Problemes de troyens

voila le rapport


Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1574
Windows 5.1.2600 Service Pack 2

30/12/2008 16:08:06
mbam-log-2008-12-30 (16-08-06).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 124301
Temps écoulé: 1 hour(s), 16 minute(s), 56 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 7
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 100

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\lvdqtwmy.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dcorca.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\lhtivc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\njarsb.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ftdotf.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\gyyayv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\bsmnos.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f1e89c1e-bb9f-4232-9c7e-6cf332716b6b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f1e89c1e-bb9f-4232-9c7e-6cf332716b6b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0685f26f-e054-4d6b-9dde-11a9a70d88c8} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a53f5e6b-219f-44a2-955d-68d2ce1afa38} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{eaf9a401-ffa2-40a5-b6a8-1ee1367cc0b3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d5d475f2-59a9-426e-a7f3-ebefc88e4c4d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fd700e3e-dba3-4dbe-ab3a-10d49b04157f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d8e1aa76 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\A360 (Rogue.A360Antivirus) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\bsmnos.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\cysrhjsl.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lsjhrsyc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ermjjqtm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtqjjmre.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hpaowkdt.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdkwoaph.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lvdqtwmy.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ymwtqdvl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lykyouev.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\veuoykyl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nhgbhmuk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kumhbghn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ryawomqk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kqmowayr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cecile\Local Settings\Application Data\yqcye_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cecile\Local Settings\Application Data\yqcye_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cecile\Local Settings\Application Data\yqcye.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dcorca.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\lhtivc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\njarsb.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ftdotf.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\gyyayv.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Cecile\Local Settings\Temporary Internet Files\Content.IE5\KLMFWDI7\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cecile\Local Settings\Temporary Internet Files\Content.IE5\WH67KX6J\upd105320[2] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP385\A0161129.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP399\A0165684.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP400\A0166726.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP402\A0166777.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP403\A0166817.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP403\A0166818.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP403\A0166821.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP403\A0166842.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP403\A0166843.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP403\A0166820.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP403\A0166981.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP403\A0167087.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP403\A0166965.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP403\A0166966.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP403\A0166967.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP403\A0166973.exe (Rogue.Antivirus2009) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP403\A0166974.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP403\A0166975.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP403\A0166977.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP403\A0166979.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP403\A0166982.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP403\A0166984.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP403\A0167061.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP403\A0167070.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP403\A0167071.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP403\A0167073.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP403\A0167089.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP403\A0167090.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP403\A0167092.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP403\A0167093.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP403\A0167094.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP403\A0167095.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP403\A0167096.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP403\A0167097.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP403\A0167098.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP403\A0167099.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP406\A0167197.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP406\A0167200.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP406\A0167201.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP406\A0167204.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP406\A0167205.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP406\A0167212.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP407\A0168102.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP407\A0168103.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP407\A0168104.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP407\A0168106.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP407\A0168107.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP407\A0168110.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP407\A0168111.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP407\A0168113.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP407\A0168114.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP407\A0168116.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP407\A0168117.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP407\A0168118.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP407\A0168119.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP407\A0168120.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87B2C9C7-55E9-4B19-ABFA-941E81D4E728}\RP407\A0168115.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dxmqoaux.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fxhpzq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hiokxerk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\npdrlsvg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nrronbxd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nsyufkhs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qbrlsr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rscvxn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rvoowfpe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rwujtd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tjohaenl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vkkfsvwy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msljyjlm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xenrjsfn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zvtwqb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jdndqwbl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.

et enfin la suite... peux tu me dire ce qu'il en est stp? en attendant, je te remercie vivement de ton aide


info.txt logfile of random's system information tool 1.05 2008-12-30 16:37:18

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
AVG 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Catz (remove only)-->"C:\Program Files\Ubisoft\Catz\uninstall.exe" 1036
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Chloé et ses amis-->MsiExec.exe /X{1483094F-49FD-4BB7-A50B-7FA2FB557BB5}
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Correctif Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Correctif Windows XP - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Correctif Windows XP - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Correctif Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Correctif Windows XP - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Correctif Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dora La Cité Perdue-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FE978B11-8733-4CC0-B40A-2F5A4B0B33A5}\setup.exe" -l0x40c
eoEngine 6.3-->"C:\Program Files\EoRezo\unins000.exe"
Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
Favorit-->"c:\documents and settings\cecile\local settings\application data\yqcye.exe" -uninstall
Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
HijackThis 2.0.2-->"C:\Documents and Settings\Cecile\Bureau\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Les Sims-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Maxis\Les Sims\Uninst.isu"
Les Sims™ 2 Double Deluxe-->C:\Program Files\EA GAMES\Les Sims 2 Double Deluxe\EAUninstall.exe
Lexmark 2500 Series-->C:\Program Files\Lexmark 2500 Series\Install\x86\Uninst.exe
Lexmark Barre d'outils-->regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
livebox-->C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe -runfromtemp -l0x040c -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Navigateur Orange-->C:\Program Files\Orange\Uninstall\Browser\Shell.exe MainUninstall.shl
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers-->C:\WINDOWS\System32\nvudisp.exe UninstallGUI
OpenOffice.org 2.2-->MsiExec.exe /I{7FD7F10E-0666-4C9F-A0A8-422EA5E31C4C}
Orange - Logiciels Internet-->C:\Program Files\Orange\installation\core\Installgui.exe -u
PhoTags Express 3-->C:\PROGRA~1\PHOTAG~1\Setup.exe /remove /q0
Pilotes NVIDIA nForce pour Windows 2000/XP-->rundll32.exe C:\WINDOWS\System32\NVNFINST.DLL,NvUninstallCrush
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c -removeonly
Samsung PC Studio 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c -removeonly
Samsung Samples Installer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AC15160-A49B-4A89-B181-D4619C025FFF}\setup.exe" -l0x40c -removeonly
SdLL - Super Vacances vers la maternelle MS-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\SdLL\SupVacMMS\Uninst.isu"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Solutions de télécopie Lexmark-->C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
SPAMfighter-->"C:\Program Files\SPAMfighter\uninstall.exe" Remove
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SPYWAREfighter-->"C:\Program Files\Fighters\spywarefighter\Uninstall.exe" Remove
SPYWAREfighter-->MsiExec.exe /I{B940005A-1212-4E87-885B-1FF80B40D6F4}
Surligneur (Windows Live Toolbar)-->MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
Uninstall Dual Mode Camera-->"C:\Program Files\JL2005C\unins000.exe"
Video Journal Version 2.04-->"C:\Program Files\GirlTech\Video Journal\unins000.exe"
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Writer-->MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
YouTube Video Downloader 2.2.0-->"C:\Program Files\Tomato\YouTube Video Downloader\unins000.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus

System event log

Computer Name: AGATHE
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestion d'applications.

Record Number: 16121
Source Name: Service Control Manager
Time Written: 20081206105016.000000+060
Event Type: Informations
User: AGATHE\Cecile

Computer Name: AGATHE
Event Code: 7023
Message: Le service Gestion d'applications s'est arrêté avec l'erreur :
Le module spécifié est introuvable.


Record Number: 16120
Source Name: Service Control Manager
Time Written: 20081206105016.000000+060
Event Type: erreur
User:

Computer Name: AGATHE
Event Code: 7036
Message: Le service Gestion d'applications est entré dans l'état : arrêté.

Record Number: 16119
Source Name: Service Control Manager
Time Written: 20081206105016.000000+060
Event Type: Informations
User:

Computer Name: AGATHE
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestion d'applications.

Record Number: 16118
Source Name: Service Control Manager
Time Written: 20081206105016.000000+060
Event Type: Informations
User: AGATHE\Cecile

Computer Name: AGATHE
Event Code: 7023
Message: Le service Gestion d'applications s'est arrêté avec l'erreur :
Le module spécifié est introuvable.


Record Number: 16117
Source Name: Service Control Manager
Time Written: 20081206105016.000000+060
Event Type: erreur
User:

Application event log

Computer Name: AGATHE
Event Code: 1517
Message: Windows a sauvegardé le Registre utilisateur AGATHE\Cecile alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé.


Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.

Record Number: 5250
Source Name: Userenv
Time Written: 20081106210107.000000+060
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: AGATHE
Event Code: 101
Message: MsnMsgr (1444) Le moteur de base de données est arrêté.

Record Number: 5249
Source Name: ESENT
Time Written: 20081106210049.000000+060
Event Type: Informations
User:

Computer Name: AGATHE
Event Code: 103
Message: MsnMsgr (1444) \\.\C:\Documents and Settings\Cecile\Local Settings\Application Data\Microsoft\Messenger\ap.2@live.fr\SharingMetadata\Working\database_FAD8_E1F0_D8E1_AAD9\dfsr.db: Le moteur de base de données a arrêté une instance (0).

Record Number: 5248
Source Name: ESENT
Time Written: 20081106210049.000000+060
Event Type: Informations
User:

Computer Name: AGATHE
Event Code: 1002
Message: L'environnement s'est arrêté de façon inattendue et Explorer.exe a redémarré.

Record Number: 5247
Source Name: Winlogon
Time Written: 20081106200842.000000+060
Event Type: Informations
User:

Computer Name: AGATHE
Event Code: 102
Message: MsnMsgr (1444) \\.\C:\Documents and Settings\Cecile\Local Settings\Application Data\Microsoft\Messenger\ap.2@live.fr\SharingMetadata\Working\database_FAD8_E1F0_D8E1_AAD9\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).

Record Number: 5246
Source Name: ESENT
Time Written: 20081106200743.000000+060
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Samsung\Samsung PC Studio 3\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------




Logfile of random's system information tool 1.05 (written by random/random)
Run by Cecile at 2008-12-30 16:36:12
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 22 GB (29%) free of 78 GB
Total RAM: 1535 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:37:16, on 30/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Fighters\configservice.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fighters\licenseservice.exe
C:\Program Files\Fighters\updateservice.exe
C:\Program Files\Fighters\ScannerService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
c:\program files\fighters\spywarefighter\SPYWAREfighterTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Cecile\Bureau\RSIT.exe
C:\Program Files\trend micro\Cecile.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://eo.st
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: (no name) - {0C8E2057-EB55-4C29-B595-FB64235BDEFC} - (no file)
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {10A36C83-64D7-4635-A9FA-3F994A4BAEB3} - (no file)
O2 - BHO: (no name) - {2A6AD665-EE65-44DA-B51D-7F43F3F894C6} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {3E538CEC-D6F6-4CC8-A69F-F2B2E605E6A1} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53CDB228-156B-4E3C-B6C1-DCD464926F25} - (no file)
O2 - BHO: (no name) - {6A2EA2DF-BADF-4243-AECE-18863AE78D3A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7DB670BF-A0CD-4F2F-B69B-99A8031C4783} - (no file)
O2 - BHO: (no name) - {86AF489B-0CEA-4B8B-8BAB-946FF8391A69} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {AD969FA4-B369-403E-A2CA-CDAD7C879960} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C9AF47FA-D4B0-4BEF-95CC-AC6C043ED67F} - C:\WINDOWS\system32\mlJYroMd.dll (file missing)
O2 - BHO: (no name) - {D229FCBE-773E-4B43-B0D7-3B44AE34CF15} - (no file)
O2 - BHO: (no name) - {D3D06CDA-2F10-4DC8-B909-ECAE73E0C3A8} - (no file)
O2 - BHO: (no name) - {E87027AA-16A9-4EFA-89D6-469445336606} - (no file)
O2 - BHO: (no name) - {f1e89c1e-bb9f-4232-9c7e-6cf332716b6b} - (no file)
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\system32\winIogon.exe
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Belkin Wireless Client Utility.lnk = C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Download Video on This Page - C:\Program Files\Tomato\YouTube Video Downloader\IEPage.html
O8 - Extra context menu item: Download Video This Links To - C:\Program Files\Tomato\YouTube Video Downloader\IELink.html
O9 - Extra button: Download Video - {11F19C45-9675-488A-A8E0-8E8234DC245D} - C:\Program Files\Tomato\YouTube Video Downloader\IEPage.html
O9 - Extra 'Tools' menuitem: Download Video on This Page - {11F19C45-9675-488A-A8E0-8E8234DC245D} - C:\Program Files\Tomato\YouTube Video Downloader\IEPage.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: qomfex.dll nwtjjx.dll dcorca.dll wgsxxa.dll lhtivc.dll bfbjte.dll njarsb.dll zmueps.dll zhpvpq.dll yxtgct.dll ftdotf.dll gyyayv.dll mkppku.dll bsmnos.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: rqRlIYqO - rqRlIYqO.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PTK License-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\licenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\updateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\ScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\configservice.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

je reponds non ? je ne sais pas quoi faire, en plus je ne comprends rien a ce que tu me fais faire là

j'ai deja fais tout ca, je t'ai posté au dessus

je n'arrive pas a ouvrir OTMoveIT3 il semble bloqué par anti virus... en fait, je ne comprends pas ce qu'il se passe

quand je veux l'ouvrir, j'ai une alerte de menace qui porte le nom de cheval de troie : backdoor.generic10.AETR detecté a l'ouverture

je ne peux pas analyser c:\WINDOWS\systeme32\winIogon.exe
j'ai un message me disant que le chemin d'acces n'existe pas

combofix a detecté que la 'CONSOLE DE RECUPERATION WINDOWS' n'existe pas sur ce pc
vous auriez vraiment tout interet a l'installer. voulez-vous le faire maintenant?
note : une connection internet active est indispensable



dis moi, que dois je repondre ? (là, je suis connecté via un autre pc), j'attends ta reponse pour poursuivre

j'ai cliqué sur non !!!! l'analyse est entrain de se faire
j'espere avoir bien fait.... je ne comprends pas tout ce que tu me fais faire et j'aime pas trop ca mais je vais te faire confiance. l'ordi redemare

voici le rapport combofix


ComboFix 08-12-29.02 - Cecile 2008-12-30 21:29:21.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1535.1072 [GMT 1:00]
Lancé depuis: c:\documents and settings\Cecile\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ayJloUtv.ini
c:\windows\system32\bfbjte.dll
c:\windows\system32\cfMWDcfe.ini
c:\windows\system32\cfnpryon.ini
c:\windows\system32\eaxknnch.ini
c:\windows\system32\ebfamjec.dll
c:\windows\system32\eutmilqi.ini
c:\windows\system32\gdfdnpwa.ini
c:\windows\system32\HjiOnnmp.ini
c:\windows\system32\hoiufjqy.ini
c:\windows\system32\izxmgp.dll
c:\windows\system32\jlmriycm.ini
c:\windows\system32\kazaabackupfiles
c:\windows\system32\mkppku.dll
c:\windows\system32\ofuqplcu.ini
c:\windows\system32\thjaoeee.dll
c:\windows\system32\ukhlrueu.dll
c:\windows\system32\uvftpfym.ini
c:\windows\system32\wcpxpyhj.ini
c:\windows\system32\wdtmpsrd.ini
c:\windows\system32\ynrqgymv.exe
c:\windows\Tasks\jtycnlaq.job

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_AVG


((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-30 ))))))))))))))))))))))))))))))))))))
.

2008-12-30 16:36 . 2008-12-30 16:37 <REP> d-------- C:\rsit
2008-12-30 16:20 . 2004-08-20 01:10 20,992 --a------ c:\windows\system32\dshowext.ax
2008-12-30 16:20 . 2004-08-20 01:10 20,992 --a--c--- c:\windows\system32\dllcache\dshowext.ax
2008-12-30 14:45 . 2008-12-30 14:45 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-30 14:45 . 2008-12-30 14:45 <REP> d-------- c:\documents and settings\Cecile\Application Data\Malwarebytes
2008-12-30 14:45 . 2008-12-30 14:45 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-30 14:45 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-30 14:45 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-30 13:49 . 2008-12-30 13:49 <REP> d-------- c:\program files\EA GAMES
2008-12-30 13:49 . 2008-03-13 02:10 445,504 -ra------ c:\windows\system32\vp6vfw.dll
2008-12-29 21:59 . 2008-12-30 20:19 <REP> d--h----- C:\$AVG8.VAULT$
2008-12-29 21:55 . 2008-12-29 21:55 324,872 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-29 21:55 . 2008-12-29 21:55 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-12-29 21:55 . 2008-12-29 21:55 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys
2008-12-29 21:55 . 2008-12-29 21:55 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-29 21:54 . 2008-12-30 21:32 <REP> d-------- c:\windows\system32\drivers\Avg
2008-12-29 21:54 . 2008-12-29 21:54 <REP> d-------- c:\program files\AVG
2008-12-29 21:54 . 2008-12-30 18:05 <REP> d-------- c:\documents and settings\Cecile\Application Data\AVGTOOLBAR
2008-12-29 21:54 . 2008-12-30 18:05 <REP> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-29 21:39 . 2008-12-29 21:39 <REP> d-------- c:\program files\CCleaner
2008-12-29 21:28 . 2008-12-29 21:28 <REP> d-------- C:\VundoFix Backups
2008-12-29 21:08 . 2008-12-29 21:26 <REP> d-------- c:\documents and settings\Cecile\.housecall6.6
2008-12-27 12:44 . 2008-12-29 20:33 <REP> d-------- c:\program files\EA GAMES(2)
2008-12-26 20:58 . 2008-12-30 12:10 <REP> d-------- c:\program files\JL2005C
2008-12-26 20:53 . 2008-12-26 20:53 <REP> d-------- c:\program files\GirlTech
2008-12-20 19:36 . 2008-12-21 19:58 <REP> d-------- c:\windows\system32\Adobe
2008-12-14 15:09 . 2008-12-14 15:09 <REP> d-------- c:\documents and settings\Cecile\Application Data\SPAMfighter
2008-12-14 15:08 . 2008-12-14 15:08 <REP> d-------- c:\program files\Fichiers communs\Application
2008-12-14 15:07 . 2008-12-30 21:33 <REP> d-------- c:\program files\SPAMfighter
2008-12-13 18:38 . 2008-12-13 18:38 <REP> d-------- c:\program files\Tomato
2008-12-10 09:50 . 2008-12-10 09:50 95 --a------ c:\windows\wininit.ini
2008-12-07 21:24 . 2008-12-07 21:24 <REP> d-------- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-12-07 21:24 . 2008-12-07 21:24 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-12-07 21:13 . 2008-12-07 21:13 <REP> d-------- c:\program files\AxBx
2008-12-06 21:10 . 2008-12-30 18:09 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-12-06 21:10 . 2008-12-30 18:09 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-06 20:42 . 2008-12-06 20:42 <REP> d-------- c:\program files\Lavasoft
2008-12-06 20:42 . 2008-12-07 21:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-06 11:12 . 2008-12-30 18:11 <REP> d-------- c:\program files\Fighters
2008-12-06 11:12 . 2008-12-06 11:12 <REP> d-------- c:\documents and settings\All Users\Application Data\Fighters
2008-12-02 07:24 . 2008-12-02 07:38 0 --a------ C:\wnxx.exe
2008-12-01 18:47 . 2008-12-01 18:53 5,473 --a------ C:\rrrreet.exe
2008-11-21 22:47 . 2008-11-21 22:47 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2008-11-21 22:47 . 2008-11-21 22:47 524,288 --a------ c:\windows\system32\DivXsm.exe
2008-11-21 22:47 . 2008-11-21 22:47 9,878 --a------ c:\windows\system32\dsm_fr.qm
2008-11-21 22:47 . 2008-11-21 22:47 4,816 --a------ c:\windows\system32\divxsm.tlb
2008-11-21 22:46 . 2008-11-21 22:46 1,044,480 --a------ c:\windows\system32\libdivx.dll
2008-11-21 22:46 . 2008-11-21 22:46 200,704 --a------ c:\windows\system32\ssldivx.dll
2008-11-21 22:44 . 2008-11-21 22:44 161,096 --a------ c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 22:44 . 2008-11-21 22:44 12,288 --a--c--- c:\windows\system32\DivXWMPExtType.dll
2008-11-01 17:03 . 2008-11-01 17:03 230,432 --a------ C:\PA207.DAT

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-30 20:35 --------- d-----w c:\documents and settings\Cecile\Application Data\OpenOffice.org2
2008-12-30 18:58 --------- d-----w c:\program files\Lx_cats
2008-12-30 15:37 --------- d-----w c:\program files\Trend Micro
2008-12-29 21:23 --------- d-----w c:\program files\DinosaurUs
2008-12-29 19:34 --------- d-----w c:\program files\Windows Live Safety Center
2008-12-21 14:04 --------- d-----w c:\program files\DivX
2008-12-07 20:24 --------- d-----w c:\program files\Windows Live
2008-12-07 20:19 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-06 10:06 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-06 09:50 --------- d-----w c:\program files\SUPERAntiSpyware
2008-12-06 09:50 --------- d-----w c:\documents and settings\Cecile\Application Data\SUPERAntiSpyware.com
2008-12-06 09:27 --------- d-----w c:\program files\ArcSoft
2008-12-06 09:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-06 09:17 --------- d-----w c:\program files\eMule
2008-11-30 13:47 --------- d-----w c:\documents and settings\Cecile\Application Data\EoRezo
2008-11-10 18:18 --------- d-----w c:\program files\Attack on Pearl Harbor
2008-10-28 21:39 --------- d-----w c:\documents and settings\Cecile\Application Data\ArcSoft
2008-10-28 13:39 --------- d-----w c:\program files\Fichiers communs\ArcSoft
2008-07-27 20:59 278,528 -c--a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
2008-04-26 14:31 842 -c--a-w c:\documents and settings\Cecile\Application Data\filterclsid.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-20 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-10 7286784]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-07-03 64000]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-12-09 325768]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-29 1601304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-20 15360]

c:\documents and settings\Cecile\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216]

c:\documents and settings\Cecile\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2008-12-29 21:55 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JDCT"= jl_jdct.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddwbgw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-12-29 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-29 324872]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-29 107272]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-29 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-29 298264]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service []
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-12-21 99248]
R2 SPAMfighter Update Service;SPAMfighter Update Service;"c:\program files\SPAMfighter\sfus.exe" [2008-12-09 184968]
S3 PAC207;Webcam 1200;c:\windows\system32\DRIVERS\PFC027.SYS []
.
Contenu du dossier 'Tâches planifiées'

2008-12-30 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2008-12-30 c:\windows\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_AGATHE_Cecile.job
- c:\windows\system32\mobsync.exe [2004-08-20 00:09]
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: Download Video on This Page - c:\program files\Tomato\YouTube Video Downloader\IEPage.html
IE: Download Video This Links To - c:\program files\Tomato\YouTube Video Downloader\IELink.html
IE: {{11F19C45-9675-488A-A8E0-8E8234DC245D} - c:\program files\Tomato\YouTube Video Downloader\IEPage.html
FF - ProfilePath - c:\documents and settings\Cecile\Application Data\Mozilla\Firefox\Profiles\58v6v7hr.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 21:34:10
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\[u]0[/u]\FTRTSVC.exe
c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe
c:\windows\system32\lxddcoms.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\OpenOffice.org 2.2\program\soffice.exe
c:\program files\OpenOffice.org 2.2\program\soffice.bin
c:\windows\system32\msiexec.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
.
**************************************************************************
.
Heure de fin: 2008-12-30 21:39:56 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-30 20:39:53

Avant-CF: 23 060 303 872 octets libres
Après-CF: 22,959,960,064 octets libres

241 --- E O F --- 2008-07-28 07:14:49

je n'arrive pas a scanner avec virus total !!!

au redemarrage, j'ai un message de windows disant qu'il n'y a pas de disque dans le lecteur ???

pourquoi usbfix empeche windows de redemarrer ?
pourquoi inserer un disque ? et surtout quel disque ?

je t'envoye le rapport. merci pour tout




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:06, on 01/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Cecile\Bureau\spy... ne pas toucher !!!\scanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Belkin Wireless Client Utility.lnk = C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Download Video on This Page - C:\Program Files\Tomato\YouTube Video Downloader\IEPage.html
O8 - Extra context menu item: Download Video This Links To - C:\Program Files\Tomato\YouTube Video Downloader\IELink.html
O9 - Extra button: Download Video - {11F19C45-9675-488A-A8E0-8E8234DC245D} - C:\Program Files\Tomato\YouTube Video Downloader\IEPage.html
O9 - Extra 'Tools' menuitem: Download Video on This Page - {11F19C45-9675-488A-A8E0-8E8234DC245D} - C:\Program Files\Tomato\YouTube Video Downloader\IEPage.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

merci pour tout et bonne annee a toi aussi .