Votre question

Virus sur ordinateur

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
19 Avril 2008 17:06:01

Bonjour,

J'ai de gros problèmes sur mon ordinateur... Lorsque je vais sur internet, des pages publicitaires s'ouvrent toutes seules et il y a un logiciel PC anti-spyware (je ne pense pas l'avoir installé auparavant...) que je ne peux pas désinstaller!
J'ai effectué un scan de l'ordinateur avec HijackThis.

Merci d'avance pour votre aide,


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:52:35, on 19/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Controle Parental\bin\OPTGui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\PC-Antispyware\PC-Antispyware.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\ProgramData\xwuenxsc\ojqzwjwh.exe
C:\ProgramData\abcxchcd\crypihgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiLB.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Gwénaël\Desktop\anti-virus\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.the-exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.the-exit.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www/the-exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.the-exit.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.the-exit.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/ig/dell?hl=fr&client=dell-row&chan...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.the-exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.the-exit.com/search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.the-exit.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.the-exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.the-exit.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Dcads Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Dcads Advanced Toolbar\toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\CONTRO~1\bin\optgui.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PC-Antispyware] "C:\Program Files\PC-Antispyware\PC-Antispyware.exe" hide
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [1Mapi] "C:\ProgramData\FastRoamRoam.v3wwz"
O4 - HKCU\..\Run: [bait deaf idle setup] "C:\ProgramData\Tray Warn Platform.slzg5j"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [xwuenxsc] C:\ProgramData\xwuenxsc\ojqzwjwh.exe
O4 - HKCU\..\Run: [HBi8h7cBx7] C:\ProgramData\abcxchcd\crypihgr.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\GWNAL~1\AppData\Local\Temp\opnmjIXn.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\GWNAL~1\AppData\Local\Temp\ssqqRKBS.dll,c
O4 - HKCU\..\Run: [acce7bf9] rundll32.exe "C:\Users\GWNAL~1\AppData\Local\Temp\ntqjkewn.dll",b
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: .protected
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Global Startup: .protected
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WiFi Station pour Livebox.lnk = C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiLB.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: >>> FREE PORN GALLERIES <<< - javascript:{document.location='http://sexmaxx.com/freegalleries.htm';}
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\Windows\system32\pr2akt6c.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 13189 bytes

Autres pages sur : virus ordinateur

19 Avril 2008 18:41:49

:hello: 

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    ;) 
    19 Avril 2008 19:58:42

    Voil le rapport :

    Malwarebytes' Anti-Malware 1.11
    Version de la base de données: 654

    Type de recherche: Examen complet (C:\|D:\|E:\|G:\|H:\|I:\|J:\|)
    Eléments examinés: 162921
    Temps écoulé: 40 minute(s), 14 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 36
    Valeur(s) du Registre infectée(s): 10
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 7
    Fichier(s) infecté(s): 49

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{10f0c2a9-8e38-43e3-204d-45524c494e20} (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10f0c2a9-8e38-43e3-204d-45524c494e20} (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\contexttool (Adware.PlayaZ) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc-antispyware (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Tencent (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\AdvRemoteDbg (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\PC-Antispyware (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\PC-Antispyware (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Mirar (AdWare.Mirar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\HID_Layer (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xwuenxsc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HBi8h7cBx7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PC-Antispyware (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\acce7bf9 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\contexttool (Adware.PlayaZ) -> Quarantined and deleted successfully.
    C:\Program Files\PC-Antispyware (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC-Antispyware (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
    C:\Users\Gwénaël\AppData\Roaming\PC-Antispyware (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
    C:\Users\Gwénaël\AppData\Roaming\PC-Antispyware\logs (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
    C:\Users\Gwénaël\AppData\Roaming\PC-Antispyware\startup (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
    C:\Users\Gwénaël\Desktopvirii (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\ProgramData\xwuenxsc\ojqzwjwh.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\ProgramData\abcxchcd\crypihgr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\PC-Antispyware\IeExtension.dll (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
    C:\Users\Gwénaël\AppData\Local\Temp\2ce1444d.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Users\Gwénaël\AppData\Local\Temp\bb0a8225.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Users\Gwénaël\AppData\Local\Temp\bx18dxv.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Windows\System32\nsg469E.dll (Adware.Begin2Search) -> Quarantined and deleted successfully.
    C:\Program Files\contexttool\pcre3.dll (Adware.PlayaZ) -> Quarantined and deleted successfully.
    C:\Program Files\contexttool\uninstall.exe (Adware.PlayaZ) -> Quarantined and deleted successfully.
    C:\Program Files\PC-Antispyware\PC-Antispyware.db (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
    C:\Program Files\PC-Antispyware\PC-Antispyware.exe (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
    C:\Program Files\PC-Antispyware\pcantispyware.pkg (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
    C:\Program Files\PC-Antispyware\PopupBlocker.dll (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
    C:\Program Files\PC-Antispyware\program.info (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
    C:\Program Files\PC-Antispyware\Uninstall.exe (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC-Antispyware\PC-Antispyware Uninstall.lnk (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC-Antispyware\PC-Antispyware.lnk (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
    C:\Users\Gwénaël\AppData\Roaming\PC-Antispyware\config.xml (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
    C:\Users\Gwénaël\AppData\Roaming\PC-Antispyware\Sites.bl (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
    C:\Users\Gwénaël\AppData\Roaming\PC-Antispyware\logs\1208611392.log (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
    C:\Users\Gwénaël\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Users\Gwénaël\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Users\Gwénaël\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Users\Gwénaël\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Users\Gwénaël\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Users\Gwénaël\AppData\Local\Temp\efcDVpOh.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\Gwénaël\AppData\Local\Temp\ssqqRKBS.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\Gwénaël\AppData\Local\Temp\ntqjkewn.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\cmd.com (Worm.Alcra) -> Quarantined and deleted successfully.
    C:\Windows\System32\netstat.com (Worm.Alcra) -> Quarantined and deleted successfully.
    C:\Windows\System32\ping.com (Worm.Alcra) -> Quarantined and deleted successfully.
    C:\Windows\System32\regedit.com (Worm.Alcra) -> Quarantined and deleted successfully.
    C:\Windows\System32\tasklist.com (Worm.Alcra) -> Quarantined and deleted successfully.
    C:\Windows\System32\tracert.com (Worm.Alcra) -> Quarantined and deleted successfully.
    C:\Windows\.protected (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.
    C:\Windows\System32\drivers\etc\.protected (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.
    C:\.protected (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.
    C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Users\Gwénaël\Desktopblackbird.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Users\Gwénaël\DesktopEditorFKWP1.5.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Users\Gwénaël\DesktopEditorFKWP2.0.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Users\Gwénaël\Desktopfilemanagerclient.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Users\Gwénaël\Desktopfkwp1.5.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Users\Gwénaël\Desktopfkwp2.0.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Users\Gwénaël\Desktopfwebd.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Users\Gwénaël\DesktopFWebdEditor.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Users\Gwénaël\DesktopTrojan.Win32.BlackBird.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\.protected (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.
    C:\Users\Gwénaël\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.protected (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.

    Merci encore de ton aide,

    J'attends la suite de tes instructions.
    Contenus similaires
    19 Avril 2008 20:13:17

    Re,

    1) Si tu es sous vista, fais d'abord ça / sinon passe de suite à l’étape suivante ;)  :

    Désactive l'UAC ( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ...
    et valide par OK , il te sera demandé de redémarrer, fais le )


    2) Télécharge Navilog1 de IL-MAFIOSO : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

    Selon l’antivirus que tu utilises navilog1 peut être détecté comme virus !!!
    Dans ce cas-là désactive le pendant le téléchargement et le scan!!!!


    Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
    Ensuite double clique sur navilog1.exe pour lancer l'installation.
    Une fois l'installation terminée, le fix s'exécutera automatiquement.
    (Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

    Laisse-toi guider. Au menu principal, choisis 1 et valides.
    (ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

    Patiente jusqu'au message :
    *** Analyse Termine le ..... ***
    Appuie sur une touche comme demandé, le bloc note va s'ouvrir.
    Copie-colle l'intégralité dans une réponse. Referme le bloc note.
    Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

    ;) 
    24 Avril 2008 15:37:46

    Salut,

    Désolé de ne répondre que maintenant mais je n'ai pas eu beaucoup de temps pour m'occuper de tous ça jusqu'à maintenant...

    Voilà le rapport :

    Search Navipromo version 3.5.4 commencé le 24/04/2008 à 15:18:46,55

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "Gwénaël"

    Mise à jour le 15.04.2008 à 18h00 par IL-MAFIOSO

    Microsoft Windows Vista 6.0.6000
    Internet Explorer : 7.0.6000.16643
    Système de fichiers : NTFS

    Executé en mode normal



    *** Recherche dossiers dans "C:\Windows" ***



    *** Recherche dossiers dans "C:\Program Files" ***


    *** Recherche dossiers dans "C:\ProgramData" ***


    *** Recherche dossiers dans "C:\ProgramData\Microsoft\Windows\Start Menu\Programs" ***


    *** Recherche dossiers dans "C:\Users\Gw‚na‰l\AppData\Local\virtualstore\Program Files" ***



    *** Recherche dossiers dans "C:\Users\Gw‚na‰l\AppData\Roaming" ***


    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Aucun Fichier trouvé



    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans "C:\Windows\system32" *

    * Recherche dans "C:\Users\Gw‚na‰l\AppData\Local\Microsoft" *

    * Recherche dans "C:\Users\Gw‚na‰l\AppData\Local\virtualstore\windows\system32" *

    * Recherche dans "C:\Users\Gw‚na‰l\AppData\Local" *

    * Recherche dans "C:\Users\ADMINI~1\AppData\Local" *

    * Recherche dans "C:\Users\parents\AppData\Local" *



    *** Recherche fichiers ***


    C:\Windows\pack.epk trouvé !


    *** Recherche clés spécifiques dans le Registre ***

    HKEY_CURRENT_USER\Software\Lanconfig trouvé !

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :


    2)Recherche Heuristique :

    * Dans "C:\Windows\system32" :


    * Dans "C:\Users\Gw‚na‰l\AppData\Local\Microsoft" :


    * Dans "C:\Users\Gw‚na‰l\AppData\Local\virtualstore\windows\system32" :

    uloliseuo.dat trouvé !
    uloliseuo_nav.dat trouvé !
    uloliseuo_navps.dat trouvé !
    uloliseuo_navup.dat trouvé !

    * Dans "C:\Users\Gw‚na‰l\AppData\Local" :


    * Dans "C:\Users\ADMINI~1\AppData\Local" :


    * Dans "C:\Users\parents\AppData\Local" :


    3)Recherche Certificats :

    Certificat Egroup absent !
    Certificat Electronic-Group absent !
    Certificat OOO-Favorit absent !
    Certificat Sunny-Day-Design-Ltd absent !

    4)Recherche fichiers connus :



    *** Analyse terminée le 24/04/2008 à 15:28:50,13 ***

    J'attends la suite des opérations...

    Merci encore,
    24 Avril 2008 18:03:06

    Re,

    Double clique sur le raccourci de navilog1.
    Option 2 puis valide. (entrée)
    Laisse toi guider.
    Ton ordinateur va redémarrer, sinon fais le manuellement.

    Ton bureau va disparaître.

    Patiente jusqu'à l'apparition de ce message :
    "*** Nettoyage Termine le ..... ***"

    Appuie sur une touche comme demandé, le Bloc-notes va s'ouvrir.
    Sauvegarde le rapport.
    Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

    Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
    Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
    Tapes explorer et valide. Cela te fera apparaitre ton bureau


    Démarrer -> panneau de configuration -> options internet
    Clique sur l'onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés" :

    Montorgueil ; VIP

    ~~> Supprime-les si présents ! (pas les autres) <~~

    Poste le rapport sauvegardé auparavant (C:\cleannavi.txt)
    Ainsi qu'un nouveau rapport Hijackthis.

    +++++++++++

    Les programmes suivants installent cette infection :

    * Go-astro
    * GoRecord
    * HotTVPlayer
    * MailSkinner
    * Messenger Skinner
    * Instant Access
    * InternetGameBox
    * sudoplanet
    * Webmediaplayer : sauf celui provenant du site suivant > http://www.azertysite.new.fr/
    * Sur le site www.games-desktop.com (Ne pas aller dessus!)
    24 Avril 2008 20:50:03

    Re,

    Je n'ai rien eu a supprimer dans les éditeurs approuvés...

    Voici le rapport navilog1 :

    Clean Navipromo version 3.5.4 commencé le 24/04/2008 à 20:33:24,03

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "Gwénaël"

    Mise à jour le 15.04.2008 à 18h00 par IL-MAFIOSO

    Microsoft Windows Vista 6.0.6000
    Internet Explorer : 7.0.6000.16643
    Système de fichiers : NTFS

    Mode suppression automatique
    avec prise en charge résultats Catchme et GNS



    *** fsbl1.txt non trouvé ***
    (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


    *** Suppression avec sauvegardes résultats GenericNaviSearch ***

    * Suppression dans "C:\Windows\System32" *


    * Suppression dans "C:\Users\Gw‚na‰l\AppData\Local\Microsoft" *


    * Suppression dans "C:\Users\Gw‚na‰l\AppData\Local\virtualstore\windows\system32" *


    * Suppression dans "C:\Users\Gw‚na‰l\AppData\Local" *


    * Suppression dans "C:\Users\ADMINI~1\AppData\Local" *


    * Suppression dans "C:\Users\parents\AppData\Local" *



    *** Suppression dossiers dans "C:\Windows" ***


    *** Suppression dossiers dans "C:\Program Files" ***


    *** Suppression dossiers dans "C:\ProgramData" ***


    *** Suppression dossiers dans "C:\ProgramData\Microsoft\Windows\Start Menu\Programs" ***


    *** Suppression dossiers dans "C:\Users\Gw‚na‰l\AppData\Local\virtualstore\Program Files" ***


    *** Suppression dossiers dans "C:\Users\Gw‚na‰l\AppData\Roaming" ***



    *** Suppression fichiers ***

    C:\Windows\pack.epk supprimé !

    *** Suppression fichiers temporaires ***

    Nettoyage contenu C:\Windows\Temp effectué !
    Nettoyage contenu C:\Users\GWNAL~1\AppData\Local\Temp effectué !

    *** Traitement Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

    2)Recherche, création sauvegardes et suppression Heuristique :


    * Dans "C:\Windows\system32" *


    * Dans "C:\Users\Gw‚na‰l\AppData\Local\Microsoft" *


    * Dans "C:\Users\Gw‚na‰l\AppData\Local\virtualstore\windows\system32" *

    uloliseuo.dat trouvé !
    Copie uloliseuo.dat réalisée avec succès !
    uloliseuo.dat supprimé !

    uloliseuo_nav.dat trouvé !
    Copie uloliseuo_nav.dat réalisée avec succès !
    uloliseuo_nav.dat supprimé !

    uloliseuo_navps.dat trouvé !
    Copie uloliseuo_navps.dat réalisée avec succès !
    uloliseuo_navps.dat supprimé !

    uloliseuo_navup.dat trouvé !
    Copie uloliseuo_navup.dat réalisée avec succès !
    uloliseuo_navup.dat supprimé !


    * Dans "C:\Users\Gw‚na‰l\AppData\Local" *


    * Dans "C:\Users\ADMINI~1\AppData\Local" *


    * Dans "C:\Users\parents\AppData\Local" *


    *** Sauvegarde du Registre vers dossier Safebackup ***

    sauvegarde du Registre réalisée avec succès !

    *** Nettoyage Registre ***

    Nettoyage Registre Ok


    *** Certificats ***

    Certificat Egroup absent !
    Certificat Electronic-Group absent !
    Certificat OOO-Favorit absent !
    Certificat Sunny-Day-Design-Ltdt absent !

    *** Nettoyage terminé le 24/04/2008 à 20:37:06,02 ***

    Et voici le rapport Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:47:11, on 24/04/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Windows\sttray.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
    C:\Program Files\Controle Parental\bin\OPTGui.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiLB.exe
    C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Gwénaël\Desktop\Antivirus\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.the-exit.com/search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.the-exit.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www/the-exit.com/search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.the-exit.com/search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=...
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.the-exit.com/search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.the-exit.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.the-exit.com/search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.the-exit.com/search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.the-exit.com/search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.the-exit.com/search
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.the-exit.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Dcads Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Dcads Advanced Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\CONTRO~1\bin\optgui.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
    O4 - HKCU\..\Run: [1Mapi] "C:\ProgramData\FastRoamRoam.v3wwz"
    O4 - HKCU\..\Run: [bait deaf idle setup] "C:\ProgramData\Tray Warn Platform.slzg5j"
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: WiFi Station pour Livebox.lnk = C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiLB.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: >>> FREE PORN GALLERIES <<< - javascript:{document.location='http://sexmaxx.com/freegalleries.htm';}
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O13 - Gopher Prefix:
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
    O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\Windows\system32\pr2akt6c.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 13258 bytes

    Merci,
    24 Avril 2008 22:32:55

    Re,

    Visiblement ton infection vient entre autre de site X.

    Télécharge Lop S&D.exe ( d’ Eric 71 & Angeldark ) sur ton bureau. ~>Tuto<~
  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
  • Séléctionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré ( C:\lopR.txt )
    (Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

    ;) 
    24 Avril 2008 23:01:51

    Re,

    Voici le rapport de Lop :


    -----------------------[ Lop S&D 4.1.1-8 XP/Vista ]---------------------

    [ Windows 'Longhorn' (NT 6.0) Workstation Build 6000 ]
    [ USER : Gw‚na‰l ] [ "C:\Lop SD" ]
    [ 24/04/2008 | 22:46:56,33 ] [ PC : GWEN ]
    [ MAJ : 23-04-2008 | 20:06 ]
    [ UAC => 0 ]

    -------------[ Listing des dossiers dans Application Data ]------------

    [19/06/2007|23:10] C:\Users\GWNAL~1\AppData\Roaming\Adobe\Acrobat
    [19/06/2007|23:10] C:\Users\GWNAL~1\AppData\Roaming\Adobe\..
    [19/06/2007|23:10] C:\Users\GWNAL~1\AppData\Roaming\Adobe\.

    [19/06/2007|23:10] C:\Users\GWNAL~1\AppData\Roaming\AdobeUM\..
    [19/06/2007|23:10] C:\Users\GWNAL~1\AppData\Roaming\AdobeUM\.

    [09/11/2007|18:48] C:\Users\GWNAL~1\AppData\Roaming\Adssite Advanced Toolbar\..
    [09/11/2007|18:48] C:\Users\GWNAL~1\AppData\Roaming\Adssite Advanced Toolbar\.
    [13/06/2007|17:21] C:\Users\GWNAL~1\AppData\Roaming\Adssite Advanced Toolbar\selected.xml

    [02/06/2007|14:48] C:\Users\GWNAL~1\AppData\Roaming\ATI\..
    [02/06/2007|14:48] C:\Users\GWNAL~1\AppData\Roaming\ATI\ACE
    [02/06/2007|14:48] C:\Users\GWNAL~1\AppData\Roaming\ATI\.

    [12/04/2008|00:15] C:\Users\GWNAL~1\AppData\Roaming\Corel\ImageDB.db
    [11/04/2008|23:58] C:\Users\GWNAL~1\AppData\Roaming\Corel\..
    [11/04/2008|23:58] C:\Users\GWNAL~1\AppData\Roaming\Corel\.
    [12/03/2008|11:59] C:\Users\GWNAL~1\AppData\Roaming\Corel\thumbnails.db
    [25/08/2007|19:37] C:\Users\GWNAL~1\AppData\Roaming\Corel\LastDBFilter.PspCache
    [18/07/2007|18:39] C:\Users\GWNAL~1\AppData\Roaming\Corel\Messages
    [19/06/2007|23:06] C:\Users\GWNAL~1\AppData\Roaming\Corel\Paint Shop Pro Photo
    [02/06/2007|15:18] C:\Users\GWNAL~1\AppData\Roaming\Corel\Snapfire Plus

    [02/02/2008|14:47] C:\Users\GWNAL~1\AppData\Roaming\Creative\ZENcast
    [02/02/2008|14:42] C:\Users\GWNAL~1\AppData\Roaming\Creative\QueMan
    [02/02/2008|14:41] C:\Users\GWNAL~1\AppData\Roaming\Creative\..
    [02/02/2008|14:41] C:\Users\GWNAL~1\AppData\Roaming\Creative\.
    [25/12/2007|17:40] C:\Users\GWNAL~1\AppData\Roaming\Creative\OpaQMan
    [25/12/2007|16:48] C:\Users\GWNAL~1\AppData\Roaming\Creative\Video Converter

    [24/04/2008|15:14] C:\Users\GWNAL~1\AppData\Roaming\Dcads Advanced Toolbar\advertbuttons.xml
    [18/11/2007|20:03] C:\Users\GWNAL~1\AppData\Roaming\Dcads Advanced Toolbar\..
    [18/11/2007|20:03] C:\Users\GWNAL~1\AppData\Roaming\Dcads Advanced Toolbar\.
    [01/11/2007|16:26] C:\Users\GWNAL~1\AppData\Roaming\Dcads Advanced Toolbar\selected.xml

    [23/08/2007|13:06] C:\Users\GWNAL~1\AppData\Roaming\DialMessenger\config.xml
    [21/08/2007|00:05] C:\Users\GWNAL~1\AppData\Roaming\DialMessenger\..
    [21/08/2007|00:05] C:\Users\GWNAL~1\AppData\Roaming\DialMessenger\.

    [19/09/2007|10:28] C:\Users\GWNAL~1\AppData\Roaming\DMCache\..
    [19/09/2007|10:28] C:\Users\GWNAL~1\AppData\Roaming\DMCache\settings.bak
    [19/09/2007|10:28] C:\Users\GWNAL~1\AppData\Roaming\DMCache\.

    [20/04/2008|13:13] C:\Users\GWNAL~1\AppData\Roaming\Google\Local Search History
    [18/06/2007|18:14] C:\Users\GWNAL~1\AppData\Roaming\Google\GoogleEarth
    [18/06/2007|18:03] C:\Users\GWNAL~1\AppData\Roaming\Google\..
    [18/06/2007|18:03] C:\Users\GWNAL~1\AppData\Roaming\Google\.

    [18/06/2007|14:35] C:\Users\GWNAL~1\AppData\Roaming\GTek\gtny
    [18/06/2007|14:35] C:\Users\GWNAL~1\AppData\Roaming\GTek\..
    [18/06/2007|14:35] C:\Users\GWNAL~1\AppData\Roaming\GTek\.
    [02/06/2007|14:48] C:\Users\GWNAL~1\AppData\Roaming\GTek\GTUpdate

    [02/03/2008|12:01] C:\Users\GWNAL~1\AppData\Roaming\HP\Digital Imaging
    [02/03/2008|12:01] C:\Users\GWNAL~1\AppData\Roaming\HP\..
    [02/03/2008|12:01] C:\Users\GWNAL~1\AppData\Roaming\HP\.
    [23/02/2008|20:40] C:\Users\GWNAL~1\AppData\Roaming\HP\ScLogs

    [25/12/2007|15:29] C:\Users\GWNAL~1\AppData\Roaming\HPAppData\..
    [25/12/2007|15:29] C:\Users\GWNAL~1\AppData\Roaming\HPAppData\.
    [02/03/2007|14:10] C:\Users\GWNAL~1\AppData\Roaming\HPAppData\RegClean.dll

    [18/06/2007|18:33] C:\Users\GWNAL~1\AppData\Roaming\Identities\{4EC80784-AAAE-459B-96A4-85236DCC3154}
    [02/06/2007|14:47] C:\Users\GWNAL~1\AppData\Roaming\Identities\..
    [02/06/2007|14:47] C:\Users\GWNAL~1\AppData\Roaming\Identities\.

    [19/09/2007|10:49] C:\Users\GWNAL~1\AppData\Roaming\IDM\..
    [19/09/2007|10:49] C:\Users\GWNAL~1\AppData\Roaming\IDM\.
    [18/09/2007|20:49] C:\Users\GWNAL~1\AppData\Roaming\IDM\cnlurllist.dat
    [15/09/2007|12:30] C:\Users\GWNAL~1\AppData\Roaming\IDM\Scheduler
    [15/09/2007|12:30] C:\Users\GWNAL~1\AppData\Roaming\IDM\DwnlData
    [15/09/2007|12:30] C:\Users\GWNAL~1\AppData\Roaming\IDM\UrlHistory.txt
    [13/09/2007|20:06] C:\Users\GWNAL~1\AppData\Roaming\IDM\Grabber

    [05/07/2007|15:08] C:\Users\GWNAL~1\AppData\Roaming\InstallShield\..
    [05/07/2007|15:08] C:\Users\GWNAL~1\AppData\Roaming\InstallShield\ISEngine12.0
    [05/07/2007|15:08] C:\Users\GWNAL~1\AppData\Roaming\InstallShield\.

    [19/11/2007|21:10] C:\Users\GWNAL~1\AppData\Roaming\Leadertech\PowerRegister
    [19/11/2007|21:10] C:\Users\GWNAL~1\AppData\Roaming\Leadertech\..
    [19/11/2007|21:10] C:\Users\GWNAL~1\AppData\Roaming\Leadertech\.

    [23/04/2008|20:46] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\library.dat
    [23/04/2008|20:09] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\filters.props
    [23/04/2008|20:09] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\questions.props
    [23/04/2008|20:09] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\tables.props
    [23/04/2008|20:09] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\installation.props
    [23/04/2008|20:09] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\mojito.props
    [23/04/2008|20:09] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\limewire.props
    [23/04/2008|19:58] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\fileurns.cache
    [23/04/2008|19:56] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\createtimes.cache
    [23/04/2008|19:51] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\..
    [23/04/2008|19:51] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\.
    [17/04/2008|15:57] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\spam.dat
    [17/04/2008|15:57] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\gnutella.net
    [15/04/2008|13:25] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\version.xml
    [14/04/2008|18:59] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\simpp.xml
    [13/04/2008|20:32] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\ttrees.cache
    [13/04/2008|20:32] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\ttroot.cache
    [12/03/2008|11:50] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\.AppSpecialShare
    [29/02/2008|21:44] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\ttree.cache
    [09/02/2008|16:54] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\.NetworkShare
    [29/09/2007|20:07] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\responses.cache
    [05/07/2007|20:17] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\412splashfree.png
    [05/07/2007|18:48] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\update.xml
    [05/07/2007|18:48] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\fileurns.bak
    [05/07/2007|18:48] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\data.ser
    [05/07/2007|18:48] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\secureMessage.key
    [05/07/2007|18:48] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\public.key
    [05/07/2007|18:48] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\pub1.key
    [05/07/2007|18:48] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\version.key
    [05/07/2007|18:48] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\xml
    [05/07/2007|18:48] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\themes

    [18/07/2007|18:31] C:\Users\GWNAL~1\AppData\Roaming\LogoMaker\..
    [18/07/2007|18:31] C:\Users\GWNAL~1\AppData\Roaming\LogoMaker\Temp
    [18/07/2007|18:31] C:\Users\GWNAL~1\AppData\Roaming\LogoMaker\.
    [18/07/2007|18:30] C:\Users\GWNAL~1\AppData\Roaming\LogoMaker\Settings

    [19/04/2008|20:03] C:\Users\GWNAL~1\AppData\Roaming\Macromedia\Flash Player
    [18/06/2007|14:48] C:\Users\GWNAL~1\AppData\Roaming\Macromedia\..
    [18/06/2007|14:48] C:\Users\GWNAL~1\AppData\Roaming\Macromedia\.

    [19/04/2008|18:55] C:\Users\GWNAL~1\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware
    [19/04/2008|18:54] C:\Users\GWNAL~1\AppData\Roaming\Malwarebytes\..
    [19/04/2008|18:54] C:\Users\GWNAL~1\AppData\Roaming\Malwarebytes\.

    [23/04/2008|20:16] C:\Users\GWNAL~1\AppData\Roaming\Media Player Classic\default.mpcpl
    [22/09/2007|19:41] C:\Users\GWNAL~1\AppData\Roaming\Media Player Classic\..
    [22/09/2007|19:41] C:\Users\GWNAL~1\AppData\Roaming\Media Player Classic\.

    [03/10/2007|18:12] C:\Users\GWNAL~1\AppData\Roaming\MessengerGadget\..
    [03/10/2007|18:12] C:\Users\GWNAL~1\AppData\Roaming\MessengerGadget\.

    [21/04/2008|20:37] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\Windows Photo Gallery
    [13/04/2008|19:51] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\HTML Help
    [26/03/2008|12:09] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\Credentials
    [07/02/2008|11:38] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\Pack Emoticones Love
    [07/02/2008|11:38] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\..
    [07/02/2008|11:38] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\.
    [01/02/2008|19:15] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\CLR Security Config
    [05/01/2008|18:05] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\MSN Messenger
    [13/12/2007|19:23] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\Installer
    [12/12/2007|17:35] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\Internet Explorer
    [11/12/2007|21:07] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\Windows Live Call
    [04/11/2007|21:43] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\Crypto
    [25/10/2007|18:56] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\WLTB Custom Buttons
    [23/08/2007|17:22] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\IdentityCRL
    [21/07/2007|21:34] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\Shoebox
    [03/07/2007|15:38] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\MMC
    [03/06/2007|12:05] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\preuve
    [03/06/2007|12:03] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\Media Player
    [02/06/2007|15:39] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\Speech
    [02/06/2007|15:13] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\Network
    [02/06/2007|15:06] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\Windows
    [02/06/2007|14:47] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\Protect
    [02/06/2007|14:46] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\SystemCertificates

    [20/06/2007|13:43] C:\Users\GWNAL~1\AppData\Roaming\Mozilla\..
    [20/06/2007|13:43] C:\Users\GWNAL~1\AppData\Roaming\Mozilla\.

    [20/06/2007|13:43] C:\Users\GWNAL~1\AppData\Roaming\Nvu\profiles.ini
    [20/06/2007|13:43] C:\Users\GWNAL~1\AppData\Roaming\Nvu\Profiles
    [20/06/2007|13:43] C:\Users\GWNAL~1\AppData\Roaming\Nvu\..
    [20/06/2007|13:43] C:\Users\GWNAL~1\AppData\Roaming\Nvu\.

    [24/04/2008|20:38] C:\Users\GWNAL~1\AppData\Roaming\OpenOffice.org2\..
    [24/04/2008|20:38] C:\Users\GWNAL~1\AppData\Roaming\OpenOffice.org2\.lock
    [24/04/2008|20:38] C:\Users\GWNAL~1\AppData\Roaming\OpenOffice.org2\.
    [04/01/2008|18:06] C:\Users\GWNAL~1\AppData\Roaming\OpenOffice.org2\user

    [21/04/2008|20:32] C:\Users\GWNAL~1\AppData\Roaming\Pro Cycling Manager 2007\Pro Cycling Manager 2007_001.log
    [21/04/2008|20:32] C:\Users\GWNAL~1\AppData\Roaming\Pro Cycling Manager 2007\..
    [21/04/2008|20:32] C:\Users\GWNAL~1\AppData\Roaming\Pro Cycling Manager 2007\.
    [21/04/2008|20:27] C:\Users\GWNAL~1\AppData\Roaming\Pro Cycling Manager 2007\Pro Cycling Manager 2007.log
    [21/04/2008|20:19] C:\Users\GWNAL~1\AppData\Roaming\Pro Cycling Manager 2007\Local.cdb
    [21/04/2008|20:08] C:\Users\GWNAL~1\AppData\Roaming\Pro Cycling Manager 2007\Local.cdb~
    [16/04/2008|19:57] C:\Users\GWNAL~1\AppData\Roaming\Pro Cycling Manager 2007\RAD
    [02/08/2007|15:38] C:\Users\GWNAL~1\AppData\Roaming\Pro Cycling Manager 2007\OriginalLocal.cdb
    [21/06/2007|17:10] C:\Users\GWNAL~1\AppData\Roaming\Pro Cycling Manager 2007\Temp
    [21/06/2007|16:19] C:\Users\GWNAL~1\AppData\Roaming\Pro Cycling Manager 2007\Cache
    [21/06/2007|16:19] C:\Users\GWNAL~1\AppData\Roaming\Pro Cycling Manager 2007\HDCacheConf.xml
    [21/06/2007|16:19] C:\Users\GWNAL~1\AppData\Roaming\Pro Cycling Manager 2007\Config

    [22/09/2007|19:40] C:\Users\GWNAL~1\AppData\Roaming\Real\..
    [22/09/2007|19:40] C:\Users\GWNAL~1\AppData\Roaming\Real\.

    [07/03/2008|21:44] C:\Users\GWNAL~1\AppData\Roaming\Roxio\PlasmaLog.txt
    [26/07/2007|18:37] C:\Users\GWNAL~1\AppData\Roaming\Roxio\..
    [26/07/2007|18:37] C:\Users\GWNAL~1\AppData\Roaming\Roxio\.
    [10/07/2007|13:38] C:\Users\GWNAL~1\AppData\Roaming\Roxio\MediaManager9
    [02/06/2007|15:17] C:\Users\GWNAL~1\AppData\Roaming\Roxio\RoxioCentral
    [02/06/2007|15:16] C:\Users\GWNAL~1\AppData\Roaming\Roxio\RoxioCentral33

    [24/10/2007|19:52] C:\Users\GWNAL~1\AppData\Roaming\Sports Interactive\Football Manager 2007
    [24/10/2007|19:52] C:\Users\GWNAL~1\AppData\Roaming\Sports Interactive\..
    [24/10/2007|19:52] C:\Users\GWNAL~1\AppData\Roaming\Sports Interactive\.

    [03/06/2007|12:05] C:\Users\GWNAL~1\AppData\Roaming\Template\..
    [03/06/2007|12:05] C:\Users\GWNAL~1\AppData\Roaming\Template\.
    [05/06/2006|11:51] C:\Users\GWNAL~1\AppData\Roaming\Template\Normal.wpt

    [11/10/2007|18:01] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_0.txt
    [05/10/2007|20:31] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\log.txt
    [04/10/2007|18:04] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_33.txt
    [04/10/2007|18:04] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\..
    [04/10/2007|18:04] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\.
    [04/10/2007|18:04] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FoldersList.txt
    [04/10/2007|18:04] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_32.txt
    [15/09/2007|11:49] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_31.txt
    [03/09/2007|20:45] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_30.txt
    [03/09/2007|19:40] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_29.txt
    [03/09/2007|19:40] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_28.txt
    [03/09/2007|19:40] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_27.txt
    [03/09/2007|19:39] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_26.txt
    [03/09/2007|18:55] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_23.txt
    [03/09/2007|18:54] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_24.txt
    [03/09/2007|18:43] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_22.txt
    [03/09/2007|18:35] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_6.txt
    [03/09/2007|18:30] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_21.txt
    [03/09/2007|18:30] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_20.txt
    [03/09/2007|18:28] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_19.txt
    [03/09/2007|18:25] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_18.txt
    [03/09/2007|18:25] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_17.txt
    [03/09/2007|18:25] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_16.txt
    [03/09/2007|18:24] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_14.txt
    [03/09/2007|18:24] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_13.txt
    [03/09/2007|18:24] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_11.txt
    [03/09/2007|18:22] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_5.txt
    [03/09/2007|18:19] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_10.txt
    [03/09/2007|18:19] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_9.txt
    [03/09/2007|18:19] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_8.txt
    [03/09/2007|18:18] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_7.txt
    [03/09/2007|18:18] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_4.txt
    [03/09/2007|18:18] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_2.txt
    [03/09/2007|18:18] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_1.txt

    [19/04/2008|20:44] C:\Users\GWNAL~1\AppData\Roaming\vlc\vlcrc
    [21/07/2007|22:30] C:\Users\GWNAL~1\AppData\Roaming\vlc\cache
    [21/07/2007|22:30] C:\Users\GWNAL~1\AppData\Roaming\vlc\..
    [21/07/2007|22:30] C:\Users\GWNAL~1\AppData\Roaming\vlc\.

    [23/04/2008|19:49] C:\Users\GWNAL~1\AppData\Roaming\wklnhst.dat\wklnhst.dat

    ----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------

    [23/04/2008 20:39][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{AFDFE062-1DCC-45DE-947A-6B225D3EC9E6}.job
    [24/04/2008 22:18][--a------] C:\Windows\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
    [24/04/2008 20:36][--ah-----] C:\Windows\tasks\SA.DAT
    [24/04/2008 20:35][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    ------[ Listing des dossiers dans C:\ProgramData ]------

    [19/04/2008|18:54] C:\ProgramData\.
    [19/04/2008|18:54] C:\ProgramData\..
    [19/04/2008|19:48] C:\ProgramData\abcxchcd
    [30/05/2007|05:09] C:\ProgramData\Adobe
    [14/09/2007|20:25] C:\ProgramData\Ante jugs find.c1d30
    [02/06/2007|14:43] C:\ProgramData\Application Data
    [16/12/2007|00:19] C:\ProgramData\BOONTY
    [02/06/2007|14:43] C:\ProgramData\Bureau
    [30/05/2007|05:11] C:\ProgramData\Corel
    [25/12/2007|15:52] C:\ProgramData\Creative
    [01/02/2008|19:14] C:\ProgramData\Dell
    [02/06/2007|14:43] C:\ProgramData\Documents
    [03/09/2007|18:27] C:\ProgramData\eMule
    [30/08/2007|21:10] C:\ProgramData\FastRoamRoam.0ci8n
    [29/09/2007|13:45] C:\ProgramData\FastRoamRoam.h79li
    [14/09/2007|20:24] C:\ProgramData\FastRoamRoam.lgyou5a
    [05/10/2007|20:37] C:\ProgramData\FastRoamRoam.rg432po
    [09/10/2007|18:00] C:\ProgramData\FastRoamRoam.sb0prc
    [09/10/2007|18:00] C:\ProgramData\FastRoamRoam.v3wwz
    [02/06/2007|14:43] C:\ProgramData\Favoris
    [18/07/2007|13:36] C:\ProgramData\Google
    [24/04/2008|15:26] C:\ProgramData\Google Updater
    [30/05/2007|05:18] C:\ProgramData\Gtek
    [25/12/2007|15:32] C:\ProgramData\Hewlett-Packard
    [25/12/2007|15:33] C:\ProgramData\HP
    [25/12/2007|15:27] C:\ProgramData\HP Product Assistant
    [25/12/2007|16:09] C:\ProgramData\HPSSUPPLY
    [25/12/2007|15:33] C:\ProgramData\hpzinstall.log
    [07/11/2007|19:44] C:\ProgramData\Htm Support Bait Deaf
    [30/05/2007|05:13] C:\ProgramData\InstallShield
    [13/12/2007|19:20] C:\ProgramData\Logitech
    [19/04/2008|18:54] C:\ProgramData\Malwarebytes
    [19/06/2007|18:28] C:\ProgramData\McAfee
    [02/06/2007|14:43] C:\ProgramData\Menu D‚marrer
    [19/06/2007|17:53] C:\ProgramData\Messenger Plus!
    [15/07/2007|18:19] C:\ProgramData\Microsoft
    [02/06/2007|14:43] C:\ProgramData\ModŠles
    [22/09/2007|19:40] C:\ProgramData\Real
    [30/05/2007|05:23] C:\ProgramData\Roxio
    [07/11/2007|19:45] C:\ProgramData\SIXTH BOLT REMOTE
    [30/05/2007|05:13] C:\ProgramData\Sonic
    [12/12/2007|18:01] C:\ProgramData\Symantec
    [16/04/2008|14:02] C:\ProgramData\TEMP
    [09/10/2007|18:01] C:\ProgramData\Tray Warn Platform.slzg5j
    [25/12/2007|15:34] C:\ProgramData\WEBREG
    [12/01/2008|20:01] C:\ProgramData\WLInstaller
    [19/04/2008|19:48] C:\ProgramData\xwuenxsc

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [24/04/2008|15:16] C:\Program Files\.
    [24/04/2008|15:16] C:\Program Files\..
    [30/05/2007|05:09] C:\Program Files\Adobe
    [13/11/2007|19:53] C:\Program Files\Adssite Advanced Toolbar
    [17/10/2007|19:30] C:\Program Files\Adssite Games Collection
    [30/08/2007|21:10] C:\Program Files\Adverts
    [19/06/2007|18:11] C:\Program Files\Alwil Software
    [30/05/2007|05:09] C:\Program Files\ATI Technologies
    [25/12/2007|15:48] C:\Program Files\Audible
    [30/05/2007|05:19] C:\Program Files\BAE
    [14/12/2007|21:54] C:\Program Files\BoontyGames
    [19/04/2008|18:06] C:\Program Files\CCleaner
    [12/04/2008|19:05] C:\Program Files\Common Files
    [19/08/2007|21:31] C:\Program Files\Conjugaison
    [05/07/2007|15:01] C:\Program Files\Controle Parental
    [30/05/2007|05:12] C:\Program Files\Corel
    [25/12/2007|15:48] C:\Program Files\Creative
    [25/12/2007|15:47] C:\Program Files\Creative Installation Information
    [19/04/2008|15:40] C:\Program Files\Cyanide
    [30/05/2007|05:16] C:\Program Files\CyberLink
    [17/11/2007|15:24] C:\Program Files\Dcads Advanced Toolbar
    [17/11/2007|15:23] C:\Program Files\Dcads Games Collection
    [30/05/2007|05:20] C:\Program Files\Dell
    [30/05/2007|05:18] C:\Program Files\DellSupport
    [30/06/2007|19:52] C:\Program Files\denouvel
    [03/07/2007|13:20] C:\Program Files\Desktop XP
    [30/08/2007|19:19] C:\Program Files\desktop.ini
    [07/11/2007|19:40] C:\Program Files\Desktop-XP_WhenUSave_Installer
    [21/08/2007|00:05] C:\Program Files\DialMessenger
    [02/10/2007|18:52] C:\Program Files\DivX
    [03/09/2007|18:27] C:\Program Files\eMule
    [02/06/2007|14:43] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
    [03/07/2007|13:20] C:\Program Files\Free Baseball Screensaver
    [18/07/2007|13:36] C:\Program Files\Google
    [15/07/2007|18:14] C:\Program Files\Hercules
    [25/12/2007|15:26] C:\Program Files\Hewlett-Packard
    [25/12/2007|15:29] C:\Program Files\HP
    [02/02/2008|14:08] C:\Program Files\InstallShield Installation Information
    [30/05/2007|05:07] C:\Program Files\Intel
    [19/09/2007|10:50] C:\Program Files\Internet Download Manager
    [10/04/2008|19:02] C:\Program Files\Internet Explorer
    [28/12/2007|18:04] C:\Program Files\Java
    [28/06/2007|16:38] C:\Program Files\johlee
    [22/09/2007|19:40] C:\Program Files\K-Lite Codec Pack
    [19/07/2007|23:51] C:\Program Files\Le Grand Bˆtisier
    [12/03/2008|11:49] C:\Program Files\LimeWire
    [13/12/2007|19:20] C:\Program Files\Logitech
    [25/10/2007|18:56] C:\Program Files\Macrogaming
    [30/05/2007|05:20] C:\Program Files\MAKEMSI Package Documentation
    [19/04/2008|18:54] C:\Program Files\Malwarebytes' Anti-Malware
    [14/12/2007|19:20] C:\Program Files\Messenger Plus! Live
    [08/11/2007|16:05] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [30/05/2007|05:09] C:\Program Files\Microsoft Office
    [29/09/2007|13:58] C:\Program Files\Microsoft SQL Server Compact Edition
    [30/05/2007|05:09] C:\Program Files\Microsoft Works
    [02/11/2006|14:42] C:\Program Files\Movie Maker
    [02/11/2006|14:37] C:\Program Files\MSBuild
    [02/11/2006|14:37] C:\Program Files\MSN
    [30/05/2007|05:06] C:\Program Files\MSXML 4.0
    [24/04/2008|20:37] C:\Program Files\Navilog1
    [19/11/2007|21:08] C:\Program Files\NovaLogic
    [19/04/2008|15:40] C:\Program Files\Nvu
    [28/12/2007|18:05] C:\Program Files\OpenOffice.org 2.3
    [30/05/2007|05:20] C:\Program Files\Orange
    [18/06/2007|14:44] C:\Program Files\OrangeHSS
    [02/02/2008|14:08] C:\Program Files\RedlightCenter
    [02/11/2006|14:37] C:\Program Files\Reference Assemblies
    [21/09/2007|16:13] C:\Program Files\RM-X Player V5.0
    [30/05/2007|05:15] C:\Program Files\Roxio
    [05/07/2007|15:08] C:\Program Files\SAGEM
    [19/07/2007|23:13] C:\Program Files\Savoir son ƒge pr‚cis 1.1
    [30/05/2007|05:07] C:\Program Files\SigmaTel
    [18/07/2007|18:29] C:\Program Files\Studio V5
    [02/11/2006|15:01] C:\Program Files\Uninstall Information
    [10/09/2007|18:38] C:\Program Files\Verbes Irr‚guliers
    [17/07/2007|20:34] C:\Program Files\VideoLAN
    [03/09/2007|18:18] C:\Program Files\Vista Start Menu
    [05/07/2007|13:50] C:\Program Files\VSprint
    [30/08/2007|12:54] C:\Program Files\Windows Calendar
    [02/11/2006|14:42] C:\Program Files\Windows Collaboration
    [20/06/2007|14:03] C:\Program Files\Windows Defender
    [02/11/2006|14:42] C:\Program Files\Windows Journal
    [28/02/2008|11:30] C:\Program Files\Windows Live
    [31/10/2007|14:40] C:\Program Files\Windows Live Toolbar
    [10/04/2008|19:02] C:\Program Files\Windows Mail
    [19/03/2008|19:55] C:\Program Files\Windows Media Components
    [11/10/2007|21:03] C:\Program Files\Windows Media Player
    [02/06/2007|14:43] C:\Program Files\Windows NT
    [02/11/2006|14:42] C:\Program Files\Windows Photo Gallery
    [10/01/2008|18:44] C:\Program Files\Windows Sidebar
    [06/01/2008|18:13] C:\Program Files\winupdates
    [03/09/2007|13:54] C:\Program Files\World_Tv_Center

    ------[ Listing des dossiers dans C:\Program Files\Common Files ]------

    [12/04/2008|19:05] C:\Program Files\Common Files\.
    [12/04/2008|19:05] C:\Program Files\Common Files\..
    [30/05/2007|05:09] C:\Program Files\Common Files\Adobe
    [20/06/2007|13:48] C:\Program Files\Common Files\BOONTY Shared
    [30/05/2007|05:12] C:\Program Files\Common Files\Corel
    [25/12/2007|15:45] C:\Program Files\Common Files\Creative
    [18/06/2007|14:41] C:\Program Files\Common Files\France Telecom
    [25/12/2007|15:26] C:\Program Files\Common Files\Hewlett-Packard
    [25/12/2007|15:26] C:\Program Files\Common Files\HP
    [24/10/2007|19:45] C:\Program Files\Common Files\InstallShield
    [30/05/2007|05:07] C:\Program Files\Common Files\Java
    [13/12/2007|19:20] C:\Program Files\Common Files\Logishrd
    [13/12/2007|19:22] C:\Program Files\Common Files\Logitech
    [14/11/2007|20:24] C:\Program Files\Common Files\microsoft shared
    [12/04/2008|19:05] C:\Program Files\Common Files\PC Tools
    [02/02/2008|14:08] C:\Program Files\Common Files\PocketSoft
    [30/05/2007|05:13] C:\Program Files\Common Files\Roxio Shared
    [02/11/2006|13:18] C:\Program Files\Common Files\Services
    [30/05/2007|05:15] C:\Program Files\Common Files\Sonic Shared
    [02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
    [30/05/2007|05:13] C:\Program Files\Common Files\SureThing Shared
    [12/12/2007|18:15] C:\Program Files\Common Files\Symantec Shared
    [30/08/2007|19:17] C:\Program Files\Common Files\System
    [11/12/2007|18:08] C:\Program Files\Common Files\WindowsLiveInstaller

    ----------------------[ Recherche avec S_Lop ]---------------------

    C:\ProgramData\Ante jugs find.c1d30
    C:\ProgramData\Tray Warn Platform.slzg5j
    C:\ProgramData\Ante jugs find.c1d30
    C:\ProgramData\Tray Warn Platform.slzg5j

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    C:\ProgramData\Htm Support Bait Deaf
    C:\Program Files\Adverts

    ----------------------[ Verification du Registre ]----------------------

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-24 22:47:08
    Windows 6.0.6000 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    C:\Windows\Temp\_avast4_\unp8481409.tmp
    scan completed successfully
    hidden processes: 0
    hidden files: 1

    --------------------[ Recherche d'autres infections ]---------------------

    Aucune autre infection trouvée !

    /!\ [Fich:76][Doss:4] C:\Users\GWNAL~1\AppData\Local\Temp
    /!\ [Fich:100][Doss:1] C:\Users\GWNAL~1\AppData\Roaming\MICROS~1\Windows\Cookies
    /!\ [Fich:573][Doss:4] C:\Users\GWNAL~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5

    [ UAC => 1 ]

    --------------------[ Fin du rapport a 22:52:44,81 ]----------------------


    Merci encore,
    25 Avril 2008 10:39:18

    Re,

    1) Relance Lop S&D

  • Choisis cette fois ci l'Option 2 ( Suppression )
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré ( C:\lopR.txt )

    (Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

    2) Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
    NB : Tu dois être connecté avec des droits d'Administrateur.
  • ferme toutes les applications et fenêtres
  • double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous
    Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)
  • s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
  • tu devras cliquer 2 fois sur le OK des boîtes de dialogue
    Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée
  • quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :
    main.txt <- ouvert en premier plan et en plein écran
    extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
    S'il s'agit d'une utilisation supplémentaire de DSS :
  • tu n'auras pas de boîte de dialogue (pas de OK)
  • quand le traitement est terminé, un fichier texte s'affiche :
    main.txt <- ouvert en premier plan et en plein écran

  • copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post
  • copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)
  • n'oublie pas de réactiver les protections si elles ont été stoppées.



    Ce que fait DSS :
  • crée un point de restauration dans Windows XP et Vista
  • nettoie les fichiers temporaires, DPF-Downloaded Program Files et le Cache Internet, vide la Corbeille de tous les lecteurs
  • vérifie quelques zones importantes de ton système et établit un rapport pour examen par ton conseiller en sécurité. DSS lance automatiquement HijackThis pour toi; il va aussi créer un raccourci HijackThis sur ton Bureau si tu n'as pas déjà HijackThis d'installé.

    ;) 
    25 Avril 2008 20:33:55

    Re,

    Voici le rapport de Lop S&D :


    -----------------------[ Lop S&D 4.1.1-8 XP/Vista ]---------------------

    [ Windows 'Longhorn' (NT 6.0) Workstation Build 6000 ]
    [ USER : Gw‚na‰l ] [ "C:\Lop SD" ]
    [ 25/04/2008 | 20:03:04,12 ] [ PC : GWEN ]
    [ MAJ : 23-04-2008 | 20:06 ]
    [ UAC => 0 ]

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

    Supprimé! - C:\ProgramData\Ante jugs find.c1d30
    Supprimé! - C:\ProgramData\Tray Warn Platform.slzg5j
    Supprimé! - C:\ProgramData\Htm Support Bait Deaf
    Supprimé! - C:\Program Files\Adverts
    Restauré! - Fichier Hosts

    //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    -------------[ Listing des dossiers dans Application Data ]------------

    [19/06/2007|23:10] C:\Users\GWNAL~1\AppData\Roaming\Adobe\Acrobat
    [19/06/2007|23:10] C:\Users\GWNAL~1\AppData\Roaming\Adobe\..
    [19/06/2007|23:10] C:\Users\GWNAL~1\AppData\Roaming\Adobe\.

    [19/06/2007|23:10] C:\Users\GWNAL~1\AppData\Roaming\AdobeUM\..
    [19/06/2007|23:10] C:\Users\GWNAL~1\AppData\Roaming\AdobeUM\.

    [09/11/2007|18:48] C:\Users\GWNAL~1\AppData\Roaming\Adssite Advanced Toolbar\..
    [09/11/2007|18:48] C:\Users\GWNAL~1\AppData\Roaming\Adssite Advanced Toolbar\.
    [13/06/2007|17:21] C:\Users\GWNAL~1\AppData\Roaming\Adssite Advanced Toolbar\selected.xml

    [02/06/2007|14:48] C:\Users\GWNAL~1\AppData\Roaming\ATI\..
    [02/06/2007|14:48] C:\Users\GWNAL~1\AppData\Roaming\ATI\ACE
    [02/06/2007|14:48] C:\Users\GWNAL~1\AppData\Roaming\ATI\.

    [25/04/2008|11:11] C:\Users\GWNAL~1\AppData\Roaming\Corel\ImageDB.db
    [25/04/2008|11:11] C:\Users\GWNAL~1\AppData\Roaming\Corel\..
    [25/04/2008|11:11] C:\Users\GWNAL~1\AppData\Roaming\Corel\.
    [12/03/2008|11:59] C:\Users\GWNAL~1\AppData\Roaming\Corel\thumbnails.db
    [25/08/2007|19:37] C:\Users\GWNAL~1\AppData\Roaming\Corel\LastDBFilter.PspCache
    [18/07/2007|18:39] C:\Users\GWNAL~1\AppData\Roaming\Corel\Messages
    [19/06/2007|23:06] C:\Users\GWNAL~1\AppData\Roaming\Corel\Paint Shop Pro Photo
    [02/06/2007|15:18] C:\Users\GWNAL~1\AppData\Roaming\Corel\Snapfire Plus

    [02/02/2008|14:47] C:\Users\GWNAL~1\AppData\Roaming\Creative\ZENcast
    [02/02/2008|14:42] C:\Users\GWNAL~1\AppData\Roaming\Creative\QueMan
    [02/02/2008|14:41] C:\Users\GWNAL~1\AppData\Roaming\Creative\..
    [02/02/2008|14:41] C:\Users\GWNAL~1\AppData\Roaming\Creative\.
    [25/12/2007|17:40] C:\Users\GWNAL~1\AppData\Roaming\Creative\OpaQMan
    [25/12/2007|16:48] C:\Users\GWNAL~1\AppData\Roaming\Creative\Video Converter

    [24/04/2008|15:14] C:\Users\GWNAL~1\AppData\Roaming\Dcads Advanced Toolbar\advertbuttons.xml
    [18/11/2007|20:03] C:\Users\GWNAL~1\AppData\Roaming\Dcads Advanced Toolbar\..
    [18/11/2007|20:03] C:\Users\GWNAL~1\AppData\Roaming\Dcads Advanced Toolbar\.
    [01/11/2007|16:26] C:\Users\GWNAL~1\AppData\Roaming\Dcads Advanced Toolbar\selected.xml

    [23/08/2007|13:06] C:\Users\GWNAL~1\AppData\Roaming\DialMessenger\config.xml
    [21/08/2007|00:05] C:\Users\GWNAL~1\AppData\Roaming\DialMessenger\..
    [21/08/2007|00:05] C:\Users\GWNAL~1\AppData\Roaming\DialMessenger\.

    [19/09/2007|10:28] C:\Users\GWNAL~1\AppData\Roaming\DMCache\..
    [19/09/2007|10:28] C:\Users\GWNAL~1\AppData\Roaming\DMCache\settings.bak
    [19/09/2007|10:28] C:\Users\GWNAL~1\AppData\Roaming\DMCache\.

    [25/04/2008|18:49] C:\Users\GWNAL~1\AppData\Roaming\Google\Local Search History
    [18/06/2007|18:14] C:\Users\GWNAL~1\AppData\Roaming\Google\GoogleEarth
    [18/06/2007|18:03] C:\Users\GWNAL~1\AppData\Roaming\Google\..
    [18/06/2007|18:03] C:\Users\GWNAL~1\AppData\Roaming\Google\.

    [18/06/2007|14:35] C:\Users\GWNAL~1\AppData\Roaming\GTek\gtny
    [18/06/2007|14:35] C:\Users\GWNAL~1\AppData\Roaming\GTek\..
    [18/06/2007|14:35] C:\Users\GWNAL~1\AppData\Roaming\GTek\.
    [02/06/2007|14:48] C:\Users\GWNAL~1\AppData\Roaming\GTek\GTUpdate

    [02/03/2008|12:01] C:\Users\GWNAL~1\AppData\Roaming\HP\Digital Imaging
    [02/03/2008|12:01] C:\Users\GWNAL~1\AppData\Roaming\HP\..
    [02/03/2008|12:01] C:\Users\GWNAL~1\AppData\Roaming\HP\.
    [23/02/2008|20:40] C:\Users\GWNAL~1\AppData\Roaming\HP\ScLogs

    [25/12/2007|15:29] C:\Users\GWNAL~1\AppData\Roaming\HPAppData\..
    [25/12/2007|15:29] C:\Users\GWNAL~1\AppData\Roaming\HPAppData\.
    [02/03/2007|14:10] C:\Users\GWNAL~1\AppData\Roaming\HPAppData\RegClean.dll

    [18/06/2007|18:33] C:\Users\GWNAL~1\AppData\Roaming\Identities\{4EC80784-AAAE-459B-96A4-85236DCC3154}
    [02/06/2007|14:47] C:\Users\GWNAL~1\AppData\Roaming\Identities\..
    [02/06/2007|14:47] C:\Users\GWNAL~1\AppData\Roaming\Identities\.

    [19/09/2007|10:49] C:\Users\GWNAL~1\AppData\Roaming\IDM\..
    [19/09/2007|10:49] C:\Users\GWNAL~1\AppData\Roaming\IDM\.
    [18/09/2007|20:49] C:\Users\GWNAL~1\AppData\Roaming\IDM\cnlurllist.dat
    [15/09/2007|12:30] C:\Users\GWNAL~1\AppData\Roaming\IDM\Scheduler
    [15/09/2007|12:30] C:\Users\GWNAL~1\AppData\Roaming\IDM\DwnlData
    [15/09/2007|12:30] C:\Users\GWNAL~1\AppData\Roaming\IDM\UrlHistory.txt
    [13/09/2007|20:06] C:\Users\GWNAL~1\AppData\Roaming\IDM\Grabber

    [05/07/2007|15:08] C:\Users\GWNAL~1\AppData\Roaming\InstallShield\..
    [05/07/2007|15:08] C:\Users\GWNAL~1\AppData\Roaming\InstallShield\ISEngine12.0
    [05/07/2007|15:08] C:\Users\GWNAL~1\AppData\Roaming\InstallShield\.

    [19/11/2007|21:10] C:\Users\GWNAL~1\AppData\Roaming\Leadertech\PowerRegister
    [19/11/2007|21:10] C:\Users\GWNAL~1\AppData\Roaming\Leadertech\..
    [19/11/2007|21:10] C:\Users\GWNAL~1\AppData\Roaming\Leadertech\.

    [25/04/2008|20:00] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\library.dat
    [25/04/2008|16:45] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\fileurns.cache
    [25/04/2008|16:25] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\createtimes.cache
    [25/04/2008|16:05] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\filters.props
    [25/04/2008|16:05] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\questions.props
    [25/04/2008|16:05] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\tables.props
    [25/04/2008|16:05] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\installation.props
    [25/04/2008|16:05] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\mojito.props
    [25/04/2008|16:05] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\limewire.props
    [25/04/2008|11:21] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\..
    [25/04/2008|11:21] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\.
    [17/04/2008|15:57] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\spam.dat
    [17/04/2008|15:57] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\gnutella.net
    [15/04/2008|13:25] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\version.xml
    [14/04/2008|18:59] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\simpp.xml
    [13/04/2008|20:32] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\ttrees.cache
    [13/04/2008|20:32] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\ttroot.cache
    [12/03/2008|11:50] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\.AppSpecialShare
    [29/02/2008|21:44] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\ttree.cache
    [09/02/2008|16:54] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\.NetworkShare
    [29/09/2007|20:07] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\responses.cache
    [05/07/2007|20:17] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\412splashfree.png
    [05/07/2007|18:48] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\update.xml
    [05/07/2007|18:48] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\fileurns.bak
    [05/07/2007|18:48] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\data.ser
    [05/07/2007|18:48] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\secureMessage.key
    [05/07/2007|18:48] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\public.key
    [05/07/2007|18:48] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\pub1.key
    [05/07/2007|18:48] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\version.key
    [05/07/2007|18:48] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\xml
    [05/07/2007|18:48] C:\Users\GWNAL~1\AppData\Roaming\LimeWire\themes

    [18/07/2007|18:31] C:\Users\GWNAL~1\AppData\Roaming\LogoMaker\..
    [18/07/2007|18:31] C:\Users\GWNAL~1\AppData\Roaming\LogoMaker\Temp
    [18/07/2007|18:31] C:\Users\GWNAL~1\AppData\Roaming\LogoMaker\.
    [18/07/2007|18:30] C:\Users\GWNAL~1\AppData\Roaming\LogoMaker\Settings

    [19/04/2008|20:03] C:\Users\GWNAL~1\AppData\Roaming\Macromedia\Flash Player
    [18/06/2007|14:48] C:\Users\GWNAL~1\AppData\Roaming\Macromedia\..
    [18/06/2007|14:48] C:\Users\GWNAL~1\AppData\Roaming\Macromedia\.

    [19/04/2008|18:55] C:\Users\GWNAL~1\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware
    [19/04/2008|18:54] C:\Users\GWNAL~1\AppData\Roaming\Malwarebytes\..
    [19/04/2008|18:54] C:\Users\GWNAL~1\AppData\Roaming\Malwarebytes\.

    [25/04/2008|16:08] C:\Users\GWNAL~1\AppData\Roaming\Media Player Classic\default.mpcpl
    [22/09/2007|19:41] C:\Users\GWNAL~1\AppData\Roaming\Media Player Classic\..
    [22/09/2007|19:41] C:\Users\GWNAL~1\AppData\Roaming\Media Player Classic\.

    [03/10/2007|18:12] C:\Users\GWNAL~1\AppData\Roaming\MessengerGadget\..
    [03/10/2007|18:12] C:\Users\GWNAL~1\AppData\Roaming\MessengerGadget\.

    [21/04/2008|20:37] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\Windows Photo Gallery
    [13/04/2008|19:51] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\HTML Help
    [26/03/2008|12:09] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\Credentials
    [07/02/2008|11:38] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\Pack Emoticones Love
    [07/02/2008|11:38] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\..
    [07/02/2008|11:38] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\.
    [01/02/2008|19:15] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\CLR Security Config
    [05/01/2008|18:05] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\MSN Messenger
    [13/12/2007|19:23] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\Installer
    [12/12/2007|17:35] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\Internet Explorer
    [11/12/2007|21:07] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\Windows Live Call
    [04/11/2007|21:43] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\Crypto
    [25/10/2007|18:56] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\WLTB Custom Buttons
    [23/08/2007|17:22] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\IdentityCRL
    [21/07/2007|21:34] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\Shoebox
    [03/07/2007|15:38] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\MMC
    [03/06/2007|12:05] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\preuve
    [03/06/2007|12:03] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\Media Player
    [02/06/2007|15:39] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\Speech
    [02/06/2007|15:13] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\Network
    [02/06/2007|15:06] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\Windows
    [02/06/2007|14:47] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\Protect
    [02/06/2007|14:46] C:\Users\GWNAL~1\AppData\Roaming\Microsoft\SystemCertificates

    [20/06/2007|13:43] C:\Users\GWNAL~1\AppData\Roaming\Mozilla\..
    [20/06/2007|13:43] C:\Users\GWNAL~1\AppData\Roaming\Mozilla\.

    [20/06/2007|13:43] C:\Users\GWNAL~1\AppData\Roaming\Nvu\profiles.ini
    [20/06/2007|13:43] C:\Users\GWNAL~1\AppData\Roaming\Nvu\Profiles
    [20/06/2007|13:43] C:\Users\GWNAL~1\AppData\Roaming\Nvu\..
    [20/06/2007|13:43] C:\Users\GWNAL~1\AppData\Roaming\Nvu\.

    [25/04/2008|20:03] C:\Users\GWNAL~1\AppData\Roaming\OpenOffice.org2\.lock
    [25/04/2008|20:03] C:\Users\GWNAL~1\AppData\Roaming\OpenOffice.org2\..
    [25/04/2008|20:03] C:\Users\GWNAL~1\AppData\Roaming\OpenOffice.org2\.
    [04/01/2008|18:06] C:\Users\GWNAL~1\AppData\Roaming\OpenOffice.org2\user

    [25/04/2008|19:52] C:\Users\GWNAL~1\AppData\Roaming\Pro Cycling Manager 2007\Pro Cycling Manager 2007.log
    [25/04/2008|19:52] C:\Users\GWNAL~1\AppData\Roaming\Pro Cycling Manager 2007\RAD
    [25/04/2008|19:51] C:\Users\GWNAL~1\AppData\Roaming\Pro Cycling Manager 2007\..
    [25/04/2008|19:51] C:\Users\GWNAL~1\AppData\Roaming\Pro Cycling Manager 2007\.
    [25/04/2008|19:48] C:\Users\GWNAL~1\AppData\Roaming\Pro Cycling Manager 2007\Local.cdb
    [25/04/2008|18:58] C:\Users\GWNAL~1\AppData\Roaming\Pro Cycling Manager 2007\Local.cdb~
    [02/08/2007|15:38] C:\Users\GWNAL~1\AppData\Roaming\Pro Cycling Manager 2007\OriginalLocal.cdb
    [21/06/2007|17:10] C:\Users\GWNAL~1\AppData\Roaming\Pro Cycling Manager 2007\Temp
    [21/06/2007|16:19] C:\Users\GWNAL~1\AppData\Roaming\Pro Cycling Manager 2007\Cache
    [21/06/2007|16:19] C:\Users\GWNAL~1\AppData\Roaming\Pro Cycling Manager 2007\HDCacheConf.xml
    [21/06/2007|16:19] C:\Users\GWNAL~1\AppData\Roaming\Pro Cycling Manager 2007\Config

    [22/09/2007|19:40] C:\Users\GWNAL~1\AppData\Roaming\Real\..
    [22/09/2007|19:40] C:\Users\GWNAL~1\AppData\Roaming\Real\.

    [07/03/2008|21:44] C:\Users\GWNAL~1\AppData\Roaming\Roxio\PlasmaLog.txt
    [26/07/2007|18:37] C:\Users\GWNAL~1\AppData\Roaming\Roxio\..
    [26/07/2007|18:37] C:\Users\GWNAL~1\AppData\Roaming\Roxio\.
    [10/07/2007|13:38] C:\Users\GWNAL~1\AppData\Roaming\Roxio\MediaManager9
    [02/06/2007|15:17] C:\Users\GWNAL~1\AppData\Roaming\Roxio\RoxioCentral
    [02/06/2007|15:16] C:\Users\GWNAL~1\AppData\Roaming\Roxio\RoxioCentral33

    [24/10/2007|19:52] C:\Users\GWNAL~1\AppData\Roaming\Sports Interactive\Football Manager 2007
    [24/10/2007|19:52] C:\Users\GWNAL~1\AppData\Roaming\Sports Interactive\..
    [24/10/2007|19:52] C:\Users\GWNAL~1\AppData\Roaming\Sports Interactive\.

    [03/06/2007|12:05] C:\Users\GWNAL~1\AppData\Roaming\Template\..
    [03/06/2007|12:05] C:\Users\GWNAL~1\AppData\Roaming\Template\.
    [05/06/2006|11:51] C:\Users\GWNAL~1\AppData\Roaming\Template\Normal.wpt

    [11/10/2007|18:01] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_0.txt
    [05/10/2007|20:31] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\log.txt
    [04/10/2007|18:04] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_33.txt
    [04/10/2007|18:04] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\..
    [04/10/2007|18:04] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\.
    [04/10/2007|18:04] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FoldersList.txt
    [04/10/2007|18:04] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_32.txt
    [15/09/2007|11:49] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_31.txt
    [03/09/2007|20:45] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_30.txt
    [03/09/2007|19:40] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_29.txt
    [03/09/2007|19:40] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_28.txt
    [03/09/2007|19:40] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_27.txt
    [03/09/2007|19:39] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_26.txt
    [03/09/2007|18:55] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_23.txt
    [03/09/2007|18:54] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_24.txt
    [03/09/2007|18:43] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_22.txt
    [03/09/2007|18:35] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_6.txt
    [03/09/2007|18:30] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_21.txt
    [03/09/2007|18:30] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_20.txt
    [03/09/2007|18:28] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_19.txt
    [03/09/2007|18:25] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_18.txt
    [03/09/2007|18:25] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_17.txt
    [03/09/2007|18:25] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_16.txt
    [03/09/2007|18:24] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_14.txt
    [03/09/2007|18:24] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_13.txt
    [03/09/2007|18:24] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_11.txt
    [03/09/2007|18:22] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_5.txt
    [03/09/2007|18:19] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_10.txt
    [03/09/2007|18:19] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_9.txt
    [03/09/2007|18:19] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_8.txt
    [03/09/2007|18:18] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_7.txt
    [03/09/2007|18:18] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_4.txt
    [03/09/2007|18:18] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_2.txt
    [03/09/2007|18:18] C:\Users\GWNAL~1\AppData\Roaming\Vista Start Menu\FolderOptions_1.txt

    [25/04/2008|18:13] C:\Users\GWNAL~1\AppData\Roaming\vlc\vlcrc
    [21/07/2007|22:30] C:\Users\GWNAL~1\AppData\Roaming\vlc\cache
    [21/07/2007|22:30] C:\Users\GWNAL~1\AppData\Roaming\vlc\..
    [21/07/2007|22:30] C:\Users\GWNAL~1\AppData\Roaming\vlc\.

    [25/04/2008|15:53] C:\Users\GWNAL~1\AppData\Roaming\wklnhst.dat\wklnhst.dat

    ----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------

    [24/04/2008 23:01][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{AFDFE062-1DCC-45DE-947A-6B225D3EC9E6}.job
    [25/04/2008 19:18][--a------] C:\Windows\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
    [25/04/2008 20:02][--ah-----] C:\Windows\tasks\SA.DAT
    [25/04/2008 20:01][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    ------[ Listing des dossiers dans C:\ProgramData ]------

    [25/04/2008|20:03] C:\ProgramData\.
    [25/04/2008|20:03] C:\ProgramData\..
    [19/04/2008|19:48] C:\ProgramData\abcxchcd
    [30/05/2007|05:09] C:\ProgramData\Adobe
    [02/06/2007|14:43] C:\ProgramData\Application Data
    [16/12/2007|00:19] C:\ProgramData\BOONTY
    [02/06/2007|14:43] C:\ProgramData\Bureau
    [30/05/2007|05:11] C:\ProgramData\Corel
    [25/12/2007|15:52] C:\ProgramData\Creative
    [01/02/2008|19:14] C:\ProgramData\Dell
    [02/06/2007|14:43] C:\ProgramData\Documents
    [03/09/2007|18:27] C:\ProgramData\eMule
    [30/08/2007|21:10] C:\ProgramData\FastRoamRoam.0ci8n
    [29/09/2007|13:45] C:\ProgramData\FastRoamRoam.h79li
    [14/09/2007|20:24] C:\ProgramData\FastRoamRoam.lgyou5a
    [05/10/2007|20:37] C:\ProgramData\FastRoamRoam.rg432po
    [09/10/2007|18:00] C:\ProgramData\FastRoamRoam.sb0prc
    [09/10/2007|18:00] C:\ProgramData\FastRoamRoam.v3wwz
    [02/06/2007|14:43] C:\ProgramData\Favoris
    [18/07/2007|13:36] C:\ProgramData\Google
    [25/04/2008|16:26] C:\ProgramData\Google Updater
    [30/05/2007|05:18] C:\ProgramData\Gtek
    [25/12/2007|15:32] C:\ProgramData\Hewlett-Packard
    [25/12/2007|15:33] C:\ProgramData\HP
    [25/12/2007|15:27] C:\ProgramData\HP Product Assistant
    [25/12/2007|16:09] C:\ProgramData\HPSSUPPLY
    [25/12/2007|15:33] C:\ProgramData\hpzinstall.log
    [30/05/2007|05:13] C:\ProgramData\InstallShield
    [13/12/2007|19:20] C:\ProgramData\Logitech
    [19/04/2008|18:54] C:\ProgramData\Malwarebytes
    [19/06/2007|18:28] C:\ProgramData\McAfee
    [02/06/2007|14:43] C:\ProgramData\Menu D‚marrer
    [19/06/2007|17:53] C:\ProgramData\Messenger Plus!
    [15/07/2007|18:19] C:\ProgramData\Microsoft
    [02/06/2007|14:43] C:\ProgramData\ModŠles
    [22/09/2007|19:40] C:\ProgramData\Real
    [30/05/2007|05:23] C:\ProgramData\Roxio
    [07/11/2007|19:45] C:\ProgramData\SIXTH BOLT REMOTE
    [30/05/2007|05:13] C:\ProgramData\Sonic
    [12/12/2007|18:01] C:\ProgramData\Symantec
    [16/04/2008|14:02] C:\ProgramData\TEMP
    [25/12/2007|15:34] C:\ProgramData\WEBREG
    [12/01/2008|20:01] C:\ProgramData\WLInstaller
    [19/04/2008|19:48] C:\ProgramData\xwuenxsc

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [25/04/2008|20:03] C:\Program Files\.
    [25/04/2008|20:03] C:\Program Files\..
    [30/05/2007|05:09] C:\Program Files\Adobe
    [13/11/2007|19:53] C:\Program Files\Adssite Advanced Toolbar
    [17/10/2007|19:30] C:\Program Files\Adssite Games Collection
    [19/06/2007|18:11] C:\Program Files\Alwil Software
    [30/05/2007|05:09] C:\Program Files\ATI Technologies
    [25/12/2007|15:48] C:\Program Files\Audible
    [30/05/2007|05:19] C:\Program Files\BAE
    [14/12/2007|21:54] C:\Program Files\BoontyGames
    [19/04/2008|18:06] C:\Program Files\CCleaner
    [12/04/2008|19:05] C:\Program Files\Common Files
    [19/08/2007|21:31] C:\Program Files\Conjugaison
    [05/07/2007|15:01] C:\Program Files\Controle Parental
    [30/05/2007|05:12] C:\Program Files\Corel
    [25/12/2007|15:48] C:\Program Files\Creative
    [25/12/2007|15:47] C:\Program Files\Creative Installation Information
    [19/04/2008|15:40] C:\Program Files\Cyanide
    [30/05/2007|05:16] C:\Program Files\CyberLink
    [17/11/2007|15:24] C:\Program Files\Dcads Advanced Toolbar
    [17/11/2007|15:23] C:\Program Files\Dcads Games Collection
    [30/05/2007|05:20] C:\Program Files\Dell
    [30/05/2007|05:18] C:\Program Files\DellSupport
    [30/06/2007|19:52] C:\Program Files\denouvel
    [03/07/2007|13:20] C:\Program Files\Desktop XP
    [30/08/2007|19:19] C:\Program Files\desktop.ini
    [07/11/2007|19:40] C:\Program Files\Desktop-XP_WhenUSave_Installer
    [21/08/2007|00:05] C:\Program Files\DialMessenger
    [02/10/2007|18:52] C:\Program Files\DivX
    [03/09/2007|18:27] C:\Program Files\eMule
    [02/06/2007|14:43] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
    [03/07/2007|13:20] C:\Program Files\Free Baseball Screensaver
    [18/07/2007|13:36] C:\Program Files\Google
    [15/07/2007|18:14] C:\Program Files\Hercules
    [25/12/2007|15:26] C:\Program Files\Hewlett-Packard
    [25/12/2007|15:29] C:\Program Files\HP
    [02/02/2008|14:08] C:\Program Files\InstallShield Installation Information
    [30/05/2007|05:07] C:\Program Files\Intel
    [19/09/2007|10:50] C:\Program Files\Internet Download Manager
    [10/04/2008|19:02] C:\Program Files\Internet Explorer
    [28/12/2007|18:04] C:\Program Files\Java
    [28/06/2007|16:38] C:\Program Files\johlee
    [22/09/2007|19:40] C:\Program Files\K-Lite Codec Pack
    [19/07/2007|23:51] C:\Program Files\Le Grand Bˆtisier
    [12/03/2008|11:49] C:\Program Files\LimeWire
    [13/12/2007|19:20] C:\Program Files\Logitech
    [25/10/2007|18:56] C:\Program Files\Macrogaming
    [30/05/2007|05:20] C:\Program Files\MAKEMSI Package Documentation
    [19/04/2008|18:54] C:\Program Files\Malwarebytes' Anti-Malware
    [14/12/2007|19:20] C:\Program Files\Messenger Plus! Live
    [08/11/2007|16:05] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [30/05/2007|05:09] C:\Program Files\Microsoft Office
    [29/09/2007|13:58] C:\Program Files\Microsoft SQL Server Compact Edition
    [30/05/2007|05:09] C:\Program Files\Microsoft Works
    [02/11/2006|14:42] C:\Program Files\Movie Maker
    [02/11/2006|14:37] C:\Program Files\MSBuild
    [02/11/2006|14:37] C:\Program Files\MSN
    [30/05/2007|05:06] C:\Program Files\MSXML 4.0
    [24/04/2008|20:37] C:\Program Files\Navilog1
    [19/11/2007|21:08] C:\Program Files\NovaLogic
    [19/04/2008|15:40] C:\Program Files\Nvu
    [28/12/2007|18:05] C:\Program Files\OpenOffice.org 2.3
    [30/05/2007|05:20] C:\Program Files\Orange
    [18/06/2007|14:44] C:\Program Files\OrangeHSS
    [02/02/2008|14:08] C:\Program Files\RedlightCenter
    [02/11/2006|14:37] C:\Program Files\Reference Assemblies
    [21/09/2007|16:13] C:\Program Files\RM-X Player V5.0
    [30/05/2007|05:15] C:\Program Files\Roxio
    [05/07/2007|15:08] C:\Program Files\SAGEM
    [19/07/2007|23:13] C:\Program Files\Savoir son ƒge pr‚cis 1.1
    [30/05/2007|05:07] C:\Program Files\SigmaTel
    [18/07/2007|18:29] C:\Program Files\Studio V5
    [02/11/2006|15:01] C:\Program Files\Uninstall Information
    [10/09/2007|18:38] C:\Program Files\Verbes Irr‚guliers
    [17/07/2007|20:34] C:\Program Files\VideoLAN
    [03/09/2007|18:18] C:\Program Files\Vista Start Menu
    [05/07/2007|13:50] C:\Program Files\VSprint
    [30/08/2007|12:54] C:\Program Files\Windows Calendar
    [02/11/2006|14:42] C:\Program Files\Windows Collaboration
    [20/06/2007|14:03] C:\Program Files\Windows Defender
    [02/11/2006|14:42] C:\Program Files\Windows Journal
    [28/02/2008|11:30] C:\Program Files\Windows Live
    [31/10/2007|14:40] C:\Program Files\Windows Live Toolbar
    [10/04/2008|19:02] C:\Program Files\Windows Mail
    [19/03/2008|19:55] C:\Program Files\Windows Media Components
    [11/10/2007|21:03] C:\Program Files\Windows Media Player
    [02/06/2007|14:43] C:\Program Files\Windows NT
    [02/11/2006|14:42] C:\Program Files\Windows Photo Gallery
    [10/01/2008|18:44] C:\Program Files\Windows Sidebar
    [06/01/2008|18:13] C:\Program Files\winupdates
    [03/09/2007|13:54] C:\Program Files\World_Tv_Center

    ------[ Listing des dossiers dans C:\Program Files\Common Files ]------

    [12/04/2008|19:05] C:\Program Files\Common Files\.
    [12/04/2008|19:05] C:\Program Files\Common Files\..
    [30/05/2007|05:09] C:\Program Files\Common Files\Adobe
    [20/06/2007|13:48] C:\Program Files\Common Files\BOONTY Shared
    [30/05/2007|05:12] C:\Program Files\Common Files\Corel
    [25/12/2007|15:45] C:\Program Files\Common Files\Creative
    [18/06/2007|14:41] C:\Program Files\Common Files\France Telecom
    [25/12/2007|15:26] C:\Program Files\Common Files\Hewlett-Packard
    [25/12/2007|15:26] C:\Program Files\Common Files\HP
    [24/10/2007|19:45] C:\Program Files\Common Files\InstallShield
    [30/05/2007|05:07] C:\Program Files\Common Files\Java
    [13/12/2007|19:20] C:\Program Files\Common Files\Logishrd
    [13/12/2007|19:22] C:\Program Files\Common Files\Logitech
    [14/11/2007|20:24] C:\Program Files\Common Files\microsoft shared
    [12/04/2008|19:05] C:\Program Files\Common Files\PC Tools
    [02/02/2008|14:08] C:\Program Files\Common Files\PocketSoft
    [30/05/2007|05:13] C:\Program Files\Common Files\Roxio Shared
    [02/11/2006|13:18] C:\Program Files\Common Files\Services
    [30/05/2007|05:15] C:\Program Files\Common Files\Sonic Shared
    [02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
    [30/05/2007|05:13] C:\Program Files\Common Files\SureThing Shared
    [12/12/2007|18:15] C:\Program Files\Common Files\Symantec Shared
    [30/08/2007|19:17] C:\Program Files\Common Files\System
    [11/12/2007|18:08] C:\Program Files\Common Files\WindowsLiveInstaller

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    Aucun fichier / dossier Lop trouvé !

    ----------------------[ Verification du Registre ]----------------------

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-25 20:03:33
    Windows 6.0.6000 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    Aucune autre infection trouvée !

    /!\ [Fich:344][Doss:9] C:\Users\GWNAL~1\AppData\Local\Temp
    /!\ [Fich:120][Doss:1] C:\Users\GWNAL~1\AppData\Roaming\MICROS~1\Windows\Cookies
    /!\ [Fich:824][Doss:4] C:\Users\GWNAL~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5

    [ UAC => 1 ]

    --------------------[ Fin du rapport a 20:13:30,24 ]----------------------

    Voici le 1er rapport de DSS :

    Deckard's System Scanner v20071014.68
    Run by Gwénaël on 2008-04-25 20:19:32
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- Last 5 Restore Point(s) --
    26: 2008-04-25 09:43:32 UTC - RP798 - Windows Update
    25: 2008-04-24 15:05:52 UTC - RP797 - Point de contrôle planifié
    24: 2008-04-22 18:28:02 UTC - RP796 - Windows Update
    23: 2008-04-19 12:42:41 UTC - RP795 - Point de contrôle planifié
    22: 2008-04-18 10:46:53 UTC - RP794 - Windows Update


    -- First Restore Point --
    1: 2008-04-01 14:49:06 UTC - RP762 - Windows Defender Checkpoint


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as Gwénaël.exe) ---------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:23:56, on 25/04/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Windows\sttray.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
    C:\Program Files\Controle Parental\bin\OPTGui.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiLB.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Windows\explorer.exe
    C:\Users\Gwénaël\Desktop\dss.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\GWNAL~1\Desktop\ANTIVI~1\Gwénaël.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.the-exit.com/search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.the-exit.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www/the-exit.com/search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.the-exit.com/search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=...
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.the-exit.com/search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.the-exit.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.the-exit.com/search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.the-exit.com/search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.the-exit.com/search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.the-exit.com/search
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.the-exit.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Dcads Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Dcads Advanced Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\CONTRO~1\bin\optgui.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
    O4 - HKCU\..\Run: [1Mapi] "C:\ProgramData\FastRoamRoam.v3wwz"
    O4 - HKCU\..\Run: [bait deaf idle setup] "C:\ProgramData\Tray Warn Platform.slzg5j"
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: WiFi Station pour Livebox.lnk = C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiLB.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: >>> FREE PORN GALLERIES <<< - javascript:{document.location='http://sexmaxx.com/freegalleries.htm';}
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O13 - Gopher Prefix:
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
    O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\Windows\system32\pr2akt6c.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 13075 bytes

    -- File Associations -----------------------------------------------------------

    .reg - regfile - shell\open\command - regedit.exe "%1" %*
    .scr - scrfile - shell\open\command - "%1" %*


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
    R1 pca-firewall - \??\c:\windows\system32\drivers\pca-firewall.sys
    R3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys

    S0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 FTRTSVC (France Telecom Routing Table Service) - "c:\progra~1\common~1\france telecom\shared modules\ftrtsvc\0\ftrtsvc.exe" <Not Verified; France Telecom SA; CSS-Corporate>
    R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>

    S2 OPTENET_FILTER (Orange Contrôle Parental) - c:\program files\controle parental\bin\optproxy.exe <Not Verified; Orange; Contrôle Parental>
    S3 Boonty Games - "c:\program files\common files\boonty shared\service\boonty.exe" <Not Verified; BOONTY; Boonty Games>
    S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Scheduled Tasks -------------------------------------------------------------

    2008-04-25 20:18:00 256 --a------ C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    2008-04-24 23:01:14 422 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{AFDFE062-1DCC-45DE-947A-6B225D3EC9E6}.job


    -- Files created between 2008-03-25 and 2008-04-25 -----------------------------

    2008-04-24 22:45:58 0 d-------- C:\Lop SD
    2008-04-24 15:16:27 0 d-------- C:\Program Files\Navilog1
    2008-04-23 19:51:09 0 d-------- C:\Users\Gwénaël\Incomplete
    2008-04-19 18:54:06 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-19 18:06:43 0 d-------- C:\Program Files\CCleaner
    2008-04-19 15:22:25 25472 --a------ C:\Windows\system32\drivers\pca-firewall.sys
    2008-04-12 19:05:20 0 d-------- C:\Program Files\Common Files\PC Tools


    -- Find3M Report ---------------------------------------------------------------

    2008-04-25 20:10:01 690594 --a------ C:\Windows\system32\perfh00C.dat
    2008-04-25 20:10:01 117366 --a------ C:\Windows\system32\perfc00C.dat
    2008-04-25 20:03:05 0 d-------- C:\Users\Gwénaël\AppData\Roaming\OpenOffice.org2
    2008-04-25 19:51:49 0 d-------- C:\Users\Gwénaël\AppData\Roaming\Pro Cycling Manager 2007
    2008-04-25 15:53:24 3072 --a------ C:\Users\Gwénaël\AppData\Roaming\wklnhst.dat
    2008-04-25 11:21:50 0 d-------- C:\Users\Gwénaël\AppData\Roaming\LimeWire
    2008-04-25 11:11:20 0 d-------- C:\Users\Gwénaël\AppData\Roaming\Corel
    2008-04-19 18:54:51 0 d-------- C:\Users\Gwénaël\AppData\Roaming\Malwarebytes
    2008-04-19 15:40:31 0 d-------- C:\Program Files\Cyanide
    2008-04-19 15:40:11 0 d-------- C:\Program Files\Nvu
    2008-04-12 19:05:20 0 d-------- C:\Program Files\Common Files
    2008-04-10 19:02:06 0 d-------- C:\Program Files\Windows Mail
    2008-03-19 19:55:59 0 d-------- C:\Program Files\Windows Media Components
    2008-03-12 11:49:43 0 d-------- C:\Program Files\LimeWire
    2008-03-02 12:01:49 0 d-------- C:\Users\Gwénaël\AppData\Roaming\HP
    2008-02-28 11:30:51 0 d-------- C:\Program Files\Windows Live
    2008-02-01 12:17:40 587264 --a------ C:\Windows\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Galerie de photos Windows Live>


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
    02/03/2007 17:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [20/06/2007 13:01]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 02:11]
    "SigmatelSysTrayApp"="sttray.exe" [08/02/2007 07:16 C:\Windows\sttray.exe]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [29/09/2006 13:39]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03/10/2006 12:37]
    "@"="" []
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [05/11/2006 12:22]
    "PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [20/10/2006 18:23]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/02/2008 19:18]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [03/10/2006 12:35]
    "SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [12/12/2006 19:16]
    "OPTENET_GUI"="C:\PROGRA~1\CONTRO~1\bin\optgui.exe" [05/12/2006 19:51]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [29/03/2008 19:37]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [31/10/2006 02:03]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [15/11/2006 22:58]
    "LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [15/11/2006 23:01]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [11/03/2007 22:34]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [15/03/2007 12:09]
    "@"="" []
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 13:35]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [16/08/2007 16:19]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [18/07/2007 13:35]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [10/01/2008 18:06]
    "1Mapi"="C:\ProgramData\FastRoamRoam.v3wwz" [09/10/2007 18:00]
    "bait deaf idle setup"="C:\ProgramData\Tray Warn Platform.slzg5j" []
    "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [17/07/2007 12:03]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Users\Gw‚na‰l\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [17/08/2007 22:57:56]
    wkcalrem.LNK - C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe [05/06/2006 11:53:24]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/03/2007 22:26:24]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26]
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [18/07/2007 13:35:52]
    WiFi Station pour Livebox.lnk - C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiLB.exe [15/07/2007 18:14:36]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)
    "ValidateAdminCodeSignatures"=1 (0x1)
    "FilterAdministratorToken"=1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @="IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @="SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @="SecurityDevices"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt
    LocalServiceNoNetwork PLA DPS BFE mpssvc
    LocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg
    HPZ12 Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt hpqcxs08 hpqddsvc


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
    msiexec /fums {65E6362A-B878-4A7B-86DA-D16F8DBD75C7} /qb

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-04-25 20:26:45 ------------

    et voici le 2ème rapport de DSS :

    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft® Windows Vista™ Professionnel (build 6000)
    Architecture: X86; Language: French

    CPU 0: Intel(R) Core(TM)2 CPU 6320 @ 1.86GHz
    Percentage of Memory in Use: 42%
    Physical Memory (total/avail): 2045.32 MiB / 1184.57 MiB
    Pagefile Memory (total/avail): 4310.7 MiB / 3301.2 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1923.27 MiB

    C: is Fixed (NTFS) - 455.59 GiB total, 345.39 GiB free.
    D: is Fixed (NTFS) - 10 GiB total, 6.58 GiB free.
    E: is CDROM (No Media)
    G: is Removable (No Media)
    H: is Removable (No Media)
    I: is Removable (No Media)
    J: is Removable (No Media)

    \\.\PHYSICALDRIVE0 - ARRAY - 465.65 GiB - 3 partitions
    \PARTITION0 - Unknown - 62.72 MiB
    \PARTITION1 - Système de fichiers installable - 10 GiB - D:
    \PARTITION2 (bootable) - Système de fichiers installable - 455.59 GiB - C:

    \\.\PHYSICALDRIVE1 - TEAC USB HS-CF Card USB Device

    \\.\PHYSICALDRIVE3 - TEAC USB HS-MS Card USB Device

    \\.\PHYSICALDRIVE4 - TEAC USB HS-SD Card USB Device

    \\.\PHYSICALDRIVE2 - TEAC USB HS-xD/SM USB Device



    -- Security Center -------------------------------------------------------------

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is enabled.

    AV: avast! antivirus 4.8.1169 [VPS 080425-1] v4.8.1169 (ALWIL Software) Disabled
    AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
    AS: avast! antivirus 4.8.1169 [VPS 080425-1] v4.8.1169 (ALWIL Software) Disabled

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"="C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe:*:enabled:CSS"


    -- Environment Variables -------------------------------------------------------

    Administrative Tools=C:\Users\GWNAL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\ADMINI~1
    ALLUSERSPROFILE=C:\ProgramData
    APPDATA=C:\Users\GWNAL~1\AppData\Roaming
    autres=0
    autrN=Aucune autre infection trouvée !
    autrY=Recherche d'autres infections
    BB=0
    Cache=C:\Users\GWNAL~1\AppData\Local\MICROS~1\Windows\TEMPOR~1
    catR=Recherche de fichiers avec Catchme
    CD Burning=C:\Users\GWNAL~1\AppData\Local\MICROS~1\Windows\Burn\Burn
    cdx=C:\Lop SD
    choixhosts=1
    cntback=\\\\\\\\\\\\\\\\\\\\\\\\\\\\ CONTENU BACKUP ////////////////////////////
    Common Administrative Tools=C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\ADMINI~1
    Common AppData=C:\PROGRA~2
    Common Desktop=C:\Users\Public\Desktop
    Common Documents=C:\Users\Public\DOCUME~1
    Common Favorites=C:\Users\GWNAL~1\FAVORI~1
    Common Music=C:\Users\Public\Music
    Common Pictures=C:\Users\Public\Pictures
    Common Programs=C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs
    Common Start Menu=C:\PROGRA~2\MICROS~1\Windows\STARTM~1
    Common Startup=C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup
    Common Templates=C:\PROGRA~2\MICROS~1\Windows\TEMPLA~1
    Common Video=C:\Users\Public\Videos
    CommonProgramFiles=C:\Program Files\Common Files
    compcD=4
    compcF=824
    compkD=1
    compkF=120
    comptD=9
    comptF=344
    comptHC=0
    comptHN=1
    comptNO=0
    comptTO=1
    COMPUTERNAME=GWEN
    ComSpec=C:\Windows\system32\cmd.exe
    Cookies=C:\Users\GWNAL~1\AppData\Roaming\MICROS~1\Windows\Cookies
    copi=Copié !
    Desktop=C:\Users\GWNAL~1\Desktop
    eche=Echec !
    EE=0
    egd=0
    exec=2
    Favorites=C:\Users\GWNAL~1\FAVORI~1
    fenetr=!! NE PAS FERMER LA FENETRE !!
    finrap=Fin du rapport a
    Fonts=C:\Windows\Fonts
    FP_NO_HOST_CHECK=NO
    GG=0
    History=C:\Users\GWNAL~1\AppData\Local\MICROS~1\Windows\History
    HOMEDRIVE=C:
    HOMEPATH=\Users\Gw‚na‰l
    inflop=0
    langue=1
    listapp=Listing des dossiers dans Application Data
    listask=Tâches planifiées dans C:\Windows\tasks
    listcpg=Listing des dossiers dans C:\Program Files\Common Files
    listprd=Listing des dossiers dans C:\ProgramData
    listprg=Listing des dossiers dans C:\Program Files
    Local AppData=C:\Users\GWNAL~1\AppData\Local
    LOCALAPPDATA=C:\Users\Gw‚na‰l\AppData\Local
    LOGONSERVER=\\GWEN
    mhst=Fichier Hosts MODIFIE
    MSN=0
    My Music=C:\Users\GWNAL~1\Music
    My Pictures=C:\Users\GWNAL~1\Pictures
    NetHood=C:\Users\GWNAL~1\AppData\Roaming\MICROS~1\Windows\NETWOR~1
    noinflp=Aucun fichier / dossier Lop trouvé !
    nokill=0
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    oslog=2
    Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    Personal=C:\Users\GWNAL~1\DOCUME~1
    phst=Fichier Hosts PROPRE
    pres=Présent !
    PrintHood=C:\Users\GWNAL~1\AppData\Roaming\MICROS~1\Windows\PRINTE~1
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0f06
    ProgramData=C:\ProgramData
    ProgramFiles=C:\Program Files
    Programs=C:\Users\GWNAL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs
    PROMPT=$P$G
    PUBLIC=C:\Users\Public
    rapdeux=\\\\\\\\\\\\\\\\\\\\\\\\\\\ DEUXIEME PASSAGE ///////////////////////////
    rapsupp=\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////
    Recent=C:\Users\GWNAL~1\AppData\Roaming\MICROS~1\Windows\Recent
    rechlop=Recherche de Fichiers / Dossiers Lop
    rechslp=Recherche avec S_Lop
    rekill=1
    rhst=Restauré! - Fichier Hosts
    RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
    SendTo=C:\Users\GWNAL~1\AppData\Roaming\MICROS~1\Windows\SendTo
    SESSIONNAME=Console
    Sinf=0
    SS=0
    Start Menu=C:\Users\GWNAL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1
    Startup=C:\Users\GWNAL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup
    supp=Supprimé!
    suppL1=Suppression en cours ...
    SystemDrive=C:
    SystemRoot=C:\Windows
    TEMP=C:\Users\GWNAL~1\AppData\Local\Temp
    Templates=C:\Users\GWNAL~1\AppData\Roaming\MICROS~1\Windows\TEMPLA~1
    TMP=C:\Users\GWNAL~1\AppData\Local\Temp
    USERDOMAIN=Gwen
    USERNAME=Gw‚na‰l
    USERPROFILE=C:\Users\Gw‚na‰l
    varW=85.255.
    verireg=Verification du Registre
    verreg=0
    vhst=Verification du fichier Hosts
    VV=0
    windir=C:\Windows


    -- User Profiles ---------------------------------------------------------------

    Gwénaël (admin)
    parents (new local, net ready)


    -- Add/Remove Programs ---------------------------------------------------------

    --> "C:\Program Files\Creative Installation Information\CD_RIPPER_UNICODE_2\Setup.exe" /remove /l0x040c
    --> "C:\Program Files\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /l0x040c
    --> "C:\Program Files\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /l0x040c
    --> "C:\Program Files\Creative Installation Information\ZEN_MTP_MEDIA_EXPLORER\Setup.exe" /remove /l0x040c
    --> C:\Program Files\OrangeHSS\Uninstall\Bas_Debit_CustoUpdate\Shell.exe MainUninstall.shl
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c
    32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
    Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    Adobe Reader 7.0.8 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70800000002}
    Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
    Adssite Advanced Toolbar --> C:\Program Files\Adssite Advanced Toolbar\uninstall.exe
    Adssite Browser Optimizer --> C:\Windows\system32\adssite-remove.exe
    Adssite Games Collection --> C:\Program Files\Adssite Games Collection\uninstall.exe
    Assistant de connexion Windows Live --> MsiExec.exe /I{CB5EA99C-8A5B-49F2-9A1A-2EF78BE4DB41}
    Assistant Personnalisation du systéme Dell --> MsiExec.exe /I{9954484F-6EE4-4040-94E3-4B380646F867}
    ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x9
    AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
    avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    Browser Optimizer Dcads --> C:\Windows\system32\dcads-remove.exe
    Browser Optimizer Superiorads --> C:\Windows\system32\superiorads-uninst.exe
    CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
    Codeur Windows Media Série 9 --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
    Codeur Windows Media Série 9 --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
    Conjugaison --> MsiExec.exe /I{057AA4D8-559F-42B1-98A0-508303834B2E}
    Contrôle Parental --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93094D10-9388-11D4-9886-0000B43F396D}\Setup.exe" -l0x40c
    Corel Paint Shop Pro Photo XI --> MsiExec.exe /I{93A1B09E-BAFA-4628-A5B6-921CB026955A}
    Corel Snapfire Plus --> MsiExec.exe /I{7ADE3A47-B425-45E9-8FF6-11BE2B775645}
    Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c /remove
    Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove
    Creative ZEN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D24DDB61-8868-46CF-BC36-BECC1674F0C1}\SETUP.EXE" -l0x40c /remove
    Dcads Advanced Toolbar --> C:\Program Files\Dcads Advanced Toolbar\uninstall.exe
    Dcads Games Collection --> C:\Program Files\Dcads Games Collection\uninstall.exe
    DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
    Delta Force - Black Hawk Down --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8FE54D21-8254-4CCF-AEE0-066496AE43F4}\setup.exe" -l0x40c -uninst
    Desktop XP Screensaver Manager 1.2 --> "C:\Program Files\Desktop XP\Screensaver Manager\unins000.exe"
    DialMessenger v2.13 --> C:\Program Files\DialMessenger/uninstall.exe
    DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
    DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Free Baseball Screensaver --> "C:\Program Files\Free Baseball Screensaver\unins000.exe"
    Galerie de photos Windows Live --> MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
    Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
    Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
    Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
    GreenBox LogoMaker 1.2 --> "C:\Program Files\Studio V5\GreenBox\unins000.exe"
    Guide de l'utilisateur --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
    Hercules WiFi Station for Livebox --> C:\Program Files\InstallShield Installation Information\{DECE22F4-EEDD-4615-BC56-2F4827FAD64B}\set
    26 Avril 2008 12:57:31

    Re,

    1) Relance HijackThis (clique droit -> lancer en tant qu'adminstrateur sous Vista), clique sur "do a system scan only", coche ces lignes ( si présentes ) puis clique sur "Fix Checked" et referme HijackThis :

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.the-exit.com/search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.the-exit.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www/the-exit.com/search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.the-exit.com/search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?sourcei [...] r&ie=UTF-8
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.the-exit.com/search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.the-exit.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.the-exit.com/search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.the-exit.com/search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.the-exit.com/search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.the-exit.com/search
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.the-exit.com
    O3 - Toolbar: Dcads Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Dcads Advanced Toolbar\toolbar.dll
    O4 - HKCU\..\Run: [1Mapi] "C:\ProgramData\FastRoamRoam.v3wwz"
    O4 - HKCU\..\Run: [bait deaf idle setup] "C:\ProgramData\Tray Warn Platform.slzg5j"
    O8 - Extra context menu item: >>> FREE PORN GALLERIES


    2) Télécharger OTMoveIt2 par OldTimer.

  • Enregistrer ce fichier sur le Bureau.
  • Faire un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si vous utilisez Vista, faire un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
  • Copier les lignes de la zone "Code" ci-dessous en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
    C:\Users\GWNAL~1\AppData\Roaming\Dcads Advanced Toolbar\
    C:\ProgramData\FastRoamRoam.0ci8n
    C:\ProgramData\FastRoamRoam.h79li
    C:\ProgramData\FastRoamRoam.lgyou5a
    C:\ProgramData\FastRoamRoam.rg432po
    C:\ProgramData\FastRoamRoam.sb0prc
    C:\ProgramData\FastRoamRoam.v3wwz
    C:\ProgramData\BOONTY
    C:\Program Files\Common Files\BOONTY Shared

  • Retourner dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone "Paste Standard List of Files/Folders to Move" (sous la barre bleu clair) puis choisir Coller.
  • Cliquer sur le bouton rouge Moveit!.
  • Copier tout ce qui se trouve dans la zone Results (sous la barre verte) en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.
  • Fermer OTMoveIt2

    Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes. Dans ce cas, après le redémarrage, ouvrir le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), cliquer sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuyer sur la touche Entrée, naviguer jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvrir le fichier .log le plus récent; ensuite faire un copier/coller du contenu de ce document en réponse sur le forum.

    Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.

    3) Rends toi sur ce lien : Virus Total
  • Clique sur Parcourir
  • Rends toi jusque sur ce fichier si tu le trouves :

    C:\Windows\system32\drivers\pca-firewall.sys
    C:\Users\Gwénaël\AppData\Roaming\wklnhst.dat

  • Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image :
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
    Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.

    ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS