDOWS\Resources\CheckWin.dll
O22 - SharedTaskScheduler: exegeses - {db763ed8-100a-481b-8913-50a2f41dcdc3} - C:\WINDOWS\system32\bubbj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 14509 bytes




merci de votre aide

Autres pages sur : help cheval troie resolu

17 Avril 2008 19:04:14

:hello: 

Tu es infecté(e) par "Vundo". Supprime tous les cracks de ton PC s'ils sont présents car sinon ils relanceront l'infection.


Télécharge Vundofix (par Atribune) sur ton Bureau.

  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

    Note:
    Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-dessus, à partir de "clique sur le bouton Scan for Vundo".

    N.B : Il se peut que vundofix ne détecte rien, dans ce cas-là pas de rapport nécessaire, dis-moi juste qu'il n'a rien trouvé.

    ;) 
    18 Avril 2008 12:31:20

    voila... je suis désolé pour le temps de réponse mais mon PC rame, j'ai vraiment eu du mal.

    J'ai toujours une alerte, mais ça semble aller un peu mieux...


    VundoFix V7.0.3

    Scan started at 21:33:37 2008-04-18

    Listing files found while scanning....

    C:\WINDOWS\system32\mshoamgs.ini
    C:\WINDOWS\system32\sgmaohsm.dll

    VundoFix V7.0.3

    Scan started at 02:20:05 2008-04-19

    Listing files found while scanning....


    Beginning removal...

    Performing Repairs to the registry.
    Done!



    Logfile of HijackThis v1.99.1
    Scan saved at 12:28, on 2008-04-19
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\NetProject\scit.exe
    C:\Program Files\NetProject\sbmntr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\NetProject\sbsm.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Sonic\Sonic Solutions Product CD\Media Experience\DMXLauncher.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Creative\Mixer\CTSVolFE.exe
    C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\DNA\btdna.exe
    C:\WINDOWS\system32\ryfufuxm.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Documents and Settings\moumoune.WESHWESH\Mes documents\Applications\VundoFix.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\DOCUME~1\MOUMOU~1.WES\LOCALS~1\Temp\Rar$EX00.500\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://secure.caramail.lycos.fr/services/signin/mail.js...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {150B0CB9-8CC5-4C31-B100-35FA6476BF71} - (no file)
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {47B8F5D3-408E-426E-A415-80D144A3AC4E} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: (no name) - {613BD612-755E-4AE5-923F-37A20D069DF4} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {A98D0065-7326-41B5-B8D9-C5B692CDB82F} - C:\WINDOWS\system32\wvUnmKax.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {BC92A60F-68C9-4B56-97CE-447ED4CD0BB9} - C:\WINDOWS\system32\fccdbcCU.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: (no name) - {F6A3CF07-ABE7-476E-9BE0-F2DF48ED63F8} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: (no name) - {49D8D988-6D77-4E24-8A27-914FBCCC782F} - (no file)
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Sonic\Sonic Solutions Product CD\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [ppzpmgnb] C:\WINDOWS\system32\ryfufuxm.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Farm Frenzy\Images\stg_drm.ocx
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Farm Frenzy\Images\armhelper.ocx
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: ComPlusSetup - C:\WINDOWS\
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: wvUnmKax - wvUnmKax.dll (file missing)
    O21 - SSODL: AvpUnknown - {80b16cef-1d34-45a6-8361-48947811abf6} - C:\WINDOWS\Resources\AvpUnknown.dll
    O21 - SSODL: CheckWin - {ce413333-792c-4a67-a821-6f5fa41f5bbf} - C:\WINDOWS\Resources\CheckWin.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe


    Contenus similaires
    18 Avril 2008 12:34:51

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    ;) 
    18 Avril 2008 12:51:04

    j'ai refais un scan vundofix car je n'était pas sure d'avoir vraiment supprimé les fichiers, voici le rapport pendant que j'execute MBAM:


    VundoFix V7.0.3

    Scan started at 12:25:34 2008-04-19

    Listing files found while scanning....

    C:\WINDOWS\system32\mshoamgs.ini
    C:\WINDOWS\system32\sgmaohsm.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\mshoamgs.ini
    C:\WINDOWS\system32\mshoamgs.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\sgmaohsm.dll
    C:\WINDOWS\system32\sgmaohsm.dll Has been deleted!

    Performing Repairs to the registry.
    Done!
    18 Avril 2008 17:30:23

    voila! rien que ça...


    Malwarebytes' Anti-Malware 1.11
    Version de la base de données: 599

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 108299
    Temps écoulé: 1 hour(s), 56 minute(s), 51 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 27
    Valeur(s) du Registre infectée(s): 6
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 11
    Fichier(s) infecté(s): 314

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\fccdbcCU.dll (Trojan.Vundo) -> Unloaded module successfully.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14f48f5e-a133-438c-bc0f-c96c0023a3b8} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{14f48f5e-a133-438c-bc0f-c96c0023a3b8} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{7c109800-a5d5-438f-9640-18d17e168b88} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c109800-a5d5-438f-9640-18d17e168b88} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{db763ed8-100a-481b-8913-50a2f41dcdc3} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\AdvRemoteDbg (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Mirar (AdWare.Mirar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\some (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{db763ed8-100a-481b-8913-50a2f41dcdc3} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ppzpmgnb (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\DSYeLhBCJX (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\fccdbccu -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Program Files\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Casino (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\logs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\sfx (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    C:\Program Files\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\fccdbcCU.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\UCcbdccf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\UCcbdccf.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jqrqvlyq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qylvqrqj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rhcarijp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pjirachr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sexjhjew.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wejhjxes.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\NetProject\sbmdl.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Program Files\NetProject\sbmntr.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Program Files\NetProject\sbsm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Program Files\NetProject\scit.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bubbj.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ryfufuxm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\bybmpqhq\vinyjkvk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP78\A0027180.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP78\A0027181.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ferqbots.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hqnoduni.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\blackjack.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\browser.exe (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\cacerts.crt (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\cam.cas (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\cardlib.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\common.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\creditdebit.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\db.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\devlib.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\devlibcomm.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\filemap.lst (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\fivecard.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\games.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\gsid.txt (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\id.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\INSTALL.LOG (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\languages.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\libeay32.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\licens.txt (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\mfc80.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\microsoft.vc80.crt.manifest (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\microsoft.vc80.mfc.manifest (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\modstatus.lst (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\mp3dec.asi (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\mss32.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\msvcp80.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\msvcr80.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\navigator.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\omaha.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\options.cfg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\poker.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\poker.exe (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\sc.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\shfolder.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\srvmap.lst (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\ssleay32.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\texas.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\UNWISE.EXE (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\UNWISE.INI (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\update.exe (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\vistaelevator.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xml.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\0.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\1.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\10.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\11.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\12.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\13.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\14.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\15.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\16.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\17.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\18.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\19.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\2.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\20.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\21.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\22.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\23.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\24.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\25.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\26.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\27.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\28.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\29.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\3.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\30.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\31.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\32.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\33.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\34.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\35.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\36.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\37.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\38.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\39.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\4.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\40.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\41.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\42.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\43.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\44.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\45.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\46.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\47.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\48.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\49.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\5.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\50.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\51.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\6.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\7.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\8.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\9.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\allin_popup.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\allin_popup_mini.png (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\archive.xsl (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\archive_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\avatar.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\b.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\base.css (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\bkg.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\bkg_playerlist.png (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\bkg_playernotes.png (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\browserdetect.js (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\but_blackjack.png (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\but_cashier.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\but_close.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\but_filters_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\but_filters_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\but_game.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\but_game.png (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\but_general.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\but_join.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\but_join.png (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\but_join_mini.png (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\but_main.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\but_medium.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\but_minmax.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\but_sublevels_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\but_sublevels_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\but_timebank.png (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\but_timebank_mini.png (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\caret.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\chatbubble.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\chatpanel_mini.png (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\chips.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\decktype_settings.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\edit.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\gamelimits1.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\gamelimits2.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\gamelimits3.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\game_bjframe.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\game_blackjack.png (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\game_summary.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\gre_font_10p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\gre_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\hand.html (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\hand.xsl (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\hand_cursor.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\hand_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\harrow.cur (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\headers_bkg.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\headers_text.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\history.html (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\history.xsl (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\history_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\icon_mute_unmute_notes.png (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\input_additional.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\input_additional_mini.png (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\input_boxes.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\input_lists.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\language.xml (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\language.xsl (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\languages.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\language_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\main.js (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\main_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\main_listhi.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\menu_buttons.png (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\menu_window_headers.png (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\navigator_bg.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\navigator_buttons.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\navigator_moneytext.jpg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\navigator_timer.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\panel_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\panel_bottom.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\panel_game_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\panel_game_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\panel_game_small.png (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\panel_game_small_mini.png (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\panel_game_top.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\panel_left.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\panel_medium.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\panel_moretables.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\panel_texts.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\panel_top.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\panel_top_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\pointer.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\poker_bkg_mini.jpg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\poker_cardback.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\poker_cards.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\poker_cards_4c.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\poker_cards_large.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\poker_cards_large_4c.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\poker_deckside.jpg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\poker_font_10p_bold.xbf (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\poker_font_10p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\poker_font_11p_bold.xbf (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\poker_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\poker_makechoice.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\poker_makechoice_mini.png (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\poker_pucks.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\poker_pucks_mini.png (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\pol_font_10p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\pol_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\popupbkg.png (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\popups.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\position_actions.png (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\position_actions_mini.png (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\position_active.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\position_active.png (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\position_active_mini.png (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\position_inactive.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\position_inactive.png (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\position_inactive_mini.png (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\position_mute.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\position_note.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\position_numbers.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\pot_bets.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\progress_ani.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\promo-test1.jpg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\rus_font_10p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\rus_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\sc_bkg8.jpg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\tablelimits_bkg_mini.png (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\tablelimits_header.png (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\tablelimits_minmax.png (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\tabs_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\tabs_cashier.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\tabs_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\tab_myaccount.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\tab_promotions.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\text.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\timeslider.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\timeslider_mini.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\tournamentinfo_bkg.png (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\tur_font_10p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\tur_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\tx_bkg10.jpg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\tx_bkg5.jpg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\user.xsl (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\user_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\white_line.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\win_graphics.bmp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\xml.gif (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\data\xml_decoder.js (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\sfx\c_button.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\sfx\c_chip.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\sfx\c_deal.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\sfx\p_alert.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\sfx\p_checkknock.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\blackjack_game_panel.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\blackjack_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\common.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\creditdebit.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\ext_clientspecific.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\ext_creditdebit.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\ext_game.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\ext_general.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\ext_mc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\ext_navigator.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\fcs_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\fc_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\fc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\filemap.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\filerefs.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\gameclient.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\game_common.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\game_common_message.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\game_common_mini.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\game_panel.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\game_panel_mini.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\gizmo.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\mc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\message.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\mtt_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\mtt_lobby.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\navigator.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\omaha_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\omaha_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\omaha_main_mini.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\optdef.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\poker_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\sc_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\sc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\soko_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\tel_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\texas_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\texas_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\texas_main_mini.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Casino\BetClic Poker\xrs\tournament_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\moumoune.WESHWESH\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\moumoune.WESHWESH\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\moumoune.WESHWESH\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
    18 Avril 2008 18:53:29

    :hello: 

    1) Affiche les fichiers et dossiers cachés …
    Pour ce faire, tu vas dans un dossier, par ex. "Mes Images".
    Ensuite, clique sur > Outils > Options des dossiers ...
    clique sur l' onglet « Affichage » et ...
    coche ---> Afficher les fichiers et dossiers cachés
    décoche > Masquer les extensions des fichiers dont le type est connu
    décoche > Masquer les fichiers protégés du système d' exploitation (recommandé).
    « Appliquer » et « OK ».

    2) Désactive toute protection résidente ( antivirus…) !
    Déconnecte-toi d’internet, ferme tous les programmes en cours et laisse combofix travailler : ne fais donc pas autre chose en même temps !


    Télécharge Combofix de sUBs
    Sauvegarde le sur ton bureau et pas ailleurs !
    Redémarre en mode sans échecs : aide ici >>>
    http://forum.telecharger.01net.com/telecharger/virus_et...
    /!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport. Il se trouve ici : C:\Combofix.txt

    3) Copie/colle un nouveau rapport HiJackThis avec.

    Bonne soirée :hello: 
    18 Avril 2008 21:17:16

    combofix ne m'a pas posé de question et voila ce qu'il dit dans le rapport:

    ComboFix 08-04-17.1 - moumoune 2008-04-19 20:22:50.16 - NTFSx86 MINIMAL

    Endroit: C:\Documents and Settings\moumoune.WESHWESH\Mes documents\Applications\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:16, on 2008-04-19
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Sonic\Sonic Solutions Product CD\Media Experience\DMXLauncher.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Creative\Mixer\CTSVolFE.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://secure.caramail.lycos.fr/services/signin/mail.js...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {150B0CB9-8CC5-4C31-B100-35FA6476BF71} - (no file)
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {47B8F5D3-408E-426E-A415-80D144A3AC4E} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: (no name) - {613BD612-755E-4AE5-923F-37A20D069DF4} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {A98D0065-7326-41B5-B8D9-C5B692CDB82F} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: (no name) - {F6A3CF07-ABE7-476E-9BE0-F2DF48ED63F8} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: (no name) - {49D8D988-6D77-4E24-8A27-914FBCCC782F} - (no file)
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Sonic\Sonic Solutions Product CD\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-21-3361232125-835192129-3529576560-1005\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
    O4 - HKUS\S-1-5-21-3361232125-835192129-3529576560-1005\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Farm Frenzy\Images\stg_drm.ocx
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Farm Frenzy\Images\armhelper.ocx
    O20 - Winlogon Notify: wvUnmKax - wvUnmKax.dll (file missing)
    O21 - SSODL: AvpUnknown - {80b16cef-1d34-45a6-8361-48947811abf6} - (no file)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 12144 bytes



    18 Avril 2008 22:17:56

    Re,

    Le rapport de combofix est incomplet :) 

    Citation :
    C:\Documents and Settings\moumoune.WESHWESH\Mes documents\Applications\ComboFix.exe


    Tu ne l'as pas installé là où je te l'ai demandé :/  Il faut suivre les manip' à la lettre.
    19 Avril 2008 16:40:29

    je suis désolé...

    Voial le rapport, par contre il ne me demande pas de taper quoi que ce soit...


    ComboFix 08-04-18.3 - moumoune 2008-04-20 16:25:15.17 - NTFSx86 MINIMAL

    Endroit: C:\Documents and Settings\moumoune.WESHWESH\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Program Files\BrowsingAdvisor
    C:\Program Files\BrowsingAdvisor\BrowsingAdvisor.dat
    C:\Program Files\BrowsingAdvisor\pcre3.dll
    C:\Program Files\BrowsingAdvisor\uninstall.exe
    C:\Program Files\GamesBar
    C:\Program Files\GamesBar\Localization-French.ini
    C:\Program Files\Zylom Games
    C:\Program Files\Zylom Games\Chocolatier Deluxe\chocolatier.dll
    C:\Program Files\Zylom Games\Chocolatier Deluxe\chocolatier.exe
    C:\Program Files\Zylom Games\Chocolatier Deluxe\GameInstlr.exe
    C:\Program Files\Zylom Games\Chocolatier Deluxe\realarcade.ico
    C:\Program Files\Zylom Games\Chocolatier Deluxe\zylom.ico
    C:\Program Files\Zylom Games\UninstallPlugin.exe
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\fmod.dll
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\GameInstlr.exe
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\gd.xml
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\4 - Hobbies\1.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\4 - Hobbies\1.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\4 - Hobbies\2.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\4 - Hobbies\2.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\4 - Hobbies\3.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\4 - Hobbies\3.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\4 - Hobbies\4.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\4 - Hobbies\4.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\4 - Hobbies\5.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\4 - Hobbies\5.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\4 - Hobbies\bg.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\4 - Hobbies\Challenge\box.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\4 - Hobbies\Challenge\catbutton.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\4 - Hobbies\Collection\bg.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\4 - Hobbies\Collection\colbutton.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\4 - Hobbies\Collection\colbutton_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\4 - Hobbies\menu.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\5 - Dream Holiday\1.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\5 - Dream Holiday\1.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\5 - Dream Holiday\2.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\5 - Dream Holiday\2.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\5 - Dream Holiday\3.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\5 - Dream Holiday\3.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\5 - Dream Holiday\4.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\5 - Dream Holiday\4.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\5 - Dream Holiday\5.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\5 - Dream Holiday\5.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\5 - Dream Holiday\bg.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\5 - Dream Holiday\Challenge\box.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\5 - Dream Holiday\Challenge\catbutton.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\5 - Dream Holiday\Collection\bg.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\5 - Dream Holiday\Collection\colbutton.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\5 - Dream Holiday\Collection\colbutton_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\5 - Dream Holiday\menu.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\6 - Around the House\1.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\6 - Around the House\1.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\6 - Around the House\2.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\6 - Around the House\2.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\6 - Around the House\3.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\6 - Around the House\3.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\6 - Around the House\4.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\6 - Around the House\4.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\6 - Around the House\5.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\6 - Around the House\5.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\6 - Around the House\bg.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\6 - Around the House\Challenge\box.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\6 - Around the House\Challenge\catbutton.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\6 - Around the House\Collection\bg.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\6 - Around the House\Collection\colbutton.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\6 - Around the House\Collection\colbutton_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\6 - Around the House\menu.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\7 - People\1.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\7 - People\1.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\7 - People\2.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\7 - People\2.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\7 - People\3.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\7 - People\3.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\7 - People\4.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\7 - People\4.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\7 - People\5.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\7 - People\5.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\7 - People\bg.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\7 - People\Challenge\box.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\7 - People\Challenge\catbutton.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\7 - People\Collection\bg.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\7 - People\Collection\colbutton.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\7 - People\Collection\colbutton_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\7 - People\menu.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\challenge\bg.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\challenge\bg_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\challenge\corner.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\challenge\corner_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\collection\bg_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\collection\bg_tv.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\collection\corner.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\collection\flash.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\collection\l.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\collection\l_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\collection\s_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\collection\tv_flash_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\collection\tv_strip.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\configdialog\b_bg_arrow.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\configdialog\b_bg_arrow_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\configdialog\b_bg_arrow_left.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\configdialog\b_express.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\configdialog\b_expressklassiek_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\configdialog\b_extra_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\configdialog\b_klassiek.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\configdialog\b_size.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\configdialog\b_size_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\configdialog\b_size_extra.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\configdialog\bg_green_dialog.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\configdialog\bg_green_dialog_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\configdialog\bg_strip.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\configdialog\piece_extra_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\configdialog\tab_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\configdialog\tab_l.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\configdialog\tab_r.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\configdialog\vink.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\configdialog\vink_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\aktie_icon.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\b_action.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\b_add.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\b_annuleer.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\b_close.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\b_credits.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\b_credits_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\b_dialog_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\b_help.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\b_no.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\b_ok.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\b_quit.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\b_remove.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\b_round.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\b_round_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\b_start.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\b_terug.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\b_volgende.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\b_vorige.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\b_yes.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\bg_credits.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\bg_example.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\bg_green_dialog.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\bg_green_dialog_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\bg_help.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\bg_options.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\dialog_players.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\endgame.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\finish_image.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\overlay_dialog.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\overlay_dialog_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\overlay_dialog_girl.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\pause_image.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\slider.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\slider_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\slider_arrows.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\dialog\slider_arrows_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\infodialog\l-up.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\infodialog\l_down.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\infodialog\l_down.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\infodialog\l_down_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\infodialog\l_up.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\infodialog\l_up_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\infodialog\m_down.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\infodialog\m_down_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\infodialog\m_l.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\infodialog\m_l_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\infodialog\m_m.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\infodialog\m_m_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\infodialog\m_r.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\infodialog\m_r_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\infodialog\m_up.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\infodialog\m_up_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\infodialog\r_down.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\infodialog\r_down.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\infodialog\r_down_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\infodialog\r_up.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\infodialog\r_up_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\inputlabel_bg.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\l_down.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\l_down_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\l_mid.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\l_mid_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\l_up.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\l_up_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\loadingbar_800x600_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\loadingbar_empty.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\loadingbar_over.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\mid_down.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\mid_down_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\mid_mid.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\mid_up.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\mid_up_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\r_down.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\r_down_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\r_mid.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\r_mid_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\r_up.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\dialog\r_up_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\fonts\_Advert14.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\fonts\_Advert15.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\fonts\_Advert8.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\fonts\_CenturyGothic10Bold.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\fonts\_CenturyGothic11Bold.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\fonts\_CenturyGothic14Bold.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\fonts\_CenturyGothic25Bold.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\fonts\_CenturyGothic8.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\fonts\_CenturyGothic8Bold.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\fonts\_CenturyGothic9Bold.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\fonts\Advert14.xml
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\fonts\Advert15.xml
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\fonts\Advert8.xml
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\fonts\centurygothic10bold.xml
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\fonts\centurygothic11bold.xml
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\fonts\centurygothic14bold.xml
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\fonts\centurygothic25bold.xml
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\fonts\centurygothic8.xml
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\fonts\centurygothic8bold.xml
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\fonts\centurygothic9bold.xml
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\_b_alpha.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\arrow_help_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\b_-.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\b_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\b_back.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\b_help.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\b_square.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\b_x.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\beam_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\border_l_down.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\border_l_up.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\border_mid_down.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\border_mid_l.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\border_mid_r.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\border_mid_up.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\border_r_down.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\border_r_up.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\border_thumb.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\border_thumb_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\cursor.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\example_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\hand.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\hand_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\hand_mini.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\hand_mini_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\hand_right.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\hand_right_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\large_puzzlepiece_black.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\large_puzzlepiece_black_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\large_puzzlepiece_white.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\large_puzzlepiece_white_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\puzzle_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\Puzzlebook.ico
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\scrollbar_down.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\scrollbar_slider.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\scrollbar_up.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\scrollbarback.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\tools_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\tray.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\gui\tray_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\icons\finished.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\icons\finished_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\icons\last.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\icons\last_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\icons\numbers.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\icons\numbers_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\icons\numvers_2.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\icons\puzzle.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\icons\puzzle_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\icons\safe_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\icons\save.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\icons\Thumbs.db
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\linkButtons\1\colbutton.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\linkButtons\1\colbutton_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\linkButtons\2\colbutton.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\linkButtons\2\colbutton_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\linkButtons\3\colbutton.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\linkButtons\3\colbutton_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\linkButtons\4\colbutton.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\linkButtons\4\colbutton_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\loading\bg.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\loading\loadingbar.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\loading\Loadingbar_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\loading\loadingbar_empty.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\loading\Thumbs.db
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\properties\challenge.xml
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\properties\collection.xml
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\properties\default.xml
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\properties\Dialogs.xml
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\properties\resources.xml
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\sounds\Borders_Off.ogg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\sounds\Borders_On.ogg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\sounds\Button_Click.ogg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\sounds\Dialog_Close.ogg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\sounds\Dialog_Close_OLD.ogg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\sounds\Dialog_Select_Difficulty_Level.ogg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\sounds\Disabled_Button_Error.ogg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\sounds\Hint_FadeIn.ogg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\sounds\Move_Puzzle_to_Collection.ogg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\sounds\music_ingame.ogg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\sounds\music_menu.ogg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\sounds\Next_Level_Block_Shift.ogg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\sounds\Opgelost.ogg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\sounds\Pieces_Thrown_Out_Of_Puzzle_Box.ogg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\sounds\Puzzle_Completed.ogg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\sounds\Puzzle_Completed_alternative.ogg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\sounds\Puzzle_Piece_Appears.ogg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\sounds\Puzzle_Piece_Pick_Up.ogg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\sounds\Puzzle_Piece_Put_Down_Fits.ogg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\sounds\Puzzle_Piece_Put_Down_Standard.ogg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\sounds\Puzzle_Piece_Put_Down_Wrong.ogg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\sounds\Puzzle_Piece_Rotate.ogg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\sounds\Puzzle_Piece_Shoots_Back.ogg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\sounds\Puzzle_Sorting_Sound1.ogg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\sounds\Puzzle_Sorting_Sound2.ogg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\sounds\Score_Sound.ogg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\sounds\Tray_Expand.ogg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\sounds\Tray_Shrink.ogg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\sounds\Unlock_New_Puzzle.ogg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\sounds\Zylom_Pause_Sound.ogg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\sounds\Zylom_Unpause_Sound.ogg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\title\_b_alpha.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\title\_b_puzzlecollection.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\title\b_-.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\title\b_challenge.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\title\b_challenge_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\title\b_collection.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\title\b_collection_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\title\b_help.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\title\b_help_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\title\b_options.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\title\b_options_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\title\b_quit.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\title\b_quit_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\title\b_square.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\title\b_x.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\title\background.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\title\glow.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\title\mouth.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\title\tail.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\title\tail_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\title\Thumbs.db
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\toolbar\b_example.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\toolbar\b_example_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\toolbar\b_help.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\toolbar\b_hint.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\toolbar\b_hint_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\toolbar\b_instellingen.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\toolbar\b_meer-spellen.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\toolbar\b_menu.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\toolbar\b_menu_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\toolbar\b_pause.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\toolbar\b_pause_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\toolbar\b_randen.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\toolbar\b_randen_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\toolbar\b_sorteer.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\toolbar\b_sorteer_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\toolbar\b_stop.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\toolbar\b_zylom.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\toolbar\b_zylom_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\toolbar\clock.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\toolbar\clock_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\toolbar\dropdown.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\toolbar\dropdown_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\toolbar\line_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\toolbar\menu_.png
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\toolbar\numbers.jpg
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\media\toolbar\Thumbs.db
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\msvcr71.dll
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\players\moon.plr
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\players\players.plrs
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\realarcade.ico
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\savegames\moon\col4p2.sav
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\savegames\moon\col4p3.sav
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\savegames\moon\col4p4.sav
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\savegames\moon\col4p5.sav
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\UnInstall.log
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\wrapperresources.dat
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\zylom.ico
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\zylompuzzles.dll
    C:\Program Files\Zylom Games\Zylom puzzles Deluxe\zylompuzzlesPromo.exe
    C:\WINDOWS\Downloaded Program Files\setup.inf
    C:\WINDOWS\pack.epk
    C:\WINDOWS\resources\AvpUnknown.dll
    C:\WINDOWS\resources\CheckWin.dll
    C:\WINDOWS\system32\awttuSll.dll
    C:\WINDOWS\system32\axgqlhmx.dll
    C:\WINDOWS\system32\dcads-remove.exe
    C:\WINDOWS\system32\drivers\ETNADiag.exe
    C:\WINDOWS\system32\drivers\nxhtnxme.dat
    C:\WINDOWS\system32\hxysoaiw.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\nmllm.bak1
    C:\WINDOWS\system32\nmllm.ini2
    C:\WINDOWS\system32\nsm11B.dll
    C:\WINDOWS\system32\nsv7C.dll
    C:\WINDOWS\system32\superiorads-uninst.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-19 13:05 . 2008-04-19 13:05 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-04-19 12:55 . 2008-04-19 15:17 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-19 12:55 . 2008-04-19 12:55 <REP> d-------- C:\Documents and Settings\moumoune.WESHWESH\Application Data\Malwarebytes
    2008-04-19 12:55 . 2008-04-19 12:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-18 21:33 . 2008-04-19 12:42 <REP> d-------- C:\VundoFix Backups
    2008-04-18 17:32 . 2008-04-18 17:32 <REP> d-------- C:\WINDOWS\system32\892267
    2008-04-17 17:34 . 2008-04-18 00:28 990 ---hs---- C:\WINDOWS\system32\urxsnulw.ini
    2008-04-14 17:31 . 2008-04-15 17:31 294 ---hs---- C:\WINDOWS\system32\qiksinyg.ini
    2008-04-11 21:40 . 2008-04-11 21:40 335 --a------ C:\WINDOWS\mozregistry.dat
    2008-04-11 14:03 . 2008-04-12 17:26 1,290 ---hs---- C:\WINDOWS\system32\racwsyul.ini
    2008-04-11 01:04 . 2008-04-11 01:04 <REP> d-------- C:\Documents and Settings\moumoune.WESHWESH\Application Data\TmpRecentIcons
    2008-04-10 23:39 . 2008-04-10 23:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Legacy Interactive
    2008-04-10 23:38 . 2008-04-10 23:38 0 --ah----- C:\WINDOWS\SwSys2.bmp
    2008-04-10 23:38 . 2008-04-10 23:38 0 --ah----- C:\WINDOWS\SwSys1.bmp
    2008-04-10 23:00 . 2008-04-19 17:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\bybmpqhq
    2008-03-30 15:59 . 2008-03-30 15:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-03-30 15:59 . 2008-03-30 15:59 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-03-30 01:26 . 2008-03-30 14:04 <REP> d-------- C:\SphinxME

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-20 14:15 --------- d-----w C:\Documents and Settings\moumoune.WESHWESH\Application Data\DNA
    2008-04-19 19:02 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-04-19 19:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-10 23:31 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-10 23:30 --------- d-----w C:\Program Files\SpywareBlaster
    2008-04-10 22:52 --------- d-----w C:\Program Files\bfgclient
    2008-04-10 22:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
    2008-04-10 22:35 0 ----a-w C:\Program Files\temp01
    2008-04-10 21:24 --------- d-----w C:\Program Files\Legacy Interactive
    2008-04-03 18:49 1,142 ----a-w C:\Documents and Settings\moumoune.WESHWESH\Application Data\wklnhst.dat
    2008-04-02 16:58 --------- d-----w C:\Documents and Settings\moumoune.WESHWESH\Application Data\Sphinx
    2008-03-23 23:23 --------- d-----w C:\Program Files\Java
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-12 17:03 --------- d-----w C:\Program Files\Microsoft Works
    2008-03-12 17:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-03-12 15:20 --------- d-----w C:\Documents and Settings\moumoune.WESHWESH\Application Data\OpenOffice.org2
    2008-03-12 09:41 --------- d-----w C:\Program Files\NRJ
    2008-03-12 08:59 --------- d-----w C:\Program Files\Windows Media Components
    2008-03-11 08:42 --------- d-----w C:\Documents and Settings\moumoune.WESHWESH\Application Data\DivX
    2008-03-10 01:48 --------- d-----w C:\Documents and Settings\moumoune.WESHWESH\Application Data\LimeWire
    2008-03-10 01:32 --------- d-----w C:\Program Files\DivX
    2008-03-09 11:13 --------- d-----w C:\Program Files\Fichiers communs\xing shared
    2008-03-09 11:13 --------- d-----w C:\Program Files\Fichiers communs\Real
    2008-03-08 14:53 --------- d-----w C:\Program Files\DNA
    2008-03-08 14:52 --------- d-----w C:\Program Files\Windows Live
    2008-03-08 14:52 --------- d-----w C:\Program Files\ContextEnhancer
    2008-03-08 14:52 --------- d-----w C:\Documents and Settings\moumoune.WESHWESH\Application Data\BitTorrent
    2008-03-08 14:39 --------- d-----w C:\Program Files\Chocolatier 2 Secret Ingredients DeLEGiON
    2008-03-08 12:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
    2008-03-08 00:34 --------- d-----w C:\Program Files\Real
    2008-03-01 00:10 --------- d-----w C:\Program Files\Ubi Soft
    2008-02-29 01:07 --------- d-----w C:\Documents and Settings\moumoune.WESHWESH\Application Data\PlayFirst
    2008-02-29 01:03 --------- d-----w C:\Program Files\Zylom Games
    2008-02-21 02:05 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-02-21 02:05 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
    2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2008-02-21 02:05 129,784 ------w C:\WINDOWS\system32\pxafs.dll
    2008-02-21 02:05 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
    2008-02-21 02:05 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
    2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
    2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-16 09:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-02 01:14 57,344 ----a-w C:\WINDOWS\system32\lyc_language.dll
    2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-01-12 17:58 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
    2006-11-24 13:59 251 -c--a-w C:\Program Files\wt3d.ini
    2007-12-08 14:28 168 --sh--r C:\WINDOWS\system32\7EF1021042.sys
    2007-12-08 14:28 5,954 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-23_22.10.24,48 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-03-20 07:56:50 1,846,016 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
    + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
    + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
    + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
    + 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
    + 2007-12-04 18:30:15 551,936 -c--a-w C:\WINDOWS\$hf_mig$\KB943055\SP2QFE\oleaut32.dll
    + 2007-03-06 01:34:33 15,072 -c--a-w C:\WINDOWS\$hf_mig$\KB943055\spmsg.dll
    + 2007-03-06 01:34:38 216,800 -c--a-w C:\WINDOWS\$hf_mig$\KB943055\spuninst.exe
    + 2007-03-06 01:34:31 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB943055\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 -c--a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
    + 2007-03-06 01:35:48 394,976 -c--a-w C:\WINDOWS\$hf_mig$\KB943055\update\updspapi.dll
    + 2007-12-18 14:32:57 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\jscript.dll
    + 2007-12-18 14:32:57 417,792 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\vbscript.dll
    + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spmsg.dll
    + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spuninst.exe
    + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\update.exe
    + 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\updspapi.dll
    + 2007-12-07 00:47:14 1,024,512 -c--a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\browseui.dll
    + 2007-12-07 00:47:14 152,064 -c--a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\cdfview.dll
    + 2007-12-07 00:47:14 1,056,768 -c--a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\danim.dll
    + 2007-12-07 00:47:15 357,888 -c--a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\dxtmsft.dll
    + 2007-12-07 00:47:15 205,824 -c--a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\dxtrans.dll
    + 2007-12-07 00:47:15 55,808 -c--a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\extmgr.dll
    + 2007-12-06 10:05:52 18,432 -c--a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iedw.exe
    + 2007-12-07 00:47:15 251,904 -c--a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iepeers.dll
    + 2007-12-07 00:47:15 96,768 -c--a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\inseng.dll
    + 2007-12-07 00:47:15 16,384 -c--a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\jsproxy.dll
    + 2007-12-07 00:47:18 3,087,360 -c--a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mshtml.dll
    + 2007-12-07 00:47:18 449,024 -c--a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mshtmled.dll
    + 2007-12-07 00:47:18 146,432 -c--a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\msrating.dll
    + 2007-12-07 00:47:19 532,480 -c--a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mstime.dll
    + 2007-12-07 00:47:19 39,424 -c--a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\pngfilt.dll
    + 2007-12-07 00:47:20 1,499,648 -c--a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\shdocvw.dll
    + 2007-12-07 00:47:20 474,624 -c--a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\shlwapi.dll
    + 2007-12-06 23:40:30 369,152 -c--a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\spru040c.dll
    + 2007-12-07 00:47:21 620,032 -c--a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\urlmon.dll
    + 2007-12-07 00:47:21 670,208 -c--a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll
    + 2007-03-06 01:34:33 15,072 -c--a-w C:\WINDOWS\$hf_mig$\KB944533\spmsg.dll
    + 2007-03-06 01:34:38 216,800 -c--a-w C:\WINDOWS\$hf_mig$\KB944533\spuninst.exe
    + 2007-03-06 01:34:31 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB944533\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 -c--a-w C:\WINDOWS\$hf_mig$\KB944533\update\update.exe
    + 2007-03-06 01:35:48 394,976 -c--a-w C:\WINDOWS\$hf_mig$\KB944533\update\updspapi.dll
    + 2008-02-20 05:20:23 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
    + 2008-02-20 18:50:24 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
    + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll
    + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe
    + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
    + 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll
    + 2007-12-18 09:38:59 179,712 -c--a-w C:\WINDOWS\$hf_mig$\KB946026\SP2QFE\mrxdav.sys
    + 2007-03-06 01:34:33 15,072 -c--a-w C:\WINDOWS\$hf_mig$\KB946026\spmsg.dll
    + 2007-03-06 01:34:38 216,800 -c--a-w C:\WINDOWS\$hf_mig$\KB946026\spuninst.exe
    + 2007-03-06 01:34:31 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB946026\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 -c--a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
    + 2007-03-06 01:35:48 394,976 -c--a-w C:\WINDOWS\$hf_mig$\KB946026\update\updspapi.dll
    + 2008-02-16 09:31:57 1,024,512 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\browseui.dll
    + 2008-02-16 09:31:57 152,064 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\cdfview.dll
    + 2008-02-16 09:31:58 1,056,768 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\danim.dll
    + 2008-02-16 09:31:58 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtmsft.dll
    + 2008-02-16 09:31:58 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtrans.dll
    + 2008-02-16 09:31:58 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\extmgr.dll
    + 2008-02-15 09:07:53 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iedw.exe
    + 2008-02-16 09:31:58 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iepeers.dll
    + 2008-02-16 09:31:58 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\inseng.dll
    + 2008-02-16 09:31:58 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\jsproxy.dll
    + 2008-02-16 09:31:59 3,087,872 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtml.dll
    + 2008-02-16 09:31:59 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtmled.dll
    + 2008-02-16 09:31:59 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\msrating.dll
    + 2008-02-16 09:31:59 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mstime.dll
    + 2008-02-16 09:31:59 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\pngfilt.dll
    + 2008-02-16 09:32:00 1,499,648 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shdocvw.dll
    + 2008-02-16 09:32:00 474,624 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shlwapi.dll
    + 2008-02-15 23:03:14 370,176 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\spru040c.dll
    + 2008-02-16 09:32:00 620,544 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\urlmon.dll
    + 2008-02-16 09:32:00 670,208 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
    + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB947864\spmsg.dll
    + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB947864\spuninst.exe
    + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\update.exe
    + 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\updspapi.dll
    + 2008-02-20 06:52:42 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
    + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
    + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
    + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
    + 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
    + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB948881\spmsg.dll
    + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB948881\spuninst.exe
    + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\update.exe
    + 2007-03-06 01:35:47 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\updspapi.dll
    - 2007-05-01 00:01:41 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
    + 2008-03-12 09:43:28 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
    - 2007-05-01 00:01:42 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
    + 2008-03-12 09:43:28 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
    - 2007-05-01 00:01:42 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
    + 2008-03-12 09:43:29 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
    - 2007-05-01 00:01:38 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-03-12 09:43:30 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2007-05-01 00:01:43 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
    + 2008-03-12 09:43:31 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
    - 2007-05-01 00:01:44 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
    + 2008-03-12 09:43:31 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
    - 2007-05-01 00:01:44 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
    + 2008-03-12 09:43:32 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
    - 2007-05-01 00:01:45 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
    + 2008-03-12 09:43:32 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
    - 2007-05-01 00:01:41 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
    + 2008-03-12 09:43:26 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
    + 2008-04-20 14:19:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    - 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
    + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
    - 2007-03-13 08:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    + 2000-08-31 06:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
    + 2000-08-31 06:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
    - 2006-11-24 20:45:14 155,136 -c--a-r C:\WINDOWS\Installer\{0000040C-78E1-11D2-B60F-006097C998E7}\accicons.exe
    + 2008-03-12 20:45:11 155,136 ----a-r C:\WINDOWS\Installer\{0000040C-78E1-11D2-B60F-006097C998E7}\accicons.exe
    - 2006-11-24 20:45:14 22,528 -c--a-r C:\WINDOWS\Installer\{0000040C-78E1-11D2-B60F-006097C998E7}\bindico.exe
    + 2008-03-12 20:45:11 22,528 ----a-r C:\WINDOWS\Installer\{0000040C-78E1-11D2-B60F-006097C998E7}\bindico.exe
    - 2006-11-24 20:45:14 73,216 -c--a-r C:\WINDOWS\Installer\{0000040C-78E1-11D2-B60F-006097C998E7}\fpicon.exe
    + 2008-03-12 20:45:11 73,216 ----a-r C:\WINDOWS\Installer\{0000040C-78E1-11D2-B60F-006097C998E7}\fpicon.exe
    - 2006-11-24 20:45:14 28,160 -c--a-r C:\WINDOWS\Installer\{0000040C-78E1-11D2-B60F-006097C998E7}\misc.exe
    + 2008-03-12 20:45:11 28,160 ----a-r C:\WINDOWS\Installer\{0000040C-78E1-11D2-B60F-006097C998E7}\misc.exe
    - 2006-11-24 20:45:14 104,960 -c--a-r C:\WINDOWS\Installer\{0000040C-78E1-11D2-B60F-006097C998E7}\outicon.exe
    + 2008-03-12 20:45:11 104,960 ----a-r C:\WINDOWS\Installer\{0000040C-78E1-11D2-B60F-006097C998E7}\outicon.exe
    - 2006-11-24 20:45:14 11,264 -c--a-r C:\WINDOWS\Installer\{0000040C-78E1-11D2-B60F-006097C998E7}\PEicons.exe
    + 2008-03-12 20:45:12 11,264 ----a-r C:\WINDOWS\Installer\{0000040C-78E1-11D2-B60F-006097C998E7}\PEicons.exe
    - 2006-11-24 20:45:14 30,208 -c--a-r C:\WINDOWS\Installer\{0000040C-78E1-11D2-B60F-006097C998E7}\pptico.exe
    + 2008-03-12 20:45:11 30,208 ----a-r C:\WINDOWS\Installer\{0000040C-78E1-11D2-B60F-006097C998E7}\pptico.exe
    - 2006-11-24 20:45:14 35,328 -c--a-r C:\WINDOWS\Installer\{0000040C-78E1-11D2-B60F-006097C998E7}\wordicon.exe
    + 2008-03-12 20:45:11 35,328 ----a-r C:\WINDOWS\Installer\{0000040C-78E1-11D2-B60F-006097C998E7}\wordicon.exe
    - 2006-11-24 20:45:14 69,120 -c--a-r C:\WINDOWS\Installer\{0000040C-78E1-11D2-B60F-006097C998E7}\xlicons.exe
    + 2008-03-12 20:45:11 69,120 ----a-r C:\WINDOWS\Installer\{0000040C-78E1-11D2-B60F-006097C998E7}\xlicons.exe
    + 2008-03-12 15:39:18 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-040C-0000-0000000FF1CE}\misc.exe
    + 2008-02-29 02:01:30 123,008 ----a-r C:\WINDOWS\Installer\{A70FA218-6598-4AC9-813D-63597C5DD068}\WLXPhotoGalleryIcon.exe
    + 2008-02-12 09:08:15 295,606 -c--a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A81200000003}\SC_Reader.exe
    - 2005-03-18 14:23:10 53,248 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
    + 2005-03-18 16:23:10 53,248 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
    - 2005-03-18 14:23:10 12,800 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
    + 2005-03-18 16:23:10 12,800 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
    - 2005-03-18 14:23:14 473,600 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
    + 2005-03-18 16:23:14 473,600 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
    - 2005-03-18 14:23:10 145,920 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
    + 2005-03-18 16:23:10 145,920 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
    - 2005-03-18 14:23:10 159,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
    + 2005-03-18 16:23:10 159,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
    - 2005-03-18 14:23:14 364,544 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
    + 2005-03-18 16:23:14 364,544 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
    - 2005-03-18 14:23:12 178,176 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
    + 2005-03-18 16:23:12 178,176 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
    - 2005-03-18 14:23:14 223,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
    + 2005-03-18 16:23:14 223,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
    - 2005-09-28 12:11:52 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-09-28 13:11:52 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
    + 2008-02-02 11:28:18 2,942 -c--a-w C:\WINDOWS\mozver.dat
    - 2000-08-31 07:00:00 51,200 ----a-w C:\WINDOWS\Nircmd.exe
    + 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
    + 2002-12-13 12:42:56 8,192 ----a-w C:\WINDOWS\RegisteredPackages\{3695EB93-6443-448D-8E2E-1F6F4FC79BC1}\asferror.dll
    + 2002-11-06 01:10:14 167,936 ----a-w C:\WINDOWS\RegisteredPackages\{89FDAB62-6F46-4C7E-A559-E00B9A0BACB6}\wmserror.dll
    + 2002-11-06 01:45:32 327,680 ----a-w C:\WINDOWS\RegisteredPackages\{89FDAB62-6F46-4C7E-A559-E00B9A0BACB6}\wmsservertypelib.dll
    + 2000-08-31 06:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
    + 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
    + 2000-08-31 06:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
    + 2000-08-31 06:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
    + 2004-08-10 12:00:00 2,000 -c--a-w C:\WINDOWS\system\KEYBOARD.DRV
    + 2004-08-10 12:00:00 73,680 -c--a-w C:\WINDOWS\system\MCIAVI.DRV
    + 2004-08-10 12:00:00 25,280 -c--a-w C:\WINDOWS\system\MCISEQ.DRV
    + 2004-08-10 12:00:00 28,160 -c--a-w C:\WINDOWS\system\MCIWAVE.DRV
    + 2004-08-10 12:00:00 2,032 -c--a-w C:\WINDOWS\system\MOUSE.DRV
    + 2004-08-10 12:00:00 1,744 -c--a-w C:\WINDOWS\system\SOUND.DRV
    + 2004-08-10 12:00:00 3,360 -c--a-w C:\WINDOWS\system\SYSTEM.DRV
    + 2004-08-10 12:00:00 4,096 -c--a-w C:\WINDOWS\system\TIMER.DRV
    + 2004-08-10 12:00:00 2,176 -c--a-w C:\WINDOWS\system\VGA.DRV
    + 2004-08-10 12:00:00 13,600 -c--a-w C:\WINDOWS\system\WFWNET.DRV
    + 2004-08-10 12:00:00 146,944 -c--a-w C:\WINDOWS\system\WINSPOOL.DRV
    - 2004-08-10 12:00:00 8,704 ----a-w C:\WINDOWS\system32\asferror.dll
    + 2002-12-13 12:42:56 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
    + 2008-03-29 17:45:49 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
    + 2008-03-29 17:23:22 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
    - 2007-10-11 06:13:38 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
    + 2008-02-16 09:02:34 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
    - 2007-10-11 06:13:38 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
    + 2008-02-16 09:02:34 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
    + 2004-08-10 12:00:00 10,544 ----a-w C:\WINDOWS\system32\comm.drv
    - 2005-07-22 17:59:04 2,319,568 ----a-w C:\WINDOWS\system32\d3dx9_27.dll
    + 2005-07-22 18:59:04 2,319,568 ----a-w C:\WINDOWS\system32\d3dx9_27.dll
    - 2007-10-11 06:13:38 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
    + 2008-02-16 09:02:34 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
    + 2004-08-10 12:00:00 1,788 -c--a-w C:\WINDOWS\system32\Dcache.bin
    + 2005-09-08 05:20:00 2,496 ----a-w C:\WINDOWS\system32\DLA\DLADResN.SYS
    + 2004-08-10 12:00:00 41,216 -c--a-w C:\WINDOWS\system32\dllcache\amdk6.sys
    + 2004-08-10 12:00:00 41,600 -c--a-w C:\WINDOWS\system32\dllcache\amdk7.sys
    - 2004-08-10 12:00:00 8,704 -c--a-w C:\WINDOWS\system32\dllcache\asferror.dll
    + 2002-12-13 12:42:56 8,192 -c--a-w C:\WINDOWS\system32\dllcache\asferror.dll
    + 2004-08-10 12:00:00 14,080 -c--a-w C:\WINDOWS\system32\dllcache\battc.sys
    - 2007-10-11 06:13:38 1,024,000 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
    + 2008-02-16 09:02:34 1,024,000 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
    - 2007-10-11 06:13:38 152,064 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
    + 2008-02-16 09:02:34 152,064 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
    + 2004-08-10 12:00:00 262,528 -c--a-w C:\WINDOWS\system32\dllcache\cinemst2.sys
    + 2004-08-10 12:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\cpqdap01.sys
    + 2004-08-10 12:00:00 40,704 -c--a-w C:\WINDOWS\system32\dllcache\crusoe.sys
    - 2007-10-11 06:13:38 1,056,768 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
    + 2008-02-16 09:02:34 1,056,768 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
    - 2006-06-26 17:41:32 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    + 2008-02-20 05:35:05 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    - 2004-08-10 12:00:00 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
    + 2008-02-20 05:35:05 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
    - 2007-10-11 06:13:39 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    + 2008-02-16 09:02:34 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    - 2007-10-11 06:13:39 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    + 2008-02-16 09:02:35 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    - 2007-10-11 06:13:39 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    + 2008-02-16 09:02:35 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    + 2004-08-10 12:00:00 12,416 -c--a-w C:\WINDOWS\system32\dllcache\fsvga.sys
    - 2007-06-19 13:32:25 282,112 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
    + 2008-02-20 06:51:00 282,624 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
    + 2004-08-10 02:47:52 17,024 -c--a-w C:\WINDOWS\system32\dllcache\hidir.sys
    - 2007-10-10 11:16:27 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
    + 2008-02-15 09:23:37 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
    - 2007-10-11 06:13:39 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
    + 2008-02-16 09:02:35 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
    - 2007-10-11 06:13:39 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
    + 2008-02-16 09:02:35 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
    - 2007-11-14 07:28:02 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
    + 2007-12-18 14:41:58 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
    - 2007-10-11 06:13:39 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    + 2008-02-16 09:02:35 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    + 2004-08-10 12:00:00 2,000 -c--a-w C:\WINDOWS\system32\dllcache\keyboard.drv
    + 2004-08-10 12:00:00 2,560 -c--a-w C:\WINDOWS\system32\dllcache\lz32.dll
    + 2004-08-10 12:00:00 73,680 -c--a-w C:\WINDOWS\system32\dllcache\mciavi.drv
    + 2004-08-10 12:00:00 25,280 -c--a-w C:\WINDOWS\system32\dllcache\mciseq.drv
    + 2004-08-10 12:00:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\mciwave.drv
    + 2004-08-10 12:00:00 63,744 -c--a-w C:\WINDOWS\system32\dllcache\mf.sys
    + 2004-08-10 12:00:00 2,032 -c--a-w C:\WINDOWS\system32\dllcache\mouse.drv
    - 2004-08-10 12:00:00 181,248 -c--a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
    + 2007-12-18 09:51:35 179,584 -c--a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
    - 2007-10-30 10:18:16 3,079,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    + 2008-02-16 22:32:38 3,080,704 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    - 2007-10-11 06:13:40 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    + 2008-02-16 09:02:36 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    - 2007-10-11 06:13:40 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
    + 2008-02-16 09:02:37 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
    - 2007-10-11 06:13:40 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
    + 2008-02-16 09:02:37 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
    + 2004-08-10 12:00:00 12,032 -c--a-w C:\WINDOWS\system32\dllcache\nikedrv.sys
    + 2004-08-10 12:00:00 2,944 -c--a-w C:\WINDOWS\system32\dllcache\null.sys
    - 2007-05-17 11:29:50 549,376 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
    + 2007-12-04 18:41:36 550,912 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
    + 2004-08-10 12:00:00 3,456 -c--a-w C:\WINDOWS\system32\dllcache\oprghdlr.sys
    + 2004-08-10 12:00:00 25,088 -c--a-w C:\WINDOWS\system32\dllcache\pciidex.sys
    - 2007-10-11 06:13:40 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    + 2008-02-16 09:02:37 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    + 2004-08-10 12:00:00 39,552 -c--a-w C:\WINDOWS\system32\dllcache\processr.sys
    + 2004-08-10 12:00:00 12,032 -c--a-w C:\WINDOWS\system32\dllcache\rio8drv.sys
    + 2004-08-10 12:00:00 12,032 -c--a-w C:\WINDOWS\system32\dllcache\riodrv.sys
    + 2004-08-10 12:00:00 96,256 -c--a-w C:\WINDOWS\system32\dllcache\scsiport.sys
    - 2007-10-11 06:13:40 1,495,040 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
    + 2008-02-16 09:02:38 1,495,040 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
    - 2007-10-11 06:13:41 474,624 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
    + 2008-02-16 09:02:38 474,624 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
    + 2004-08-10 12:00:00 25,472 -c--a-w C:\WINDOWS\system32\dllcache\sonydcam.sys
    + 2004-08-10 12:00:00 1,744 -c--a-w C:\WINDOWS\system32\dllcache\sound.drv
    + 2004-08-10 12:00:00 3,360 -c--a-w C:\WINDOWS\system32\dllcache\system.drv
    + 2004-08-10 12:00:00 4,096 -c--a-w C:\WINDOWS\system32\dllcache\timer.drv
    + 2004-08-10 12:00:00 21,376 -c--a-w C:\WINDOWS\system32\dllcache\tsbvcap.sys
    + 2004-08-10 12:00:00 12,416 -c--a-w C:\WINDOWS\system32\dllcache\tunmp.sys
    - 2007-10-11 06:13:41 617,472 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    + 2008-02-16 09:02:39 617,984 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    + 2004-08-10 12:00:00 23,808 -c--a-w C:\WINDOWS\system32\dllcache\usbcamd.sys
    + 2004-08-10 12:00:00 23,936 -c--a-w C:\WINDOWS\system32\dllcache\usbcamd2.sys
    + 2004-08-10 12:00:00 16,000 -c--a-w C:\WINDOWS\system32\dllcache\usbintel.sys
    - 2004-08-10 12:00:00 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
    + 2007-12-18 14:41:59 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
    + 2004-08-10 12:00:00 2,176 -c--a-w C:\WINDOWS\system32\dllcache\vga.drv
    + 2004-08-10 12:00:00 13,600 -c--a-w C:\WINDOWS\system32\dllcache\wfwnet.drv
    - 2007-03-08 15:33:58 1,843,712 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
    + 2008-03-20 08:09:22 1,845,376 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
    - 2007-10-11 06:13:41 663,552 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
    + 2008-02-16 09:02:39 663,552 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
    + 2004-08-10 12:00:00 2,864 -c--a-w C:\WINDOWS\system32\dllcache\winsock.dll
    + 2004-08-10 12:00:00 146,944 -c--a-w C:\WINDOWS\system32\dllcache\winspool.drv
    + 2004-08-10 12:00:00 2,112 -c--a-w C:\WINDOWS\system32\dllcache\winspool.exe
    + 2004-08-10 12:00:00 2,736 -c--a-w C:\WINDOWS\system32\dllcache\wowdeb.exe
    + 2004-08-10 12:00:00 3,200 -c--a-w C:\WINDOWS\system32\dllcache\wowfax.dll
    - 2006-06-26 17:41:32 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
    + 2008-02-20 05:35:05 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
    + 2008-03-29 17:26:52 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    + 2008-03-29 17:35:49 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
    + 2008-01-17 15:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    + 2008-03-29 17:35:21 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    + 2008-03-29 17:29:08 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    + 2008-03-29 17:31:34 75,856 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
    + 2008-03-29 17:27:33 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    + 2004-08-10 12:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
    - 2004-08-10 12:00:00 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
    + 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
    + 2004-08-10 12:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
    - 2007-10-11 06:13:39 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
    + 2008-02-16 09:02:34 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
    - 2007-10-11 06:13:39 205
    19 Avril 2008 18:57:21

