Fenetre qui s ouvre seule et se referme dess

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Mobile AMD Sempron(tm) Processor 2800+ )
BIOS : BIOS Date: 12/14/04 19:54:36 Ver: 08.00.11
USER : rara ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:74 Go (Free:47 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB) - FAT32 - Total:7632 Mo (Free:0 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 27/12/2008|12:19 )

--------------------\\ Listing des dossiers dans APPLIC~1

[24/02/2008|19:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[14/03/2005|18:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[05/11/2007|17:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[15/10/2007|20:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
[02/12/2006|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
[05/11/2007|17:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure
[12/07/2007|21:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\fssg
[05/11/2007|17:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[30/11/2006|21:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[24/12/2008|16:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[13/02/2006|18:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[28/05/2007|20:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[05/11/2007|18:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[18/07/2007|10:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\play site stop chic
[15/12/2005|18:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[09/10/2004|06:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[21/11/2008|19:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sofrel
[22/10/2008|11:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[19/10/2008|20:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[10/03/2005|19:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[03/01/2007|18:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[09/09/2008|18:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[09/10/2004|06:15] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[30/11/2004|21:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[30/11/2004|21:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun

[03/01/2007|18:34] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[22/12/2008|02:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\Adobe
[16/01/2008|23:18] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[16/01/2008|22:40] C:\DOCUME~1\rara\APPLIC~1\Adobe
[24/02/2008|19:28] C:\DOCUME~1\rara\APPLIC~1\AdobeUM
[14/03/2005|18:41] C:\DOCUME~1\rara\APPLIC~1\Ahead
[05/11/2007|17:27] C:\DOCUME~1\rara\APPLIC~1\AOL
[30/11/2006|21:45] C:\DOCUME~1\rara\APPLIC~1\Autodesk
[27/12/2008|12:13] C:\DOCUME~1\rara\APPLIC~1\BitTorrent
[17/10/2008|08:58] C:\DOCUME~1\rara\APPLIC~1\CamfrogWEB
[27/12/2008|12:11] C:\DOCUME~1\rara\APPLIC~1\DNA
[12/07/2007|22:03] C:\DOCUME~1\rara\APPLIC~1\F-Secure
[18/03/2008|16:21] C:\DOCUME~1\rara\APPLIC~1\Google
[11/10/2005|17:10] C:\DOCUME~1\rara\APPLIC~1\Help
[09/10/2004|06:15] C:\DOCUME~1\rara\APPLIC~1\Identities
[11/01/2007|17:32] C:\DOCUME~1\rara\APPLIC~1\Macromedia
[01/08/2007|21:06] C:\DOCUME~1\rara\APPLIC~1\magsbindmulti
[24/12/2008|16:24] C:\DOCUME~1\rara\APPLIC~1\Malwarebytes
[23/09/2008|21:31] C:\DOCUME~1\rara\APPLIC~1\Media Player Classic
[05/06/2008|13:02] C:\DOCUME~1\rara\APPLIC~1\Microsoft
[15/03/2005|19:25] C:\DOCUME~1\rara\APPLIC~1\MSNInstaller
[26/01/2008|16:51] C:\DOCUME~1\rara\APPLIC~1\Samsung
[30/11/2004|21:56] C:\DOCUME~1\rara\APPLIC~1\Sun
[10/03/2005|17:38] C:\DOCUME~1\rara\APPLIC~1\Template
[26/12/2008|17:33] C:\DOCUME~1\rara\APPLIC~1\U3
[14/05/2008|13:28] C:\DOCUME~1\rara\APPLIC~1\vlc
[19/10/2008|20:20] C:\DOCUME~1\rara\APPLIC~1\WinRAR
[10/03/2005|19:50] C:\DOCUME~1\rara\APPLIC~1\You've Got Pictures Screensaver

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[27/12/2008 12:00][--ah-----] C:\WINDOWS\tasks\A0C44C16918BC9AA.job
[05/08/2004 13:00][-rah-----] C:\WINDOWS\tasks\desktop.ini
[26/12/2008 23:09][--ah-----] C:\WINDOWS\tasks\SA.DAT

( A0C44C16918BC9AA.job )=( c:\docume~1\rara\applic~1\magsbi~1\Bonebrowselocks.exe )

--------------------\\ MsgPlus SPONSOR INSTALLED !

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin]
"DisplayName"="Messenger Plus! 3 & Sponsor"
"SponsorInstalled"=dword:00000001


--------------------\\ Listing des dossiers dans C:\Program Files

[24/02/2008|19:26] C:\Program Files\Adobe
[28/04/2007|12:31] C:\Program Files\Adverts
[14/03/2005|18:39] C:\Program Files\Ahead
[28/04/2007|12:13] C:\Program Files\Alwil Software
[30/11/2004|21:57] C:\Program Files\AMD
[15/03/2005|18:47] C:\Program Files\Aubade
[02/12/2006|12:13] C:\Program Files\AutoCAD 2004
[13/07/2006|16:23] C:\Program Files\AvantGo Connect
[19/10/2008|20:10] C:\Program Files\BFG
[23/09/2008|17:51] C:\Program Files\BitTorrent
[17/01/2008|23:09] C:\Program Files\CCleaner
[17/10/2008|08:58] C:\Program Files\CFWebAdvancedU
[13/07/2006|16:23] C:\Program Files\Common Files
[17/11/2006|15:17] C:\Program Files\DesignSoft
[02/11/2008|10:15] C:\Program Files\directx
[26/12/2008|23:09] C:\Program Files\DNA
[21/08/2008|13:32] C:\Program Files\eMule
[21/11/2008|19:12] C:\Program Files\Fichiers communs
[19/10/2008|21:12] C:\Program Files\Flash Player Win v7.0.19
[18/03/2008|16:19] C:\Program Files\Google
[12/07/2007|16:29] C:\Program Files\IKEA HomePlanner
[24/12/2005|17:17] C:\Program Files\IncrediMail
[18/11/2008|17:37] C:\Program Files\Infogrames
[21/11/2008|19:09] C:\Program Files\InstallShield Installation Information
[13/12/2008|12:33] C:\Program Files\Internet Explorer
[05/11/2007|18:57] C:\Program Files\Inventel
[05/11/2007|17:19] C:\Program Files\IrfanView
[30/11/2004|21:56] C:\Program Files\Java
[12/07/2007|16:28] C:\Program Files\JeCreeMaCuisineAvecLeroyMerlin
[21/03/2007|20:54] C:\Program Files\Macrogaming
[28/02/2007|15:39] C:\Program Files\magsbindmulti
[24/12/2008|16:24] C:\Program Files\Malwarebytes' Anti-Malware
[03/12/2005|18:09] C:\Program Files\Massilia120
[23/09/2008|18:52] C:\Program Files\MediaInfo
[16/08/2008|11:52] C:\Program Files\Messenger
[02/05/2006|19:17] C:\Program Files\MessengerPlus! 3
[02/11/2008|22:17] C:\Program Files\Micro Application
[08/04/2007|16:07] C:\Program Files\Microsoft ActiveSync
[09/10/2004|06:15] C:\Program Files\microsoft frontpage
[05/11/2007|18:37] C:\Program Files\Microsoft Office
[05/11/2007|18:37] C:\Program Files\Microsoft Visual Studio
[05/11/2007|18:37] C:\Program Files\Microsoft Works
[05/11/2007|18:35] C:\Program Files\Microsoft.NET
[09/10/2004|06:16] C:\Program Files\Movie Maker
[05/11/2007|18:37] C:\Program Files\MSBuild
[10/03/2008|10:14] C:\Program Files\MSN
[11/03/2005|20:12] C:\Program Files\MSN Apps
[09/10/2004|06:16] C:\Program Files\MSN Gaming Zone
[10/03/2008|13:37] C:\Program Files\MSN Messenger
[16/11/2006|22:28] C:\Program Files\MSXML 4.0
[26/05/2008|21:13] C:\Program Files\Multi_Media_France
[26/12/2008|10:10] C:\Program Files\Navilog1
[09/10/2004|06:16] C:\Program Files\NetMeeting
[09/10/2004|06:16] C:\Program Files\Online Services
[17/06/2007|20:27] C:\Program Files\Outlook Express
[19/10/2008|20:07] C:\Program Files\Ozzy Bubbles
[05/11/2007|17:33] C:\Program Files\Pack Securite
[28/02/2008|22:59] C:\Program Files\PhotoFiltre
[16/08/2008|10:00] C:\Program Files\Piratrax
[18/11/2008|17:43] C:\Program Files\PowerISO
[10/03/2005|19:50] C:\Program Files\QuickTime
[10/03/2005|19:50] C:\Program Files\Real
[16/06/2007|22:02] C:\Program Files\Saloon Poker
[26/01/2008|16:26] C:\Program Files\Samsung
[15/01/2008|13:21] C:\Program Files\Securitoo
[09/10/2004|06:16] C:\Program Files\Services en ligne
[30/11/2004|22:06] C:\Program Files\SiS VGA Utilities V3.62
[30/11/2004|22:04] C:\Program Files\SiSLan
[23/09/2008|21:44] C:\Program Files\SLD Codec Pack
[21/11/2008|19:10] C:\Program Files\Sofrel
[27/11/2008|20:00] C:\Program Files\SOFTOOLS
[30/11/2004|21:58] C:\Program Files\Synaptics
[19/11/2006|15:05] C:\Program Files\Tetris
[24/12/2008|18:17] C:\Program Files\Trend Micro
[15/01/2008|16:25] C:\Program Files\TRENDnet
[27/09/2008|08:38] C:\Program Files\Uninstall Information
[17/03/2005|18:09] C:\Program Files\vanBasco's Karaoke Player
[30/11/2004|21:58] C:\Program Files\VIAudioi
[14/05/2008|13:24] C:\Program Files\VideoLAN
[10/03/2005|19:50] C:\Program Files\Viewpoint
[27/12/2008|12:14] C:\Program Files\Wanadoo
[02/01/2007|19:51] C:\Program Files\Windows Media Connect 2
[02/01/2007|19:52] C:\Program Files\Windows Media Player
[19/11/2006|14:50] C:\Program Files\Windows NT
[19/10/2008|20:20] C:\Program Files\WinRAR
[09/10/2004|06:16] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[21/11/2008|19:12] C:\Program Files\Fichiers communs\Adobe
[14/03/2005|18:38] C:\Program Files\Fichiers communs\Ahead
[05/11/2007|18:23] C:\Program Files\Fichiers communs\AOL
[21/11/2008|19:12] C:\Program Files\Fichiers communs\Business Objects
[05/11/2007|18:37] C:\Program Files\Fichiers communs\DESIGNER
[15/11/2006|21:08] C:\Program Files\Fichiers communs\EPSON
[30/11/2004|21:58] C:\Program Files\Fichiers communs\InstallShield
[30/11/2004|21:56] C:\Program Files\Fichiers communs\Java
[16/03/2005|11:33] C:\Program Files\Fichiers communs\Logitech
[28/09/2006|20:54] C:\Program Files\Fichiers communs\Micro Application Shared
[10/03/2008|10:15] C:\Program Files\Fichiers communs\Microsoft Shared
[09/10/2004|06:15] C:\Program Files\Fichiers communs\MSSoap
[10/03/2005|19:50] C:\Program Files\Fichiers communs\Nullsoft
[05/11/2007|18:35] C:\Program Files\Fichiers communs\ODBC
[10/03/2005|19:50] C:\Program Files\Fichiers communs\Real
[19/11/2006|14:43] C:\Program Files\Fichiers communs\Scanner
[09/10/2004|06:15] C:\Program Files\Fichiers communs\Services
[20/08/2005|16:14] C:\Program Files\Fichiers communs\SOFREL
[09/10/2004|06:15] C:\Program Files\Fichiers communs\SpeechEngines
[21/11/2008|19:14] C:\Program Files\Fichiers communs\System

--------------------\\ Process

( 54 Processes )

IEXPLORE.EXE ~ [PID:160]
MsgPlus.exe ~ [PID:424]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\rara\APPLIC~1\magsbi~1
C:\Program Files\magsbi~1
C:\Program Files\Adverts
C:\Program Files\Multi_Media_France
C:\Program Files\Multi_Media_France\INSTALL.LOG
C:\Program Files\Multi_Media_France
C:\Program Files\Multi_Media_France\INSTALL.LOG
C:\DOCUME~1\rara\Cookies\rara@advertising[1].txt
C:\WINDOWS\Tasks\A0C44C16918BC9AA.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"proxy lite"="C:\\DOCUME~1\\rara\\APPLIC~1\\MAGSBI~1\\surf play mfcd.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-27 12:20:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 4

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\rara\Application Data\BitTorrent\Dora - les Animaux de la jungle + Crack.torrent
C:\DOCUME~1\rara\Application Data\BitTorrent\pc games-SpongeBob SquarePants Bubble Rush! + Crack.torrent
C:\DOCUME~1\rara\Mes documents\Downloads\Dora - les Animaux de la jungle + Crack
C:\DOCUME~1\rara\Mes documents\Downloads\Dora - les Animaux de la jungle + Crack\DORA_JUNGLE.mdf
C:\DOCUME~1\rara\Mes documents\Downloads\Dora - les Animaux de la jungle + Crack\DORA_JUNGLE.mds
C:\DOCUME~1\rara\Mes documents\Downloads\Dora - les Animaux de la jungle + Crack\Patch Dora L'Exploratrice.txt


[F:8][D:6]-> C:\DOCUME~1\rara\LOCALS~1\Temp
[F:27][D:0]-> C:\DOCUME~1\rara\Cookies
[F:284][D:6]-> C:\DOCUME~1\rara\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 27/12/2008|12:22 - Option : [1]

--------------------\\ Fin du rapport a 12:22:57

excuse mais j ai pas tous compris je fait analyser quoi et le lien ne fonctionne pas

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\system32\ajazabav.tmp moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\rara\LOCALS~1\Temp\~DFD835.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 01122009_215730

Files moved on Reboot...
C:\DOCUME~1\rara\LOCALS~1\Temp\~DFD835.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

ou puis je telecharger ca stp desole je suis debute lol

Salut John , tu vas bien ?


Mais non , reste plus ont est de fou et plus ont riz !!! hihihihihi

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Mobile AMD Sempron(tm) Processor 2800+ )
BIOS : BIOS Date: 12/14/04 19:54:36 Ver: 08.00.11
USER : rara ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:74 Go (Free:47 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 27/12/2008|12:34 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\Program Files\Multi_Media_France\INSTALL.LOG
Supprime! - C:\DOCUME~1\rara\Cookies\rara@advertising[1].txt
Supprime! - C:\WINDOWS\Tasks\A0C44C16918BC9AA.job
Supprime! - C:\DOCUME~1\rara\APPLIC~1\magsbi~1
Supprime! - C:\Program Files\magsbi~1
Supprime! - C:\Program Files\Adverts
Supprime! - C:\Program Files\Multi_Media_France

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Supprime! - C:\Program Files\Viewpoint
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[24/02/2008|19:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[14/03/2005|18:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[05/11/2007|17:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[15/10/2007|20:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
[02/12/2006|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
[05/11/2007|17:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure
[12/07/2007|21:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\fssg
[05/11/2007|17:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[30/11/2006|21:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[24/12/2008|16:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[13/02/2006|18:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[28/05/2007|20:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[05/11/2007|18:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[18/07/2007|10:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\play site stop chic
[15/12/2005|18:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[09/10/2004|06:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[21/11/2008|19:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sofrel
[22/10/2008|11:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[19/10/2008|20:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[03/01/2007|18:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[09/09/2008|18:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[09/10/2004|06:15] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[30/11/2004|21:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[30/11/2004|21:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun

[03/01/2007|18:34] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[22/12/2008|02:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\Adobe
[16/01/2008|23:18] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[16/01/2008|22:40] C:\DOCUME~1\rara\APPLIC~1\Adobe
[24/02/2008|19:28] C:\DOCUME~1\rara\APPLIC~1\AdobeUM
[14/03/2005|18:41] C:\DOCUME~1\rara\APPLIC~1\Ahead
[05/11/2007|17:27] C:\DOCUME~1\rara\APPLIC~1\AOL
[30/11/2006|21:45] C:\DOCUME~1\rara\APPLIC~1\Autodesk
[27/12/2008|12:33] C:\DOCUME~1\rara\APPLIC~1\BitTorrent
[17/10/2008|08:58] C:\DOCUME~1\rara\APPLIC~1\CamfrogWEB
[27/12/2008|12:31] C:\DOCUME~1\rara\APPLIC~1\DNA
[12/07/2007|22:03] C:\DOCUME~1\rara\APPLIC~1\F-Secure
[18/03/2008|16:21] C:\DOCUME~1\rara\APPLIC~1\Google
[11/10/2005|17:10] C:\DOCUME~1\rara\APPLIC~1\Help
[09/10/2004|06:15] C:\DOCUME~1\rara\APPLIC~1\Identities
[11/01/2007|17:32] C:\DOCUME~1\rara\APPLIC~1\Macromedia
[24/12/2008|16:24] C:\DOCUME~1\rara\APPLIC~1\Malwarebytes
[23/09/2008|21:31] C:\DOCUME~1\rara\APPLIC~1\Media Player Classic
[05/06/2008|13:02] C:\DOCUME~1\rara\APPLIC~1\Microsoft
[15/03/2005|19:25] C:\DOCUME~1\rara\APPLIC~1\MSNInstaller
[26/01/2008|16:51] C:\DOCUME~1\rara\APPLIC~1\Samsung
[30/11/2004|21:56] C:\DOCUME~1\rara\APPLIC~1\Sun
[10/03/2005|17:38] C:\DOCUME~1\rara\APPLIC~1\Template
[26/12/2008|17:33] C:\DOCUME~1\rara\APPLIC~1\U3
[14/05/2008|13:28] C:\DOCUME~1\rara\APPLIC~1\vlc
[19/10/2008|20:20] C:\DOCUME~1\rara\APPLIC~1\WinRAR
[10/03/2005|19:50] C:\DOCUME~1\rara\APPLIC~1\You've Got Pictures Screensaver

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[05/08/2004 13:00][-rah-----] C:\WINDOWS\tasks\desktop.ini
[26/12/2008 23:09][--ah-----] C:\WINDOWS\tasks\SA.DAT

--------------------\\ Listing des dossiers dans C:\Program Files

[24/02/2008|19:26] C:\Program Files\Adobe
[14/03/2005|18:39] C:\Program Files\Ahead
[28/04/2007|12:13] C:\Program Files\Alwil Software
[30/11/2004|21:57] C:\Program Files\AMD
[15/03/2005|18:47] C:\Program Files\Aubade
[02/12/2006|12:13] C:\Program Files\AutoCAD 2004
[13/07/2006|16:23] C:\Program Files\AvantGo Connect
[19/10/2008|20:10] C:\Program Files\BFG
[23/09/2008|17:51] C:\Program Files\BitTorrent
[17/01/2008|23:09] C:\Program Files\CCleaner
[17/10/2008|08:58] C:\Program Files\CFWebAdvancedU
[13/07/2006|16:23] C:\Program Files\Common Files
[17/11/2006|15:17] C:\Program Files\DesignSoft
[02/11/2008|10:15] C:\Program Files\directx
[26/12/2008|23:09] C:\Program Files\DNA
[21/08/2008|13:32] C:\Program Files\eMule
[21/11/2008|19:12] C:\Program Files\Fichiers communs
[19/10/2008|21:12] C:\Program Files\Flash Player Win v7.0.19
[18/03/2008|16:19] C:\Program Files\Google
[12/07/2007|16:29] C:\Program Files\IKEA HomePlanner
[24/12/2005|17:17] C:\Program Files\IncrediMail
[18/11/2008|17:37] C:\Program Files\Infogrames
[21/11/2008|19:09] C:\Program Files\InstallShield Installation Information
[13/12/2008|12:33] C:\Program Files\Internet Explorer
[05/11/2007|18:57] C:\Program Files\Inventel
[05/11/2007|17:19] C:\Program Files\IrfanView
[30/11/2004|21:56] C:\Program Files\Java
[12/07/2007|16:28] C:\Program Files\JeCreeMaCuisineAvecLeroyMerlin
[21/03/2007|20:54] C:\Program Files\Macrogaming
[24/12/2008|16:24] C:\Program Files\Malwarebytes' Anti-Malware
[03/12/2005|18:09] C:\Program Files\Massilia120
[23/09/2008|18:52] C:\Program Files\MediaInfo
[16/08/2008|11:52] C:\Program Files\Messenger
[02/05/2006|19:17] C:\Program Files\MessengerPlus! 3
[02/11/2008|22:17] C:\Program Files\Micro Application
[08/04/2007|16:07] C:\Program Files\Microsoft ActiveSync
[09/10/2004|06:15] C:\Program Files\microsoft frontpage
[05/11/2007|18:37] C:\Program Files\Microsoft Office
[05/11/2007|18:37] C:\Program Files\Microsoft Visual Studio
[05/11/2007|18:37] C:\Program Files\Microsoft Works
[05/11/2007|18:35] C:\Program Files\Microsoft.NET
[09/10/2004|06:16] C:\Program Files\Movie Maker
[05/11/2007|18:37] C:\Program Files\MSBuild
[10/03/2008|10:14] C:\Program Files\MSN
[11/03/2005|20:12] C:\Program Files\MSN Apps
[09/10/2004|06:16] C:\Program Files\MSN Gaming Zone
[10/03/2008|13:37] C:\Program Files\MSN Messenger
[16/11/2006|22:28] C:\Program Files\MSXML 4.0
[26/12/2008|10:10] C:\Program Files\Navilog1
[09/10/2004|06:16] C:\Program Files\NetMeeting
[09/10/2004|06:16] C:\Program Files\Online Services
[17/06/2007|20:27] C:\Program Files\Outlook Express
[19/10/2008|20:07] C:\Program Files\Ozzy Bubbles
[05/11/2007|17:33] C:\Program Files\Pack Securite
[28/02/2008|22:59] C:\Program Files\PhotoFiltre
[16/08/2008|10:00] C:\Program Files\Piratrax
[18/11/2008|17:43] C:\Program Files\PowerISO
[10/03/2005|19:50] C:\Program Files\QuickTime
[10/03/2005|19:50] C:\Program Files\Real
[16/06/2007|22:02] C:\Program Files\Saloon Poker
[26/01/2008|16:26] C:\Program Files\Samsung
[15/01/2008|13:21] C:\Program Files\Securitoo
[09/10/2004|06:16] C:\Program Files\Services en ligne
[30/11/2004|22:06] C:\Program Files\SiS VGA Utilities V3.62
[30/11/2004|22:04] C:\Program Files\SiSLan
[23/09/2008|21:44] C:\Program Files\SLD Codec Pack
[21/11/2008|19:10] C:\Program Files\Sofrel
[27/11/2008|20:00] C:\Program Files\SOFTOOLS
[30/11/2004|21:58] C:\Program Files\Synaptics
[19/11/2006|15:05] C:\Program Files\Tetris
[24/12/2008|18:17] C:\Program Files\Trend Micro
[15/01/2008|16:25] C:\Program Files\TRENDnet
[27/09/2008|08:38] C:\Program Files\Uninstall Information
[17/03/2005|18:09] C:\Program Files\vanBasco's Karaoke Player
[30/11/2004|21:58] C:\Program Files\VIAudioi
[14/05/2008|13:24] C:\Program Files\VideoLAN
[27/12/2008|12:14] C:\Program Files\Wanadoo
[02/01/2007|19:51] C:\Program Files\Windows Media Connect 2
[02/01/2007|19:52] C:\Program Files\Windows Media Player
[19/11/2006|14:50] C:\Program Files\Windows NT
[19/10/2008|20:20] C:\Program Files\WinRAR
[09/10/2004|06:16] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[21/11/2008|19:12] C:\Program Files\Fichiers communs\Adobe
[14/03/2005|18:38] C:\Program Files\Fichiers communs\Ahead
[05/11/2007|18:23] C:\Program Files\Fichiers communs\AOL
[21/11/2008|19:12] C:\Program Files\Fichiers communs\Business Objects
[05/11/2007|18:37] C:\Program Files\Fichiers communs\DESIGNER
[15/11/2006|21:08] C:\Program Files\Fichiers communs\EPSON
[30/11/2004|21:58] C:\Program Files\Fichiers communs\InstallShield
[30/11/2004|21:56] C:\Program Files\Fichiers communs\Java
[16/03/2005|11:33] C:\Program Files\Fichiers communs\Logitech
[28/09/2006|20:54] C:\Program Files\Fichiers communs\Micro Application Shared
[10/03/2008|10:15] C:\Program Files\Fichiers communs\Microsoft Shared
[09/10/2004|06:15] C:\Program Files\Fichiers communs\MSSoap
[10/03/2005|19:50] C:\Program Files\Fichiers communs\Nullsoft
[05/11/2007|18:35] C:\Program Files\Fichiers communs\ODBC
[10/03/2005|19:50] C:\Program Files\Fichiers communs\Real
[19/11/2006|14:43] C:\Program Files\Fichiers communs\Scanner
[09/10/2004|06:15] C:\Program Files\Fichiers communs\Services
[20/08/2005|16:14] C:\Program Files\Fichiers communs\SOFREL
[09/10/2004|06:15] C:\Program Files\Fichiers communs\SpeechEngines
[21/11/2008|19:14] C:\Program Files\Fichiers communs\System

--------------------\\ Process

( 55 Processes )

MsgPlus.exe ~ [PID:424]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-27 12:36:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 4

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\rara\Application Data\BitTorrent\Dora - les Animaux de la jungle + Crack.torrent
C:\DOCUME~1\rara\Application Data\BitTorrent\pc games-SpongeBob SquarePants Bubble Rush! + Crack.torrent
C:\DOCUME~1\rara\Mes documents\Downloads\Dora - les Animaux de la jungle + Crack
C:\DOCUME~1\rara\Mes documents\Downloads\Dora - les Animaux de la jungle + Crack\DORA_JUNGLE.mdf
C:\DOCUME~1\rara\Mes documents\Downloads\Dora - les Animaux de la jungle + Crack\DORA_JUNGLE.mds
C:\DOCUME~1\rara\Mes documents\Downloads\Dora - les Animaux de la jungle + Crack\Patch Dora L'Exploratrice.txt


[F:8][D:6]-> C:\DOCUME~1\rara\LOCALS~1\Temp
[F:26][D:0]-> C:\DOCUME~1\rara\Cookies
[F:311][D:6]-> C:\DOCUME~1\rara\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 27/12/2008|12:22 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 27/12/2008|12:37 - Option : [2]

--------------------\\ Fin du rapport a 12:37:20

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:06:09, on 27/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\DNA\btdna.exe
C:\Program Files\msvc32.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {2e3fcb40-4619-407e-b984-afaef47100c3} - C:\WINDOWS\system32\turepare.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [AA_SecuUFD] c:\docume~1\rara\locals~1\temp\secuufd.exe sys_auto_run C:\DOCUME~1\rara\LOCALS~1\Temp\
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [STOP CHIC FLAW COMP] C:\Documents and Settings\All Users\Application Data\play site stop chic\face math.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [figigebobi] Rundll32.exe "C:\WINDOWS\system32\torayiya.dll",s
O4 - HKLM\..\Run: [CPM677d0ebb] Rundll32.exe "c:\windows\system32\lijuhidi.dll",a
O4 - HKLM\..\Run: [644e3d27] rundll32.exe "C:\WINDOWS\system32\yetogusu.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ServiceObject32] C:\Program Files\msvc32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [figigebobi] Rundll32.exe "C:\WINDOWS\system32\torayiya.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://89.87.92.142:8080/RtspVaPgDec.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://express.foto.com/ImageUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O20 - AppInit_DLLs: MsgPlusLoader.dll C:\WINDOWS\system32\busiwela.dll c:\windows\system32\lijuhidi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lijuhidi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lijuhidi.dll
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1539
Windows 5.1.2600 Service Pack 2

27/12/2008 13:57:23
mbam-log-2008-12-27 (13-57-23).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 118000
Temps écoulé: 47 minute(s), 37 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 5
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 9

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\busiwela.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yetogusu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\turepare.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\torayiya.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\lijuhidi.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e3fcb40-4619-407e-b984-afaef47100c3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2e3fcb40-4619-407e-b984-afaef47100c3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2e3fcb40-4619-407e-b984-afaef47100c3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\644e3d27 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\figigebobi (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm677d0ebb (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\busiwela.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\busiwela.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\busiwela.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\lijuhidi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\lijuhidi.dll -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\yetogusu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\usugotey.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\torayiya.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\lijuhidi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\turepare.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\busiwela.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP603\A0253968.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\telemize.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\XG1lYhPm.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:05:30, on 27/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\msvc32.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [AA_SecuUFD] c:\docume~1\rara\locals~1\temp\secuufd.exe sys_auto_run C:\DOCUME~1\rara\LOCALS~1\Temp\
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [STOP CHIC FLAW COMP] C:\Documents and Settings\All Users\Application Data\play site stop chic\face math.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ServiceObject32] C:\Program Files\msvc32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [figigebobi] Rundll32.exe "C:\WINDOWS\system32\torayiya.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://89.87.92.142:8080/RtspVaPgDec.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://express.foto.com/ImageUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

ComboFix 08-12-26.03 - rara 2008-12-27 14:28:41.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.479.194 [GMT 1:00]
Lancé depuis: c:\documents and settings\rara\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bold.log
c:\windows\system32\404Fix.exe
c:\windows\system32\disowowu.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\huverego.dll
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\riturifa.dll
c:\windows\system32\rosotuse.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\ulajatiz.ini
c:\windows\system32\umulifag.ini
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\system32\XG1lYhPm.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-27 au 2008-12-27 ))))))))))))))))))))))))))))))))))))
.

2008-12-27 12:58 . 2008-12-27 12:58 <REP> d-------- C:\_OTMoveIt
2008-12-27 12:18 . 2008-12-27 12:37 <REP> d-------- C:\Lop SD
2008-12-26 10:02 . 2008-12-26 10:10 <REP> d-------- c:\program files\Navilog1
2008-12-24 16:24 . 2008-12-24 16:24 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-24 16:24 . 2008-12-24 16:24 <REP> d-------- c:\documents and settings\rara\Application Data\Malwarebytes
2008-12-24 16:24 . 2008-12-24 16:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-24 16:24 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-24 16:24 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-24 15:59 . 2008-12-12 00:57 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe
2008-12-24 14:34 . 2008-12-24 14:34 1,609,728 --a------ c:\windows\system32\ajazabav.tmp
2008-12-22 02:10 . 2008-12-22 02:10 31,232 --a------ c:\windows\system32\AI7nBjRo.dl_
2008-12-22 02:00 . 2008-12-22 02:00 <REP> dr------- c:\documents and settings\NetworkService\Favoris
2008-12-21 17:56 . 2008-12-21 17:55 31,744 --a------ c:\windows\system32\Sc3cx5p1.exe
2008-12-06 17:55 . 2008-12-06 17:55 200 --a------ c:\windows\WHIST.JEU
2008-11-27 19:18 . 2004-08-05 13:00 25,088 --a------ c:\windows\system32\stu2.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-27 13:32 --------- d-----w c:\program files\Wanadoo
2008-12-27 13:31 --------- d-----w c:\program files\DNA
2008-12-27 13:31 --------- d-----w c:\documents and settings\rara\Application Data\DNA
2008-12-27 11:59 --------- d-----w c:\documents and settings\rara\Application Data\BitTorrent
2008-12-26 16:33 --------- d-----w c:\documents and settings\rara\Application Data\U3
2008-12-24 17:17 --------- d-----w c:\program files\Trend Micro
2008-11-27 19:00 --------- d-----w c:\program files\SOFTOOLS
2008-11-26 17:14 65,024 ----a-w c:\program files\msvc32.exe
2008-11-21 18:13 --------- d-----w c:\documents and settings\All Users\Application Data\Sofrel
2008-11-21 18:12 --------- d-----w c:\program files\Fichiers communs\Business Objects
2008-11-21 18:12 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-21 18:10 --------- d-----w c:\program files\Sofrel
2008-11-21 18:09 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-20 19:02 11,176 ----a-w c:\documents and settings\rara\Application Data\wklnhst.dat
2008-11-18 16:43 --------- d-----w c:\program files\PowerISO
2008-11-18 16:37 --------- d-----w c:\program files\Infogrames
2008-11-02 21:17 --------- d-----w c:\program files\Micro Application
2008-11-02 09:15 --------- d-----w c:\program files\directx
2008-10-19 19:06 17,408 ----a-w C:\psapi.dll
2007-11-07 15:04 278,528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-25 401491]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"SweetIM"="c:\program files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 103712]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-19 342848]
"ServiceObject32"="c:\program files\msvc32.exe" [2008-11-26 65024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-11-30 32881]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-07 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-07 536576]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2004-09-02 249856]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-03-10 98304]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 135214]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-05-02 190024]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-03-10 26112]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"SweetIM"="c:\program files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 103712]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2006-05-20 188416]
"SiSPower"="SiSPower.dll" [2004-09-02 c:\windows\system32\SiSPower.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.exe.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 110592]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2004-11-30 331776]
Wireless Configuration Utility HW.14.lnk - c:\program files\TRENDnet\TEW-424UB\WlanCU.exe [2006-12-22 598016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
"MSACM.CEGSM"= mobilev.acm
"msacm.l3acm"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]
"Debugger"=c:\windows\system32\klomp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WcesMgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\WINDOWS\\system32\\Keyhook.exe"=
"c:\\WINDOWS\\system32\\AlertModule\\AlertModule.exe"=
"c:\\Program Files\\Wanadoo\\TaskBarIcon.exe"=
"c:\\Program Files\\Wanadoo\\ComComp.exe"=

R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [2004-11-30 191092]
R3 RTL8187B;TRENDnet TEW-424UB Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2008-01-15 189312]
R3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys [2002-10-02 13532]
S2 TinaKey;TinaKey; []
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\DRIVERS\alcan5ln.sys [2005-03-10 36048]
S3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [2004-11-30 6100]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2005-03-16 152576]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38d18bf0-c982-11db-a778-0090d08d9e97}]
\Shell\AutoRun\command - F:\LaunchU3.exe
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-STOP CHIC FLAW COMP - c:\documents and settings\All Users\Application Data\play site stop chic\face math.exe


.
------- Examen supplémentaire -------
.
uStart Page = www.orange.fr
IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: { - c:\program files\Messenger\msmsgs.exe
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll

c:\windows\Downloaded Program Files\RtspVapgDecoder.dll - O16 -: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2}
hxxp://89.87.92.142:8080/RtspVaPgDec.cab

c:\program files\Samsung\Samsung PC Studio 3\UNICOWS.DLL - c:\windows\Downloaded Program Files\ImageUploader5.ocx
O16 -: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
hxxp://express.foto.com/ImageUploader5.cab
c:\windows\Downloaded Program Files\ImageUploader5.inf

O16 -: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - hxxp://bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-27 14:31:46
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\FTRTSVC.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Wanadoo\TaskBarIcon.exe
c:\progra~1\Wanadoo\Toaster.exe
c:\progra~1\Wanadoo\Inactivity.exe
c:\progra~1\Wanadoo\PollingModule.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-12-27 14:33:58 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-27 13:33:47

Avant-CF: 51 270 447 104 octets libres
Après-CF: 51,144,511,488 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

200 --- E O F --- 2008-12-17 22:07:40

j ei pas executer en tant qu administrateur

bjr voici le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:05:09, on 29/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\DNA\btdna.exe
C:\Program Files\msvc32.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ServiceObject32] C:\Program Files\msvc32.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://89.87.92.142:8080/RtspVaPgDec.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://express.foto.com/ImageUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1539
Windows 5.1.2600 Service Pack 2

29/12/2008 18:04:38
mbam-log-2008-12-29 (18-04-38).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 117667
Temps écoulé: 43 minute(s), 48 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

--------- Logfile of AD-Remover 1.0.8.1 by C_XX ---------

# START at: 18:22:58 | Lun 29/12/2008 | Microsoft® Windows XP™ SP2 (v5.1.2600)
# BOOT MODE: Normal

# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

# PC: OLIVIERARA | USER: rara ( Current user is an administrator)

# DRIVE(S):
- C:\ (File System: NTFS)
- F:\ (File System: FAT32)

# Internet Explorer v7.0.5730.13

--------- [ RUNNING PROCESSES: 39 ] ---------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\DNA\btdna.exe
C:\Program Files\msvc32.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\ntvdm.exe

-----------------------------------


+-----------------------| Boonty/Boonty Games Elements found :

.

+-----------------------| Eorezo Elements found :

.

+-----------------------| Everest Poker Elements found :

.

+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

.

+-----------------------| It's TV Elements found :

.

+-----------------------| Sweetim Elements found :

"HKEY_CLASSES_ROOT\CLSID\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_CLASSES_ROOT\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}"
"HKEY_CLASSES_ROOT\CLSID\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}"
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.1"
"HKEY_CLASSES_ROOT\ToolBand.SWEETIE"
"HKEY_CLASSES_ROOT\ToolBand.SWEETIE.1"
"HKEY_CLASSES_ROOT\Typelib\{58906392-79C4-497C-ACC6-6942B59F1A08}"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator.1"
"HKEY_CURRENT_USER\SOFTWARE\SWEETIE"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Upgradecodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks" /v "{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Macrogaming"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
.
[21/03/2007 20:54|d--------] C:\PROGRA~1\MACROG~1
[14/03/2008 13:14|d--------] C:\PROGRA~1\MACROG~1\SweetIM
[21/03/2007 20:54|d--------] C:\PROGRA~1\MACROG~1\SWEETI~1
[14/03/2008 13:14|d--------] C:\PROGRA~1\MACROG~1\SweetIM\conf
[21/03/2007 20:54|d--------] C:\PROGRA~1\MACROG~1\SweetIM\data
[21/01/2007 19:45|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\default.xml
[14/03/2008 13:14|d--------] C:\PROGRA~1\MACROG~1\SweetIM\logs
[02/01/2008 20:14|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGADAP~1.DLL
[02/01/2008 20:15|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGAIMA~1.DLL
[02/01/2008 20:15|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGAIMM~1.DLL
[02/01/2008 20:14|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGARCH~1.DLL
[02/01/2008 20:14|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\mgcommon.dll
[02/01/2008 20:14|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGCOMM~1.DLL
[02/01/2008 20:14|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\mgconfig.dll
[02/01/2008 20:14|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGFLAS~1.DLL
[02/01/2008 20:14|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGHOOK~1.DLL
[02/01/2008 20:14|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGIEPL~1.DLL
[02/01/2008 20:14|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\mglogger.dll
[02/01/2008 20:15|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGMEDI~1.DLL
[02/01/2008 20:14|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGMSNA~1.DLL
[02/01/2008 20:15|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGMSNM~1.DLL
[02/01/2008 20:15|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGSWEE~1.DLL
[02/01/2008 20:15|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGUPDA~1.DLL
[02/01/2008 20:15|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGXML_~1.DLL
[02/01/2008 20:15|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGYAHO~1.DLL
[02/01/2008 20:15|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGYAHO~2.DLL
[11/07/2006 18:35|--a------] C:\PROGRA~1\MACROG~1\SweetIM\msvcp71.dll
[11/07/2006 18:35|--a------] C:\PROGRA~1\MACROG~1\SweetIM\msvcr71.dll
[14/03/2008 13:14|d--------] C:\PROGRA~1\MACROG~1\SweetIM\RESOUR~1
[02/01/2008 20:15|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\SweetIM.exe
[14/03/2008 13:14|d--------] C:\PROGRA~1\MACROG~1\SweetIM\update
[21/01/2007 19:45|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\conf\adapter.xml
[21/01/2007 19:45|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\conf\AUTOUP~1.XML
[23/12/2007 13:45|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\conf\logger.xml
[21/01/2007 19:45|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\conf\messages.xml
[25/07/2007 15:57|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\conf\sweetim.xml
[21/01/2007 19:45|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\conf\SWEETI~1.XML
[11/10/2007 10:18|d--------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users
[21/03/2007 20:54|d--------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\ALEXOL~1.FR
[11/10/2007 10:18|d--------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\CPLESE~1.FR
[21/03/2007 20:54|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\MAIN_U~1.XML
[19/05/2007 11:35|d--------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\OM3466~1.FR
[22/03/2007 08:09|d--------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\PAILHA~1.COM
[15/05/2008 16:00|d--------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\SERLEC~1.FR
[14/03/2008 16:09|d--------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\SOLEIL~1.FR
[22/03/2007 08:11|d--------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\WYWY34~1.FR
[02/04/2008 16:08|d--------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\WYWY34~2.FR
[04/04/2008 15:06|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\ALEXOL~1.FR\EMOTIC~1.XML
[21/03/2007 21:11|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\ALEXOL~1.FR\LASTUS~1.XML
[21/03/2007 20:54|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\ALEXOL~1.FR\USER_C~1.XML
[11/10/2007 10:18|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\CPLESE~1.FR\EMOTIC~1.XML
[11/10/2007 10:18|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\CPLESE~1.FR\USER_C~1.XML
[19/05/2007 11:35|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\OM3466~1.FR\EMOTIC~1.XML
[19/05/2007 11:35|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\OM3466~1.FR\USER_C~1.XML
[22/03/2007 08:09|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\PAILHA~1.COM\EMOTIC~1.XML
[22/03/2007 08:09|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\PAILHA~1.COM\USER_C~1.XML
[15/05/2008 16:00|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\SERLEC~1.FR\EMOTIC~1.XML
[15/05/2008 16:00|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\SERLEC~1.FR\USER_C~1.XML
[14/03/2008 16:09|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\SOLEIL~1.FR\EMOTIC~1.XML
[14/03/2008 16:09|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\SOLEIL~1.FR\USER_C~1.XML
[22/03/2007 08:11|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\WYWY34~1.FR\EMOTIC~1.XML
[22/03/2007 08:11|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\WYWY34~1.FR\USER_C~1.XML
[02/04/2008 16:08|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\WYWY34~2.FR\EMOTIC~1.XML
[02/04/2008 16:08|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\WYWY34~2.FR\USER_C~1.XML
[09/09/2008 15:55|d--------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1
[16/12/2005 12:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100B3.dat
[16/12/2005 12:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100B6.dat
[16/12/2005 12:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100D1.dat
[16/12/2005 12:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001010C.dat
[09/02/2006 15:50|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001011E.dat
[23/04/2006 21:38|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001081A.dat
[07/06/2006 23:36|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010841.dat
[23/08/2006 19:57|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010857.dat
[23/08/2006 19:57|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010859.dat
[10/01/2007 11:27|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001088C.dat
[17/09/2007 11:06|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000108AB.dat
[30/12/2007 11:14|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000108C5.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0002006E.dat
[31/07/2006 19:25|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00020110.dat
[31/07/2006 19:25|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00020112.dat
[31/07/2006 19:25|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00020114.dat
[26/06/2008 13:54|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000300A1.dat
[16/12/2005 12:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00040015.dat
[16/12/2005 12:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0004001F.dat
[16/12/2005 12:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00040024.dat
[16/12/2005 12:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0004002A.dat
[13/03/2006 23:33|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0004003E.dat
[31/07/2006 20:25|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0004005F.dat
[31/07/2006 20:25|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00040061.dat
[31/07/2006 20:25|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00040062.dat
[31/07/2006 20:25|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00040064.dat
[10/01/2007 11:27|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000400A2.dat
[03/12/2006 20:10|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00050002.dat
[09/09/2008 15:55|--a------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\CACHE_~1.DAT
[14/03/2008 13:14|d--------] C:\PROGRA~1\MACROG~1\SweetIM\RESOUR~1\images
[06/02/2007 15:45|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\RESOUR~1\images\AUDIBL~1.PNG
[06/02/2007 15:46|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\RESOUR~1\images\DISPLA~1.PNG
[06/02/2007 15:47|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\RESOUR~1\images\EMOTIC~1.PNG
[06/02/2007 15:50|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\RESOUR~1\images\NUDGEB~1.PNG
[06/02/2007 15:43|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\RESOUR~1\images\SOUNDF~1.PNG
[06/02/2007 15:27|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\RESOUR~1\images\WINKSB~1.PNG
[02/07/2006 17:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\affid.dat
[12/10/2006 16:50|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\basis.xml
[02/07/2006 17:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\BOOKMA~1.BMP
[21/03/2007 20:54|d--------] C:\PROGRA~1\MACROG~1\SWEETI~1\Cache
[02/07/2006 17:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\EMAIL_~1.BMP
[02/07/2006 17:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\GAMES_~1.BMP
[02/07/2006 17:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\GREETI~1.BMP
[02/07/2006 17:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\MOBILE~1.BMP
[02/07/2006 17:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\MUSIC_~1.BMP
[02/07/2006 17:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\NEWS_2~1.BMP
[02/07/2006 17:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\SHOPIN~1.BMP
[02/07/2006 17:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\SMILEY~1.BMP
[02/07/2006 17:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\SMILEY~2.BMP
[02/07/2006 17:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\SWEETI~1.BMP
[05/11/2006 16:46|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.crc
[05/11/2006 16:44|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
[27/12/2006 15:35|--a------] C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.xml
[02/07/2006 17:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\version.txt
[21/03/2007 20:54|--a------] C:\PROGRA~1\MACROG~1\SWEETI~1\Cache\CD2005~1.XML

+-----------------------| ADDED SCAN :

+--[HKEY_CURRENT_USER\..\Run]

CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
H/PC Connection Agent REG_SZ "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
WOOKIT REG_SZ C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
SweetIM REG_SZ C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
BitTorrent DNA REG_SZ "C:\Program Files\DNA\btdna.exe"
ServiceObject32 REG_SZ C:\Program Files\msvc32.exe

+--[HKEY_LOCAL_MACHINE\..\Run]

SunJavaUpdateSched REG_SZ C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
SynTPLpr REG_SZ C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
SiSPower REG_SZ Rundll32.exe SiSPower.dll,ModeAgent
SiS Windows KeyHook REG_SZ C:\WINDOWS\system32\keyhook.exe
SiSUSBRG REG_SZ C:\WINDOWS\SiSUSBrg.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
LVCOMS REG_SZ C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
MessengerPlus3 REG_SZ "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
RealTray REG_SZ C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
WOOWATCH REG_SZ C:\PROGRA~1\Wanadoo\Watch.exe
WOOTASKBARICON REG_SZ C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
SweetIM REG_SZ C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
PWRISOVM.EXE REG_SZ C:\Program Files\PowerISO\PWRISOVM.EXE

+--[HKEY_USERS\.DEFAULT\..\Run]

CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]


+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://fr.msn.com/

+---------------------------------------------------------------------------+

- "C:\AD-report-Scan-29.12.2008.log" (~19830 bytes)

# END at: 18:23:13 | 29/12/2008 - Time elapsed: 15.7 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 269 lines ]
+---------------------------------------------------------------------------+

une fois cliquer sur b il me propose plusieur truc a coche je fait quoi ??

--------- Logfile of AD-Remover 1.0.8.1 by C_XX ---------

*** Limited to ***

Boonty/BoontyGames
Eorezo
Everest Poker
Funwebproduct/MyWay/MyWebsearch
It's TV
Sweetim

******************

# START at: 18:40:44 | Lun 29/12/2008 | Microsoft® Windows XP™ SP2 (v5.1.2600)
# BOOT MODE: Normal

# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

# PC: OLIVIERARA | USER: rara ( Current user is an administrator)

# DRIVE(S):
- C:\ (File System: NTFS)
- F:\ (File System: FAT32)

# Internet Explorer v7.0.5730.13

--------- [ RUNNING PROCESSES: 39 ] ---------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\DNA\btdna.exe
C:\Program Files\msvc32.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ntvdm.exe

-----------------------------------

(!) ---- IE start pages reset

+-----------------------| Boonty/Boonty Games Elements Deleted :

.

+-----------------------| Eorezo Elements Deleted :

.

+-----------------------| Everest Poker Elements Deleted :

.

+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

.

+-----------------------| It's TV Elements Deleted :

.

+-----------------------| Sweetim Elements Deleted :

"HKEY_CLASSES_ROOT\CLSID\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_CLASSES_ROOT\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}"
"HKEY_CLASSES_ROOT\CLSID\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}"
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.1"
"HKEY_CLASSES_ROOT\ToolBand.SWEETIE"
"HKEY_CLASSES_ROOT\ToolBand.SWEETIE.1"
"HKEY_CLASSES_ROOT\Typelib\{58906392-79C4-497C-ACC6-6942B59F1A08}"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator.1"
"HKEY_CURRENT_USER\SOFTWARE\SWEETIE"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Upgradecodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks" /v "{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Macrogaming"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
.
/!\ NOT DELETED - [21/03/2007 20:54|d--------] C:\PROGRA~1\MACROG~1
/!\ NOT DELETED - [29/12/2008 18:41|d--------] C:\PROGRA~1\MACROG~1\SweetIM
/!\ NOT DELETED - [02/01/2008 20:14|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGADAP~1.DLL
/!\ NOT DELETED - [11/07/2006 18:35|--a------] C:\PROGRA~1\MACROG~1\SweetIM\msvcr71.dll

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.


************* /!\ File(s)/Folder(s) Not Deleted /!\ *************

"C:\Program Files\Macrogaming\SweetIM"
"C:\Program Files\Macrogaming\SweetIM\mgAdaptersProxy.dll"
"C:\Program Files\Macrogaming\SweetIM\msvcr71.dll"

Second run ...

RESIST ! - "C:\Program Files\Macrogaming\SweetIM"
RESIST ! - "C:\Program Files\Macrogaming\SweetIM\mgAdaptersProxy.dll"
RESIST ! - "C:\Program Files\Macrogaming\SweetIM\msvcr71.dll"


+-----------------------| ADDED SCAN :


+---------------------------------------------------------------------------+

+--[HKEY_CURRENT_USER\..\Run]

CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
H/PC Connection Agent REG_SZ "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
WOOKIT REG_SZ C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
BitTorrent DNA REG_SZ "C:\Program Files\DNA\btdna.exe"
ServiceObject32 REG_SZ C:\Program Files\msvc32.exe

+--[HKEY_LOCAL_MACHINE\..\Run]

SunJavaUpdateSched REG_SZ C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
SynTPLpr REG_SZ C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
SiSPower REG_SZ Rundll32.exe SiSPower.dll,ModeAgent
SiS Windows KeyHook REG_SZ C:\WINDOWS\system32\keyhook.exe
SiSUSBRG REG_SZ C:\WINDOWS\SiSUSBrg.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
LVCOMS REG_SZ C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
MessengerPlus3 REG_SZ "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
RealTray REG_SZ C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
WOOWATCH REG_SZ C:\PROGRA~1\Wanadoo\Watch.exe
WOOTASKBARICON REG_SZ C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
PWRISOVM.EXE REG_SZ C:\Program Files\PowerISO\PWRISOVM.EXE

+--[HKEY_USERS\.DEFAULT\..\Run]

CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://fr.msn.com/

+---------------------------------------------------------------------------+

- "C:\AD-report-Clean-29.12.2008.log" (~11284 bytes)

- "C:\AD-report-Scan-29.12.2008.log" (~20166 bytes)

# END at: 18:42:31 | 29/12/2008 - Time elapsed: 1 minute, 46 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 172 lines ]
+---------------------------------------------------------------------------+

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Macrogaming\SweetIM moved successfully.
File/Folder C:\Program Files\Macrogaming\SweetIM\mgAdaptersProxy.dll not found.
File/Folder C:\Program Files\Macrogaming\SweetIM\msvcr71.dl not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12292008_185743

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.