Se connecter / S'enregistrer
Votre question

Ralentissement du pc, mass popus et autres ... [résolu]

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
2 Mars 2008 23:12:08

Bonsoir,

Voilà j'ai quelques petits problèmes avec mon pc actuellement.

En effet de temps à autre il va se mettre à ralentir et toute sa mémoire vive va être bouffée par iexplore.exe. Bien que je n'ai aucune fenêtre d'IE ouverte, je termine le processus. 2s plus tard, un processus genre BYTE2~F.exe se lance (que je ne peux terminer mais de toute façon il ne reste visible que 2s pas plus) et ensuite revient le gentil iexplore.exe qui comme d'habitude, ne se fait pas prier pour manger ma ram.

Mis à part ce problème, j'ai plein de popups qui apparaissent de n'importe où, même si je n'ai ouvert aucun navigateur.

Quand l'envie lui prend, mon pc me laisse du répis pour pouvoir l'utiliser, genre 1h/24h :p 

Si vous voulez mon rapport Hijackthis, le voici, mais à un moment où il ne se passe rien :

Logfile of HijackThis v1.99.1
Scan saved at 23:05:32, on 02/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sitecom\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sitecom\Logiciel Bluetooth\BTTray.exe
C:\Program Files\MSI\SecureDoc\Logon.exe
C:\Wifi\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\MIAGE\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shinobi.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitDownload\TorrentManager.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {157B91D9-D643-403b-92FE-FB48DA68D6C4} - (no file)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users\Application Data\Software rule flag owns\Corn License.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [Steam] "c:\jeux\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [media hope] C:\DOCUME~1\Guizmo\APPLIC~1\Openvc\Byte2Flaw.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: SecureDoc.lnk = C:\Program Files\MSI\SecureDoc\Logon.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Sitecom\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {56DCC28F-A5B1-4D19-87BB-AEF094C10F37} (ZInstallX Control) - http://mmchat.heycosmo.com/zeroworld/ZInstallX/Download...
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Autres pages sur : ralentissement mass popus resolu

2 Mars 2008 23:39:03

bonsoir

Télécharge Lop S&D.exe sur ton bureau

  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
  • Séléctionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré ( C:\lopR.txt )

    ( Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )


    2 Mars 2008 23:40:07

    Si j'ai oublié d'effectuer une quelconque manip, faites moi en part, j'attends votre aide avec impatience ;) 

    PS : J'en ai profité pour commencer à dl AntiVir
    Contenus similaires
    2 Mars 2008 23:47:23

    tu as vu que je t'avais répondu?
    regarde ci-dessus, j'attends ton rapport
    2 Mars 2008 23:49:32

    Lors du scan avast a trouvé un trojan dans local settings\temp\nom_immonde que j'ai mis en quarantaine
    Sinon voilà ce que le scan a donné :


    -----------------------------[ Lop S&D 4.0.3 ]---------------------------

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : Guizmo ] [ "C:\Lop SD" ]
    [ 02/03/2008 | 23:46:03,31 ] [ PC : ZENLAND-348E9DF ]
    [ MAJ : 02-03-2008 | 20:16 ]

    -------------[ Listing des dossiers dans Application Data ]------------

    [26/02/2008|16:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
    [26/02/2008|16:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
    [13/12/2007|19:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [10/05/2007|21:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
    [19/02/2008|22:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
    [13/03/2006|01:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
    [21/09/2007|23:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
    [10/03/2006|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
    [13/12/2007|19:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
    [10/12/2007|13:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FreeDownloadManager.ORG
    [31/10/2006|13:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [26/02/2008|16:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    [27/05/2007|11:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macromedia
    [20/01/2008|17:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [02/05/2007|23:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [02/05/2007|23:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
    [23/06/2007|18:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\River Past G5
    [05/11/2007|21:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    [18/02/2008|19:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns
    [01/03/2008|01:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [03/07/2007|00:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [14/12/2006|19:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [30/09/2006|23:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

    [10/03/2006|19:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
    [10/03/2006|19:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
    [10/03/2006|19:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
    [10/03/2006|18:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [19/02/2008|22:59] C:\DOCUME~1\Guizmo\APPLIC~1\.
    [19/02/2008|22:59] C:\DOCUME~1\Guizmo\APPLIC~1\..
    [13/12/2007|19:15] C:\DOCUME~1\Guizmo\APPLIC~1\Adobe
    [26/09/2006|16:14] C:\DOCUME~1\Guizmo\APPLIC~1\Ahead
    [19/02/2008|22:59] C:\DOCUME~1\Guizmo\APPLIC~1\ATI
    [10/04/2006|17:37] C:\DOCUME~1\Guizmo\APPLIC~1\AVG7
    [05/01/2008|03:38] C:\DOCUME~1\Guizmo\APPLIC~1\Azureus
    [08/04/2007|00:11] C:\DOCUME~1\Guizmo\APPLIC~1\BitDownload
    [19/09/2006|20:18] C:\DOCUME~1\Guizmo\APPLIC~1\Creative
    [10/03/2006|19:40] C:\DOCUME~1\Guizmo\APPLIC~1\desktop.ini
    [04/05/2007|19:27] C:\DOCUME~1\Guizmo\APPLIC~1\DivX
    [28/08/2006|20:17] C:\DOCUME~1\Guizmo\APPLIC~1\dvdcss
    [02/03/2008|23:41] C:\DOCUME~1\Guizmo\APPLIC~1\Free Download Manager
    [15/07/2006|13:39] C:\DOCUME~1\Guizmo\APPLIC~1\GdiplusUpgrade_MSIApproach_Wrapper.log
    [31/10/2006|20:08] C:\DOCUME~1\Guizmo\APPLIC~1\Google
    [08/07/2006|11:38] C:\DOCUME~1\Guizmo\APPLIC~1\Help
    [10/03/2006|18:57] C:\DOCUME~1\Guizmo\APPLIC~1\Identities
    [08/01/2008|17:11] C:\DOCUME~1\Guizmo\APPLIC~1\InstallShield
    [10/03/2006|19:35] C:\DOCUME~1\Guizmo\APPLIC~1\InterTrust
    [27/05/2007|11:45] C:\DOCUME~1\Guizmo\APPLIC~1\Macromedia
    [05/05/2007|00:19] C:\DOCUME~1\Guizmo\APPLIC~1\Media Player Classic
    [09/03/2007|22:31] C:\DOCUME~1\Guizmo\APPLIC~1\MegauploadToolbar
    [25/02/2007|17:33] C:\DOCUME~1\Guizmo\APPLIC~1\Micro Application
    [05/01/2008|04:49] C:\DOCUME~1\Guizmo\APPLIC~1\Microsoft
    [10/03/2006|19:08] C:\DOCUME~1\Guizmo\APPLIC~1\Mozilla
    [01/03/2008|01:41] C:\DOCUME~1\Guizmo\APPLIC~1\OpenOffice.org2
    [18/02/2008|19:39] C:\DOCUME~1\Guizmo\APPLIC~1\Openvc
    [29/06/2007|18:20] C:\DOCUME~1\Guizmo\APPLIC~1\Ringjacker
    [23/06/2007|18:34] C:\DOCUME~1\Guizmo\APPLIC~1\River Past G5
    [01/10/2006|11:24] C:\DOCUME~1\Guizmo\APPLIC~1\ScreenShow
    [27/09/2007|22:22] C:\DOCUME~1\Guizmo\APPLIC~1\ScummVM
    [04/07/2007|19:27] C:\DOCUME~1\Guizmo\APPLIC~1\SEEnJOY
    [11/02/2008|23:26] C:\DOCUME~1\Guizmo\APPLIC~1\Skype
    [29/06/2007|18:09] C:\DOCUME~1\Guizmo\APPLIC~1\skySpace
    [12/09/2006|22:56] C:\DOCUME~1\Guizmo\APPLIC~1\Sun
    [10/03/2006|19:08] C:\DOCUME~1\Guizmo\APPLIC~1\Talkback
    [02/03/2008|14:32] C:\DOCUME~1\Guizmo\APPLIC~1\teamspeak2
    [09/09/2007|11:38] C:\DOCUME~1\Guizmo\APPLIC~1\U3
    [14/05/2006|15:41] C:\DOCUME~1\Guizmo\APPLIC~1\vlc

    [13/03/2006|01:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
    [13/03/2006|01:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
    [13/03/2006|01:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
    [31/07/2006|12:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [10/03/2006|18:54] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
    [10/03/2006|18:54] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
    [31/07/2006|12:25] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [02/03/2008 23:00][--ah-----] C:\WINDOWS\tasks\AE2B1F1194608F7D.job
    [01/03/2008 01:38][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [05/08/2004 13:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [26/02/2008|18:15] C:\Program Files\.
    [26/02/2008|18:15] C:\Program Files\..
    [13/12/2007|19:18] C:\Program Files\Adobe
    [15/08/2006|19:09] C:\Program Files\Agfa
    [31/07/2006|12:30] C:\Program Files\Alwil Software
    [19/02/2008|22:50] C:\Program Files\ATI Technologies
    [11/02/2008|22:56] C:\Program Files\AV Vcs 5.5
    [17/11/2006|19:05] C:\Program Files\AVSMedia
    [01/01/2008|18:53] C:\Program Files\Azureus
    [08/04/2007|00:11] C:\Program Files\BitDownload
    [13/12/2007|19:16] C:\Program Files\Bonjour
    [16/12/2006|21:16] C:\Program Files\Boonty
    [21/09/2007|23:52] C:\Program Files\BoontyGames
    [04/05/2007|23:58] C:\Program Files\Bullfrog
    [20/01/2008|17:19] C:\Program Files\Circle Developement
    [04/01/2007|20:38] C:\Program Files\Cogit Master
    [10/03/2006|18:47] C:\Program Files\ComPlus Applications
    [31/08/2006|10:34] C:\Program Files\Core Design
    [19/09/2006|20:11] C:\Program Files\Creative
    [17/02/2008|18:58] C:\Program Files\DAEMON Tools
    [17/02/2008|18:59] C:\Program Files\DaemonTools_WhenUSave_Installer
    [03/09/2006|14:06] C:\Program Files\directx
    [04/05/2007|19:26] C:\Program Files\DivX
    [07/01/2008|13:40] C:\Program Files\DOSBox-0.72
    [18/07/2007|19:22] C:\Program Files\DVD X Player 4.0 Professionnel
    [27/05/2007|10:51] C:\Program Files\EasyPHP1-8
    [23/02/2008|09:34] C:\Program Files\eMule
    [13/12/2007|18:35] C:\Program Files\Fichiers communs
    [10/12/2007|13:41] C:\Program Files\Free Download Manager
    [17/11/2006|19:53] C:\Program Files\Game Cam v1.4
    [05/02/2007|16:48] C:\Program Files\Google
    [24/05/2006|22:05] C:\Program Files\Heroes2
    [15/07/2006|13:39] C:\Program Files\Hewlett-Packard
    [03/09/2007|01:11] C:\Program Files\Heycosmo
    [13/03/2006|21:30] C:\Program Files\HP
    [19/02/2008|22:49] C:\Program Files\InstallShield Installation Information
    [22/02/2008|22:05] C:\Program Files\InterActual
    [14/02/2008|10:10] C:\Program Files\Internet Explorer
    [23/03/2007|17:53] C:\Program Files\InternetGameBox
    [05/01/2008|03:54] C:\Program Files\ISO Commander
    [05/01/2008|04:00] C:\Program Files\ISOpen
    [13/12/2007|12:11] C:\Program Files\Java
    [05/05/2007|00:17] C:\Program Files\K-Lite Codec Pack
    [13/03/2006|20:53] C:\Program Files\Lavalys
    [26/02/2008|16:11] C:\Program Files\Lavasoft
    [27/05/2007|11:43] C:\Program Files\Macromedia
    [23/06/2007|18:44] C:\Program Files\Mediaccurate
    [04/01/2007|20:34] C:\Program Files\Mega City
    [06/01/2007|03:06] C:\Program Files\MegauploadToolbar
    [10/03/2006|19:13] C:\Program Files\Messenger
    [11/02/2008|21:01] C:\Program Files\Messenger Plus! Live
    [01/10/2006|11:21] C:\Program Files\Micro Application
    [10/03/2006|18:50] C:\Program Files\microsoft frontpage
    [05/01/2008|04:33] C:\Program Files\Microsoft Games
    [23/03/2006|12:11] C:\Program Files\Microsoft Office
    [02/05/2007|23:40] C:\Program Files\Microsoft Visual Studio 8
    [23/03/2006|12:12] C:\Program Files\Microsoft.NET
    [10/03/2006|18:48] C:\Program Files\Movie Maker
    [10/03/2006|19:07] C:\Program Files\Mozilla
    [02/03/2008|22:53] C:\Program Files\Mozilla Firefox
    [13/03/2006|19:38] C:\Program Files\MSI
    [10/03/2006|18:46] C:\Program Files\MSN
    [10/03/2006|18:47] C:\Program Files\MSN Gaming Zone
    [11/02/2008|21:01] C:\Program Files\MSN Messenger
    [07/12/2006|16:47] C:\Program Files\MSXML 4.0
    [08/04/2007|00:37] C:\Program Files\Multi_Media_France
    [26/09/2006|06:33] C:\Program Files\Nero
    [10/03/2006|18:48] C:\Program Files\NetMeeting
    [08/01/2008|17:12] C:\Program Files\Ocean Technology
    [10/03/2006|18:47] C:\Program Files\Online Services
    [02/10/2007|19:48] C:\Program Files\OpenOffice.org 2.3
    [18/02/2008|19:38] C:\Program Files\Openvc
    [14/06/2007|02:02] C:\Program Files\Outlook Express
    [02/06/2006|18:14] C:\Program Files\QuickTime
    [13/03/2006|21:44] C:\Program Files\Realtek
    [13/03/2006|23:13] C:\Program Files\Realtek AC97
    [23/06/2007|18:34] C:\Program Files\River Past
    [26/10/2007|08:40] C:\Program Files\Samsung
    [14/08/2006|08:32] C:\Program Files\ScanDrv
    [13/12/2007|20:07] C:\Program Files\Script Edit
    [29/09/2007|14:12] C:\Program Files\ScummVM
    [10/03/2006|18:49] C:\Program Files\Services en ligne
    [13/03/2006|19:37] C:\Program Files\Setup Files
    [30/03/2006|23:56] C:\Program Files\Sitecom
    [05/11/2007|21:12] C:\Program Files\Skype
    [04/05/2007|23:45] C:\Program Files\Smart Projects
    [01/03/2007|00:19] C:\Program Files\Sonnerie Toolbar
    [26/02/2008|16:43] C:\Program Files\Spybot - Search & Destroy
    [12/07/2007|14:26] C:\Program Files\StarForge
    [11/07/2007|16:33] C:\Program Files\StealthBot
    [14/07/2006|19:45] C:\Program Files\SuperCopier2
    [21/09/2007|23:47] C:\Program Files\T‚l‚chargeur de XIII
    [25/02/2007|17:05] C:\Program Files\TryMedia
    [02/05/2006|18:46] C:\Program Files\UbiSoft
    [10/03/2006|18:57] C:\Program Files\Uninstall Information
    [24/12/2007|21:26] C:\Program Files\VideoLAN
    [16/12/2007|21:32] C:\Program Files\WC3Banlist
    [20/01/2008|17:19] C:\Program Files\Windows Live
    [26/05/2007|13:24] C:\Program Files\Windows Media Connect 2
    [24/12/2007|03:42] C:\Program Files\Windows Media Player
    [10/03/2006|18:46] C:\Program Files\Windows NT
    [10/03/2006|18:49] C:\Program Files\WindowsUpdate
    [04/05/2007|23:34] C:\Program Files\WinISO
    [16/12/2007|20:53] C:\Program Files\WinPcap
    [08/10/2006|13:33] C:\Program Files\WinRAR
    [17/02/2008|18:56] C:\Program Files\Winsos
    [29/09/2007|09:48] C:\Program Files\WinUAE
    [10/03/2006|18:50] C:\Program Files\xerox
    [30/09/2006|23:44] C:\Program Files\Yahoo!
    [11/10/2007|17:39] C:\Program Files\YesMessenger

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    [13/12/2007|18:35] C:\Program Files\Fichiers communs\.
    [13/12/2007|18:35] C:\Program Files\Fichiers communs\..
    [13/12/2007|18:47] C:\Program Files\Fichiers communs\Adobe
    [10/05/2007|21:34] C:\Program Files\Fichiers communs\Adobe Systems Shared
    [26/09/2006|06:37] C:\Program Files\Fichiers communs\Ahead
    [01/10/2006|11:21] C:\Program Files\Fichiers communs\AquaSoft
    [13/03/2006|19:17] C:\Program Files\Fichiers communs\ATI Technologies
    [24/11/2006|18:22] C:\Program Files\Fichiers communs\AVSMedia
    [10/03/2006|20:34] C:\Program Files\Fichiers communs\Blizzard Entertainment
    [21/09/2007|23:47] C:\Program Files\Fichiers communs\BOONTY Shared
    [23/03/2006|12:11] C:\Program Files\Fichiers communs\DESIGNER
    [13/03/2006|01:04] C:\Program Files\Fichiers communs\InstallShield
    [12/09/2006|22:54] C:\Program Files\Fichiers communs\Java
    [27/05/2007|11:45] C:\Program Files\Fichiers communs\Macromedia
    [13/12/2007|18:35] C:\Program Files\Fichiers communs\Macrovision Shared
    [02/05/2007|23:42] C:\Program Files\Fichiers communs\Microsoft Shared
    [10/03/2006|18:48] C:\Program Files\Fichiers communs\MSSoap
    [10/03/2006|19:40] C:\Program Files\Fichiers communs\ODBC
    [23/06/2007|18:34] C:\Program Files\Fichiers communs\River Past
    [10/03/2006|18:48] C:\Program Files\Fichiers communs\Services
    [05/11/2007|21:12] C:\Program Files\Fichiers communs\Skype
    [10/03/2006|19:40] C:\Program Files\Fichiers communs\SpeechEngines
    [14/06/2007|02:02] C:\Program Files\Fichiers communs\System
    [26/02/2008|16:10] C:\Program Files\Fichiers communs\Wise Installation Wizard

    ----------------------[ Recherche avec S_Lop ]---------------------

    C:\DOCUME~1\Guizmo\LOCALS~1\Temp\bis107.exe
    C:\DOCUME~1\Guizmo\APPLIC~1\Openvc
    C:\DOCUME~1\Guizmo\APPLIC~1\Openvc\aggeapzj.exe
    C:\DOCUME~1\Guizmo\APPLIC~1\Openvc\Byte2Flaw.exe
    C:\DOCUME~1\Guizmo\APPLIC~1\Openvc\drawdefywarn.exe
    C:\DOCUME~1\Guizmo\APPLIC~1\Openvc\gctkceyh.exe
    C:\DOCUME~1\Guizmo\APPLIC~1\Openvc\hdaohjyb.exe
    C:\DOCUME~1\Guizmo\APPLIC~1\Openvc\platform deaf find mix.exe

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns\Corn License.exe
    C:\DOCUME~1\Guizmo\APPLIC~1\Bitdownload
    C:\DOCUME~1\Guizmo\APPLIC~1\Bitdownload\Data
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Bitdownload
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Bitdownload\BitDownload.lnk
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Bitdownload\Uninstall BitDownload.lnk
    C:\Program Files\Bitdownload
    C:\Program Files\Bitdownload\BitDownload.exe
    C:\Program Files\Bitdownload\BitDownload.TRC
    C:\Program Files\Bitdownload\settings.ini
    C:\Program Files\Bitdownload\settings.stp
    C:\Program Files\Bitdownload\SkinCrafterDll.dll
    C:\Program Files\Bitdownload\Skins
    C:\Program Files\Bitdownload\Support
    C:\Program Files\Bitdownload\TorrentManager.dll
    C:\Program Files\Bitdownload\unins000.dat
    C:\Program Files\Bitdownload\unins000.exe
    C:\Program Files\Bitdownload\ZM
    C:\Program Files\Circle Developement
    C:\Program Files\Circle Developement\Uninstall.exe
    C:\Program Files\Multi_Media_France
    C:\Program Files\Multi_Media_France\INSTALL.LOG
    C:\WINDOWS\Tasks\AE2B1F1194608F7D.job

    ----------------------[ Verification du Registre ]----------------------

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\uninstall\logfirstlite]
    "DisplayName"="CiD Help"
    "UninstallString"="C:\\DOCUME~1\\Guizmo\\APPLIC~1\\Openvc\\Byte2Flaw.exe -uninstall"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "media hope"="C:\\DOCUME~1\\Guizmo\\APPLIC~1\\Openvc\\Byte2Flaw.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Flag Owns Live Grim"="C:\\Documents and Settings\\All Users\\Application Data\\Software rule flag owns\\Corn License.exe"

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts MODIFIE

    127.0.0.1 bin.errorprotector.com ## added by CiD
    127.0.0.1 br.errorsafe.com ## added by CiD
    127.0.0.1 br.winantivirus.com ## added by CiD
    127.0.0.1 br.winfixer.com ## added by CiD
    127.0.0.1 cdn.drivecleaner.com ## added by CiD
    127.0.0.1 cdn.errorsafe.com ## added by CiD
    127.0.0.1 cdn.winsoftware.com ## added by CiD
    127.0.0.1 de.errorsafe.com ## added by CiD
    127.0.0.1 de.winantivirus.com ## added by CiD
    127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
    127.0.0.1 download.cdn.errorsafe.com ## added by CiD
    127.0.0.1 download.cdn.winsoftware.com ## added by CiD
    127.0.0.1 download.errorsafe.com ## added by CiD
    127.0.0.1 download.systemdoctor.com ## added by CiD
    127.0.0.1 download.winantispyware.com ## added by CiD
    127.0.0.1 download.windrivecleaner.com ## added by CiD
    127.0.0.1 download.winfixer.com ## added by CiD
    127.0.0.1 drivecleaner.com ## added by CiD
    127.0.0.1 dynamique.drivecleaner.com ## added by CiD
    127.0.0.1 errorprotector.com ## added by CiD
    127.0.0.1 errorsafe.com ## added by CiD
    127.0.0.1 es.winantivirus.com ## added by CiD
    127.0.0.1 fr.winantivirus.com ## added by CiD
    127.0.0.1 fr.winfixer.com ## added by CiD
    127.0.0.1 go.drivecleaner.com ## added by CiD
    127.0.0.1 go.errorsafe.com ## added by CiD
    127.0.0.1 go.winantispyware.com ## added by CiD
    127.0.0.1 go.winantivirus.com ## added by CiD
    127.0.0.1 hk.winantivirus.com ## added by CiD
    127.0.0.1 instlog.errorsafe.com ## added by CiD
    127.0.0.1 instlog.winantivirus.com ## added by CiD
    127.0.0.1 instlog.winfixer.com ## added by CiD
    127.0.0.1 jsp.drivecleaner.com ## added by CiD
    127.0.0.1 kb.errorsafe.com ## added by CiD
    127.0.0.1 kb.winantivirus.com ## added by CiD
    127.0.0.1 nl.errorsafe.com ## added by CiD
    127.0.0.1 se.errorsafe.com ## added by CiD
    127.0.0.1 secure.drivecleaner.com ## added by CiD
    127.0.0.1 secure.errorsafe.com ## added by CiD
    127.0.0.1 secure.winantispam.com ## added by CiD
    127.0.0.1 secure.winantispy.com ## added by CiD
    127.0.0.1 secure.winantivirus.com ## added by CiD
    127.0.0.1 support.winantivirus.com ## added by CiD
    127.0.0.1 trial.updates.winsoftware.com ## added by CiD
    127.0.0.1 ulog.winantivirus.com ## added by CiD
    127.0.0.1 utils.errorsafe.com ## added by CiD
    127.0.0.1 utils.winantivirus.com ## added by CiD
    127.0.0.1 utils.winfixer.com ## added by CiD
    127.0.0.1 winantispyware.com ## added by CiD
    127.0.0.1 winantivirus.com ## added by CiD
    127.0.0.1 winfixer.com ## added by CiD
    127.0.0.1 winfixer2006.com ## added by CiD
    127.0.0.1 winsoftware.com ## added by CiD
    127.0.0.1 www.drivecleaner.com ## added by CiD
    127.0.0.1 www.errorprotector.com ## added by CiD
    127.0.0.1 www.errorsafe.com ## added by CiD
    127.0.0.1 www.systemdoctor.com ## added by CiD
    127.0.0.1 www.utils.winfixer.com ## added by CiD
    127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
    127.0.0.1 www.win-virus-pro.com ## added by CiD
    127.0.0.1 www.winantispam.com ## added by CiD
    127.0.0.1 www.winantispy.com ## added by CiD
    127.0.0.1 www.winantispyware.com ## added by CiD
    127.0.0.1 www.winantivirus.com ## added by CiD
    127.0.0.1 www.winantiviruspro.com ## added by CiD
    127.0.0.1 www.windrivecleaner.com ## added by CiD
    127.0.0.1 www.windrivesafe.com ## added by CiD
    127.0.0.1 www.winfixer.com ## added by CiD
    127.0.0.1 www.winfixer2006.com ## added by CiD
    127.0.0.1 www.winsoftware.com ## added by CiD

    -> 71 ( 70 ## added by CiD )

    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-02 23:47:28
    Windows 5.1.2600 Service Pack 2 NTFS
    detected NTDLL code modification:
    ZwEnumerateKey, ZwEnumerateValueKey, ZwQueryDirectoryFile, ZwQuerySystemInformation
    scanning hidden files ...
    C:\WINDOWS\System32\jyqqaoagp.dat 6781 bytes
    C:\WINDOWS\System32\jyqqaoagp.exe 331264 bytes executable
    C:\WINDOWS\System32\jyqqaoagp_nav.dat 387461 bytes
    C:\WINDOWS\System32\jyqqaoagp_navps.dat 4756 bytes
    scan completed successfully
    hidden files: 4

    --------------------[ Recherche d'autres infections ]---------------------

    C:\WINDOWS\pack.epk
    ! EGDACCESS !


    /!\ [Fich:626][Doss:32] C:\DOCUME~1\Guizmo\LOCALS~1\Temp
    /!\ [Fich:415][Doss:0] C:\DOCUME~1\Guizmo\Cookies
    /!\ [Fich:12827][Doss:33] C:\DOCUME~1\Guizmo\LOCALS~1\TEMPOR~1\content.IE5

    --------------------[ Fin du rapport a 23:48:13,39 ]----------------------
    3 Mars 2008 12:43:59

    bonjour,
    tu as plusieurs infections, lop et magic.control

    1


  • Choisis cette fois ci l'Option 2 ( Suppression )
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré ( C:\lopR.txt )

    ( Si le Bureau ne réapparît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )


    2

    Télécharge Navilog1.exe (IL-MAFIOSO)
    Enregistre-le sur ton Bureau.
    Lance l'installation en double cliquant sur navilog.exe.
    Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
    (Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

    Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
    [#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
    Patiente jusqu'à l'apparition de ce message :
    "*** Analyse Termine le ..... ***"
    Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

    -> Edition / Sélectionner tout
    -> Edition / Copier
    -> Clique-Droit / Coller dans ta réponse


    NOTE : Le rapport se trouve également ici : C:\fixnavi.txt


    3 Mars 2008 16:32:18

    Bonjour,
    Voilà j'ai relancé lop s&d et à un moment de la suppression, avast à découvert un trojan, le même path que j'ai cité plus haut, j'ai mis en quarantaine ce trojan. SInon voilà ce que le scan lop a donné :

    -----------------------------[ Lop S&D 4.0.3 ]---------------------------

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : Guizmo ] [ "C:\Lop SD" ]
    [ 03/03/2008 | 16:28:05,64 ] [ PC : ZENLAND-348E9DF ]
    [ MAJ : 02-03-2008 | 20:16 ]

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

    Echec ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns\Corn License.exe
    Echec ! - C:\DOCUME~1\Guizmo\APPLIC~1\Bitdownload\Data
    Supprimé! - C:\Program Files\Bitdownload\BitDownload.exe
    Supprimé! - C:\Program Files\Bitdownload\BitDownload.TRC
    Supprimé! - C:\Program Files\Bitdownload\settings.ini
    Supprimé! - C:\Program Files\Bitdownload\settings.stp
    Supprimé! - C:\Program Files\Bitdownload\SkinCrafterDll.dll
    Supprimé! - C:\Program Files\Bitdownload\Skins
    Supprimé! - C:\Program Files\Bitdownload\Support
    Supprimé! - C:\Program Files\Bitdownload\TorrentManager.dll
    Supprimé! - C:\Program Files\Bitdownload\unins000.dat
    Supprimé! - C:\Program Files\Bitdownload\unins000.exe
    Supprimé! - C:\Program Files\Bitdownload\ZM
    Supprimé! - C:\Program Files\Circle Developement\Uninstall.exe
    Supprimé! - C:\Program Files\Multi_Media_France\INSTALL.LOG
    Supprimé! - C:\WINDOWS\Tasks\AE2B1F1194608F7D.job
    Supprimé! - C:\DOCUME~1\Guizmo\LOCALS~1\Temp\bis107.exe
    Supprimé! - C:\DOCUME~1\Guizmo\APPLIC~1\Openvc\aggeapzj.exe
    Supprimé! - C:\DOCUME~1\Guizmo\APPLIC~1\Openvc\Byte2Flaw.exe
    Supprimé! - C:\DOCUME~1\Guizmo\APPLIC~1\Openvc\drawdefywarn.exe
    Supprimé! - C:\DOCUME~1\Guizmo\APPLIC~1\Openvc\gctkceyh.exe
    Supprimé! - C:\DOCUME~1\Guizmo\APPLIC~1\Openvc\hdaohjyb.exe
    Supprimé! - C:\DOCUME~1\Guizmo\APPLIC~1\Openvc\platform deaf find mix.exe
    Echec ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns
    Supprimé! - C:\DOCUME~1\Guizmo\APPLIC~1\Bitdownload
    Supprimé! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Bitdownload
    Supprimé! - C:\Program Files\Bitdownload
    Supprimé! - C:\Program Files\Circle Developement
    Supprimé! - C:\Program Files\Multi_Media_France
    Supprimé! - C:\DOCUME~1\Guizmo\APPLIC~1\Openvc
    Supprimé! - C:\Program Files\Openvc
    Restauré! - Fichier Hosts

    \\\\\\\\\\\\\\\\\\\\\\\\\\\ DEUXIEME PASSAGE ///////////////////////////

    Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns\Corn License.exe
    Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns

    //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    Supprimé! - C:\Program Files\Boonty
    Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Boonty
    Supprimé! - C:\Program Files\BoontyGames

    //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    -------------[ Listing des dossiers dans Application Data ]------------

    [03/03/2008|16:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
    [03/03/2008|16:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
    [13/12/2007|19:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [10/05/2007|21:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
    [19/02/2008|22:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
    [13/03/2006|01:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
    [10/03/2006|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
    [13/12/2007|19:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
    [10/12/2007|13:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FreeDownloadManager.ORG
    [31/10/2006|13:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [26/02/2008|16:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    [27/05/2007|11:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macromedia
    [20/01/2008|17:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [02/05/2007|23:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [02/05/2007|23:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
    [23/06/2007|18:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\River Past G5
    [05/11/2007|21:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    [01/03/2008|01:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [03/07/2007|00:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [14/12/2006|19:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [30/09/2006|23:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

    [10/03/2006|19:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
    [10/03/2006|19:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
    [10/03/2006|19:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
    [10/03/2006|18:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [03/03/2008|16:28] C:\DOCUME~1\Guizmo\APPLIC~1\.
    [03/03/2008|16:28] C:\DOCUME~1\Guizmo\APPLIC~1\..
    [13/12/2007|19:15] C:\DOCUME~1\Guizmo\APPLIC~1\Adobe
    [26/09/2006|16:14] C:\DOCUME~1\Guizmo\APPLIC~1\Ahead
    [19/02/2008|22:59] C:\DOCUME~1\Guizmo\APPLIC~1\ATI
    [10/04/2006|17:37] C:\DOCUME~1\Guizmo\APPLIC~1\AVG7
    [05/01/2008|03:38] C:\DOCUME~1\Guizmo\APPLIC~1\Azureus
    [19/09/2006|20:18] C:\DOCUME~1\Guizmo\APPLIC~1\Creative
    [10/03/2006|19:40] C:\DOCUME~1\Guizmo\APPLIC~1\desktop.ini
    [04/05/2007|19:27] C:\DOCUME~1\Guizmo\APPLIC~1\DivX
    [28/08/2006|20:17] C:\DOCUME~1\Guizmo\APPLIC~1\dvdcss
    [02/03/2008|23:41] C:\DOCUME~1\Guizmo\APPLIC~1\Free Download Manager
    [15/07/2006|13:39] C:\DOCUME~1\Guizmo\APPLIC~1\GdiplusUpgrade_MSIApproach_Wrapper.log
    [31/10/2006|20:08] C:\DOCUME~1\Guizmo\APPLIC~1\Google
    [08/07/2006|11:38] C:\DOCUME~1\Guizmo\APPLIC~1\Help
    [10/03/2006|18:57] C:\DOCUME~1\Guizmo\APPLIC~1\Identities
    [08/01/2008|17:11] C:\DOCUME~1\Guizmo\APPLIC~1\InstallShield
    [10/03/2006|19:35] C:\DOCUME~1\Guizmo\APPLIC~1\InterTrust
    [27/05/2007|11:45] C:\DOCUME~1\Guizmo\APPLIC~1\Macromedia
    [05/05/2007|00:19] C:\DOCUME~1\Guizmo\APPLIC~1\Media Player Classic
    [09/03/2007|22:31] C:\DOCUME~1\Guizmo\APPLIC~1\MegauploadToolbar
    [25/02/2007|17:33] C:\DOCUME~1\Guizmo\APPLIC~1\Micro Application
    [05/01/2008|04:49] C:\DOCUME~1\Guizmo\APPLIC~1\Microsoft
    [10/03/2006|19:08] C:\DOCUME~1\Guizmo\APPLIC~1\Mozilla
    [01/03/2008|01:41] C:\DOCUME~1\Guizmo\APPLIC~1\OpenOffice.org2
    [29/06/2007|18:20] C:\DOCUME~1\Guizmo\APPLIC~1\Ringjacker
    [23/06/2007|18:34] C:\DOCUME~1\Guizmo\APPLIC~1\River Past G5
    [01/10/2006|11:24] C:\DOCUME~1\Guizmo\APPLIC~1\ScreenShow
    [27/09/2007|22:22] C:\DOCUME~1\Guizmo\APPLIC~1\ScummVM
    [04/07/2007|19:27] C:\DOCUME~1\Guizmo\APPLIC~1\SEEnJOY
    [11/02/2008|23:26] C:\DOCUME~1\Guizmo\APPLIC~1\Skype
    [29/06/2007|18:09] C:\DOCUME~1\Guizmo\APPLIC~1\skySpace
    [12/09/2006|22:56] C:\DOCUME~1\Guizmo\APPLIC~1\Sun
    [10/03/2006|19:08] C:\DOCUME~1\Guizmo\APPLIC~1\Talkback
    [02/03/2008|14:32] C:\DOCUME~1\Guizmo\APPLIC~1\teamspeak2
    [09/09/2007|11:38] C:\DOCUME~1\Guizmo\APPLIC~1\U3
    [14/05/2006|15:41] C:\DOCUME~1\Guizmo\APPLIC~1\vlc

    [13/03/2006|01:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
    [13/03/2006|01:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
    [13/03/2006|01:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
    [31/07/2006|12:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [10/03/2006|18:54] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
    [10/03/2006|18:54] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
    [31/07/2006|12:25] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [01/03/2008 01:38][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [05/08/2004 13:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [03/03/2008|16:28] C:\Program Files\.
    [03/03/2008|16:28] C:\Program Files\..
    [13/12/2007|19:18] C:\Program Files\Adobe
    [15/08/2006|19:09] C:\Program Files\Agfa
    [31/07/2006|12:30] C:\Program Files\Alwil Software
    [19/02/2008|22:50] C:\Program Files\ATI Technologies
    [11/02/2008|22:56] C:\Program Files\AV Vcs 5.5
    [17/11/2006|19:05] C:\Program Files\AVSMedia
    [01/01/2008|18:53] C:\Program Files\Azureus
    [13/12/2007|19:16] C:\Program Files\Bonjour
    [04/05/2007|23:58] C:\Program Files\Bullfrog
    [04/01/2007|20:38] C:\Program Files\Cogit Master
    [10/03/2006|18:47] C:\Program Files\ComPlus Applications
    [31/08/2006|10:34] C:\Program Files\Core Design
    [19/09/2006|20:11] C:\Program Files\Creative
    [17/02/2008|18:58] C:\Program Files\DAEMON Tools
    [17/02/2008|18:59] C:\Program Files\DaemonTools_WhenUSave_Installer
    [03/09/2006|14:06] C:\Program Files\directx
    [04/05/2007|19:26] C:\Program Files\DivX
    [07/01/2008|13:40] C:\Program Files\DOSBox-0.72
    [18/07/2007|19:22] C:\Program Files\DVD X Player 4.0 Professionnel
    [27/05/2007|10:51] C:\Program Files\EasyPHP1-8
    [23/02/2008|09:34] C:\Program Files\eMule
    [13/12/2007|18:35] C:\Program Files\Fichiers communs
    [10/12/2007|13:41] C:\Program Files\Free Download Manager
    [17/11/2006|19:53] C:\Program Files\Game Cam v1.4
    [05/02/2007|16:48] C:\Program Files\Google
    [24/05/2006|22:05] C:\Program Files\Heroes2
    [15/07/2006|13:39] C:\Program Files\Hewlett-Packard
    [03/09/2007|01:11] C:\Program Files\Heycosmo
    [13/03/2006|21:30] C:\Program Files\HP
    [19/02/2008|22:49] C:\Program Files\InstallShield Installation Information
    [22/02/2008|22:05] C:\Program Files\InterActual
    [14/02/2008|10:10] C:\Program Files\Internet Explorer
    [23/03/2007|17:53] C:\Program Files\InternetGameBox
    [05/01/2008|03:54] C:\Program Files\ISO Commander
    [05/01/2008|04:00] C:\Program Files\ISOpen
    [13/12/2007|12:11] C:\Program Files\Java
    [05/05/2007|00:17] C:\Program Files\K-Lite Codec Pack
    [13/03/2006|20:53] C:\Program Files\Lavalys
    [26/02/2008|16:11] C:\Program Files\Lavasoft
    [27/05/2007|11:43] C:\Program Files\Macromedia
    [23/06/2007|18:44] C:\Program Files\Mediaccurate
    [04/01/2007|20:34] C:\Program Files\Mega City
    [06/01/2007|03:06] C:\Program Files\MegauploadToolbar
    [10/03/2006|19:13] C:\Program Files\Messenger
    [11/02/2008|21:01] C:\Program Files\Messenger Plus! Live
    [01/10/2006|11:21] C:\Program Files\Micro Application
    [10/03/2006|18:50] C:\Program Files\microsoft frontpage
    [05/01/2008|04:33] C:\Program Files\Microsoft Games
    [23/03/2006|12:11] C:\Program Files\Microsoft Office
    [02/05/2007|23:40] C:\Program Files\Microsoft Visual Studio 8
    [23/03/2006|12:12] C:\Program Files\Microsoft.NET
    [10/03/2006|18:48] C:\Program Files\Movie Maker
    [10/03/2006|19:07] C:\Program Files\Mozilla
    [03/03/2008|09:23] C:\Program Files\Mozilla Firefox
    [13/03/2006|19:38] C:\Program Files\MSI
    [10/03/2006|18:46] C:\Program Files\MSN
    [10/03/2006|18:47] C:\Program Files\MSN Gaming Zone
    [11/02/2008|21:01] C:\Program Files\MSN Messenger
    [07/12/2006|16:47] C:\Program Files\MSXML 4.0
    [26/09/2006|06:33] C:\Program Files\Nero
    [10/03/2006|18:48] C:\Program Files\NetMeeting
    [08/01/2008|17:12] C:\Program Files\Ocean Technology
    [10/03/2006|18:47] C:\Program Files\Online Services
    [02/10/2007|19:48] C:\Program Files\OpenOffice.org 2.3
    [14/06/2007|02:02] C:\Program Files\Outlook Express
    [02/06/2006|18:14] C:\Program Files\QuickTime
    [13/03/2006|21:44] C:\Program Files\Realtek
    [13/03/2006|23:13] C:\Program Files\Realtek AC97
    [23/06/2007|18:34] C:\Program Files\River Past
    [26/10/2007|08:40] C:\Program Files\Samsung
    [14/08/2006|08:32] C:\Program Files\ScanDrv
    [13/12/2007|20:07] C:\Program Files\Script Edit
    [29/09/2007|14:12] C:\Program Files\ScummVM
    [10/03/2006|18:49] C:\Program Files\Services en ligne
    [13/03/2006|19:37] C:\Program Files\Setup Files
    [30/03/2006|23:56] C:\Program Files\Sitecom
    [05/11/2007|21:12] C:\Program Files\Skype
    [04/05/2007|23:45] C:\Program Files\Smart Projects
    [01/03/2007|00:19] C:\Program Files\Sonnerie Toolbar
    [26/02/2008|16:43] C:\Program Files\Spybot - Search & Destroy
    [12/07/2007|14:26] C:\Program Files\StarForge
    [11/07/2007|16:33] C:\Program Files\StealthBot
    [14/07/2006|19:45] C:\Program Files\SuperCopier2
    [21/09/2007|23:47] C:\Program Files\T‚l‚chargeur de XIII
    [25/02/2007|17:05] C:\Program Files\TryMedia
    [02/05/2006|18:46] C:\Program Files\UbiSoft
    [10/03/2006|18:57] C:\Program Files\Uninstall Information
    [24/12/2007|21:26] C:\Program Files\VideoLAN
    [16/12/2007|21:32] C:\Program Files\WC3Banlist
    [20/01/2008|17:19] C:\Program Files\Windows Live
    [26/05/2007|13:24] C:\Program Files\Windows Media Connect 2
    [24/12/2007|03:42] C:\Program Files\Windows Media Player
    [10/03/2006|18:46] C:\Program Files\Windows NT
    [10/03/2006|18:49] C:\Program Files\WindowsUpdate
    [04/05/2007|23:34] C:\Program Files\WinISO
    [16/12/2007|20:53] C:\Program Files\WinPcap
    [08/10/2006|13:33] C:\Program Files\WinRAR
    [17/02/2008|18:56] C:\Program Files\Winsos
    [29/09/2007|09:48] C:\Program Files\WinUAE
    [10/03/2006|18:50] C:\Program Files\xerox
    [30/09/2006|23:44] C:\Program Files\Yahoo!
    [11/10/2007|17:39] C:\Program Files\YesMessenger

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    [13/12/2007|18:35] C:\Program Files\Fichiers communs\.
    [13/12/2007|18:35] C:\Program Files\Fichiers communs\..
    [13/12/2007|18:47] C:\Program Files\Fichiers communs\Adobe
    [10/05/2007|21:34] C:\Program Files\Fichiers communs\Adobe Systems Shared
    [26/09/2006|06:37] C:\Program Files\Fichiers communs\Ahead
    [01/10/2006|11:21] C:\Program Files\Fichiers communs\AquaSoft
    [13/03/2006|19:17] C:\Program Files\Fichiers communs\ATI Technologies
    [24/11/2006|18:22] C:\Program Files\Fichiers communs\AVSMedia
    [10/03/2006|20:34] C:\Program Files\Fichiers communs\Blizzard Entertainment
    [21/09/2007|23:47] C:\Program Files\Fichiers communs\BOONTY Shared
    [23/03/2006|12:11] C:\Program Files\Fichiers communs\DESIGNER
    [13/03/2006|01:04] C:\Program Files\Fichiers communs\InstallShield
    [12/09/2006|22:54] C:\Program Files\Fichiers communs\Java
    [27/05/2007|11:45] C:\Program Files\Fichiers communs\Macromedia
    [13/12/2007|18:35] C:\Program Files\Fichiers communs\Macrovision Shared
    [02/05/2007|23:42] C:\Program Files\Fichiers communs\Microsoft Shared
    [10/03/2006|18:48] C:\Program Files\Fichiers communs\MSSoap
    [10/03/2006|19:40] C:\Program Files\Fichiers communs\ODBC
    [23/06/2007|18:34] C:\Program Files\Fichiers communs\River Past
    [10/03/2006|18:48] C:\Program Files\Fichiers communs\Services
    [05/11/2007|21:12] C:\Program Files\Fichiers communs\Skype
    [10/03/2006|19:40] C:\Program Files\Fichiers communs\SpeechEngines
    [14/06/2007|02:02] C:\Program Files\Fichiers communs\System
    [26/02/2008|16:10] C:\Program Files\Fichiers communs\Wise Installation Wizard

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    Aucun fichier / dossier Lop trouvé !

    ----------------------[ Verification du Registre ]----------------------

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-03 16:29:45
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden files ...
    scan completed successfully
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    C:\WINDOWS\pack.epk
    ! EGDACCESS !


    /!\ [Fich:695][Doss:33] C:\DOCUME~1\Guizmo\LOCALS~1\Temp
    /!\ [Fich:421][Doss:0] C:\DOCUME~1\Guizmo\Cookies
    /!\ [Fich:13254][Doss:33] C:\DOCUME~1\Guizmo\LOCALS~1\TEMPOR~1\content.IE5

    --------------------[ Fin du rapport a 16:30:31,73 ]----------------------
    3 Mars 2008 16:54:56

    Re plop
    Voilà, j'ai lancé le scan de Navilog et voilà ce qu'il m'a sorti :

    Search Navipromo version 3.4.8 commencé le 03/03/2008 à 16:34:08,76

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Mise à jour le 25.02.2008 à 20h00 par IL-MAFIOSO


    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.11
    Système de fichiers : NTFS

    Executé en mode normal

    *** Recherche Programmes installés ***


    InternetGameBox


    *** Recherche dossiers dans C:\WINDOWS ***



    *** Recherche dossiers dans C:\Program Files ***

    C:\Program Files\InternetGameBox trouvé !


    *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




    *** Recherche dossiers dans "C:\Documents and Settings\Guizmo\applic~1" ***



    *** Recherche dossiers dans "C:\Documents and Settings\Guizmo\locals~1\applic~1" ***



    *** Recherche dossiers dans "C:\Documents and Settings\Guizmo\MENUDM~1\PROGRA~1" ***

    ...\InternetGameBox trouvé !

    *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Fichier(s) caché(s) :

    C:\WINDOWS\system32\jyqqaoagp.dat
    C:\WINDOWS\system32\jyqqaoagp.exe
    C:\WINDOWS\system32\jyqqaoagp_nav.dat
    C:\WINDOWS\system32\jyqqaoagp_navps.dat



    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans C:\WINDOWS\system32 *

    * Recherche dans "C:\Documents and Settings\Guizmo\locals~1\applic~1" *



    *** Recherche fichiers ***


    C:\WINDOWS\pack.epk trouvé !


    *** Recherche clés spécifiques dans le Registre ***

    HKEY_CURRENT_USER\Software\Lanconfig trouvé !

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :


    2)Recherche Heuristique :

    * Dans C:\WINDOWS\system32 :

    jyqqaoagp.dat trouvé !

    * Dans "C:\Documents and Settings\Guizmo\locals~1\applic~1" :


    3)Recherche Certificats :

    Certificat Egroup trouvé !

    4)Recherche fichiers connus :



    *** Analyse terminée le 03/03/2008 à 16:51:19,78 ***
    3 Mars 2008 17:25:27

    Dois-je donc relancer Navilog pour supprimer les fichiers pas zoulis du genre "jyqqaoagp" ?
    Car vu le nom, ça m'étonnerait que mon os a besoin de tourner avec cette saleté :pt1cable: 
    3 Mars 2008 19:08:48

    Un petit up au cas où vous auriez oublié de svous occuper du ti mogwai (cay pourtant une zentille peluche ;) )
    3 Mars 2008 22:11:16

    bonsoir

    je n'habite pas devant mon pc :D 

    Double clique sur le raccourci de Navilog1 présent sur ton Bureau.
    Suis les instructions. Choisis ensuite l'option 2 puis valide.
    Laisse toi guider et réponds aux questions éventuelles.

    L'utilitaire va t'informer qu'il va redémarrer l'ordinateur.
    [#ff0000]**Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts**[/#f]
    Appuie maintenant sur une touche, comme demandé.
    (si ton PC ne redémarre pas automatiquement, fais-le [/b]manuellement[/b])

    Patiente jusqu'à l'apparition de ce message :
    "*** Nettoyage Termine le ..... ***"

    Le Bloc-notes va s'ouvrir.
    Sauvegarde le rapport de manière à le retrouver.
    Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

    NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
    Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
    Tape explorer puis valide.

    Poste le rapport sauvegardé auparavant (C:\cleannavi.txt)
    Ainsi qu'un nouveau rapport Hijackthis.

    +++++

    Ferme Internet Explorer puis Démarrer/Panneau de Configuration/Options Internet.
    Choisis l'onglet Contenu puis onglet Certificats.
    Regarde si tu trouves les programmes suivant (en particulier dans Editeurs approuvés):

    electronic-group
    Montorgueil
    VIP
    "Sunny Day Design Ltd"
    OOO <<Favorit>>


    Si tu les trouves, fais ceci :

    * Sélectionne chacun de ces certificats et clique sur exporter. Enregistre le/les sur ton bureau.

    * Supprime ensuite ceux présents dans l'onglet "certificats" des options de ton navigateur.

    Ensuite pour chacun des certificats présents sur ton bureau :

    * Va sur le site Web :

    http://www.bleepingcomputer.com/submit-malware.php?chan...

    * Copie/colle ceci dans la case 'Link to Topic' :

    le nom du certificat (Montorgueil ,......)

    * Copie/colle ceci dans la case 'Browse to the File' :

    Le certificat correspondant que tu avais exportés vers ton bureau

    puis valide

    * Si c'est fait, supprime enfin le certificat présent sur ton bureau.


    3 Mars 2008 22:33:10

    Voili Voilou :) 
    Normal que t'habite pas devant ton pc, j'imagine pas la tête de zombie que tu aurais sinon ;) 
    Bref voici mon rapport cleannavi suivi du rapport d'hijack this.
    J'ai fais aussi les divers manips que tu m'as convié à faire ;) 

    Voici donc les rapports (séparés par qql pitits bonshommes qui sautent) :

    Clean Navipromo version 3.4.8 commencé le 03/03/2008 à 22:15:14,67

    Outil exécuté depuis C:\Program Files\navilog1
    Mise à jour le 25.02.2008 à 20h00 par IL-MAFIOSO


    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.11
    Système de fichiers : NTFS

    Mode suppression automatique
    avec prise en charge résultats Catchme et GNS


    *** Creation backups fichiers trouvés par Catchme ***

    Copie vers "C:\Program Files\navilog1\Backupnavi"

    Copie C:\WINDOWS\system32\jyqqaoagp.dat réalisée avec succès !
    Copie C:\WINDOWS\system32\jyqqaoagp.exe réalisée avec succès !
    Copie C:\WINDOWS\system32\jyqqaoagp_nav.dat réalisée avec succès !
    Copie C:\WINDOWS\system32\jyqqaoagp_navps.dat réalisée avec succès !

    *** Suppression des fichiers trouvés avec Catchme ***

    C:\WINDOWS\system32\jyqqaoagp.dat supprimé !
    C:\WINDOWS\system32\jyqqaoagp.exe supprimé !
    C:\WINDOWS\system32\jyqqaoagp_nav.dat supprimé !
    C:\WINDOWS\system32\jyqqaoagp_navps.dat supprimé !

    ** 2ème passage avec résultats Catchme **

    * Dans C:\WINDOWS\system32 *


    C:\WINDOWS\prefetch\jyqqaoagp*.pf trouvé !
    Copie C:\WINDOWS\prefetch\jyqqaoagp*.pf réalisée avec succès !
    C:\WINDOWS\prefetch\jyqqaoagp*.pf supprimé !

    * Dans "C:\Documents and Settings\Guizmo\locals~1\applic~1" *


    *** Suppression avec sauvegardes résultats GenericNaviSearch ***

    * Suppression dans C:\WINDOWS\System32 *


    * Suppression dans "C:\Documents and Settings\Guizmo\locals~1\applic~1" *



    *** Suppression dossiers dans C:\WINDOWS ***


    *** Suppression dossiers dans C:\Program Files ***

    C:\Program Files\InternetGameBox ...suppression...
    C:\Program Files\InternetGameBox supprimé !


    *** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***


    *** Suppression dossiers dans "C:\Documents and Settings\Guizmo\applic~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\Guizmo\locals~1\applic~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\Guizmo\MENUDM~1\PROGRA~1" ***

    ...\InternetGamebox ...suppression...
    ...\InternetGamebox supprimé !


    *** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***



    *** Suppression fichiers ***

    C:\WINDOWS\pack.epk supprimé !

    *** Suppression fichiers temporaires ***

    Nettoyage contenu C:\WINDOWS\Temp effectué !
    Nettoyage contenu C:\Documents and Settings\Guizmo\locals~1\Temp effectué !

    *** Traitement Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

    2)Recherche, création sauvegardes et suppression Heuristique :


    * Dans C:\WINDOWS\system32 *


    * Dans "C:\Documents and Settings\Guizmo\locals~1\applic~1" *


    *** Sauvegarde du Registre vers dossier Backupnavi ***

    sauvegarde du Registre réalisée avec succès !

    *** Nettoyage Registre ***

    Nettoyage Registre Ok


    *** Certificats ***

    Certificat Egroup supprimé !

    *** Nettoyage terminé le 03/03/2008 à 22:21:52,82 ***



    :bounce:  :bounce:  :bounce:  :bounce:  :bounce:  :bounce: 



    Logfile of HijackThis v1.99.1
    Scan saved at 22:25:22, on 03/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sitecom\Logiciel Bluetooth\bin\btwdins.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\NOTEPAD.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\MSI\Live Update 3\LMonitor.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Free Download Manager\fum\fum.exe
    C:\jeux\steam\steam.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\WINSOS\WINSOS.EXE
    C:\Program Files\Sitecom\Logiciel Bluetooth\BTTray.exe
    C:\Program Files\MSI\SecureDoc\Logon.exe
    C:\Wifi\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\MIAGE\hijackthis_199\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shinobi.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
    O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitDownload\TorrentManager.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: (no name) - {157B91D9-D643-403b-92FE-FB48DA68D6C4} - (no file)
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
    O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
    O4 - HKCU\..\Run: [Steam] "c:\jeux\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: SecureDoc.lnk = C:\Program Files\MSI\SecureDoc\Logon.exe
    O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Sitecom\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {56DCC28F-A5B1-4D19-87BB-AEF094C10F37} (ZInstallX Control) - http://mmchat.heycosmo.com/zeroworld/ZInstallX/Download...
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

    3 Mars 2008 23:07:04

    merci

    peux tu me dire quels certificats tu as uploadé stp

    ~Télécharge Clean de Malekal

    Enregistre-le sur ton bureau et dézippe-le
    Cela va créer un dossier clean.
    Double-clic sur ce dossier clean, tu y trouveras dedans plusieurs fichiers.
    Double-clic sur clean.cmd.
    Un menu va apparaître, choisis l'option 1 en appuyant sur la touche 1 de ton clavier.
    Clean va travailler.
    Poste le contenu du rapport généré en C:\rapport_clean.txt.

    3 Mars 2008 23:23:46

    Alors les certifs que j'ai uploadé sont :
    electronic-group
    OOO <<Favorit>>

    Ensuite ton lien ne marche pas cay bizarre :sweat: 

    Sinon pour le moment j'ai pu de problèmes ça a l'air de bien se passer cette désinfection, tu assures :) 
    3 Mars 2008 23:34:30

    re

    on continue,

    Voilà ce qu'on va faire, tu vas remplacer Avast! par Antivir, qui lui est un vrai antivirus, tu vas faire un scan avec et poster le rapport. :) 


    Désinstalle correctement Avast!


    Pour le remplacer par Antivir.

    -->Tuto<--


    Pourquoi changer ? : Avast! vs Antivir
    4 Mars 2008 18:03:31

    Bonjour :) 
    AntiVir est un vrai antivirus je confirme :) 

    Voilà le rapport qu'il m'a laissé après mon scan :



    AntiVir PersonalEdition Classic
    Report file date: mardi 4 mars 2008 00:13

    Scanning for 1131710 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: Guizmo
    Computer name: ZENLAND-348E9DF

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 22:41:28
    ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 24/02/2008 22:41:28
    ANTIVIR3.VDF : 7.0.2.225 154112 Bytes 03/03/2008 22:41:28
    AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 03/03/2008 22:41:28
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 03/03/2008 22:41:29
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Manual Selection
    Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: L:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mardi 4 mars 2008 00:13

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'CCC.exe' - '1' Module(s) have been scanned
    Scan process 'btwdins.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'soffice.bin' - '1' Module(s) have been scanned
    Scan process 'soffice.exe' - '1' Module(s) have been scanned
    Scan process 'wlancfg8.exe' - '1' Module(s) have been scanned
    Scan process 'Logon.exe' - '1' Module(s) have been scanned
    Scan process 'BTTray.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
    Scan process 'Steam.exe' - '1' Module(s) have been scanned
    Scan process 'fum.exe' - '1' Module(s) have been scanned
    Scan process 'SuperCopier2.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'MOM.exe' - '1' Module(s) have been scanned
    Scan process 'daemon.exe' - '1' Module(s) have been scanned
    Scan process 'CamTray.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'SoundMan.exe' - '1' Module(s) have been scanned
    Scan process 'hpztsb10.exe' - '1' Module(s) have been scanned
    Scan process 'hpcmpmgr.exe' - '1' Module(s) have been scanned
    Scan process 'LMonitor.exe' - '1' Module(s) have been scanned
    Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    51 processes with 51 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'E:\'
    [NOTE] In the drive 'E:\' no data medium is inserted!
    Boot sector 'F:\'
    [NOTE] In the drive 'F:\' no data medium is inserted!
    Boot sector 'G:\'
    [NOTE] In the drive 'G:\' no data medium is inserted!
    Boot sector 'H:\'
    [NOTE] No virus was found!
    Boot sector 'J:\'
    [NOTE] In the drive 'J:\' no data medium is inserted!

    Starting to scan the registry.
    The registry was scanned ( '53' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Dernière clé\DAVID\teamscript31.zip
    [0] Archive type: ZIP
    --> teamscript31/nukenabber/Report.exe
    [DETECTION] Is the Trojan horse TR/Nuker.Nukenabber.A.1
    [INFO] The file was moved to '482d8914.qua'!
    C:\Dernière clé\Mes fichiers reçus\lisezmoi.zip
    [DETECTION] The file contains an executable. This, however, is disguised by a harmless file extension (HIDDENEXT/Worm.Gen)
    [INFO] The file was moved to '483f894a.qua'!
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpywareSecure6.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [INFO] The file was moved to '48458a86.qua'!
    C:\Documents and Settings\Guizmo\Local Settings\Temporary Internet Files\Content.IE5\TUQII2IY\trace[1].htm
    [DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
    [INFO] The file was moved to '482d8d79.qua'!
    C:\Downloads\SpywareSecure_trial_setup(1).exe
    [DETECTION] Contains detection pattern of the dropper DR/FraudTool.SpywareSecure.A
    [INFO] The file was moved to '4845920e.qua'!
    C:\Downloads\SpywareSecure_trial_setup(2).exe
    [DETECTION] Contains detection pattern of the dropper DR/FraudTool.SpywareSecure.A
    [INFO] The file was moved to '48459213.qua'!
    C:\Downloads\SpywareSecure_trial_setup.exe
    [DETECTION] Contains detection pattern of the dropper DR/FraudTool.SpywareSecure.A
    [INFO] The file was moved to '48459216.qua'!
    C:\jeux\Starcraft\iNHALEv2.0.4.rar
    [0] Archive type: RAR
    --> iNHALEv2.0.4\hax.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ASPM.Gen
    [INFO] The file was moved to '48149934.qua'!
    C:\Lop SD\Backup-Lop\F\Uninstall.exe
    [DETECTION] Is the Trojan horse TR/Obfusgen.A.5499
    [INFO] The file was moved to '48362059.qua'!
    C:\Lop SD\Backup-Lop\S-F\aggeapzj.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
    [INFO] The file was moved to '48342056.qua'!
    C:\Lop SD\Backup-Lop\S-F\bis107.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
    [INFO] The file was moved to '4840205c.qua'!
    C:\Lop SD\Backup-Lop\S-F\gctkceyh.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
    [INFO] The file was moved to '4841205a.qua'!
    C:\MIAGE\Navilog1.exe
    [DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.50
    [INFO] The file was moved to '48432795.qua'!
    C:\SDFix\backups\backups.RB0
    [0] Archive type: ZIP
    --> backups/smss.exe
    [DETECTION] Is the Trojan horse TR/Proxy.Horst.Gen
    [INFO] The file was moved to '483076d1.qua'!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\'
    Search path D:\ could not be opened!
    Le fichier ou le répertoire est endommagé et illisible.

    Begin scan in 'E:\'
    Search path E:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'F:\'
    Search path F:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'G:\'
    Search path G:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'H:\' <PRESARIO_RP>
    Begin scan in 'I:\'
    Search path I:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'J:\'
    Search path J:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'K:\'
    Search path K:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'L:\'
    Search path L:\ could not be opened!
    Le périphérique n'est pas prêt.



    End of the scan: mardi 4 mars 2008 17:55
    Used time: 17:42:01 min

    The scan has been done completely.

    18329 Scanning directories
    879334 Files were scanned
    11 viruses and/or unwanted programs were found
    3 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    14 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    879323 Files not concerned
    10293 Archives were scanned
    2 Warnings
    202 Notes

    4 Mars 2008 21:36:11

    bonsoir

    d'autres soucis?
    5 Mars 2008 01:23:56

    Non aucun autre soucis à déplorer pour le moment :) 
    Mais avec AntiVir, ce sont les vilains pas bô qui auront des soucis à venir m'embêter XD

    Merci encore, et bonne continuation, vous êtes une bonne équipe et vous faites du bon boulot.
    Bon courage surtout, car pour être autant au taquet pour vous occuper de plusieurs personnes comme ça et trouver la solution assez rapidement, c'est que vous vous y mettez à fond :) 

    ++ & merki beaucoup :bounce: 
    5 Mars 2008 14:04:27

    merci :) 

    Supprime tous les programmes installés pour la désinfection.

    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    ~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.

    :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS