Se connecter / S'enregistrer
Votre question

[résolu]virus sur msn

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
3 Décembre 2006 21:00:43

Bonjour,

Je viens d'attraper un virus avec msn, il envoit des emails à tous mes contacts. J'ai essayé de le supprimer mais il revient toujours. Je joint ici une copie du rapport Hijackthis. Pouvez-vous m'aider?
Merci d'avance

Logfile of HijackThis v1.99.1
Scan saved at 14:51:54, on 2006-12-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Bell\Gestionnaire de securite\fws.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Bell\Gestionnaire de securite\Rps.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Assistant Internet\bin\mpbtn.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ASSIST~1\SMARTB~1\MOTIVESB.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Suzanne\Bureau\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Gestionnaire de securite\pkR.dll
O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - (no file)
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Bell\Gestionnaire de securite\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WindowsRegKeys update] winsysi.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Gestionnaire de sécurité] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [explorer] C:\WINDOWS\system32\winstall.exe
O4 - HKLM\..\RunServices: [WindowsRegKeys update] winsysi.exe
O4 - HKCU\..\Run: [WindowsRegKeys update] winsysi.exe
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\Assistant Internet\bin\matcli.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jh...
O8 - Extra context menu item: Traduire cette page - C:\WINDOWS\WEB\powertoy.htm
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts...
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/CA/install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/downloads/AXELPlayerAX_Win32....
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: Gestionnaire de sécurité Coupe-feu (RP_FWS) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\fws.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Autres pages sur : resolu virus msn

a b 8 Sécurité
3 Décembre 2006 21:03:41

Bonsoir,

Bien infecté.

Télécharge puis installe AVG Anti-Spyware (AVG AS)
Une fois AVG AS lancé, clique sur "Mise à jour"
Ferme le programme.
AIDE : Tuto sur Avg Antispyware (Malekal)

Redémarre en mode sans échec

Relance AVG AS puis choisis l'onglet "Analyse"
Puis l'onglet "Paramètres"
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

/!\ Si un fichier est infecté en fin d'analyse /!\
Clique sur "Appliquer toutes les actions "

Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.

Redémarre normalement
Copie/Colle le rapport AVG AS ainsi qu'un rapport Hijackthis.
4 Décembre 2006 00:53:18

Bonjour/Bonsoir,

Merci de m'aider :) 

voici le rapport AVG AS:

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 18:44:34 2006-12-03

+ Résultat de l'analyse:



C:\System Volume Information\_restore{5E7D3088-3347-471B-86A4-938E4D2A7112}\RP714\A0354205.exe -> Adware.Casino : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\Screensavers.com\Installer\bin\ScreensaversInst.dll -> Adware.Comet : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\Starware349\bin\Starware349.dll -> Adware.Comet : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\AdCache -> Adware.Cydoor : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\AdCache\B_434_0_0_445800.htm -> Adware.Cydoor : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\AdCache\B_434_0_0_445900.htm -> Adware.Cydoor : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\AdCache\B_434_0_0_446000.htm -> Adware.Cydoor : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\AdCache\B_434_1_0_448500.gif -> Adware.Cydoor : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\AdCache\B_434_1_0_448600.gif -> Adware.Cydoor : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\AdCache\B_434_1_0_448600.htm -> Adware.Cydoor : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\AdCache\B_434_1_0_453800.gif -> Adware.Cydoor : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\AdCache\B_434_2_0_814200.htm -> Adware.Cydoor : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\AdCache\B_434_2_0_815600.htm -> Adware.Cydoor : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\AdCache\B_434_2_0_815900.htm -> Adware.Cydoor : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{5E7D3088-3347-471B-86A4-938E4D2A7112}\RP751\A0372498.DLL -> Adware.FunWeb : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL -> Adware.IWon : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE -> Adware.MyWebSearch : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{5E7D3088-3347-471B-86A4-938E4D2A7112}\RP756\A0376973.exe -> Adware.PurityScan : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{5E7D3088-3347-471B-86A4-938E4D2A7112}\RP756\A0378127.exe -> Adware.PurityScan : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer -> Adware.Screensavers : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer.1 -> Adware.Screensavers : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer\CLSID -> Adware.Screensavers : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer\CurVer -> Adware.Screensavers : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller -> Adware.Screensavers : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller.1 -> Adware.Screensavers : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller\CLSID -> Adware.Screensavers : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller\CurVer -> Adware.Screensavers : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScreensaversInstaller -> Adware.Screensavers : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\All Users\Application Data\Starware -> Adware.Starware : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate -> Adware.Starware : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml -> Adware.Starware : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup -> Adware.Starware : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml -> Adware.Starware : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup -> Adware.Starware : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml -> Adware.Starware : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup -> Adware.Starware : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\All Users\Application Data\Starware\buttons -> Adware.Starware : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafe.bmp -> Adware.Starware : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafeA.bmp -> Adware.Starware : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\games.bmp -> Adware.Starware : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\gamesA.bmp -> Adware.Starware : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaver.bmp -> Adware.Starware : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaverA.bmp -> Adware.Starware : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\All Users\Application Data\Starware\contexts -> Adware.Starware : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\All Users\Application Data\Starware\contexts\Travel.xml.backup -> Adware.Starware : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml -> Adware.Starware : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\All Users\Application Data\Starware\contexts\related.xml -> Adware.Starware : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\All Users\Application Data\Starware\contexts\travel.xml -> Adware.Starware : Nettoyé et sauvegardé (mise en quarantaine).
HKU\S-1-5-21-484763869-115176313-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1} -> Adware.Starware : Nettoyé et sauvegardé (mise en quarantaine).
HKU\S-1-5-21-484763869-115176313-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D49E9D35-254C-4C6A-9D17-95018D228FF5} -> Adware.Starware : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL -> Downloader.IstBar : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Francis\Local Settings\Temporary Internet Files\Content.IE5\8TER812Z\speedtest2[1].dll -> Not-A-Virus.Downloader.Win32.InsTool.a : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\speedtest2.dll -> Not-A-Virus.Downloader.Win32.InsTool.a : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Francis\Cookies\francis@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@microsoftwlmessengermkt.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@usatoday1.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@workopolis.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Karine_2\Cookies\karine_2@chumtv.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Karine_2\Cookies\karine_2@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Karine_2\Cookies\karine_2@workopolis.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Suzanne\Cookies\suzanne@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Suzanne\Cookies\suzanne@maxis.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Suzanne\Cookies\suzanne@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Suzanne\Cookies\suzanne@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Suzanne\Cookies\suzanne@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\RECYCLER\NPROTECT\00252442.TXT -> TrackingCookie.2o7 : Nettoyé.
C:\RECYCLER\NPROTECT\00252443.TXT -> TrackingCookie.2o7 : Nettoyé.
C:\RECYCLER\NPROTECT\00252444.TXT -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@aavalue[2].txt -> TrackingCookie.Aavalue : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@eztracks.aavalue[1].txt -> TrackingCookie.Aavalue : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\Karine_2\Cookies\karine_2@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\Suzanne\Cookies\suzanne@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\Suzanne\Cookies\suzanne@axa.addcontrol[1].txt -> TrackingCookie.Addcontrol : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@ad.adition[1].txt -> TrackingCookie.Adition : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Nettoyé.
C:\Documents and Settings\Suzanne\Cookies\suzanne@adjuggler[2].txt -> TrackingCookie.Adjuggler : Nettoyé.
C:\Documents and Settings\Suzanne\Cookies\suzanne@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@admarketplace[1].txt -> TrackingCookie.Admarketplace : Nettoyé.
C:\Documents and Settings\Karine_2\Cookies\karine_2@ad.admarketplace[2].txt -> TrackingCookie.Admarketplace : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@ad.adocean[2].txt -> TrackingCookie.Adocean : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@gde.adocean[2].txt -> TrackingCookie.Adocean : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@adrevolver[3].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Documents and Settings\Francis\Local Settings\Temp\Cookies\francis@adrevolver[2].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Documents and Settings\Karine_2\Cookies\karine_2@adtrak[1].txt -> TrackingCookie.Adtrak : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\RECYCLER\NPROTECT\00253258.TXT -> TrackingCookie.Bfast : Nettoyé.
C:\Documents and Settings\Suzanne\Cookies\suzanne@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Nettoyé.
C:\Documents and Settings\Francis\Local Settings\Temp\Cookies\francis@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Nettoyé.
C:\Documents and Settings\Karine_2\Cookies\karine_2@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@www.burstnet[2].txt -> TrackingCookie.Burstnet : Nettoyé.
C:\Documents and Settings\Karine_2\Cookies\karine_2@www.burstnet[2].txt -> TrackingCookie.Burstnet : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@casinotropez[2].txt -> TrackingCookie.Casinotropez : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@promo.casinotropez[1].txt -> TrackingCookie.Casinotropez : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@cz7.clickzs[1].txt -> TrackingCookie.Clickzs : Nettoyé.
C:\Documents and Settings\Karine_2\Cookies\karine_2@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé.
C:\RECYCLER\NPROTECT\00252455.TXT -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@e-2dj6wfkicocpsdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@e-2dj6wfkigmazsdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@e-2dj6wfkoemdjegp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@e-2dj6wfkoqhczakp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@e-2dj6wfl4kndjkep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@e-2dj6wfl4kpczmaq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@e-2dj6wfl4woczwfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@e-2dj6wfmiogdjedp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@e-2dj6wfmywmdzegp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@e-2dj6wgk4ood5edq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@e-2dj6wgk4qkdzcao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@e-2dj6wgkighdzkkp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@e-2dj6wgkiqlajakp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@e-2dj6wgkiqlajmdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@e-2dj6wgkisidjghp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@e-2dj6wgkyeidpidp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@e-2dj6wgkyqjc5olp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@e-2dj6whkyomc5mep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@e-2dj6wjk4ohd5cdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@e-2dj6wjkoapdjsho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@e-2dj6wjkokhd5iep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@e-2dj6wjkyoicpoco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@e-2dj6wjmighczaao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@e-2dj6wjmyckczmbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@e-2dj6wjny-1nczik.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@e-2dj6wjnyghdziko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@e-2dj6wjnygodpmgo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Karine_2\Cookies\karine_2@e-2dj6wfmyklazado.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Karine_2\Cookies\karine_2@e-2dj6wjnyomcpcbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Suzanne\Cookies\suzanne@e-2dj6wjl4sldjokq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\Karine_2\Cookies\karine_2@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\Suzanne\Cookies\suzanne@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Nettoyé.
C:\Documents and Settings\Karine_2\Cookies\karine_2@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Nettoyé.
C:\Documents and Settings\Suzanne\Cookies\suzanne@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@media.fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé.
C:\Documents and Settings\Karine_2\Cookies\karine_2@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Nettoyé.
C:\Documents and Settings\Karine_2\Cookies\karine_2@www.goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@ehg-corusentertainment.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@ehg-groupernetworks.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@ehg-ifilm.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@ehg-maniatv.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-archambaultdotca.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-ati.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-corusentertainment.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@max.i12[2].txt -> TrackingCookie.I12 : Nettoyé.
C:\Documents and Settings\Karine_2\Cookies\karine_2@komtrack[2].txt -> TrackingCookie.Komtrack : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@image.masterstats[1].txt -> TrackingCookie.Masterstats : Nettoyé.
C:\Documents and Settings\Karine_2\Cookies\karine_2@image.masterstats[1].txt -> TrackingCookie.Masterstats : Nettoyé.
C:\Documents and Settings\Karine_2\Cookies\karine_2@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@oewabox[1].txt -> TrackingCookie.Oewabox : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@data2.perf.overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@perf.overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Karine_2\Cookies\karine_2@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Karine_2\Cookies\karine_2@perf.overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@ads.planetactive[1].txt -> TrackingCookie.Planetactive : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@ads-205.quarterserver[1].txt -> TrackingCookie.Quarterserver : Nettoyé.
C:\Documents and Settings\Karine_2\Cookies\karine_2@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@a.shopathomeselect[1].txt -> TrackingCookie.Shopathomeselect : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@offers.shopathomeselect[2].txt -> TrackingCookie.Shopathomeselect : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@shopathomeselect[1].txt -> TrackingCookie.Shopathomeselect : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Karine_2\Cookies\karine_2@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Suzanne\Cookies\suzanne@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Karine_2\Cookies\karine_2@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@h.starware[1].txt -> TrackingCookie.Starware : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@www.starware[1].txt -> TrackingCookie.Starware : Nettoyé.
C:\Documents and Settings\Karine_2\Cookies\karine_2@h.starware[2].txt -> TrackingCookie.Starware : Nettoyé.
C:\Documents and Settings\Karine_2\Cookies\karine_2@starware[1].txt -> TrackingCookie.Starware : Nettoyé.
C:\Documents and Settings\Karine_2\Cookies\karine_2@try.starware[1].txt -> TrackingCookie.Starware : Nettoyé.
C:\Documents and Settings\Karine_2\Cookies\karine_2@www.starware[1].txt -> TrackingCookie.Starware : Nettoyé.
C:\Documents and Settings\Karine_2\Cookies\karine_2@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@ad.text.tbn[1].txt -> TrackingCookie.Texttbnru : Nettoyé.
C:\Documents and Settings\Suzanne\Cookies\suzanne@ad.text.tbn[2].txt -> TrackingCookie.Texttbnru : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Nettoyé.
C:\Documents and Settings\Karine_2\Cookies\karine_2@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@trafic[1].txt -> TrackingCookie.Trafic : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@pmads.valuead[2].txt -> TrackingCookie.Valuead : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Nettoyé.
C:\Documents and Settings\Suzanne\Cookies\suzanne@pmads.valuead[2].txt -> TrackingCookie.Valuead : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@web-stat[1].txt -> TrackingCookie.Web-stat : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@webstat[1].txt -> TrackingCookie.Web-stat : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@www.web-stat[2].txt -> TrackingCookie.Web-stat : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@count.xhit[1].txt -> TrackingCookie.Xhit : Nettoyé.
C:\Documents and Settings\Suzanne\Cookies\suzanne@count.xhit[2].txt -> TrackingCookie.Xhit : Nettoyé.
C:\Documents and Settings\Francis\Cookies\francis@yadro[1].txt -> TrackingCookie.Yadro : Nettoyé.
C:\Documents and Settings\Karine_2\Cookies\karine_2@yadro[2].txt -> TrackingCookie.Yadro : Nettoyé.
C:\Documents and Settings\Suzanne\Cookies\suzanne@yadro[1].txt -> TrackingCookie.Yadro : Nettoyé.
C:\System Volume Information\_restore{5E7D3088-3347-471B-86A4-938E4D2A7112}\RP756\A0377028.exe -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{5E7D3088-3347-471B-86A4-938E4D2A7112}\RP756\A0377070.exe -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{5E7D3088-3347-471B-86A4-938E4D2A7112}\RP756\A0377071.exe -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{5E7D3088-3347-471B-86A4-938E4D2A7112}\RP756\A0377072.exe -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{5E7D3088-3347-471B-86A4-938E4D2A7112}\RP756\A0378115.exe -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{5E7D3088-3347-471B-86A4-938E4D2A7112}\RP756\A0378116.exe -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{5E7D3088-3347-471B-86A4-938E4D2A7112}\RP756\A0378117.exe -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{5E7D3088-3347-471B-86A4-938E4D2A7112}\RP756\A0378118.exe -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).


Fin du rapport


Et voilà le rapport Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 18:52:17, on 2006-12-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Bell\Gestionnaire de securite\fws.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Bell\Gestionnaire de securite\Rps.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Documents and Settings\Francis\winstall.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
C:\Program Files\Assistant Internet\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Suzanne\Bureau\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Gestionnaire de securite\pkR.dll
O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - (no file)
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Bell\Gestionnaire de securite\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{38662~1\888Bar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{38662~1\888Bar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WindowsRegKeys update] winsysi.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Gestionnaire de sécurité] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Francis\winstall.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [WindowsRegKeys update] winsysi.exe
O4 - HKCU\..\Run: [WindowsRegKeys update] winsysi.exe
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\Assistant Internet\bin\matcli.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jh...
O8 - Extra context menu item: Traduire cette page - C:\WINDOWS\WEB\powertoy.htm
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts...
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/CA/install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/downloads/AXELPlayerAX_Win32....
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: Gestionnaire de sécurité Coupe-feu (RP_FWS) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\fws.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe



Contenus similaires
Pas de réponse à votre question ? Demandez !
a b 8 Sécurité
4 Décembre 2006 12:25:16

Re,

  • Télécharge combofix.exe (par sUBs) sur ton Bureau
  • Double clique combofix.exe.
  • Tape sur la touche Y (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    4 Décembre 2006 14:57:22

    Re,

    Voici le rapport combofix:

    Suzanne - 06-12-04 8:44:18,32 Service Pack 2
    ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Suzanne\Bureau"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\Fichiers communs\{38662ED8-0BB6-3084-0326-040403040002}
    C:\Program Files\Fichiers communs\{68662ED8-0BB6-3084-0326-040403040002}


    ((((((((((((((((((((((((((((((( Files Created from 2006-11-04 to 2006-12-04 ))))))))))))))))))))))))))))))))))


    2006-12-03 15:40 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2006-12-03 15:40 <REP> d-------- C:\Program Files\Grisoft
    2006-12-03 15:02 73,728 --a------ C:\ecjavycq.exe
    2006-12-03 15:02 0 --a------ C:\gdgrbetv.exe
    2006-12-03 00:21 138,565 --a------ C:\WINDOWS\system32\mcc.exe
    2006-12-02 21:10 77,824 --a------ C:\WINDOWS\system32\gotgo.exe
    2006-12-02 18:08 68,968 --a------ C:\WINDOWS\system32\lzx32.sys
    2006-11-27 17:11 <REP> d-------- C:\WINDOWS\system32\MindAvenue
    2006-11-26 18:44 28,672 --a------ C:\WINDOWS\system32\f3PSSavr.scr
    2006-11-17 17:02 <REP> d-------- C:\Program Files\MSXML 4.0
    2006-11-16 22:06 <REP> d-------- C:\Documents and Settings\Suzanne\Application Data\MSNInstaller
    2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    Rootkit driver pe386 is present. A rootkit scan is required

    2006-12-04 08:50 -------- d-------- C:\Program Files\Fichiers communs
    2006-12-04 08:41 -------- d-------- C:\Program Files\OpenOffice.org1.1.4
    2006-12-02 17:48 -------- d-------- C:\Program Files\MSN Messenger
    2006-12-01 22:23 -------- d-------- C:\Documents and Settings\Suzanne\Application Data\MSN6
    2006-12-01 17:31 -------- d-------- C:\Program Files\Fichiers communs\Command Software
    2006-11-30 11:29 -------- d-------- C:\Program Files\Fichiers communs\PestPatrol
    2006-11-27 12:49 -------- d-------- C:\Program Files\FunWebProducts
    2006-11-26 18:44 -------- d-------- C:\Program Files\Internet Explorer
    2006-11-16 20:29 -------- d-------- C:\Program Files\MSN
    2006-11-16 20:29 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
    2006-11-14 12:11 4184 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
    2006-11-05 13:39 -------- d-------- C:\Documents and Settings\Suzanne\Application Data\Starware349
    2006-10-30 20:29 -------- d-------- C:\Documents and Settings\Suzanne\Application Data\Google
    2006-10-30 20:28 -------- d-------- C:\Program Files\Google
    2006-10-18 12:22 -------- d-------- C:\Program Files\EA GAMES
    2006-10-17 14:20 -------- d-------- C:\Program Files\Monte Cristo
    2006-10-14 14:39 -------- d-------- C:\Program Files\CasinoOnNet
    2006-10-13 07:36 145920 --a------ C:\WINDOWS\system32\nwprovau.dll
    2006-10-08 20:08 -------- d-------- C:\Program Files\FlashGet
    2006-10-06 14:47 22 --a------ C:\Program Files\rs.abc
    2006-10-05 14:47 -------- d-------- C:\Program Files\Fichiers communs\Real
    2006-09-13 00:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "WindowsRegKeys update"="winsysi.exe"
    "PowerBar"="\"C:\\Program Files\\CyberLink DVD Solution\\Multimedia Launcher\\PowerBar.exe\" /AtBootTime"
    "LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
    "SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\smax4.exe\" /tray"
    "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
    "WindowsRegKeys update"="winsysi.exe"
    "InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "Motive SmartBridge"="C:\\PROGRA~1\\ASSIST~1\\SMARTB~1\\MotiveSB.exe"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
    "LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
    "LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
    "StandardInstall"=""
    "Microsoft Works Update Detection"="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Works Shared\\WkUFind.exe"
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
    "Babylon Client"="C:\\Program Files\\Babylon\\Babylon.exe -AutoStart"
    "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
    "Gestionnaire de sécurité"="\"C:\\Program Files\\Bell\\Gestionnaire de securite\\Rps.exe\""
    "ISUSPM Startup"="\"C:\\Program Files\\Fichiers communs\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
    "ISUSScheduler"="\"C:\\Program Files\\Fichiers communs\\InstallShield\\UpdateService\\issch.exe\" -start"
    "Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"
    @=""
    "My Web Search Bar"="rundll32 C:\\PROGRA~1\\MYWEBS~1\\bar\\2.bin\\MWSBAR.DLL,S"
    "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "WindowsRegKeys update"="winsysi.exe"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="http://fond-ecran.linternaute.com/image_wallpaper/15b.j..."
    "SubscribedURL"="http://fond-ecran.linternaute.com/image_wallpaper/15b.j..."
    "FriendlyName"=""
    "Flags"=dword:00000001
    "Position"=hex:2c,00,00,00,6a,02,00,00,e1,00,00,00,b4,00,00,00,88,00,00,00,e8,\
    03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:01,00,00,00
    "OriginalStateInfo"=hex:18,00,00,00,6a,02,00,00,e1,00,00,00,b4,00,00,00,88,00,\
    00,00,01,00,00,40
    "RestoredStateInfo"=hex:14,6d,31,0f,41,c0,ab,74,d8,31,4b,0d,68,de,31,0f,20,6d,\
    31,0f,9a,c0,00,00

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
    "Source"="http://www.tigers-deluxe.de/galerie/ki/ki12.jpg"
    "SubscribedURL"="http://www.tigers-deluxe.de/galerie/ki/ki12.jpg"
    "FriendlyName"=""
    "Flags"=dword:00000001
    "Position"=hex:2c,00,00,00,11,00,00,00,2e,00,00,00,58,02,00,00,ae,01,00,00,ea,\
    03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:01,00,00,00
    "OriginalStateInfo"=hex:18,00,00,00,a2,01,00,00,23,00,00,00,58,02,00,00,ae,01,\
    00,00,01,00,00,40
    "RestoredStateInfo"=hex:14,6d,1c,0e,41,c0,ab,74,70,ef,e3,07,68,de,1c,0e,20,6d,\
    1c,0e,72,6f,00,00

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,36,02,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "WindowsRegKeys update"="winsysi.exe"
    "ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "WindowsRegKeys update"="winsysi.exe"
    "ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    Completion time: 06-12-04 8:50:31.42
    C:\ComboFix.txt ... 06-12-04 08:50
    a b 8 Sécurité
    4 Décembre 2006 18:47:42

    Re,

    On s'occupe du rootkit.

    Télécharge Rustbfix (par ejvindh)
    Sauvegarde-le sur ton Bureau.

    Double clique rustbfix.exe afin de lancer l'outil.
    Si une infection Rustock.b est détectée, une invite t'indiquera qu'il est nécessaire de redémarrer le PC. Ce redémarrage pourrait être plus long que d'habitude, et il est possible que deux redémarrages soient requis. Tout cela se fera automatiquement.
    Suite au(x) redémarrage(s), deux rapports s'ouvriront : (%root%\avenger.txt & %root%\rustbfix\pelog.txt).
    Copie/Colle le contenu de ces deux rapports, ainsi qu'un nouveau log HijackThis dans ta prochaine réponse.
    4 Décembre 2006 19:26:34

    re,

    1er rapport:

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\pesgalei

    *******************

    Script file located at: \??\C:\WINDOWS\system32\wetxplum.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Driver PE386 unloaded successfully.
    Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.

    Completed script processing.

    *******************

    2ième rapport:

    ************************* Rustock.b-fix -- By ejvindh *************************
    2006-12-04 13:17:50,18


    ******************* Pre-run Status of system *******************

    Rootkit driver PE386 is found. Starting the unload-procedure....
    Examine the Avenger-logfile in order to assess the success of the unload-procedure

    Rustock.b-ADS attached to the System32-folder:
    :lzx32.sys 68968
    Total size: 68968 bytes.
    Attempting to remove ADS...
    system32: deleted 68968 bytes in 1 streams.


    ******************* Post-run Status of system *******************

    Rustock.b-driver on the system: NONE!

    Rustock.b-ADS attached to the System32-folder:
    No streams found.


    ******************************* End of Logfile ********************************



    Finished! Terminate.
    4 Décembre 2006 19:27:39

    et le rapport Hijackthis:

    Logfile of HijackThis v1.99.1
    Scan saved at 13:27:00, on 2006-12-04
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Bell\Gestionnaire de securite\fws.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\WINDOWS\system32\ScsiAccess.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\notepad.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\smax4.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Bell\Gestionnaire de securite\Rps.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\Program Files\Assistant Internet\bin\mpbtn.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Suzanne\Bureau\scanner.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Gestionnaire de securite\pkR.dll
    O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - (no file)
    O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Bell\Gestionnaire de securite\FBHR.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [WindowsRegKeys update] winsysi.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [Gestionnaire de sécurité] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\RunServices: [WindowsRegKeys update] winsysi.exe
    O4 - HKCU\..\Run: [WindowsRegKeys update] winsysi.exe
    O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
    O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\Assistant Internet\bin\matcli.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jh...
    O8 - Extra context menu item: Traduire cette page - C:\WINDOWS\WEB\powertoy.htm
    O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts...
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/CA/install.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
    O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/downloads/AXELPlayerAX_Win32....
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.ca...
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
    O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
    O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
    O23 - Service: Gestionnaire de sécurité Coupe-feu (RP_FWS) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\fws.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    a b 8 Sécurité
    4 Décembre 2006 19:37:45

    Re,

    - Télécharge Clean.zip (de Malekal),
    décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.

    Redémarre en mode sans échec

    - Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laisse la ouverte.

    Redémarre normalement

    - Le rapport clean : Poste de travail / double clic sur disque C / double-clic sur rapport_clean.txt et copier/coller le contenu ici C:\rapport_clean.txt
    4 Décembre 2006 20:03:11

    voici le rapport clean:

    Script clean par Malekal_morte - http://www.malekal.com

    Microsoft Windows XP [version 5.1.2600]
    Script execute en mode sans echec

    *** Suppression de fichiers sur C:

    *** Suppression des fichiers dans C:\WINDOWS\

    *** Suppression des fichiers dans C:\WINDOWS\system32
    C:\WINDOWS\system32\gotgo.exe FOUND
    C:\WINDOWS\system32\mcc.exe FOUND
    C:\WINDOWS\system32\f3PSSavr.scr FOUND

    "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm0000??.dll" FOUND
    Impossible de supprimer "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm0000??.dll"
    "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm0000?.dll" FOUND
    Impossible de supprimer "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm0000?.dll"
    "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm000??.dll" FOUND
    Impossible de supprimer "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm000??.dll"
    "C:\Program Files\funwebproducts\" FOUND
    "C:\Program Files\MSN Messenger\msrr.exe" FOUND
    "C:\Program Files\msn messenger\riched20.dll" FOUND
    "C:\Program Files\MyWebSearch\" FOUND

    *** Suppression des clefs du registre effectuee..
    a b 8 Sécurité
    4 Décembre 2006 20:07:53

    Reposte un rapport Hijackthis stp.
    4 Décembre 2006 20:09:39

    voilà

    Logfile of HijackThis v1.99.1
    Scan saved at 14:09:05, on 2006-12-04
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Bell\Gestionnaire de securite\fws.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\WINDOWS\system32\ScsiAccess.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\smax4.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Bell\Gestionnaire de securite\Rps.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\Program Files\Assistant Internet\bin\mpbtn.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Suzanne\Bureau\scanner.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (file missing)
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (file missing)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Gestionnaire de securite\pkR.dll
    O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Bell\Gestionnaire de securite\FBHR.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [WindowsRegKeys update] winsysi.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [Gestionnaire de sécurité] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\RunServices: [WindowsRegKeys update] winsysi.exe
    O4 - HKCU\..\Run: [WindowsRegKeys update] winsysi.exe
    O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
    O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\Assistant Internet\bin\matcli.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jh...
    O8 - Extra context menu item: Traduire cette page - C:\WINDOWS\WEB\powertoy.htm
    O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts...
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/CA/install.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
    O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/downloads/AXELPlayerAX_Win32....
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.ca...
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
    O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
    O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
    O23 - Service: Gestionnaire de sécurité Coupe-feu (RP_FWS) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\fws.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    a b 8 Sécurité
    4 Décembre 2006 20:16:01

    Re,

    - Lance Hijackthis ->Do a system scan only
    ->Coche les lignes ci-dessous :

    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (file missing)
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (file missing)
    O4 - HKLM\..\Run: [WindowsRegKeys update] winsysi.exe
    O4 - HKLM\..\RunServices: [WindowsRegKeys update] winsysi.exe
    O4 - HKCU\..\Run: [WindowsRegKeys update] winsysi.exe
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolb [...] xdm088YYCA
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/n [...] 0.0.15.cab
    O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll

    Clique sur Fix checked (en bas à gauche)

    Désinstalle si possible AVG AS 7.5

  • Télécharge SpySweeper (de Webroot, version d'essai de 14 jours) :

    -Clique sur "Télécharger la version test".
    -Installe le programme en choississant "installation standard".
    -Accepte le redémarrage
    -L'option de le mettre à jour s'affichera, acceptes la mise à jour
    -Lorsque les mises à jour seront installées, dans colonne de gauche clique sur l'onglet Options puis analyse.
    -Sous Eléments à analyser et Autres options coche toutes les cases.
    -Ferme SpySweeper

    La suite étant faite en mode sans échec, imprime ou copie/colle dans un fichier texte les instructions suivantes

  • Redémarre en mode sans échec : au redémarrage, tapotes immédiatement la touche F8, tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.

  • Démarre SpySweeper
    -Clique Analyser sur la gauche puis sur Démarrer l'analyse.
    -Quand le scan est terminé, clique sur Suivant.
    -Assure-toi que tous les éléments trouvés sont tous cochés, puis clic sur Suivant.
    -Tous les éléments cochés seront alors mis en quarantaine.
    -Dans "Récapitulatif", sélectionne en bas Afficher le journal de session puis Enregistrer dans un fichier afin de sauvegarder le rapport.

  • Redémarre normalement

  • Désinstalle SpySweeper à partir de ajout/suppression de programme sauf si tu veux continuer l'évaluation pendant 15 jours.

  • Copie/colle le rapport de SpySweeper ici
    4 Décembre 2006 21:01:43

    Bonjour Je suis tres nul en informatique et j'ai ce virus est ce quelqu'un pourai m'aider je ne c mm pas faire un rapport Hijackthis!!Merci davance
    5 Décembre 2006 01:13:26

    voici le rapport:

    18:57: Removal process completed. Elapsed time 00:02:40
    18:57: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST382.tmp". Reason: Le fichier spécifié est introuvable
    18:57: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable
    18:56: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST382.tmp". Reason: Le fichier spécifié est introuvable
    18:56: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable
    18:56: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST382.tmp". Reason: Le fichier spécifié est introuvable
    18:56: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable
    18:56: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST382.tmp". Reason: Le fichier spécifié est introuvable
    18:56: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable
    18:56: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST383.tmp". Reason: Le fichier spécifié est introuvable
    18:56: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable
    18:56: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST383.tmp". Reason: Le fichier spécifié est introuvable
    18:56: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable
    18:56: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST383.tmp". Reason: Le fichier spécifié est introuvable
    18:56: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable
    18:56: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST383.tmp". Reason: Le fichier spécifié est introuvable
    18:56: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable
    18:55: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST383.tmp". Reason: Le fichier spécifié est introuvable
    18:55: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable
    18:55: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST383.tmp". Reason: Le fichier spécifié est introuvable
    18:55: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable
    18:55: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST383.tmp". Reason: Le fichier spécifié est introuvable
    18:55: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable
    18:55: Quarantining All Traces: 888 cookie
    18:55: Quarantining All Traces: sympaticoca cookie
    18:55: Quarantining All Traces: zango cookie
    18:55: Quarantining All Traces: upspiral cookie
    18:55: Quarantining All Traces: redzip cookie
    18:55: Quarantining All Traces: adultxxxpornstars cookie
    18:55: Quarantining All Traces: webpower cookie
    18:55: Quarantining All Traces: webads cookie
    18:55: Quarantining All Traces: videodome cookie
    18:55: Quarantining All Traces: rambler cookie
    18:55: Quarantining All Traces: mywebsearch cookie
    18:55: Quarantining All Traces: mp3downloading cookie
    18:55: Quarantining All Traces: monstermarketplace cookie
    18:55: Quarantining All Traces: infospace cookie
    18:55: Quarantining All Traces: herfirstlesbiansex cookie
    18:55: Quarantining All Traces: expage cookie
    18:55: Quarantining All Traces: excite cookie
    18:55: Quarantining All Traces: wtlive.com cookie
    18:55: Quarantining All Traces: customer cookie
    18:55: Quarantining All Traces: 360i cookie
    18:55: Quarantining All Traces: ccbill cookie
    18:55: Quarantining All Traces: cassava cookie
    18:55: Quarantining All Traces: banner cookie
    18:55: Quarantining All Traces: askmen cookie
    18:55: Quarantining All Traces: adultfriendfinder cookie
    18:55: Quarantining All Traces: adrevolver cookie
    18:55: Quarantining All Traces: adlegend cookie
    18:55: Quarantining All Traces: bannerbank cookie
    18:55: Quarantining All Traces: ad-rotator cookie
    18:55: Quarantining All Traces: 64.62.232 cookie
    18:55: Quarantining All Traces: 3 cookie
    18:55: Quarantining All Traces: xiti cookie
    18:55: Quarantining All Traces: seeq cookie
    18:55: Quarantining All Traces: toplist cookie
    18:55: Quarantining All Traces: tickle cookie
    18:55: Quarantining All Traces: stlyrics cookie
    18:55: Quarantining All Traces: spywarestormer cookie
    18:55: Quarantining All Traces: directtrack cookie
    18:55: Quarantining All Traces: rn11 cookie
    18:55: Quarantining All Traces: rednova cookie
    18:55: Quarantining All Traces: touchclarity cookie
    18:55: Quarantining All Traces: ic-live cookie
    18:55: Quarantining All Traces: gostats cookie
    18:55: Quarantining All Traces: fe.lea.lycos.com cookie
    18:55: Quarantining All Traces: did-it cookie
    18:55: Quarantining All Traces: adbureau cookie
    18:55: Quarantining All Traces: azjmp cookie
    18:55: Quarantining All Traces: atwola cookie
    18:55: Quarantining All Traces: ask cookie
    18:55: Quarantining All Traces: apmebf cookie
    18:55: Quarantining All Traces: 4u.pl cookie
    18:55: Quarantining All Traces: adreactor cookie
    18:55: Quarantining All Traces: hbmediapro cookie
    18:55: Quarantining All Traces: adecn cookie
    18:55: Quarantining All Traces: go.com cookie
    18:55: Quarantining All Traces: websponsors cookie
    18:55: Quarantining All Traces: starware.com hijack
    18:55: Quarantining All Traces: trojan-backdoor-rustock
    18:55: Quarantining All Traces: trojan-downloader-xarwiroozc.biz
    18:54: Quarantining All Traces: targetsaver
    18:54: Quarantining All Traces: systemprocess
    18:54: Quarantining All Traces: starware toolbar
    18:54: Quarantining All Traces: maxifiles
    18:54: Quarantining All Traces: comet cursor
    18:54: Quarantining All Traces: purityscan
    18:54: Quarantining All Traces: trojan-backdoor-us15info
    18:54: Removal process initiated
    17:21: Traces Found: 349
    17:21: Full Sweep has completed. Elapsed time 02:14:17
    17:21: File Sweep Complete, Elapsed Time: 02:10:29
    17:14: Warning: Stream read error
    16:58: Warning: Failed to access drive D:
    16:36: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379114.exe (ID = 404630)
    16:35: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0380109.exe (ID = 404630)
    16:35: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP757\A0382156.exe (ID = 404630)
    16:33: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0382120.dll (ID = 410848)
    16:31: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0376977.exe (ID = 404630)
    16:26: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP757\A0382203.exe (ID = 410842)
    16:24: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc174\Update.exe (ID = 410842)
    16:23: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc173\Update.exe (ID = 410842)
    16:23: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc168\Update.exe (ID = 410842)
    16:23: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc172\Update.exe (ID = 410842)
    16:23: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc167\Update.exe (ID = 410842)
    16:23: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc166\Update.exe (ID = 410842)
    16:22: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379124.exe (ID = 404630)
    16:22: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc165\Update.exe (ID = 410842)
    16:22: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc171\Update.exe (ID = 410842)
    16:22: C:\WINDOWS\system32\winstall.ex0 (ID = 404630)
    16:22: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc162\Update.exe (ID = 410842)
    16:21: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc158\Update.exe (ID = 410842)
    16:21: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc161\Update.exe (ID = 410842)
    16:21: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc151\Update.exe (ID = 410842)
    16:21: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc164\Update.exe (ID = 410842)
    16:21: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc148\Update.exe (ID = 410842)
    16:20: C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.dll (ID = 381852)
    16:20: C:\WINDOWS\system32\lzx32.sys (ID = 350068)
    16:20: Found Trojan Horse: trojan-backdoor-rustock
    16:20: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc142\Update.exe (ID = 410842)
    16:20: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc160\Update.exe (ID = 410842)
    16:19: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc133\Update.exe (ID = 410842)
    16:19: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc132\Update.exe (ID = 410842)
    16:19: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc131\Update.exe (ID = 410842)
    16:19: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc136\Update.exe (ID = 410842)
    16:19: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc170\Update.exe (ID = 410842)
    16:19: C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00002.dll (ID = 381852)
    16:19: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc122\Update.exe (ID = 410842)
    16:18: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc135\Update.exe (ID = 410842)
    16:17: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP757\A0382200.dll (ID = 410848)
    16:17: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc101\Update.exe (ID = 410842)
    16:16: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc89\Update.exe (ID = 410842)
    16:16: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc115\Update.exe (ID = 410842)
    16:15: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc163\Update.exe (ID = 410842)
    16:15: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc124\Update.exe (ID = 410842)
    16:15: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379109.dll (ID = 410848)
    16:14: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc106\Update.exe (ID = 410842)
    16:14: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc134\Update.exe (ID = 410842)
    16:12: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc105\Update.exe (ID = 410842)
    16:12: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0378098.dll (ID = 410848)
    16:10: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc159\Update.exe (ID = 410842)
    16:10: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc68\Update.exe (ID = 410842)
    16:10: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0376972.exe (ID = 404630)
    16:08: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc66\Update.exe (ID = 410842)
    16:07: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc87\Update.exe (ID = 410842)
    16:00: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc176\Update.exe (ID = 410842)
    15:59: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc64\Update.exe (ID = 410842)
    15:59: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc114\Update.exe (ID = 410842)
    15:59: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc63\Update.exe (ID = 410842)
    15:57: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc78\Update.exe (ID = 410842)
    15:57: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc104\Update.exe (ID = 410842)
    15:57: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc61\Update.exe (ID = 410842)
    15:56: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc77\Update.exe (ID = 410842)
    15:56: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc123\Update.exe (ID = 410842)
    15:55: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc56\Update.exe (ID = 410842)
    15:55: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc169\Update.exe (ID = 410842)
    15:54: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379158.exe (ID = 410842)
    15:53: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc49\Update.exe (ID = 410842)
    15:52: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc59\Update.exe (ID = 410842)
    15:52: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379142.exe (ID = 410842)
    15:51: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379146.exe (ID = 410842)
    15:50: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc76\Update.exe (ID = 410842)
    15:48: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc58\Update.exe (ID = 410842)
    15:48: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379150.exe (ID = 410842)
    15:47: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379160.exe (ID = 410842)
    15:47: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc103\Update.exe (ID = 410842)
    15:47: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0382136.dll (ID = 74752)
    15:46: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379164.exe (ID = 410842)
    15:45: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP757\A0382215.exe (ID = 404630)
    15:45: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379174.exe (ID = 410842)
    15:43: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379154.exe (ID = 410842)
    15:43: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379170.exe (ID = 410842)
    15:41: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379176.exe (ID = 410842)
    15:39: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379168.exe (ID = 410842)
    15:38: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0377108.dll (ID = 410848)
    15:37: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc85\Update.exe (ID = 410842)
    15:37: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379134.exe (ID = 410842)
    15:36: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0377065.dll (ID = 410848)
    15:36: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0380122.exe (ID = 410838)
    15:36: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0377002.dll (ID = 410848)
    15:35: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0381107.exe (ID = 404630)
    15:35: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379178.exe (ID = 410842)
    15:35: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc113\Update.exe (ID = 410842)
    15:34: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0376980.dll (ID = 410848)
    15:34: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP755\A0375972.dll (ID = 410848)
    15:34: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP757\A0382201.exe (ID = 410838)
    15:34: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379172.exe (ID = 410842)
    15:34: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379110.exe (ID = 410838)
    15:33: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0378099.exe (ID = 410838)
    15:33: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0382121.exe (ID = 410838)
    15:33: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0377003.exe (ID = 410838)
    15:33: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0377109.exe (ID = 410838)
    15:33: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP755\A0375973.exe (ID = 410838)
    15:33: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379152.exe (ID = 410842)
    15:33: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0382118.exe (ID = 404630)
    15:33: Found Adware: purityscan
    15:32: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0377066.exe (ID = 410838)
    15:32: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379136.exe (ID = 410842)
    15:31: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379162.exe (ID = 410842)
    15:31: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379180.exe (ID = 410842)
    15:30: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379138.exe (ID = 410842)
    15:30: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379166.exe (ID = 410842)
    15:27: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP755\A0376951.exe (ID = 410842)
    15:27: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc75\Update.exe (ID = 410842)
    15:26: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0376981.exe (ID = 410838)
    15:26: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379156.exe (ID = 410842)
    15:26: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP755\A0376953.exe (ID = 410842)
    15:25: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0377024.exe (ID = 410838)
    15:24: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379148.exe (ID = 410842)
    15:24: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP757\A0382202.dll (ID = 410846)
    15:23: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP755\A0376955.exe (ID = 410842)
    15:23: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379182.exe (ID = 410842)
    15:22: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379144.exe (ID = 410842)
    15:22: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc174\system.dll (ID = 410846)
    15:21: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379184.exe (ID = 410842)
    15:21: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc168\system.dll (ID = 410846)
    15:21: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc173\system.dll (ID = 410846)
    15:21: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc158\system.dll (ID = 410846)
    15:21: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc167\system.dll (ID = 410846)
    15:21: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc172\system.dll (ID = 410846)
    15:21: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP755\A0376950.dll (ID = 410846)
    15:21: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc166\system.dll (ID = 410846)
    15:20: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc151\system.dll (ID = 410846)
    15:20: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc162\system.dll (ID = 410846)
    15:20: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc133\system.dll (ID = 410846)
    15:20: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc171\system.dll (ID = 410846)
    15:20: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc165\system.dll (ID = 410846)
    15:20: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc161\system.dll (ID = 410846)
    15:20: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc148\system.dll (ID = 410846)
    15:20: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc101\system.dll (ID = 410846)
    15:20: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc132\system.dll (ID = 410846)
    15:20: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc89\system.dll (ID = 410846)
    15:20: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379173.dll (ID = 410846)
    15:20: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc68\system.dll (ID = 410846)
    15:20: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc122\system.dll (ID = 410846)
    15:20: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP755\A0376952.dll (ID = 410846)
    15:20: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc66\system.dll (ID = 410846)
    15:19: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc56\system.dll (ID = 410846)
    15:19: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379157.dll (ID = 410846)
    15:19: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc142\system.dll (ID = 410846)
    15:19: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP755\A0376954.dll (ID = 410846)
    15:19: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc49\system.dll (ID = 410846)
    15:19: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379133.dll (ID = 410846)
    15:18: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc63\system.dll (ID = 410846)
    15:18: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379159.dll (ID = 410846)
    15:18: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc64\system.dll (ID = 410846)
    15:18: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379141.dll (ID = 410846)
    15:18: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc131\system.dll (ID = 410846)
    15:18: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc170\system.dll (ID = 410846)
    15:18: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc164\system.dll (ID = 410846)
    15:18: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc106\system.dll (ID = 410846)
    15:18: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379151.dll (ID = 410846)
    15:18: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379177.dll (ID = 410846)
    15:18: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379135.dll (ID = 410846)
    15:18: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0380076.exe (ID = 408785)
    15:18: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379137.dll (ID = 410846)
    15:18: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379161.dll (ID = 410846)
    15:17: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc160\system.dll (ID = 410846)
    15:17: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc105\system.dll (ID = 410846)
    15:17: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc78\system.dll (ID = 410846)
    15:16: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379140.exe (ID = 410842)
    15:16: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc136\system.dll (ID = 410846)
    15:16: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc176\system.dll (ID = 410846)
    15:15: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc124\system.dll (ID = 410846)
    15:15: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc57\Update.exe (ID = 410842)
    15:15: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379145.dll (ID = 410846)
    15:15: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379149.dll (ID = 410846)
    15:15: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc115\system.dll (ID = 410846)
    15:15: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379076.exe (ID = 408785)
    15:15: Found Trojan Horse: trojan-downloader-xarwiroozc.biz
    15:15: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc77\system.dll (ID = 410846)
    15:15: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc104\system.dll (ID = 410846)
    15:15: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379163.dll (ID = 410846)
    15:15: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc87\system.dll (ID = 410846)
    15:15: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379167.dll (ID = 410846)
    15:15: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc61\system.dll (ID = 410846)
    15:15: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379165.dll (ID = 410846)
    15:15: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379169.dll (ID = 410846)
    15:15: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc135\system.dll (ID = 410846)
    15:15: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc76\system.dll (ID = 410846)
    15:15: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379153.dll (ID = 410846)
    15:15: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc114\system.dll (ID = 410846)
    15:15: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379171.dll (ID = 410846)
    15:15: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc59\system.dll (ID = 410846)
    15:15: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379147.dll (ID = 410846)
    15:15: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc163\system.dll (ID = 410846)
    15:15: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc103\system.dll (ID = 410846)
    15:15: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc169\system.dll (ID = 410846)
    15:15: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc85\system.dll (ID = 410846)
    15:15: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc159\system.dll (ID = 410846)
    15:15: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc102\Update.exe (ID = 410842)
    15:15: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc134\system.dll (ID = 410846)
    15:15: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379175.dll (ID = 410846)
    15:15: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379183.dll (ID = 410846)
    15:15: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc123\system.dll (ID = 410846)
    15:15: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379155.dll (ID = 410846)
    15:15: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc113\system.dll (ID = 410846)
    15:15: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc58\system.dll (ID = 410846)
    15:15: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc102\system.dll (ID = 410846)
    15:15: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379179.dll (ID = 410846)
    15:15: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379143.dll (ID = 410846)
    15:14: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379181.dll (ID = 410846)
    15:14: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc75\system.dll (ID = 410846)
    15:14: C:\System Volume Information\_restore{5e7d3088-3347-471b-86a4-938e4d2a7112}\RP756\A0379139.dll (ID = 410846)
    15:14: C:\RECYCLER\S-1-5-21-484763869-115176313-1801674531-1007\Dc57\system.dll (ID = 410846)
    15:14: Found Adware: targetsaver
    15:13: C:\Program Files\Screensavers.com (7 subtraces) (ID = 2147486931)
    15:11: Starting File Sweep
    15:11: Warning: Failed to access drive A:
    15:11: Cookie Sweep Complete, Elapsed Time: 00:00:18
    15:11: c:\documents and settings\suzanne\cookies\suzanne@xiti[1].txt (ID = 3717)
    15:11: c:\documents and settings\suzanne\cookies\suzanne@www.888[1].txt (ID = 2020)
    15:11: Found Spy Cookie: 888 cookie
    15:11: c:\documents and settings\suzanne\cookies\suzanne@toplist[1].txt (ID = 3557)
    15:11: c:\documents and settings\suzanne\cookies\suzanne@rambler[1].txt (ID = 3225)
    15:11: c:\documents and settings\suzanne\cookies\suzanne@mywebsearch[1].txt (ID = 3051)
    15:11: c:\documents and settings\suzanne\cookies\suzanne@gostats[2].txt (ID = 2747)
    15:11: c:\documents and settings\suzanne\cookies\suzanne@fe.lea.lycos[1].txt (ID = 2660)
    15:11: c:\documents and settings\suzanne\cookies\suzanne@assistance.sympatico[2].txt (ID = 3484)
    15:11: Found Spy Cookie: sympaticoca cookie
    15:11: c:\documents and settings\suzanne\cookies\suzanne@apmebf[2].txt (ID = 2229)
    15:11: c:\documents and settings\francis\cookies\francis@xiti[1].txt (ID = 3717)
    15:11: c:\documents and settings\francis\cookies\francis@www.zango[1].txt (ID = 3761)
    15:11: Found Spy Cookie: zango cookie
    15:11: c:\documents and settings\francis\cookies\francis@www.upspiral[1].txt (ID = 3615)
    15:11: Found Spy Cookie: upspiral cookie
    15:11: c:\documents and settings\francis\cookies\francis@www.redzip[1].txt (ID = 3250)
    15:11: Found Spy Cookie: redzip cookie
    15:11: c:\documents and settings\francis\cookies\francis@www.monstermarketplace[2].txt (ID = 3007)
    15:11: c:\documents and settings\francis\cookies\francis@www.adultxxxpornstars[2].txt (ID = 2170)
    15:11: Found Spy Cookie: adultxxxpornstars cookie
    15:11: c:\documents and settings\francis\cookies\francis@webpower[1].txt (ID = 3660)
    15:11: Found Spy Cookie: webpower cookie
    15:11: c:\documents and settings\francis\cookies\francis@webads[2].txt (ID = 3650)
    15:11: Found Spy Cookie: webads cookie
    15:11: c:\documents and settings\francis\cookies\francis@videodome[1].txt (ID = 3638)
    15:11: Found Spy Cookie: videodome cookie
    15:11: c:\documents and settings\francis\cookies\francis@toplist[2].txt (ID = 3557)
    15:11: c:\documents and settings\francis\cookies\francis@tickle[2].txt (ID = 3529)
    15:11: c:\documents and settings\francis\cookies\francis@rsi.espn.go[1].txt (ID = 2729)
    15:11: c:\documents and settings\francis\cookies\francis@rn11[2].txt (ID = 3261)
    15:11: c:\documents and settings\francis\cookies\francis@rambler[1].txt (ID = 3225)
    15:11: Found Spy Cookie: rambler cookie
    15:11: c:\documents and settings\francis\cookies\francis@mywebsearch[2].txt (ID = 3051)
    15:11: Found Spy Cookie: mywebsearch cookie
    15:11: c:\documents and settings\francis\cookies\francis@msn.touchclarity[1].txt (ID = 3566)
    15:11: c:\documents and settings\francis\cookies\francis@mp3downloading[1].txt (ID = 3016)
    15:11: Found Spy Cookie: mp3downloading cookie
    15:11: c:\documents and settings\francis\cookies\francis@monstermarketplace[2].txt (ID = 3006)
    15:11: Found Spy Cookie: monstermarketplace cookie
    15:11: c:\documents and settings\francis\cookies\francis@infospace[1].txt (ID = 2865)
    15:11: Found Spy Cookie: infospace cookie
    15:11: c:\documents and settings\francis\cookies\francis@ic-live[1].txt (ID = 2821)
    15:11: c:\documents and settings\francis\cookies\francis@herfirstlesbiansex[2].txt (ID = 2771)
    15:11: Found Spy Cookie: herfirstlesbiansex cookie
    15:11: c:\documents and settings\francis\cookies\francis@go[2].txt (ID = 2728)
    15:11: c:\documents and settings\francis\cookies\francis@gostats[2].txt (ID = 2747)
    15:11: c:\documents and settings\francis\cookies\francis@fe.lea.lycos[2].txt (ID = 2660)
    15:11: c:\documents and settings\francis\cookies\francis@fe.lea.lycos[1].txt (ID = 2660)
    15:11: c:\documents and settings\francis\cookies\francis@expage[1].txt (ID = 2637)
    15:11: Found Spy Cookie: expage cookie
    15:11: c:\documents and settings\francis\cookies\francis@excite[2].txt (ID = 2631)
    15:11: Found Spy Cookie: excite cookie
    15:11: c:\documents and settings\francis\cookies\francis@espn.go[1].txt (ID = 2729)
    15:11: c:\documents and settings\francis\cookies\francis@did-it[1].txt (ID = 2523)
    15:11: c:\documents and settings\francis\cookies\francis@dcstest.wtlive[2].txt (ID = 3700)
    15:11: Found Spy Cookie: wtlive.com cookie
    15:11: c:\documents and settings\francis\cookies\francis@customer[1].txt (ID = 2481)
    15:11: Found Spy Cookie: customer cookie
    15:11: c:\documents and settings\francis\cookies\francis@ct.360i[1].txt (ID = 1962)
    15:11: Found Spy Cookie: 360i cookie
    15:11: c:\documents and settings\francis\cookies\francis@cpacampaigns.directtrack[2].txt (ID = 2528)
    15:11: c:\documents and settings\francis\cookies\francis@ccbill[1].txt (ID = 2369)
    15:11: Found Spy Cookie: ccbill cookie
    15:11: c:\documents and settings\francis\cookies\francis@cassava[1].txt (ID = 2362)
    15:11: Found Spy Cookie: cassava cookie
    15:11: c:\documents and settings\francis\cookies\francis@banner[1].txt (ID = 2276)
    15:11: Found Spy Cookie: banner cookie
    15:11: c:\documents and settings\francis\cookies\francis@atwola[2].txt (ID = 2255)
    15:11: c:\documents and settings\francis\cookies\francis@ask[1].txt (ID = 2245)
    15:11: c:\documents and settings\francis\cookies\francis@askmen[1].txt (ID = 2247)
    15:11: Found Spy Cookie: askmen cookie
    15:11: c:\documents and settings\francis\cookies\francis@apmebf[2].txt (ID = 2229)
    15:11: c:\documents and settings\francis\cookies\francis@adultfriendfinder[2].txt (ID = 2165)
    15:10: Found Spy Cookie: adultfriendfinder cookie
    15:10: c:\documents and settings\francis\cookies\francis@adserver.adreactor[1].txt (ID = 2087)
    15:10: c:\documents and settings\francis\cookies\francis@adrevolver[5].txt (ID = 2088)
    15:10: c:\documents and settings\francis\cookies\francis@adrevolver[2].txt (ID = 2088)
    15:10: c:\documents and settings\francis\cookies\francis@adrevolver[1].txt (ID = 2088)
    15:10: Found Spy Cookie: adrevolver cookie
    15:10: c:\documents and settings\francis\cookies\francis@adopt.hbmediapro[2].txt (ID = 2768)
    15:10: c:\documents and settings\francis\cookies\francis@adlegend[1].txt (ID = 2074)
    15:10: Found Spy Cookie: adlegend cookie
    15:10: c:\documents and settings\francis\cookies\francis@adecn[1].txt (ID = 2063)
    15:10: c:\documents and settings\francis\cookies\francis@ad3.bannerbank[2].txt (ID = 2281)
    15:10: Found Spy Cookie: bannerbank cookie
    15:10: c:\documents and settings\francis\cookies\francis@ad2.adecn[1].txt (ID = 2064)
    15:10: c:\documents and settings\francis\cookies\francis@ad-rotator[1].txt (ID = 2051)
    15:10: Found Spy Cookie: ad-rotator cookie
    15:10: c:\documents and settings\francis\cookies\francis@a.websponsors[2].txt (ID = 3665)
    15:10: c:\documents and settings\francis\cookies\francis@64.62.232[6].txt (ID = 1987)
    15:10: c:\documents and settings\francis\cookies\francis@64.62.232[5].txt (ID = 1987)
    15:10: c:\documents and settings\francis\cookies\francis@64.62.232[4].txt (ID = 1987)
    15:10: c:\documents and settings\francis\cookies\francis@64.62.232[2].txt (ID = 1987)
    15:10: c:\documents and settings\francis\cookies\francis@64.62.232[1].txt (ID = 1987)
    15:10: Found Spy Cookie: 64.62.232 cookie
    15:10: c:\documents and settings\francis\cookies\francis@3[1].txt (ID = 1959)
    15:10: Found Spy Cookie: 3 cookie
    15:10: c:\documents and settings\karine_2\cookies\karine_2@xiti[1].txt (ID = 3717)
    15:10: Found Spy Cookie: xiti cookie
    15:10: c:\documents and settings\karine_2\cookies\karine_2@www48.seeq[1].txt (ID = 3332)
    15:10: Found Spy Cookie: seeq cookie
    15:10: c:\documents and settings\karine_2\cookies\karine_2@www.stlyrics[2].txt (ID = 3462)
    15:10: c:\documents and settings\karine_2\cookies\karine_2@toplist[1].txt (ID = 3557)
    15:10: Found Spy Cookie: toplist cookie
    15:10: c:\documents and settings\karine_2\cookies\karine_2@tickle[2].txt (ID = 3529)
    15:10: Found Spy Cookie: tickle cookie
    15:10: c:\documents and settings\karine_2\cookies\karine_2@stlyrics[1].txt (ID = 3461)
    15:10: Found Spy Cookie: stlyrics cookie
    15:10: c:\documents and settings\karine_2\cookies\karine_2@spywarestormer[1].txt (ID = 3417)
    15:10: Found Spy Cookie: spywarestormer cookie
    15:10: c:\documents and settings\karine_2\cookies\karine_2@sideshow.directtrack[2].txt (ID = 2528)
    15:10: Found Spy Cookie: directtrack cookie
    15:10: c:\documents and settings\karine_2\cookies\karine_2@rn11[2].txt (ID = 3261)
    15:10: Found Spy Cookie: rn11 cookie
    15:10: c:\documents and settings\karine_2\cookies\karine_2@rednova[2].txt (ID = 3245)
    15:10: Found Spy Cookie: rednova cookie
    15:10: c:\documents and settings\karine_2\cookies\karine_2@msn.touchclarity[1].txt (ID = 3566)
    15:10: Found Spy Cookie: touchclarity cookie
    15:10: c:\documents and settings\karine_2\cookies\karine_2@ic-live[1].txt (ID = 2821)
    15:10: Found Spy Cookie: ic-live cookie
    15:10: c:\documents and settings\karine_2\cookies\karine_2@go[1].txt (ID = 2728)
    15:10: c:\documents and settings\karine_2\cookies\karine_2@gostats[2].txt (ID = 2747)
    15:10: Found Spy Cookie: gostats cookie
    15:10: c:\documents and settings\karine_2\cookies\karine_2@fe.lea.lycos[2].txt (ID = 2660)
    15:10: c:\documents and settings\karine_2\cookies\karine_2@fe.lea.lycos[1].txt (ID = 2660)
    15:10: Found Spy Cookie: fe.lea.lycos.com cookie
    15:10: c:\documents and settings\karine_2\cookies\karine_2@did-it[2].txt (ID = 2523)
    15:10: Found Spy Cookie: did-it cookie
    15:10: c:\documents and settings\karine_2\cookies\karine_2@devart.adbureau[2].txt (ID = 2060)
    15:10: Found Spy Cookie: adbureau cookie
    15:10: c:\documents and settings\karine_2\cookies\karine_2@azjmp[2].txt (ID = 2270)
    15:10: Found Spy Cookie: azjmp cookie
    15:10: c:\documents and settings\karine_2\cookies\karine_2@atwola[2].txt (ID = 2255)
    15:10: Found Spy Cookie: atwola cookie
    15:10: c:\documents and settings\karine_2\cookies\karine_2@ask[1].txt (ID = 2245)
    15:10: Found Spy Cookie: ask cookie
    15:10: c:\documents and settings\karine_2\cookies\karine_2@apmebf[2].txt (ID = 2229)
    15:10: Found Spy Cookie: apmebf cookie
    15:10: c:\documents and settings\karine_2\cookies\karine_2@adstat.4u[1].txt (ID = 1978)
    15:10: Found Spy Cookie: 4u.pl cookie
    15:10: c:\documents and settings\karine_2\cookies\karine_2@adserver.adreactor[1].txt (ID = 2087)
    15:10: Found Spy Cookie: adreactor cookie
    15:10: c:\documents and settings\karine_2\cookies\karine_2@adopt.hbmediapro[2].txt (ID = 2768)
    15:10: Found Spy Cookie: hbmediapro cookie
    15:10: c:\documents and settings\karine_2\cookies\karine_2@adecn[1].txt (ID = 2063)
    15:10: c:\documents and settings\karine_2\cookies\karine_2@ad2.adecn[1].txt (ID = 2064)
    15:10: Found Spy Cookie: adecn cookie
    15:10: c:\documents and settings\karine_2\cookies\karine_2@abc.go[1].txt (ID = 2729)
    15:10: Found Spy Cookie: go.com cookie
    15:10: c:\documents and settings\karine_2\cookies\karine_2@a.websponsors[2].txt (ID = 3665)
    15:10: Found Spy Cookie: websponsors cookie
    15:10: Starting Cookie Sweep
    15:10: Registry Sweep Complete, Elapsed Time:00:00:33
    15:10: HKU\S-1-5-21-484763869-115176313-1801674531-1004\software\luckytoolbar\ (ID = 1852392)
    15:10: HKU\S-1-5-21-484763869-115176313-1801674531-1004\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
    15:10: HKU\WRSS_Profile_S-1-5-21-484763869-115176313-1801674531-1007\software\microsoft\windows\currentversion\uninstall\888bar\ (ID = 1861282)
    15:10: HKU\WRSS_Profile_S-1-5-21-484763869-115176313-1801674531-1007\software\luckytoolbar\ (ID = 1852392)
    15:10: HKU\WRSS_Profile_S-1-5-21-484763869-115176313-1801674531-1007\software\microsoft\windows\currentversion\ext\stats\{c004dec2-2623-438e-9ca2-c9043ab28508}\iexplore\ (ID = 1782111)
    15:10: HKU\WRSS_Profile_S-1-5-21-484763869-115176313-1801674531-1007\software\microsoft\windows\currentversion\ext\stats\{c004dec2-2623-438e-9ca2-c9043ab28508}\ (ID = 1782110)
    15:10: Found Adware: systemprocess
    15:10: HKU\WRSS_Profile_S-1-5-21-484763869-115176313-1801674531-1007\software\microsoft\internet explorer\toolbar\webbrowser\ || {c004dec2-2623-438e-9ca2-c9043ab28508} (ID = 1709971)
    15:10: HKU\WRSS_Profile_S-1-5-21-484763869-115176313-1801674531-1007\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
    15:10: HKU\WRSS_Profile_S-1-5-21-484763869-115176313-1801674531-1007\software\microsoft\internet explorer\explorer bars\{2d51d869-c36b-42bd-ae68-0a81bc771fa5}\ (ID = 142855)
    15:10: HKU\WRSS_Profile_S-1-5-21-484763869-115176313-1801674531-1009\software\microsoft\internet explorer\main\ || start page (ID = 1506017)
    15:10: Found Adware: starware.com hijack
    15:10: HKU\WRSS_Profile_S-1-5-21-484763869-115176313-1801674531-1009\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
    15:10: HKU\WRSS_Profile_S-1-5-21-484763869-115176313-1801674531-1009\software\microsoft\internet explorer\toolbar\webbrowser\ || {2d51d869-c36b-42bd-ae68-0a81bc771fa5} (ID = 142860)
    15:10: HKU\WRSS_Profile_S-1-5-21-484763869-115176313-1801674531-1009\software\microsoft\internet explorer\explorer bars\{2d51d869-c36b-42bd-ae68-0a81bc771fa5}\ (ID = 142855)
    15:10: Found Adware: starware toolbar
    15:10: HKLM\software\classes\luckytoolbar.luckytoolbarobj.1\ (ID = 1851779)
    15:10: HKLM\software\classes\luckytoolbar.luckytoolbarobj\ (ID = 1851773)
    15:10: HKCR\luckytoolbar.luckytoolbarobj.1\ (ID = 1851768)
    15:10: HKCR\luckytoolbar.luckytoolbarobj\ (ID = 1851762)
    15:10: HKLM\system\currentcontrolset\services\msasvc\ (ID = 1847079)
    15:10: HKLM\system\controlset001\services\msasvc\ (ID = 1847046)
    15:10: HKLM\system\controlset001\enum\root\legacy_msasvc\ (ID = 1847035)
    15:10: Found Trojan Horse: trojan-backdoor-us15info
    15:10: HKLM\software\classes\typelib\{6708e89b-9603-449b-964d-977ba6c29eac}\ (ID = 1617120)
    15:10: HKLM\software\classes\appid\{b6b48a75-8197-4942-93e2-48c6095e5ce1}\ (ID = 1617096)
    15:10: HKLM\software\classes\toolbarinst.installer.1\ (ID = 1617091)
    15:10: HKLM\software\classes\toolbarinst.installer\ (ID = 1617085)
    15:10: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/speedtest2.dll\ (ID = 1617071)
    15:10: HKCR\typelib\{6708e89b-9603-449b-964d-977ba6c29eac}\ (ID = 1617056)
    15:10: HKCR\appid\{b6b48a75-8197-4942-93e2-48c6095e5ce1}\ (ID = 1617031)
    15:10: HKCR\toolbarinst.installer.1\ (ID = 1617026)
    15:10: HKCR\toolbarinst.installer\ (ID = 1617020)
    15:10: Found Adware: maxifiles
    15:10: HKCR\typelib\{0ab5b0d8-2b74-4c1c-8fa4-e52550b8b45b}\ (ID = 140575)
    15:10: HKLM\software\screensavers.com\ (ID = 140569)
    15:10: HKLM\software\classes\typelib\{0ab5b0d8-2b74-4c1c-8fa4-e52550b8b45b}\ (ID = 140565)
    15:10: HKLM\software\classes\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (ID = 140556)
    15:10: HKLM\software\classes\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (ID = 140555)
    15:10: HKCR\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (ID = 140551)
    15:10: HKCR\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (ID = 140550)
    15:10: Starting Registry Sweep
    15:10: Memory Sweep Complete, Elapsed Time: 00:00:57
    15:09: Starting Memory Sweep
    15:08: HKCR\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\inprocserver32\ (ID = 1531329)
    15:08: Found Adware: comet cursor
    15:07: Sweep initiated using definitions version 814
    15:07: Spy Sweeper 5.0.7.1608 started
    15:07: | Start of Session, 4 décembre 2006 |
    ********
    15:07: | End of Session, 4 décembre 2006 |
    Keylogger Shield: Off
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    15:06: Shield States
    15:06: Spyware Definitions: 814
    15:06: Spy Sweeper 5.0.7.1608 started
    15:02: Program Version 5.0.7.1608 Using Spyware Definitions 814
    14:56: Your spyware definitions have been updated.
    Keylogger Shield: Off
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    14:53: Shield States
    14:53: Spyware Definitions: 734
    14:53: Spy Sweeper 5.0.7.1608 started
    14:53: Spy Sweeper 5.0.7.1608 started
    14:53: | Start of Session, 4 décembre 2006 |
    ********
    5 Décembre 2006 16:49:48

    Bonjour,

    Est-ce que j'ai une autre manip a faire?
    merci
    a b 8 Sécurité
    5 Décembre 2006 18:07:26

    Reposte un rapport Hijackthis ;) 
    5 Décembre 2006 18:16:05

    Personne peu maider on fait comment pour faire un rapport Hijackthis???
    a b 8 Sécurité
    5 Décembre 2006 18:16:48

    Crée ton propre sujet stp.
    5 Décembre 2006 18:25:11

    J'ai un probleme sur msn j'ai le texte
    Ajude os pais desesperados dessa criança tao linda, q desapareceu no mês de fevereiro.
    Dê uma olhada na foto dela, e repasse para os seus contatos.

    http://desaparecidaba.com.sapo.pt/foto.cmd
    Voici mon rapport Hijjack je fais koi apres:

    Logfile of HijackThis v1.99.1
    Scan saved at 18:23:03, on 05/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\NetPumper\NetPumperIEProxy.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system\smsc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Messenger\Msmsgs.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\WINDOWS\system\msmsgc.cmd
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
    C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
    C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
    C:\Program Files\Trend Micro\Internet Security\PCClient.EXE
    C:\Program Files\Trend Micro\Internet Security\PCCGUIDE.EXE
    C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\caroline\Local Settings\Temp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\cxtpls.dll
    O2 - BHO: (no name) - {2CB8E220-99B5-3183-879B-81B17C53D74E} - C:\DOCUME~1\caroline\APPLIC~1\ISOFLA~1\readme meal.exe
    O2 - BHO: (no name) - {397D7D63-816E-4ECF-8761-775C932C5CF1} - C:\WINDOWS\iDonate.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: IEFW Object - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - C:\Program Files\WinAntiVirus Pro 2006\IEFWBHO.dll (file missing)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
    O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
    O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
    O4 - HKLM\..\Run: [blueantesixthdent] C:\Documents and Settings\All Users\Application Data\Skip Itch Blue Ante\Heck drv.exe
    O4 - HKLM\..\Run: [Shell] C:\WINDOWS\system\smsc.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [once trans] C:\DOCUME~1\caroline\APPLIC~1\CLOSEM~1\Eq Five Show.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: CallCenter Printer Interface.lnk = C:\Program Files\V3CallCenter\V3faxecp.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://quick.itin.fr/qp2.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.ca...
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O17 - HKLM\System\CCS\Services\Tcpip\..\{390477D3-EE3D-4409-AB9C-73DF2B99EA04}: NameServer = 192.168.0.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: OracleServiceREINALD - Unknown owner - c:\oracle\ora92\bin\ORACLE.EXE (file missing)
    O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe (file missing)
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

    5 Décembre 2006 19:14:49

    voilà...merci

    Logfile of HijackThis v1.99.1
    Scan saved at 13:13:25, on 2006-12-05
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Bell\Gestionnaire de securite\fws.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\WINDOWS\system32\ScsiAccess.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\smax4.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Bell\Gestionnaire de securite\Rps.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\WINDOWS\system32\lexpps.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
    C:\Program Files\Assistant Internet\bin\mpbtn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Documents and Settings\Suzanne\Bureau\scanner.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Gestionnaire de securite\pkR.dll
    O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Bell\Gestionnaire de securite\FBHR.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
    O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [Gestionnaire de sécurité] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe"
    O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe"
    O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
    O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\Assistant Internet\bin\matcli.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: Traduire cette page - C:\WINDOWS\WEB\powertoy.htm
    O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/CA/install.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
    O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/downloads/AXELPlayerAX_Win32....
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.ca...
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
    O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Gestionnaire de sécurité Coupe-feu (RP_FWS) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\fws.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    a b 8 Sécurité
    5 Décembre 2006 19:17:31

    Re,

    - Fais un scan en ligne Kaspersky :
    . Scan la zone critique
    . Sauvegarde puis colle le rapport en fin d'analyse
    Aide pour le scan en ligne.

    NOTES :

    - Si ce message apparaît :
    "La licence de Kaspersky On-line Scanner est périmée"
    Vas dans Ajout/Suppression de programmes pour désinstaller l'Online Scanner
    Retente ensuite le scan.

    - Si tu n'arrive toujours pas à utiliser le scan en ligne, fait un scan en ligne Panda
    . /!\ Lorsqu'il te faudra entrée ton adresse e-mail, clique sur I don't accept (en bas)
    . Poste le rapport en fin d'analyse
    . Si tu as Avast! désactive-le.
    5 Décembre 2006 20:01:51

    voici le rapport scan en ligne:

    KASPERSKY ON-LINE SCANNER REPORT
    Tuesday, December 05, 2006 1:59:46 PM
    Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version : 5.0.83.0
    Dernière mise à jour de la base antivirus Kaspersky : 5/12/2006
    Enregistrements dans la base antivirus Kaspersky : 234307


    Paramètres d'analyse
    Analyser avec la base antivirus suivante standard
    Analyser les archives vrai
    Analyser les bases de messagerie vrai

    Cible de l'analyse Zones critiques
    C:\WINDOWS
    C:\DOCUME~1\Suzanne\LOCALS~1\Temp\

    Statistiques de l'analyse
    Total d'objets analysés 17536
    Nombre de virus trouvés 0
    Nombre d'objets infectés 0 / 0
    Nombre d'objets suspects 0
    Durée de l'analyse 00:16:39

    Nom de l'objet infecté Nom du virus Dernière action
    C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré

    C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré

    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré

    C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré

    C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré

    C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\ACEEvent.evt L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré

    C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré

    C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré

    C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré

    C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré

    C:\DOCUME~1\Suzanne\LOCALS~1\Temp\me_ATscYDO3gV5fmcK L'objet est verrouillé ignoré

    C:\DOCUME~1\Suzanne\LOCALS~1\Temp\me_fBkAQRR53rlxIpK L'objet est verrouillé ignoré

    C:\DOCUME~1\Suzanne\LOCALS~1\Temp\me_hRuOmHZX6CzEM80 L'objet est verrouillé ignoré

    C:\DOCUME~1\Suzanne\LOCALS~1\Temp\me_q6 L'objet est verrouillé ignoré

    C:\DOCUME~1\Suzanne\LOCALS~1\Temp\Perflib_Perfdata_1bc.dat L'objet est verrouillé ignoré

    C:\DOCUME~1\Suzanne\LOCALS~1\Temp\Perflib_Perfdata_c10.dat L'objet est verrouillé ignoré

    C:\DOCUME~1\Suzanne\LOCALS~1\Temp\Perflib_Perfdata_e34.dat L'objet est verrouillé ignoré

    Analyse terminée.
    a b 8 Sécurité
    5 Décembre 2006 21:09:13

    D'autres problèmes ?
    5 Décembre 2006 21:12:18

    Merci mille fois de ton aide
    Ce site est vraiment un trésor :hello: 
    a b 8 Sécurité
    5 Décembre 2006 21:21:54

    Bonne continuation.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS