Se connecter / S'enregistrer
Votre question

trojan w32.myzor FK@yf [ Résolu] (merci à Sham_Rock)

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
23 Janvier 2008 14:10:11

depuis hier soir jai un message ki safiche en me disan ke le virus w32.myzor FK@yf est dans mon ordi comment faire pour el suprimer svp aidez moi

Autres pages sur : trojan w32 myzor resolu merci sham rock

23 Janvier 2008 14:18:23

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:11:52, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\services.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Video Add-on\icmntr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Fichiers communs\AOL\1186962922\ee\AOLSoftware.exe
C:\PROGRA~1\FICHIE~1\NETTOY~1\GDCcw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\NettoyeurDePC\GDC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Bureau\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - C:\Program Files\Video Add-on\isfmdl.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb123\Dealio.dll
O2 - BHO: 100% Free Five Hundred Toolbar Helper - {6EA24EAD-2E33-43C3-B023-05FC1BA3C152} - C:\Program Files\100% Free Five Hundred Toolbar\v3.2.0.0\100%_Free_Five_Hundred_Toolbar.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - C:\Program Files\Helper\1201041858.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: 100% Free Five Hundred Toolbar - {73FB038C-943C-47EC-A324-635635F796D2} - C:\Program Files\100% Free Five Hundred Toolbar\v3.2.0.0\100%_Free_Five_Hundred_Toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb123\Dealio.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: IE Custom Tools - {C4DFA6F3-1245-41E5-8E60-7D31427F01B3} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1186962922\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [memo site kind that] C:\Documents and Settings\All Users\Application Data\Grid Blue Memo Site\loud free.exe
O4 - HKLM\..\Run: [rtasks] C:\Program Files\AntivirusFiable\rtasks.exe
O4 - HKLM\..\Run: [NettoyeurDePC] "C:\Program Files\NettoyeurDePC\GDC.exe"
O4 - HKLM\..\Run: [gdccw] "C:\PROGRA~1\FICHIE~1\NETTOY~1\GDCcw.exe" -start
O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk Trial\topdesk.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [mess atom] C:\DOCUME~1\User\APPLIC~1\SHOWBA~1\Ball Two.exe
O4 - HKCU\..\Run: [NettoyeurDePC] C:\Program Files\NettoyeurDePC\GDC.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b
O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\User\Application Data\Dealio\kb123\res\DealioSearch.html
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?fba3a27700a45daa7a75382f0bfc27f
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?fba3a27700a45daa7a75382f0bfc27f
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb123\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb123\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/curre...
O22 - SharedTaskScheduler: aposiopetic - {91316323-2ad5-4794-9589-52a2eaa60a68} - C:\WINDOWS\system32\shlahsd.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13827 bytes


merci de me rendre service et désolé pour le language sms
Contenus similaires
23 Janvier 2008 14:21:46

pas de soucis :) 

~Télécharge SmitfraudFix

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

~Dezippe la totalité de l'archive SmitfraudFix.zip
Recherche:
~Double clique sur SmitfraudFix.cmd
~Sélectionne 1 et presse Entrée dans le menu pour créer un rapport des fichiers responsables de l'infection. Le rapport se trouve à la racine du disque système C:\rapport.txt
~Poste ce rapport.
process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
23 Janvier 2008 14:26:35

SmitFraudFix v2.274

Rapport fait à 14:25:25,65, 23/01/2008
Executé à partir de C:\Documents and Settings\User\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\services.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Video Add-on\icmntr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Fichiers communs\AOL\1186962922\ee\AOLSoftware.exe
C:\PROGRA~1\FICHIE~1\NETTOY~1\GDCcw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\NettoyeurDePC\GDC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\User\Favoris

C:\DOCUME~1\User\Favoris\Online Security Test.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Helper\ PRESENT !
C:\Program Files\Video Add-on\ PRESENT !
C:\Program Files\VirusProtect 3.9\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{91316323-2ad5-4794-9589-52a2eaa60a68}"="aposiopetic"

[HKEY_CLASSES_ROOT\CLSID\{91316323-2ad5-4794-9589-52a2eaa60a68}\InProcServer32]
@="C:\WINDOWS\system32\shlahsd.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{91316323-2ad5-4794-9589-52a2eaa60a68}\InProcServer32]
@="C:\WINDOWS\system32\shlahsd.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte Fast Ethernet compatible VIA - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{70C967B2-8A3B-43B7-901B-37F88A58A5A2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{70C967B2-8A3B-43B7-901B-37F88A58A5A2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{70C967B2-8A3B-43B7-901B-37F88A58A5A2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

23 Janvier 2008 14:39:55

re

~Redémarre l'ordinateur en mode sans échec (F8 au démarrage de l'ordinateur)
http://www.malekal.com/modesansechec.php

~Double clique sur SmitfraudFix.cmd
~Sélectionne 2 et presse Entrée dans le menu pour supprimer les fichiers responsables de l'infection.
~Réponds Oui (o) à toutes les questions.
Un redémarrage sera peut être nécessaire pour terminer la procédure de nettoyage.
~Poste le nouveau rapport.

ajoute un nouveau log hijackthis
23 Janvier 2008 14:57:11

SmitFraudFix v2.274

Rapport fait à 14:51:09,93, 23/01/2008
Executé à partir de C:\Documents and Settings\User\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{91316323-2ad5-4794-9589-52a2eaa60a68}"="aposiopetic"

[HKEY_CLASSES_ROOT\CLSID\{91316323-2ad5-4794-9589-52a2eaa60a68}\InProcServer32]
@="C:\WINDOWS\system32\shlahsd.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{91316323-2ad5-4794-9589-52a2eaa60a68}\InProcServer32]
@="C:\WINDOWS\system32\shlahsd.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\shlahsd.dll -> Hoax.Win32.Renos.gen.o
C:\WINDOWS\system32\shlahsd.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url supprimé
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url supprimé
C:\DOCUME~1\User\Favoris\Online Security Test.url supprimé
C:\Program Files\Helper\ supprimé
C:\Program Files\Video Add-on\ supprimé
C:\Program Files\VirusProtect 3.9\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{70C967B2-8A3B-43B7-901B-37F88A58A5A2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{70C967B2-8A3B-43B7-901B-37F88A58A5A2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{70C967B2-8A3B-43B7-901B-37F88A58A5A2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


merci j'aurais jamais trouvé comment faire tout cela , c'est finit ou il faut encore installer ou faire d'autre chose ?
23 Janvier 2008 15:19:40

on continue :) 

1

Télécharge Lop S&D.exe sur ton bureau

  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
  • Séléctionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré ( C:\lopR.txt )

    ( Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )


    2

    Télécharge BTFix de Bibi26.
  • Dézippe l'archive sur ton Bureau.
  • Ouvre le dossier BTFix.
  • Double clique sur BTFix.exe.
  • Clique sur Rechercher.
  • Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
    23 Janvier 2008 15:23:20

    Voici le rapport avec Lop :
    -----------------------------[ Lop S&D 2.1.3 ]---------------------------

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : User ] [ "C:\Program Files\Lop SD" ]
    [ 23/01/2008 | 15:20:57,04 ] [ PC : USER-5887B793FA ]
    [ MAJ : 23-01-2008 | 13:16 ]

    -------------[ Listing des dossiers dans Application Data ]------------

    [19/07/2007|16:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\.
    [19/07/2007|16:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\..
    [19/07/2007|16:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
    [23/01/2008|14:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

    [18/01/2008|12:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
    [18/01/2008|12:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
    [15/09/2007|15:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [19/07/2007|16:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
    [16/01/2008|18:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Aliasworlds
    [13/10/2007|17:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
    [13/08/2007|00:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
    [26/07/2007|21:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
    [23/07/2007|21:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
    [19/07/2007|16:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
    [26/11/2007|20:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
    [26/12/2007|13:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\element5
    [28/08/2007|09:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Enc safe that grid
    [21/07/2007|13:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [20/09/2007|23:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grid Blue Memo Site
    [26/10/2007|14:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HipSoft
    [05/09/2007|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
    [13/01/2008|22:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
    [13/08/2007|00:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macromedia
    [22/09/2007|19:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [20/10/2007|12:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NannyMania
    [11/01/2008|17:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OrbNetworks
    [06/01/2008|16:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
    [19/01/2008|16:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    [06/01/2008|17:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
    [13/01/2008|18:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecretsOfOlympus
    [29/08/2007|14:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
    [22/01/2008|23:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [26/10/2007|19:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TERMINAL Studio
    [13/08/2007|00:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    [02/11/2007|19:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Winamp Toolbar
    [23/07/2007|22:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [23/07/2007|16:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
    [22/09/2007|14:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
    [29/08/2007|14:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

    [19/07/2007|16:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
    [19/07/2007|16:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
    [19/07/2007|16:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
    [19/07/2007|15:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [19/07/2007|15:26] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
    [19/07/2007|15:26] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
    [19/07/2007|15:20] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [19/07/2007|15:26] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
    [19/07/2007|15:26] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
    [19/07/2007|15:20] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [22/01/2008|23:51] C:\DOCUME~1\User\APPLIC~1\.
    [22/01/2008|23:51] C:\DOCUME~1\User\APPLIC~1\..
    [17/01/2008|20:36] C:\DOCUME~1\User\APPLIC~1\Adobe
    [26/12/2007|00:46] C:\DOCUME~1\User\APPLIC~1\AdobeUM
    [20/09/2007|22:55] C:\DOCUME~1\User\APPLIC~1\AntivirusFiable
    [13/10/2007|17:21] C:\DOCUME~1\User\APPLIC~1\AOL
    [26/12/2007|13:49] C:\DOCUME~1\User\APPLIC~1\ArcSoft
    [23/01/2008|13:57] C:\DOCUME~1\User\APPLIC~1\Corel
    [29/09/2007|15:41] C:\DOCUME~1\User\APPLIC~1\Dealio
    [19/07/2007|16:49] C:\DOCUME~1\User\APPLIC~1\desktop.ini
    [11/01/2008|16:54] C:\DOCUME~1\User\APPLIC~1\EoRezo
    [26/10/2007|12:39] C:\DOCUME~1\User\APPLIC~1\Gaijin Ent
    [01/11/2007|22:51] C:\DOCUME~1\User\APPLIC~1\GetRightToGo
    [04/10/2007|21:44] C:\DOCUME~1\User\APPLIC~1\Google
    [26/12/2007|14:25] C:\DOCUME~1\User\APPLIC~1\Help
    [18/01/2008|12:26] C:\DOCUME~1\User\APPLIC~1\Identities
    [21/09/2007|17:06] C:\DOCUME~1\User\APPLIC~1\install_fr[1].exe
    [21/09/2007|20:23] C:\DOCUME~1\User\APPLIC~1\installer_fr[1].exe
    [30/11/2007|13:25] C:\DOCUME~1\User\APPLIC~1\Jane s Hotel
    [13/01/2008|11:53] C:\DOCUME~1\User\APPLIC~1\LimeWire
    [19/11/2007|13:32] C:\DOCUME~1\User\APPLIC~1\Macromedia
    [08/12/2007|11:46] C:\DOCUME~1\User\APPLIC~1\Microsoft
    [13/08/2007|00:50] C:\DOCUME~1\User\APPLIC~1\Mozilla
    [19/07/2007|19:52] C:\DOCUME~1\User\APPLIC~1\MSNInstaller
    [06/11/2007|22:13] C:\DOCUME~1\User\APPLIC~1\My Games
    [21/09/2007|20:33] C:\DOCUME~1\User\APPLIC~1\NettoyeurDePC
    [23/01/2008|14:55] C:\DOCUME~1\User\APPLIC~1\OpenOffice.org2
    [06/01/2008|16:15] C:\DOCUME~1\User\APPLIC~1\PlayFirst
    [21/09/2007|17:06] C:\DOCUME~1\User\APPLIC~1\ProtectionConue
    [24/07/2007|17:22] C:\DOCUME~1\User\APPLIC~1\QuickZip45.ini
    [30/09/2007|18:22] C:\DOCUME~1\User\APPLIC~1\Real
    [21/07/2007|16:56] C:\DOCUME~1\User\APPLIC~1\Samsung
    [21/10/2007|09:31] C:\DOCUME~1\User\APPLIC~1\Sandlot Games
    [22/01/2008|20:44] C:\DOCUME~1\User\APPLIC~1\SecuROM
    [20/09/2007|23:31] C:\DOCUME~1\User\APPLIC~1\Showbatwin
    [27/08/2007|22:31] C:\DOCUME~1\User\APPLIC~1\Sun
    [04/09/2007|13:57] C:\DOCUME~1\User\APPLIC~1\vlc
    [02/11/2007|19:51] C:\DOCUME~1\User\APPLIC~1\Winamp
    [24/07/2007|23:42] C:\DOCUME~1\User\APPLIC~1\WinRAR
    [18/01/2008|12:26] C:\DOCUME~1\User\APPLIC~1\Zylom

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [23/01/2008 15:00][--ah-----] C:\WINDOWS\tasks\AB8DBCE9918A3251.job [--264--]
    [23/01/2008 15:07][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job [--256--]
    [23/01/2008 14:54][--ah-----] C:\WINDOWS\tasks\SA.DAT [--6--]
    [02/03/2006 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini [--65--]

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [23/01/2008|15:20] C:\Program Files\Lop SD
    [23/01/2008|15:20] C:\Program Files\..
    [23/01/2008|15:20] C:\Program Files\.
    [23/01/2008|14:55] C:\Program Files\Mozilla Firefox
    [22/01/2008|23:58] C:\Program Files\Winamp Remote
    [22/01/2008|23:51] C:\Program Files\Zylom Games
    [22/01/2008|20:19] C:\Program Files\InstallShield Installation Information
    [22/01/2008|20:07] C:\Program Files\KONAMI
    [19/01/2008|19:09] C:\Program Files\eMule
    [16/01/2008|14:18] C:\Program Files\EMS USB2
    [16/01/2008|10:15] C:\Program Files\Zero G Registry
    [15/01/2008|17:37] C:\Program Files\Wingen
    [11/01/2008|17:00] C:\Program Files\Winamp
    [11/01/2008|17:00] C:\Program Files\Winamp Toolbar
    [11/01/2008|16:55] C:\Program Files\LimeWire
    [11/01/2008|16:54] C:\Program Files\EoRezo
    [10/01/2008|22:53] C:\Program Files\Incomplete
    [08/01/2008|21:38] C:\Program Files\Movie Maker
    [08/01/2008|21:38] C:\Program Files\CamStudio
    [06/01/2008|17:33] C:\Program Files\Fichiers communs
    [03/01/2008|14:11] C:\Program Files\IncrediMail
    [26/12/2007|18:25] C:\Program Files\Micro Application
    [26/12/2007|13:47] C:\Program Files\ArcSoft
    [24/12/2007|17:44] C:\Program Files\Picasa2
    [18/12/2007|20:39] C:\Program Files\Dofus
    [16/12/2007|20:01] C:\Program Files\WinRAR
    [12/12/2007|22:53] C:\Program Files\Internet Explorer
    [10/12/2007|17:52] C:\Program Files\Audacity
    [08/12/2007|11:46] C:\Program Files\Macrogaming
    [01/12/2007|00:02] C:\Program Files\Windows Live Toolbar
    [26/11/2007|20:17] C:\Program Files\DVD Shrink
    [22/11/2007|20:21] C:\Program Files\Heliopolis
    [21/11/2007|22:15] C:\Program Files\Ankama Games
    [19/11/2007|13:21] C:\Program Files\nutri
    [17/11/2007|17:46] C:\Program Files\t@b
    [13/11/2007|14:47] C:\Program Files\NettoyeurDePC
    [06/11/2007|23:17] C:\Program Files\MSN Messenger
    [16/10/2007|16:13] C:\Program Files\directx
    [15/10/2007|20:26] C:\Program Files\Corel
    [13/10/2007|15:06] C:\Program Files\DofusArena2
    [11/10/2007|16:51] C:\Program Files\OpenOffice.org 2.3
    [11/10/2007|08:01] C:\Program Files\Free Easy Burner
    [04/10/2007|21:43] C:\Program Files\Google
    [29/09/2007|15:41] C:\Program Files\Dealio
    [25/09/2007|17:59] C:\Program Files\Viewpoint
    [23/09/2007|19:08] C:\Program Files\TopDesk Trial
    [22/09/2007|14:38] C:\Program Files\CCleaner
    [22/09/2007|14:38] C:\Program Files\Yahoo!
    [21/09/2007|20:59] C:\Program Files\Windows Media Player
    [21/09/2007|20:59] C:\Program Files\ProtectionConue
    [21/09/2007|20:59] C:\Program Files\AOL 8.0
    [20/09/2007|23:58] C:\Program Files\AOL 9.0 VR
    [20/09/2007|23:27] C:\Program Files\Alwil Software
    [15/09/2007|15:40] C:\Program Files\Adobe
    [14/09/2007|16:39] C:\Program Files\Showbatwin
    [04/09/2007|13:56] C:\Program Files\VideoLAN
    [27/08/2007|22:31] C:\Program Files\Java
    [27/08/2007|12:58] C:\Program Files\Windows Media Connect 2
    [27/08/2007|12:00] C:\Program Files\DreamQuest
    [22/08/2007|16:01] C:\Program Files\Messenger
    [13/08/2007|00:56] C:\Program Files\AOL
    [26/07/2007|21:38] C:\Program Files\Canon
    [26/07/2007|21:31] C:\Program Files\CanonBJ
    [24/07/2007|17:22] C:\Program Files\QuickZip4
    [24/07/2007|15:53] C:\Program Files\Ludiclub
    [23/07/2007|22:42] C:\Program Files\VCW VicMan's Photo Editor
    [23/07/2007|22:31] C:\Program Files\Photo Story 3 for Windows
    [23/07/2007|21:09] C:\Program Files\Web Photo Album
    [23/07/2007|16:59] C:\Program Files\Windows Live Favorites
    [22/07/2007|10:17] C:\Program Files\MSXML 4.0
    [21/07/2007|17:01] C:\Program Files\QuickTime
    [21/07/2007|16:33] C:\Program Files\Samsung
    [20/07/2007|19:48] C:\Program Files\Trust
    [20/07/2007|17:48] C:\Program Files\Outlook Express
    [20/07/2007|10:52] C:\Program Files\Nullsoft
    [19/07/2007|19:38] C:\Program Files\MSN
    [19/07/2007|19:34] C:\Program Files\Neuf
    [19/07/2007|16:13] C:\Program Files\Ahead
    [19/07/2007|15:56] C:\Program Files\VIA
    [19/07/2007|15:52] C:\Program Files\Realtek Sound Manager
    [19/07/2007|15:52] C:\Program Files\AvRack
    [19/07/2007|15:33] C:\Program Files\Uninstall Information
    [19/07/2007|15:21] C:\Program Files\xerox
    [19/07/2007|15:21] C:\Program Files\microsoft frontpage
    [19/07/2007|15:18] C:\Program Files\WindowsUpdate
    [19/07/2007|15:18] C:\Program Files\Services en ligne
    [19/07/2007|15:17] C:\Program Files\NetMeeting
    [19/07/2007|15:16] C:\Program Files\ComPlus Applications
    [19/07/2007|15:16] C:\Program Files\Online Services
    [19/07/2007|15:15] C:\Program Files\MSN Gaming Zone
    [19/07/2007|15:15] C:\Program Files\Windows NT

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    [06/01/2008|17:33] C:\Program Files\Fichiers communs\Sandlot Shared
    [06/01/2008|17:33] C:\Program Files\Fichiers communs\..
    [06/01/2008|17:33] C:\Program Files\Fichiers communs\.
    [26/12/2007|18:25] C:\Program Files\Fichiers communs\Micro Application Shared
    [26/12/2007|18:24] C:\Program Files\Fichiers communs\Microsoft Shared
    [26/12/2007|13:49] C:\Program Files\Fichiers communs\element5 Shared
    [17/12/2007|21:38] C:\Program Files\Fichiers communs\Blizzard Entertainment
    [15/10/2007|20:26] C:\Program Files\Fichiers communs\Corel
    [30/09/2007|18:22] C:\Program Files\Fichiers communs\Real
    [22/09/2007|08:58] C:\Program Files\Fichiers communs\Adobe
    [21/09/2007|20:27] C:\Program Files\Fichiers communs\NettoyeurDePC
    [17/09/2007|15:33] C:\Program Files\Fichiers communs\AOL
    [27/08/2007|22:30] C:\Program Files\Fichiers communs\Java
    [13/08/2007|00:56] C:\Program Files\Fichiers communs\aolshare
    [13/08/2007|00:56] C:\Program Files\Fichiers communs\Nullsoft
    [21/07/2007|16:32] C:\Program Files\Fichiers communs\InstallShield
    [20/07/2007|19:48] C:\Program Files\Fichiers communs\PCCamera
    [20/07/2007|19:13] C:\Program Files\Fichiers communs\ArcSoft
    [20/07/2007|17:48] C:\Program Files\Fichiers communs\System
    [20/07/2007|10:52] C:\Program Files\Fichiers communs\aolback
    [19/07/2007|16:10] C:\Program Files\Fichiers communs\Ahead
    [19/07/2007|15:17] C:\Program Files\Fichiers communs\Services
    [19/07/2007|15:17] C:\Program Files\Fichiers communs\MSSoap
    [18/07/2007|21:50] C:\Program Files\Fichiers communs\ODBC
    [18/07/2007|21:50] C:\Program Files\Fichiers communs\SpeechEngines

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst\dinerdash2
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst\dinerdashfloonthego
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst\dreamchronicles
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst\weddingdash
    C:\DOCUME~1\User\APPLIC~1\PlayFirst
    C:\DOCUME~1\User\APPLIC~1\PlayFirst\dinerdash
    C:\DOCUME~1\User\APPLIC~1\PlayFirst\dinerdash2
    C:\DOCUME~1\User\APPLIC~1\PlayFirst\dinerdashfloonthego
    C:\DOCUME~1\User\APPLIC~1\PlayFirst\dreamchronicles
    C:\DOCUME~1\User\APPLIC~1\PlayFirst\plantasia
    C:\DOCUME~1\User\APPLIC~1\PlayFirst\trijinx
    C:\DOCUME~1\User\APPLIC~1\PlayFirst\weddingdash
    C:\WINDOWS\Tasks\AB8DBCE9918A3251.job

    ----------------------[ Verification du Registre ]----------------------

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts MODIFIE

    127.0.0.1 localhost
    127.0.0.1 bin.errorprotector.com ## added by CiD
    127.0.0.1 br.errorsafe.com ## added by CiD
    127.0.0.1 br.winantivirus.com ## added by CiD
    127.0.0.1 br.winfixer.com ## added by CiD
    127.0.0.1 cdn.drivecleaner.com ## added by CiD
    127.0.0.1 cdn.errorsafe.com ## added by CiD
    127.0.0.1 cdn.winsoftware.com ## added by CiD
    127.0.0.1 de.errorsafe.com ## added by CiD
    127.0.0.1 de.winantivirus.com ## added by CiD
    127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
    127.0.0.1 download.cdn.errorsafe.com ## added by CiD
    127.0.0.1 download.cdn.winsoftware.com ## added by CiD
    127.0.0.1 download.errorsafe.com ## added by CiD
    127.0.0.1 download.systemdoctor.com ## added by CiD
    127.0.0.1 download.winantispyware.com ## added by CiD
    127.0.0.1 download.windrivecleaner.com ## added by CiD
    127.0.0.1 download.winfixer.com ## added by CiD
    127.0.0.1 drivecleaner.com ## added by CiD
    127.0.0.1 dynamique.drivecleaner.com ## added by CiD
    127.0.0.1 errorprotector.com ## added by CiD
    127.0.0.1 errorsafe.com ## added by CiD
    127.0.0.1 es.winantivirus.com ## added by CiD
    127.0.0.1 fr.winantivirus.com ## added by CiD
    127.0.0.1 fr.winfixer.com ## added by CiD
    127.0.0.1 go.drivecleaner.com ## added by CiD
    127.0.0.1 go.errorsafe.com ## added by CiD
    127.0.0.1 go.winantispyware.com ## added by CiD
    127.0.0.1 go.winantivirus.com ## added by CiD
    127.0.0.1 hk.winantivirus.com ## added by CiD
    127.0.0.1 instlog.errorsafe.com ## added by CiD
    127.0.0.1 instlog.winantivirus.com ## added by CiD
    127.0.0.1 instlog.winfixer.com ## added by CiD
    127.0.0.1 jsp.drivecleaner.com ## added by CiD
    127.0.0.1 kb.errorsafe.com ## added by CiD
    127.0.0.1 kb.winantivirus.com ## added by CiD
    127.0.0.1 nl.errorsafe.com ## added by CiD
    127.0.0.1 se.errorsafe.com ## added by CiD
    127.0.0.1 secure.drivecleaner.com ## added by CiD
    127.0.0.1 secure.errorsafe.com ## added by CiD
    127.0.0.1 secure.winantispam.com ## added by CiD
    127.0.0.1 secure.winantispy.com ## added by CiD
    127.0.0.1 secure.winantivirus.com ## added by CiD
    127.0.0.1 support.winantivirus.com ## added by CiD
    127.0.0.1 trial.updates.winsoftware.com ## added by CiD
    127.0.0.1 ulog.winantivirus.com ## added by CiD
    127.0.0.1 utils.errorsafe.com ## added by CiD
    127.0.0.1 utils.winantivirus.com ## added by CiD
    127.0.0.1 utils.winfixer.com ## added by CiD
    127.0.0.1 winantispyware.com ## added by CiD
    127.0.0.1 winantivirus.com ## added by CiD
    127.0.0.1 winfixer.com ## added by CiD
    127.0.0.1 winfixer2006.com ## added by CiD
    127.0.0.1 winsoftware.com ## added by CiD
    127.0.0.1 www.drivecleaner.com ## added by CiD
    127.0.0.1 www.errorprotector.com ## added by CiD
    127.0.0.1 www.errorsafe.com ## added by CiD
    127.0.0.1 www.systemdoctor.com ## added by CiD
    127.0.0.1 www.utils.winfixer.com ## added by CiD
    127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
    127.0.0.1 www.win-virus-pro.com ## added by CiD
    127.0.0.1 www.winantispam.com ## added by CiD
    127.0.0.1 www.winantispy.com ## added by CiD
    127.0.0.1 www.winantispyware.com ## added by CiD
    127.0.0.1 www.winantivirus.com ## added by CiD
    127.0.0.1 www.winantiviruspro.com ## added by CiD
    127.0.0.1 www.windrivecleaner.com ## added by CiD
    127.0.0.1 www.windrivesafe.com ## added by CiD
    127.0.0.1 www.winfixer.com ## added by CiD
    127.0.0.1 www.winfixer2006.com ## added by CiD
    127.0.0.1 www.winsoftware.com ## added by CiD

    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-23 15:22:28
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden files ...
    scan completed successfully
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    Aucune autre infection trouvée !

    /!\ [Fich:120][Doss:20] C:\DOCUME~1\User\LOCALS~1\Temp
    /!\ [Fich:129][Doss:0] C:\DOCUME~1\User\Cookies
    /!\ [Fich:7][Doss:7] C:\DOCUME~1\User\LOCALS~1\TEMPOR~1\content.IE5

    --------------------[ Fin du rapport a 15:22:34,07 ]----------------------
    23 Janvier 2008 15:25:05

    et voici le rapport de btfix :

    BTFix 1.071 (par bibi26) - 23/01/2008 15:24:26 - Analyse
    Lancé depuis C:\Documents and Settings\User\Bureau\BTFix\BTFix.exe

    ---> Fichiers/Dossiers trouvés

    - [Heuristique : Dealio Toolbar] C:\WINDOWS\Installer\14c7759.msi
    - C:\WINDOWS\Installer\{5BE93F0F-3143-4034-B57F-57848B386CA6}\
    - C:\Program Files\Dealio\
    - C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\
    - C:\Documents and Settings\User\Application Data\Dealio\
    - C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Dealio\

    ---> Analyse terminée
    23 Janvier 2008 15:27:04

    bien
    on continue le nettoyage:

    1

  • Ouvre BTFix.
  • Clique sur Nettoyer.
  • Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.


    2

    Relance Lop S&D

  • Choisis cette fois ci l'Option 2 ( Suppression )
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré ( C:\lopR.txt )

    ( Si le Bureau ne réapparît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )

    23 Janvier 2008 15:30:26

    Rapport de btfix :

    BTFix 1.071 (par bibi26) - 23/01/2008 15:29:05 - Nettoyage - Mode normal
    Lancé depuis C:\Documents and Settings\User\Bureau\BTFix\BTFix.exe

    ---> Fichiers/dossiers supprimés (Première passe)

    - Fichiers temporaires effacés
    - [Heuristique : Dealio Toolbar] C:\WINDOWS\Installer\14c7759.msi
    - C:\WINDOWS\Installer\{5BE93F0F-3143-4034-B57F-57848B386CA6}\
    - C:\Program Files\Dealio\kb123\res\
    - C:\Program Files\Dealio\kb123\resFF\
    - C:\Program Files\Dealio\kb123\rules\
    - C:\Program Files\Dealio\kb123\rulesFF\
    - C:\Program Files\Dealio\kb123\temp\
    - C:\Program Files\Dealio\kb123\
    - C:\Program Files\Dealio\
    - C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\CONTENT\
    - C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\LOCALE\EN-US\
    - C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\LOCALE\
    - C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\
    - C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\
    - C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\
    - C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\
    - C:\Documents and Settings\User\Application Data\Dealio\kb123\res\
    - C:\Documents and Settings\User\Application Data\Dealio\kb123\resFF\
    - C:\Documents and Settings\User\Application Data\Dealio\kb123\rules\
    - C:\Documents and Settings\User\Application Data\Dealio\kb123\rulesFF\
    - C:\Documents and Settings\User\Application Data\Dealio\kb123\temp\
    - C:\Documents and Settings\User\Application Data\Dealio\kb123\
    - C:\Documents and Settings\User\Application Data\Dealio\
    - C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Dealio\

    ---> Nettoyage terminé
    23 Janvier 2008 15:32:21

    et voila le second rapport :


    -----------------------------[ Lop S&D 2.1.3 ]---------------------------

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : User ] [ "C:\Program Files\Lop SD" ]
    [ 23/01/2008 | 15:30:42,60 ] [ PC : USER-5887B793FA ]
    [ MAJ : 23-01-2008 | 13:16 ]

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

    Echec ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst\dinerdash2
    Echec ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst\dinerdashfloonthego
    Echec ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst\dreamchronicles
    Echec ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst\weddingdash
    Echec ! - C:\DOCUME~1\User\APPLIC~1\PlayFirst\dinerdash
    Echec ! - C:\DOCUME~1\User\APPLIC~1\PlayFirst\dinerdash2
    Echec ! - C:\DOCUME~1\User\APPLIC~1\PlayFirst\dinerdashfloonthego
    Echec ! - C:\DOCUME~1\User\APPLIC~1\PlayFirst\dreamchronicles
    Echec ! - C:\DOCUME~1\User\APPLIC~1\PlayFirst\plantasia
    Echec ! - C:\DOCUME~1\User\APPLIC~1\PlayFirst\trijinx
    Echec ! - C:\DOCUME~1\User\APPLIC~1\PlayFirst\weddingdash
    Supprimé! - C:\WINDOWS\Tasks\AB8DBCE9918A3251.job
    Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
    Supprimé! - C:\DOCUME~1\User\APPLIC~1\PlayFirst
    Restauré! - Fichier Hosts

    //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    -------------[ Listing des dossiers dans Application Data ]------------

    [19/07/2007|16:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\.
    [19/07/2007|16:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\..
    [19/07/2007|16:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
    [23/01/2008|14:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

    [23/01/2008|15:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
    [23/01/2008|15:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
    [15/09/2007|15:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [19/07/2007|16:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
    [16/01/2008|18:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Aliasworlds
    [13/10/2007|17:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
    [13/08/2007|00:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
    [26/07/2007|21:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
    [23/07/2007|21:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
    [19/07/2007|16:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
    [26/11/2007|20:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
    [26/12/2007|13:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\element5
    [28/08/2007|09:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Enc safe that grid
    [21/07/2007|13:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [20/09/2007|23:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grid Blue Memo Site
    [26/10/2007|14:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HipSoft
    [05/09/2007|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
    [13/01/2008|22:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
    [13/08/2007|00:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macromedia
    [22/09/2007|19:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [20/10/2007|12:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NannyMania
    [11/01/2008|17:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OrbNetworks
    [19/01/2008|16:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    [06/01/2008|17:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
    [13/01/2008|18:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecretsOfOlympus
    [29/08/2007|14:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
    [22/01/2008|23:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [26/10/2007|19:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TERMINAL Studio
    [13/08/2007|00:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    [02/11/2007|19:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Winamp Toolbar
    [23/07/2007|22:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [23/07/2007|16:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
    [22/09/2007|14:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
    [29/08/2007|14:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

    [19/07/2007|16:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
    [19/07/2007|16:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
    [19/07/2007|16:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
    [19/07/2007|15:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [19/07/2007|15:26] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
    [19/07/2007|15:26] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
    [19/07/2007|15:20] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [19/07/2007|15:26] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
    [19/07/2007|15:26] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
    [19/07/2007|15:20] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [23/01/2008|15:30] C:\DOCUME~1\User\APPLIC~1\.
    [23/01/2008|15:30] C:\DOCUME~1\User\APPLIC~1\..
    [17/01/2008|20:36] C:\DOCUME~1\User\APPLIC~1\Adobe
    [26/12/2007|00:46] C:\DOCUME~1\User\APPLIC~1\AdobeUM
    [20/09/2007|22:55] C:\DOCUME~1\User\APPLIC~1\AntivirusFiable
    [13/10/2007|17:21] C:\DOCUME~1\User\APPLIC~1\AOL
    [26/12/2007|13:49] C:\DOCUME~1\User\APPLIC~1\ArcSoft
    [23/01/2008|13:57] C:\DOCUME~1\User\APPLIC~1\Corel
    [19/07/2007|16:49] C:\DOCUME~1\User\APPLIC~1\desktop.ini
    [11/01/2008|16:54] C:\DOCUME~1\User\APPLIC~1\EoRezo
    [26/10/2007|12:39] C:\DOCUME~1\User\APPLIC~1\Gaijin Ent
    [01/11/2007|22:51] C:\DOCUME~1\User\APPLIC~1\GetRightToGo
    [04/10/2007|21:44] C:\DOCUME~1\User\APPLIC~1\Google
    [26/12/2007|14:25] C:\DOCUME~1\User\APPLIC~1\Help
    [18/01/2008|12:26] C:\DOCUME~1\User\APPLIC~1\Identities
    [21/09/2007|17:06] C:\DOCUME~1\User\APPLIC~1\install_fr[1].exe
    [21/09/2007|20:23] C:\DOCUME~1\User\APPLIC~1\installer_fr[1].exe
    [30/11/2007|13:25] C:\DOCUME~1\User\APPLIC~1\Jane s Hotel
    [13/01/2008|11:53] C:\DOCUME~1\User\APPLIC~1\LimeWire
    [19/11/2007|13:32] C:\DOCUME~1\User\APPLIC~1\Macromedia
    [08/12/2007|11:46] C:\DOCUME~1\User\APPLIC~1\Microsoft
    [13/08/2007|00:50] C:\DOCUME~1\User\APPLIC~1\Mozilla
    [19/07/2007|19:52] C:\DOCUME~1\User\APPLIC~1\MSNInstaller
    [06/11/2007|22:13] C:\DOCUME~1\User\APPLIC~1\My Games
    [21/09/2007|20:33] C:\DOCUME~1\User\APPLIC~1\NettoyeurDePC
    [23/01/2008|14:55] C:\DOCUME~1\User\APPLIC~1\OpenOffice.org2
    [21/09/2007|17:06] C:\DOCUME~1\User\APPLIC~1\ProtectionConue
    [24/07/2007|17:22] C:\DOCUME~1\User\APPLIC~1\QuickZip45.ini
    [30/09/2007|18:22] C:\DOCUME~1\User\APPLIC~1\Real
    [21/07/2007|16:56] C:\DOCUME~1\User\APPLIC~1\Samsung
    [21/10/2007|09:31] C:\DOCUME~1\User\APPLIC~1\Sandlot Games
    [22/01/2008|20:44] C:\DOCUME~1\User\APPLIC~1\SecuROM
    [20/09/2007|23:31] C:\DOCUME~1\User\APPLIC~1\Showbatwin
    [27/08/2007|22:31] C:\DOCUME~1\User\APPLIC~1\Sun
    [04/09/2007|13:57] C:\DOCUME~1\User\APPLIC~1\vlc
    [02/11/2007|19:51] C:\DOCUME~1\User\APPLIC~1\Winamp
    [24/07/2007|23:42] C:\DOCUME~1\User\APPLIC~1\WinRAR
    [18/01/2008|12:26] C:\DOCUME~1\User\APPLIC~1\Zylom

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [23/01/2008 15:07][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job [--256--]
    [23/01/2008 14:54][--ah-----] C:\WINDOWS\tasks\SA.DAT [--6--]
    [02/03/2006 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini [--65--]

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [23/01/2008|15:30] C:\Program Files\Lop SD
    [23/01/2008|15:29] C:\Program Files\Mozilla Firefox
    [23/01/2008|15:29] C:\Program Files\..
    [23/01/2008|15:29] C:\Program Files\.
    [22/01/2008|23:58] C:\Program Files\Winamp Remote
    [22/01/2008|23:51] C:\Program Files\Zylom Games
    [22/01/2008|20:19] C:\Program Files\InstallShield Installation Information
    [22/01/2008|20:07] C:\Program Files\KONAMI
    [19/01/2008|19:09] C:\Program Files\eMule
    [16/01/2008|14:18] C:\Program Files\EMS USB2
    [16/01/2008|10:15] C:\Program Files\Zero G Registry
    [15/01/2008|17:37] C:\Program Files\Wingen
    [11/01/2008|17:00] C:\Program Files\Winamp
    [11/01/2008|17:00] C:\Program Files\Winamp Toolbar
    [11/01/2008|16:55] C:\Program Files\LimeWire
    [11/01/2008|16:54] C:\Program Files\EoRezo
    [10/01/2008|22:53] C:\Program Files\Incomplete
    [08/01/2008|21:38] C:\Program Files\Movie Maker
    [08/01/2008|21:38] C:\Program Files\CamStudio
    [06/01/2008|17:33] C:\Program Files\Fichiers communs
    [03/01/2008|14:11] C:\Program Files\IncrediMail
    [26/12/2007|18:25] C:\Program Files\Micro Application
    [26/12/2007|13:47] C:\Program Files\ArcSoft
    [24/12/2007|17:44] C:\Program Files\Picasa2
    [18/12/2007|20:39] C:\Program Files\Dofus
    [16/12/2007|20:01] C:\Program Files\WinRAR
    [12/12/2007|22:53] C:\Program Files\Internet Explorer
    [10/12/2007|17:52] C:\Program Files\Audacity
    [08/12/2007|11:46] C:\Program Files\Macrogaming
    [01/12/2007|00:02] C:\Program Files\Windows Live Toolbar
    [26/11/2007|20:17] C:\Program Files\DVD Shrink
    [22/11/2007|20:21] C:\Program Files\Heliopolis
    [21/11/2007|22:15] C:\Program Files\Ankama Games
    [19/11/2007|13:21] C:\Program Files\nutri
    [17/11/2007|17:46] C:\Program Files\t@b
    [13/11/2007|14:47] C:\Program Files\NettoyeurDePC
    [06/11/2007|23:17] C:\Program Files\MSN Messenger
    [16/10/2007|16:13] C:\Program Files\directx
    [15/10/2007|20:26] C:\Program Files\Corel
    [13/10/2007|15:06] C:\Program Files\DofusArena2
    [11/10/2007|16:51] C:\Program Files\OpenOffice.org 2.3
    [11/10/2007|08:01] C:\Program Files\Free Easy Burner
    [04/10/2007|21:43] C:\Program Files\Google
    [25/09/2007|17:59] C:\Program Files\Viewpoint
    [23/09/2007|19:08] C:\Program Files\TopDesk Trial
    [22/09/2007|14:38] C:\Program Files\CCleaner
    [22/09/2007|14:38] C:\Program Files\Yahoo!
    [21/09/2007|20:59] C:\Program Files\Windows Media Player
    [21/09/2007|20:59] C:\Program Files\ProtectionConue
    [21/09/2007|20:59] C:\Program Files\AOL 8.0
    [20/09/2007|23:58] C:\Program Files\AOL 9.0 VR
    [20/09/2007|23:27] C:\Program Files\Alwil Software
    [15/09/2007|15:40] C:\Program Files\Adobe
    [14/09/2007|16:39] C:\Program Files\Showbatwin
    [04/09/2007|13:56] C:\Program Files\VideoLAN
    [27/08/2007|22:31] C:\Program Files\Java
    [27/08/2007|12:58] C:\Program Files\Windows Media Connect 2
    [27/08/2007|12:00] C:\Program Files\DreamQuest
    [22/08/2007|16:01] C:\Program Files\Messenger
    [13/08/2007|00:56] C:\Program Files\AOL
    [26/07/2007|21:38] C:\Program Files\Canon
    [26/07/2007|21:31] C:\Program Files\CanonBJ
    [24/07/2007|17:22] C:\Program Files\QuickZip4
    [24/07/2007|15:53] C:\Program Files\Ludiclub
    [23/07/2007|22:42] C:\Program Files\VCW VicMan's Photo Editor
    [23/07/2007|22:31] C:\Program Files\Photo Story 3 for Windows
    [23/07/2007|21:09] C:\Program Files\Web Photo Album
    [23/07/2007|16:59] C:\Program Files\Windows Live Favorites
    [22/07/2007|10:17] C:\Program Files\MSXML 4.0
    [21/07/2007|17:01] C:\Program Files\QuickTime
    [21/07/2007|16:33] C:\Program Files\Samsung
    [20/07/2007|19:48] C:\Program Files\Trust
    [20/07/2007|17:48] C:\Program Files\Outlook Express
    [20/07/2007|10:52] C:\Program Files\Nullsoft
    [19/07/2007|19:38] C:\Program Files\MSN
    [19/07/2007|19:34] C:\Program Files\Neuf
    [19/07/2007|16:13] C:\Program Files\Ahead
    [19/07/2007|15:56] C:\Program Files\VIA
    [19/07/2007|15:52] C:\Program Files\Realtek Sound Manager
    [19/07/2007|15:52] C:\Program Files\AvRack
    [19/07/2007|15:33] C:\Program Files\Uninstall Information
    [19/07/2007|15:21] C:\Program Files\xerox
    [19/07/2007|15:21] C:\Program Files\microsoft frontpage
    [19/07/2007|15:18] C:\Program Files\WindowsUpdate
    [19/07/2007|15:18] C:\Program Files\Services en ligne
    [19/07/2007|15:17] C:\Program Files\NetMeeting
    [19/07/2007|15:16] C:\Program Files\ComPlus Applications
    [19/07/2007|15:16] C:\Program Files\Online Services
    [19/07/2007|15:15] C:\Program Files\MSN Gaming Zone
    [19/07/2007|15:15] C:\Program Files\Windows NT

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    [06/01/2008|17:33] C:\Program Files\Fichiers communs\Sandlot Shared
    [06/01/2008|17:33] C:\Program Files\Fichiers communs\..
    [06/01/2008|17:33] C:\Program Files\Fichiers communs\.
    [26/12/2007|18:25] C:\Program Files\Fichiers communs\Micro Application Shared
    [26/12/2007|18:24] C:\Program Files\Fichiers communs\Microsoft Shared
    [26/12/2007|13:49] C:\Program Files\Fichiers communs\element5 Shared
    [17/12/2007|21:38] C:\Program Files\Fichiers communs\Blizzard Entertainment
    [15/10/2007|20:26] C:\Program Files\Fichiers communs\Corel
    [30/09/2007|18:22] C:\Program Files\Fichiers communs\Real
    [22/09/2007|08:58] C:\Program Files\Fichiers communs\Adobe
    [21/09/2007|20:27] C:\Program Files\Fichiers communs\NettoyeurDePC
    [17/09/2007|15:33] C:\Program Files\Fichiers communs\AOL
    [27/08/2007|22:30] C:\Program Files\Fichiers communs\Java
    [13/08/2007|00:56] C:\Program Files\Fichiers communs\aolshare
    [13/08/2007|00:56] C:\Program Files\Fichiers communs\Nullsoft
    [21/07/2007|16:32] C:\Program Files\Fichiers communs\InstallShield
    [20/07/2007|19:48] C:\Program Files\Fichiers communs\PCCamera
    [20/07/2007|19:13] C:\Program Files\Fichiers communs\ArcSoft
    [20/07/2007|17:48] C:\Program Files\Fichiers communs\System
    [20/07/2007|10:52] C:\Program Files\Fichiers communs\aolback
    [19/07/2007|16:10] C:\Program Files\Fichiers communs\Ahead
    [19/07/2007|15:17] C:\Program Files\Fichiers communs\Services
    [19/07/2007|15:17] C:\Program Files\Fichiers communs\MSSoap
    [18/07/2007|21:50] C:\Program Files\Fichiers communs\ODBC
    [18/07/2007|21:50] C:\Program Files\Fichiers communs\SpeechEngines

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    Aucun fichier / dossier Lop trouvé !

    ----------------------[ Verification du Registre ]----------------------

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-23 15:31:18
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden files ...
    scan completed successfully
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    Aucune autre infection trouvée !

    /!\ [Fich:3][Doss:6] C:\DOCUME~1\User\LOCALS~1\Temp
    /!\ [Fich:129][Doss:0] C:\DOCUME~1\User\Cookies
    /!\ [Fich:7][Doss:7] C:\DOCUME~1\User\LOCALS~1\TEMPOR~1\content.IE5

    --------------------[ Fin du rapport a 15:31:23,75 ]----------------------
    23 Janvier 2008 15:33:50

    ok
    reposte un log hijackthis :) 
    23 Janvier 2008 15:34:57

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:34:35, on 23/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\services.exe
    C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Fichiers communs\AOL\1186962922\ee\AOLSoftware.exe
    C:\PROGRA~1\FICHIE~1\NETTOY~1\GDCcw.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\NettoyeurDePC\GDC.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Winamp Remote\bin\OrbTray.exe
    C:\Program Files\AOL 9.0 VR\waol.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Winamp Remote\bin\Orb.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\AOL 9.0 VR\shellmon.exe
    C:\WINDOWS\services.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\User\Bureau\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: (no name) - {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - C:\Program Files\Video Add-on\isfmdl.dll (file missing)
    O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: 100% Free Five Hundred Toolbar Helper - {6EA24EAD-2E33-43C3-B023-05FC1BA3C152} - C:\Program Files\100% Free Five Hundred Toolbar\v3.2.0.0\100%_Free_Five_Hundred_Toolbar.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - C:\Program Files\Helper\1201041858.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
    O3 - Toolbar: 100% Free Five Hundred Toolbar - {73FB038C-943C-47EC-A324-635635F796D2} - C:\Program Files\100% Free Five Hundred Toolbar\v3.2.0.0\100%_Free_Five_Hundred_Toolbar.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O3 - Toolbar: IE Custom Tools - {C4DFA6F3-1245-41E5-8E60-7D31427F01B3} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1186962922\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [memo site kind that] C:\Documents and Settings\All Users\Application Data\Grid Blue Memo Site\loud free.exe
    O4 - HKLM\..\Run: [rtasks] C:\Program Files\AntivirusFiable\rtasks.exe
    O4 - HKLM\..\Run: [NettoyeurDePC] "C:\Program Files\NettoyeurDePC\GDC.exe"
    O4 - HKLM\..\Run: [gdccw] "C:\PROGRA~1\FICHIE~1\NETTOY~1\GDCcw.exe" -start
    O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk Trial\topdesk.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [mess atom] C:\DOCUME~1\User\APPLIC~1\SHOWBA~1\Ball Two.exe
    O4 - HKCU\..\Run: [NettoyeurDePC] C:\Program Files\NettoyeurDePC\GDC.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b
    O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
    O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?fba3a27700a45daa7a75382f0bfc27f
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?fba3a27700a45daa7a75382f0bfc27f
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/curre...
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: License Management Service ESD - element5 - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --
    End of file - 12350 bytes
    23 Janvier 2008 15:37:39

    c'est quoi ça?
    C:\Program Files\AntivirusFiable\rtasks.exe
    C:\Program Files\NettoyeurDePC\GDC.exe
    23 Janvier 2008 15:39:23

    c'est des logiciel que j'avais installé en croyant bien faire mais ils n'avait pas réussi a supprimé le virus
    23 Janvier 2008 15:40:32

    donc je les integre à ma procédure de nettoyage
    (10 mn, le temps que je rédige)
    23 Janvier 2008 15:41:38

    d'accord pas de probleme
    23 Janvier 2008 15:51:26

    1

    ~Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.

    ~Lance Hijackthis “Do a system scan only”.
    Coche les lignes qui suivent si encore présentes et uniquement celles-là.

    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
    O2 - BHO: (no name) - {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - C:\Program Files\Video Add-on\isfmdl.dll (file missing)
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: 100% Free Five Hundred Toolbar Helper - {6EA24EAD-2E33-43C3-B023-05FC1BA3C152} - C:\Program Files\100% Free Five Hundred Toolbar\v3.2.0.0\100%_Free_Five_Hundred_Toolbar.dll (file missing)
    O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - C:\Program Files\Helper\1201041858.dll (file missing)
    O3 - Toolbar: 100% Free Five Hundred Toolbar - {73FB038C-943C-47EC-A324-635635F796D2} - C:\Program Files\100% Free Five Hundred Toolbar\v3.2.0.0\100%_Free_Five_Hundred_Toolbar.dll (file missing)
    O3 - Toolbar: IE Custom Tools - {C4DFA6F3-1245-41E5-8E60-7D31427F01B3} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)
    O4 - HKLM\..\Run: [memo site kind that] C:\Documents and Settings\All Users\Application Data\Grid Blue Memo Site\loud free.exe
    O4 - HKLM\..\Run: [rtasks] C:\Program Files\AntivirusFiable\rtasks.exe
    O4 - HKLM\..\Run: [NettoyeurDePC] "C:\Program Files\NettoyeurDePC\GDC.exe"
    O4 - HKLM\..\Run: [gdccw] "C:\PROGRA~1\FICHIE~1\NETTOY~1\GDCcw.exe" -start
    O4 - HKCU\..\Run: [mess atom] C:\DOCUME~1\User\APPLIC~1\SHOWBA~1\Ball Two.exe
    O4 - HKCU\..\Run: [NettoyeurDePC] C:\Program Files\NettoyeurDePC\GDC.exe
    O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)



    Clique sur Fix checked (en bas à gauche)

    2

    Sélectionne TOUS les emplacements en gras ci-dessous :

    C:\WINDOWS\system32\fservice.exe
    C:\Program Files\NettoyeurDePC\GDC.exe
    C:\DOCUME~1\User\APPLIC~1\SHOWBA~1
    C:\PROGRA~1\FICHIE~1\NETTOY~1\GDCcw.exe
    C:\Program Files\AntivirusFiable\rtasks.exe
    C:\Documents and Settings\All Users\Application Data\Grid Blue Memo Site
    C:\Program Files\Video Add-on
    C:\Program Files\100% Free Five Hundred Toolbar
    C:\Program Files\Helper
    C:\Program Files\EoRezo
    C:\WINDOWS\services.exe
    C:\Program Files\Showbatwin


    ---> Clique-droit puis Copier (ou Ctrl+C)

    Double-clique sur OTMoveIt.exe afin de le lancer.
    Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
    Clique maintenant sur MoveIt![/#f]

    [#ff0e00]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.

    Accepte en cliquant sur YES.

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log

    ->Informations sur le logiciel<-


    3

    Télécharge SDFix(créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    ***Si le lien ne fonctionne pas, essaie celui-ci : http://download.bleepingcomputer.com/andymanchesta/SDFi... ***

    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
  • Redémarre ton ordinateur
  • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
  • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
    23 Janvier 2008 16:07:28

    je bloque a létape 2 comment on fait pour sélectionner les élement car quand je vais dans poste de travail et que je vais dans l'emplacement du fichier et que je le copie je ne peut pas le coller donc a mon avis c pas comme ça que l'on fait , explique moi :) 
    23 Janvier 2008 16:13:05

    non, tu vas y passer des heures si tu fais comme ça.

    tu copies à partir du forum (ce qui est en gras)
    et tu colles dans OTMoveIt

    le pc va vouloir redémarrer, c'est sûr, fais le car sinon, ça ne marchera pas. (la supression ne se fera pas)
    23 Janvier 2008 16:20:07

    C:\WINDOWS\system32\fservice.exe moved successfully.
    C:\Program Files\NettoyeurDePC\GDC.exe moved successfully.
    C:\DOCUME~1\User\APPLIC~1\SHOWBA~1 moved successfully.
    C:\PROGRA~1\FICHIE~1\NETTOY~1\GDCcw.exe moved successfully.
    File/Folder C:\Program Files\AntivirusFiable\rtasks.exe not found.
    C:\Documents and Settings\All Users\Application Data\Grid Blue Memo Site moved successfully.
    File/Folder C:\Program Files\Video Add-on not found.
    File/Folder C:\Program Files\100% Free Five Hundred Toolbar not found.
    File/Folder C:\Program Files\Helper not found.
    C:\Program Files\EoRezo\EoAdv moved successfully.
    C:\Program Files\EoRezo moved successfully.
    File move failed. C:\WINDOWS\services.exe scheduled to be moved on reboot.
    C:\Program Files\Showbatwin moved successfully.

    Created on 01/23/2008 16:16:05

    voila le premier rapport
    23 Janvier 2008 16:35:39


    SDFix: Version 1.130

    Run by User on 23/01/2008 at 16:26

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\DOCUME~1\User\Bureau\SDFix

    Safe Mode:
    Checking Services:


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\dat.txt - Deleted
    C:\WINDOWS\ktd32.atm - Deleted
    C:\WINDOWS\rs.txt - Deleted
    C:\WINDOWS\services.exe - Deleted
    C:\WINDOWS\system32\fservice.exe - Deleted
    C:\WINDOWS\system32\reginv.dll - Deleted
    C:\WINDOWS\system32\winkey.dll - Deleted





    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-23 16:30:55
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...


    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 43


    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Program Files\\Fichiers communs\\AOL\\acs\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\acs\\AOLDial.exe:*:Enabled:AOL Autoconnect"
    "C:\\Program Files\\Fichiers communs\\AOL\\acs\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\acs\\AOLacsd.exe:*:Enabled:module de connexion AOL"
    "C:\\Program Files\\Fichiers communs\\AOL\\1186962922\\ee\\aolsoftware.exe"="C:\\Program Files\\Fichiers communs\\AOL\\1186962922\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components"
    "C:\\Program Files\\AOL 9.0 VR\\waol.exe"="C:\\Program Files\\AOL 9.0 VR\\waol.exe:*:Enabled:AOL"
    "C:\\Program Files\\Fichiers communs\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Fichiers communs\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
    "C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
    "C:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe:*:Enabled:AOL System Information"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:o rb"
    "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:o rbTray"
    "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:o rb Stream Client"
    "C:\\Documents and Settings\\User\\Local Settings\\Temporary Internet Files\\Content.IE5\\VPDVPDWQ\\incredimail_install[1].exe"="C:\\Documents and Settings\\User\\Local Settings\\Temporary Internet Files\\Content.IE5\\VPDVPDWQ\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
    "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
    "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    Remaining Files:
    ---------------

    File Backups: - C:\DOCUME~1\User\Bureau\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Wed 23 Apr 2003 49,221 A..H. --- "C:\Program Files\AOL 8.0\aolphx.exe"
    Wed 23 Apr 2003 36,937 A..H. --- "C:\Program Files\AOL 8.0\aoltray.exe"
    Wed 23 Apr 2003 40,960 A..H. --- "C:\Program Files\AOL 8.0\RBM.exe"
    Wed 23 Apr 2003 237,633 A..H. --- "C:\Program Files\AOL 8.0\waol.exe"
    Thu 21 Jun 2007 46,384 A..H. --- "C:\Program Files\AOL 9.0 VR\AOLphx.exe"
    Thu 24 May 2007 54,832 A..H. --- "C:\Program Files\AOL 9.0 VR\AOLphxex.exe"
    Thu 24 May 2007 33,328 A..H. --- "C:\Program Files\AOL 9.0 VR\rbm.exe"
    Sat 17 Nov 2007 4,909,088 ...H. --- "C:\Program Files\Picasa2\setup.exe"
    Fri 31 Mar 2006 350,764 ..SH. --- "C:\WINDOWS\system\sservice.exe"
    Mon 15 Oct 2007 168 ..SHR --- "C:\WINDOWS\system32\745A587F8C.sys"
    Wed 23 Jan 2008 3,350 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
    Wed 23 Apr 2003 49,223 A..H. --- "C:\Program Files\AOL 8.0\COMIT\cswitch.exe"
    Tue 5 Sep 2006 427,632 A..H. --- "C:\Program Files\Canon\Canon Setup Utility 2.3\Maint.exe"
    Thu 27 May 2004 61,440 A..H. --- "C:\Program Files\Canon\Canon Setup Utility 2.3\uinstrsc.dll"
    Tue 27 Mar 2007 10,240 ..SH. --- "C:\Program Files\DreamQuest\Free Five Hundred\DQUninstall.exe"
    Fri 31 Mar 2006 350,764 A.SH. --- "C:\_OTMoveIt\MovedFiles\WINDOWS\services.exe"
    Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BITB.tmp"
    Fri 31 Mar 2006 350,764 A.SH. --- "C:\_OTMoveIt\MovedFiles\WINDOWS\system32\fservice.exe"
    Mon 13 Aug 2007 96,072 ...H. --- "C:\Program Files\Fichiers communs\AOL\TopSpeed\3.0\WBUnins.exe"

    Finished!


    le second rapport
    23 Janvier 2008 16:36:52

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:35:49, on 23/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Fichiers communs\AOL\1186962922\ee\AOLSoftware.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Winamp Remote\bin\OrbTray.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Winamp Remote\bin\Orb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\User\Bureau\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O3 - Toolbar: IE Custom Tools - {C4DFA6F3-1245-41E5-8E60-7D31427F01B3} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1186962922\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk Trial\topdesk.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
    O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?fba3a27700a45daa7a75382f0bfc27f
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?fba3a27700a45daa7a75382f0bfc27f
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/curre...
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: License Management Service ESD - element5 - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --
    End of file - 10716 bytes


    et le rapport Hijackthis
    23 Janvier 2008 17:25:36

    c finit ?
    23 Janvier 2008 19:15:01

    Citation :
    c finit ?

    ça devient bon :) 

    je voudrais vérifier quelque chose.

    relance Hijackthis et fixchecked (comme tu as fait tout à l'heure)
    O3 - Toolbar: IE Custom Tools - {C4DFA6F3-1245-41E5-8E60-7D31427F01B3} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)
    O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe


    puis supprime avec OTMoveIt :

    C:\Program Files\Video Add-on
    C:\WINDOWS\system32\fservice.exe


    poste un nouveau log Hijackthis et le nouveau rapport OTMoveIt
    24 Janvier 2008 20:22:43

    voila j'ai fait les 2 manipulation , voila le rapport de OTMoveIt :

    File/Folder C:\Program Files\Video Add-on not found.
    File/Folder C:\WINDOWS\system32\fservice.exe not found.

    Created on 01/24/2008 20:20:38



    et celui de Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:22:29, on 24/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Fichiers communs\AOL\1186962922\ee\AOLSoftware.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Winamp Remote\bin\OrbTray.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Winamp Remote\bin\Orb.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\User\Bureau\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1186962922\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk Trial\topdesk.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
    O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?fba3a27700a45daa7a75382f0bfc27f
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?fba3a27700a45daa7a75382f0bfc27f
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/curre...
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: License Management Service ESD - element5 - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --
    End of file - 10527 bytes
    24 Janvier 2008 21:02:48

    alors ça commence a etre bon la jespere ? :) 
    24 Janvier 2008 21:27:38

    bonsoir
    relance hijackthis et fixchecked:
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe

    redémarre le pc et reposte un log hijackthis
    24 Janvier 2008 21:38:58

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:33:38, on 24/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Fichiers communs\AOL\1186962922\ee\AOLSoftware.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Winamp Remote\bin\OrbTray.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Winamp Remote\bin\Orb.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\User\Bureau\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1186962922\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk Trial\topdesk.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
    O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?fba3a27700a45daa7a75382f0bfc27f
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?fba3a27700a45daa7a75382f0bfc27f
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/curre...
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: License Management Service ESD - element5 - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --
    End of file - 10376 bytes
    24 Janvier 2008 22:09:48

    bien
    maintenant, tu installes un antivirus :D 

    Antivir.

    tu fais un scan avec et tu postes le rapport.

    -->Tuto<--
    24 Janvier 2008 23:51:47



    AntiVir PersonalEdition Classic
    Report file date: jeudi 24 janvier 2008 23:08

    Scanning for 1067417 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: User
    Computer name: USER-5887B793FA

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 21:50:25
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 21:50:26
    ANTIVIR2.VDF : 7.0.2.0 948736 Bytes 15/01/2008 21:50:26
    ANTIVIR3.VDF : 7.0.2.43 376832 Bytes 24/01/2008 21:50:26
    AVEWIN32.DLL : 7.6.0.53 3211776 Bytes 24/01/2008 21:50:28
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 24/01/2008 21:50:28
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Manual Selection
    Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: E:,
    Scan memory......................: off
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
    Macro heuristic..................: on
    File heuristic...................: medium
    Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

    Start of the scan: jeudi 24 janvier 2008 23:08

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    12 processes with 12 modules were scanned

    Start scanning boot sectors:
    Boot sector 'A:\'
    [NOTE] In the drive 'A:\' no data medium is inserted!
    Boot sector 'C:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '35' files ).


    Starting the file scan:

    Begin scan in 'A:\'
    Search path A:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\User\Application Data\installer_fr[1].exe
    [DETECTION] Contains detection pattern of the SPR/Dldr.WinFixer.Z.19 program
    [INFO] The file was deleted!
    C:\Documents and Settings\User\Application Data\install_fr[1].exe
    [DETECTION] Contains detection pattern of the SPR/Dldr.WinFixer.Z.12 program
    [INFO] The file was deleted!
    C:\Documents and Settings\User\Bureau\Bureau\clean\pskill.exe
    [DETECTION] Contains detection pattern of the application APPL/Tool.PsKill.2
    [INFO] The file was deleted!
    C:\Documents and Settings\User\Bureau\Bureau\SmitfraudFix\Reboot.exe
    [DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program
    [INFO] The file was deleted!
    C:\Documents and Settings\User\Bureau\Bureau\SmitfraudFix\restart.exe
    [DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program
    [INFO] The file was deleted!
    C:\Documents and Settings\User\Bureau\la star\Nétoyage\catchme.zip
    [0] Archive type: ZIP
    --> services.exe
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Prorat.RC Backdoor server programs
    --> fservice.exe
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Prorat.RC Backdoor server programs
    --> reginv.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Probat.B.77.A Backdoor server programs
    --> winkey.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Probat.bs.DLL2 Backdoor server programs
    [INFO] The file was deleted!
    C:\Documents and Settings\User\Bureau\la star\Nétoyage\SmitfraudFix.exe
    [0] Archive type: RAR SFX (self extracting)
    --> SmitfraudFix\Reboot.exe
    [DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program
    --> SmitfraudFix\restart.exe
    [DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program
    [INFO] The file was deleted!
    C:\Documents and Settings\User\Bureau\la star\Nétoyage\SDFix\backups\backups.zip
    [0] Archive type: ZIP
    --> backups/fservice.exe
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Prorat.RC Backdoor server programs
    --> backups/reginv.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Probat.B.77.A Backdoor server programs
    --> backups/services.exe
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Prorat.RC Backdoor server programs
    --> backups/winkey.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Probat.bs.DLL2 Backdoor server programs
    [INFO] The file was deleted!
    C:\Documents and Settings\User\Bureau\la star\Nétoyage\SmitfraudFix\Reboot.exe
    [DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program
    [INFO] The file was deleted!
    C:\Documents and Settings\User\Bureau\la star\Nétoyage\SmitfraudFix\restart.exe
    [DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program
    [INFO] The file was deleted!
    C:\Documents and Settings\User\Bureau\la star\pes\PC GAME - PES - Pro Evolution Soccer 2008 - CRACK NO CD + [TEST OK] + KEYGEN\Crack.exe
    [DETECTION] Contains detection pattern of the dropper DR/Prorat.19.I.57
    [INFO] The file was deleted!
    C:\Program Files\NettoyeurDePC\secure_del.dll
    [DETECTION] Contains detection pattern of the application APPL/PCDriveTool
    [INFO] The file was deleted!
    C:\Program Files\NettoyeurDePC\updater.exe
    [DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.SanitarDiska.A
    [INFO] The file was deleted!
    C:\Program Files\Wingen\conf.dll
    [DETECTION] Contains detection pattern of the IRC virus IRC/Wingen
    [INFO] The file was deleted!
    C:\Program Files\Wingen\service.exe
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Iroffer.1228 Backdoor server programs
    [INFO] The file was deleted!
    C:\Program Files\Wingen\system.exe
    [DETECTION] Contains detection pattern of the SPR/Servu.25 program
    [INFO] The file was deleted!
    C:\WINDOWS\system\sservice.exe
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Prorat.19.I Backdoor server programs
    [INFO] The file was deleted!
    C:\WINDOWS\system32\drivers\Wingen\conf.dll
    [DETECTION] Contains detection pattern of the IRC virus IRC/Wingen
    [INFO] The file was deleted!
    C:\WINDOWS\system32\drivers\Wingen\LSASS.exe
    [DETECTION] Contains detection pattern of the SPR/HideWindows.H program
    [INFO] The file was deleted!
    C:\WINDOWS\system32\drivers\Wingen\server.exe
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Prorat.19.I Backdoor server programs
    [INFO] The file was deleted!
    C:\WINDOWS\system32\drivers\Wingen\service.exe
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Iroffer.1228 Backdoor server programs
    [INFO] The file was deleted!
    C:\WINDOWS\system32\drivers\Wingen\system.exe
    [DETECTION] Contains detection pattern of the SPR/Servu.25 program
    [INFO] The file was deleted!
    C:\_OTMoveIt\MovedFiles\Program Files\FICHIE~1\NETTOY~1\GDCcw.exe
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [INFO] The file was deleted!
    C:\_OTMoveIt\MovedFiles\Program Files\NettoyeurDePC\GDC.exe
    [DETECTION] Contains detection pattern of the SPR/WinFixer.O program
    [INFO] The file was deleted!
    C:\_OTMoveIt\MovedFiles\WINDOWS\services.exe
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Prorat.19.I Backdoor server programs
    [INFO] The file was deleted!
    C:\_OTMoveIt\MovedFiles\WINDOWS\system32\fservice.exe
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Prorat.19.I Backdoor server programs
    [INFO] The file was deleted!
    Begin scan in 'D:\'
    Search path D:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'E:\'
    Search path E:\ could not be opened!
    Le périphérique n'est pas prêt.



    End of the scan: jeudi 24 janvier 2008 23:47
    Used time: 39:05 min

    The scan has been done completely.

    8385 Scanning directories
    332538 Files were scanned
    33 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    26 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    332505 Files not concerned
    2187 Archives were scanned
    1 Warnings
    0 Notes


    voila le rapport , je vous fait également un rapport Hijackthis
    24 Janvier 2008 23:52:30

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:52:10, on 24/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Fichiers communs\AOL\1186962922\ee\AOLSoftware.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Winamp Remote\bin\OrbTray.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Winamp Remote\bin\Orb.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\User\Bureau\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1186962922\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk Trial\topdesk.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
    O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?fba3a27700a45daa7a75382f0bfc27f
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?fba3a27700a45daa7a75382f0bfc27f
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/curre...
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: License Management Service ESD - element5 - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --
    End of file - 11018 bytes
    25 Janvier 2008 00:16:10

    alors chef ça s'annonce bien ?
    25 Janvier 2008 00:21:32

    bonsoir
    tu as vu ou était logé Prorat?
    Citation :
    C:\Documents and Settings\User\Bureau\la star\pes\PC GAME - PES - Pro Evolution Soccer 2008 - CRACK NO CD + [TEST OK] + KEYGEN\Crack.exe
    [DETECTION] Contains detection pattern of the dropper DR/Prorat.19.I.57


    tu as encore des soucis?
    25 Janvier 2008 00:27:47

    ok il s'était bien mis quelque part ou on ne s'en douté pas . en tout cas si tout est finit merci beaucoup , super travail bonne continuation et j'espere pas a bientot enfin si je revient c'est que j'ai d'autre probleme donc c'est pas bon signe ;) 
    25 Janvier 2008 11:54:34

    bonjour

    Supprime tous les programmes installés pour la désinfection.

    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.



    :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS