Votre question

Système infecté

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
17 Février 2008 15:08:06

Bonjour,
Je viens demander votre aide car je croit que mon ordinateur est sérieusement infecté notamment par ravmone.
j'ai déjà lu des posts ou des membres "s'occupait" d'un problème grâce au rapport hijackthis.
Est ce que quelqu'un pourrait m'aider et mindiquer la marche a suivre svp ?

merci d'avance


EDIT : pour peut etre accelerer la procédure j'ai essayer de suivre le tuto et voila mon rapport hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:17:00, on 17/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\RavMonE.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\SanDisk\Sansa Updater\SansaUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults...*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453758 10
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DialMessenger] "C:\Program Files\DialMessenger\dialmessenger.exe" -background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-win...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C72E78C-5273-4491-94D3-3F251617DA9C}: NameServer = 85.255.113.123,85.255.112.184
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A9D154C-1A06-463E-8C73-3D13496925D1}: NameServer = 85.255.113.123,85.255.112.184
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B0FD6B6-20A3-4A6E-A2B8-055B97030A57}: NameServer = 85.255.113.123,85.255.112.184
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4C34F4D-09A7-4EDD-B8F4-ECB5F03D3679}: NameServer = 85.255.113.123 85.255.112.184
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7BCBC94-5BF4-4037-A1C0-86DE6CDF16E2}: NameServer = 85.255.113.123,85.255.112.184
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFD994C1-4594-4C6A-9870-EB6CF4E92BCA}: NameServer = 85.255.113.123,85.255.112.184
O17 - HKLM\System\CCS\Services\Tcpip\..\{B118FEFE-ACA0-4EC8-9ECA-3085A432B2B5}: NameServer = 85.255.113.123,85.255.112.184
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD5A8ADB-33AD-4686-A6DB-348EEA5DD3D1}: NameServer = 85.255.113.123,85.255.112.184
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.123 85.255.112.184
O17 - HKLM\System\CS1\Services\Tcpip\..\{2C72E78C-5273-4491-94D3-3F251617DA9C}: NameServer = 85.255.113.123,85.255.112.184
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.123 85.255.112.184
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe

--
End of file - 11582 bytes

Autres pages sur : systeme infecte

17 Février 2008 15:19:47

Salut,

Télécharge FixWareout (de LonnyRJones) sur le Bureau.
>>Deuxième lien<<

Double clique sur FixWareout.exe, : clique sur Next puis Install.
Run fixit doit être coché, enfin clique sur Finish.
Suis les messages à l'écran. Ton ordinateur devra redémarrer, accepte. Le démarrage sera légèrement plus long que d%u2019habitude.

Poste le rapport >C:\fixwareout\report.txt<
Accompagné d%u2019un nouveau log HiJackThis.
17 Février 2008 15:40:00

Voila mon rapport fixwareout :

Username "Neeco" - 17/02/2008 15:27:19 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.113.123 85.255.112.184" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{2C72E78C-5273-4491-94D3-3F251617DA9C}
"nameserver"="85.255.113.123,85.255.112.184" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4A9D154C-1A06-463E-8C73-3D13496925D1}
"nameserver"="85.255.113.123,85.255.112.184" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{6B0FD6B6-20A3-4A6E-A2B8-055B97030A57}
"nameserver"="85.255.113.123,85.255.112.184" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{A4C34F4D-09A7-4EDD-B8F4-ECB5F03D3679}
"nameserver"="85.255.113.123" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{A7BCBC94-5BF4-4037-A1C0-86DE6CDF16E2}
"nameserver"="85.255.113.123,85.255.112.184" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{AFD994C1-4594-4C6A-9870-EB6CF4E92BCA}
"nameserver"="85.255.113.123,85.255.112.184" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{B118FEFE-ACA0-4EC8-9ECA-3085A432B2B5}
"nameserver"="85.255.113.123,85.255.112.184" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DD5A8ADB-33AD-4686-A6DB-348EEA5DD3D1}
"nameserver"="85.255.113.123,85.255.112.184" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{2C72E78C-5273-4491-94D3-3F251617DA9C}
"DhcpNameServer"="85.255.113.123,85.255.112.184" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4A9D154C-1A06-463E-8C73-3D13496925D1}
"DhcpNameServer"="85.255.113.123,85.255.112.184" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{AFD994C1-4594-4C6A-9870-EB6CF4E92BCA}
"DhcpNameServer"="85.255.113.123,85.255.112.184" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{B118FEFE-ACA0-4EC8-9ECA-3085A432B2B5}
"DhcpNameServer"="85.255.113.123,85.255.112.184" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DBA980C7-9F15-4B11-9071-CB4B0E9ECF48}
"DhcpNameServer"="85.255.113.123,85.255.112.184" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DD5A8ADB-33AD-4686-A6DB-348EEA5DD3D1}
"DhcpNameServer"="85.255.113.123,85.255.112.184" <Value cleared.

Cache de résolution DNS vidé.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"="lsass.exe"
....
....
~~~~~ Misc files.
C:\Casino Deleted
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"PCMService"="\"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe\""
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"fsc-reminder.exe"="C:\\WINDOWS\\reminder\\fsc-reminder.exe 2453758 10"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"Yahoo! Pager"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"DialMessenger"="\"C:\\Program Files\\DialMessenger\\dialmessenger.exe\" -background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~




et le nouveau log hijackthis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:39:41, on 17/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults...*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453758 10
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DialMessenger] "C:\Program Files\DialMessenger\dialmessenger.exe" -background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-win...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4C34F4D-09A7-4EDD-B8F4-ECB5F03D3679}: NameServer = 85.255.113.123 85.255.112.184
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe

--
End of file - 10180 bytes



Merci
Contenus similaires
17 Février 2008 17:56:43

J'ai aussi ce type de message qui apparait.
Ici c svchost.exe mais ca me fait aussi ca avec internet explorer par exemple et d'autre...
Losque je ferme la fenetre, clique sur "ok" ou "annuler" mon ordinateur ne repond plus.


17 Février 2008 19:20:58

J'aimerais vérifier quelque chose :

Télécharge SDFix (d’Andy Manchesta)

Enregistre le sur ton le bureau.

Lance le.
Fais install afin qu’il puisse s’extraire.

Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Lance SDFix.
Double clique sur RunThis.bat . (L’extension bat peut ne pas apparaître)
Appuie sur Y pour le lancer.

Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
Il est probable que le redémarrage soit un peu plus long que d’habitude.
Une fois l’apparition de ton Bureau, il affichera Finished

Appuie sur une touche.

Un rapport est généré , poste le dans ta réponse.
Il se trouve également. dans le dossier SDFix >Report.txt<

*********

Repasse FixWareout, poste le rapport.
17 Février 2008 19:32:18

ravis de te revoir xmichoux :) 

je m'execute et reposte les resultats
17 Février 2008 22:25:40

xmichoux j'ai un problème, je n'arive pas a poster mes rapport a chaque fois firefox ne répond plus.
17 Février 2008 22:30:03

ah je croit que c'est parce que le rapport sdfix est vraiment trop long...

Je te mets le rapport fixwareout en attendant :


Username "Neeco" - 17/02/2008 21:34:03 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{A4C34F4D-09A7-4EDD-B8F4-ECB5F03D3679}
"nameserver"="85.255.113.123" <Value cleared.

Cache de résolution DNS vidé.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"PCMService"="\"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe\""
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"fsc-reminder.exe"="C:\\WINDOWS\\reminder\\fsc-reminder.exe 2453758 10"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"Yahoo! Pager"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"DialMessenger"="\"C:\\Program Files\\DialMessenger\\dialmessenger.exe\" -background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
17 Février 2008 22:32:56

Envoie moi tout de même le rapport SDFix, en plusieurs parties s'il le faut.

Et reposte un Hijackthis.
17 Février 2008 22:38:44

ok ca marche mai attention ca va etre tréés long parce que je croit voir que le nombre de "trojan files found" est enorme...
SI je suprime cette partie ca marchera

Checking Files:

Trojan Files Found:

C:\MPL1.TMP - Deleted
C:\MPL10.TMP - Deleted
C:\MPL100.TMP - Deleted
C:\MPL1000.TMP - Deleted
C:\MPL1001.TMP - Deleted
C:\MPL1002.TMP - Deleted
C:\MPL1003.TMP - Deleted
C:\MPL1004.TMP - Deleted
C:\MPL1005.TMP - Deleted
C:\MPL1006.TMP - Deleted
C:\MPL1007.TMP - Deleted
[...]
C:\MPLFFF0.TMP - Deleted
C:\MPLFFF1.TMP - Deleted
C:\MPLFFF2.TMP - Deleted
C:\MPLFFF3.TMP - Deleted
C:\MPLFFF4.TMP - Deleted
C:\MPLFFF5.TMP - Deleted
C:\MPLFFF6.TMP - Deleted
C:\MPLFFF7.TMP - Deleted
C:\MPLFFF8.TMP - Deleted
C:\MPLFFF9.TMP - Deleted
C:\MPLFFFA.TMP - Deleted
C:\MPLFFFB.TMP - Deleted
C:\MPLFFFC.TMP - Deleted
C:\MPLFFFD.TMP - Deleted
C:\MPLFFFE.TMP - Deleted
C:\MPLFFFF.TMP - Deleted
C:\autorun.inf - Deleted
17 Février 2008 22:43:04

SI c'est vraiment trop long, upload le fichier et envoie moi le lien.
17 Février 2008 22:51:33

Re,

Peut-être d'autres fichiers infectieux, on va voir.

Télécharge Combofix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt
17 Février 2008 23:16:43

voila :


ComboFix 08-02-17.2 - Neeco 2008-02-17 23:01:11.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.443 [GMT 1:00]
Endroit: C:\Documents and Settings\Neeco\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

((((((((((((((((((((((((((((( Fichiers créés 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))))))))
.

2008-02-17 19:42 . 2008-02-17 19:42 <REP> d-------- C:\WINDOWS\ERUNT
2008-02-17 19:35 . 2008-02-17 21:25 <REP> d-------- C:\SDFix
2008-02-17 15:26 . 2008-02-17 21:56 <REP> d-------- C:\fixwareout
2008-02-17 15:16 . 2008-02-17 15:16 <REP> d-------- C:\Program Files\Trend Micro
2008-02-17 14:52 . 2008-02-17 13:03 3,511,570 --------- C:\WINDOWS\trz6.tmp
2008-02-13 16:51 . 2008-02-13 16:51 <REP> d-------- C:\Documents and Settings\Laulo\Application Data\ArcSoft
2008-01-27 22:07 . 2008-01-27 22:07 <REP> d-------- C:\Documents and Settings\Neeco\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 23:00 --------- d-----w C:\Program Files\DAEMON Tools
2008-02-15 20:52 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-15 20:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-15 09:00 --------- d-----w C:\Program Files\eMule
2008-01-27 21:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 21:07 --------- d-----w C:\Program Files\SanDisk
2008-01-10 07:37 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-06 10:51 --------- d-----w C:\Documents and Settings\Neeco\Application Data\.bittorrent
2007-12-30 22:16 --------- d-----w C:\Program Files\Ubi Soft
2007-12-30 14:52 --------- d-----w C:\Program Files\Soulseek-Test
2007-12-26 17:38 --------- d-----w C:\Documents and Settings\Laulo\Application Data\PlayFirst
2007-12-26 17:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-12-25 11:14 --------- d-----w C:\Documents and Settings\Neeco\Application Data\ArcSoft
2007-12-25 11:09 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft
2007-12-24 15:13 --------- d-----w C:\Program Files\Zylom Games
2007-12-24 15:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-10-16 18:30 44,920 ----a-w C:\Documents and Settings\Laulo\Application Data\GDIPFONTCACHEV1.DAT
2006-09-20 11:42 44,104 ----a-w C:\Documents and Settings\Neeco\Application Data\GDIPFONTCACHEV1.DAT
2006-04-16 20:20 4,560,476 ----a-w C:\Program Files\Movie Maker.zip
2006-02-01 22:16 500,496 ----a-w C:\Program Files\Jasc_Paint_Shop_Pro_v9.1.zip
2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-07 18:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"fsc-reminder.exe"="C:\WINDOWS\reminder\fsc-reminder.exe" [2005-01-19 17:10 28672]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2005-02-22 08:55 1611488]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-09-28 14:04 190024]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [ ]
"DialMessenger"="C:\Program Files\DialMessenger\dialmessenger.exe" [2007-08-09 17:49 6287360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-15 02:30 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-08-18 13:38 86016 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-07-26 15:54 2806784 C:\WINDOWS\ALCWZRD.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2005-11-07 22:16 143360]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 16:13 45056]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-01-22 16:17 180269]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43 83608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2002-08-20 15:00:00 83360]

R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2006-09-08 09:32]
R2 BBDemon;Backbone Service;"C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe" [2005-09-06 21:11]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-06-23 15:21]
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 08:12]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-15 18:55:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 23:05:46
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-17 23:09:25
.
2007-12-13 02:03:57 --- E O F ---
17 Février 2008 23:23:57

pardon j'ai oublié le hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:22:49, on 17/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults...*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453758 10
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DialMessenger] "C:\Program Files\DialMessenger\dialmessenger.exe" -background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-win...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4C34F4D-09A7-4EDD-B8F4-ECB5F03D3679}: NameServer = 85.255.113.123 85.255.112.184
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe

--
End of file - 10267 bytes
17 Février 2008 23:52:26

Re,

Télécharge OTMoveIt > Tuto <

Sauvegarde-le sur le Bureau

Séléctionne l'encadré ci-dessous
C:\WINDOWS\trz6.tmp
C:\WINDOWS\system32\Smab.dll

Lance maintenant OTMoveIt .
Assure toi que la case unregister dll’s and ocx’s soit cochée.
Deux cadres apparaissent , clique droit sur le cadre de gauche , puis colle l'encadré ci desssus.
Et clique sur Movelt !

Si le programme te demande de redemarrer, accepte.

Poste le rapport qui se trouve dans : C:\_OTMoveIt\MovedFiles\date de création!

NOTE : Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.

******

Télécharge et exécute : http://service1.symantec.com/SUPPORT/INTER/tsgeninfoint...
18 Février 2008 08:36:58

voici le rapport otmoveit :

C:\WINDOWS\trz6.tmp moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\Smab.dll
C:\WINDOWS\system32\Smab.dll NOT unregistered.
C:\WINDOWS\system32\Smab.dll moved successfully.

OTMoveIt2 v1.0.20 log created on 02182008_083501
18 Février 2008 10:15:07

Reposte un Hijackthis ?
Toujours des dysfonctionnements?
18 Février 2008 21:24:19

rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:21:08, on 18/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\SanDisk\Sansa Updater\SansaUpdater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults...*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453758 10
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DialMessenger] "C:\Program Files\DialMessenger\dialmessenger.exe" -background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-win...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4C34F4D-09A7-4EDD-B8F4-ECB5F03D3679}: NameServer = 85.255.113.123 85.255.112.184
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe

--
End of file - 10340 bytes



Apparemment non...plus de dysfonctionnement. Ca devrait etre le cas ?

Si mon problème est résolu peut tu me donner les clés pour bien me protéger a l'avenir ?

merci
18 Février 2008 22:46:31

Je ne sais pas si ca a un rapport mais lorsque je connecte une mp3 via le ports usb en facade jobtiens ce message d'erreur.
Aidez moi svpp :( 


19 Février 2008 12:47:07

Re,

On fait encore quelques opérations.
Je n'ai pas d'idée pour le moment pour ton problème de message d'erreur.

Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé et poste le rapport ici.
Le rapport se trouve ici : C:\rapport_clean.txt

Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
20 Février 2008 10:54:48

rapport :

19/02/2008 a 13:31:52,23

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\VVSN\" FOUND
*** Fin du rapport !


par contre kan j'essaye d'upload le fichier .zip il me dit que le fichier choisi est invalide
20 Février 2008 11:58:36

Re,

Télécharge AVG Anti-Spyware Installes-le.
Si le lien ne fonctionne pas : >Clique ici<
Lance AVG et fais une mise à jour.
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglet comment réagir, clique sur Actions recommandées. Choisis Quarantaine.
Ne fais pas d’analyse pour le moment.
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Relance Avg.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport". Ceci génère un rapport qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
Poste le ici.
&
Toujours en mode sans échec, relance clean et fais l'option 2, poste le rapport.
21 Février 2008 22:54:31

rapport avg :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 12:05:26 21/02/2008

+ Résultat de l'analyse:



:mozilla.129:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.130:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.131:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.100:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.101:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.102:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.103:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.104:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.105:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.106:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.107:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.108:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.109:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.110:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.111:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.112:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.113:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.114:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.255:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.431:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.569:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.627:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.737:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.97:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.98:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.99:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@fnac.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@mistergooddeal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@notrefamille.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@philips.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@sfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@himedia.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@nike.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@rakuten.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@shopping.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.550:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.551:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.552:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.396:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.397:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.398:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.399:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.400:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.401:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.402:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.403:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@adrevolver[1].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@media.adrevolver[3].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.528:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@adtech[1].txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.44:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.46:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.47:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.48:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.52:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.43:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@adviva[2].txt -> TrackingCookie.Adviva : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@adviva[2].txt -> TrackingCookie.Adviva : Nettoyé.
:mozilla.53:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Papa\Cookies\papa@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.75:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Papa\Cookies\papa@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.653:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.654:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.655:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.656:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.657:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.658:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@casalemedia[2].txt -> TrackingCookie.Casalemedia : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@promo.casinotropez[1].txt -> TrackingCookie.Casinotropez : Nettoyé.
:mozilla.739:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.740:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.741:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.742:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.743:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.744:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@dealtime[1].txt -> TrackingCookie.Dealtime : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Nettoyé.
:mozilla.32:C:\Documents and Settings\Laulo\Application Data\Mozilla\Firefox\Profiles\6s7m5up4.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.51:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Papa\Cookies\papa@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@enhance[1].txt -> TrackingCookie.Enhance : Nettoyé.
:mozilla.571:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Esomniture : Nettoyé.
:mozilla.673:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Esomniture : Nettoyé.
:mozilla.710:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Esomniture : Nettoyé.
:mozilla.711:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@e-2dj6wjkyuldzaaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@e-2dj6wjmyggazsgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
:mozilla.48:C:\Documents and Settings\Laulo\Application Data\Mozilla\Firefox\Profiles\6s7m5up4.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.76:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@www.etracker[2].txt -> TrackingCookie.Etracker : Nettoyé.
:mozilla.45:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.49:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.50:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.54:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.55:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@as1.falkag[1].txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.871:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.872:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@hit.gemius[1].txt -> TrackingCookie.Gemius : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@goclick[1].txt -> TrackingCookie.Goclick : Nettoyé.
:mozilla.774:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.821:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.428:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.429:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.430:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.55:C:\Documents and Settings\Laulo\Application Data\Mozilla\Firefox\Profiles\6s7m5up4.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.57:C:\Documents and Settings\Laulo\Application Data\Mozilla\Firefox\Profiles\6s7m5up4.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.608:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.842:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@ehg-foxmovies.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@ehg-hobsons.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@ehg-neuftelecom.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@ehg-warnerbrothers.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@ehg-onestopinternet.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Nettoyé.
:mozilla.65:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.66:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.690:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Nettoyé.
:mozilla.170:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.171:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.45:C:\Documents and Settings\Laulo\Application Data\Mozilla\Firefox\Profiles\6s7m5up4.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@mediaplex[2].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@mediaplex[2].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Papa\Cookies\papa@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@ie.search.msn[2].txt -> TrackingCookie.Msn : Nettoyé.
:mozilla.72:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
:mozilla.205:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.206:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.207:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@overture[2].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Papa\Cookies\papa@overture[2].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@ads-205.quarterserver[1].txt -> TrackingCookie.Quarterserver : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@questionmarket[2].txt -> TrackingCookie.Questionmarket : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@questionmarket[2].txt -> TrackingCookie.Questionmarket : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@realmedia[2].txt -> TrackingCookie.Realmedia : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@realmedia[2].txt -> TrackingCookie.Realmedia : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.353:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.34:C:\Documents and Settings\Laulo\Application Data\Mozilla\Firefox\Profiles\6s7m5up4.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.36:C:\Documents and Settings\Laulo\Application Data\Mozilla\Firefox\Profiles\6s7m5up4.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.37:C:\Documents and Settings\Laulo\Application Data\Mozilla\Firefox\Profiles\6s7m5up4.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.38:C:\Documents and Settings\Laulo\Application Data\Mozilla\Firefox\Profiles\6s7m5up4.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.39:C:\Documents and Settings\Laulo\Application Data\Mozilla\Firefox\Profiles\6s7m5up4.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.404:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.405:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.406:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.407:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.408:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.409:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.40:C:\Documents and Settings\Laulo\Application Data\Mozilla\Firefox\Profiles\6s7m5up4.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.412:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.41:C:\Documents and Settings\Laulo\Application Data\Mozilla\Firefox\Profiles\6s7m5up4.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@sexlist[2].txt -> TrackingCookie.Sexlist : Nettoyé.
:mozilla.17:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.18:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.19:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.20:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.21:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.44:C:\Documents and Settings\Laulo\Application Data\Mozilla\Firefox\Profiles\6s7m5up4.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Papa\Cookies\papa@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.167:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@valueclick[1].txt -> TrackingCookie.Valueclick : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@valueclick[2].txt -> TrackingCookie.Valueclick : Nettoyé.
:mozilla.342:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.343:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.345:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.47:C:\Documents and Settings\Laulo\Application Data\Mozilla\Firefox\Profiles\6s7m5up4.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Papa\Cookies\papa@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.573:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
C:\Documents and Settings\Papa\Cookies\papa@m.webtrends[1].txt -> TrackingCookie.Webtrends : Nettoyé.
:mozilla.498:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Nettoyé.
:mozilla.260:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.261:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.262:C:\Documents and Settings\Neeco\Application Data\Mozilla\Firefox\Profiles\rp2zppgs.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and Settings\Papa\Cookies\papa@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and Settings\Laulo\Cookies\laulo@zedo[2].txt -> TrackingCookie.Zedo : Nettoyé.
C:\Documents and Settings\Neeco\Cookies\neeco@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé.
C:\System Volume Information\_restore{9F2F8E19-0648-458D-A0B9-A611CFED9287}\RP710\A0053441.exe -> Trojan.Copier : Nettoyé.
C:\System Volume Information\_restore{9F2F8E19-0648-458D-A0B9-A611CFED9287}\RP710\A0053443.exe -> Trojan.Copyself : Nettoyé.
C:\System Volume Information\_restore{9F2F8E19-0648-458D-A0B9-A611CFED9287}\RP710\A0053440.exe -> Trojan.DNSChanger.hg : Nettoyé.
C:\Program Files\Dassault Systemes\B16\intel_a\resources\msgcatalog\German\CATMMediaCaptureSizeDialog.CATNls -> Trojan.Runner.i : Nettoyé.


Fin du rapport

21 Février 2008 22:55:31

rapport clean :


Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 21/02/2008 a 22:12:54,32

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32

*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\VVSN\"

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
21 Février 2008 22:56:56

Reposte un Hijackthis.
21 Février 2008 22:57:59

voila le rapport ;) 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:57:27, on 21/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults...*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453758 10
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DialMessenger] "C:\Program Files\DialMessenger\dialmessenger.exe" -background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-win...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4C34F4D-09A7-4EDD-B8F4-ECB5F03D3679}: NameServer = 85.255.113.123 85.255.112.184
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe

--
End of file - 10369 bytes
21 Février 2008 23:22:09

Re,

Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

Télécharge et installe Antivir. (tuto)
Pourquoi changer ? Avast vs Antivir
Vérifie qu’il soit bien à jour ! Fais une analyse complète, poste le rapport.
22 Février 2008 20:44:29

voici le rapport antivir :

AntiVir PersonalEdition Classic
Report file date: vendredi 22 février 2008 09:13

Scanning for 1119369 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Neeco
Computer name: RIABSAMEU

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 08:04:12
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 08:04:12
ANTIVIR3.VDF : 7.0.2.176 321024 Bytes 22/02/2008 08:04:12
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 22/02/2008 08:04:13
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 22/02/2008 08:04:13
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: K:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 22 février 2008 09:13

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
22 Février 2008 20:55:09

Rapport Incomplet.
22 Février 2008 20:56:33

Oups désolé voici la suite :

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] In the drive 'E:\' no data medium is inserted!
Boot sector 'F:\'
[NOTE] In the drive 'F:\' no data medium is inserted!
Boot sector 'G:\'
[NOTE] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[NOTE] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[NOTE] In the drive 'I:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( '38' files ).


Starting the file scan:

Begin scan in 'C:\' <441508>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\upload_moi_RIABSAMEU.tar.gz
[0] Archive type: GZ
--> upload_moi.tar
[1] Archive type: TAR (tape archiver)
--> _OTMoveIt/MovedFiles/02182008_083501/WINDOWS/trz6.tmp
[DETECTION] Contains detection pattern of the worm WORM/RJUMP.E
[INFO] The file was moved to '482a84bb.qua'!
C:\Program Files\eMule\Incoming\Oxmo.Puccino.-.Opéra.Puccino.-.tcs.PrEdAtOr.cw.-.Album.Complet.-.Hip.Hop.Rap.-.certifier.ok.par.Love-MP3.fr.st.par.ace
[0] Archive type: ACE
--> Oxmo puccino - Op‚ra puccino\Piste audio 18.mp3
[WARNING] Error creating the file
--> Oxmo puccino - Op‚ra puccino\Piste audio 01.mp3
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Program Files\eMule\Incoming\Reakwon - Only Built 4 Cuban.rar
[DETECTION] Contains detection pattern of the Windows virus W32/Elkern.C
[INFO] The file was moved to '481fb424.qua'!
C:\Program Files\Panda Security\NanoScan\Engine\psnflg.dll
[DETECTION] Is the Trojan horse TR/Agent.bux.1
[INFO] The file was moved to '482ccc84.qua'!
C:\WINDOWS\RavMonE.exe
[DETECTION] Contains detection pattern of the worm WORM/RJUMP.E
[INFO] The file was moved to '4834cde5.qua'!
C:\WINDOWS\system32\drivers\dtscsi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd0781.sys
[WARNING] The file could not be opened!
C:\_OTMoveIt\MovedFiles\02182008_083501\WINDOWS\trz6.tmp
[DETECTION] Contains detection pattern of the worm WORM/RJUMP.E
[INFO] The file was moved to '4838d2db.qua'!
Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'F:\'
Search path F:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'G:\'
Search path G:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'H:\'
Search path H:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'I:\'
Search path I:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'K:\' <Sims2EP3_1>


End of the scan: vendredi 22 février 2008 14:47
Used time: 5:34:07 min

The scan has been done completely.

11088 Scanning directories
592664 Files were scanned
5 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
5 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
592659 Files not concerned
8261 Archives were scanned
7 Warnings
46 Notes

22 Février 2008 21:22:04

Bien,

Toujours des dysfonctionnements ?
23 Février 2008 15:17:04

Apparemment non...
des alertes antivir pour me signaler des erreurs.

Suis je bien protéger a present ?
23 Février 2008 15:40:48

Re,

Reposte un Hijackthis.

N'oublie pas, la première protection, c'est toi ;) 
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS