Se connecter / S'enregistrer
Votre question

Gros bug sur msn

Tags :
  • msn
  • Sécurité
Dernière réponse : dans Sécurité et virus
4 Juillet 2007 11:25:43

Salut,

Alors je vien de chopé un virus qui me bousille mon msn...

Il m'a été transmit par un de mes contacts, ça dit : haha je vient de prendre une pose de ma soeur nue en cachette avec ma webcam sans fil regarde ca ***edite par Angeldark***? :D 

J'ai cliqué sur le lien et PAF après le téléchargement le message a été envoyé à tout mes contacts connectés et puis mtn quand j'ouvre ma fenetre msn pour me conecté la souris bloque et je suis obligé de tout redémarer pour la déblocké et si par hasard j'arive a me conecté le message du virus est envoiyé à tout mes contact et ma session se déconnect toute seul.

Si vous avez un moyen de suprimé ce virus répondez moi vite s'il vous plaît !!! :( 

Autres pages sur : gros bug msn

a b 8 Sécurité
4 Juillet 2007 12:03:17

Bonjour,

Tu cliques sur un lien où un contact te dit qu'il a pris une photo de sa soeur nue ? -_-'

Télécharge Hijackthis (de Merjin).
Dézippe-le dans un dossier ou sur ton Bureau.

Lance l'application (Hijackthis.exe) :
- Choisis l'option "Do a system scan and save a logfile"
- Le Bloc-Notes s'ouvre, poste son contenu :

  • Edition / Sélectionner tout
  • Edition / Copier
  • Clique-Droit / Coller dans ta réponse

    AIDE : Tuto en vidéo sur Hijackthis
    4 Juillet 2007 21:11:43

    Voilà le contenu du bloc-notes merci de bien vouloir m'aider! (oui :S g cliké sur ce lien )

    Logfile of HijackThis v1.99.1
    Scan saved at 09:09:40, on 04/07/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\SuperCopier\SuperCopier.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\System32\LVComS.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\dllcache\winmga.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    c:\winsfr.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\System32\bhnoxecu.exe
    C:\WINDOWS\System32\jytamcqd.exe
    C:\WINDOWS\System32\hqrjcjhm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\Program Files\7-Zip\7zFM.exe
    C:\DOCUME~1\Eddy\LOCALS~1\Temp\7zO2A.tmp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [carpediem] C:\Program Files\Lemoncast\lemoncast.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ANTE HOLD META WINDOW] C:\Documents and Settings\All Users\Application Data\user bash ante hold\AdminDeaf.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\System32\xbxofrsf.dll",realset
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [memoonce] C:\DOCUME~1\Eddy\APPLIC~1\VGACOP~1\pileoneteam.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm408YY...
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yins...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - http://scripts.dlv4.com/binaries/IA/svcia32_FR_XP.cab
    O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://centraus1.englishtown.com/main/Install/en/US/Cen...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: DomainService - - C:\WINDOWS\System32\bhnoxecu.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\System32\dllcache\winmga.exe

    Contenus similaires
    a b 8 Sécurité
    4 Juillet 2007 22:02:46

    Re,

    Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    5 Juillet 2007 00:10:06

    Voilà les copier/coller ! Merci encore de t'occupé de ça pour moi



    VundoFix V6.5.4

    Checking Java version...

    Java version is 1.5.0.10

    Scan started at 11:41:49 04/07/2007

    Listing files found while scanning....

    C:\windows\system32\bayxx.bak1
    C:\windows\system32\bayxx.ini
    C:\windows\system32\bhnoxecu.exe
    C:\WINDOWS\System32\fsrfoxbx.ini
    C:\windows\system32\nsaiwnkd.dll
    C:\WINDOWS\System32\qomkhhh.dll
    C:\WINDOWS\System32\upfeawuk.dll
    C:\windows\system32\urqpnmk.dll
    C:\windows\system32\wvuspop.dll
    C:\WINDOWS\System32\xbxofrsf.dll
    C:\WINDOWS\System32\xxyab.dll
    C:\windows\system32\yaywwut.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\bayxx.bak1
    C:\windows\system32\bayxx.bak1 Has been deleted!

    Attempting to delete C:\windows\system32\bayxx.ini
    C:\windows\system32\bayxx.ini Has been deleted!

    Attempting to delete C:\windows\system32\bhnoxecu.exe
    C:\windows\system32\bhnoxecu.exe Could not be deleted.

    Attempting to delete C:\WINDOWS\System32\fsrfoxbx.ini
    C:\WINDOWS\System32\fsrfoxbx.ini Has been deleted!

    Attempting to delete C:\windows\system32\nsaiwnkd.dll
    C:\windows\system32\nsaiwnkd.dll Has been deleted!

    Attempting to delete C:\WINDOWS\System32\qomkhhh.dll
    C:\WINDOWS\System32\qomkhhh.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\System32\upfeawuk.dll
    C:\WINDOWS\System32\upfeawuk.dll Has been deleted!

    Attempting to delete C:\windows\system32\urqpnmk.dll
    C:\windows\system32\urqpnmk.dll Has been deleted!

    Attempting to delete C:\windows\system32\wvuspop.dll
    C:\windows\system32\wvuspop.dll Has been deleted!

    Attempting to delete C:\WINDOWS\System32\xbxofrsf.dll
    C:\WINDOWS\System32\xbxofrsf.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\System32\xxyab.dll
    C:\WINDOWS\System32\xxyab.dll Could not be deleted.

    Attempting to delete C:\windows\system32\yaywwut.dll
    C:\windows\system32\yaywwut.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\windows\system32\bhnoxecu.exe
    C:\windows\system32\bhnoxecu.exe Could not be deleted.

    Attempting to delete C:\WINDOWS\System32\qomkhhh.dll
    C:\WINDOWS\System32\qomkhhh.dll Has been deleted!

    Attempting to delete C:\WINDOWS\System32\xbxofrsf.dll
    C:\WINDOWS\System32\xbxofrsf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\System32\xxyab.dll
    C:\WINDOWS\System32\xxyab.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...


    Logfile of HijackThis v1.99.1
    Scan saved at 12:07:50, on 04/07/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\SuperCopier\SuperCopier.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\WINDOWS\System32\LVComS.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\bhnoxecu.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\dllcache\winmga.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    c:\winsfr.exe
    C:\Program Files\7-Zip\7zFM.exe
    C:\DOCUME~1\Eddy\LOCALS~1\Temp\7zO2.tmp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
    O2 - BHO: (no name) - {058B310F-F6D5-4F90-B57E-470938F394E2} - C:\WINDOWS\System32\xxyab.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: (no name) - {7116DE13-DA6C-8E26-8EE5-4022A30099EA} - C:\DOCUME~1\Eddy\APPLIC~1\MESSWA~1\CompSkip.exe (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [carpediem] C:\Program Files\Lemoncast\lemoncast.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ANTE HOLD META WINDOW] C:\Documents and Settings\All Users\Application Data\user bash ante hold\AdminDeaf.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [memoonce] C:\DOCUME~1\Eddy\APPLIC~1\VGACOP~1\pileoneteam.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm408YY...
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yins...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - http://scripts.dlv4.com/binaries/IA/svcia32_FR_XP.cab
    O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://centraus1.englishtown.com/main/Install/en/US/Cen...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: DomainService - - C:\WINDOWS\System32\bhnoxecu.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\System32\dllcache\winmga.exe
    5 Juillet 2007 11:31:04

    ...Et ensuite je fais quoi? :S
    a b 8 Sécurité
    5 Juillet 2007 11:56:37

    Tu peux patienter ?

  • Télécharge combofix.exe (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    5 Juillet 2007 22:46:43

    "Eddy" - 2007-07-05 10:16:30 - ComboFix 07-07-04.4 - Service Pack 1

    /wow section - STAGE #3

    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\hggff.dll
    C:\WINDOWS\system32\ssqomml.dll
    C:\WINDOWS\system32\tuxebnjw.dll
    C:\WINDOWS\system32\vnallspq.dll
    C:\WINDOWS\system32\hqrjcjhm.exe
    C:\WINDOWS\system32\inpbarxv.exe
    C:\WINDOWS\system32\jytamcqd.exe
    C:\WINDOWS\system32\ffggh.bak1
    C:\WINDOWS\system32\ffggh.ini
    C:\WINDOWS\system32\qpsllanv.ini
    C:\WINDOWS\system32\ffggh.bak1
    C:\WINDOWS\system32\ffggh.ini
    C:\WINDOWS\system32\nnnnmlk.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\Eddy\MENUDM~1.\crazy girls.lnk
    C:\Program Files\instant access
    C:\Program Files\instant access\Center\Crazy Girls.lnk
    C:\Program Files\instant access\DesktopIcons\Crazy Girls.lnk
    C:\Program Files\instant access\Multi\20060713230719\Common\module.php
    C:\Program Files\instant access\Multi\20060713230719\dialerexe.ini
    C:\Program Files\instant access\Multi\20060713230719\instant access.exe
    C:\Program Files\instant access\Multi\20060713230719\js\js_api_dialer.php
    C:\Program Files\instant access\Multi\20060713230719\medias\4250_dialer.ico
    C:\Program Files\instant access\Multi\20060713230719\medias\button1.gif
    C:\Program Files\instant access\Multi\20060713230719\medias\button2.gif
    C:\Program Files\instant access\Multi\20060713230719\medias\button3.gif
    C:\Program Files\instant access\Multi\20060713230719\medias\button4.gif
    C:\WINDOWS\system32\bhnoxecu.exe
    C:\WINDOWS\system32\brufjtts.exe


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_DOMAINSERVICE
    -------\DomainService


    ((((((((((((((((((((((((( Files Created from 2007-06-05 to 2007-07-05 )))))))))))))))))))))))))))))))


    2007-07-05 10:15 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-05 06:53 <REP> d-------- C:\WINDOWS\LastGood.Tmp
    2007-07-04 11:41 <REP> d-------- C:\VundoFix Backups
    2007-07-04 09:04 <REP> d-------- C:\Program Files\7-Zip
    2007-07-03 20:54 <REP> d-------- C:\Program Files\MSN Messenger
    2007-07-03 18:27 209,533 --a------ C:\winsfr.exe
    2007-07-03 11:52 209,453 --a------ C:\winbgt.exe
    2007-07-01 10:03 <REP> d-------- C:\Program Files\Windows Live


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-04 04:48:52 -------- d-----w C:\Program Files\MessengerPlus! 3
    2007-07-01 20:03:23 -------- d-----w C:\Program Files\Messenger Plus! Live
    2007-06-30 00:20:16 -------- d-----w C:\Program Files\PokerStars
    2007-05-24 08:52:32 -------- d-----w C:\DOCUME~1\Eddy\APPLIC~1\Skype
    2007-05-20 19:16:19 -------- d-----w C:\DOCUME~1\Eddy\APPLIC~1\VgaCopyMulti
    2007-05-20 19:14:05 -------- d-----w C:\Program Files\VgaCopyMulti
    2007-05-07 07:00:07 -------- d-----w C:\DOCUME~1\Eddy\APPLIC~1\Audacity
    2007-05-06 09:34:53 -------- d-----w C:\DOCUME~1\Eddy\APPLIC~1\dvdcss
    2005-07-31 08:01:09 56 -csh--r C:\WINDOWS\system32\848AF4AA62.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{058B310F-F6D5-4F90-B57E-470938F394E2}]
    C:\WINDOWS\System32\xxyab.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2004-12-14 01:56 63136 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}]
    2006-11-05 16:44 548992 -ra------ C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
    2007-03-30 13:31 722472 --a------ C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7116DE13-DA6C-8E26-8EE5-4022A30099EA}]
    C:\DOCUME~1\Eddy\APPLIC~1\MESSWA~1\CompSkip.exe

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2006-11-09 15:21 440056 --a------ C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    2006-04-17 13:32 323904 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
    2004-08-13 17:42 155648 --a------ C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    2007-01-19 23:56 2436160 -ra------ c:\program files\google\googletoolbar2.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    2007-06-15 17:00 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
    2006-01-17 16:04 282624 --a------ C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-08-29 14:17]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-08-29 14:20]
    "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07]
    "carpediem"="C:\Program Files\Lemoncast\lemoncast.exe" []
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
    "ANTE HOLD META WINDOW"="C:\Documents and Settings\All Users\Application Data\user bash ante hold\AdminDeaf.exe" [2007-05-20 09:15]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-07-03 18:48]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-30 02:00]
    "SuperCopier.exe"="C:\Program Files\SuperCopier\SuperCopier.exe" [2003-04-24 12:03]
    "MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" []
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-13 20:24]
    "memoonce"="C:\DOCUME~1\Eddy\APPLIC~1\VGACOP~1\pileoneteam.exe" [2007-05-20 09:14]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-07-03 18:48]
    "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 17:00]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{93994DE8-8239-4655-B1D1-5F4E91300429}"="C:\PROGRA~1\DVDREG~1\DVDShell.dll" [2003-08-26 10:58]


    Contents of the 'Scheduled Tasks' folder
    2007-07-05 20:00:00 C:\WINDOWS\tasks\8FAC6C6EB4DBE6AE.job
    2007-07-03 16:41:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-05 10:29:18
    Windows 5.1.2600 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************

    Completion time: 2007-07-05 10:31:08 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-05 10:30

    --- E O F ---

    Voilà voilà ! Merci encore :) 
    a b 8 Sécurité
    6 Juillet 2007 11:49:00

    Re,

    Télécharge Navilog1.exe (IL-MAFIOSO)
    Enregistre-le sur ton Bureau.
    Lance l'installation en double cliquant sur navilog.exe.
    Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
    (Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

    Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
    [#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
    Patiente jusqu'à l'apparition de ce message :
    "*** Analyse Termine le ..... ***"
    Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

    -> Edition / Sélectionner tout
    -> Edition / Copier
    -> Clique-Droit / Coller dans ta réponse


    NOTE : Le rapport se trouve également ici : C:\fixnavi.txt
    6 Juillet 2007 12:59:50

    Search Navipromo version 2.0.5 commencé le 06/07/2007 à 0:45:59,32

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Poster ce rapport sur le forum pour le faire analyser !!!
    !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

    Fix lancé depuis C:\Program Files\navilog1
    Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO

    Executé en mode normal

    *** Recherche Programmes installes ***




    *** Recherche dossiers dans C:\WINDOWS ***




    *** Recherche dossiers dans C:\Program Files ***




    *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




    *** Recherche dossiers dans C:\Documents and Settings\Eddy\Application Data ***



    *** Recherche avec BlackLight Engine/F-secure ***
    BlackLight Engine est un produit de F-secure, pour + d'infos :
    http://www.f-secure.com/blacklight/blacklight_help.html


    F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
    ======================================

    Copyright 2005-2006 F-Secure Corporation. All rights reserved.
    This is a beta version. It will expire on 1st of October, 2007.
    Version information: 2.2.1064.

    [+] Started on 07/06/07 at 00:46:00.
    [+] Initializing ...
    [+] Starting scan, press Ctrl-C to abort.
    [+] Scanning for hidden items ....................................................................................
    [+] Scan complete.
    [+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
    [+] Exited on 07/06/07 at 00:56:00 (return code = 0).


    *** Recherche fichiers ***


    C:\WINDOWS\tmlpcert2007 trouvé !
    C:\WINDOWS\system32\egaccess4_1063.dll trouvé !
    C:\WINDOWS\system32\svcia32.dll trouvé !


    *** Recherche cles registre ***


    Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]



    Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]



    Recherche Clé Magic Control



    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche fichiers connus:


    2)Recherche Heuristique :
    *
    **
    ***
    ****
    *****
    ******
    *******
    ********

    3)Recherche Certificats :

    Certificat Egroup trouvé !


    *** Analyse Terminé le 06/07/2007 à 0:56:40,02 ***

    Voilà ! :) 
    a b 8 Sécurité
    6 Juillet 2007 13:13:02

    Re,

    Double clique sur le raccourci de Navilog1 présent sur ton Bureau.
    Suis les instructions. Choisis ensuite l'option 2 puis valide.
    Laisse toi guider et réponds aux questions éventuelles.

    L'utilitaire va t'informer qu'il va redémarrer l'ordinateur.
    [#ff0000]**Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts**[/#f]
    Appuie maintenant sur une touche, comme demandé.
    (si ton PC ne redémarre pas automatiquement, fais-le manuellement)

    Patiente jusqu'à l'apparition de ce message :
    "*** Nettoyage Termine le ..... ***"

    Le Bloc-notes va s'ouvrir.
    Sauvegarde le rapport de manière à le retrouver.
    Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

    NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
    Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
    Tape explorer puis valide.

    Poste le rapport sauvegardé auparavant (C:\cleannavi.txt)
    Ainsi qu'un nouveau rapport Hijackthis.
    6 Juillet 2007 13:33:26

    Clean Navipromo version 2.0.5 commencé le 06/07/2007 à 1:23:29,32

    Fix lancé depuis C:\Program Files\navilog1
    Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO

    Mode suppression automatique avec prise en charge résultats Blacklight



    *** fsbl1.txt non trouvé ***
    (Assurez-vous que Blacklight n'avait rien trouvé lors de la recherche)


    *** Suppression dossiers dans C:\WINDOWS ***


    *** Suppression dossiers dans C:\Program Files ***


    *** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***


    *** Suppression dossiers dans C:\Documents and Settings\Eddy\Application Data ***



    *** Suppression fichiers ***

    C:\WINDOWS\tmlpcert2007 supprimé !
    C:\WINDOWS\system32\egaccess4_1063.dll supprimé !
    C:\WINDOWS\system32\svcia32.dll supprimé !

    *** Suppression fichiers temporaires ***

    Nettoyage contenu C:\WINDOWS\Temp effectué !
    Nettoyage contenu C:\Documents and Settings\Eddy\Local Settings\Temp effectué !


    *** Sauvegarde du registre vers dossier Backupnavi***


    sauvegarde du registre réalise avec succes !


    *** Nettoyage registre ***


    Nettoyage registre Ok

    *** Traitement Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche fichiers connus:


    2)Recherche et Suppression Heuristique :

    *
    **
    ***
    ****
    *****
    ******
    *******
    ********

    3)Contrôle présence clés Rootkit dans le registre :

    Aucune autre clés présente dans le registre !

    4)Certificats :

    Certificat Egroup supprimé !

    *** Nettoyage termine le 06/07/2007 à 1:28:42,16 ***


    Logfile of HijackThis v1.99.1
    Scan saved at 01:31:56, on 06/07/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\dllcache\winmga.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\NOTEPAD.EXE
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\7-Zip\7zFM.exe
    C:\DOCUME~1\Eddy\LOCALS~1\Temp\7zO2.tmp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O2 - BHO: (no name) - {058B310F-F6D5-4F90-B57E-470938F394E2} - C:\WINDOWS\System32\xxyab.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: (no name) - {7116DE13-DA6C-8E26-8EE5-4022A30099EA} - C:\DOCUME~1\Eddy\APPLIC~1\MESSWA~1\CompSkip.exe (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [carpediem] C:\Program Files\Lemoncast\lemoncast.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ANTE HOLD META WINDOW] C:\Documents and Settings\All Users\Application Data\user bash ante hold\AdminDeaf.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [memoonce] C:\DOCUME~1\Eddy\APPLIC~1\VGACOP~1\pileoneteam.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm408YY...
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yins...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://centraus1.englishtown.com/main/Install/en/US/Cen...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\System32\dllcache\winmga.exe

    Les 2 rapport sont là !
    7 Juillet 2007 00:13:21

    Est-ce que si je suis allé sur ma session ça change tout ? :S
    a b 8 Sécurité
    7 Juillet 2007 12:55:31

    Non. Refais un scan Combofix.
    8 Juillet 2007 06:51:20

    C'est le bloc notes apparut après le scan.

    "Eddy" - 2007-07-07 18:42:30 - ComboFix 07-07-04.4 - Service Pack 1

    /wow section - STAGE #3

    ((((((((((((((((((((((((( Files Created from 2007-06-08 to 2007-07-08 )))))))))))))))))))))))))))))))


    2007-07-06 00:44 <REP> d-------- C:\Program Files\Navilog1
    2007-07-05 10:15 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-04 11:41 <REP> d-------- C:\VundoFix Backups
    2007-07-04 09:04 <REP> d-------- C:\Program Files\7-Zip
    2007-07-03 20:54 <REP> d-------- C:\Program Files\MSN Messenger
    2007-07-03 18:27 209,533 --a------ C:\winsfr.exe
    2007-07-03 11:52 209,453 --a------ C:\winbgt.exe
    2007-07-01 10:03 <REP> d-------- C:\Program Files\Windows Live


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-08 04:15:02 -------- d-----w C:\DOCUME~1\Eddy\APPLIC~1\Skype
    2007-07-05 20:31:55 367,658 ----a-w C:\WINDOWS\system32\perfh00C.dat
    2007-07-05 20:31:54 48,616 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2007-07-04 04:48:52 -------- d-----w C:\Program Files\MessengerPlus! 3
    2007-07-01 20:03:23 -------- d-----w C:\Program Files\Messenger Plus! Live
    2007-06-30 00:20:16 -------- d-----w C:\Program Files\PokerStars
    2007-05-20 19:16:19 -------- d-----w C:\DOCUME~1\Eddy\APPLIC~1\VgaCopyMulti
    2007-05-20 19:14:05 -------- d-----w C:\Program Files\VgaCopyMulti
    2005-07-31 08:01:09 56 -csh--r C:\WINDOWS\system32\848AF4AA62.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{058B310F-F6D5-4F90-B57E-470938F394E2}]
    C:\WINDOWS\System32\xxyab.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2004-12-14 01:56 63136 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}]
    2006-11-05 16:44 548992 -ra------ C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
    2007-03-30 13:31 722472 --a------ C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7116DE13-DA6C-8E26-8EE5-4022A30099EA}]
    C:\DOCUME~1\Eddy\APPLIC~1\MESSWA~1\CompSkip.exe

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2006-11-09 15:21 440056 --a------ C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    2006-04-17 13:32 323904 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
    2004-08-13 17:42 155648 --a------ C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    2007-01-19 23:56 2436160 -ra------ c:\program files\google\googletoolbar2.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    2007-06-15 17:00 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
    2006-01-17 16:04 282624 --a------ C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-08-29 14:17]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-08-29 14:20]
    "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07]
    "carpediem"="C:\Program Files\Lemoncast\lemoncast.exe" []
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
    "ANTE HOLD META WINDOW"="C:\Documents and Settings\All Users\Application Data\user bash ante hold\AdminDeaf.exe" [2007-05-20 09:15]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-07-03 18:48]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-30 02:00]
    "SuperCopier.exe"="C:\Program Files\SuperCopier\SuperCopier.exe" [2003-04-24 12:03]
    "MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" []
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-13 20:24]
    "memoonce"="C:\DOCUME~1\Eddy\APPLIC~1\VGACOP~1\pileoneteam.exe" [2007-05-20 09:14]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-07-03 18:48]
    "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 17:00]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{93994DE8-8239-4655-B1D1-5F4E91300429}"="C:\PROGRA~1\DVDREG~1\DVDShell.dll" [2003-08-26 10:58]


    Contents of the 'Scheduled Tasks' folder
    2007-07-08 04:00:00 C:\WINDOWS\tasks\8FAC6C6EB4DBE6AE.job
    2007-07-03 16:41:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-07 18:46:22
    Windows 5.1.2600 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    scan completed successfully
    hidden files: 2295

    **************************************************************************

    Completion time: 2007-07-07 18:47:24
    C:\ComboFix-quarantined-files.txt ... 2007-07-07 18:46
    C:\ComboFix2.txt ... 2007-07-05 10:31

    --- E O F ---
    a b 8 Sécurité
    8 Juillet 2007 12:41:54

    Re,

    Supprime :
    C:\winsfr.exe
    C:\winbgt.exe

    Reposte un rapport Hiackthis.
    8 Juillet 2007 15:30:14

    J'arrive pas à supprimer C:\winsfr.exe on me dit qu'il est impossible de le suprimer (accès refusé) "vérifiez que le disque n'est pas plein ou protégé en écriture,et que le fichier n'est pas utilisé actuellement" et il veut pas partir !!! comment je fais ?
    a b 8 Sécurité
    8 Juillet 2007 16:12:46

    En mode sans échec ?
    9 Juillet 2007 11:09:19

    C'est bon tout est parti ! :)  et voilà le rapport!

    Logfile of HijackThis v1.99.1
    Scan saved at 23:02:48, on 08/07/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\ormjokxu.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\dllcache\winmga.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\SuperCopier\SuperCopier.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\System32\LVComS.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\wuauclt.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
    C:\Program Files\7-Zip\7zFM.exe
    C:\DOCUME~1\Eddy\LOCALS~1\Temp\7zO3.tmp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [carpediem] C:\Program Files\Lemoncast\lemoncast.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ANTE HOLD META WINDOW] C:\Documents and Settings\All Users\Application Data\user bash ante hold\AdminDeaf.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\System32\vsqrkaof.dll",realset
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [memoonce] C:\DOCUME~1\Eddy\APPLIC~1\VGACOP~1\pileoneteam.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm408YY...
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yins...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://centraus1.englishtown.com/main/Install/en/US/Cen...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: DomainService - - C:\WINDOWS\System32\ormjokxu.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\System32\dllcache\winmga.exe

    a b 8 Sécurité
    9 Juillet 2007 13:02:14

    Re,

    Désinstalle SweetIM.

    Télécharge LopResearch.zip
    Dézippe-le sur ton Bureau uniquement.
    Ouvre le dossier LopResearch puis double-clique sur le Scan.bat.
    Un rapport sera généré, poste son contenu ici.
    9 Juillet 2007 14:16:51

    Rapport fait à 2:09:30,46 le 09/07/2007

    Le volume dans le lecteur C s'appelle GOGOLE
    Le num‚ro de s‚rie du volume est 9869-E3E1

    R‚pertoire de C:\Documents and Settings\All Users\Application Data

    14/03/2007 03:53 <REP> Google
    11/12/2006 16:13 <REP> DVD Shrink
    19/01/2006 10:07 <REP> Adobe
    11/01/2006 20:55 <REP> user bash ante hold
    11/01/2006 20:54 <REP> Messenger Plus!
    23/11/2005 19:06 <REP> Yahoo! Companion
    13/11/2005 11:40 <REP> Skype
    24/10/2005 07:38 <REP> Trymedia
    14/10/2005 14:21 <REP> BOONTY
    20/08/2005 07:49 <REP> MSN6
    26/07/2005 19:44 <REP> Windows Genuine Advantage
    26/07/2005 08:47 <REP> Apple Computer
    22/07/2005 22:01 <REP> Real
    19/07/2005 20:03 <REP> Kaspersky Anti-Virus Personal
    18/07/2005 13:24 62 desktop.ini
    18/07/2005 13:24 <REP> Microsoft
    18/07/2005 13:24 <REP> .
    18/07/2005 13:24 <REP> ..
    1 fichier(s) 62 octets
    17 R‚p(s) 7297146880 octets libres
    Le volume dans le lecteur C s'appelle GOGOLE
    Le num‚ro de s‚rie du volume est 9869-E3E1

    R‚pertoire de C:\Documents and Settings\Default User\Application Data

    18/07/2005 13:24 62 desktop.ini
    18/07/2005 13:24 <REP> Microsoft
    18/07/2005 13:24 <REP> ..
    18/07/2005 13:24 <REP> .
    1 fichier(s) 62 octets
    3 R‚p(s) 7297146880 octets libres
    Le volume dans le lecteur C s'appelle GOGOLE
    Le num‚ro de s‚rie du volume est 9869-E3E1

    R‚pertoire de C:\Documents and Settings\Eddy\Application Data

    06/05/2007 20:25 <REP> Audacity
    25/03/2007 11:10 <REP> Screenshot Sender
    14/03/2007 08:08 <REP> Google
    05/02/2007 12:48 <REP> Sun
    26/07/2006 21:36 <REP> dvdcss
    29/04/2006 17:56 <REP> 7Wonders
    11/01/2006 20:54 <REP> VgaCopyMulti
    19/12/2005 16:20 <REP> FotoWire
    16/12/2005 13:17 <REP> vlc
    09/11/2005 11:06 <REP> funkitron
    19/10/2005 21:33 <REP> CyberLink
    08/10/2005 19:08 <REP> Morpheus
    29/09/2005 18:03 19560 GDIPFONTCACHEV1.DAT
    20/08/2005 07:49 <REP> MSN6
    10/08/2005 15:40 <REP> AdobeUM
    07/08/2005 20:31 <REP> Skype
    05/08/2005 23:26 <REP> Adobe
    29/07/2005 01:59 <REP> Ahead
    28/07/2005 21:55 <REP> Macromedia
    28/07/2005 21:49 <REP> Mozilla
    26/07/2005 08:48 <REP> Apple Computer
    22/07/2005 22:05 <REP> Media Player Classic
    22/07/2005 22:01 <REP> Real
    19/07/2005 05:23 <REP> Identities
    19/07/2005 05:22 62 desktop.ini
    19/07/2005 05:22 <REP> Microsoft
    19/07/2005 05:22 <REP> .
    19/07/2005 05:22 <REP> ..
    2 fichier(s) 19622 octets
    26 R‚p(s) 7297146880 octets libres
    ******************************************
    Recherche des taches planifiées dans C:\WINDOWS\tasks

    Le volume dans le lecteur C s'appelle GOGOLE
    Le num‚ro de s‚rie du volume est 9869-E3E1

    R‚pertoire de C:\WINDOWS\Tasks

    20/05/2007 09:16 268 8FAC6C6EB4DBE6AE.job
    01/11/2006 18:43 284 AppleSoftwareUpdate.job
    19/07/2005 01:16 6 SA.DAT
    19/07/2005 01:13 65 desktop.ini
    19/07/2005 01:13 <REP> ..
    19/07/2005 01:13 <REP> .
    4 fichier(s) 623 octets
    2 R‚p(s) 7ÿ297ÿ146ÿ880 octets libres

    ******************************************
    Listing des dossiers dans C:\Program Files

    7 Wonders
    7-Zip
    Acclaim Entertainment
    Adobe
    Adverts
    Ahead
    Apple Software Update
    AviSynth 2.5
    Black Isle
    Block Checker
    BoontyGames
    Breed
    Canon
    CentraOne
    Common Files
    ComPlus Applications
    CyberLink
    directx
    DivX
    DJ Mix Pro
    D-Tools
    DVD Region-Free
    EA SPORTS
    EuroTool
    ffdsasetts.reg
    ffdssetts.reg
    ffdsvsetts.reg
    Fichiers communs
    FileZilla
    Free Audio Pack
    funkitron
    FunWebProducts
    GanymedeNet
    Google
    Griffin Technology
    HighMAT CD Writing Wizard
    IncrediMail
    Internet Explorer
    iPod
    iTunes
    iTunesSetup.exe
    Java
    jv16 PowerTools
    Kaspersky Lab
    K-Lite Codec Pack
    LimeWire
    Logitech
    Macrogaming
    Matroska Pack
    Media Player Classic
    MediaInfo
    Messenger
    Messenger Plus! Live
    MessengerPlus! 3
    microsoft frontpage
    Microsoft Office
    Microsoft Visual Studio
    MobTime Cell Phone Manager
    Morpheus
    Movie Maker
    Mozilla Firefox
    mpc1.reg
    mpc2.reg
    mpc3.reg
    mpc4.reg
    mpc5.reg
    mpc6.reg
    mpc7.reg
    MSN Apps
    MSN Gaming Zone
    MSN Messenger
    MyWebSearch
    Navilog1
    NeoDivx Suite
    NETGEAR DG632 USB Driver
    NETGEAR DG632 USB Driveruninstalldrv.exe
    NetMeeting
    Outlook Express
    PokerStars
    QuickTime
    Real Alternative
    Rockstar Games
    satsukidecodersettings.ini
    Services en ligne
    Skype
    SunPlus
    SuperCopier
    Usb to Serial Driver 1.12.25
    VgaCopyMulti
    VideoLAN
    Webteh
    Winamp
    WinASPI
    Windows Live
    Windows Media Player
    Windows NT
    WinRAR
    xerox
    XviD
    Yahoo!
    YesMessenger
    ******************************************
    Recherche des dossiers/fichiers LOP

    C:\Program Files\Adverts Présent !
    ******************************************
    Recherche d'infections connues

    Pas d'infection reconnue
    ******************************************
    Vérification du fichier HOSTS

    Fichier Hosts : Propre
    *************** Fin du Rapport - Version 0.9 ****************

    J'espère que c'est bon !
    9 Juillet 2007 14:22:18

    J'ai tout désinstallé le dossier macrogaming existe toujour avec "toolbar.dll" dedans et peux pas suprimer
    a b 8 Sécurité
    9 Juillet 2007 21:21:52

    Re,

    Reposte un rapport Hijackthis.
    9 Juillet 2007 21:38:13

    Logfile of HijackThis v1.99.1
    Scan saved at 09:37:34, on 09/07/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\SuperCopier\SuperCopier.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\System32\LVComS.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\ormjokxu.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\dllcache\winmga.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\7-Zip\7zFM.exe
    C:\DOCUME~1\Eddy\LOCALS~1\Temp\7zO18.tmp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [carpediem] C:\Program Files\Lemoncast\lemoncast.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ANTE HOLD META WINDOW] C:\Documents and Settings\All Users\Application Data\user bash ante hold\AdminDeaf.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\System32\vsqrkaof.dll",realset
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [memoonce] C:\DOCUME~1\Eddy\APPLIC~1\VGACOP~1\pileoneteam.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm408YY...
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yins...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://centraus1.englishtown.com/main/Install/en/US/Cen...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: DomainService - - C:\WINDOWS\System32\ormjokxu.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\System32\dllcache\winmga.exe

    a b 8 Sécurité
    9 Juillet 2007 22:14:19

    Tu peux refaire un scan Combofix ?
    10 Juillet 2007 08:01:01

    "Eddy" - 2007-07-09 19:36:25 - ComboFix 07-07-04.4 - Service Pack 1

    /wow section - STAGE #3

    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\awtqnkh.dll
    C:\WINDOWS\system32\dwpwlwic.dll
    C:\WINDOWS\system32\iifdbcc.dll
    C:\WINDOWS\system32\urqpqqq.dll
    C:\WINDOWS\system32\vsqrkaof.dll
    C:\WINDOWS\system32\wvuutrr.dll
    C:\WINDOWS\system32\eaiybbba.exe
    C:\WINDOWS\system32\utvut.bak1
    C:\WINDOWS\system32\utvut.ini2
    C:\WINDOWS\system32\utvut.tmp
    C:\WINDOWS\system32\foakrqsv.ini
    C:\WINDOWS\system32\utvut.bak1
    C:\WINDOWS\system32\utvut.ini2
    C:\WINDOWS\system32\utvut.tmp
    C:\WINDOWS\system32\utvut.bak1
    C:\WINDOWS\system32\utvut.ini2
    C:\WINDOWS\system32\utvut.tmp
    C:\WINDOWS\system32\pmnmmkj.dll
    C:\WINDOWS\system32\tuvtu.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_DOMAINSERVICE
    -------\DomainService


    ((((((((((((((((((((((((( Files Created from 2007-06-10 to 2007-07-10 )))))))))))))))))))))))))))))))


    2007-07-08 22:00 50,708 --a------ C:\WINDOWS\system32\ormjokxu.exe
    2007-07-06 00:44 <REP> d-------- C:\Program Files\Navilog1
    2007-07-05 10:15 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-04 11:41 <REP> d-------- C:\VundoFix Backups
    2007-07-04 09:04 <REP> d-------- C:\Program Files\7-Zip
    2007-07-03 20:54 <REP> d-------- C:\Program Files\MSN Messenger
    2007-07-01 10:03 <REP> d-------- C:\Program Files\Windows Live


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-09 12:08:18 -------- d-----w C:\Program Files\Macrogaming
    2007-07-08 13:27:06 -------- d-----w C:\DOCUME~1\Eddy\APPLIC~1\Skype
    2007-07-05 20:31:55 367,658 ----a-w C:\WINDOWS\system32\perfh00C.dat
    2007-07-05 20:31:54 48,616 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2007-07-04 04:48:52 -------- d-----w C:\Program Files\MessengerPlus! 3
    2007-07-01 20:03:23 -------- d-----w C:\Program Files\Messenger Plus! Live
    2007-06-30 00:20:16 -------- d-----w C:\Program Files\PokerStars
    2007-05-20 19:16:19 -------- d-----w C:\DOCUME~1\Eddy\APPLIC~1\VgaCopyMulti
    2007-05-20 19:14:05 -------- d-----w C:\Program Files\VgaCopyMulti
    2005-07-31 08:01:09 56 -csh--r C:\WINDOWS\system32\848AF4AA62.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{058B310F-F6D5-4F90-B57E-470938F394E2}]
    C:\WINDOWS\System32\xxyab.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2004-12-14 01:56 63136 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}]
    2006-11-05 16:44 548992 --a------ C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
    2007-03-30 13:31 722472 --a------ C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7116DE13-DA6C-8E26-8EE5-4022A30099EA}]
    C:\DOCUME~1\Eddy\APPLIC~1\MESSWA~1\CompSkip.exe

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2006-11-09 15:21 440056 --a------ C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    2006-04-17 13:32 323904 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
    2004-08-13 17:42 155648 --a------ C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    2007-01-19 23:56 2436160 -ra------ c:\program files\google\googletoolbar2.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    2007-06-15 17:00 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
    2006-01-17 16:04 282624 --a------ C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-08-29 14:17]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-08-29 14:20]
    "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07]
    "carpediem"="C:\Program Files\Lemoncast\lemoncast.exe" []
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
    "ANTE HOLD META WINDOW"="C:\Documents and Settings\All Users\Application Data\user bash ante hold\AdminDeaf.exe" [2007-05-20 09:15]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-07-03 18:48]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-30 02:00]
    "SuperCopier.exe"="C:\Program Files\SuperCopier\SuperCopier.exe" [2003-04-24 12:03]
    "MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" []
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-13 20:24]
    "memoonce"="C:\DOCUME~1\Eddy\APPLIC~1\VGACOP~1\pileoneteam.exe" [2007-05-20 09:14]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-07-03 18:48]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 17:00]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{93994DE8-8239-4655-B1D1-5F4E91300429}"="C:\PROGRA~1\DVDREG~1\DVDShell.dll" [2003-08-26 10:58]


    Contents of the 'Scheduled Tasks' folder
    2007-07-10 05:00:00 C:\WINDOWS\tasks\8FAC6C6EB4DBE6AE.job
    2007-07-03 16:41:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-09 19:47:12
    Windows 5.1.2600 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************

    Completion time: 2007-07-09 19:49:03 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-09 19:48
    C:\ComboFix2.txt ... 2007-07-07 18:47
    C:\ComboFix3.txt ... 2007-07-05 10:31

    --- E O F ---
    10 Juillet 2007 12:32:18

    Bonjour

    Du ménage a été fait.


    Poste un nouveau Hijackthis.


    Fais aussi ceci.
    Télécharge DiagHelp.zip (de Malekal_Morte) sur ton bureau
    http://www.malekal.com/download/DiagHelp.zip
    - Fais un clic droit sur le fichier et extraire tout
    - Un nouveau dossier chercher va être créé DiagHelp
    - Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
    - Une fenêtre va s'ouvrir, choisis l'option 1
    - L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande

    ATTENTION : pendant l'analyse, après le rapport catchme, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !

    - A la fin de l'analyse, il te sera peut-être demandé de redémarrer l'ordinateur... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve sur C:\resultat.txt
    - Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
    -- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
    -- A nouveau menu Edition / copier
    -- Dans un nouveau message ici, faire un clic droit / coller
    11 Juillet 2007 07:47:27

    Logfile of HijackThis v1.99.1
    Scan saved at 19:46:15, on 10/07/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\LVComS.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\SuperCopier\SuperCopier.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\dllcache\winmga.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    c:\winspur.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\7-Zip\7zFM.exe
    C:\DOCUME~1\Eddy\LOCALS~1\Temp\7zO1C.tmp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O2 - BHO: (no name) - {058B310F-F6D5-4F90-B57E-470938F394E2} - C:\WINDOWS\System32\xxyab.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: (no name) - {7116DE13-DA6C-8E26-8EE5-4022A30099EA} - C:\DOCUME~1\Eddy\APPLIC~1\MESSWA~1\CompSkip.exe (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [carpediem] C:\Program Files\Lemoncast\lemoncast.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ANTE HOLD META WINDOW] C:\Documents and Settings\All Users\Application Data\user bash ante hold\AdminDeaf.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [memoonce] C:\DOCUME~1\Eddy\APPLIC~1\VGACOP~1\pileoneteam.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm408YY...
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yins...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://centraus1.englishtown.com/main/Install/en/US/Cen...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\System32\dllcache\winmga.exe

    Voilà le Hijackthis!
    11 Juillet 2007 08:00:13

    DiagHelp version v1.1.2 - http://www.malekal.com
    excute le 10/07/2007 à 19:53:02,04


    Liste des derniers fichies modifies/crees dans windir\system32
    C:\WINDOWS\System32/drivers\GEARAspiWDM.sys -->19/09/2006 15:44:04
    C:\WINDOWS\System32/drivers\secdrv.sys -->09/06/2006 10:46:46
    C:\WINDOWS\System32/drivers\wpdusb.sys -->28/01/2005 01:36:24
    C:\WINDOWS\System32/drivers\StMp3Rec.sys -->18/12/2004 20:32:32
    C:\WINDOWS\System32/drivers\d347prt.sys -->22/08/2004 16:31:48
    C:\WINDOWS\System32/drivers\d347bus.sys -->22/08/2004 16:31:10
    C:\WINDOWS\System32/drivers\stream.sys -->09/07/2004 04:27:28

    C:\WINDOWS\System32\ormjokxu.exe -->08/07/2007 22:00:29
    C:\WINDOWS\System32\wpa.dbl -->08/07/2007 21:52:03
    C:\WINDOWS\System32\perfh00C.dat -->05/07/2007 10:31:55
    C:\WINDOWS\System32\perfh009.dat -->05/07/2007 10:31:54
    C:\WINDOWS\System32\perfc00C.dat -->05/07/2007 10:31:54
    C:\WINDOWS\System32\perfc009.dat -->05/07/2007 10:31:54
    C:\WINDOWS\System32\PerfStringBackup.INI -->05/07/2007 10:31:52
    C:\WINDOWS\System32\MRT.exe -->05/06/2007 23:38:42
    C:\WINDOWS\System32\swreg.exe -->02/04/2007 14:21:27
    C:\WINDOWS\System32\QuickTimeVR.qtx -->16/02/2007 10:54:08
    C:\WINDOWS\System32\QuickTime.qts -->16/02/2007 10:54:08
    C:\WINDOWS\System32\SoulCalibur3.scr -->13/02/2007 16:08:21
    C:\WINDOWS\System32\sc3_logo2.scr -->13/02/2007 16:07:15
    C:\WINDOWS\System32\jupdate-1.5.0_10-b03.log -->05/02/2007 12:46:26
    C:\WINDOWS\System32\sirenacm.dll -->19/01/2007 12:53:04
    C:\WINDOWS\System32\swxcacls.exe -->01/12/2006 05:20:32
    C:\WINDOWS\System32\swsc.exe -->29/11/2006 17:21:29
    C:\WINDOWS\System32\vfind.exe -->27/11/2006 02:34:46
    C:\WINDOWS\System32\javaws.exe -->09/11/2006 15:07:32
    C:\WINDOWS\System32\jpicpl32.cpl -->09/11/2006 15:07:28
    C:\WINDOWS\System32\javaw.exe -->09/11/2006 13:28:30
    C:\WINDOWS\System32\java.exe -->09/11/2006 13:28:20
    C:\WINDOWS\System32\GEARAspi.dll -->03/10/2006 19:47:52
    C:\WINDOWS\System32\SndDrv32b.ini -->14/07/2006 12:08:49
    C:\WINDOWS\System32\LegitCheckControl.dll -->17/05/2006 11:23:38

    C:\WINDOWS\windebug.log -->10/07/2007 13:03:59
    C:\WINDOWS\DPINST.LOG -->09/07/2007 23:27:13
    C:\WINDOWS\0.log -->09/07/2007 21:31:58
    C:\WINDOWS\WindowsUpdate.log -->09/07/2007 21:31:48
    C:\WINDOWS\wiadebug.log -->09/07/2007 21:31:43
    C:\WINDOWS\wiaservc.log -->09/07/2007 21:31:41
    C:\WINDOWS\bootstat.dat -->09/07/2007 21:30:22
    C:\WINDOWS\SchedLgU.Txt -->09/07/2007 21:27:51
    C:\WINDOWS\Thumbs.db -->08/07/2007 23:02:09
    C:\WINDOWS\setupapi.log -->05/07/2007 06:53:32
    C:\WINDOWS\catchme.exe -->04/07/2007 19:21:04
    C:\WINDOWS\setupact.log -->03/07/2007 12:00:39
    C:\WINDOWS\winamp.ini -->29/06/2007 14:20:16
    C:\WINDOWS\DVDRegionFree.INI -->28/06/2007 20:40:36
    C:\WINDOWS\nircmd.exe -->17/06/2007 00:11:58


    Le volume dans le lecteur C s'appelle GOGOLE
    Le numéro de série du volume est 9869-E3E1

    Répertoire de C:\WINDOWS\system

    10/09/1999 12:06 4 672 WOWPOST.EXE
    1 fichier(s) 4 672 octets
    0 Rép(s) 7 244 365 824 octets libres
    Le volume dans le lecteur C s'appelle GOGOLE
    Le numéro de série du volume est 9869-E3E1

    Répertoire de C:\WINDOWS\system32

    30/08/2002 02:00 4 096 csrss.exe
    1 fichier(s) 4 096 octets
    0 Rép(s) 7 244 365 824 octets libres

    Contenu de Downloaded Program Files
    Le volume dans le lecteur C s'appelle GOGOLE
    Le numéro de série du volume est 9869-E3E1

    Répertoire de C:\WINDOWS\Downloaded Program Files

    05/07/2007 06:53 <REP> .
    05/07/2007 06:53 <REP> ..
    08/04/2003 17:53 94 208 CentraDownloader.dll
    08/04/2003 18:29 249 CentraDownloader.inf
    19/07/2005 01:15 65 desktop.ini
    14/10/1997 18:52 697 DirectAnimation Java Classes.osd
    14/07/2005 17:28 365 f3initialsetup1.0.0.15.inf
    20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd
    08/10/2004 16:01 372 736 MsnPUpld.dll
    08/10/2004 16:13 587 MSNPupld.inf
    19/06/2002 14:11 117 088 PURen-us.dll
    31/05/2002 09:20 117 328 PURfr-fr.dll
    15/10/2004 07:59 110 592 PURfr-xx.dll
    13/04/2006 10:15 238 svcia32.inf
    27/03/2007 16:00 5 021 swflash.inf
    26/05/2005 04:19 291 wuweb.inf
    07/11/2004 15:29 1 206 yinst.inf
    07/11/2004 15:29 173 168 yinsthelper.dll
    16 fichier(s) 995 001 octets

    Total des fichiers listés :
    16 fichier(s) 995 001 octets
    2 Rép(s) 7 244 361 728 octets libres

    Recherche de rootkit! (Merci S!Ri)

    Recherche d'infections connues
    C:\Program Files\Advert présent! Possible infection : lop.com

    Export des clefs sensibles..

    Liste des fichiers en exception sur le pare-feu XP SP2



    Export de la clef SharedTaskScheduler

    [SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

    Rechercher adresses sensibles dans le fichier HOSTS...



    catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-10 19:53:20
    Windows 5.1.2600 Service Pack 1 NTFS

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    scan completed successfully
    hidden services: 0
    hidden files: 2300


    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Process list by traversal of KiWaitListHead

    320 - explorer.exe
    332 - IEXPLORE.EXE
    628 - mdm.exe
    652 - winmga.exe
    772 - MsgPlus.exe
    804 - ctfmon.exe
    884 - LogitechDesktop
    892 - csrss.exe
    916 - winlogon.exe
    960 - services.exe
    972 - lsass.exe
    1156 - svchost.exe
    1168 - msnmsgr.exe
    1204 - GoogleToolbarNo
    1260 - IEXPLORE.EXE
    1352 - IEXPLORE.EXE
    1388 - svchost.exe
    1512 - svchost.exe
    2156 - iPodService.exe
    6132 - cmd.exe

    Total number of processes = 20
    NOTE: Under WinXP, this will not show all processes.

    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Driver/Module list by traversal of PsLoadedModuleList

    804D4000 - \WINDOWS\system32\ntoskrnl.exe
    806AC000 - \WINDOWS\system32\hal.dll
    F9F32000 - \WINDOWS\system32\KDCOM.DLL
    F9E42000 - \WINDOWS\system32\BOOTVID.dll
    F99EB000 - d347bus.sys
    F99BF000 - ACPI.sys
    F9F34000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS
    F9A32000 - pci.sys
    F9A42000 - isapnp.sys
    F9A52000 - ohci1394.sys
    F9A62000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS
    F9F36000 - viaide.sys
    F9CB2000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
    F9A72000 - MountMgr.sys
    F99A0000 - ftdisk.sys
    F9F38000 - dmload.sys
    F997C000 - dmio.sys
    F9CBA000 - PartMgr.sys
    F9A82000 - VolSnap.sys
    F9966000 -
    F9F3A000 - d347prt.sys
    F994F000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
    F9A92000 - disk.sys
    F9AA2000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
    F993E000 - sr.sys
    F9CC2000 - PxHelp20.sys
    F992A000 - KSecDD.sys
    F98A0000 - Ntfs.sys
    F9876000 - NDIS.sys
    F9CCA000 - viaagp.sys
    F9AB2000 - sbp2port.sys
    F985C000 - Mup.sys
    F9AD2000 - \SystemRoot\System32\DRIVERS\nic1394.sys
    F9B62000 - \SystemRoot\System32\DRIVERS\processr.sys
    F903C000 - \SystemRoot\System32\DRIVERS\nv4_mini.sys
    F902A000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
    F9D82000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
    F9D8A000 - \SystemRoot\System32\DRIVERS\fdc.sys
    F9B82000 - \SystemRoot\System32\DRIVERS\serial.sys
    F9ED6000 - \SystemRoot\System32\DRIVERS\serenum.sys
    F9017000 - \SystemRoot\System32\DRIVERS\parport.sys
    F9B92000 - \SystemRoot\System32\DRIVERS\cdrom.sys
    F91A6000 - \SystemRoot\System32\DRIVERS\redbook.sys
    F8FF7000 - \SystemRoot\System32\DRIVERS\ks.sys
    F9D92000 - \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
    F9196000 - \SystemRoot\System32\DRIVERS\imapi.sys
    F9D9A000 - \SystemRoot\System32\DRIVERS\usbuhci.sys
    F8FD5000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
    F8FC0000 - \SystemRoot\system32\drivers\ac97via.sys
    F8F9F000 - \SystemRoot\system32\drivers\portcls.sys
    F9186000 - \SystemRoot\system32\drivers\drmk.sys
    F9DA2000 - \SystemRoot\System32\DRIVERS\RTL8139.SYS
    FA06D000 - \SystemRoot\System32\DRIVERS\audstub.sys
    F8F8E000 - \SystemRoot\System32\DRIVERS\bridge.sys
    F9EE2000 - \SystemRoot\System32\DRIVERS\TDI.SYS
    F9176000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
    F9EEE000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
    F8F78000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
    F9166000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
    F9156000 - \SystemRoot\System32\DRIVERS\raspptp.sys
    F8F67000 - \SystemRoot\System32\DRIVERS\psched.sys
    F9146000 - \SystemRoot\System32\DRIVERS\msgpc.sys
    F9DD2000 - \SystemRoot\System32\DRIVERS\ptilink.sys
    F9DDA000 - \SystemRoot\System32\DRIVERS\raspti.sys
    F8BE8000 - \SystemRoot\System32\DRIVERS\rdpdr.sys
    F9BF2000 - \SystemRoot\System32\DRIVERS\termdd.sys
    F9DE2000 - \SystemRoot\System32\DRIVERS\mouclass.sys
    FA0AE000 - \SystemRoot\System32\DRIVERS\swenum.sys
    F8B26000 - \SystemRoot\System32\DRIVERS\update.sys
    F9C32000 - \SystemRoot\System32\Drivers\NDProxy.SYS
    F9C02000 - \SystemRoot\System32\DRIVERS\usbhub.sys
    F9FA4000 - \SystemRoot\System32\DRIVERS\USBD.SYS
    F93E6000 - \SystemRoot\System32\DRIVERS\gameenum.sys
    F9D1A000 - \SystemRoot\System32\DRIVERS\flpydisk.sys
    F9FBC000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
    FA14D000 - \SystemRoot\System32\Drivers\Null.SYS
    F9FBE000 - \SystemRoot\System32\Drivers\Beep.SYS
    F9D32000 - \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
    F9D52000 - \SystemRoot\System32\drivers\vga.sys
    F9FC0000 - \SystemRoot\System32\Drivers\mnmdd.SYS
    F9FC2000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
    F9D3A000 - \SystemRoot\System32\Drivers\Msfs.SYS
    F9D42000 - \SystemRoot\System32\Drivers\Npfs.SYS
    F93DE000 - \SystemRoot\System32\DRIVERS\rasacd.sys
    F2AD5000 - \SystemRoot\System32\DRIVERS\ipsec.sys
    F23F5000 - \SystemRoot\System32\DRIVERS\tcpip.sys
    F1E51000 - \SystemRoot\System32\DRIVERS\netbt.sys
    F8BB8000 - \SystemRoot\System32\DRIVERS\netbios.sys
    F1D89000 - \SystemRoot\System32\DRIVERS\rdbss.sys
    F1D29000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
    F9ED2000 - \SystemRoot\System32\drivers\klmc.sys
    F1D03000 - \SystemRoot\System32\drivers\klif.sys
    F8BA8000 - \SystemRoot\System32\Drivers\Fips.SYS
    F8B98000 - \SystemRoot\System32\DRIVERS\arp1394.sys
    F8B88000 - \SystemRoot\System32\DRIVERS\wanarp.sys
    F8E64000 - \SystemRoot\System32\DRIVERS\hidusb.sys
    F365C000 - \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
    F8789000 - \SystemRoot\System32\DRIVERS\mouhid.sys
    F2FA9000 - \SystemRoot\System32\DRIVERS\usbccgp.sys
    F93EA000 - \SystemRoot\System32\DRIVERS\kbdhid.sys
    F0F56000 - \SystemRoot\System32\Drivers\Fastfat.SYS
    F0F40000 - \SystemRoot\System32\Drivers\dump_atapi.sys
    F9FA6000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    BF800000 - \SystemRoot\System32\win32k.sys
    F9F02000 - \SystemRoot\System32\watchdog.sys
    F9EFE000 - \SystemRoot\System32\drivers\Dxapi.sys
    BFF80000 - \SystemRoot\System32\drivers\dxg.sys
    FA0BF000 - \SystemRoot\System32\drivers\dxgthk.sys
    BF9B7000 - \SystemRoot\System32\nv4_disp.dll
    F0E36000 - \SystemRoot\System32\drivers\afd.sys
    F9F2E000 - \SystemRoot\System32\DRIVERS\ndisuio.sys
    F0D5B000 - \SystemRoot\system32\drivers\wdmaud.sys
    F1B0F000 - \SystemRoot\system32\drivers\sysaudio.sys
    F36AC000 - \SystemRoot\System32\Drivers\Cdfs.SYS
    F0B4C000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
    F9FD2000 - \SystemRoot\System32\Drivers\ParVdm.SYS
    F0BC3000 - \SystemRoot\System32\Drivers\Aspi32.SYS
    F0A97000 - \SystemRoot\System32\DRIVERS\srv.sys
    F12F2000 - \SystemRoot\System32\DRIVERS\secdrv.sys
    F04B3000 - \SystemRoot\System32\DRIVERS\ipnat.sys
    F06F3000 - \SystemRoot\System32\DRIVERS\usb8023.sys
    F9D0A000 - \SystemRoot\System32\DRIVERS\RNDISMP.SYS
    EE983000 - \SystemRoot\system32\drivers\kmixer.sys
    FA14B000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

    Total number of drivers = 124

    Liste des programmes installes

    7-Zip 4.47 beta
    Adobe Flash Player 9 ActiveX
    Adobe Reader 7.0 - Français
    Apple Software Update
    Audacity 1.3.2 (Unicode)
    AutoUpdate
    Barre d'outils MSN
    BSPlayer
    Camera Support Core Library
    Camera Window DS
    Camera Window DVC
    Camera Window MC
    Canon Camera Support Core Library
    Canon Camera Window DS for ZoomBrowser EX
    Canon Camera Window DVC for ZoomBrowser EX
    Canon Camera Window for ZoomBrowser EX
    Canon MovieEdit Task for ZoomBrowser EX
    Canon PhotoRecord
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities PhotoStitch 3.1
    Canon ZoomBrowser EX
    CentraOne
    Client Windows Rights Management
    Correctif pour le Lecteur Windows Media [Voir KB832353 pour plus d'informations]
    Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations]
    Correctif Windows XP - KB810217
    Correctif Windows XP - KB823182
    Correctif Windows XP - KB824105
    Correctif Windows XP - KB824141
    Correctif Windows XP - KB825119
    Correctif Windows XP - KB826939
    Correctif Windows XP - KB826942
    Correctif Windows XP - KB828028
    Correctif Windows XP - KB828035
    Correctif Windows XP - KB828741
    Correctif Windows XP - KB833407
    Correctif Windows XP - KB833998
    Correctif Windows XP - KB835732
    Correctif Windows XP - KB837001
    Correctif Windows XP - KB840374
    Correctif Windows XP - KB842773
    DAEMON Tools
    DivX
    DivX 5.0.2 Pro Bundle
    DivX Player
    DivXG400
    DJ Mix Pro
    DVD Region-Free 3.06
    Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP
    FileZilla (remove only)
    Free Mp3 Wma Converter V 1.5.0
    Google Toolbar for Internet Explorer
    GTAIII
    HijackThis 1.99.1
    Internet Explorer Q837251
    iPod for Windows 2005-03-23
    iPod for Windows 2005-03-23
    iTunes
    J2SE Runtime Environment 5.0 Update 10
    jv16 PowerTools 1.4.1
    K-Lite Mega Codec Pack 1.33
    Kaspersky Anti-Virus Personal
    Lecteur Windows Media 10
    Lemoncast 2.1.0.4
    Logitech Desktop Messenger
    Logitech Print Service
    Logitech QuickCam
    Madden NFL TM 2002
    Matroska Pack
    Media Player Classic 6.4.8.4
    MediaInfo 0.7.0.4
    Messenger Plus! 3
    Messenger Plus! Live & Sponsor (CiD)
    Microsoft Office XP Professional
    Mise à jour pour Windows XP (KB898461)
    MobTime Cell Phone Manager V3.6.4
    Morpheus 5.1 (remove only)
    MovieEdit Task
    Mozilla Firefox (1.5.0.12)
    My Web Search (Cursor Mania)
    Navilog1 Version 2.0.5
    Nero 6 Demo
    NETGEAR DG632 ADSL Modem
    NVIDIA Drivers
    Outlook Express Q837009
    Pack réseau avancé pour Windows XP
    PhotoStitch
    Poker Superstars
    PokerStars
    QuickTime
    RAW Image Task 1.2
    Real Alternative 1.44
    RemoteCapture Task 1.1
    sc3_logo2 Screen Saver
    Skype 3.1
    Skype add-on for IE
    Skype Plugin Manager
    SoulCalibur3 Screen Saver
    SunPlus PMP Transcoding
    Sunplus Spca536
    SuperCopier
    SweetIM For Internet Explorer 3.0b
    Usb to Serial Driver 1.12.25
    VideoLAN VLC media player 0.8.2
    WebFldrs XP
    Winamp (remove only)
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Media Format Runtime
    Windows XP Hotfix (SP2) [See KB810243 for more information]
    WinRAR archiver
    XviD MPEG-4 Video Codec
    Yahoo! Install Manager
    Yahoo! Toolbar
    YesMessenger 2.0.3



    Le volume dans le lecteur C s'appelle GOGOLE
    Le numéro de série du volume est 9869-E3E1

    Répertoire de C:\Program Files

    10/07/2007 19:30 <REP> .
    10/07/2007 19:30 <REP> ..
    29/04/2006 17:56 <REP> 7 Wonders
    04/07/2007 09:04 <REP> 7-Zip
    08/11/2005 07:22 <REP> Acclaim Entertainment
    19/01/2006 10:00 <REP> Adobe
    15/10/2006 09:00 <REP> Adverts
    19/07/2005 19:23 <REP> Ahead
    28/04/2007 14:33 <REP> Apple Software Update
    12/12/2006 08:31 <REP> AviSynth 2.5
    12/03/2006 17:16 <REP> Black Isle
    17/10/2005 23:51 <REP> Block Checker
    18/12/2005 12:27 <REP> BoontyGames
    06/01/2006 18:42 <REP> Breed
    06/08/2005 10:55 <REP> Canon
    08/02/2006 21:05 <REP> CentraOne
    19/07/2005 19:08 <REP> Common Files
    19/07/2005 01:12 <REP> ComPlus Applications
    03/02/2006 19:39 <REP> CyberLink
    19/12/2005 16:20 <REP> directx
    08/12/2005 20:12 <REP> DivX
    26/11/2006 10:04 <REP> DJ Mix Pro
    06/01/2006 18:01 <REP> D-Tools
    19/07/2005 19:19 <REP> DVD Region-Free
    03/07/2006 00:53 <REP> EA SPORTS
    19/07/2005 18:46 <REP> EuroTool
    16/02/2006 09:24 1 612 ffdsasetts.reg
    16/02/2006 09:24 4 062 ffdssetts.reg
    16/02/2006 09:24 2 892 ffdsvsetts.reg
    09/04/2007 21:26 <REP> Fichiers communs
    18/11/2005 14:39 <REP> FileZilla
    24/10/2006 15:07 <REP> Free Audio Pack
    24/10/2005 07:38 <REP> funkitron
    21/10/2005 19:35 <REP> FunWebProducts
    14/10/2005 13:30 <REP> GanymedeNet
    20/03/2007 13:21 <REP> Google
    06/08/2005 06:58 <REP> Griffin Technology
    19/07/2005 18:57 <REP> HighMAT CD Writing Wizard
    17/12/2005 11:47 <REP> IncrediMail
    19/07/2005 19:09 <REP> Internet Explorer
    28/04/2007 14:41 <REP> iPod
    28/04/2007 14:41 <REP> iTunes
    23/03/2007 17:14 37 860 928 iTunesSetup.exe
    05/02/2007 12:46 <REP> Java
    14/07/2006 12:08 <REP> jv16 PowerTools
    19/07/2005 20:03 <REP> Kaspersky Lab
    22/07/2005 22:01 <REP> K-Lite Codec Pack
    21/01/2007 12:36 <REP> LimeWire
    19/12/2005 16:20 <REP> Logitech
    09/07/2007 02:08 <REP> Macrogaming
    19/12/2005 16:23 <REP> Matroska Pack
    22/07/2005 22:05 <REP> Media Player Classic
    08/12/2005 17:47 <REP> MediaInfo
    07/08/2005 21:11 <REP> Messenger
    01/07/2007 10:03 <REP> Messenger Plus! Live
    03/07/2007 18:48 <REP> MessengerPlus! 3
    19/07/2005 01:17 <REP> microsoft frontpage
    19/07/2005 19:36 <REP> Microsoft Office
    19/07/2005 19:39 <REP> Microsoft Visual Studio
    05/04/2006 10:17 <REP> MobTime Cell Phone Manager
    28/02/2007 18:58 <REP> Morpheus
    19/07/2005 01:14 <REP> Movie Maker
    09/07/2007 20:22 <REP> Mozilla Firefox
    16/02/2006 09:24 596 mpc1.reg
    16/02/2006 09:24 680 mpc2.reg
    16/02/2006 09:24 2 910 mpc3.reg
    16/02/2006 09:24 1 784 mpc4.reg
    16/02/2006 09:24 16 278 mpc5.reg
    16/02/2006 09:24 13 440 mpc6.reg
    16/02/2006 09:24 5 050 mpc7.reg
    02/11/2005 21:00 <REP> MSN Apps
    19/07/2005 01:11 <REP> MSN Gaming Zone
    09/07/2007 23:26 <REP> MSN Messenger
    21/10/2005 14:19 <REP> MyWebSearch
    06/07/2007 01:28 <REP> Navilog1
    12/12/2006 08:29 <REP> NeoDivx Suite
    19/02/2007 23:29 <REP> NETGEAR DG632 USB Driver
    09/04/2004 15:13 114 688 NETGEAR DG632 USB Driveruninstalldrv.exe
    19/07/2005 19:07 <REP> NetMeeting
    19/07/2005 19:08 <REP> Outlook Express
    29/06/2007 14:20 <REP> PokerStars
    28/04/2007 14:37 <REP> QuickTime
    17/12/2005 16:09 <REP> Real Alternative
    06/03/2006 18:03 <REP> Rockstar Games
    16/02/2006 00:25 3 865 satsukidecodersettings.ini
    19/07/2005 01:14 <REP> Services en ligne
    09/04/2007 21:26 <REP> Skype
    08/04/2006 10:10 <REP> SunPlus
    19/07/2005 19:25 <REP> SuperCopier
    05/04/2006 10:16 <REP> Usb to Serial Driver 1.12.25
    20/05/2007 09:14 <REP> VgaCopyMulti
    08/12/2005 17:27 <REP> VideoLAN
    22/07/2005 22:04 <REP> Webteh
    23/03/2007 10:47 <REP> Winamp
    12/12/2006 08:29 <REP> WinASPI
    01/07/2007 10:03 <REP> Windows Live
    13/12/2005 15:57 <REP> Windows Media Player
    19/07/2005 01:11 <REP> Windows NT
    19/07/2005 19:25 <REP> WinRAR
    19/07/2005 01:17 <REP> xerox
    08/12/2005 17:28 <REP> XviD
    19/02/2006 13:16 <REP> Yahoo!
    14/04/2007 04:32 <REP> YesMessenger
    13 fichier(s) 38 028 785 octets
    90 Rép(s) 7 244 103 680 octets libres
    Le volume dans le lecteur C s'appelle GOGOLE
    Le numéro de série du volume est 9869-E3E1

    Répertoire de C:\Program Files\fichiers communs

    09/04/2007 21:26 <REP> .
    09/04/2007 21:26 <REP> ..
    05/08/2005 23:26 <REP> Adobe
    19/07/2005 19:23 <REP> Ahead
    14/10/2005 14:21 <REP> BOONTY Shared
    19/07/2005 19:39 <REP> Designer
    19/12/2005 16:20 <REP> FotoWire
    26/07/2005 08:46 <REP> InstallShield
    05/02/2007 12:33 <REP> Java
    09/07/2007 23:26 <REP> Microsoft Shared
    19/07/2005 01:13 <REP> MSSoap
    18/01/2006 22:19 <REP> NSV
    18/07/2005 13:25 <REP> ODBC
    19/07/2005 01:13 <REP> Services
    09/04/2007 21:26 <REP> Skype
    18/07/2005 13:25 <REP> SpeechEngines
    01/05/2006 20:41 <REP> SWF Studio
    19/07/2005 19:35 <REP> System
    0 fichier(s) 0 octets
    18 Rép(s) 7 244 111 872 octets libres
    Le volume dans le lecteur C s'appelle GOGOLE
    Le numéro de série du volume est 9869-E3E1

    Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

    27/04/2007 03:56 <REP> .
    27/04/2007 03:56 <REP> ..
    19/07/2005 19:39 <REP> 1033
    19/07/2005 19:41 <REP> 1036
    27/04/2007 03:56 62 777 ibm00003.dll
    27/04/2007 03:56 54 409 ibm00004.dll
    15/02/2001 05:45 1 318 912 MSONSEXT.DLL
    13/02/2001 08:23 58 784 MSOSV.DLL
    03/06/1999 14:09 122 937 MSOWS409.DLL
    07/03/2001 09:00 127 033 MSOWS40c.DLL
    06/08/2000 09:04 401 462 MSVCP60.DLL
    22/01/2001 03:25 69 632 PKMAXCTL.DLL
    22/01/2001 03:25 872 448 PKMCDO.DLL
    22/01/2001 03:25 159 744 PKMCORE.DLL
    07/02/2001 09:59 106 496 PKMFORMS.DLL
    12/02/2001 04:03 684 032 PKMRES.DLL
    22/01/2001 03:25 28 672 PKMSSTLB.DLL
    22/01/2001 03:25 40 960 PKMTEMPL.DLL
    22/01/2001 03:25 24 576 PKMTRACE.DLL
    22/01/2001 03:25 86 016 PKMWS.DLL
    22/01/2001 03:25 237 568 PROMDEMO.DLL
    22/01/2001 03:25 184 320 SECMGR.DLL
    22/01/2001 03:25 323 584 VAIDDMGR.DLL
    22/01/2001 03:25 32 768 VAIMEM.DLL
    20 fichier(s) 4 997 130 octets
    4 Rép(s) 7 244 111 872 octets libres
    Le volume dans le lecteur C s'appelle GOGOLE
    Le numéro de série du volume est 9869-E3E1

    Répertoire de C:\Program Files\common files

    19/07/2005 19:08 <REP> .
    19/07/2005 19:08 <REP> ..
    19/07/2005 19:08 <REP> System
    0 fichier(s) 0 octets
    3 Rép(s) 7 244 111 872 octets libres
    Le volume dans le lecteur C s'appelle GOGOLE
    Le numéro de série du volume est 9869-E3E1

    Répertoire de C:\

    12/05/2007 18:22 68 096 diff.exe
    12/05/2007 18:22 103 424 grep.exe
    31/10/2005 05:56 700 416 StubInstaller.exe
    09/07/2007 21:32 209 539 winspur.exe
    4 fichier(s) 1 081 475 octets
    0 Rép(s) 7 244 111 872 octets libres
    c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.1.1.5\iTunesSetupAdmin.exe
    c:\Documents and Settings\All Users\Application Data\user bash ante hold\AdminDeaf.exe
    c:\Documents and Settings\All Users\Documents\Eddy recup donné\Setup_FreeConverter.exe
    c:\Documents and Settings\All Users\Documents\Eddy recup donné\winamp50rc8_full.exe
    c:\Documents and Settings\All Users\Documents\Heroes of Might and Magic IV\Heroes of Might and Magic IV CD1\SETUP.EXE
    c:\Documents and Settings\All Users\Documents\Heroes of Might and Magic IV\Heroes of Might and Magic IV CD1\sysinfo.exe
    c:\Documents and Settings\All Users\Documents\Heroes of Might and Magic IV\Heroes of Might and Magic IV CD1\DirectX\dxsetup.exe
    c:\Documents and Settings\All Users\Documents\Heroes of Might and Magic IV\Heroes of Might and Magic IV CD1\support\sysinfo.exe
    c:\Documents and Settings\All Users\Documents\Heroes of Might and Magic IV\Heroes of Might and Magic IV CD1\_autorun\autorun.exe
    c:\Documents and Settings\All Users\Documents\Heroes of Might and Magic IV\Heroes of Might and Magic IV CD1\_autorun\Support\support.exe
    c:\Documents and Settings\All Users\Documents\Heroes of Might and Magic IV\Heroes of Might and Magic IV CD1\_setup\_ISDel.exe
    c:\Documents and Settings\All Users\Documents\Heroes of Might and Magic IV\Heroes of Might and Magic IV CD1\_setup\Setup.exe
    c:\Documents and Settings\All Users\Documents\Heroes of Might and Magic IV\Heroes of Might and Magic IV CD2\SETUP.EXE
    c:\Documents and Settings\All Users\Documents\Heroes of Might and Magic IV\Heroes of Might and Magic IV CD2\sysinfo.exe
    c:\Documents and Settings\All Users\Documents\Heroes of Might and Magic IV\Heroes of Might and Magic IV CD2\Extras\_ISDel.exe
    c:\Documents and Settings\All Users\Documents\Heroes of Might and Magic IV\Heroes of Might and Magic IV CD2\Extras\ar505enu.exe
    c:\Documents and Settings\All Users\Documents\Heroes of Might and Magic IV\Heroes of Might and Magic IV CD2\Extras\GSA.exe
    c:\Documents and Settings\All Users\Documents\Heroes of Might and Magic IV\Heroes of Might and Magic IV CD2\Extras\Setup.exe
    c:\Documents and Settings\All Users\Documents\Heroes of Might and Magic IV\Heroes of Might and Magic IV CD2\Patches\heroes4v10to13uke.exe
    c:\Documents and Settings\All Users\Documents\Heroes of Might and Magic IV\Heroes of Might and Magic IV CD2\Patches\heroes4v13to20uke.exe
    c:\Documents and Settings\All Users\Documents\Heroes of Might and Magic IV\Heroes of Might and Magic IV CD2\Patches\heroes4v20to22uk.exe
    c:\Documents and Settings\All Users\Documents\Heroes of Might and Magic IV\Heroes of Might and Magic IV CD2\Patches\heroes4v22to30uke.exe
    c:\Documents and Settings\All Users\Documents\Heroes of Might and Magic IV\Heroes of Might and Magic IV CD2\support\sysinfo.exe
    c:\Documents and Settings\All Users\Documents\Heroes of Might and Magic IV\Heroes of Might and Magic IV CD2\_autorun\autorun.exe
    c:\Documents and Settings\All Users\Documents\Heroes of Might and Magic IV\Heroes of Might and Magic IV CD2\_autorun\exit.exe
    c:\Documents and Settings\All Users\Documents\Heroes of Might and Magic IV\Heroes of Might and Magic IV CD2\_autorun\Support\support.exe
    c:\Documents and Settings\All Users\Documents\Need for Speed Underground\SetupReg.exe
    c:\Documents and Settings\All Users\Documents\Need for Speed Underground\Speed.exe
    c:\Documents and Settings\All Users\Documents\Need for Speed Underground\3DSetup\3DSetup.exe
    c:\Documents and Settings\All Users\Documents\prepa CAPEPS\tabory\MYT2 (E)\Genese-EPS.exe
    c:\Documents and Settings\All Users\Documents\prepa CAPEPS\tabory\MYT2 (E)\Xtras\Media Element\ActiveX\Redist\Aprxdist.exe
    c:\Documents and Settings\All Users\Documents\prepa CAPEPS\tabory\MYT2 (E)\Xtras\Media Element\ActiveX\Redist\Axdist.exe
    c:\Documents and Settings\All Users\Documents\prepa CAPEPS\tabory\MYT2 (E)\Xtras\Media Element\ActiveX\Redist\Wintdist.exe
    c:\Documents and Settings\Eddy\.limewire\.NetworkShare\LimeWireWinInstaller.exe
    c:\Documents and Settings\Eddy\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
    c:\Documents and Settings\Eddy\Application Data\Microsoft\Installer\{F6D63A65-BD23-46F3-B9A3-87F442423481}\ARPPRODUCTICON.exe
    c:\Documents and Settings\Eddy\Application Data\VgaCopyMulti\cakesetupidolbash.exe
    c:\Documents and Settings\Eddy\Application Data\VgaCopyMulti\defaultlicensesurf.exe
    c:\Documents and Settings\Eddy\Application Data\VgaCopyMulti\kzjekrbz.exe
    c:\Documents and Settings\Eddy\Application Data\VgaCopyMulti\pileoneteam.exe
    c:\Documents and Settings\Eddy\Bureau\ComboFix.exe
    c:\Documents and Settings\Eddy\Bureau\Install_Messenger.exe
    c:\Documents and Settings\Eddy\Bureau\MsgPlus-363.exe
    c:\Documents and Settings\Eddy\Bureau\Navilog1.exe
    c:\Documents and Settings\Eddy\Bureau\VundoFix.exe
    c:\Documents and Settings\Eddy\Bureau\Windows-KB890830-V1.30.exe
    c:\Documents and Settings\Eddy\Bureau\DiagHelp\catchme.exe
    c:\Documents and Settings\Eddy\Bureau\DiagHelp\diff.exe
    c:\Documents and Settings\Eddy\Bureau\DiagHelp\dumphive.exe
    c:\Documents and Settings\Eddy\Bureau\DiagHelp\FilesInfoCmd.exe
    c:\Documents and Settings\Eddy\Bureau\DiagHelp\find2.exe
    c:\Documents and Settings\Eddy\Bureau\DiagHelp\Fport.exe
    c:\Documents and Settings\Eddy\Bureau\DiagHelp\grep.exe
    c:\Documents and Settings\Eddy\Bureau\DiagHelp\KProcCheck.exe
    c:\Documents and Settings\Eddy\Bureau\DiagHelp\LFiles.exe
    c:\Documents and Settings\Eddy\Bureau\DiagHelp\LISTDLLS.exe
    c:\Documents and Settings\Eddy\Bureau\DiagHelp\pslist.exe
    c:\Documents and Settings\Eddy\Bureau\DiagHelp\streams.exe
    c:\Documents and Settings\Eddy\Bureau\DiagHelp\swreg.exe
    c:\Documents and Settings\Eddy\Bureau\Erwan fichiers\audacity-win-unicode-1.3.2.exe
    c:\Documents and Settings\Eddy\Bureau\Erwan fichiers\bin\itunes_itunes_6.0.5_francais_11140.exe
    c:\Documents and Settings\Eddy\Bureau\Msn plus\Install_Messenger.exe
    c:\Documents and Settings\Eddy\Bureau\Msn plus\MsgPlus-362.exe
    c:\Documents and Settings\Eddy\Bureau\Zuma Deluxe\7 Wonders.exe
    c:\Documents and Settings\Eddy\Bureau\Zuma Deluxe\Unwise.exe
    c:\Documents and Settings\Eddy\Bureau\Zuma Deluxe\zuma.exe
    c:\Documents and Settings\Eddy\Local Settings\Temp\7zO1C.tmp\HijackThis.exe
    c:\Documents and Settings\Eddy\Mes documents\Eddy College\EPS\yesmessenger.exe
    c:\Documents and Settings\Eddy\Mes documents\Mes fichiers reçus\FileZilla_2_2_17_setup.exe
    c:\Documents and Settings\Eddy\Mes documents\Mes fichiers reçus\yahoo messenger.exe
    c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9I13S3A\im++[1].exe
    c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9I13S3A\im++[2].exe
    c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\X4BB29DS\im++[1].exe
    c:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Bases\avcmhk.dll
    c:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Bases\avcmhk4.dll
    c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
    c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
    c:\Documents and Settings\Eddy\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
    c:\Documents and Settings\Eddy\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll
    c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

    ****** Fin du rapport DiagHelp
    11 Juillet 2007 11:34:09

    Bonjour


    Relance un scan HijackThis et coche les lignes ci-dessous :

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {058B310F-F6D5-4F90-B57E-470938F394E2} - C:\WINDOWS\System32\xxyab.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7116DE13-DA6C-8E26-8EE5-4022A30099EA} - C:\DOCUME~1\Eddy\APPLIC~1\MESSWA~1\CompSkip.exe (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ANTE HOLD META WINDOW] C:\Documents and Settings\All Users\Application Data\user bash ante hold\AdminDeaf.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [memoonce] C:\DOCUME~1\Eddy\APPLIC~1\VGACOP~1\pileoneteam.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusea [...] xdm408YYPF
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocac [...] 0.0.15.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.ya [...] urrent.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://centraus1.englishtown.com/m [...] loader.cab
    O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\System32\dllcache\winmga.exe

    Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »


    Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt....
    Double-clique sur OTMoveIt.exe pour le lancer.
    Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :p aste List of Files/Folders to be moved.

    C:\WINDOWS\System32\ormjokxu.exe
    C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
    C:\WINDOWS\tasks\8FAC6C6EB4DBE6AE.job
    C:\Program Files\FunWebProducts
    C:\Program Files\Advert
    C:\Program Files\MyWebSearch
    C:\Program Files\VgaCopyMulti
    C:\Program Files\fichiers communs\Microsoft Shared\Web Folders\ibm00003.dll
    C:\Program Files\fichiers communs\Microsoft Shared\Web Folders\ibm00004.dll
    c:\Documents and Settings\All Users\Application Data\user bash ante hold
    c:\Documents and Settings\Eddy\Application Data\VgaCopyMulti


    Clique sur MoveIt! pour lancer la suppression.
    Le résultat apparaitra dans le cadre Results.
    Clique sur Exit pour fermer.

    Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.


    Poste le rapport situé dans C:\_OTMoveIt\MovedFiles avec un nouveau Hijackthis.
    11 Juillet 2007 22:38:13

    Voila je suis désolée de vous demander votre aide mais je suis arrivé à l'étape d'Hijackthis et aprè... je ne sais pas trop koi faire ! je me permet donc de vous envoyer mon rapport.
    Merci d'avance de votre aide je ne sais plus quoi faire vraiment !!



    Logfile of HijackThis v1.99.1
    Scan saved at 22:28:59, on 11/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\Program Files\Rainlendar2\Rainlendar2.exe
    C:\Program Files\3M\PSNLite\PsnLite.exe
    C:\PROGRA~1\3M\PSNLite\PSNGive.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.launch.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.50.254:3128
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
    O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe


    Marion
    11 Juillet 2007 23:13:20

    Est ce que cela veux dire que tu n'as pas fait la manip avec OTMoveIt ?
    12 Juillet 2007 05:52:52

    Je veux pas être méchant Marion mais ça serait beaucoup + simple si tu ouvrais toi même ta discution avec ton sujet :) 
    12 Juillet 2007 07:58:31

    marion4447 0

    Oui, il faut créer ton propre sujet.

    Covic

    Peut tu répondre à la question.
    23 Juillet 2007 04:15:25

    Logfile of HijackThis v1.99.1
    Scan saved at 21:53:57, on 2007-07-22
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\dllcache\mswan.exe
    C:\flexlm\SolidWorks 2005 SolidNetWork License Manager\lmgrd.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Windows\temp\windowsautomaticupdates.exe
    C:\flexlm\SolidWorks 2005 SolidNetWork License Manager\SW_D.EXE
    C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Steve Lussier\Bureau\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\sb.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.canoe.ca/accueil.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.topwebsearch.com/search.php?keywords=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {E256071D-5700-A3DB-0FA0-38B461B7618A} - C:\WINDOWS\pmjyuerd.dll
    O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
    O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D6F5-F66EA787AD2D} - C:\PROGRA~1\POWERS~1\Toolbar\pwrsbikd.dll (file missing)
    O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
    O4 - HKLM\..\Run: [UpdReg] ----C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [Jet Detection] ----C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX5400] ----C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
    O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
    O4 - HKLM\..\Run: [awxDTools] ----rundll32 C:\PROGRA~1\arniWORX\AWXDTO~1\awxDTools.dll,awxRegisterDll /r /s
    O4 - HKLM\..\Run: [NeroFilterCheck] ----C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] ----C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [winsync] ----C:\WINDOWS\system32\woykwi.exe reg_run
    O4 - HKLM\..\Run: [iTunesHelper] ----"C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BlockChecker] ----C:\Program Files\Block Checker\block-checker.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] ----"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LVCOMSX] ----C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechCameraAssistant] ----C:\Program Files\Logitech\Video\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] ----C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [LogitechCameraService(E)] ----C:\WINDOWS\system32\ElkCtrl.exe /automation
    O4 - HKCU\..\Run: [CTFMON.EXE] ----C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] ----"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BikiniDesk] ----"C:\WINDOWS\Resources\Themes\BikiniDesk\BikiniDesk.exe"
    O4 - HKCU\..\Run: [BritneyShocking] ----"C:\Program Files\BritneyDesk\BritneyShocking.exe"
    O4 - HKCU\..\Run: [LDM] ----C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jh...
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll (file missing)
    O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll (file missing)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O9 - Extra button: Ebates - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm (file missing) (HKCU)
    O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://admlqp01.admnt.usherbrooke.ca/qp2.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x40...
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://triplesixxers.spaces.msn.com//PhotoUpload/MsnPUp...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zyloml...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - ----"C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - ----c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe (file missing)
    O23 - Service: Microsoft Genuine Update Advantage - Unknown owner - C:\WINDOWS\system32\dllcache\mswan.exe
    O23 - Service: Office Source Engine (ose) - Unknown owner - ----"C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (file missing)
    O23 - Service: SolidWorks SolidNetWork License Manager - Macrovision Corporation - C:\flexlm\SolidWorks 2005 SolidNetWork License Manager\lmgrd.exe
    O23 - Service: Windows Automatic Updates - Stanford University - C:\Windows\temp\windowsautomaticupdates.exe

    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS