Logfile hijackthis(merci de m'aider)

------- LOGFILE OF AD-REMOVER 1.0.9.2 | ONLY XP/VISTA -------

UPDATED BY C_XX ON 14/01/2009 AT 20:00

*** LIMITED TO ***

Funwebproduct/Myway/Mywebsearch
Sweetim

******************

START AT: 19:59:43 | Dim 2009-02-01 | MICROSOFT® WINDOWS XP™ SP3 (V5.1.2600)
BOOT MODE: NORMAL
OPTION: CLEAN | EXECUTED FROM: C:\Program Files\Ad-remover\AD-REMOVER.BAT
PC: NATHALIE | USER: HP_Administrateur ( Current user is an administrator)
DRIVE(S):
- C:\ (FILE SYSTEM: NTFS)
- D:\ (FILE SYSTEM: FAT32)
SYSTEM DRIVE: C:\
WINDOWS DIRECTORY: C:\WINDOWS\
SYSTEM DIRECTORY: C:\WINDOWS\SYSTEM32\

--- RUNNING PROCESSES: 58

(!) ---- IE start pages reset

+--------------------| FUNWEBPRODUCTS/MYWAY/MYWEBSEARCH/MYGLOBALSEARCH ELEMENTS DELETED :

.
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\MY WEB SEARCH BAR SEARCH SCOPE MONITOR
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\MYWEBSEARCH PLUGIN
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\USER AGENT\POST PLATFORM\\FUNWEBPRODUCTS
HKLM\SOFTWARE\MICROSOFT\WINDOWS MEDIA\WMSDK\SOURCES\\F3POPULARSCREENSAVERS
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}
HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
HKCR\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3}
HKCR\Interface\{1093995a-ba37-41d2-836e-091067c4ad17}
HKCR\Interface\{120927bf-1700-43bc-810f-fab92549b390}
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
HKCR\Interface\{1f52a5fa-a705-4415-b975-88503b291728}
HKCR\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a}
HKCR\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc}
HKCR\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc}
HKCR\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495}
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
HKCR\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca}
HKCR\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff}
HKCR\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8}
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244f69}
HKCR\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc}
HKCR\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d}
HKCR\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe}
HKCR\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1}
HKCR\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477}
HKCR\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e}
HKCR\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f}
HKCR\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8}
HKCR\FunWebProducts.DataControl
HKCR\FunWebProducts.DataControl.1
HKCR\FunWebProducts.HistoryKillerScheduler
HKCR\FunWebProducts.HistoryKillerScheduler.1
HKCR\FunWebProducts.HistorySwatterControlBar
HKCR\FunWebProducts.HistorySwatterControlBar.1
HKCR\FunWebProducts.HTMLMenu
HKCR\FunWebProducts.HTMLMenu.1
HKCR\FunWebProducts.HTMLMenu.2
HKCR\FunWebProducts.IECookiesManager
HKCR\FunWebProducts.IECookiesManager.1
HKCR\FunWebProducts.KillerObjManager
HKCR\FunWebProducts.KillerObjManager.1
HKCR\FunWebProducts.PopSwatterBarButton
HKCR\FunWebProducts.PopSwatterBarButton.1
HKCR\FunWebProducts.PopSwatterSettingsControl
HKCR\FunWebProducts.PopSwatterSettingsControl.1
HKCR\screensavercontrol.screensaverinstaller
HKCR\screensavercontrol.screensaverinstaller.1
HKCR\MyWebSearch.ChatSessionPlugin
HKCR\MyWebSearch.ChatSessionPlugin.1
HKCR\MyWebSearch.HTMLPanel
HKCR\MyWebSearch.HTMLPanel.1
HKCR\MyWebSearch.PseudoTransparentPlugin
HKCR\MyWebSearch.PseudoTransparentPlugin.1
HKCR\MyWebSearchToolBar.ToolbarPlugin
HKCR\MyWebSearchToolBar.ToolbarPlugin.1
HKCU\SOFTWARE\FunWebProducts
HKCU\SOFTWARE\Fun Web Products
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca}
HKLM\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKLM\SOFTWARE\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
HKLM\SOFTWARE\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
HKLM\SOFTWARE\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
HKLM\SOFTWARE\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
HKLM\SOFTWARE\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}
HKLM\SOFTWARE\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
HKLM\SOFTWARE\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}
HKLM\SOFTWARE\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
HKLM\SOFTWARE\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
HKLM\SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
HKLM\SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
HKLM\SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
HKLM\SOFTWARE\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
HKLM\SOFTWARE\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
HKLM\SOFTWARE\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}
HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
HKLM\SOFTWARE\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
HKLM\SOFTWARE\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
HKLM\SOFTWARE\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
HKLM\SOFTWARE\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
HKLM\SOFTWARE\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\SOFTWARE\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
HKLM\SOFTWARE\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
HKLM\SOFTWARE\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
HKLM\SOFTWARE\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
HKLM\SOFTWARE\FocusInteractive
HKLM\SOFTWARE\Fun Web Products
HKLM\SOFTWARE\FunWebProducts
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall
HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
HKLM\SYSTEM\ControlSet002\Services\MyWebSearchService
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612}
.
C:\WINDOWS\SYSTEM32\f3PSSavr.scr
C:\Program Files\FunWebProducts
C:\Program Files\Mozilla Firefox\Plugins\NPMyWebS.dll
C:\WINDOWS\DOWNLOADED PROGRAM FILES\F3initialsetup1.0.1.0.inf
C:\Program Files\WINDOWS LIVE\MESSENGER\RICHED20.DLL
C:\Program Files\INTERNET EXPLORER\MSIMG32.DLL

+--------------------| SWEETIM ELEMENTS DELETED :

.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\SWEETIM
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\07D5290CDBDAE4242926B8E6CA650501
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\08E33F7B61DEFF24BB9673ED7D467636
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\0E3D8A5B48622A445A7DF73FEFF32C3F
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\1AC67655DD68F8240B2860F2D511EBD8
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\46A5861A389ADB844AF89E31BC9DF0A1
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\34EDDB1BFB3A2D448845F3EFD0F15A43
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\4318DF19719275242801CBE292063A4C
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\45FC115D1FEAEF849A4E1610D6EC8BF0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\49B0E1A6FF50BBE4289E4E23DE6EA0C7
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\4CCCAC049F34D0540AAC13011398BEDB
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\5C4389D0BFB302C479DE4178BD5D9EBA
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\5D19F074C042AD34BAB463D4175A062E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\5D2B09BDEF4FE54418E6F3373CDBC7AC
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\61B65D3397A1FBF4CB1571B5E4F6B5B0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\68E8A05C60DD9254591DBD16C94EDDBF
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\697E782CF574CC34CBB9566440BA12BC
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\6AE27A8613CF7EA4782F2886F67295E5
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\7CE172051F585E04187BCB97570BFA74
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\86A901BA5265452499DCBF719C378EE3
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\88ABD1CD5C40EC84789A7F6EF86DAC5E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\980289C22F80A7C4BB9323DC61255E4E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\9A4B7EF3789F871419D9302583B20C15
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\A6C53B0F76C44004A8F36716213017DB
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\B59F2D8189784CC46A4597F2842480B0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\BD746FB95FB8E5B45BF66BE54D5FD91F
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\CCF399FCD6D2D3F46BF02A1378654FC9
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\D149C1355C98DE24E82CEFBD996FE06A
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\DB59FDB786388EA4D897F3EE715683AC
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\DB8DAD19CFBCC2049A4477183787E8C5
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\E337925F629CF4C4FB08F3D9674DD839
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\EC65F200D112357449C8B1BC3CFA03D0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\427EA997C413D1D47907CBFC7B2DB432
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\E1C820A74ED67374BA048B52CB3C3804
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\F327D0C73C0973644A21E8CC852267A0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\FA96423FE2B98E248A3B23548D1E22D9
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\0FF2AEFF45EEA0A48A4B33C1973B6094
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\305B09CE8C53A214DB58887F62F25536
HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
HKCR\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
HKCR\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
HKCR\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKCR\MgMediaPlayer.GifAnimator
HKCR\MgMediaPlayer.GifAnimator.1
HKCU\SOFTWARE\SweetIM
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
HKLM\SOFTWARE\SweetIM
.
C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\mvzydekf.default\searchplugins\sweetim.xml
C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\mvzydekf.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
C:\WINDOWS\PREFETCH\SWEETIM.EXE-19615F6D.pf
C:\Documents and Settings\HP_Administrateur\COOKIES\hp_administrateur@sweetim[1].txt

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.


+--------------------| ADDED SCAN :


+---------- SCANNING PREFS.JS ... ( # MOZILLA USER PREFERENCES )

..\mvzydekf.default\prefs.js :

~~~~ MOZILLA FIREFOX VERSION 1.5.0.7 ~~~~

* BROWSER SEARCH DEFAULT ENGINE: "Yoog Search"
* BROWSER SEARCH SELECTED ENGINE: "Yoog Search"
* BROWSER SEARCH DEFAULT URL: "http://www10.yoog.com/search.php?q="
* BROWSER STARTUP HOMEPAGE: "https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2f%3flang%3den-CA"

.

+---------------------------------------------------------------------------+


~~~~ INTERNET EXPLORER VERSION 7.0.5730.13 ~~~~

+--[HKEY_CURRENT_USER\..\INTERNET EXPLORER\MAIN]

Start page : hxxp://go.microsoft.com/fwlink/?LinkId=69157

+--[HKEY_LOCAL_MACHINE\..\INTERNET EXPLORER\MAIN]

Start page : hxxp://go.microsoft.com/fwlink/?LinkId=69157

+---------------------------------------------------------------------------+

[~14388 BYTES] - "C:\AD-REPORT-CLEAN-20.9-.2-01.LOG"

END AT: 20:12:47 | 2009-02-01 - TIME ELAPSED: 13 minutes, 4 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 233 LINES ]
+---------------------------------------------------------------------------+

SmitFraudFix v2.391

Rapport fait à 21:09:48,34, 2009-02-01
Executé à partir de C:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\system32\ieupdates.exe supprimé
C:\WINDOWS\system32\winsrc.dll supprimé
C:\Program Files\Google\googletoolbar1.dll supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/100 VE Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 205.151.69.200
DNS Server Search Order: 205.151.68.200

HKLM\SYSTEM\CCS\Services\Tcpip\..\{56B51EC4-943F-418C-B376-A574CF564656}: DhcpNameServer=205.151.69.200 205.151.68.200
HKLM\SYSTEM\CS1\Services\Tcpip\..\{56B51EC4-943F-418C-B376-A574CF564656}: DhcpNameServer=205.151.69.200 205.151.68.200
HKLM\SYSTEM\CS2\Services\Tcpip\..\{56B51EC4-943F-418C-B376-A574CF564656}: DhcpNameServer=205.151.69.200 205.151.68.200
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=205.151.69.200 205.151.68.200
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=205.151.69.200 205.151.68.200
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=205.151.69.200 205.151.68.200


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

------- LOGFILE OF AD-REMOVER 1.0.9.2 | ONLY XP/VISTA -------

UPDATED BY C_XX ON 14/01/2009 AT 20:00

START AT: 0:34:55 | Sam 2009-01-17 | MICROSOFT® WINDOWS XP™ SP3 (V5.1.2600)
BOOT MODE: NORMAL
OPTION: SCAN | EXECUTED FROM: C:\Program Files\Ad-remover\AD-REMOVER.BAT
PC: NATHALIE | USER: HP_Administrateur ( Current user is an administrator)
DRIVE(S):
- C:\ (FILE SYSTEM: NTFS)
- D:\ (FILE SYSTEM: FAT32)
SYSTEM DRIVE: C:\
WINDOWS DIRECTORY: C:\WINDOWS\
SYSTEM DIRECTORY: C:\WINDOWS\SYSTEM32\

--- RUNNING PROCESSES: 55

+--------------------| BOONTY/BOONTY GAMES ELEMENTS FOUND :

.
.

+--------------------| EOREZO ELEMENTS FOUND :

.
.

+--------------------| EVEREST CASINO/EVEREST POKER ELEMENTS FOUND :

.
.

+--------------------| FUNWEBPRODUCTS/MYWAY/MYWEBSEARCH/MYGLOBALSEARCH ELEMENTS FOUND :

.
HKCR\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}
HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
HKCR\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3}
HKCR\Interface\{1093995a-ba37-41d2-836e-091067c4ad17}
HKCR\Interface\{120927bf-1700-43bc-810f-fab92549b390}
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
HKCR\Interface\{1f52a5fa-a705-4415-b975-88503b291728}
HKCR\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a}
HKCR\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc}
HKCR\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc}
HKCR\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495}
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
HKCR\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca}
HKCR\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff}
HKCR\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8}
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244f69}
HKCR\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc}
HKCR\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d}
HKCR\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe}
HKCR\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1}
HKCR\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477}
HKCR\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e}
HKCR\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f}
HKCR\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8}
HKCR\FunWebProducts.DataControl
HKCR\FunWebProducts.DataControl.1
HKCR\FunWebProducts.HistoryKillerScheduler
HKCR\FunWebProducts.HistoryKillerScheduler.1
HKCR\FunWebProducts.HistorySwatterControlBar
HKCR\FunWebProducts.HistorySwatterControlBar.1
HKCR\FunWebProducts.HTMLMenu
HKCR\FunWebProducts.HTMLMenu.1
HKCR\FunWebProducts.HTMLMenu.2
HKCR\FunWebProducts.IECookiesManager
HKCR\FunWebProducts.IECookiesManager.1
HKCR\FunWebProducts.KillerObjManager
HKCR\FunWebProducts.KillerObjManager.1
HKCR\FunWebProducts.PopSwatterBarButton
HKCR\FunWebProducts.PopSwatterBarButton.1
HKCR\FunWebProducts.PopSwatterSettingsControl
HKCR\FunWebProducts.PopSwatterSettingsControl.1
HKCR\screensavercontrol.screensaverinstaller
HKCR\screensavercontrol.screensaverinstaller.1
HKCR\MyWebSearch.ChatSessionPlugin
HKCR\MyWebSearch.ChatSessionPlugin.1
HKCR\MyWebSearch.HTMLPanel
HKCR\MyWebSearch.HTMLPanel.1
HKCR\MyWebSearch.PseudoTransparentPlugin
HKCR\MyWebSearch.PseudoTransparentPlugin.1
HKCR\MyWebSearchToolBar.ToolbarPlugin
HKCR\MyWebSearchToolBar.ToolbarPlugin.1
HKCU\SOFTWARE\FunWebProducts
HKCU\SOFTWARE\Fun Web Products
HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df}
HKLM\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKLM\SOFTWARE\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
HKLM\SOFTWARE\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
HKLM\SOFTWARE\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
HKLM\SOFTWARE\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
HKLM\SOFTWARE\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}
HKLM\SOFTWARE\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
HKLM\SOFTWARE\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}
HKLM\SOFTWARE\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
HKLM\SOFTWARE\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
HKLM\SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
HKLM\SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
HKLM\SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
HKLM\SOFTWARE\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
HKLM\SOFTWARE\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
HKLM\SOFTWARE\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}
HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
HKLM\SOFTWARE\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
HKLM\SOFTWARE\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
HKLM\SOFTWARE\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
HKLM\SOFTWARE\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
HKLM\SOFTWARE\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\SOFTWARE\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
HKLM\SOFTWARE\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
HKLM\SOFTWARE\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
HKLM\SOFTWARE\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
HKLM\SOFTWARE\FocusInteractive
HKLM\SOFTWARE\Fun Web Products
HKLM\SOFTWARE\FunWebProducts
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall
HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler.1
HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
HKLM\SYSTEM\ControlSet002\Services\MyWebSearchService
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612}
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\MY WEB SEARCH BAR SEARCH SCOPE MONITOR
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\MYWEBSEARCH PLUGIN
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\USER AGENT\POST PLATFORM\\FUNWEBPRODUCTS
HKLM\SOFTWARE\MICROSOFT\WINDOWS MEDIA\WMSDK\SOURCES\\F3POPULARSCREENSAVERS
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
.
C:\WINDOWS\SYSTEM32\f3PSSavr.scr
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver
C:\Program Files\FunWebProducts\Shared
C:\Program Files\FunWebProducts\ScreenSaver\Images
C:\Program Files\FunWebProducts\Shared\00063FBB.dat
C:\Program Files\FunWebProducts\Shared\Cache
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html
C:\Program Files\Mozilla Firefox\Plugins\NPMyWebS.dll
C:\WINDOWS\DOWNLOADED PROGRAM FILES\F3initialsetup1.0.1.0.inf
C:\Program Files\WINDOWS LIVE\MESSENGER\RICHED20.DLL
C:\Program Files\INTERNET EXPLORER\MSIMG32.DLL

+--------------------| IT'S TV ELEMENTS FOUND :

.

+--------------------| SWEETIM ELEMENTS FOUND :

.
HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
HKCR\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKCR\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
HKCR\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
HKCR\SWEETIE.IEToolbar
HKCR\SWEETIE.IEToolbar.1
HKCR\SWEETIE.SWEETIE
HKCR\SWEETIE.SWEETIE.3
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
HKCR\Toolbar3.SWEETIE
HKCR\Toolbar3.SWEETIE.1
HKCR\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKCR\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}
HKCR\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}
HKCR\MgMediaPlayer.GifAnimator
HKCR\MgMediaPlayer.GifAnimator.1
HKCU\SOFTWARE\SweetIM
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{266C7330-C0F4-49E5-8F20-A56F9F822875}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
HKLM\SOFTWARE\SweetIM
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\SWEETIM
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\02F47BF73B948514FAACADD8CBBDF37D
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\080D9F5E1E95FEE4794CE438E635239E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\1E264E0A5959A1C46BA9175A878B12EA
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\2E6768B6932D112438F047C54D180635
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\351716A953E21214898904032EAE2E81
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\397C771A7BCAC904697C3EC629ED33ED
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\98CC8BF5A4A6E6C4ABF7051DDAB8B058
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\A189D17A469616C4688D23E192996267
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\D15DAF33C220F91468A1D7D57C31ACD7
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\D3BA76A44C779424889063D5098ED2D6
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\D6D0EB9FDBD90C04D92A7E729058F10D
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\E4748F9A4181FCE46A23C13B517B9420
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\07D5290CDBDAE4242926B8E6CA650501
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\08E33F7B61DEFF24BB9673ED7D467636
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\0E3D8A5B48622A445A7DF73FEFF32C3F
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\1AC67655DD68F8240B2860F2D511EBD8
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\46A5861A389ADB844AF89E31BC9DF0A1
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\34EDDB1BFB3A2D448845F3EFD0F15A43
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\4318DF19719275242801CBE292063A4C
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\45FC115D1FEAEF849A4E1610D6EC8BF0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\49B0E1A6FF50BBE4289E4E23DE6EA0C7
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\4CCCAC049F34D0540AAC13011398BEDB
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\5C4389D0BFB302C479DE4178BD5D9EBA
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\5D19F074C042AD34BAB463D4175A062E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\5D2B09BDEF4FE54418E6F3373CDBC7AC
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\61B65D3397A1FBF4CB1571B5E4F6B5B0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\68E8A05C60DD9254591DBD16C94EDDBF
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\697E782CF574CC34CBB9566440BA12BC
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\6AE27A8613CF7EA4782F2886F67295E5
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\7CE172051F585E04187BCB97570BFA74
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\86A901BA5265452499DCBF719C378EE3
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\88ABD1CD5C40EC84789A7F6EF86DAC5E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\980289C22F80A7C4BB9323DC61255E4E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\9A4B7EF3789F871419D9302583B20C15
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\A6C53B0F76C44004A8F36716213017DB
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\B59F2D8189784CC46A4597F2842480B0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\BD746FB95FB8E5B45BF66BE54D5FD91F
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\CCF399FCD6D2D3F46BF02A1378654FC9
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\D149C1355C98DE24E82CEFBD996FE06A
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\DB59FDB786388EA4D897F3EE715683AC
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\DB8DAD19CFBCC2049A4477183787E8C5
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\E337925F629CF4C4FB08F3D9674DD839
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\EC65F200D112357449C8B1BC3CFA03D0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\427EA997C413D1D47907CBFC7B2DB432
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\E1C820A74ED67374BA048B52CB3C3804
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\F327D0C73C0973644A21E8CC852267A0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\FA96423FE2B98E248A3B23548D1E22D9
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\0FF2AEFF45EEA0A48A4B33C1973B6094
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\305B09CE8C53A214DB58887F62F25536
HKLM\SOFTWARE\CLASSES\INSTALLER\PRODUCT\0337C6624F0C5E94F8025AF6F9288257
HKLM\~\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\0337C6624F0C5E94F8025AF6F9288257
HKLM\SOFTWARE\CLASSES\INSTALLER\PRODUCT\0337C6624F0C5E94F8025AF6F9288257
.
C:\WINDOWS\INSTALLER\a4b386.msi
C:\WINDOWS\INSTALLER\a4b38c.msi
C:\Program Files\SweetIM
C:\Program Files\SweetIM\Messenger
C:\Program Files\SweetIM\Toolbars
C:\Program Files\SweetIM\Messenger\default.xml
C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll
C:\Program Files\SweetIM\Messenger\mgAIMAuto.dll
C:\Program Files\SweetIM\Messenger\mgAIMMessengerAdapter.dll
C:\Program Files\SweetIM\Messenger\mgArchive.dll
C:\Program Files\SweetIM\Messenger\mgcommon.dll
C:\Program Files\SweetIM\Messenger\mgcommunication.dll
C:\Program Files\SweetIM\Messenger\mgconfig.dll
C:\Program Files\SweetIM\Messenger\mgFlashPlayer.dll
C:\Program Files\SweetIM\Messenger\mghooking.dll
C:\Program Files\SweetIM\Messenger\mgICQAuto.dll
C:\Program Files\SweetIM\Messenger\mgICQMessengerAdapter.dll
C:\Program Files\SweetIM\Messenger\mgIEPlayer.dll
C:\Program Files\SweetIM\Messenger\mglogger.dll
C:\Program Files\SweetIM\Messenger\mgMediaPlayer.dll
C:\Program Files\SweetIM\Messenger\mgMsnAuto.dll
C:\Program Files\SweetIM\Messenger\mgMsnMessengerAdapter.dll
C:\Program Files\SweetIM\Messenger\mgsimcommon.dll
C:\Program Files\SweetIM\Messenger\mgSweetIM.dll
C:\Program Files\SweetIM\Messenger\mgUpdateSupport.dll
C:\Program Files\SweetIM\Messenger\mgxml_wrapper.dll
C:\Program Files\SweetIM\Messenger\mgYahooAuto.dll
C:\Program Files\SweetIM\Messenger\mgYahooMessengerAdapter.dll
C:\Program Files\SweetIM\Messenger\msvcp71.dll
C:\Program Files\SweetIM\Messenger\msvcr71.dll
C:\Program Files\SweetIM\Messenger\resources
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\SweetIM\Messenger\resources\images
C:\Program Files\SweetIM\Messenger\resources\images\AudibleButton.png
C:\Program Files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
C:\Program Files\SweetIM\Messenger\resources\images\EmoticonButton.png
C:\Program Files\SweetIM\Messenger\resources\images\NudgeButton.png
C:\Program Files\SweetIM\Messenger\resources\images\SoundFxButton.png
C:\Program Files\SweetIM\Messenger\resources\images\WinksButton.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer
C:\Program Files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf
C:\Program Files\SweetIM\Toolbars\Internet Explorer\default.xml
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mglogger.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\msvcp71.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\msvcr71.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources
C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Bookmarks_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Email_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Games_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Greetingcards_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Logo.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Mobile_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Music_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\News_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\Shoping_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\sweetimicons.bmp
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\version.txt
C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\mvzydekf.default\searchplugins\sweetim.xml
C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\mvzydekf.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\mvzydekf.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome
C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\mvzydekf.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome.manifest
C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\mvzydekf.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components
C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\mvzydekf.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\install.rdf
C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\mvzydekf.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF
C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\mvzydekf.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar.jar
C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\mvzydekf.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components\SIMAutoCompleteSearch.js
C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\mvzydekf.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\manifest.mf
C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\mvzydekf.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\zigbert.rsa
C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\mvzydekf.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\zigbert.sf
C:\Documents and Settings\All Users\Application Data\SweetIM
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger
C:\Documents and Settings\All Users\Application Data\SweetIM\Toolbars
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\logs
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\update
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\adapter.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\autoupdate.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\logger.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\messages.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\sweetim.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\sweetimapp.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\main_user_config.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\matlange@hotmail.com
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\matlange@hotmail.com\content_update_notification.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\matlange@hotmail.com\emoticons_shortcut.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\matlange@hotmail.com\lastuse_Audibles.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\matlange@hotmail.com\lastuse_SpecialFX.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\matlange@hotmail.com\user_config.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00010859.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000108C2.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0001094F.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0002013F.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00020144.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000202FE.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00020337.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00030099.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0003009A.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000300A1.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000300AC.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000300B2.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000300B4.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0004005A.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00040063.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00080017.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0008005C.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00080068.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0008008D.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0008008F.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\02050002.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\cache_indx.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Toolbars\Internet Explorer
C:\Documents and Settings\All Users\Application Data\SweetIM\Toolbars\Internet Explorer\cache
C:\Documents and Settings\All Users\Application Data\SweetIM\Toolbars\Internet Explorer\cache\7ecfc800b3946bda26c32bca50a3f4eb.games.bmp
C:\Documents and Settings\All Users\Application Data\SweetIM\Toolbars\Internet Explorer\cache\f64a71f602d078aa84829e36b8992194.toolbar31.xml
C:\WINDOWS\PREFETCH\SWEETIMSETUP[1].EXE-26186470.pf
C:\Documents and Settings\HP_Administrateur\COOKIES\hp_administrateur@search.sweetim[1].txt
C:\Documents and Settings\HP_Administrateur\COOKIES\hp_administrateur@sweetim[1].txt
C:\Documents and Settings\HP_Administrateur\COOKIES\hp_administrateur@www.sweetim[2].txt

+--------------------| ADDED SCAN :


+---------- SCANNING PREFS.JS ... ( # MOZILLA USER PREFERENCES )

..\mvzydekf.default\prefs.js :

~~~~ MOZILLA FIREFOX VERSION 1.5.0.7 ~~~~

* BROWSER SEARCH DEFAULT ENGINE: "Yoog Search"
* BROWSER SEARCH SELECTED ENGINE: "Yoog Search"
* BROWSER SEARCH DEFAULT URL: "http://www10.yoog.com/search.php?q="
* BROWSER STARTUP HOMEPAGE: "https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2f%3flang%3den-CA"

.

+---------------------------------------------------------------------------+


~~~~ INTERNET EXPLORER VERSION 7.0.5730.13 ~~~~

+--[HKEY_CURRENT_USER\..\INTERNET EXPLORER\MAIN]

Start page : hxxp://home.sweetim.com

+--[HKEY_LOCAL_MACHINE\..\INTERNET EXPLORER\MAIN]

Start page : hxxp://home.sweetim.com

+---------------------------------------------------------------------------+

[~28854 BYTES] - "C:\AD-REPORT-SCAN-20.9-.1-17.LOG"

END AT: 0:38:55 | 2009-01-17 - TIME ELAPSED: 3 minutes, 59 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 420 LINES ]
+---------------------------------------------------------------------------+

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
BIOS : Phoenix - Award BIOS v6.00PG
USER : HP_Administrateur ( Administrator )
BOOT : Normal boot
Antivirus : iolo AntiVirus® 1.5 (Activated)
Firewall : iolo Personal Firewall® 1.5 (Activated)
C:\ (Local Disk) - NTFS - Total:224 Go (Free:131 Go)
D:\ (Local Disk) - FAT32 - Total:8 Go (Free:2 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 2009-01-17| 0:45 )

--------------------\\ Listing des dossiers dans APPLIC~1

[2005-08-12|14:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[2004-12-03|20:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[2005-08-12|14:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[2005-08-12|14:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[2005-08-12|14:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
[2005-08-12|14:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

[2008-10-07|14:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2005-08-12|14:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2005-08-12|14:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2008-12-29|18:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[2008-12-29|18:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVDXStudio
[2005-08-12|14:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[2005-08-12|14:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[2008-10-13|15:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\iolo
[2009-01-16|21:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[2008-12-30|13:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[2008-09-23|10:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2009-01-03|00:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Proxy Long Chin Ping
[2008-08-09|14:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[2005-08-12|06:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[2008-08-23|12:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBT
[2008-12-22|12:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
[2009-01-14|17:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM
[2008-10-13|14:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[2009-01-06|12:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[2008-09-23|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ubisoft
[2008-08-17|12:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2008-08-09|10:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[2005-08-12|14:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
[2004-12-03|20:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[2005-08-12|14:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[2005-08-12|14:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
[2005-08-12|14:41] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
[2005-08-12|14:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[2008-08-04|08:04] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Adobe
[2008-11-16|22:07] C:\DOCUME~1\HP_ADM~1\APPLIC~1\AdobeUM
[2005-08-12|14:28] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Apple Computer
[2009-01-03|00:06] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Flaw Camp Bone
[2008-08-18|09:34] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Gearbox Software
[2008-07-26|14:45] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Help
[2004-12-03|20:59] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Identities
[2008-09-28|17:46] C:\DOCUME~1\HP_ADM~1\APPLIC~1\InterVideo
[2008-12-13|14:05] C:\DOCUME~1\HP_ADM~1\APPLIC~1\iolo
[2008-07-30|23:32] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Leadertech
[2009-01-14|17:19] C:\DOCUME~1\HP_ADM~1\APPLIC~1\LimeWire
[2008-07-26|15:06] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Macromedia
[2008-12-30|15:11] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Microsoft
[2008-07-26|14:46] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Microsoft Web Folders
[2008-10-07|20:06] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Mozilla
[2008-10-04|19:45] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Real
[2005-08-12|14:41] C:\DOCUME~1\HP_ADM~1\APPLIC~1\SampleView
[2008-07-30|23:32] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Sonic
[2009-01-15|13:29] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Sun
[2008-07-31|01:40] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Symantec
[2008-07-31|01:03] C:\DOCUME~1\HP_ADM~1\APPLIC~1\TuneUp Software
[2008-05-15|22:09] C:\DOCUME~1\HP_ADM~1\APPLIC~1\U3
[2008-12-29|18:44] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Vso
[2009-01-14|17:40] C:\DOCUME~1\HP_ADM~1\APPLIC~1\WinRAR

[2008-09-21|09:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\agi
[2008-10-13|14:59] C:\DOCUME~1\LOCALS~1\APPLIC~1\iolo
[2005-05-21|13:52] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[2005-05-21|13:52] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft



--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[2009-01-17 00:00][--ah-----] C:\WINDOWS\tasks\A4C2F93291B973DE.job
[2009-01-17 00:12][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[2009-01-17 00:00][--a------] C:\WINDOWS\tasks\Maintenance en 1 clic.job
[2009-01-16 21:41][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2004-08-10 20:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

( A4C2F93291B973DE.job )=( c:\docume~1\hp_adm~1\applic~1\flawca~1\WipeMealSoap.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[2008-07-28|19:35] C:\Program Files\Activision Value
[2005-08-12|14:25] C:\Program Files\Adobe
[2009-01-17|00:38] C:\Program Files\Ad-remover
[2008-12-30|13:36] C:\Program Files\Adverts
[2009-01-02|22:08] C:\Program Files\Atari-Infogrames
[2005-08-12|14:32] C:\Program Files\BackWeb
[2008-09-23|10:42] C:\Program Files\BuzzingCars
[2008-12-29|18:44] C:\Program Files\CloneDVD
[2008-07-30|21:45] C:\Program Files\Common Files
[2004-12-03|20:03] C:\Program Files\ComPlus Applications
[2008-12-29|18:08] C:\Program Files\Conduit
[2008-12-29|18:51] C:\Program Files\DVD Shrink
[2008-12-22|17:13] C:\Program Files\DVDFab 5
[2008-11-18|18:50] C:\Program Files\Easy Internet signup
[2009-01-16|21:54] C:\Program Files\Fichiers communs
[2009-01-03|00:06] C:\Program Files\Flaw Camp Bone
[2005-08-12|14:21] C:\Program Files\FrenchOtto
[2008-09-21|11:41] C:\Program Files\FunWebProducts
[2005-08-12|14:21] C:\Program Files\GemMasterFrench
[2008-10-07|20:03] C:\Program Files\Google
[2008-12-27|16:49] C:\Program Files\Groove Games
[2005-08-12|14:55] C:\Program Files\Hewlett-Packard
[2005-08-12|14:13] C:\Program Files\HP
[2005-08-12|14:33] C:\Program Files\HPQ
[2008-11-17|19:09] C:\Program Files\iCheck
[2009-01-01|18:32] C:\Program Files\InstallShield Installation Information
[2008-12-09|18:44] C:\Program Files\Internet Explorer
[2005-08-12|14:58] C:\Program Files\InterVideo
[2008-10-13|14:58] C:\Program Files\iolo
[2005-08-12|14:28] C:\Program Files\iPod
[2005-08-12|14:28] C:\Program Files\iTunes
[2005-08-12|06:26] C:\Program Files\Java
[2009-01-16|21:55] C:\Program Files\Lavasoft
[2008-12-21|16:22] C:\Program Files\LimeWire
[2008-08-15|15:02] C:\Program Files\Messenger
[2008-12-30|13:31] C:\Program Files\Messenger Plus! Live
[2008-12-30|13:36] C:\Program Files\MessengerPlus! 3
[2005-08-12|14:19] C:\Program Files\Microsoft Encarta
[2008-08-23|12:14] C:\Program Files\microsoft frontpage
[2008-12-30|18:00] C:\Program Files\Microsoft Games
[2008-08-23|12:24] C:\Program Files\Microsoft Office
[2005-08-12|14:27] C:\Program Files\Microsoft Visual Studio
[2008-08-07|10:22] C:\Program Files\Microsoft Works
[2008-07-30|20:44] C:\Program Files\Movie Maker
[2009-01-15|14:09] C:\Program Files\Mozilla Firefox
[2004-12-03|21:01] C:\Program Files\MSN
[2004-12-03|21:01] C:\Program Files\MSN Gaming Zone
[2008-07-26|17:20] C:\Program Files\MSXML 4.0
[2005-08-12|14:58] C:\Program Files\muvee Technologies
[2008-07-30|20:42] C:\Program Files\NetMeeting
[2008-10-13|14:10] C:\Program Files\Norton 360
[2004-12-03|21:01] C:\Program Files\Online Services
[2008-07-30|20:42] C:\Program Files\Outlook Express
[2008-07-31|00:57] C:\Program Files\PC Inspector File Recovery
[2005-08-12|14:36] C:\Program Files\PC-Doctor for Windows
[2008-12-31|17:24] C:\Program Files\PHPNukeEN
[2008-11-17|19:08] C:\Program Files\ppcbooster
[2005-08-12|14:28] C:\Program Files\QuickTime
[2005-08-12|14:20] C:\Program Files\Real
[2008-07-30|21:39] C:\Program Files\Seagate Software
[2005-08-12|14:39] C:\Program Files\Services en ligne
[2009-01-01|18:22] C:\Program Files\Simple Comptable 2008
[2009-01-01|18:43] C:\Program Files\Simple Comptable Pro 2009
[2009-01-01|18:25] C:\Program Files\SlySoft
[2008-08-23|12:15] C:\Program Files\Snapshot Viewer
[2005-08-12|14:23] C:\Program Files\Sonic
[2008-11-24|09:34] C:\Program Files\SpeedTest
[2009-01-16|21:41] C:\Program Files\Steam
[2009-01-14|17:14] C:\Program Files\SweetIM
[2009-01-09|21:48] C:\Program Files\Trend Micro
[2008-09-23|10:55] C:\Program Files\Ubisoft
[2008-07-30|21:43] C:\Program Files\Uninstall Information
[2005-08-12|14:32] C:\Program Files\Updates from HP
[2008-11-17|19:09] C:\Program Files\VnrBlock
[2008-10-26|12:24] C:\Program Files\VUGames
[2008-08-09|10:50] C:\Program Files\Windows Live
[2008-08-09|10:52] C:\Program Files\Windows Live Favorites
[2008-08-09|10:52] C:\Program Files\Windows Live Toolbar
[2008-07-26|01:46] C:\Program Files\Windows Media Player
[2008-07-30|20:42] C:\Program Files\Windows NT
[2004-12-03|21:02] C:\Program Files\Windows Plus
[2004-12-03|20:03] C:\Program Files\WindowsUpdate
[2009-01-14|17:40] C:\Program Files\WinRAR
[2009-01-01|18:36] C:\Program Files\winsim
[2004-12-03|21:02] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[2008-07-26|15:08] C:\Program Files\Fichiers communs\Adobe
[2008-09-30|20:42] C:\Program Files\Fichiers communs\AnswerWorks 4.0
[2009-01-01|18:35] C:\Program Files\Fichiers communs\AnswerWorks 5.0
[2008-08-19|12:09] C:\Program Files\Fichiers communs\AOL
[2008-10-13|14:58] C:\Program Files\Fichiers communs\Authentium
[2008-08-23|12:06] C:\Program Files\Fichiers communs\Designer
[2005-08-12|14:11] C:\Program Files\Fichiers communs\Hewlett-Packard
[2005-08-12|06:43] C:\Program Files\Fichiers communs\HP
[2005-08-12|14:58] C:\Program Files\Fichiers communs\InstallShield
[2005-08-12|14:58] C:\Program Files\Fichiers communs\InterVideo
[2008-09-30|20:34] C:\Program Files\Fichiers communs\Intuit
[2005-08-12|06:26] C:\Program Files\Fichiers communs\Java
[2008-07-25|22:57] C:\Program Files\Fichiers communs\LightScribe
[2008-09-23|11:10] C:\Program Files\Fichiers communs\Microsoft Shared
[2004-12-03|21:00] C:\Program Files\Fichiers communs\MSSoap
[2005-08-12|14:30] C:\Program Files\Fichiers communs\muvee Technologies
[2004-12-03|21:00] C:\Program Files\Fichiers communs\ODBC
[2008-10-07|20:04] C:\Program Files\Fichiers communs\Real
[2008-07-26|01:46] C:\Program Files\Fichiers communs\Services
[2005-08-12|14:18] C:\Program Files\Fichiers communs\Sonic Shared
[2004-12-03|21:00] C:\Program Files\Fichiers communs\SpeechEngines
[2005-08-12|14:19] C:\Program Files\Fichiers communs\SureThing Shared
[2008-10-13|14:46] C:\Program Files\Fichiers communs\Symantec Shared
[2008-08-23|12:15] C:\Program Files\Fichiers communs\System
[2005-08-12|14:23] C:\Program Files\Fichiers communs\TiVo Shared
[2008-08-09|10:50] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[2009-01-16|21:54] C:\Program Files\Fichiers communs\Wise Installation Wizard
[2008-10-07|20:04] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 60 Processes )

IEXPLORE.EXE ~ [PID:2216]
IEXPLORE.EXE ~ [PID:2364]
IEXPLORE.EXE ~ [PID:3824]
iexplore.exe ~ [PID:1036]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Proxy Long Chin Ping
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Proxy Long Chin Ping\obj love.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Proxy Long Chin Ping\obj love.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Proxy Long Chin Ping\Tool Sixth.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Proxy Long Chin Ping\Tool Sixth.exe
C:\DOCUME~1\HP_ADM~1\APPLIC~1\flawca~1
C:\DOCUME~1\HP_ADM~1\APPLIC~1\flawca~1\Grey Tons Grim Link.exe
C:\DOCUME~1\HP_ADM~1\APPLIC~1\flawca~1\sixthheckfour.exe
C:\DOCUME~1\HP_ADM~1\APPLIC~1\flawca~1\uyxhkipf.exe
C:\DOCUME~1\HP_ADM~1\APPLIC~1\flawca~1\vzbnwgww.exe
C:\DOCUME~1\HP_ADM~1\APPLIC~1\flawca~1\Wipe Meal Soap.exe
C:\Program Files\flawca~1
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nsaB2.tmp
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nsbB8.tmp
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nsgAF.tmp
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nsjA5.tmp
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nsl16.tmp
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nsl60.tmp
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nsnAB.tmp
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nso34.tmp
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nspB6.tmp
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nsr29.tmp
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nsrA7.tmp
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nstB4.tmp
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nsv63.tmp
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nsvA9.tmp
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nsx2C.tmp
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nsz15.tmp
C:\Program Files\Adverts
C:\Program Files\Adverts\uninst.exe
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@advertstream[1].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@advertising[1].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@adin.bigpoint[1].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@bigpoint[1].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@fr.bigpoint[2].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@pacificpoker[2].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@partypoker[1].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@32vegas[2].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@banner.32vegas[2].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.32vegas[2].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@888[2].txt
C:\WINDOWS\Tasks\A4C2F93291B973DE.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mediabags"="C:\\DOCUME~1\\HP_ADM~1\\APPLIC~1\\FLAWCA~1\\sixthheckfour.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHIN PING PHONE PILE"="C:\\Documents and Settings\\All Users\\Application Data\\Proxy Long Chin Ping\\Tool Sixth.exe"

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme


--------------------\\ Recherche d'autres infections

--------------------\\ ROOTKIT !!

Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS]

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Incomplete\T-428897-Counter Strike 1 6 + ZBot crack keygen.zip
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\lime wire\Nero 6 Francais Complet Crack Patch Francais
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\lime wire\Nero 6 Francais Complet Crack Patch Francais\Nero.v6.6.0.16.doc
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Saved\Counter Strike 1.6 Full (With Bots) + Maps (REMASTERED By IRAN Torrents) crack keygen
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Saved\Counter Strike 1.6 Full (With Bots) + Maps (REMASTERED By IRAN Torrents) crack keygen.zip
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Saved\Counter Strike 1.6 Full (With Bots) + Maps (REMASTERED By IRAN Torrents) crack keygen\Counter Strike 1.6 Full (With Bots) + Maps (REMASTERED By IRAN Torrents) crack keygen.nfo
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Saved\Counter Strike 1.6 Full (With Bots) + Maps (REMASTERED By IRAN Torrents) crack keygen\crack
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Saved\Counter Strike 1.6 Full (With Bots) + Maps (REMASTERED By IRAN Torrents) crack keygen\Data1.cab
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Saved\Counter Strike 1.6 Full (With Bots) + Maps (REMASTERED By IRAN Torrents) crack keygen\Data2.cab
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Saved\Counter Strike 1.6 Full (With Bots) + Maps (REMASTERED By IRAN Torrents) crack keygen\Setup.exe
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Saved\Counter Strike 1.6 Full (With Bots) + Maps (REMASTERED By IRAN Torrents) crack keygen\crack\crack.exe
C:\DOCUME~1\HP_ADM~1\Recent\Counter Strike 1.6 Full (With Bots) + Maps (REMASTERED By IRAN Torrents) crack keygen.lnk
C:\DOCUME~1\HP_ADM~1\Recent\R‚pertoire temporaire 3 pour Counter Strike 1.6 Full (With Bots) + Maps (REMASTERED By IRAN Torrents) crack keygen.zip.lnk


[F:1337][D:331]-> C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
[F:414][D:0]-> C:\DOCUME~1\HP_ADM~1\Cookies
[F:4671][D:44]-> C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 2009-01-17| 0:58 - Option : [1]

--------------------\\ Fin du rapport a 0:58:25

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
BIOS : Phoenix - Award BIOS v6.00PG
USER : HP_Administrateur ( Administrator )
BOOT : Normal boot
Antivirus : iolo AntiVirus® 1.5 (Activated)
Firewall : iolo Personal Firewall® 1.5 (Activated)
C:\ (Local Disk) - NTFS - Total:224 Go (Free:131 Go)
D:\ (Local Disk) - FAT32 - Total:8 Go (Free:2 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 2009-01-17| 0:45 )

--------------------\\ Listing des dossiers dans APPLIC~1

[2005-08-12|14:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[2004-12-03|20:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[2005-08-12|14:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[2005-08-12|14:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[2005-08-12|14:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
[2005-08-12|14:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

[2008-10-07|14:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2005-08-12|14:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2005-08-12|14:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2008-12-29|18:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[2008-12-29|18:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVDXStudio
[2005-08-12|14:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[2005-08-12|14:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[2008-10-13|15:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\iolo
[2009-01-16|21:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[2008-12-30|13:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[2008-09-23|10:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2009-01-03|00:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Proxy Long Chin Ping
[2008-08-09|14:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[2005-08-12|06:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[2008-08-23|12:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBT
[2008-12-22|12:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
[2009-01-14|17:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM
[2008-10-13|14:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[2009-01-06|12:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[2008-09-23|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ubisoft
[2008-08-17|12:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2008-08-09|10:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[2005-08-12|14:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
[2004-12-03|20:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[2005-08-12|14:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[2005-08-12|14:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
[2005-08-12|14:41] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
[2005-08-12|14:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[2008-08-04|08:04] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Adobe
[2008-11-16|22:07] C:\DOCUME~1\HP_ADM~1\APPLIC~1\AdobeUM
[2005-08-12|14:28] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Apple Computer
[2009-01-03|00:06] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Flaw Camp Bone
[2008-08-18|09:34] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Gearbox Software
[2008-07-26|14:45] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Help
[2004-12-03|20:59] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Identities
[2008-09-28|17:46] C:\DOCUME~1\HP_ADM~1\APPLIC~1\InterVideo
[2008-12-13|14:05] C:\DOCUME~1\HP_ADM~1\APPLIC~1\iolo
[2008-07-30|23:32] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Leadertech
[2009-01-14|17:19] C:\DOCUME~1\HP_ADM~1\APPLIC~1\LimeWire
[2008-07-26|15:06] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Macromedia
[2008-12-30|15:11] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Microsoft
[2008-07-26|14:46] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Microsoft Web Folders
[2008-10-07|20:06] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Mozilla
[2008-10-04|19:45] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Real
[2005-08-12|14:41] C:\DOCUME~1\HP_ADM~1\APPLIC~1\SampleView
[2008-07-30|23:32] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Sonic
[2009-01-15|13:29] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Sun
[2008-07-31|01:40] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Symantec
[2008-07-31|01:03] C:\DOCUME~1\HP_ADM~1\APPLIC~1\TuneUp Software
[2008-05-15|22:09] C:\DOCUME~1\HP_ADM~1\APPLIC~1\U3
[2008-12-29|18:44] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Vso
[2009-01-14|17:40] C:\DOCUME~1\HP_ADM~1\APPLIC~1\WinRAR

[2008-09-21|09:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\agi
[2008-10-13|14:59] C:\DOCUME~1\LOCALS~1\APPLIC~1\iolo
[2005-05-21|13:52] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[2005-05-21|13:52] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft



--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[2009-01-17 00:00][--ah-----] C:\WINDOWS\tasks\A4C2F93291B973DE.job
[2009-01-17 00:12][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[2009-01-17 00:00][--a------] C:\WINDOWS\tasks\Maintenance en 1 clic.job
[2009-01-16 21:41][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2004-08-10 20:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

( A4C2F93291B973DE.job )=( c:\docume~1\hp_adm~1\applic~1\flawca~1\WipeMealSoap.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[2008-07-28|19:35] C:\Program Files\Activision Value
[2005-08-12|14:25] C:\Program Files\Adobe
[2009-01-17|00:38] C:\Program Files\Ad-remover
[2008-12-30|13:36] C:\Program Files\Adverts
[2009-01-02|22:08] C:\Program Files\Atari-Infogrames
[2005-08-12|14:32] C:\Program Files\BackWeb
[2008-09-23|10:42] C:\Program Files\BuzzingCars
[2008-12-29|18:44] C:\Program Files\CloneDVD
[2008-07-30|21:45] C:\Program Files\Common Files
[2004-12-03|20:03] C:\Program Files\ComPlus Applications
[2008-12-29|18:08] C:\Program Files\Conduit
[2008-12-29|18:51] C:\Program Files\DVD Shrink
[2008-12-22|17:13] C:\Program Files\DVDFab 5
[2008-11-18|18:50] C:\Program Files\Easy Internet signup
[2009-01-16|21:54] C:\Program Files\Fichiers communs
[2009-01-03|00:06] C:\Program Files\Flaw Camp Bone
[2005-08-12|14:21] C:\Program Files\FrenchOtto
[2008-09-21|11:41] C:\Program Files\FunWebProducts
[2005-08-12|14:21] C:\Program Files\GemMasterFrench
[2008-10-07|20:03] C:\Program Files\Google
[2008-12-27|16:49] C:\Program Files\Groove Games
[2005-08-12|14:55] C:\Program Files\Hewlett-Packard
[2005-08-12|14:13] C:\Program Files\HP
[2005-08-12|14:33] C:\Program Files\HPQ
[2008-11-17|19:09] C:\Program Files\iCheck
[2009-01-01|18:32] C:\Program Files\InstallShield Installation Information
[2008-12-09|18:44] C:\Program Files\Internet Explorer
[2005-08-12|14:58] C:\Program Files\InterVideo
[2008-10-13|14:58] C:\Program Files\iolo
[2005-08-12|14:28] C:\Program Files\iPod
[2005-08-12|14:28] C:\Program Files\iTunes
[2005-08-12|06:26] C:\Program Files\Java
[2009-01-16|21:55] C:\Program Files\Lavasoft
[2008-12-21|16:22] C:\Program Files\LimeWire
[2008-08-15|15:02] C:\Program Files\Messenger
[2008-12-30|13:31] C:\Program Files\Messenger Plus! Live
[2008-12-30|13:36] C:\Program Files\MessengerPlus! 3
[2005-08-12|14:19] C:\Program Files\Microsoft Encarta
[2008-08-23|12:14] C:\Program Files\microsoft frontpage
[2008-12-30|18:00] C:\Program Files\Microsoft Games
[2008-08-23|12:24] C:\Program Files\Microsoft Office
[2005-08-12|14:27] C:\Program Files\Microsoft Visual Studio
[2008-08-07|10:22] C:\Program Files\Microsoft Works
[2008-07-30|20:44] C:\Program Files\Movie Maker
[2009-01-15|14:09] C:\Program Files\Mozilla Firefox
[2004-12-03|21:01] C:\Program Files\MSN
[2004-12-03|21:01] C:\Program Files\MSN Gaming Zone
[2008-07-26|17:20] C:\Program Files\MSXML 4.0
[2005-08-12|14:58] C:\Program Files\muvee Technologies
[2008-07-30|20:42] C:\Program Files\NetMeeting
[2008-10-13|14:10] C:\Program Files\Norton 360
[2004-12-03|21:01] C:\Program Files\Online Services
[2008-07-30|20:42] C:\Program Files\Outlook Express
[2008-07-31|00:57] C:\Program Files\PC Inspector File Recovery
[2005-08-12|14:36] C:\Program Files\PC-Doctor for Windows
[2008-12-31|17:24] C:\Program Files\PHPNukeEN
[2008-11-17|19:08] C:\Program Files\ppcbooster
[2005-08-12|14:28] C:\Program Files\QuickTime
[2005-08-12|14:20] C:\Program Files\Real
[2008-07-30|21:39] C:\Program Files\Seagate Software
[2005-08-12|14:39] C:\Program Files\Services en ligne
[2009-01-01|18:22] C:\Program Files\Simple Comptable 2008
[2009-01-01|18:43] C:\Program Files\Simple Comptable Pro 2009
[2009-01-01|18:25] C:\Program Files\SlySoft
[2008-08-23|12:15] C:\Program Files\Snapshot Viewer
[2005-08-12|14:23] C:\Program Files\Sonic
[2008-11-24|09:34] C:\Program Files\SpeedTest
[2009-01-16|21:41] C:\Program Files\Steam
[2009-01-14|17:14] C:\Program Files\SweetIM
[2009-01-09|21:48] C:\Program Files\Trend Micro
[2008-09-23|10:55] C:\Program Files\Ubisoft
[2008-07-30|21:43] C:\Program Files\Uninstall Information
[2005-08-12|14:32] C:\Program Files\Updates from HP
[2008-11-17|19:09] C:\Program Files\VnrBlock
[2008-10-26|12:24] C:\Program Files\VUGames
[2008-08-09|10:50] C:\Program Files\Windows Live
[2008-08-09|10:52] C:\Program Files\Windows Live Favorites
[2008-08-09|10:52] C:\Program Files\Windows Live Toolbar
[2008-07-26|01:46] C:\Program Files\Windows Media Player
[2008-07-30|20:42] C:\Program Files\Windows NT
[2004-12-03|21:02] C:\Program Files\Windows Plus
[2004-12-03|20:03] C:\Program Files\WindowsUpdate
[2009-01-14|17:40] C:\Program Files\WinRAR
[2009-01-01|18:36] C:\Program Files\winsim
[2004-12-03|21:02] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[2008-07-26|15:08] C:\Program Files\Fichiers communs\Adobe
[2008-09-30|20:42] C:\Program Files\Fichiers communs\AnswerWorks 4.0
[2009-01-01|18:35] C:\Program Files\Fichiers communs\AnswerWorks 5.0
[2008-08-19|12:09] C:\Program Files\Fichiers communs\AOL
[2008-10-13|14:58] C:\Program Files\Fichiers communs\Authentium
[2008-08-23|12:06] C:\Program Files\Fichiers communs\Designer
[2005-08-12|14:11] C:\Program Files\Fichiers communs\Hewlett-Packard
[2005-08-12|06:43] C:\Program Files\Fichiers communs\HP
[2005-08-12|14:58] C:\Program Files\Fichiers communs\InstallShield
[2005-08-12|14:58] C:\Program Files\Fichiers communs\InterVideo
[2008-09-30|20:34] C:\Program Files\Fichiers communs\Intuit
[2005-08-12|06:26] C:\Program Files\Fichiers communs\Java
[2008-07-25|22:57] C:\Program Files\Fichiers communs\LightScribe
[2008-09-23|11:10] C:\Program Files\Fichiers communs\Microsoft Shared
[2004-12-03|21:00] C:\Program Files\Fichiers communs\MSSoap
[2005-08-12|14:30] C:\Program Files\Fichiers communs\muvee Technologies
[2004-12-03|21:00] C:\Program Files\Fichiers communs\ODBC
[2008-10-07|20:04] C:\Program Files\Fichiers communs\Real
[2008-07-26|01:46] C:\Program Files\Fichiers communs\Services
[2005-08-12|14:18] C:\Program Files\Fichiers communs\Sonic Shared
[2004-12-03|21:00] C:\Program Files\Fichiers communs\SpeechEngines
[2005-08-12|14:19] C:\Program Files\Fichiers communs\SureThing Shared
[2008-10-13|14:46] C:\Program Files\Fichiers communs\Symantec Shared
[2008-08-23|12:15] C:\Program Files\Fichiers communs\System
[2005-08-12|14:23] C:\Program Files\Fichiers communs\TiVo Shared
[2008-08-09|10:50] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[2009-01-16|21:54] C:\Program Files\Fichiers communs\Wise Installation Wizard
[2008-10-07|20:04] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 60 Processes )

IEXPLORE.EXE ~ [PID:2216]
IEXPLORE.EXE ~ [PID:2364]
IEXPLORE.EXE ~ [PID:3824]
iexplore.exe ~ [PID:1036]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Proxy Long Chin Ping
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Proxy Long Chin Ping\obj love.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Proxy Long Chin Ping\obj love.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Proxy Long Chin Ping\Tool Sixth.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Proxy Long Chin Ping\Tool Sixth.exe
C:\DOCUME~1\HP_ADM~1\APPLIC~1\flawca~1
C:\DOCUME~1\HP_ADM~1\APPLIC~1\flawca~1\Grey Tons Grim Link.exe
C:\DOCUME~1\HP_ADM~1\APPLIC~1\flawca~1\sixthheckfour.exe
C:\DOCUME~1\HP_ADM~1\APPLIC~1\flawca~1\uyxhkipf.exe
C:\DOCUME~1\HP_ADM~1\APPLIC~1\flawca~1\vzbnwgww.exe
C:\DOCUME~1\HP_ADM~1\APPLIC~1\flawca~1\Wipe Meal Soap.exe
C:\Program Files\flawca~1
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nsaB2.tmp
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nsbB8.tmp
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nsgAF.tmp
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nsjA5.tmp
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nsl16.tmp
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nsl60.tmp
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nsnAB.tmp
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nso34.tmp
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nspB6.tmp
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nsr29.tmp
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nsrA7.tmp
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nstB4.tmp
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nsv63.tmp
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nsvA9.tmp
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nsx2C.tmp
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\nsz15.tmp
C:\Program Files\Adverts
C:\Program Files\Adverts\uninst.exe
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@advertstream[1].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@advertising[1].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@adin.bigpoint[1].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@bigpoint[1].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@fr.bigpoint[2].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@pacificpoker[2].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@partypoker[1].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@32vegas[2].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@banner.32vegas[2].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.32vegas[2].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@888[2].txt
C:\WINDOWS\Tasks\A4C2F93291B973DE.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mediabags"="C:\\DOCUME~1\\HP_ADM~1\\APPLIC~1\\FLAWCA~1\\sixthheckfour.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHIN PING PHONE PILE"="C:\\Documents and Settings\\All Users\\Application Data\\Proxy Long Chin Ping\\Tool Sixth.exe"

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme


--------------------\\ Recherche d'autres infections

--------------------\\ ROOTKIT !!

Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS]

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Incomplete\T-428897-Counter Strike 1 6 + ZBot crack keygen.zip
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\lime wire\Nero 6 Francais Complet Crack Patch Francais
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\lime wire\Nero 6 Francais Complet Crack Patch Francais\Nero.v6.6.0.16.doc
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Saved\Counter Strike 1.6 Full (With Bots) + Maps (REMASTERED By IRAN Torrents) crack keygen
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Saved\Counter Strike 1.6 Full (With Bots) + Maps (REMASTERED By IRAN Torrents) crack keygen.zip
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Saved\Counter Strike 1.6 Full (With Bots) + Maps (REMASTERED By IRAN Torrents) crack keygen\Counter Strike 1.6 Full (With Bots) + Maps (REMASTERED By IRAN Torrents) crack keygen.nfo
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Saved\Counter Strike 1.6 Full (With Bots) + Maps (REMASTERED By IRAN Torrents) crack keygen\crack
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Saved\Counter Strike 1.6 Full (With Bots) + Maps (REMASTERED By IRAN Torrents) crack keygen\Data1.cab
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Saved\Counter Strike 1.6 Full (With Bots) + Maps (REMASTERED By IRAN Torrents) crack keygen\Data2.cab
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Saved\Counter Strike 1.6 Full (With Bots) + Maps (REMASTERED By IRAN Torrents) crack keygen\Setup.exe
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Saved\Counter Strike 1.6 Full (With Bots) + Maps (REMASTERED By IRAN Torrents) crack keygen\crack\crack.exe
C:\DOCUME~1\HP_ADM~1\Recent\Counter Strike 1.6 Full (With Bots) + Maps (REMASTERED By IRAN Torrents) crack keygen.lnk
C:\DOCUME~1\HP_ADM~1\Recent\R‚pertoire temporaire 3 pour Counter Strike 1.6 Full (With Bots) + Maps (REMASTERED By IRAN Torrents) crack keygen.zip.lnk


[F:1337][D:331]-> C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
[F:414][D:0]-> C:\DOCUME~1\HP_ADM~1\Cookies
[F:4671][D:44]-> C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 2009-01-17| 0:58 - Option : [1]

--------------------\\ Fin du rapport a 0:58:25

SmitFraudFix v2.391

Rapport fait à 1:04:37,42, 2009-01-17
Executé à partir de C:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe
C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ppcbooster\ppcb_32.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iolo\System Mechanic Professional\AntiVirus\iAVEmailScanner.exe
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ieupdates.exe PRESENT !
C:\WINDOWS\system32\winsrc.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrateur


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrateur\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_ADM~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Google\googletoolbar1.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/100 VE Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 205.151.69.200
DNS Server Search Order: 205.151.68.200

HKLM\SYSTEM\CCS\Services\Tcpip\..\{56B51EC4-943F-418C-B376-A574CF564656}: DhcpNameServer=205.151.69.200 205.151.68.200
HKLM\SYSTEM\CS1\Services\Tcpip\..\{56B51EC4-943F-418C-B376-A574CF564656}: DhcpNameServer=205.151.69.200 205.151.68.200
HKLM\SYSTEM\CS2\Services\Tcpip\..\{56B51EC4-943F-418C-B376-A574CF564656}: DhcpNameServer=205.151.69.200 205.151.68.200
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=205.151.69.200 205.151.68.200
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=205.151.69.200 205.151.68.200
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=205.151.69.200 205.151.68.200


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1749
Windows 5.1.2600 Service Pack 3

2009-02-12 22:45:37
mbam-log-2009-02-12 (22-45-37).txt

Type de recherche: Examen rapide
Eléments examinés: 71448
Temps écoulé: 5 minute(s), 32 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 20
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 46

Processus mémoire infecté(s):
C:\Program Files\webHancer\Programs\whAgent.exe (Adware.Webhancer) -> Unloaded process successfully.
C:\Program Files\ppcbooster\ppcb_32.exe (Trojan.Agent) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\Program Files\webHancer\Programs\whiehlpr.dll (Adware.WebHancer) -> Delete on reboot.
C:\Program Files\webHancer\Programs\wbhshare.dll (Adware.Webhancer) -> Delete on reboot.
C:\Program Files\webHancer\Programs\whieshm.dll (Adware.Webhancer) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1 (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_globaladsolution (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\webHancer (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07612b6e-8038-0671-89ea-8122e859cfe3} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07612b6e-8038-0671-89ea-8122e859cfe3} (Adware.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\webhancer agent (Adware.Webhancer) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\webHancer (Adware.Webhancer) -> Delete on reboot.
C:\Program Files\webHancer\Programs (Adware.Webhancer) -> Delete on reboot.
C:\Program Files\ppcbooster (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VnrBlock (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\webHancer\Programs\whiehlpr.dll (Adware.WebHancer) -> Delete on reboot.
C:\WINDOWS\hw5305.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\o255.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\pn8.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\c20232.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\nohh06760.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\feoc827.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\fxstaller.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\gbg033414.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\gu58826.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\wuan364443.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fdlame32.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fklame32.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iesvcmon.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iesvcmon1.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iesvcmon2.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSShmxm.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSoiqt.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSvkql.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSxfum.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\TDSSpqlt.sys (Trojan.TDSS) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-0382093300-3903379630-838581203-7609\winigon.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-3570647435-8110282723-200899469-0405\service.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\TDSSbe99.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\license.txt (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\readme.txt (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\sporder.dll (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\wbhshare.dll (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\whAgent.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\whAgent.ini (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\whieshm.dll (Adware.Webhancer) -> Delete on reboot.
C:\Program Files\ppcbooster\adsk38l.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\ppcbooster\ppcbu_32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\ppcbooster\ppcb_32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VnrBlock\VnrBlock21.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VnrBlock\xtarga.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cont_globaladsolution-remove.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cmdl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\nsglobaladsolution.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekaldpv.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rs32net.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSkkai.log (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSlxwp.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSrhyp.log (Trojan.TDSS) -> Delete on reboot.