    Re,

    Le rapport est incomplet, il ne tient pas en un seul message.

    Poste la suite dans un autre message :p 
    21 Avril 2008 12:54:53

    décidément !!! voila la suite de combofix et le rapport hijack :

    - 2007-10-11 06:13:39 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    + 2008-02-16 09:02:34 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    - 2007-10-11 06:13:39 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    + 2008-02-16 09:02:35 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    - 2007-10-11 06:13:39 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    + 2008-02-16 09:02:35 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    + 2004-08-10 12:00:00 12,416 -c--a-w C:\WINDOWS\system32\dllcache\fsvga.sys
    - 2007-06-19 13:32:25 282,112 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
    + 2008-02-20 06:51:00 282,624 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
    + 2004-08-10 02:47:52 17,024 -c--a-w C:\WINDOWS\system32\dllcache\hidir.sys
    - 2007-10-10 11:16:27 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
    + 2008-02-15 09:23:37 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
    - 2007-10-11 06:13:39 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
    + 2008-02-16 09:02:35 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
    - 2007-10-11 06:13:39 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
    + 2008-02-16 09:02:35 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
    - 2007-11-14 07:28:02 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
    + 2007-12-18 14:41:58 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
    - 2007-10-11 06:13:39 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    + 2008-02-16 09:02:35 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    + 2004-08-10 12:00:00 2,000 -c--a-w C:\WINDOWS\system32\dllcache\keyboard.drv
    + 2004-08-10 12:00:00 2,560 -c--a-w C:\WINDOWS\system32\dllcache\lz32.dll
    + 2004-08-10 12:00:00 73,680 -c--a-w C:\WINDOWS\system32\dllcache\mciavi.drv
    + 2004-08-10 12:00:00 25,280 -c--a-w C:\WINDOWS\system32\dllcache\mciseq.drv
    + 2004-08-10 12:00:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\mciwave.drv
    + 2004-08-10 12:00:00 63,744 -c--a-w C:\WINDOWS\system32\dllcache\mf.sys
    + 2004-08-10 12:00:00 2,032 -c--a-w C:\WINDOWS\system32\dllcache\mouse.drv
    - 2004-08-10 12:00:00 181,248 -c--a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
    + 2007-12-18 09:51:35 179,584 -c--a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
    - 2007-10-30 10:18:16 3,079,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    + 2008-02-16 22:32:38 3,080,704 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    - 2007-10-11 06:13:40 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    + 2008-02-16 09:02:36 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    - 2007-10-11 06:13:40 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
    + 2008-02-16 09:02:37 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
    - 2007-10-11 06:13:40 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
    + 2008-02-16 09:02:37 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
    + 2004-08-10 12:00:00 12,032 -c--a-w C:\WINDOWS\system32\dllcache\nikedrv.sys
    + 2004-08-10 12:00:00 2,944 -c--a-w C:\WINDOWS\system32\dllcache\null.sys
    - 2007-05-17 11:29:50 549,376 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
    + 2007-12-04 18:41:36 550,912 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
    + 2004-08-10 12:00:00 3,456 -c--a-w C:\WINDOWS\system32\dllcache\oprghdlr.sys
    + 2004-08-10 12:00:00 25,088 -c--a-w C:\WINDOWS\system32\dllcache\pciidex.sys
    - 2007-10-11 06:13:40 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    + 2008-02-16 09:02:37 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    + 2004-08-10 12:00:00 39,552 -c--a-w C:\WINDOWS\system32\dllcache\processr.sys
    + 2004-08-10 12:00:00 12,032 -c--a-w C:\WINDOWS\system32\dllcache\rio8drv.sys
    + 2004-08-10 12:00:00 12,032 -c--a-w C:\WINDOWS\system32\dllcache\riodrv.sys
    + 2004-08-10 12:00:00 96,256 -c--a-w C:\WINDOWS\system32\dllcache\scsiport.sys
    - 2007-10-11 06:13:40 1,495,040 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
    + 2008-02-16 09:02:38 1,495,040 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
    - 2007-10-11 06:13:41 474,624 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
    + 2008-02-16 09:02:38 474,624 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
    + 2004-08-10 12:00:00 25,472 -c--a-w C:\WINDOWS\system32\dllcache\sonydcam.sys
    + 2004-08-10 12:00:00 1,744 -c--a-w C:\WINDOWS\system32\dllcache\sound.drv
    + 2004-08-10 12:00:00 3,360 -c--a-w C:\WINDOWS\system32\dllcache\system.drv
    + 2004-08-10 12:00:00 4,096 -c--a-w C:\WINDOWS\system32\dllcache\timer.drv
    + 2004-08-10 12:00:00 21,376 -c--a-w C:\WINDOWS\system32\dllcache\tsbvcap.sys
    + 2004-08-10 12:00:00 12,416 -c--a-w C:\WINDOWS\system32\dllcache\tunmp.sys
    - 2007-10-11 06:13:41 617,472 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    + 2008-02-16 09:02:39 617,984 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    + 2004-08-10 12:00:00 23,808 -c--a-w C:\WINDOWS\system32\dllcache\usbcamd.sys
    + 2004-08-10 12:00:00 23,936 -c--a-w C:\WINDOWS\system32\dllcache\usbcamd2.sys
    + 2004-08-10 12:00:00 16,000 -c--a-w C:\WINDOWS\system32\dllcache\usbintel.sys
    - 2004-08-10 12:00:00 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
    + 2007-12-18 14:41:59 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
    + 2004-08-10 12:00:00 2,176 -c--a-w C:\WINDOWS\system32\dllcache\vga.drv
    + 2004-08-10 12:00:00 13,600 -c--a-w C:\WINDOWS\system32\dllcache\wfwnet.drv
    - 2007-03-08 15:33:58 1,843,712 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
    + 2008-03-20 08:09:22 1,845,376 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
    - 2007-10-11 06:13:41 663,552 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
    + 2008-02-16 09:02:39 663,552 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
    + 2004-08-10 12:00:00 2,864 -c--a-w C:\WINDOWS\system32\dllcache\winsock.dll
    + 2004-08-10 12:00:00 146,944 -c--a-w C:\WINDOWS\system32\dllcache\winspool.drv
    + 2004-08-10 12:00:00 2,112 -c--a-w C:\WINDOWS\system32\dllcache\winspool.exe
    + 2004-08-10 12:00:00 2,736 -c--a-w C:\WINDOWS\system32\dllcache\wowdeb.exe
    + 2004-08-10 12:00:00 3,200 -c--a-w C:\WINDOWS\system32\dllcache\wowfax.dll
    - 2006-06-26 17:41:32 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
    + 2008-02-20 05:35:05 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
    + 2008-03-29 17:26:52 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    + 2008-03-29 17:35:49 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
    + 2008-01-17 15:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    + 2008-03-29 17:35:21 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    + 2008-03-29 17:29:08 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    + 2008-03-29 17:31:34 75,856 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
    + 2008-03-29 17:27:33 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    + 2004-08-10 12:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
    - 2004-08-10 12:00:00 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
    + 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
    + 2004-08-10 12:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
    - 2007-10-11 06:13:39 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
    + 2008-02-16 09:02:34 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
    - 2007-10-11 06:13:39 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
    + 2008-02-16 09:02:35 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
    - 2005-09-01 06:13:34 21,892 -c--a-w C:\WINDOWS\system32\emptyregdb.dat
    + 2008-02-02 00:42:04 35,076 -c--a-w C:\WINDOWS\system32\emptyregdb.dat
    - 2007-10-11 06:13:39 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
    + 2008-02-16 09:02:35 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
    - 1999-01-12 21:54:26 1,109,264 ----a-w C:\WINDOWS\system32\FM20.DLL
    + 2006-10-26 13:10:08 1,190,688 ----a-w C:\WINDOWS\system32\FM20.DLL
    + 2006-10-26 13:10:06 33,088 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
    - 1999-03-29 14:11:04 29,456 ----a-w C:\WINDOWS\system32\FM20FRA.DLL
    + 2006-10-26 13:42:36 36,160 ----a-w C:\WINDOWS\system32\FM20FRA.DLL
    - 2007-12-08 14:39:04 181,832 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
    + 2008-04-10 20:20:28 300,440 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
    - 2007-10-11 06:13:39 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
    + 2008-02-16 09:02:35 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
    - 2007-10-11 06:13:39 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
    + 2008-02-16 09:02:35 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
    - 2007-09-24 20:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
    + 2008-02-22 00:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
    - 2007-09-24 20:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
    + 2008-02-22 00:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
    - 2007-09-24 21:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
    + 2008-02-22 01:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
    - 2007-11-14 07:28:02 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
    + 2007-12-18 14:41:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
    - 2007-10-11 06:13:39 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
    + 2008-02-16 09:02:35 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
    + 2004-08-10 12:00:00 2,000 ----a-w C:\WINDOWS\system32\keyboard.drv
    + 2004-08-10 12:00:00 224,448 ----a-w C:\WINDOWS\system32\lanman.drv
    - 2007-03-15 16:19:28 1,476,992 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
    + 2008-03-20 16:06:36 1,480,232 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL
    + 2004-08-10 12:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
    + 2007-11-20 15:52:00 2,884,992 -c--a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    + 2007-11-20 15:52:00 218,496 -c--a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
    + 2004-08-10 12:00:00 73,680 ----a-w C:\WINDOWS\system32\mciavi.drv
    + 2004-08-10 12:00:00 25,280 ----a-w C:\WINDOWS\system32\mciseq.drv
    + 2004-08-10 12:00:00 28,160 ----a-w C:\WINDOWS\system32\mciwave.drv
    + 2004-08-10 12:00:00 2,032 ----a-w C:\WINDOWS\system32\mouse.drv
    + 2004-08-10 12:00:00 20,992 ----a-w C:\WINDOWS\system32\msacm32.drv
    + 2004-08-10 12:00:00 188,416 ----a-w C:\WINDOWS\system32\msh261.drv
    + 2004-08-03 22:55:04 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
    - 2007-10-30 10:18:16 3,079,680 ----a-w C:\WINDOWS\system32\mshtml.dll
    + 2008-02-16 22:32:38 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
    - 2007-10-11 06:13:40 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
    + 2008-02-16 09:02:36 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
    - 2007-10-11 06:13:40 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
    + 2008-02-16 09:02:37 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
    - 1998-08-09 18:07:32 118,784 -c--a-w C:\WINDOWS\system32\MSSTDFMT.DLL
    + 2006-07-24 09:50:38 125,744 ----a-w C:\WINDOWS\system32\MSSTDFMT.DLL
    - 2007-10-11 06:13:40 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
    + 2008-02-16 09:02:37 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
    + 2004-08-10 12:00:00 2,656 -c--a-w C:\WINDOWS\system32\netware.drv
    - 2007-05-17 11:29:50 549,376 ----a-w C:\WINDOWS\system32\oleaut32.dll
    + 2007-12-04 18:41:36 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
    - 2007-03-24 10:27:16 53,770 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-04-11 10:17:53 53,770 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2007-03-17 13:59:51 64,922 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-04-11 10:17:53 64,922 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2007-03-24 10:27:16 382,026 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-04-11 10:17:53 382,026 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2007-03-17 13:59:51 447,222 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-04-11 10:17:53 447,222 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-03-09 11:12:40 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
    + 2008-03-09 11:12:41 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
    + 2008-03-09 11:12:41 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
    - 2007-10-11 06:13:40 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
    + 2008-02-16 09:02:37 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
    - 2005-03-30 13:55:24 339,968 -c--a-w C:\WINDOWS\system32\Px.dll
    + 2008-02-21 02:05:38 551,672 -c----w C:\WINDOWS\system32\Px.dll
    + 2008-02-21 02:05:38 66,296 ------w C:\WINDOWS\system32\pxcpya64.exe
    - 2005-10-31 01:01:00 442,368 -c--a-w C:\WINDOWS\system32\pxdrv.dll
    + 2008-02-21 02:05:38 518,904 -c----w C:\WINDOWS\system32\pxdrv.dll
    + 2008-02-21 02:05:40 72,440 ------w C:\WINDOWS\system32\pxhpinst.exe
    + 2008-02-21 02:05:38 64,760 ------w C:\WINDOWS\system32\pxinsa64.exe
    - 2005-03-30 13:54:30 172,032 -c--a-w C:\WINDOWS\system32\PxMas.dll
    + 2008-02-21 02:05:40 187,128 -c----w C:\WINDOWS\system32\PxMas.dll
    - 2005-03-30 13:58:32 1,077,248 -c--a-w C:\WINDOWS\system32\PxSFS.DLL
    + 2008-02-21 02:05:38 1,628,920 -c----w C:\WINDOWS\system32\PxSFS.DLL
    - 2005-03-30 13:54:02 339,968 -c--a-w C:\WINDOWS\system32\PxWave.dll
    + 2008-02-21 02:05:38 379,640 -c----w C:\WINDOWS\system32\PxWave.dll
    - 2008-01-16 20:56:52 8,013,036 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
    + 2008-04-11 19:53:52 221,876 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
    + 2008-03-09 11:12:57 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll
    - 2007-10-11 06:13:40 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
    + 2008-02-16 09:02:38 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
    - 2007-10-11 06:13:41 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
    + 2008-02-16 09:02:38 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
    + 2004-08-10 12:00:00 1,744 ----a-w C:\WINDOWS\system32\sound.drv
    + 2004-08-10 12:00:00 3,360 ----a-w C:\WINDOWS\system32\system.drv
    + 2004-08-10 12:00:00 4,096 ----a-w C:\WINDOWS\system32\timer.drv
    - 2007-10-11 06:13:41 617,472 ----a-w C:\WINDOWS\system32\urlmon.dll
    + 2008-02-16 09:02:39 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
    - 2004-08-10 12:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
    + 2007-12-18 14:41:59 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
    + 2004-08-10 12:00:00 2,176 ----a-w C:\WINDOWS\system32\vga.drv
    - 2005-08-12 01:00:00 28,672 ----a-w C:\WINDOWS\system32\VXBLOCK.dll
    + 2008-02-21 02:05:38 88,824 ----a-w C:\WINDOWS\system32\vxblock.dll
    + 2004-08-10 12:00:00 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
    + 2004-08-10 12:00:00 13,600 ----a-w C:\WINDOWS\system32\wfwnet.drv
    + 2002-11-06 01:45:32 327,680 ----a-w C:\WINDOWS\system32\windows media\server\wmsservertypelib.dll
    + 2004-08-10 12:00:00 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
    + 2004-08-10 12:00:00 146,944 ----a-w C:\WINDOWS\system32\winspool.drv
    + 2004-08-10 12:00:00 2,112 ----a-w C:\WINDOWS\system32\winspool.exe
    + 2002-11-06 01:10:14 167,936 ----a-w C:\WINDOWS\system32\wmserror.dll
    + 2004-08-10 12:00:00 2,736 ----a-w C:\WINDOWS\system32\wowdeb.exe
    - 2007-10-29 15:35:14 121,856 ----a-w C:\WINDOWS\system32\xpsp3res.dll
    + 2008-02-15 23:03:14 370,176 ----a-w C:\WINDOWS\system32\xpsp3res.dll
    + 2000-08-31 06:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
    + 2006-10-26 12:40:34 95,744 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
    + 2006-10-26 12:40:36 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
    + 2006-10-26 12:40:36 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
    + 2006-10-26 12:40:36 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
    + 2006-10-26 12:40:36 1,093,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
    + 2006-10-26 12:40:36 1,079,808 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
    + 2006-10-26 12:40:36 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
    + 2006-10-26 12:40:36 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
    + 2006-10-26 12:40:36 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
    + 2006-10-26 12:40:36 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
    + 2006-10-26 12:40:36 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
    + 2006-10-26 12:40:36 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
    + 2006-10-26 12:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
    + 2006-10-26 12:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
    + 2006-10-26 12:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
    + 2006-10-26 12:40:36 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
    + 2006-10-26 12:40:36 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
    + 2000-08-31 06:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 10:41 68856]
    "DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-07-16 23:29 389120]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
    "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-12 20:07 288576]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 20:48 761947]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 01:30 282624 C:\WINDOWS\stsystra.exe]
    "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2006-08-22 17:32 184320]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 11:28 667718]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 11:28 602182]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-11 21:53 1838592]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 16:01 67584]
    "DMXLauncher"="C:\Program Files\Sonic\Sonic Solutions Product CD\Media Experience\DMXLauncher.exe" [2004-10-20 02:01 86016]
    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 07:20 122940]
    "CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 17:57 57344]
    "Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-08-14 16:20 462336]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-15 17:20 77824]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-03-30 20:00 138008]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-03-30 20:00 162584]
    "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-03-30 19:59 138008]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 06:03 221184]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-03-09 13:12 185896]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-11-16 12:30:06 24576]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ComPlusSetup]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUnmKax]
    wvUnmKax.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001


    *Newly Created Service* - MDMXSDK
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-20 14:16:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    "2008-04-19 00:14:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    "2008-04-18 13:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
    - C:\Program Files\Norton Security Scan\Nss.exe
    "2008-04-20 13:00:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-20 16:28:52
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...


    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bxxuyoem]
    "ImagePath"="system32\drivers\nxhtnxme.dat"
    .
    Temps d'accomplissement: 2008-04-20 16:30:59
    ComboFix-quarantined-files.txt 2008-04-20 14:29:56

    Pre-Run: 27,269,341,184 octets libres
    Post-Run: 27,257,274,368 octets libres

    1006 --- E O F --- 2008-04-10 19:53:04



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:53:36, on 22/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Sonic\Sonic Solutions Product CD\Media Experience\DMXLauncher.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Creative\Mixer\CTSVolFE.exe
    C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://secure.caramail.lycos.fr/services/signin/mail.js...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: (no name) - {49D8D988-6D77-4E24-8A27-914FBCCC782F} - (no file)
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Sonic\Sonic Solutions Product CD\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-21-3361232125-835192129-3529576560-1005\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
    O4 - HKUS\S-1-5-21-3361232125-835192129-3529576560-1005\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Farm Frenzy\Images\stg_drm.ocx
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Farm Frenzy\Images\armhelper.ocx
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: wvUnmKax - wvUnmKax.dll (file missing)
    O21 - SSODL: AvpUnknown - {80b16cef-1d34-45a6-8361-48947811abf6} - (no file)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 11908 bytes
    21 Avril 2008 19:09:52

    Re,

    Analyse des rapports et réponse demain ;) 

    A demain :hello: 
    22 Avril 2008 15:37:14

    :hello: 

    Désactive toute protection résidente ( antivirus…) !

    Copie le texte se situant dans le cadre ci-dessous, sans le mot citation :

    Citation :
    Driver::
    bxxuyoem

    File::
    C:\WINDOWS\system32\urxsnulw.ini
    C:\WINDOWS\system32\qiksinyg.ini
    C:\WINDOWS\system32\racwsyul.ini
    C:\WINDOWS\system32\drivers\nxhtnxme.dat

    Folder::
    C:\Documents and Settings\All Users\Application Data\bybmpqhq

    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUnmKax]



    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :



    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un nouveau rapport Hijackthis.
    S'il n'y a pas de redémarrage, poste quand même les rapports.

    ;) 
    22 Avril 2008 20:18:07

    ComboFix 08-04-18.3 - moumoune 2008-04-23 20:01:32.18 - NTFSx86

    Endroit: C:\Documents and Settings\moumoune.WESHWESH\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\moumoune.WESHWESH\Bureau\CFScript.txt

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\system32\drivers\nxhtnxme.dat
    C:\WINDOWS\system32\qiksinyg.ini
    C:\WINDOWS\system32\racwsyul.ini
    C:\WINDOWS\system32\urxsnulw.ini
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\bybmpqhq
    C:\WINDOWS\system32\qiksinyg.ini
    C:\WINDOWS\system32\racwsyul.ini
    C:\WINDOWS\system32\urxsnulw.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BXXUYOEM
    -------\Service_bxxuyoem


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-23 to 2008-04-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-19 13:05 . 2008-04-19 13:05 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-04-19 12:55 . 2008-04-19 15:17 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-19 12:55 . 2008-04-19 12:55 <REP> d-------- C:\Documents and Settings\moumoune.WESHWESH\Application Data\Malwarebytes
    2008-04-19 12:55 . 2008-04-19 12:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-18 21:33 . 2008-04-19 12:42 <REP> d-------- C:\VundoFix Backups
    2008-04-18 17:32 . 2008-04-18 17:32 <REP> d-------- C:\WINDOWS\system32\892267
    2008-04-11 21:40 . 2008-04-11 21:40 335 --a------ C:\WINDOWS\mozregistry.dat
    2008-04-11 01:04 . 2008-04-11 01:04 <REP> d-------- C:\Documents and Settings\moumoune.WESHWESH\Application Data\TmpRecentIcons
    2008-04-10 23:39 . 2008-04-10 23:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Legacy Interactive
    2008-04-10 23:38 . 2008-04-10 23:38 0 --ah----- C:\WINDOWS\SwSys2.bmp
    2008-04-10 23:38 . 2008-04-10 23:38 0 --ah----- C:\WINDOWS\SwSys1.bmp
    2008-03-30 15:59 . 2008-04-22 19:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-03-30 15:59 . 2008-03-30 15:59 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-03-30 01:26 . 2008-03-30 14:04 <REP> d-------- C:\SphinxME

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-23 18:05 --------- d-----w C:\Documents and Settings\moumoune.WESHWESH\Application Data\DNA
    2008-04-19 19:02 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-04-19 19:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-10 23:31 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-10 23:30 --------- d-----w C:\Program Files\SpywareBlaster
    2008-04-10 22:52 --------- d-----w C:\Program Files\bfgclient
    2008-04-10 22:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
    2008-04-10 22:35 0 ----a-w C:\Program Files\temp01
    2008-04-10 21:24 --------- d-----w C:\Program Files\Legacy Interactive
    2008-04-03 18:49 1,142 ----a-w C:\Documents and Settings\moumoune.WESHWESH\Application Data\wklnhst.dat
    2008-04-02 16:58 --------- d-----w C:\Documents and Settings\moumoune.WESHWESH\Application Data\Sphinx
    2008-03-23 23:23 --------- d-----w C:\Program Files\Java
    2008-03-12 17:03 --------- d-----w C:\Program Files\Microsoft Works
    2008-03-12 17:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-03-12 15:20 --------- d-----w C:\Documents and Settings\moumoune.WESHWESH\Application Data\OpenOffice.org2
    2008-03-12 09:41 --------- d-----w C:\Program Files\NRJ
    2008-03-12 08:59 --------- d-----w C:\Program Files\Windows Media Components
    2008-03-11 08:42 --------- d-----w C:\Documents and Settings\moumoune.WESHWESH\Application Data\DivX
    2008-03-10 01:48 --------- d-----w C:\Documents and Settings\moumoune.WESHWESH\Application Data\LimeWire
    2008-03-10 01:32 --------- d-----w C:\Program Files\DivX
    2008-03-09 11:13 --------- d-----w C:\Program Files\Fichiers communs\xing shared
    2008-03-09 11:13 --------- d-----w C:\Program Files\Fichiers communs\Real
    2008-03-08 14:53 --------- d-----w C:\Program Files\DNA
    2008-03-08 14:52 --------- d-----w C:\Program Files\Windows Live
    2008-03-08 14:52 --------- d-----w C:\Program Files\ContextEnhancer
    2008-03-08 14:52 --------- d-----w C:\Documents and Settings\moumoune.WESHWESH\Application Data\BitTorrent
    2008-03-08 14:39 --------- d-----w C:\Program Files\Chocolatier 2 Secret Ingredients DeLEGiON
    2008-03-08 12:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
    2008-03-08 00:34 --------- d-----w C:\Program Files\Real
    2008-03-01 00:10 --------- d-----w C:\Program Files\Ubi Soft
    2008-02-29 01:07 --------- d-----w C:\Documents and Settings\moumoune.WESHWESH\Application Data\PlayFirst
    2008-02-29 01:03 --------- d-----w C:\Program Files\Zylom Games
    2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-01-12 17:58 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
    2006-11-24 13:59 251 -c--a-w C:\Program Files\wt3d.ini
    2007-12-08 14:28 168 --sh--r C:\WINDOWS\system32\7EF1021042.sys
    2007-12-08 14:28 5,954 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( snapshot_2008-04-20_16.29.38.46 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-20 14:19:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-23 18:07:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-23 18:07:19 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_7f8.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 10:41 68856]
    "DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-07-16 23:29 389120]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
    "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-12 20:07 288576]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 20:48 761947]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 01:30 282624 C:\WINDOWS\stsystra.exe]
    "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2006-08-22 17:32 184320]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 11:28 667718]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 11:28 602182]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-11 21:53 1838592]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 16:01 67584]
    "DMXLauncher"="C:\Program Files\Sonic\Sonic Solutions Product CD\Media Experience\DMXLauncher.exe" [2004-10-20 02:01 86016]
    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 07:20 122940]
    "CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 17:57 57344]
    "Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-08-14 16:20 462336]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [ ]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-15 17:20 77824]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-03-30 20:00 138008]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-03-30 20:00 162584]
    "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-03-30 19:59 138008]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 06:03 221184]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-03-09 13:12 185896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ComPlusSetup]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\DNA\\btdna.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=


    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-04-23 17:16:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    "2008-04-23 00:14:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    "2008-04-18 13:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
    - C:\Program Files\Norton Security Scan\Nss.exe
    "2008-04-23 18:00:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:16, on 2008-04-23
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Sonic\Sonic Solutions Product CD\Media Experience\DMXLauncher.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Creative\Mixer\CTSVolFE.exe
    C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://secure.caramail.lycos.fr/services/signin/mail.js...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: (no name) - {49D8D988-6D77-4E24-8A27-914FBCCC782F} - (no file)
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Sonic\Sonic Solutions Product CD\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-21-3361232125-835192129-3529576560-1005\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
    O4 - HKUS\S-1-5-21-3361232125-835192129-3529576560-1005\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Farm Frenzy\Images\stg_drm.ocx
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Farm Frenzy\Images\armhelper.ocx
    O21 - SSODL: AvpUnknown - {80b16cef-1d34-45a6-8361-48947811abf6} - (no file)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 11491 bytes
    22 Avril 2008 20:19:43

    et j'aimerais savoir si le logiciel Betclic poker était infecté par un virus. Car il a été desinstallé. J'aimerais savoir si je peux le réinstaller. Merci!!
    23 Avril 2008 14:07:21

    Citation :
    et j'aimerais savoir si le logiciel Betclic poker était infecté par un virus.


    C'est un fichier espion en lui-même. Je te déconseille de le réinstaller, sauf si tu acceptes qu'on utilises certaines de tes données privées à ton insue :) 

    Rends toi sur ce lien : Virus Total
  • Clique sur Parcourir
  • Rends toi jusque sur ce fichier si tu le trouves :

    C:\WINDOWS\SwSys2.bmp

  • Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image :
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
    Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.

    ;) 
    23 Avril 2008 15:25:08

    il m'affiche une nouvelle fenêtre avec ceci :


    0 bytes size received / Se ha recibido un archivo vacio
    23 Avril 2008 17:08:43

    Re,

    Télécharge IceSword (de pjf_)


  • Dézippe le sur ton bureau.
  • Ouvre le dossier qui vient d'être créé
  • Double-clique sur IceSword
  • Dans la colonne de gauche, clique sur File
  • Clique sur la croix de Local Disk ( C: )
  • Clique sur la croix de Windows
  • Recherche le fichier suivant SwSys2.bmp
  • Une fois trouvé, clique-droit dessus, choisis Copie to...
  • Nomme le "SwS.bmp" et enregistre le sur ton Bureau.
  • Ferme IceSword.

    Fais analyser le fichier SwS.bmp présent sur ton bureau par virus total. Poste-moi le rapport.

    ;) 
    23 Avril 2008 17:29:36

    0 bytes size received / Se ha recibido un archivo vacio


    dslé!!
    23 Avril 2008 17:43:23

    Re,

    Clique sur démarrer --> exécuter, tape CMD puis valide par ok.
    Tape la commande suivante et fais-moi un copier/coller du résultat dans ta prochaine réponse.

    dir /a "%windir%\SwSys2.bmp"


    ;) 
    23 Avril 2008 17:53:45

    Microsoft Windows XP [version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\moumoune.WESHWESH>dir /a "%windir%\SwSys2.bmp"
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est B4EE-E5E6

    Répertoire de C:\WINDOWS

    2008-04-10 23:38 0 SwSys2.bmp
    1 fichier(s) 0 octets
    0 Rép(s) 25,855,418,368 octets libres

    23 Avril 2008 18:18:01

    Re,

    On va vérifier un dernier truc mais ça ne me semble pas néfaste :) 

    Comment va le PC ? Toujours des problèmes ?

    Télécharge OAD (de !aur3n7)
    http://sosvirus.changelog.fr/OAD.exe
  • Enregistre le sur ton Bureau
  • Double clique sur le OAD pour le lancer
  • Nom de fichier à rechercher tape ou fais un copier coller de : SwSys2
  • Type de recherche : sélectionne l’option 6 puis valide [entrée]
  • OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il ait terminé.
    Le rapport de recherche s'affichera automatiquement dès qu'il aura terminé.
    Fais un copier / coller de ce rapport dans ton prochain post.

    Note importante : Suivant la taille des disques dur cette recherche peut prendre plusieurs minutes. Sois patient.
    23 Avril 2008 19:25:38


    Le PC va bien!!! ça fait plaisir!!


    2008-04-24 ---- 19:23:22.48

    ----------------------------------
    §§§§§§ [SwSys2] §§§§§§
    ----------------------------------
    [X] Registre

    -------------- [ ] rapide
    -- Fichier --- [ ] disque systeme
    ------------- [X] complete


    ********************
    [Registre]
    ********************


    [HKEY_USERS\S-1-5-21-3361232125-835192129-3529576560-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
    "h"="C:\\WINDOWS\\SwSys2.bmp"

    [HKEY_USERS\S-1-5-21-3361232125-835192129-3529576560-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\bmp]
    "a"="C:\\WINDOWS\\SwSys2.bmp"

    *******************
    [Fichier]
    *******************

    c:\Documents and Settings\moumoune.WESHWESH\Recent\SwSys2.bmp.lnk
    c:\WINDOWS\SwSys2.bmp


    *********************
    [Même date]
    *********************

    [2008-04-10 ] ---> C:\WINDOWS\SwSys1.bmp
    [2008-04-10 ] ---> C:\WINDOWS\SwSys2.bmp
    [2008-04-10 ] ---> C:\WINDOWS\system32\clkcnt.txt



    Outil Aide Diagnostic By !aur3n7 Version 1.1
    ----------------------------------
    §§§§§ Fin Rapport §§§§§
    ----------------------------------


    23 Avril 2008 22:29:11

    Re,

    Oki ça me semble bon, juste par curiosité :

    Clique sur démarrer --> exécuter, tape CMD puis valide par ok.
    Colle ligne par ligne en validant entre deux (par entrée) les lignes suivantes dans la fenêtre noire qui apparaît.
    notepad "%windir%\system32\clkcnt.txt"


    Poste le contenu du fichier qui s'affiche :) 

    ;) 
    24 Avril 2008 15:11:22

    je suis désolé mais je comprend pas la notice... lol
    Déjà il n'y a qu'une seule ligne à copier, et ensuite, quand je la colle, le rapport qu'on me donne est vierge...
    24 Avril 2008 17:46:29

    Re,

    Pas de souci :p 

    Poste un nouveau rapport hijackthis qu'on fasse le point :) 
    24 Avril 2008 18:21:26

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:17, on 2008-04-25
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Sonic\Sonic Solutions Product CD\Media Experience\DMXLauncher.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Creative\Mixer\CTSVolFE.exe
    C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://secure.caramail.lycos.fr/services/signin/mail.js...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: (no name) - {49D8D988-6D77-4E24-8A27-914FBCCC782F} - (no file)
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Sonic\Sonic Solutions Product CD\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-21-3361232125-835192129-3529576560-1005\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
    O4 - HKUS\S-1-5-21-3361232125-835192129-3529576560-1005\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Farm Frenzy\Images\stg_drm.ocx
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Farm Frenzy\Images\armhelper.ocx
    O21 - SSODL: AvpUnknown - {80b16cef-1d34-45a6-8361-48947811abf6} - (no file)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 11654 bytes



    PS: j'ai réinstaller betclick poker.......................................................... J'ai pas pu m'en empêcher. Je me suis dit que s'il y a tellement de monde dessus c'est que ça doit pas être si dangereux.....
    24 Avril 2008 18:22:57

    Re,

    Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

    Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
    Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

    Télécharge et installe Antivir. (tuto)
    Pourquoi changer ? : Avast! vs Antivir
    mais aussi:
    14 antivirus au banc d'essai
    Citation :
    Antivir : le plus efficace des gratuits

    Vérifie qu’il soit bien à jour ! Fais une analyse complète en mode sans échec, sauvegarde le rapport et poste le moi.

    ;) 
    24 Avril 2008 18:32:24

    j'ai eu un problème il y a quelque temps et on m'a conseillé d'installer antivir. Seulement il y avait des problèmes, je ne pouvait plus acceder à ma boite mail.. On a tout essayer pour les régler mais rien n'a fonctionné. Est ce vraiment indispensable?
    24 Avril 2008 19:31:38

    Non :) 

  • Fais un scan en ligne Kaspersky avec Internet Explorer :
  • Clique sur
  • Clique maintenant sur J'accepte.
  • Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
  • Patiente pendant l'installation des Mises à jour.
  • Choisis par la suite l'analyse du Poste de travail
  • Sauvegarde puis colle le rapport généré en fin d'analyse.

    AIDE : Tuto sur le scan en ligne

    NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

    ;) 
    24 Avril 2008 23:14:14

    Friday, April 25, 2008 11:06:34 PM
    Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version : 5.0.83.0
    Dernière mise à jour de la base antivirus Kaspersky : 24/04/2008
    Enregistrements dans la base antivirus Kaspersky : 647796
    Paramètres d'analyse
    Analyser avec la base antivirus suivante standard
    Analyser les archives vrai
    Analyser les bases de messagerie vrai
    Cible de l'analyse Poste de travail
    C:\
    D:\
    Statistiques de l'analyse
    Total d'objets analysés 84463
    Nombre de virus trouvés 11
    Nombre d'objets infectés 41 / 0
    Nombre d'objets suspects 0
    Durée de l'analyse 01:24:50

    Nom de l'objet infecté Nom du virus Dernière action
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Desktop\8c35ed789098\dbc2e.ht1 L'objet est verrouillé ignoré
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Desktop\8c35ed789098\dbdam L'objet est verrouillé ignoré
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Desktop\8c35ed789098\dbdao L'objet est verrouillé ignoré
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Desktop\8c35ed789098\dbeam L'objet est verrouillé ignoré
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Desktop\8c35ed789098\dbeao L'objet est verrouillé ignoré
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Desktop\8c35ed789098\dbm L'objet est verrouillé ignoré
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Desktop\8c35ed789098\dbu2d.ht1 L'objet est verrouillé ignoré
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Desktop\8c35ed789098\dbvm.cf1 L'objet est verrouillé ignoré
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Desktop\8c35ed789098\dbvmh.ht1 L'objet est verrouillé ignoré
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Desktop\8c35ed789098\fii.cf1 L'objet est verrouillé ignoré
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Desktop\8c35ed789098\fiih.ht1 L'objet est verrouillé ignoré
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Desktop\8c35ed789098\hp L'objet est verrouillé ignoré
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Desktop\8c35ed789098\hpt2i.ht1 L'objet est verrouillé ignoré
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Desktop\8c35ed789098\rpm.cf1 L'objet est verrouillé ignoré
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Desktop\8c35ed789098\rpm1m.cf1 L'objet est verrouillé ignoré
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Desktop\8c35ed789098\rpm1mh.ht1 L'objet est verrouillé ignoré
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Desktop\8c35ed789098\rpmh.ht1 L'objet est verrouillé ignoré
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Desktop\8c35ed789098\safeweb\goog-black-enchashm.cf1 L'objet est verrouillé ignoré
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Desktop\8c35ed789098\safeweb\goog-black-enchashmh.ht1 L'objet est verrouillé ignoré
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Desktop\8c35ed789098\safeweb\goog-black-urlm.cf1 L'objet est verrouillé ignoré
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Desktop\8c35ed789098\safeweb\goog-black-urlmh.ht1 L'objet est verrouillé ignoré
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Desktop\8c35ed789098\safeweb\goog-malware-domainm.cf1 L'objet est verrouillé ignoré
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Desktop\8c35ed789098\safeweb\goog-malware-domainmh.ht1 L'objet est verrouillé ignoré
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Desktop\8c35ed789098\safeweb\goog-white-domainm.cf1 L'objet est verrouillé ignoré
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Desktop\8c35ed789098\safeweb\goog-white-domainmh.ht1 L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\temp\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\temp\Fichiers Internet temporaires\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\temp\History\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\moumoune.WESHWESH\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\AUPNP.log L'objet est verrouillé ignoré
    C:\Documents and Settings\moumoune.WESHWESH\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log L'objet est verrouillé ignoré
    C:\Documents and Settings\moumoune.WESHWESH\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log L'objet est verrouillé ignoré
    C:\Documents and Settings\moumoune.WESHWESH\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log L'objet est verrouillé ignoré
    C:\Documents and Settings\moumoune.WESHWESH\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.40404 Infecté : not-virus:Hoax.Win32.Agent.cg ignoré
    C:\Documents and Settings\moumoune.WESHWESH\Application Data\Mozilla\Firefox\Profiles\p4pbr8ff.default\cert8.db L'objet est verrouillé ignoré
    C:\Documents and Settings\moumoune.WESHWESH\Application Data\Mozilla\Firefox\Profiles\p4pbr8ff.default\GoogleToolbarData\googlesafebrowsing.db L'objet est verrouillé ignoré
    C:\Documents and Settings\moumoune.WESHWESH\Application Data\Mozilla\Firefox\Profiles\p4pbr8ff.default\history.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\moumoune.WESHWESH\Application Data\Mozilla\Firefox\Profiles\p4pbr8ff.default\key3.db L'objet est verrouillé ignoré
    C:\Documents and Settings\moumoune.WESHWESH\Application Data\Mozilla\Firefox\Profiles\p4pbr8ff.default\parent.lock L'objet est verrouillé ignoré
    C:\Documents and Settings\moumoune.WESHWESH\Application Data\Mozilla\Firefox\Profiles\p4pbr8ff.default\search.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\moumoune.WESHWESH\Application Data\Mozilla\Firefox\Profiles\p4pbr8ff.default\urlclassifier2.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\moumoune.WESHWESH\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\moumoune.WESHWESH\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\moumoune.WESHWESH\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\moumoune.WESHWESH\Local Settings\Application Data\Mozilla\Firefox\Profiles\p4pbr8ff.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré
    C:\Documents and Settings\moumoune.WESHWESH\Local Settings\Application Data\Mozilla\Firefox\Profiles\p4pbr8ff.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré
    C:\Documents and Settings\moumoune.WESHWESH\Local Settings\Application Data\Mozilla\Firefox\Profiles\p4pbr8ff.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré
    C:\Documents and Settings\moumoune.WESHWESH\Local Settings\Application Data\Mozilla\Firefox\Profiles\p4pbr8ff.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré
    C:\Documents and Settings\moumoune.WESHWESH\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\moumoune.WESHWESH\Local Settings\Temp\~DFF72F.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\moumoune.WESHWESH\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\moumoune.WESHWESH\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\moumoune.WESHWESH\Mes documents\Applications\Setup.exe Infecté : Trojan-Downloader.Win32.Zlob.kpu ignoré
    C:\Documents and Settings\moumoune.WESHWESH\ntuser.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\moumoune.WESHWESH\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
    C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
    C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré
    C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré
    C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
    C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré
    C:\QooBox\Quarantine\C\WINDOWS\Resources\AvpUnknown.dll.vir Infecté : Trojan.Win32.Agent.jqa ignoré
    C:\QooBox\Quarantine\C\WINDOWS\Resources\CheckWin.dll.vir Infecté : Trojan.Win32.Agent.jqa ignoré
    C:\QooBox\Quarantine\C\WINDOWS\system32\awttuSll.dll.vir Infecté : Packed.Win32.Monder.gen ignoré
    C:\QooBox\Quarantine\C\WINDOWS\system32\axgqlhmx.dll.vir Infecté : Trojan.Win32.KillAV.rf ignoré
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\nxhtnxme.dat.vir L'objet est verrouillé ignoré
    C:\QooBox\Quarantine\C\WINDOWS\system32\hxysoaiw.dll.vir Infecté : Trojan.Win32.KillAV.rf ignoré
    C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP106\A0036117.dll Infecté : Trojan-Dropper.Win32.Agent.qfy ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP106\A0036127.dll Infecté : Trojan-Dropper.Win32.Agent.qfy ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP107\A0037262.dll Infecté : Packed.Win32.Monder.gen ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP108\A0038411.dll Infecté : Packed.Win32.Monder.gen ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP109\A0039571.dll Infecté : Packed.Win32.Monder.gen ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP109\A0039587.dll Infecté : Trojan-Downloader.Win32.Zlob.lqb ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP109\A0039588.exe Infecté : Trojan-Downloader.Win32.Zlob.lka ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP109\A0039612.dll Infecté : Trojan-Downloader.Win32.Zlob.lqb ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP109\A0039613.exe Infecté : Trojan-Downloader.Win32.Zlob.lka ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP109\A0039629.dll Infecté : Packed.Win32.Monder.gen ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP109\A0039640.dll Infecté : Trojan-Downloader.Win32.Zlob.lqb ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP109\A0039641.exe Infecté : Trojan-Downloader.Win32.Zlob.lka ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP109\A0040668.dll Infecté : Trojan-Downloader.Win32.Zlob.lqb ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP109\A0040669.exe Infecté : Trojan-Downloader.Win32.Zlob.lka ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP110\A0040700.dll Infecté : Trojan-Downloader.Win32.Zlob.lqb ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP110\A0040701.exe Infecté : Trojan-Downloader.Win32.Zlob.lka ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP110\A0040729.dll Infecté : Trojan-Downloader.Win32.Zlob.lqb ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP110\A0040730.exe Infecté : Trojan-Downloader.Win32.Zlob.lka ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP110\A0040759.dll Infecté : Packed.Win32.Monder.gen ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP110\A0040761.dll Infecté : Packed.Win32.Monder.gen ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP110\A0040763.dll Infecté : Packed.Win32.Monder.gen ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP110\A0040765.dll Infecté : Trojan-Downloader.Win32.Zlob.lqb ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP110\A0040766.exe Infecté : Trojan-Downloader.Win32.Zlob.ljz ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP110\A0040767.exe Infecté : Trojan-Downloader.Win32.Zlob.lka ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP110\A0040768.exe Infecté : not-virus:Hoax.Win32.Gavec.bc ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP110\A0040769.dll Infecté : not-virus:Hoax.Win32.Agent.cg ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP110\A0040770.exe Infecté : Trojan-Downloader.Win32.Obfuscated.ra ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP110\A0040863.dll Infecté : Packed.Win32.Monder.gen ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP110\A0040967.dll Infecté : Trojan.Win32.KillAV.rf ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP110\A0040968.dll Infecté : Trojan.Win32.KillAV.rf ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP110\A0040969.dll Infecté : Trojan.Win32.Agent.jqa ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP110\A0040970.dll Infecté : Trojan.Win32.Agent.jqa ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP110\A0040971.dll Infecté : Packed.Win32.Monder.gen ignoré
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP118\change.log L'objet est verrouillé ignoré
    C:\VundoFix Backups\sgmaohsm.dll.bad Infecté : Packed.Win32.Monder.gen ignoré
    C:\WINDOWS\CSC\00000001 L'objet est verrouillé ignoré
    C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt L'objet est verrouillé ignoré
    C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{EF4F516B-0D35-47B7-966C-CA7C79CD7370}.crmlog L'objet est verrouillé ignoré
    C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
    C:\WINDOWS\SoftwareDistribution\EventCache\{B0B045F7-79F7-4F17-8858-85A3C688109B}.bin L'objet est verrouillé ignoré
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
    C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\DEFAULT.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\Media Ce.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\ODiag.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\OSession.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\sam L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\security L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SOFTWARE.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SYSTEM.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
    C:\WINDOWS\TEMP\Perflib_Perfdata_7f0.dat L'objet est verrouillé ignoré
    C:\WINDOWS\TEMP\_avast4_\Webshlock.txt L'objet est verrouillé ignoré
    C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
    C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
    C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
    Analyse terminée.
    25 Avril 2008 10:41:50

    Re,

    Supprime le fichier en gras suivant :

    C:\Documents and Settings\moumoune.WESHWESH\Mes documents\Applications\Setup.exe

    Poste un nouveau rapport hijackthis.

    ;) 
    25 Avril 2008 18:42:56

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:38, on 2008-04-26
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Sonic\Sonic Solutions Product CD\Media Experience\DMXLauncher.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Creative\Mixer\CTSVolFE.exe
    C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\DNA\btdna.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\BetClic Poker\poker.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: (no name) - {49D8D988-6D77-4E24-8A27-914FBCCC782F} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Sonic\Sonic Solutions Product CD\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-21-3361232125-835192129-3529576560-1005\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
    O4 - HKUS\S-1-5-21-3361232125-835192129-3529576560-1005\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (User '?')
    O4 - HKUS\S-1-5-21-3361232125-835192129-3529576560-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Farm Frenzy\Images\stg_drm.ocx
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Farm Frenzy\Images\armhelper.ocx
    O21 - SSODL: AvpUnknown - {80b16cef-1d34-45a6-8361-48947811abf6} - (no file)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 12050 bytes

    26 Avril 2008 12:40:12

    Re,

    Relance HijackThis (clique droit -> lancer en tant qu'adminstrateur sous Vista), clique sur "do a system scan only", coche ces lignes ( si présentes ) puis clique sur "Fix Checked" et referme HijackThis :

    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Farm Frenzy\Images\stg_drm.ocx
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Farm Frenzy\Images\armhelper.ocx
    O21 - SSODL: AvpUnknown - {80b16cef-1d34-45a6-8361-48947811abf6} - (no file)


    *********************************************************

    C’est OK, tu ne seras plus infecté(e) quand tu auras fait TOUTES les manip’ ci-dessous :p 

    1) Télécharge ToolsCleaner sur ton bureau.
    http://www.commentcamarche.net/telecharger/toolscleaner...

    Ce programme va te faire désinstaller tous les outils que je t’ai faits utiliser.

  • Clique sur Recherche et laisse le scan agir ...
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    2) Télécharge et installe Ccleaner :
    http://www.01net.com/telecharger/windows/Utilitaire/net...
  • Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Clique sur l'onglet "Nettoyeur" puis sur "Lancer le Nettoyage".
  • Ensuite clique sur l'onglet Registre, clique sur "Chercher des erreurs" puis sur "Réparer les erreurs sélectionnées". Il est inutile de faire des sauvegardes des clés. Répète l'opération autant de fois qu'il le faut jusqu'à qu'il ne trouve plus d'erreurs.
  • Tutorial ici : http://www.infos-du-net.com/forum/272336-7-ccleaner-und...
    3)
  • Désactive ta restauration systeme

  • Réactive ta restauration systeme

  • Tutorial ici : http://www.infos-du-net.com/forum/272480-11-desactiver-...
    ********************************************************************************

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Ce serait sympa de rapporter ton infection sur > Malware-Complaints < pour faire condamner ses auteurs

    - Règles du forum <- ici
    - Poster un message <- ici ( par Malekal )

    Pour t'enregistrer clique sur le bouton register ( en haut )
    Si tu as plus de 13 ans choisis " I Agree to these terms and am over or exactly 13 years of age "
    Si tu as moins de 13 ans choisis " I Agree to these terms and am under 13 years of age "

    Tu auras une liste par type d'infection
    Si ton infection n'est pas dans la liste crée un message dans Autres infections

    a+ et bon surf :hello: 


    Quelques liens intéressants :

    http://mickael.barroux.free.fr/securite/
    http://www.malekal.com/
    http://www.infos-du-net.com/forum/275481-11-dossier-pre...
    3 Mai 2008 12:58:12


    -->- Recherche:

    C:\Combofix: trouvé !
    C:\Vundofix backups: trouvé !
    C:\Qoobox: trouvé !
    C:\_OtMoveIt: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
    C:\Documents and Settings\moumoune.WESHWESH\Bureau\ComboFix.exe: trouvé !
    C:\Documents and Settings\moumoune.WESHWESH\Mes documents\Applications\protection\vundoFix.exe: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
    C:\QooBox\Quarantine\C\Combofix: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
    C:\Documents and Settings\moumoune.WESHWESH\Bureau\ComboFix.exe: supprimé !
    C:\Documents and Settings\moumoune.WESHWESH\Mes documents\Applications\protection\vundoFix.exe: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Combofix: supprimé !
    C:\Vundofix backups: supprimé !
    C:\Qoobox: supprimé !
    C:\_OtMoveIt: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !

    Point de restauration crée !
    Fichiers temporaires nettoyés !
    Corbeille vidée!
    Sauvegarde du registre crée !



    je suis désolé je n'avais plus Internet pendant un moment. Merci infiniment pour votre aide. C'est vraiment super ce que vous faites.

    Merci encore et bonne continuation
    3 Mai 2008 19:27:53

    Re,

    De rien ce fut un plaisir !

    Rapporte ton infection sur malware complain si ce n'est pas fait, c'est important ;) 

    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Bonne continuation :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS