Cookies dangereux et récurrents (AVG résident

Merci pour ta réponse Pimprenelle mais voyant que personne ne m'apportait son aide j'ai remis un nouveau post auxquel on m'a répondu de faire un scan avec Malwarebytes anti-malware, ce que j'ai fait et je te joins le rapport si tu veux tout de même me dire ce qu'il convient de faire ensuite.
En ce qui concerne ccleaner et comme je l'avais indiqué dans mon post, je l'avais déjà passé.

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1898
Windows 5.1.2600 Service Pack 3

26/03/2009 00:40:13
mbam-log-2009-03-26 (00-40-13).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 190586
Temps écoulé: 1 hour(s), 3 minute(s), 1 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

bonjour,
Merci de continuer à me prendre en charge. J'ai déclaré mon autre post aux modérateurs qui l'ont fermé.
Voici le rapport de GenProc :

Rapport GenProc 2.496 [1] - 26/03/2009 à 23:10:34 - Windows XP

Il est impératif de désactiver la protection résidente SpywareTerminator pendant l'ensemble des manipulations qui vont suivre. Aide SpywareTerminator : http://ww11.genproc.com/spyware-terminator/spyware_terminator.html

Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".
Par la suite, laisse-le avec ses réglages par défaut. C'est tout.

# Etape 1/ Télécharge :

- Lop S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2 (Eric 71 & Angeldark) sur ton Bureau.

- Navilog1 http://il.mafioso.pagesperso-orange.fr/Navifix/Navilog1.exe (IL-MAFIOSO) sur ton Bureau.
Double clique sur navilog1.exe pour lancer l'installation. Une fois l'installation terminée, le fix s'exécutera automatiquement
(si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau). Laisse-toi guider. Au menu principal, choisis 1 et valide.
Patiente jusqu'au message " Analyse Termine le .....". Appuie sur une touche comme demandé, le blocnote va s'ouvrir, poste-le maintenant et passe à la suite.

- Toolbar-S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 (Team IDN) sur ton Bureau.


Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** Blandine *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[1]" sur ton bureau).


# Etape 2/

Double clique sur le raccourci Navilog1, choisis l'option 2 et valide, patiente jusqu'au message : *** Nettoyage Termine le ..... ***
le blocnote va s'ouvrir ; sauvegarde le rapport de manière à le retrouver, referme le blocnote. Ton bureau va réapparaitre

# Etape 3/

Lance Toolbar-S&D situé sur le Bureau.
Tape sur "2" puis valide en appuyant sur "Entrée". Ne ferme pas la fenêtre lors de la suppression.

# Etape 4/

Double-clique sur Lop S&D pour lancer l'installation, séléctionne la langue souhaitée, puis choisis l'Option 2 - Suppression - et patiente jusqu'à ce qu'il ait terminé.

# Etape 5/

Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 6/

Redémarre normalement et poste, dans la même réponse :

- Le contenu du fichier cleannavi.txt qui se trouve dans Poste de travail > Disque C:\
- Le contenu du rapport C:\TB.txt ;
- Le contenu du rapport C:\lopR.txt ;
- Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;

Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------

~~ Arguments de la procédure ~~

# Détections [1] GenProc 2.496 26/03/2009 à 23:09:11
Lop:le 26/03/2009 à 23:09:29 "C:\WINDOWS\Tasks\????????9???????.job"
Navipromo:le 26/03/2009 à 23:09:30 "C:\WINDOWS\pack.epk"
Toolbar:le 26/03/2009 à 23:09:31 "C:\Program Files\Crawler"

Bonjour,

Dois-je faire la procédure que m'indiquait le rapport de genproc ?
Merci

voici le 1er rapport de navilog, comme demandé, et je poursuis :

Search Navipromo version 3.7.6 commencé le 27/03/2009 à 20:35:16,68

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2600+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Blandine ( Administrator )
BOOT : Normal boot

Antivirus : AVG Anti-Virus Free 8.0 (Activated)
Firewall : Kerio Personal Firewall 4.2.2 T (Activated)

A:\ (USB)
C:\ (Local Disk) - NTFS - Total:76 Go (Free:40 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)


Recherche executé en mode normal


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Blandine\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\damien\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\SEBAST~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Blandine\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\damien\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\SEBAST~1\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Blandine\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\damien\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\SEBAST~1\menudm~1\progra~1" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Blandine\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\damien\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\SEBAST~1\locals~1\applic~1" *



*** Recherche fichiers ***


C:\WINDOWS\pack.epk trouvé !

*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

aupjcxrfia.dat trouvé !
bxthuqfawk_navtmp.dat trouvé !
rqebdk_navup.dat trouvé !

* Dans "C:\Documents and Settings\Blandine\locals~1\applic~1" :


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


* Dans "C:\DOCUME~1\damien\locals~1\applic~1" :


* Dans "C:\DOCUME~1\SEBAST~1\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :

C:\WINDOWS\Tasks\AB4CC97990C37C69.job trouvé ! Infection Lop possible non traitée par cet outil !


*** Analyse terminée le 27/03/2009 à 20:43:06,00 ***

Et voici les rapports finaux :

Clean Navipromo version 3.7.6 commencé le 27/03/2009 à 20:53:18,84

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2600+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Blandine ( Administrator )
BOOT : Fail-safe boot

Antivirus : AVG Anti-Virus Free 8.0 (Activated)
Firewall : Kerio Personal Firewall 4.2.2 T (Activated)

A:\ (USB)
C:\ (Local Disk) - NTFS - Total:76 Go (Free:40 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)


Mode suppression automatique
avec prise en charge résultats Catchme et GNS


Nettoyage executé en mode sans échec


*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\Blandine\locals~1\applic~1" *


* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\damien\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\SEBAST~1\locals~1\applic~1" *


*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Blandine\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\damien\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\SEBAST~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Blandine\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\damien\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\SEBAST~1\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Blandine\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\damien\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\SEBAST~1\menudm~1\progra~1" ***



*** Suppression fichiers ***

C:\WINDOWS\pack.epk supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Blandine\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


aupjcxrfia.dat trouvé !
Copie aupjcxrfia.dat réalisée avec succès !
aupjcxrfia.dat supprimé !

bxthuqfawk_navtmp.dat trouvé !
Copie bxthuqfawk_navtmp.dat réalisée avec succès !
bxthuqfawk_navtmp.dat supprimé !

rqebdk_navup.dat trouvé !
Copie rqebdk_navup.dat réalisée avec succès !
rqebdk_navup.dat supprimé !


* Dans "C:\Documents and Settings\Blandine\locals~1\applic~1" *


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *


* Dans "C:\DOCUME~1\damien\locals~1\applic~1" *


* Dans "C:\DOCUME~1\SEBAST~1\locals~1\applic~1" *


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !

*** Recherche autres dossiers et fichiers connus ***

C:\WINDOWS\Tasks\AB4CC97990C37C69.job trouvé ! Infection Lop possible non traitée par cet outil !


*** Nettoyage terminé le 27/03/2009 à 20:54:32,48 ***



-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2600+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Blandine ( Administrator )
BOOT : Fail-safe boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)
Firewall : Kerio Personal Firewall 4.2.2 T (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:76 Go (Free:40 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 27/03/2009|20:57 )
C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\Crawler\adrkeys.dat
Supprime! - C:\Program Files\Crawler\COMMON_FF.dat
Supprime! - C:\Program Files\Crawler\confirm.dat
Supprime! - C:\Program Files\Crawler\ctbcomm.dll
Supprime! - C:\Program Files\Crawler\ctbr.dll
Supprime! - C:\Program Files\Crawler\CTConf.dat
Supprime! - C:\Program Files\Crawler\CTipsDef.dll
Supprime! - C:\Program Files\Crawler\CToolbar.exe
Supprime! - C:\Program Files\Crawler\CUpdate.exe
Supprime! - C:\Program Files\Crawler\Download
Supprime! - C:\Program Files\Crawler\firefox
Supprime! - C:\Program Files\Crawler\Languages
Supprime! - C:\Program Files\Crawler\lookfor.dat
Supprime! - C:\Program Files\Crawler\majorse.dat
Supprime! - C:\Program Files\Crawler\rootmenu.dat
Supprime! - C:\Program Files\Crawler\services.dat
Supprime! - C:\Program Files\Crawler\STWSGLanguageAct
Supprime! - C:\Program Files\Crawler\STWSG_FF.dat
Supprime! - C:\Program Files\Crawler\TBR5LanguageAct
Supprime! - C:\Program Files\Crawler\Update
Supprime! - C:\Program Files\Crawler\WebSecurityGuard.dll
Supprime! - C:\Program Files\Crawler\WSGData
Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Barre d'outils Crawler
Supprime! - C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
Supprime! - C:\Program Files\Crawler

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(Blandine) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Blandine) - {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} => chatzilla
(Blandine) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar

(damien) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(sebastien) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://fr.yahoo.com/"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 27/03/2009|20:58 - Option : [2]

-----------\\ Fin du rapport a 20:58:53,89



--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2600+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Blandine ( Administrator )
BOOT : Fail-safe boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)
Firewall : Kerio Personal Firewall 4.2.2 T (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:76 Go (Free:40 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 27/03/2009|21:01 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\WINDOWS\Tasks\AB4CC97990C37C69.job
Supprime! - C:\DOCUME~1\Blandine\APPLIC~1\online~1
Supprime! - C:\Program Files\online~1
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[31/12/2006|12:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[20/05/2008|23:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
[20/06/2008|17:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[27/02/2008|19:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Spyware Terminator
[27/02/2008|19:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\WinPatrol

[25/01/2009|23:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[25/01/2009|21:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{83C91755-2546-441D-AC40-9A6B4B860800}
[16/05/2008|20:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[29/07/2007|14:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[25/11/2006|01:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[29/01/2009|19:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
[16/11/2008|22:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[13/05/2007|18:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ENJOY Plus!
[18/01/2008|22:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON
[09/08/2008|17:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[08/06/2008|17:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[09/08/2008|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[19/01/2008|00:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
[19/01/2008|00:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[20/05/2008|22:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[23/04/2006|15:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[17/12/2008|21:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[24/11/2006|18:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[23/02/2008|17:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[06/05/2007|10:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Open Chic Time User
[12/11/2006|00:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pixelStorm
[20/08/2008|22:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\RockEnFolie le Player
[05/01/2008|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[20/05/2008|23:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[15/03/2009|22:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator
[03/11/2008|21:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
[23/10/2007|11:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
[15/11/2008|06:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
[18/01/2008|22:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[26/09/2006|21:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[03/12/2006|21:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[10/03/2008|16:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[04/01/2009|13:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
[04/01/2009|13:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[25/03/2007|13:00] C:\DOCUME~1\Blandine\APPLIC~1\Adobe
[09/08/2006|15:19] C:\DOCUME~1\Blandine\APPLIC~1\AdobeUM
[25/02/2007|15:39] C:\DOCUME~1\Blandine\APPLIC~1\Ahead
[25/11/2006|01:28] C:\DOCUME~1\Blandine\APPLIC~1\Apple Computer
[16/03/2007|22:42] C:\DOCUME~1\Blandine\APPLIC~1\Atari
[17/06/2008|21:02] C:\DOCUME~1\Blandine\APPLIC~1\AVGTOOLBAR
[26/01/2009|01:27] C:\DOCUME~1\Blandine\APPLIC~1\AVS4YOU
[11/02/2007|15:00] C:\DOCUME~1\Blandine\APPLIC~1\AVSMedia
[25/11/2006|17:16] C:\DOCUME~1\Blandine\APPLIC~1\Creative
[04/02/2007|12:41] C:\DOCUME~1\Blandine\APPLIC~1\DivX
[04/01/2009|13:56] C:\DOCUME~1\Blandine\APPLIC~1\dvdcss
[12/02/2008|20:04] C:\DOCUME~1\Blandine\APPLIC~1\EPSON
[08/05/2006|13:17] C:\DOCUME~1\Blandine\APPLIC~1\Gearbox Software
[07/09/2006|23:01] C:\DOCUME~1\Blandine\APPLIC~1\Google
[27/04/2006|17:29] C:\DOCUME~1\Blandine\APPLIC~1\Help
[21/04/2006|21:12] C:\DOCUME~1\Blandine\APPLIC~1\Identities
[18/01/2008|22:50] C:\DOCUME~1\Blandine\APPLIC~1\InstallShield
[02/09/2007|11:46] C:\DOCUME~1\Blandine\APPLIC~1\ivivo
[22/04/2006|10:09] C:\DOCUME~1\Blandine\APPLIC~1\Lavasoft
[25/05/2006|17:46] C:\DOCUME~1\Blandine\APPLIC~1\Leadertech
[23/04/2006|12:53] C:\DOCUME~1\Blandine\APPLIC~1\Macromedia
[20/05/2008|22:24] C:\DOCUME~1\Blandine\APPLIC~1\Malwarebytes
[18/11/2008|22:36] C:\DOCUME~1\Blandine\APPLIC~1\Microsoft
[30/08/2008|22:17] C:\DOCUME~1\Blandine\APPLIC~1\Mozilla
[26/03/2009|00:49] C:\DOCUME~1\Blandine\APPLIC~1\MSN Pictures Displayer
[28/04/2006|18:30] C:\DOCUME~1\Blandine\APPLIC~1\MSNInstaller
[08/04/2007|12:58] C:\DOCUME~1\Blandine\APPLIC~1\Nero
[17/03/2009|23:57] C:\DOCUME~1\Blandine\APPLIC~1\ooVoo Details
[17/05/2008|16:41] C:\DOCUME~1\Blandine\APPLIC~1\OpenOffice.org2
[23/07/2007|14:08] C:\DOCUME~1\Blandine\APPLIC~1\Panasonic
[04/03/2007|13:42] C:\DOCUME~1\Blandine\APPLIC~1\Pegasys Inc
[18/05/2008|00:29] C:\DOCUME~1\Blandine\APPLIC~1\Real
[20/08/2008|22:53] C:\DOCUME~1\Blandine\APPLIC~1\RockEnFolie le Player
[25/01/2009|19:42] C:\DOCUME~1\Blandine\APPLIC~1\Samsung
[23/10/2007|11:46] C:\DOCUME~1\Blandine\APPLIC~1\ScanSoft
[11/04/2007|12:25] C:\DOCUME~1\Blandine\APPLIC~1\Screenshot Sender
[25/02/2007|15:04] C:\DOCUME~1\Blandine\APPLIC~1\Simple Star
[08/05/2006|16:51] C:\DOCUME~1\Blandine\APPLIC~1\SlySoft
[15/03/2009|22:45] C:\DOCUME~1\Blandine\APPLIC~1\Spyware Terminator
[14/06/2006|21:57] C:\DOCUME~1\Blandine\APPLIC~1\Sun
[16/11/2006|22:26] C:\DOCUME~1\Blandine\APPLIC~1\System Requirements Lab
[18/08/2008|19:00] C:\DOCUME~1\Blandine\APPLIC~1\SystemRequirementsLab
[11/05/2007|18:12] C:\DOCUME~1\Blandine\APPLIC~1\teamspeak2
[01/05/2008|22:20] C:\DOCUME~1\Blandine\APPLIC~1\TrueCrypt
[08/01/2009|18:46] C:\DOCUME~1\Blandine\APPLIC~1\vlc
[04/01/2009|13:56] C:\DOCUME~1\Blandine\APPLIC~1\vlc(2)
[01/03/2007|22:02] C:\DOCUME~1\Blandine\APPLIC~1\WholeSecurity
[18/11/2007|23:26] C:\DOCUME~1\Blandine\APPLIC~1\Windows Live Writer
[19/05/2007|19:36] C:\DOCUME~1\Blandine\APPLIC~1\WinPatrol
[25/05/2006|09:11] C:\DOCUME~1\Blandine\APPLIC~1\wxMozze
[04/01/2009|13:56] C:\DOCUME~1\Blandine\APPLIC~1\Yahoo!

[06/12/2007|20:58] C:\DOCUME~1\damien\APPLIC~1\Adobe
[21/01/2007|04:35] C:\DOCUME~1\damien\APPLIC~1\DivX
[17/09/2006|14:14] C:\DOCUME~1\damien\APPLIC~1\dvdcss
[15/06/2006|18:26] C:\DOCUME~1\damien\APPLIC~1\Google
[08/05/2006|17:47] C:\DOCUME~1\damien\APPLIC~1\Help
[21/04/2006|21:11] C:\DOCUME~1\damien\APPLIC~1\Identities
[30/04/2006|15:26] C:\DOCUME~1\damien\APPLIC~1\InstallShield
[17/09/2006|14:17] C:\DOCUME~1\damien\APPLIC~1\ivivo
[28/04/2006|16:30] C:\DOCUME~1\damien\APPLIC~1\Lavasoft
[30/07/2006|16:19] C:\DOCUME~1\damien\APPLIC~1\Macromedia
[11/01/2007|19:09] C:\DOCUME~1\damien\APPLIC~1\Microsoft
[25/10/2006|15:22] C:\DOCUME~1\damien\APPLIC~1\Mozilla
[27/02/2009|16:03] C:\DOCUME~1\damien\APPLIC~1\Spyware Terminator
[05/07/2006|00:45] C:\DOCUME~1\damien\APPLIC~1\Sun
[22/06/2007|13:30] C:\DOCUME~1\damien\APPLIC~1\teamspeak2
[22/06/2007|12:50] C:\DOCUME~1\damien\APPLIC~1\uTorrent
[01/03/2007|21:20] C:\DOCUME~1\damien\APPLIC~1\WholeSecurity
[26/05/2007|16:31] C:\DOCUME~1\damien\APPLIC~1\WinPatrol

[21/04/2006|20:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[25/08/2006|17:33] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
[01/11/2008|22:42] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[20/06/2008|17:44] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[01/07/2007|10:36] C:\DOCUME~1\SEBAST~1\APPLIC~1\Adobe
[30/03/2007|17:14] C:\DOCUME~1\SEBAST~1\APPLIC~1\Ahead
[31/07/2007|21:49] C:\DOCUME~1\SEBAST~1\APPLIC~1\Apple Computer
[10/02/2007|17:10] C:\DOCUME~1\SEBAST~1\APPLIC~1\Atari
[20/06/2008|15:19] C:\DOCUME~1\SEBAST~1\APPLIC~1\AVGTOOLBAR
[15/12/2006|12:54] C:\DOCUME~1\SEBAST~1\APPLIC~1\DivX
[06/09/2006|15:35] C:\DOCUME~1\SEBAST~1\APPLIC~1\Google
[10/05/2006|10:09] C:\DOCUME~1\SEBAST~1\APPLIC~1\Help
[21/04/2006|21:16] C:\DOCUME~1\SEBAST~1\APPLIC~1\Identities
[29/07/2007|13:22] C:\DOCUME~1\SEBAST~1\APPLIC~1\ivivo
[12/05/2006|17:06] C:\DOCUME~1\SEBAST~1\APPLIC~1\Lavasoft
[01/06/2006|19:52] C:\DOCUME~1\SEBAST~1\APPLIC~1\Leadertech
[11/05/2006|19:25] C:\DOCUME~1\SEBAST~1\APPLIC~1\Macromedia
[26/12/2008|10:27] C:\DOCUME~1\SEBAST~1\APPLIC~1\Microsoft
[11/09/2008|15:45] C:\DOCUME~1\SEBAST~1\APPLIC~1\Mozilla
[11/09/2007|15:03] C:\DOCUME~1\SEBAST~1\APPLIC~1\Real
[24/03/2009|17:37] C:\DOCUME~1\SEBAST~1\APPLIC~1\Spyware Terminator
[09/02/2008|15:53] C:\DOCUME~1\SEBAST~1\APPLIC~1\Sun
[21/08/2008|11:43] C:\DOCUME~1\SEBAST~1\APPLIC~1\vlc
[02/03/2007|19:58] C:\DOCUME~1\SEBAST~1\APPLIC~1\WholeSecurity
[24/05/2007|15:41] C:\DOCUME~1\SEBAST~1\APPLIC~1\WinPatrol
[24/07/2006|15:40] C:\DOCUME~1\SEBAST~1\APPLIC~1\Yahoo!

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[23/03/2009 21:10][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[26/03/2009 12:00][--a------] C:\WINDOWS\tasks\Schedule Task Weekly.job
[27/03/2009 20:38][--a------] C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[24/03/2009 19:25][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[27/03/2009 20:49][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/10/2001 17:16][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[22/01/2008|23:47] C:\Program Files\ABBYY FineReader 6.0 Sprint
[16/05/2008|20:14] C:\Program Files\Adobe
[18/06/2007|13:31] C:\Program Files\Ahead
[14/09/2008|01:07] C:\Program Files\Apple Software Update
[08/05/2006|13:04] C:\Program Files\ATI Technologies
[08/06/2008|17:55] C:\Program Files\AVG
[04/03/2007|21:14] C:\Program Files\AviSynth 2.5
[08/02/2009|17:08] C:\Program Files\AVS4YOU
[11/02/2007|14:58] C:\Program Files\AVSMedia
[19/05/2007|19:35] C:\Program Files\BillP Studios
[03/02/2009|19:28] C:\Program Files\Bonjour
[05/04/2008|14:38] C:\Program Files\CA Yahoo! Anti-Spy
[31/01/2009|17:04] C:\Program Files\CCleaner
[22/03/2009|01:17] C:\Program Files\CleanUp!
[08/02/2009|17:10] C:\Program Files\Coding Workshop Ringtone Converter
[05/04/2008|12:55] C:\Program Files\Common Files
[21/04/2006|20:11] C:\Program Files\ComPlus Applications
[25/11/2006|17:04] C:\Program Files\Creative
[04/03/2007|13:31] C:\Program Files\DivX
[04/01/2009|13:55] C:\Program Files\Dofus
[11/06/2006|09:47] C:\Program Files\EA GAMES
[03/03/2007|14:17] C:\Program Files\eBay
[28/07/2007|17:47] C:\Program Files\Eidos Interactive
[10/06/2007|11:05] C:\Program Files\Electronic Arts
[22/03/2009|01:21] C:\Program Files\eMule
[22/03/2009|01:21] C:\Program Files\eMule(2)
[13/05/2007|18:36] C:\Program Files\ENJOY Plus!
[18/01/2008|22:52] C:\Program Files\epson
[25/05/2006|09:10] C:\Program Files\Evermore
[04/03/2007|21:13] C:\Program Files\ffdshow
[25/01/2009|21:07] C:\Program Files\Fichiers communs
[01/06/2007|18:23] C:\Program Files\FileZilla
[26/01/2009|00:51] C:\Program Files\Free Audio Pack
[09/08/2008|22:44] C:\Program Files\Google
[23/04/2006|18:49] C:\Program Files\GrabIt
[09/04/2007|17:40] C:\Program Files\Grisoft
[18/11/2006|12:19] C:\Program Files\HardwareDetection
[22/03/2009|13:51] C:\Program Files\InstallShield Installation Information
[03/11/2006|22:20] C:\Program Files\InterMute
[12/02/2009|01:15] C:\Program Files\Internet Explorer
[25/01/2009|23:41] C:\Program Files\iPod
[25/01/2009|23:41] C:\Program Files\iTunes
[07/08/2006|23:12] C:\Program Files\iViVo
[05/02/2009|19:03] C:\Program Files\Java
[09/04/2007|15:56] C:\Program Files\Kerio
[25/01/2009|21:07] C:\Program Files\Lavasoft
[19/01/2008|00:38] C:\Program Files\Logitech
[31/05/2007|21:42] C:\Program Files\Macrogaming
[04/01/2009|13:55] C:\Program Files\Messenger
[08/02/2009|16:11] C:\Program Files\Messenger Plus! Live
[04/01/2009|13:55] C:\Program Files\Messenger(2)
[04/01/2009|13:55] C:\Program Files\MessengerPlus! 3(2)
[22/07/2007|10:04] C:\Program Files\Metin2_France
[23/04/2006|11:46] C:\Program Files\Micro Application
[04/01/2009|13:56] C:\Program Files\Microsoft
[19/01/2008|11:56] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[04/01/2009|12:39] C:\Program Files\microsoft frontpage
[04/01/2009|12:39] C:\Program Files\Microsoft Office
[17/12/2008|21:28] C:\Program Files\Microsoft Silverlight
[16/11/2007|20:30] C:\Program Files\Microsoft SQL Server Compact Edition
[21/04/2006|20:37] C:\Program Files\Microsoft Visual Studio
[16/09/2008|22:33] C:\Program Files\movie maker
[27/03/2009|20:03] C:\Program Files\Mozilla Firefox
[18/11/2006|12:19] C:\Program Files\Mozilla Firefoxplugins
[26/12/2007|20:23] C:\Program Files\MP3 Player Utilities 4.15
[18/11/2008|22:33] C:\Program Files\MSECache
[29/12/2006|16:36] C:\Program Files\MSI
[16/09/2008|22:33] C:\Program Files\msn
[21/04/2006|20:14] C:\Program Files\msn gaming zone
[04/01/2009|13:55] C:\Program Files\MSN Messenger
[04/01/2009|13:55] C:\Program Files\MSN Pictures Displayer
[18/05/2007|00:22] C:\Program Files\MSN Spy 2004
[18/11/2006|03:11] C:\Program Files\MSXML 4.0
[27/03/2009|20:54] C:\Program Files\Navilog1
[04/03/2007|21:17] C:\Program Files\NeoDivx Suite
[25/02/2007|14:59] C:\Program Files\Nero
[16/09/2008|22:28] C:\Program Files\NetMeeting
[18/05/2008|00:27] C:\Program Files\OpenOffice.org 2.4
[17/09/2008|12:54] C:\Program Files\Outlook Express
[17/05/2007|20:13] C:\Program Files\PeerGuardian pr14
[17/11/2008|01:27] C:\Program Files\PhotoFiltre
[08/02/2009|17:12] C:\Program Files\Picasa2
[25/01/2009|23:35] C:\Program Files\QuickTime
[17/12/2007|23:56] C:\Program Files\Radio Fr Solo
[10/09/2007|22:58] C:\Program Files\Real
[05/11/2006|15:35] C:\Program Files\Red Storm Entertainment
[22/12/2007|22:30] C:\Program Files\RegistryFix
[10/08/2006|09:59] C:\Program Files\Ripp-it_AM
[20/08/2008|22:53] C:\Program Files\RockEnFolie
[01/01/2007|14:31] C:\Program Files\SAGEM
[25/01/2009|17:01] C:\Program Files\Samsung
[23/10/2007|11:44] C:\Program Files\ScanSoft
[05/06/2007|21:37] C:\Program Files\ScreenMates
[21/04/2006|20:13] C:\Program Files\Services en ligne
[09/08/2006|15:14] C:\Program Files\SlySoft
[30/06/2007|10:42] C:\Program Files\SmileyPad
[14/10/2006|15:44] C:\Program Files\Sonnerie Toolbar
[15/03/2009|22:45] C:\Program Files\Spyware Terminator
[18/08/2008|19:00] C:\Program Files\SystemRequirementsLab
[09/04/2008|22:28] C:\Program Files\TomTom DesktopSuite
[15/11/2008|06:33] C:\Program Files\TomTom HOME
[23/01/2008|21:21] C:\Program Files\Trend Micro
[31/01/2007|22:05] C:\Program Files\Trisnap Technologies
[27/06/2008|22:21] C:\Program Files\TrueCrypt
[29/09/2006|19:32] C:\Program Files\Ubi soft
[05/11/2006|15:36] C:\Program Files\ubi.com
[04/05/2006|20:46] C:\Program Files\Ubisoft
[21/04/2006|20:17] C:\Program Files\Uninstall Information
[16/12/2007|16:27] C:\Program Files\VideoLAN
[21/05/2006|14:56] C:\Program Files\WIDCOMM
[03/03/2007|15:04] C:\Program Files\WinASPI
[04/01/2009|13:55] C:\Program Files\Windows Live
[22/07/2007|14:23] C:\Program Files\Windows Media Connect 2
[22/03/2009|01:21] C:\Program Files\Windows Media Player
[21/04/2006|20:14] C:\Program Files\Windows NT
[02/09/2006|15:35] C:\Program Files\Windows XP Optimizer
[21/04/2006|20:13] C:\Program Files\WindowsUpdate
[14/05/2007|00:16] C:\Program Files\WinRAR
[21/04/2006|20:14] C:\Program Files\xerox
[12/12/2008|20:26] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[16/05/2008|20:14] C:\Program Files\Fichiers communs\Adobe
[08/04/2007|12:54] C:\Program Files\Fichiers communs\Ahead
[25/01/2009|23:33] C:\Program Files\Fichiers communs\Apple
[08/02/2009|17:08] C:\Program Files\Fichiers communs\AVSMedia
[21/04/2006|20:37] C:\Program Files\Fichiers communs\Designer
[18/01/2008|22:54] C:\Program Files\Fichiers communs\InstallShield
[14/06/2006|21:55] C:\Program Files\Fichiers communs\Java
[19/01/2008|00:56] C:\Program Files\Fichiers communs\LogiShrd
[23/04/2006|11:46] C:\Program Files\Fichiers communs\Micro Application Shared
[05/03/2009|19:45] C:\Program Files\Fichiers communs\Microsoft Shared
[21/04/2006|20:12] C:\Program Files\Fichiers communs\MSSoap
[21/04/2006|22:06] C:\Program Files\Fichiers communs\ODBC
[18/05/2008|00:29] C:\Program Files\Fichiers communs\Real
[05/04/2008|14:38] C:\Program Files\Fichiers communs\Scanner
[03/11/2007|22:23] C:\Program Files\Fichiers communs\ScanSoft Shared
[21/04/2006|20:12] C:\Program Files\Fichiers communs\Services
[25/02/2007|14:59] C:\Program Files\Fichiers communs\Simple Star Shared
[21/04/2006|22:06] C:\Program Files\Fichiers communs\SpeechEngines
[16/09/2008|22:28] C:\Program Files\Fichiers communs\System
[16/11/2006|22:26] C:\Program Files\Fichiers communs\SystemRequirementsLab
[17/12/2008|21:02] C:\Program Files\Fichiers communs\Windows Live
[16/11/2007|20:26] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 15 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-27 21:02:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1341

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:5][D:0]-> C:\DOCUME~1\Blandine\Cookies
[F:86][D:5]-> C:\DOCUME~1\Blandine\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 27/03/2009|21:03 - Option : [2]

--------------------\\ Fin du rapport a 21:03:52



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:17:03, on 27/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hijackthis\Monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S45D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCamSvc - Unknown owner - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

voilà mon rapport, sans infection retrouvée :

Malwarebytes' Anti-Malware 1.35
Version de la base de données: 1909
Windows 5.1.2600 Service Pack 3

28/03/2009 01:29:24
mbam-log-2009-03-28 (01-29-24).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 191691
Temps écoulé: 1 hour(s), 8 minute(s), 35 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


Merci Pimprenelle, je pense que ma désinfection est terminée.
Dois je cliquer sur le triangle jaune pour fermer ce post pour résolution du problème ou bien peux-tu le fermer pour moi ?
En attendant merci pour tout et pour ton efficacité. Et merci à CCM.

Voici le rapport, sans infection retrouvée :

SUPERAntiSpyware journal de bord
https://www.superantispyware.com/

Généré 03/28/2009 at 04:58 PM

Version du Logiciel : 4.26.1000

Core Rules Database Version : 3819
Trace Rules Database Version: 1773

Genre de Scan : Scan Complète
Temps total du Scan : 01:33:33

Articles du Mémoire analysés : 499
Risques de dommage de Mémoire détectés : 0
Articles du Registre analysés : 5754
Risques de dommage de Registre détectés : 0
Articles de fichier scannés : 99440
Risques du Dommage de Fichier Détectés : 0

!Infected affv208325p1now.sys=;c:\windows\system32\;sys32.affv208325p1now;8ab13dadfacbc71db7c09ea2a2c914da;3082;Ok;
!Infected bwunin-8.1.1.50-8876480sl.exe=;c:\windows\;sys32.bwunin-8.1.1.50-8876480sl;21007bd289539a3ca0d0f3653dc11258;127034;Ok;
!Infected cc3270mt.dll=;c:\windows\system32\;sys32.cc3270mt;155779c88df4e35695efb19e0d7a2366;658432;Ok;
!Infected cfffwud.dll=;c:\windows\system32\;sys32.cfffwud;4e612f0fec18c53d697bcc35599a5f87;589824;Ok;
!Infected vvx1000.exe=;c:\windows\;sys32.vvx1000;12b75ba69af22947e824526febd2c36c;707376;Ok;
Clsid C:\WINDOWS\system32\ati2evxx.dll[7608e60dbbb49b136823eba476d72b57][86016]
Clsid C:\WINDOWS\system32\avgrsstx.dll[0ac7886f80734680e3463780cedea4a4][10520]
Clsid C:\WINDOWS\system32\crypt32.dll[39976dad9564b336b153184268db032f][606208]
Clsid C:\WINDOWS\system32\cryptnet.dll[938488d25648d26e6bfe3e47dc2ec5e8][64512]
Clsid C:\WINDOWS\system32\cscdll.dll[6b646a601aec823032af4dc19273cfda][102912]
Clsid C:\WINDOWS\system32\sclgntfy.dll[c01c7266e73b199101651a7508364df7][22016]
Clsid c:\windows\system32\stobject.dll[9689fcc8c26c3d6afac892a6c5d1b81a][122368]
Clsid c:\windows\system32\upnpui.dll[ba3677a2a4043114dc437ad68f71743e][240128]
Clsid c:\windows\system32\webcheck.dll[a163a85a0834b85faf918caadec55687][233472]
Clsid C:\WINDOWS\system32\wgalogon.dll[5c1634b5e496166ea5ce057b127ee66c][236928]
Clsid C:\WINDOWS\system32\wlnotify.dll[c664757f8243499ba6e45102af459de6][94208]
Proc C:\PROGRA~1\AVG\AVG8\avgnsx.exe[eb138c5a1adc2c8648e54e4abd492759][592128]
Proc C:\PROGRA~1\AVG\AVG8\avgrsx.exe[ac2589ede1924b59575dc3a747ef9831][484120]
Proc C:\PROGRA~1\AVG\AVG8\avgtray.exe[1fc8b35e97123a9df64f092da8784e4c][1601304]
Proc C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[c661b44d8e12ea95f51baf2aeff6364b][298264]
Proc C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe[79e0c6f3846b659745da7cda53f14959][222784]
Proc C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe[1ce6d169317bc374704cc0934a110e45][249856]
Proc C:\Program Files\Bonjour\mDNSResponder.exe[3f56903e124e820aeece6d471583c6c1][238888]
Proc C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[c744293dfbe1a3347fec5dbfe3fd123e][102400]
Proc C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[a8aa9d47f971570a5162b862b80f87e8][132424]
Proc C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe[be97f174cebeb029f28ff06cb16d70cf][563984]
Proc C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe[40c3831b396e90ca5a56249a3b5c4d05][403728]
Proc C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe[14e4cc4d46169759d874f57604ea6be5][186904]
Proc C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe[b2d04e813ba12ab179daf0b9fdecba3d][137752]
Proc C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[b06c4c1a5ab7867363922f771ac6af05][270336]
Proc C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe[4c3ee0571f3a509f74abaff607491c81][551424]
Proc C:\Program Files\iPod\bin\iPodService.exe[62937a89470af8ff172f0980ca8aefc9][536872]
Proc C:\Program Files\iTunes\iTunesHelper.exe[e6a4e341e4304b34aa280d3e73818c90][290088]
Proc C:\Program Files\Java\jre6\bin\jusched.exe[b98ffa8288efaabc436c30d198608345][136600]
Proc C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[188cb9b4e1b51215d385b7ab4a89cbd0][2887680]
Proc C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[e7a74cea1d5e6ce0ea5ad7d5c31a0d34][1617920]
Proc C:\Program Files\Logitech\QuickCam\Quickcam.exe[5cd7b01284e6b2e017f49a0f694e0933][2027792]
Proc C:\Program Files\Messenger\msmsgs.exe[e13ea4860e8f2aa845b53bfd2b6fec5b][1695232]
Proc C:\Program Files\Mozilla Firefox\firefox.exe[7e4b0bb3b1e87d2b0f07dfacbd5b3f0b][307704]
Proc C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe[4a5d24ad04776f047d99b8dacca2bbea][4708352]
Proc C:\Program Files\ScanSoft\OmniPageSE\opware32.exe[bb272fcbc0fcf0bf43fe75d81ec17899][49152]
Proc C:\Program Files\Spyware Terminator\sp_rsser.exe[3629f229f8c1c1e960087cc878ad2f9a][570880]
Proc C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[239142a71af0d4b596a9b429ebb35646][1783808]
Proc C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe[14ed6f66e516ef4ba45052c232a2350c][254007]
Proc C:\Program Files\Windows Live\Messenger\msnmsgr.exe[97384875b6d03831b2d1820ab8952f67][5724184]
Proc C:\Program Files\Windows Live\Messenger\usnsvc.exe[9d19b042a4fd5c02195071ea2fe0c821][98328]
Proc C:\WINDOWS\Explorer.EXE[f2317622d29f9ff0f88aeecd5f60f0dd][1037824]
Proc C:\WINDOWS\system32\ctfmon.exe[59dc5bb82e4c8e0b3eadcfdbc44ba6e4][15360]
Proc C:\WINDOWS\system32\CTsvcCDA.EXE[3c8b6609712f4ff78e521f6dcfc4032b][44032]
Proc C:\WINDOWS\system32\lsass.exe[91e6024d6d4dcdecdb36c43ecf9bbecb][13312]
Proc C:\WINDOWS\system32\nvsvc32.exe[f6fca6047879de7a2964757eb8b2101b][127043]
Proc C:\WINDOWS\system32\PnkBstrA.exe[717cd412d73ac88b91e303bc41562757][63040]
Proc C:\WINDOWS\system32\rundll32.exe[93ad0b78c7357a05f50e594ec7c22300][33792]
Proc C:\WINDOWS\system32\services.exe[54cb50058851d95e56ec70d09f70857f][109056]
Proc C:\WINDOWS\system32\spoolsv.exe[460e4ce148bd07218da0b6a3d31885a9][57856]
Proc C:\WINDOWS\system32\svchost.exe[e4bdf223cd75478bf44567b4d5c2634d][14336]
Proc C:\WINDOWS\system32\WgaTray.exe[e5b1a7ca3caace7fc0fe37de67184269][337280]
Proc C:\WINDOWS\vVX1000.exe[12b75ba69af22947e824526febd2c36c][707376]
RegRun c:\progra~1\avg\avg8\avgtray.exe[1fc8b35e97123a9df64f092da8784e4c][1601304]
RegRun c:\progra~1\billps~1\winpat~1\winpatrol.exe[79e0c6f3846b659745da7cda53f14959][222784]
RegRun c:\progra~1\nero\neroph~1\data\xtras\mssysmgr.exe[1ce6d169317bc374704cc0934a110e45][249856]
RegRun c:\program files\adobe\reader 8.0\reader\reader_sl.exe[8b9145d229d4e89d15acb820d4a3a90f][39792]
RegRun c:\program files\ati technologies\ati control panel\atiptaxx.exe[76e9ecd6253bd9d1549cbe32621ad897][335872]
RegRun c:\program files\creative\mediasource\detector\ctdetect.exe [c744293dfbe1a3347fec5dbfe3fd123e][102400]
RegRun c:\program files\fichiers communs\logishrd\lcommgr\communications_helper.exe[be97f174cebeb029f28ff06cb16d70cf][563984]
RegRun c:\program files\itunes\ituneshelper.exe[e6a4e341e4304b34aa280d3e73818c90][290088]
RegRun c:\program files\java\jre6\bin\jusched.exe[b98ffa8288efaabc436c30d198608345][136600]
RegRun c:\program files\lavasoft\ad-aware\aawtray.exe[a7035c7d3aaa24c5d71d6b5506f2d704][515416]
RegRun c:\program files\logitech\quickcam\quickcam.exe [5cd7b01284e6b2e017f49a0f694e0933][2027792]
RegRun c:\program files\quicktime\qttask.exe [0ab3c83fcb8ef6f56e4fb22089f0d3b9][413696]
RegRun c:\program files\scansoft\omnipagese\opware32.exe[bb272fcbc0fcf0bf43fe75d81ec17899][49152]
RegRun c:\program files\spyware terminator\spywareterminatorshield.exe[239142a71af0d4b596a9b429ebb35646][1783808]
RegRun c:\windows\system32\ctfmon.exe[59dc5bb82e4c8e0b3eadcfdbc44ba6e4][15360]
RegRun c:\windows\system32\nvcpl.dll[5641422c0f9160559dee3c92cb9ca192][6803456]
RegRun c:\windows\system32\nvmctray.dll[0ac8384cc58a993b8349b16500f5c2e1][86016]
RegRun c:\windows\system32\spool\drivers\w32x86\3\e_faticae.exe [c815c123b51253e3e38d44da87656124][180736]
RegRun c:\windows\system32\sw24.exe[32441ee0606c4e375dc46743489fb817][69632]
RegRun c:\windows\vvx1000.exe[12b75ba69af22947e824526febd2c36c][707376]
Service c:\documents and settings\all users\application data\epson\epw!3 ssrp\e_s40rp7.exe[8fe6ab59cab8f2c038fea9522a5eeba7][113664]
Service c:\progra~1\avg\avg8\avgemc.exe[da3c6d8a8b81ab4031a7db3d0d66cb21][903960]
Service c:\progra~1\avg\avg8\avgwdsvc.exe[c661b44d8e12ea95f51baf2aeff6364b][298264]
Service c:\program files\bonjour\mdnsresponder.exe[3f56903e124e820aeece6d471583c6c1][238888]
Service c:\program files\fichiers communs\apple\mobile device support\bin\applemobiledeviceservice.exe[a8aa9d47f971570a5162b862b80f87e8][132424]
Service c:\program files\fichiers communs\installshield\driver\11\intel 32\idrivert.exe[1cf03c69b49acb70c722df92755c0c8c][69632]
Service c:\program files\fichiers communs\logishrd\lvcomser\lvcomser.exe[14e4cc4d46169759d874f57604ea6be5][186904]
Service c:\program files\fichiers communs\logishrd\lvmvfm\lvprcsrv.exe[b2d04e813ba12ab179daf0b9fdecba3d][137752]
Service c:\program files\fichiers communs\logishrd\srvlnch\srvlnch.exe[a7a2ef5000007ca361da1e2b99df8c57][141848]
Service c:\program files\fichiers communs\microsoft shared\vs7debug\mdm.exe[b06c4c1a5ab7867363922f771ac6af05][270336]
Service c:\program files\ipod\bin\ipodservice.exe[62937a89470af8ff172f0980ca8aefc9][536872]
Service c:\program files\java\jre6\bin\jqs.exe [32192b4ebe8720ed8d49a455c962cb91][152984]
Service c:\program files\kerio\personal firewall 4\kpf4ss.exe[e7a74cea1d5e6ce0ea5ad7d5c31a0d34][1617920]
Service c:\program files\lavasoft\ad-aware\aawservice.exe[4bfd99ef6cc3af080808d55ab2778195][951632]
Service c:\program files\spyware terminator\sp_rsser.exe[3629f229f8c1c1e960087cc878ad2f9a][570880]
Service c:\program files\widcomm\logiciel bluetooth\bin\btwdins.exe[14ed6f66e516ef4ba45052c232a2350c][254007]
Service c:\program files\windows live\installer\wlsetupsvc.exe[94a85e956a065e23e0010a6a7826243b][266240]
Service c:\program files\windows live\messenger\usnsvc.exe[9d19b042a4fd5c02195071ea2fe0c821][98328]
Service c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe[d33c507942299753868204cc7642fa27][29896]
Service c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe[3c4d595e7f9b747325aef28b4adcaae5][66240]
Service c:\windows\system32\alg.exe[5e9a6658a2a69ae7eb195113b7a2e7a9][44544]
Service c:\windows\system32\ati2evxx.exe[74861e44690029bf25a99cf1aadcd8f4][385024]
Service c:\windows\system32\ati2sgag.exe[2894fdf1dd95ac9fbd77485260d566a3][516096]
Service c:\windows\system32\cisvc.exe[793ef38a5fd086c3c8e48a8a861562ed][5632]
Service c:\windows\system32\clipsrv.exe[8b30cbb0c07d49b2658fb190946b0e7e][33280]
Service c:\windows\system32\ctsvccda.exe[3c8b6609712f4ff78e521f6dcfc4032b][44032]
Service c:\windows\system32\dllhost.exe [0dad93bb0fecf5016ae3c06cbb0a873b][5120]
Service c:\windows\system32\dmadmin.exe [ead2b8aaeb16e538106d295cd7bd7a48][225280]
Service c:\windows\system32\imapi.exe[c4221678bbaa55239c23632875759961][150528]
Service c:\windows\system32\locator.exe[499c59a2584f6d4ea41e944da571d993][75264]
Service c:\windows\system32\lsass.exe[91e6024d6d4dcdecdb36c43ecf9bbecb][13312]
Service c:\windows\system32\mnmsrvc.exe[d3a2870cd96cda7bcff3dc54f64087ad][32768]
Service c:\windows\system32\msdtc.exe[8648d670ae0d95c95e7bbb5b80661796][6144]
Service c:\windows\system32\msiexec.exe [0411f7ee63ae48d2918ab4f2c79ab6c4][78848]
Service c:\windows\system32\netdde.exe[5c9b1d83755b36237b70f95df3d46a52][114176]
Service c:\windows\system32\nvsvc32.exe[f6fca6047879de7a2964757eb8b2101b][127043]
Service c:\windows\system32\pnkbstra.exe[717cd412d73ac88b91e303bc41562757][63040]
Service c:\windows\system32\pnkbstrb.exe[ecbbdf9c191bcd07fab7f37dfb5472f2][99904]
Service c:\windows\system32\rsvp.exe[414964844f4793acb868d057e8ed997e][132608]
Service c:\windows\system32\scardsvr.exe[67949cc8a865296c1333c96a4e1a2d66][100352]
Service c:\windows\system32\services.exe[54cb50058851d95e56ec70d09f70857f][109056]
Service c:\windows\system32\sessmgr.exe[9f63d9c5b238ed1c375d417eff3d5be7][142848]
Service c:\windows\system32\smlogsvc.exe[0899061318a6b1d9596aabfc77f45e44][93184]
Service c:\windows\system32\spoolsv.exe[460e4ce148bd07218da0b6a3d31885a9][57856]
Service c:\windows\system32\svchost.exe [e4bdf223cd75478bf44567b4d5c2634d][14336]
Service c:\windows\system32\tlntsvr.exe[d859a9d2f026ce5804485068ffd6eaf2][75264]
Service c:\windows\system32\ups.exe[1edc93d7bd731b5ca6248ae245099b60][18432]
Service c:\windows\system32\vssvc.exe[5a4da252b2c0550ab83d129c02cf6c19][295424]
Service c:\windows\system32\wbem\wmiapsrv.exe[4e8e8a58f56b25d0795f484e5eb7f898][126464]
Service c:\windows\system32\wdfmgr.exe[ab0a7ca90d9e3d6a193905dc1715ded0][38912]
Startup c:\documents and settings\all users\menu démarrer\programmes\démarrage\desktop.ini[d6a6856702e3f0953e7246a9b4a9fe35][84]
Startup c:\documents and settings\blandine\menu démarrer\programmes\démarrage\desktop.ini[d6a6856702e3f0953e7246a9b4a9fe35][84]
Startup c:\program files\adobe\reader 8.0\reader\adobecollabsync.exe[1c1c6abbc3408a373c731ec3f41eae16][738968]
Startup c:\program files\adobe\reader 8.0\reader\reader_sl.exe[8b9145d229d4e89d15acb820d4a3a90f][39792]
Startup c:\program files\msn pictures displayer\msn pictures displayer.exe[4a5d24ad04776f047d99b8dacca2bbea][4708352]
System.ini c:\windows\system32\wdfmgr.exe[ab0a7ca90d9e3d6a193905dc1715ded0][38912]

Je pense que oui puisque j'ai cliqué sur "fix". Dois je vérifier en relançant un nouveau scan ?

Dans l'attente d'une réponse, j'ai finalement relancé un scan et je confirme, rien n'a été retrouvé donc infection supprimée.

voici le rapport, infecté malheureusement !

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, March 30, 2009 2:01:00 AM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
Kaspersky On-line Scanner version : 5.0.84.2
Dernière mise à jour de la base antivirus Kaspersky : 29/03/2009
Enregistrements dans la base antivirus Kaspersky : 1985370
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: étendue
Analyser les archives: vrai
Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
A:\
C:\
D:\
E:\

Statistiques de l'analyse:
Total d'objets analysés: 113261
Nombre de virus trouvés: 2
Nombre d'objets infectés: 11 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 01:52:37

Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcfg.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgldr.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgns.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsrm.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgui.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\avg8\Log\commonpriv.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\6b9e341eb6f8a859a7face9e7a2b876f_5e389d3f-7ebd-4583-88be-49f6c0d60ab0 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\7c9fe119cf1aeeb6756b8f3cb6be7ed3_5e389d3f-7ebd-4583-88be-49f6c0d60ab0 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Blandine\Application Data\Mozilla\Firefox\Profiles\quvmv9fb.default\cookiesnew.txt L'objet est verrouillé ignoré
C:\Documents and Settings\Blandine\Bureau\MSN Pictures Displayer.plsc/runmsnpd.dll Infecté : Trojan-Spy.Win32.Delf.dda ignoré
C:\Documents and Settings\Blandine\Bureau\MSN Pictures Displayer.plsc ZIP: infecté - 1 ignoré
C:\Documents and Settings\Blandine\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Blandine\Local Settings\Application Data\Microsoft\Messenger\blandinebs@yahoo.fr\Sharing Folders\mathieu_deltour@hotmail.com\msn special.zip/msn spesial.exe/Stream/data0010 Infecté : Trojan-Spy.Win32.SpyAgent.e ignoré
C:\Documents and Settings\Blandine\Local Settings\Application Data\Microsoft\Messenger\blandinebs@yahoo.fr\Sharing Folders\mathieu_deltour@hotmail.com\msn special.zip/msn spesial.exe/Stream Infecté : Trojan-Spy.Win32.SpyAgent.e ignoré
C:\Documents and Settings\Blandine\Local Settings\Application Data\Microsoft\Messenger\blandinebs@yahoo.fr\Sharing Folders\mathieu_deltour@hotmail.com\msn special.zip/msn spesial.exe Infecté : Trojan-Spy.Win32.SpyAgent.e ignoré
C:\Documents and Settings\Blandine\Local Settings\Application Data\Microsoft\Messenger\blandinebs@yahoo.fr\Sharing Folders\mathieu_deltour@hotmail.com\msn special.zip ZIP: infecté - 3 ignoré
C:\Documents and Settings\Blandine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Blandine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Blandine\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Blandine\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Blandine\Mes documents\MSN Messenger\msn special.zip/msn spesial.exe/Stream/data0010 Infecté : Trojan-Spy.Win32.SpyAgent.e ignoré
C:\Documents and Settings\Blandine\Mes documents\MSN Messenger\msn special.zip/msn spesial.exe/Stream Infecté : Trojan-Spy.Win32.SpyAgent.e ignoré
C:\Documents and Settings\Blandine\Mes documents\MSN Messenger\msn special.zip/msn spesial.exe Infecté : Trojan-Spy.Win32.SpyAgent.e ignoré
C:\Documents and Settings\Blandine\Mes documents\MSN Messenger\msn special.zip ZIP: infecté - 3 ignoré
C:\Documents and Settings\Blandine\ntuser.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Blandine\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Kerio\Personal Firewall 4\logs\debug.log L'objet est verrouillé ignoré
C:\Program Files\Kerio\Personal Firewall 4\logs\debug.log.idx L'objet est verrouillé ignoré
C:\Program Files\Kerio\Personal Firewall 4\logs\error.log L'objet est verrouillé ignoré
C:\Program Files\Kerio\Personal Firewall 4\logs\error.log.idx L'objet est verrouillé ignoré
C:\Program Files\Kerio\Personal Firewall 4\logs\hips.log L'objet est verrouillé ignoré
C:\Program Files\Kerio\Personal Firewall 4\logs\hips.log.idx L'objet est verrouillé ignoré
C:\Program Files\Kerio\Personal Firewall 4\logs\ids.log L'objet est verrouillé ignoré
C:\Program Files\Kerio\Personal Firewall 4\logs\ids.log.idx L'objet est verrouillé ignoré
C:\Program Files\Kerio\Personal Firewall 4\logs\network.log L'objet est verrouillé ignoré
C:\Program Files\Kerio\Personal Firewall 4\logs\network.log.idx L'objet est verrouillé ignoré
C:\Program Files\Kerio\Personal Firewall 4\logs\system.log L'objet est verrouillé ignoré
C:\Program Files\Kerio\Personal Firewall 4\logs\system.log.idx L'objet est verrouillé ignoré
C:\Program Files\Kerio\Personal Firewall 4\logs\warning.log L'objet est verrouillé ignoré
C:\Program Files\Kerio\Personal Firewall 4\logs\warning.log.idx L'objet est verrouillé ignoré
C:\Program Files\Kerio\Personal Firewall 4\logs\web.log L'objet est verrouillé ignoré
C:\Program Files\Kerio\Personal Firewall 4\logs\web.log.idx L'objet est verrouillé ignoré
C:\Program Files\Messenger Plus! Live\Scripts\MSN Pictures Displayer\runmsnpd.dll Infecté : Trojan-Spy.Win32.Delf.dda ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{DCD1A44C-014B-4DAD-A757-193DAFFA6916}\RP560\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré

Analyse terminée.

Pour simple précision afin d'informer les personnes que tu aides qu'il y a 2 possibilités, sur mon ordi je passe en mode sans échec avec la touche F5.
Et voici le rapport :


[b]SDFix: Version 1.240 [/b]
Run by Blandine on 30/03/2009 at 19:22

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-30 19:31:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00025b01156d]
"001237650bff"=hex:01,cd,99,12,d6,b5,7d,c7,1a,42,38,65,de,fb,ff,2b
"0021d29001b0"=hex:b9,84,15,2a,94,49,e7,e7,ec,b2,8d,b2,81,c9,a4,46
"0017e82aca23"=hex:65,1d,77,bb,dc,3d,17,14,e1,b6,15,c8,aa,13,2f,52
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000ea1341da6]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00025b01156d]
"001237650bff"=hex:01,cd,99,12,d6,b5,7d,c7,1a,42,38,65,de,fb,ff,2b
"0021d29001b0"=hex:b9,84,15,2a,94,49,e7,e7,ec,b2,8d,b2,81,c9,a4,46
"0017e82aca23"=hex:65,1d,77,bb,dc,3d,17,14,e1,b6,15,c8,aa,13,2f,52
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000ea1341da6]

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"C:\\Program Files\\Trisnap Technologies\\SSI\\ssi.exe"="C:\\Program Files\\Trisnap Technologies\\SSI\\ssi.exe:*:Disabled:System Spyware InterrigatorTech Edition"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Messenger"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"="C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Sat 14 Apr 2007 44,170 ...H. --- "C:\Documents and Settings\Blandine\Local Settings\Application Data\CleanerFeatherOffice.exe"

[b]Finished![/b]

En ce qui concerne les trojans non retrouvés, j'ai peut être pas choisi la bonne session pour passer le scan de sd fix ? J'ai ouvert ma session à moi perso mais sur laquelle j'ai les droits administrateurs. A savoir qu'il y a une session administrateur et 2 autres pour mes fils.

Bonjour,
il n'y a pas de fichier de rapport de créer, en tout cas je n'en ai pas retrouvé !
sinon le scan a supprimé un virus dans g/:autorun.exe (de mémoire il me semble que c'était ça) et j'ai redémarré l'ordi puis refait un scan pour copier coller le log qui apparaissait à l'écran mais plus rien.
Mais je ne sais pas si j'ai bien fait : le scan n'affiche rien lorsque c'est terminé ? ça ne dure pas longtemps ? et la barre de recherche, en bas à gauche dans un rectangle, continue-t-elle toujours d'aller et venir sans cesse même si le scan est terminé ?
J'attends les prochaines instructions. Et merci en attendant.

Bonsoir Pimprenelle,

Comme je te vois sur le site de ccm depuis 18h30 et que je n'ai pas encore reçu de nouvelles consignes, je me permets de me rappeler à ton bon souvenir.
Merci

voilà je l'ai fait, en mettant mes clés USB l'une après l'autre, mais le scan a donné "ok, done" et rien d'autre pour les 2.
Par contre, avant ta réponse j'ai eu un message de spyware Terminatore que j'ai d'installer sur mon ordinateur comme quoi mon ordinateur était en danger et qu'il fallait installer web security guard (je ne l'avais pas activé cet option là). Donc je l'ai fait !

voici le rapport :

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.8.2572. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 01:06:57 04 avr. 2009
Using Database v7311
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Blandine\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Blandine\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus
AVG Anti-Virus
AVG Anti-Virus

************************************************************


************************************************************
01:06:58: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
01:06:58: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 26/07/2005 15:01
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 19/08/2004 16:10
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 19/08/2004 16:09
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: ATIPTA
Value Data: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
335872 bytes
Created: 08/05/2006 14:04
Modified: 25/11/2003 21:10
Company: ATI Technologies, Inc.
--------------------
Value Name: SW24
Value Data: C:\WINDOWS\system32\sw24.exe
C:\WINDOWS\system32\sw24.exe
-R- 69632 bytes
Created: 18/05/2006 15:03
Modified: 17/05/2006 04:37
Company: [no info]
--------------------
Value Name: nwiz
Value Data: nwiz.exe /install
C:\WINDOWS\system32\nwiz.exe
1519616 bytes
Created: 15/06/2005 11:20
Modified: 15/06/2005 17:20
Company: NVIDIA Corporation
--------------------
Value Name: BluetoothAuthenticationAgent
Value Data: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
C:\WINDOWS\system32\bthprops.cpl
110592 bytes
Created: 19/08/2004 16:10
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
6803456 bytes
Created: 15/06/2005 11:20
Modified: 15/06/2005 17:20
Company: NVIDIA Corporation
--------------------
Value Name: WinPatrol
Value Data: C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
222784 bytes
Created: 19/05/2007 20:35
Modified: 15/11/2005 13:50
Company: BillP Studios
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
86016 bytes
Created: 15/06/2005 11:20
Modified: 15/06/2005 17:20
Company: NVIDIA Corporation
--------------------
Value Name: Omnipage
Value Data: C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
49152 bytes
Created: 20/02/2002 20:01
Modified: 20/02/2002 20:01
Company: ScanSoft, Inc
--------------------
Value Name: LogitechCommunicationsManager
Value Data: "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
563984 bytes
Created: 25/07/2007 17:02
Modified: 25/07/2007 17:02
Company: Logitech Inc.
--------------------
Value Name: SpywareTerminator
Value Data: "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
1783808 bytes
Created: 21/02/2008 01:24
Modified: 07/09/2008 15:48
Company: Crawler.com
--------------------
Value Name: LogitechQuickCamRibbon
Value Data: "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
C:\Program Files\Logitech\QuickCam\Quickcam.exe
2027792 bytes
Created: 25/07/2007 17:06
Modified: 25/07/2007 17:06
Company: Logitech Inc.
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
39792 bytes
Created: 11/01/2008 22:16
Modified: 11/01/2008 22:16
Company: Adobe Systems Incorporated
--------------------
Value Name: AVG8_TRAY
Value Data: C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
1601304 bytes
Created: 02/07/2008 23:44
Modified: 29/01/2009 20:41
Company: AVG Technologies CZ, s.r.o.
--------------------
Value Name: Ad-Watch
Value Data: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
515416 bytes
Created: 18/01/2009 23:34
Modified: 08/03/2009 22:10
Company: Lavasoft
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
C:\Program Files\QuickTime\QTTask.exe
413696 bytes
Created: 05/01/2009 17:18
Modified: 05/01/2009 17:18
Company: Apple Inc.
--------------------
Value Name: iTunesHelper
Value Data: "C:\Program Files\iTunes\iTunesHelper.exe"
C:\Program Files\iTunes\iTunesHelper.exe
290088 bytes
Created: 06/01/2009 14:06
Modified: 06/01/2009 14:06
Company: Apple Inc.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre6\bin\jusched.exe"
C:\Program Files\Java\jre6\bin\jusched.exe
148888 bytes
Created: 05/02/2009 20:03
Modified: 09/03/2009 05:19
Company: Sun Microsystems, Inc.
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1213320 bytes
Created: 04/04/2009 01:02
Modified: 04/04/2009 01:04
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 19/08/2004 16:09
Modified: 14/04/2008 04:33
Company: Microsoft Corporation
--------------------
Value Name: EPSON Stylus DX4400 Series
Value Data: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S45D.tmp" /EF "HKCU"
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
180736 bytes
Created: 18/01/2008 23:49
Modified: 01/03/2007 08:01
Company: SEIKO EPSON CORPORATION
--------------------
Value Name: Nero PhotoShow Media Manager
Value Data: C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe
C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe
249856 bytes
Created: 25/02/2007 16:04
Modified: 10/05/2006 21:52
Company: Nero AG / Nero Inc.
--------------------
Value Name: Creative Detector
Value Data: C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
102400 bytes
Created: 25/11/2006 17:58
Modified: 02/12/2004 19:23
Company: Creative Technology Ltd
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
01:07:05: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
01:07:05: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
01:07:05: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\logon.scr
221696 bytes
Created: 19/08/2004 16:10
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
--------------------

************************************************************
01:07:05: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
C:\WINDOWS\INF\wmp10.inf
34820 bytes
Created: 27/05/2006 11:23
Modified: 11/08/2004 20:49
Company: [no info]
----------

************************************************************
01:07:06: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: BthServ
Path: %SystemRoot%\System32\bthserv.dll
C:\WINDOWS\System32\bthserv.dll
30208 bytes
Created: 19/08/2004 16:09
Modified: 14/04/2008 04:33
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************************
01:07:08: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AmdK7
ImagePath: system32\DRIVERS\amdk7.sys
C:\WINDOWS\system32\DRIVERS\amdk7.sys
41856 bytes
Created: 26/07/2005 15:44
Modified: 14/04/2008 03:54
Company: Microsoft Corporation
----------
Key: Apple Mobile Device
ImagePath: "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
132424 bytes
Created: 07/11/2008 15:28
Modified: 07/11/2008 15:28
Company: Apple Inc.
----------
Key: ATI Smart
ImagePath: C:\WINDOWS\system32\ati2sgag.exe
C:\WINDOWS\system32\ati2sgag.exe
516096 bytes
Created: 08/05/2006 14:04
Modified: 02/12/2003 21:10
Company:
----------
Key: avg8emc
ImagePath: C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
903960 bytes
Created: 02/07/2008 23:44
Modified: 29/01/2009 20:41
Company: AVG Technologies CZ, s.r.o.
----------
Key: avg8wd
ImagePath: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
298264 bytes
Created: 02/07/2008 23:44
Modified: 29/01/2009 20:41
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgLdx86
ImagePath: \SystemRoot\System32\Drivers\avgldx86.sys
C:\WINDOWS\System32\Drivers\avgldx86.sys
325128 bytes
Created: 08/06/2008 18:55
Modified: 29/01/2009 20:41
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgMfx86
ImagePath: \SystemRoot\System32\Drivers\avgmfx86.sys
C:\WINDOWS\System32\Drivers\avgmfx86.sys
27656 bytes
Created: 27/11/2006 00:05
Modified: 29/01/2009 20:41
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgTdiX
ImagePath: \SystemRoot\System32\Drivers\avgtdix.sys
C:\WINDOWS\System32\Drivers\avgtdix.sys
107272 bytes
Created: 08/06/2008 18:55
Modified: 29/01/2009 20:41
Company: AVG Technologies CZ, s.r.o.
----------
Key: Bonjour Service
ImagePath: "C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Program Files\Bonjour\mDNSResponder.exe
238888 bytes
Created: 12/12/2008 12:17
Modified: 12/12/2008 12:17
Company: Apple Inc.
----------
Key: BthEnum
ImagePath: system32\DRIVERS\BthEnum.sys
C:\WINDOWS\system32\DRIVERS\BthEnum.sys
17024 bytes
Created: 03/09/2006 17:40
Modified: 13/04/2008 20:46
Company: Microsoft Corporation
----------
Key: BTHMODEM
ImagePath: system32\DRIVERS\bthmodem.sys
C:\WINDOWS\system32\DRIVERS\bthmodem.sys
37888 bytes
Created: 03/09/2006 17:52
Modified: 13/04/2008 20:46
Company: Microsoft Corporation
----------
Key: BthPan
ImagePath: system32\DRIVERS\bthpan.sys
C:\WINDOWS\system32\DRIVERS\bthpan.sys
101120 bytes
Created: 03/09/2006 17:40
Modified: 13/04/2008 20:51
Company: Microsoft Corporation
----------
Key: BTHPORT
ImagePath: System32\Drivers\BTHport.sys
C:\WINDOWS\System32\Drivers\BTHport.sys
272768 bytes
Created: 03/09/2006 17:40
Modified: 14/06/2008 19:33
Company: Microsoft Corporation
----------
Key: BTHUSB
ImagePath: System32\Drivers\BTHUSB.sys
C:\WINDOWS\System32\Drivers\BTHUSB.sys
18944 bytes
Created: 03/09/2006 17:40
Modified: 13/04/2008 20:46
Company: Microsoft Corporation
----------
Key: BTPCH4
ImagePath: System32\Drivers\BTPCH4.SYS
C:\WINDOWS\System32\Drivers\BTPCH4.SYS
31776 bytes
Created: 29/11/2004 19:32
Modified: 29/11/2004 19:32
Company: Broadcom Corporation.
----------
Key: BTSERIAL
ImagePath: \??\C:\WINDOWS\system32\drivers\btserial.sys
C:\WINDOWS\system32\drivers\btserial.sys
23271 bytes
Created: 29/11/2004 19:34
Modified: 29/11/2004 19:34
Company: Broadcom Corporation.
----------
Key: BTSLBCSP
ImagePath: \??\C:\WINDOWS\system32\drivers\btslbcsp.sys
C:\WINDOWS\system32\drivers\btslbcsp.sys
222876 bytes
Created: 29/11/2004 19:34
Modified: 29/11/2004 19:34
Company: Broadcom Corporation.
----------
Key: btwdins
ImagePath: C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
254007 bytes
Created: 29/11/2004 19:50
Modified: 29/11/2004 19:50
Company: Broadcom Corporation.
----------
Key: catchme
ImagePath: \??\C:\DOCUME~1\Blandine\LOCALS~1\Temp\catchme.sys - this file is globally excluded
----------
Key: driverhardwarev2
ImagePath: \??\C:\Program Files\HardwareDetection\driverhardwarev2.sys
C:\Program Files\HardwareDetection\driverhardwarev2.sys
7168 bytes
Created: 20/07/2006 11:43
Modified: 20/07/2006 11:43
Company: [no info]
----------
Key: EPSON_PM_RPCV4_01
ImagePath: C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
113664 bytes
Created: 18/01/2008 23:49
Modified: 11/01/2007 06:02
Company: SEIKO EPSON CORPORATION
----------
Key: fwdrv
ImagePath: \SystemRoot\system32\drivers\fwdrv.sys
C:\WINDOWS\system32\drivers\fwdrv.sys
286720 bytes
Created: 26/09/2005 11:05
Modified: 26/09/2005 11:05
Company: Kerio Technologies
----------
Key: GMSIPCI
ImagePath: \??\E:\INSTALL\GMSIPCI.SYS - this file is globally excluded
----------
Key: IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
69632 bytes
Created: 04/04/2005 01:41
Modified: 04/04/2005 01:41
Company: Macrovision Corporation
----------
Key: JavaQuickStarterService
ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
C:\Program Files\Java\jre6\bin\jqs.exe
152984 bytes
Created: 05/02/2009 20:03
Modified: 09/03/2009 05:19
Company: Sun Microsystems, Inc.
----------
Key: khips
ImagePath: \SystemRoot\system32\drivers\khips.sys
C:\WINDOWS\system32\drivers\khips.sys
81920 bytes
Created: 26/09/2005 11:05
Modified: 26/09/2005 11:05
Company:
----------
Key: KPF4
ImagePath: "C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe"
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
1617920 bytes
Created: 10/10/2005 09:58
Modified: 10/10/2005 09:58
Company: Kerio Technologies
----------
Key: Lavasoft Ad-Aware Service
ImagePath: "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe"
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
951632 bytes
Created: 18/01/2009 23:34
Modified: 09/03/2009 22:10
Company: Lavasoft
----------
Key: Lbd
ImagePath: system32\DRIVERS\Lbd.sys
C:\WINDOWS\system32\DRIVERS\Lbd.sys
64160 bytes
Created: 25/01/2009 22:10
Modified: 25/01/2009 22:09
Company: Lavasoft AB
----------
Key: LVcKap
ImagePath: system32\DRIVERS\LVcKap.sys
C:\WINDOWS\system32\DRIVERS\LVcKap.sys
2109592 bytes
Created: 20/07/2007 01:37
Modified: 20/07/2007 01:37
Company: Logitech Inc.
----------
Key: LVCOMSer
ImagePath: "C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe"
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
186904 bytes
Created: 20/07/2007 01:38
Modified: 20/07/2007 01:38
Company: Logitech Inc.
----------
Key: LVMVDrv
ImagePath: system32\DRIVERS\LVMVDrv.sys
C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
2142488 bytes
Created: 20/07/2007 01:39
Modified: 20/07/2007 01:39
Company: Logitech Inc.
----------
Key: LVPr2Mon
ImagePath: system32\DRIVERS\LVPr2Mon.sys
C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
25624 bytes
Created: 18/07/2007 18:42
Modified: 18/07/2007 18:42
Company: Logitech Inc.
----------
Key: LVPrcSrv
ImagePath: "C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe"
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
137752 bytes
Created: 20/07/2007 01:40
Modified: 20/07/2007 01:40
Company: Logitech Inc.
----------
Key: LVSrvLauncher
ImagePath: C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
141848 bytes
Created: 20/07/2007 01:42
Modified: 20/07/2007 01:42
Company: Logitech Inc.
----------
Key: LVUSBSta
ImagePath: system32\DRIVERS\LVUSBSta.sys
C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
41752 bytes
Created: 12/10/2007 03:00
Modified: 12/10/2007 03:00
Company: Logitech Inc.
----------
Key: MBAMCatchMe
ImagePath: \??\C:\WINDOWS\system32\drivers\mbamcatchme.sys
C:\WINDOWS\system32\drivers\mbamcatchme.sys - [file not found to scan]
----------
Key: MDM
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
270336 bytes
Created: 23/02/2001 10:07
Modified: 23/02/2001 10:07
Company: Microsoft Corporation
----------
Key: MSCamSvc
ImagePath: "C:\Program Files\Microsoft LifeCam\MSCamS32.exe"
C:\Program Files\Microsoft LifeCam\MSCamS32.exe - [file not found to scan]
----------
Key: NMIndexingService
ImagePath: "C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe"
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe - [file not found to scan]
----------
Key: nvatabus
ImagePath: system32\DRIVERS\nvatabus.sys
C:\WINDOWS\system32\DRIVERS\nvatabus.sys
89856 bytes
Created: 21/04/2006 23:05
Modified: 11/02/2005 18:11
Company: NVIDIA Corporation
----------
Key: nvax
ImagePath: system32\drivers\nvax.sys
C:\WINDOWS\system32\drivers\nvax.sys
-R- 38784 bytes
Created: 21/04/2006 21:23
Modified: 24/10/2003 05:38
Company: NVIDIA Corporation
----------
Key: nvcchflt
ImagePath: system32\DRIVERS\nvcchflt.sys
C:\WINDOWS\system32\DRIVERS\nvcchflt.sys
16640 bytes
Created: 21/04/2006 23:05
Modified: 11/02/2005 18:11
Company: NVIDIA Corporation
----------
Key: NVENET
ImagePath: system32\DRIVERS\NVENET.sys
C:\WINDOWS\system32\DRIVERS\NVENET.sys
-R- 80896 bytes
Created: 21/04/2006 21:23
Modified: 27/11/2002 14:52
Company: NVIDIA Corporation
----------
Key: nvnforce
ImagePath: system32\drivers\nvapu.sys
C:\WINDOWS\system32\drivers\nvapu.sys
-R- 311936 bytes
Created: 21/04/2006 21:23
Modified: 24/10/2003 05:38
Company: NVIDIA Corporation
----------
Key: nv_agp
ImagePath: system32\DRIVERS\nv_agp.sys
C:\WINDOWS\system32\DRIVERS\nv_agp.sys
-R- 18688 bytes
Created: 21/04/2006 21:23
Modified: 19/03/2003 09:51
Company: NVIDIA Corporation
----------
Key: PfModNT
ImagePath: \??\C:\WINDOWS\system32\drivers\PfModNT.sys
C:\WINDOWS\system32\drivers\PfModNT.sys
71596 bytes
Created: 25/11/2006 17:58
Modified: 03/06/2004 13:10
Company: Creative Technology Ltd.
----------
Key: PID_PEPI
ImagePath: system32\DRIVERS\LV302V32.SYS
C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
1279000 bytes
Created: 12/10/2007 02:56
Modified: 12/10/2007 02:56
Company: Logitech Inc.
----------
Key: PnkBstrA
ImagePath: C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrA.exe
63040 bytes
Created: 18/04/2007 16:13
Modified: 18/04/2007 16:13
Company: [no info]
----------
Key: PnkBstrB
ImagePath: C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PnkBstrB.exe
99904 bytes
Created: 18/04/2007 16:14
Modified: 18/04/2007 16:13
Company: [no info]
----------
Key: RFCOMM
ImagePath: system32\DRIVERS\rfcomm.sys
C:\WINDOWS\system32\DRIVERS\rfcomm.sys
59136 bytes
Created: 03/09/2006 17:40
Modified: 13/04/2008 20:46
Company: Microsoft Corporation
----------
Key: sfdrv01
ImagePath: System32\drivers\sfdrv01.sys
C:\WINDOWS\System32\drivers\sfdrv01.sys
50688 bytes
Created: 10/08/2005 14:44
Modified: 10/08/2005 14:44
Company: Protection Technology
----------
Key: sfhlp02
ImagePath: System32\drivers\sfhlp02.sys
C:\WINDOWS\System32\drivers\sfhlp02.sys
6656 bytes
Created: 16/05/2005 15:20
Modified: 16/05/2005 15:20
Company: Protection Technology
----------
Key: sfsync02
ImagePath: System32\drivers\sfsync02.sys
C:\WINDOWS\System32\drivers\sfsync02.sys
19968 bytes
Created: 10/08/2005 16:06
Modified: 10/08/2005 16:06
Company: Protection Technology
----------
Key: sp_rsdrv2
ImagePath: \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
141312 bytes
Created: 21/02/2008 01:24
Modified: 04/05/2008 15:48
Company: Crawler.com
----------
Key: sp_rssrv
ImagePath: "C:\Program Files\Spyware Terminator\sp_rsser.exe"
C:\Program Files\Spyware Terminator\sp_rsser.exe
570880 bytes
Created: 21/02/2008 01:24
Modified: 07/09/2008 15:48
Company: Crawler.com
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{129BE9EB-F572-4523-A460-2693E3BCD5D9}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 19/08/2004 16:09
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
----------
Key: SysEnforce
ImagePath: C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE - [file not found to scan]
----------
Key: truecrypt
ImagePath: System32\drivers\truecrypt.sys
C:\WINDOWS\System32\drivers\truecrypt.sys
223424 bytes
Created: 01/05/2008 23:05
Modified: 01/05/2008 23:05
Company: TrueCrypt Foundation
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18/10/2007 12:31
Modified: 18/10/2007 12:31
Company: Microsoft Corporation
----------
Key: VX1000
ImagePath: system32\DRIVERS\VX1000.sys
C:\WINDOWS\system32\DRIVERS\VX1000.sys
1966000 bytes
Created: 30/06/2006 01:42
Modified: 13/10/2006 18:04
Company: Microsoft Corporation
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25/10/2007 16:27
Modified: 25/10/2007 16:27
Company: Microsoft Corporation
----------

************************************************************
01:07:27: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:

************************************************************
01:07:27: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : avgrsstarter
DLLName: avgrsstx.dll
C:\WINDOWS\system32\avgrsstx.dll
10520 bytes
Created: 02/07/2008 23:44
Modified: 29/01/2009 20:41
Company: AVG Technologies CZ, s.r.o.
----------

************************************************************
01:07:28: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVG8 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Program Files\AVG\AVG8\avgse.dll
C:\Program Files\AVG\AVG8\avgse.dll
117528 bytes
Created: 02/07/2008 23:44
Modified: 29/01/2009 20:41
Company: AVG Technologies CZ, s.r.o.
----------
Key: EPPShellEx
CLSID: {509FE1AF-ADD5-49EC-BC55-7CF81FD16E78}
Path: C:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll
C:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll
69632 bytes
Created: 18/01/2008 23:52
Modified: 13/04/2006 20:44
Company: SEIKO EPSON CORPORATION
----------
Key: LavasoftShellExt
CLSID: {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}
Path: C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
82272 bytes
Created: 18/01/2009 23:34
Modified: 08/03/2009 22:10
Company:
----------
Key: SPTContMenu
CLSID: {BD88A479-9623-4897-8546-BC62B9628F44}
Path: C:\Program Files\Spyware Terminator\sptcontmenu.dll
C:\Program Files\Spyware Terminator\sptcontmenu.dll
164352 bytes
Created: 21/02/2008 01:24
Modified: 21/02/2008 01:24
Company: Crawler.com
----------
Key: VIDEOTRANS
CLSID: {C8CA0A66-AF32-4D5E-879E-F0809ACEDC55}
Path: C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\AmvTransform.dll
C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\AmvTransform.dll
32768 bytes
Created: 22/07/2005 09:21
Modified: 22/07/2005 09:21
Company:
----------
Key: Yahoo! Mail
CLSID: {5464D816-CF16-4784-B9F3-75C0DB52B499}
Path: C:\PROGRA~1\Yahoo!\Common\ymmapi2005010104.dll
C:\PROGRA~1\Yahoo!\Common\ymmapi2005010104.dll
190496 bytes
Created: 01/06/2007 19:58
Modified: 30/10/2006 14:50
Company: Yahoo! Inc.
----------

************************************************************
01:07:29: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {7D4D6379-F301-4311-BEBA-E26EB0561882}
File: [CLSID does not appear to reference a file]
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
372736 bytes
Created: 10/05/2007 22:54
Modified: 10/05/2007 22:54
Company: Adobe Systems, Inc.
----------

************************************************************
01:07:29: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created: 22/10/2006 23:08
Modified: 22/10/2006 23:08
Company: Adobe Systems Incorporated
----------
Key: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
BHO: C:\PROGRA~1\Crawler\ctbr.dll
C:\PROGRA~1\Crawler\ctbr.dll
1196032 bytes
Created: 04/04/2009 00:05
Modified: 04/03/2009 06:38
Company: Crawler.com
----------
Key: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
BHO: C:\Program Files\AVG\AVG8\avgssie.dll
C:\Program Files\AVG\AVG8\avgssie.dll
1078552 bytes
Created: 02/07/2008 23:44
Modified: 29/01/2009 20:41
Company: AVG Technologies CZ, s.r.o.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
408440 bytes
Created: 17/02/2009 17:11
Modified: 17/02/2009 17:11
Company: Microsoft Corporation
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files\Java\jre6\bin\jp2ssv.dll
C:\Program Files\Java\jre6\bin\jp2ssv.dll
35840 bytes
Created: 05/02/2009 20:03
Modified: 09/03/2009 05:18
Company: Sun Microsystems, Inc.
----------
Key: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
BHO: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
73728 bytes
Created: 05/02/2009 20:03
Modified: 09/03/2009 05:18
Company: Sun Microsystems, Inc.
----------
Key: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}
BHO: C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
368640 bytes
Created: 18/01/2008 23:52
Modified: 21/02/2005 22:50
Company: SEIKO EPSON CORPORATION
----------

************************************************************
01:07:31: Scanning ----- SHELLSERVICEOBJECTS -----
Key: UPnPMonitor
CLSID: {e57ce738-33e8-4c51-8354-bb4de9d215d1}
Path: C:\WINDOWS\system32\upnpui.dll
C:\WINDOWS\system32\upnpui.dll
240128 bytes
Created: 19/08/2004 16:09
Modified: 14/04/2008 04:33
Company: Microsoft Corporation
----------

************************************************************
01:07:31: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
01:07:31: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
01:07:31: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************************
01:07:31: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
01:07:32: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
Adobe Reader Synchronizer.lnk - links to C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
738968 bytes
Created: 11/05/2007 00:29
Modified: 11/05/2007 00:29
Company: Adobe Systems Incorporated
--------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 21/04/2006 23:06
Modified: 21/04/2006 21:14
Company: [no info]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini - no action taken on this file
--------------------
Lancement rapide d'Adobe Reader.lnk - links to C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
39792 bytes
Created: 11/01/2008 22:16
Modified: 11/01/2008 22:16
Company: Adobe Systems Incorporated
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
01:07:32: Scanning ----- SCHEDULED TASKS -----
Taskname: Ad-Aware Update (Weekly).job
File: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
542568 bytes
Created: 18/01/2009 23:34
Modified: 08/03/2009 22:10
Company: Lavasoft
Parameters: update all silent
Next Run Time: 05/04/2009 21:10:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: SYSTEM
Comments: Cette opération permet d'effectuer une analyse planifiée avec Ad-Aware
----------
Taskname: AppleSoftwareUpdate.job
File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
566592 bytes
Created: 30/07/2008 12:34
Modified: 30/07/2008 12:34
Company: Apple Inc.
Parameters: -task
Next Run Time: 07/04/2009 19:25:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: SYSTEM
Comments: [blank]
----------
Taskname: Check Updates for Windows Live Toolbar.job
File: C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
Parameters: [blank]
Next Run Time: 04/04/2009 01:38:00
Status: La tâche n'a pas encore été exécutée
Creator: Blandine
Comments: This task was created by the MSN Toolbar Installer
C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE - [file not found to scan]
----------
Taskname: Schedule Task Weekly.job
File: C:\Program Files\Registry Easy\RE.exe
Parameters: -Scan
Next Run Time: 09/04/2009 12:00:00
Status: La tâche n'a pas encore été exécutée
Creator: Blandine
Comments: Runs Registry Easy at Scheduled Time.
C:\Program Files\Registry Easy\RE.exe - [file not found to scan]
----------

************************************************************
01:07:33: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
01:07:33: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: VIDC.I420
File: lvcodec2.dll
C:\WINDOWS\system32\lvcodec2.dll
416280 bytes
Created: 12/10/2007 02:57
Modified: 12/10/2007 02:57
Company: Logitech Inc.
----------
Value: vidc.VP60
File: C:\WINDOWS\system32\vp6vfw.dll
C:\WINDOWS\system32\vp6vfw.dll
-R- 442368 bytes
Created: 22/04/2006 11:42
Modified: 18/08/2004 05:14
Company: On2.com
----------
Value: msacm.siren
File: sirenacm.dll
C:\WINDOWS\system32\sirenacm.dll
51224 bytes
Created: 02/12/2008 23:37
Modified: 18/10/2007 12:31
Company: Microsoft Corporation
----------
Value: msacm.lameacm
File: LameACM.acm
C:\WINDOWS\system32\LameACM.acm
188416 bytes
Created: 10/05/2006 22:41
Modified: 10/05/2006 22:41
Company: http://www.mp3dev.org/
----------
Value: msacm.lhacm
File: lhacm.acm
C:\WINDOWS\system32\lhacm.acm
34064 bytes
Created: 24/12/2006 19:52
Modified: 24/12/2006 19:52
Company: Microsoft Corporation
----------
Value: msacm.voxacm160
File: vct3216.acm
C:\WINDOWS\system32\vct3216.acm
82944 bytes
Created: 11/02/2007 15:58
Modified: 22/05/2003 00:50
Company: Voxware, Inc.
----------
Value: msacm.alf2cd
File: alf2cd.acm
C:\WINDOWS\system32\alf2cd.acm
38912 bytes
Created: 11/02/2007 15:58
Modified: 22/05/2003 00:50
Company: NCT Company
----------
Value: msacm.ac3acm
File: AC3ACM.acm
C:\WINDOWS\system32\AC3ACM.acm
81920 bytes
Created: 11/02/2007 15:58
Modified: 04/02/2004 22:11
Company: fccHandler
----------
Value: vidc.dvsd
File: mcdvd_32.dll
C:\WINDOWS\system32\mcdvd_32.dll
261632 bytes
Created: 11/02/2007 15:58
Modified: 22/05/2003 00:50
Company: MainConcept
----------
Value: vidc.DIVX
File: DivX.dll
C:\WINDOWS\system32\DivX.dll
638976 bytes
Created: 11/02/2007 15:58
Modified: 22/05/2003 13:26
Company: DivXNetworks, Inc.
----------
Value: vidc.yv12
File: yv12vfw.dll
C:\WINDOWS\system32\yv12vfw.dll
70656 bytes
Created: 25/01/2004 18:18
Modified: 25/01/2004 18:18
Company: www.helixcommunity.org
----------

************************************************************
01:07:36: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
==============================
Restrictive Windows Explorer Policies found in force on this computer:
HKCU\Software\Microsoft\Internet Explorer\Download
CheckExeSignatures - default policy reset
RunInvalidSignatures - default policy reset
All Policy Values listed have been removed or reset
==============================
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\WINDOWS\Web\Wallpaper\soutien moral.bmp
C:\WINDOWS\Web\Wallpaper\soutien moral.bmp
264750 bytes
Created: 17/06/2007 01:36
Modified: 17/06/2007 01:39
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Blandine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 14/06/2007 22:03
Modified: 14/06/2007 22:03
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
----------
Additional checks completed

************************************************************
01:08:14: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 19/08/2004 16:10
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 19/08/2004 16:09
Modified: 14/04/2008 04:33
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\winlogon.exe
512000 bytes
Created: 19/08/2004 16:10
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\services.exe
109056 bytes
Created: 19/08/2004 16:10
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 19/08/2004 16:09
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 19/08/2004 16:10
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 10/08/2005 12:15
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
--------------------
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe - file already scanned
--------------------
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe - file already scanned
--------------------
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe - file already scanned
--------------------
C:\Program Files\Bonjour\mDNSResponder.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe - file already scanned
--------------------
C:\WINDOWS\system32\CTsvcCDA.EXE
44032 bytes
Created: 25/11/2006 17:58
Modified: 13/12/1999 03:01
Company: Creative Technology Ltd
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe - file already scanned
--------------------
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe - file already scanned
--------------------
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
484120 bytes
Created: 02/07/2008 23:44
Modified: 29/01/2009 20:41
Company: AVG Technologies CZ, s.r.o.
--------------------
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
592128 bytes
Created: 29/01/2009 20:41
Modified: 29/01/2009 20:41
Company: AVG Technologies CZ, s.r.o.
--------------------
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe - file already scanned
--------------------
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe - file already scanned
--------------------
C:\WINDOWS\system32\nvsvc32.exe
127043 bytes
Created: 15/06/2005 11:20
Modified: 15/06/2005 17:20
Company: NVIDIA Corporation
--------------------
C:\WINDOWS\system32\PnkBstrA.exe - file already scanned
--------------------
C:\Program Files\Spyware Terminator\sp_rsser.exe - file already scanned
--------------------
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
2887680 bytes
Created: 10/10/2005 09:56
Modified: 10/10/2005 09:56
Company: Kerio Technologies
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\wdfmgr.exe
38912 bytes
Created: 10/08/2004 22:05
Modified: 28/01/2005 14:44
Company: Microsoft Corporation
--------------------
C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 19/08/2004 16:09
Modified: 14/04/2008 04:33
Company: Microsoft Corporation
--------------------
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe - file already scanned
--------------------
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe - file already scanned
--------------------
C:\WINDOWS\system32\WgaTray.exe
337280 bytes
Created: 10/04/2007 15:01
Modified: 10/04/2007 15:01
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\rundll32.exe
33792 bytes
Created: 19/08/2004 16:10
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
--------------------
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe - file already scanned
--------------------
C:\WINDOWS\system32\RUNDLL32.EXE - file already scanned
--------------------
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe - file already scanned
--------------------
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe - file already scanned
--------------------
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe - file already scanned
--------------------
C:\Program Files\Logitech\QuickCam\Quickcam.exe - file already scanned
--------------------
C:\PROGRA~1\AVG\AVG8\avgtray.exe - file already scanned
--------------------
C:\Program Files\iTunes\iTunesHelper.exe - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\jusched.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe - file already scanned
--------------------
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe - file already scanned
--------------------
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
4708352 bytes
Created: 20/08/2008 23:52
Modified: 15/08/2008 11:36
Company:
--------------------
C:\WINDOWS\system32\rundll32.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Messenger\msmsgs.exe
1695232 bytes
Created: 14/04/2003 21:05
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
--------------------
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
403728 bytes
Created: 25/07/2007 17:02
Modified: 25/07/2007 17:02
Company: Logitech Inc.
--------------------
C:\Program Files\iPod\bin\iPodService.exe
536872 bytes
Created: 06/01/2009 14:06
Modified: 06/01/2009 14:06
Company: Apple Inc.
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
307704 bytes
Created: 21/10/2006 00:09
Modified: 29/03/2009 15:49
Company: Mozilla Corporation
--------------------
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
5724184 bytes
Created: 02/12/2008 23:41
Modified: 18/10/2007 12:34
Company: Microsoft Corporation
--------------------
C:\Program Files\Windows Live\Messenger\usnsvc.exe - file already scanned
--------------------
C:\WINDOWS\explorer.exe - file already scanned
--------------------
C:\Program Files\AVG\AVG8\avgui.exe
3344152 bytes
Created: 02/07/2008 23:44
Modified: 29/01/2009 20:41
Company: AVG Technologies CZ, s.r.o.
--------------------
C:\WINDOWS\system32\wscntfy.exe
13824 bytes
Created: 19/08/2004 16:10
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
--------------------
C:\Documents and Settings\Blandine\Application Data\Simply Super Software\Trojan Remover\svs66.exe
FileSize: 2929528
[This is a Trojan Remover component]
--------------------

************************************************************
01:08:27: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
Scan completed at: 01:08:27 04 avr. 2009
Total Scan time: 00:01:29
************************************************************

voici le rapport :

ComboFix 09-04-03.01 - Blandine 2009-04-04 14:11:39.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.110 [GMT 2:00]
Lancé depuis: c:\documents and settings\Blandine\Bureau\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: Kerio Personal Firewall *disabled*
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-03-04 au 2009-04-04 ))))))))))))))))))))))))))))))))))))
.

2009-04-04 01:06 . 2009-04-04 01:38 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-04-04 01:02 . 2009-04-04 09:20 <REP> d-------- c:\program files\Trojan Remover
2009-04-04 01:02 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2009-04-04 01:02 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2009-04-04 01:02 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2009-04-04 01:02 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
2009-04-04 01:02 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2009-04-04 00:05 . 2009-04-04 09:27 <REP> d-------- c:\program files\Crawler
2009-04-01 21:26 . 2009-04-01 21:26 172 --a------ C:\curr_ver.tmp
2009-03-30 19:22 . 2009-03-30 19:22 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-03-30 19:20 . 2009-03-30 19:20 <REP> d-------- c:\windows\ERUNT
2009-03-28 16:16 . 2009-03-29 15:28 <REP> d-------- c:\program files\SUPERAntiSpyware
2009-03-28 16:16 . 2009-03-29 15:28 <REP> d-------- c:\documents and settings\Blandine\Application Data\SUPERAntiSpyware.com
2009-03-28 16:16 . 2009-03-28 16:16 <REP> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-22 02:16 . 2009-03-22 02:17 <REP> d-------- c:\program files\CleanUp!

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-03 22:47 --------- d-----w c:\documents and settings\Blandine\Application Data\Spyware Terminator
2009-03-31 17:00 --------- d-----w c:\program files\Java
2009-03-30 17:18 1,871 ----a-w c:\windows\system32\drivers\fwdrv.err
2009-03-29 10:38 --------- d-----w c:\documents and settings\sebastien\Application Data\Spyware Terminator
2009-03-25 23:49 --------- d-----w c:\documents and settings\Blandine\Application Data\MSN Pictures Displayer
2009-03-22 12:51 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-22 00:21 --------- d-----w c:\program files\eMule(2)
2009-03-22 00:21 --------- d-----w c:\program files\eMule
2009-03-17 22:57 --------- d-----w c:\documents and settings\Blandine\Application Data\ooVoo Details
2009-03-15 21:45 --------- d-----w c:\program files\Spyware Terminator
2009-03-15 21:39 --------- d-----w c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-03-09 03:19 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 20:10 15,688 ----a-w c:\windows\system32\lsdelete.exe
2009-02-27 15:03 --------- d-----w c:\documents and settings\damien\Application Data\Spyware Terminator
2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys
2009-02-08 16:10 --------- d-----w c:\program files\Coding Workshop Ringtone Converter
2009-02-08 16:08 --------- d-----w c:\program files\Fichiers communs\AVSMedia
2009-02-08 16:08 --------- d-----w c:\program files\AVS4YOU
2009-02-08 15:11 --------- d-----w c:\program files\Messenger Plus! Live
2009-01-29 18:41 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-12-13 12:45 53,576 ----a-w c:\documents and settings\Blandine\Application Data\GDIPFONTCACHEV1.DAT
2006-05-07 13:07 42,704 ----a-w c:\documents and settings\damien\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EPSON Stylus DX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"Nero PhotoShow Media Manager"="c:\progra~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe" [2006-05-10 249856]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 335872]
"SW24"="c:\windows\system32\sw24.exe" [2006-05-17 69632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]
"WinPatrol"="c:\progra~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2005-11-15 222784]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]
"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-02-20 49152]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-07 1783808]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-29 1601304]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-08 515416]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nwiz"="nwiz.exe" [2005-06-15 c:\windows\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

c:\documents and settings\Blandine\Menu D‚marrer\Programmes\D‚marrage\
MSN Pictures Displayer.lnk - c:\program files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2008-08-20 4708352]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-05-11 738968]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2008-01-11 39792]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-29 20:41 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675
"443:TCP"= 443:TCP:ooVoo TCP port 443
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-25 64160]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2006-04-21 16640]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-06-08 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-06-08 107272]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2005-09-26 286720]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2005-09-26 81920]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-02-21 141312]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-02 298264]
S3 BTPCH4;Bluetooth H4 Transport;c:\windows\system32\drivers\btpch4.sys [2004-11-29 31776]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]
S3 MBAMCatchMe;MBAMCatchMe;\??\c:\windows\system32\drivers\mbamcatchme.sys --> c:\windows\system32\drivers\mbamcatchme.sys [?]
S4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-02 903960]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efe3917b-b483-11dc-9960-000c7692768d}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
.
Contenu du dossier 'Tâches planifiées'

2009-03-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-08 22:10]

2009-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-04-04 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE []

2009-03-26 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe []
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://fr.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.15\AMVConverter\grab.html
IE: Crawler Search - tbr:iemenu
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.15\MediaManager\grab.html
Trusted Zone: yahoo.com\fr.mail
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\Blandine\Application Data\Mozilla\Firefox\Profiles\quvmv9fb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-upgrd&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://fr.yahoo.com/?.home=ytff
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-04 14:16:52
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2340)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSFR.DLL
c:\progra~1\BILLPS~1\WINPAT~1\PATROLPRO.DLL
c:\program files\ScanSoft\OmniPageSE\ophook32.dll
c:\windows\system32\nvwddi.dll
.
Heure de fin: 2009-04-04 14:20:19
ComboFix-quarantined-files.txt 2009-04-04 12:20:12

Avant-CF: 42 427 572 224 octets libres
Après-CF: 42,441,986,048 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

213 --- E O F --- 2009-03-14 01:20:39

Résident shield alert vient de retrouver, à nouveau, des cookies qu'il qualifie de potentiellement dangereux dans la partition C:\documents and settings\Blandine\Cookies...., à savoir :

Tracking cookie.Serving-sys
Tracking cookie.Weborama
Tracking cookie.Serving-sys (un 3ème, pareil que le 1er !!)

J'ai un problème, suite au dernier scan, j'ai perdu mon parefeu KERIO !!! le fichier exe, après recherche, se trouve dans le fichier de nettoyage !
j'ai remis le parefeu windows en attendant et je fais les scan demandés.

Résident shield alert a retrouvé :
C:System Volume Information\restore{CD1A44C-014B-EDAD-A757-193DAFFA6916}\RP557\AO124251.exe
threat name : runtime pasked fsg

Et voici le rapport malware d'abord :

Malwarebytes' Anti-Malware 1.35
Version de la base de données: 1939
Windows 5.1.2600 Service Pack 3

04/04/2009 17:04:30
mbam-log-2009-04-04 (17-04-30).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 193720
Temps écoulé: 1 hour(s), 8 minute(s), 46 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

J'ai posté le rapport Kapersky (infecté malheureusement) qui apparait au dessus de ton dernier message !!!
Pour info, d'autre part j'ai retrouvé en rentrant kerio dans mes icônes !!! donc je ne comprends pas vraiment mais je l'ai réactivé et refermé le parefeu de windows

Tu entends par supprimer, aller directement à la source de tous les fichiers que tu m'as indiqué et faire supprimer puis vider la poubelle, c'est ça ?
J'attends ta réponse avant de le faire. Merci.

Ton lien ne fonctionne pas, il me mène à un forum !!

bon, j'ai trouvé un autre lien et ai fait le scan mais rien, comme tu pourras le constater :

- Rapport MSNCleaner 1.7.0 by www.forospyware.com
- Rapport créé: 05/04/2009 on 14:24:40
- Système d'exploitation: Windows XP
- Mode de démarrage: Mode sans échec
_________________________________________

Fichiers détectés: 0
Fichiers supprimés: 0
Fichiers non supprimés: 0

<<<<<<< Pas de fichiers trouvés >>>>>>>