Aider moi, fenetre intempestive CiD...

Salut,

--> Télécharge Lop S&D (par Eric_71 & Angeldark) sur ton Bureau.

--> Double-clique dessus pour lancer l'installation.

--> Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
(Sous Vista, il faut cliquer droit sur le raccourci de Lop S&D et choisir Exécuter en tant qu'administrateur)

--> Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche).

--> Patiente jusqu'à la fin du scan.

--> Poste le rapport généré (C:\lopR.txt).

voici le log:

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2800+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Sharon ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:49 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
G:\ (USB) - FAT32 - Total:7654 Mo (Free:7 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Fri 03/27/2009|11:11 )

--------------------\\ Listing des dossiers dans APPLIC~1

[01/27/2007|10:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[10/24/2006|04:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[10/23/2006|09:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[10/23/2006|09:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[12/28/2005|09:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[02/05/2009|05:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[06/06/2006|06:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CA
[06/04/2005|07:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[03/26/2009|08:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google Updater
[02/18/2009|01:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> great coal love default
[03/16/2007|06:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Hewlett-Packard
[04/08/2006|08:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intuit
[12/24/2008|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Messenger Plus!
[12/23/2008|04:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[12/13/2008|09:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Motive
[05/17/2006|10:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles
[06/14/2005|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[06/04/2005|07:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBT
[04/01/2007|08:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TurboTax 2006
[10/23/2006|09:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[06/01/2006|05:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[12/24/2008|11:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[01/01/2009|09:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!

[06/04/2005|07:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[02/05/2009|05:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[02/05/2009|05:25] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[10/23/2006|10:29] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> acccore
[01/23/2009|01:12] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Adobe
[05/22/2008|05:10] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> AdobeUM
[06/04/2005|08:05] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Ahead
[10/23/2006|10:29] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> AIMLogger
[02/06/2006|06:34] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Apple Computer
[08/11/2005|04:09] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> ArcSoft
[04/04/2006|08:54] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> CyberLink
[02/18/2009|01:03] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> DrawMemo
[12/24/2008|12:33] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Google
[12/08/2005|08:37] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Help
[06/22/2005|09:54] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Identities
[04/01/2007|08:53] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> InstallShield
[03/19/2008|08:38] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Intuit
[12/27/2005|11:38] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Macromedia
[10/12/2006|08:28] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Media Player Classic
[02/05/2009|05:25] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Microsoft
[06/04/2005|07:49] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Microsoft Web Folders
[12/13/2008|09:24] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Motive
[06/14/2005|10:09] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Nikon
[02/21/2006|06:08] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Opera
[12/28/2005|09:54] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Snapfish
[01/22/2006|07:23] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Sun
[03/23/2009|06:54] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> U3
[09/04/2005|03:20] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Xerox
[01/01/2009|04:08] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Yahoo!

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[03/27/2009 10:50 AM][--a------] C:\WINDOWS\tasks\Google Software Updater.job
[03/27/2009 11:00 AM][--ah-----] C:\WINDOWS\tasks\A73DCFEA91864072.job
[03/27/2009 10:20 AM][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[03/27/2009 10:20 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 08:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( A73DCFEA91864072.job )=( c:\docume~1\sharon\applic~1\drawmemo\Typeboreplatform.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[12/22/2008|06:51] C:\Program Files\<DIR> Adobe
[06/04/2005|08:04] C:\Program Files\<DIR> Ahead
[06/26/2005|09:08] C:\Program Files\<DIR> ArcSoft
[02/05/2009|05:26] C:\Program Files\<DIR> AVG
[02/21/2009|03:58] C:\Program Files\<DIR> BookSmart
[11/12/2008|10:09] C:\Program Files\<DIR> Britannica 2003
[06/05/2006|10:11] C:\Program Files\<DIR> CA
[02/18/2009|01:01] C:\Program Files\<DIR> Circe Developement
[12/24/2008|11:22] C:\Program Files\<DIR> Common Files
[06/04/2005|07:18] C:\Program Files\<DIR> ComPlus Applications
[12/01/2007|05:04] C:\Program Files\<DIR> CONEXANT
[06/04/2005|07:48] C:\Program Files\<DIR> CREATIVE
[06/04/2005|07:33] C:\Program Files\<DIR> CyberLink
[02/18/2009|01:02] C:\Program Files\<DIR> DrawMemo
[07/04/2006|12:31] C:\Program Files\<DIR> eTrust
[02/10/2009|10:04] C:\Program Files\<DIR> Google
[03/10/2007|07:30] C:\Program Files\<DIR> Grisoft
[03/16/2007|06:51] C:\Program Files\<DIR> Hewlett-Packard
[03/16/2007|06:51] C:\Program Files\<DIR> HP
[12/13/2008|09:24] C:\Program Files\<DIR> HughesNetTools
[12/22/2008|06:48] C:\Program Files\<DIR> InstallShield Installation Information
[02/11/2009|09:12] C:\Program Files\<DIR> Internet Explorer
[03/17/2006|09:57] C:\Program Files\<DIR> iPod
[04/08/2006|08:42] C:\Program Files\<DIR> ItsDeductible2005
[04/01/2007|09:04] C:\Program Files\<DIR> ItsDeductible2006
[03/17/2006|09:57] C:\Program Files\<DIR> iTunes
[11/14/2005|05:11] C:\Program Files\<DIR> Java
[12/17/2008|09:34] C:\Program Files\<DIR> Messenger
[12/23/2008|04:10] C:\Program Files\<DIR> Microsoft
[05/09/2007|11:22] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[06/04/2005|07:21] C:\Program Files\<DIR> microsoft frontpage
[06/04/2005|07:56] C:\Program Files\<DIR> Microsoft Office
[02/28/2009|10:21] C:\Program Files\<DIR> Microsoft Silverlight
[02/20/2009|05:27] C:\Program Files\<DIR> Microsoft SQL Server Compact Edition
[06/04/2005|07:52] C:\Program Files\<DIR> Microsoft Visual Studio
[12/17/2008|09:30] C:\Program Files\<DIR> Movie Maker
[12/31/2005|07:01] C:\Program Files\<DIR> MSN
[06/04/2005|07:18] C:\Program Files\<DIR> MSN Gaming Zone
[11/20/2006|01:42] C:\Program Files\<DIR> MSXML 4.0
[06/06/2006|06:23] C:\Program Files\<DIR> netbeans-4.1
[12/17/2008|09:27] C:\Program Files\<DIR> NetMeeting
[12/01/2007|05:01] C:\Program Files\<DIR> NetWaiting
[06/14/2005|10:08] C:\Program Files\<DIR> Nikon
[06/04/2005|07:20] C:\Program Files\<DIR> Online Services
[12/17/2008|09:27] C:\Program Files\<DIR> Outlook Express
[03/13/2009|12:43] C:\Program Files\<DIR> Photo Story 3 for Windows
[06/09/2008|06:32] C:\Program Files\<DIR> QuickTime
[06/04/2005|07:56] C:\Program Files\<DIR> Snapshot Viewer
[06/09/2008|06:29] C:\Program Files\<DIR> Tech4Learning
[11/22/2007|02:11] C:\Program Files\<DIR> The Birthday Banner
[03/26/2009|09:49] C:\Program Files\<DIR> Trend Micro
[03/19/2008|08:27] C:\Program Files\<DIR> TurboTax
[06/04/2005|07:25] C:\Program Files\<DIR> Uninstall Information
[10/23/2006|09:46] C:\Program Files\<DIR> Viewpoint
[02/20/2009|05:28] C:\Program Files\<DIR> Windows Live
[12/23/2008|04:10] C:\Program Files\<DIR> Windows Live SkyDrive
[03/02/2009|08:14] C:\Program Files\<DIR> Windows Media Connect 2
[03/02/2009|08:17] C:\Program Files\<DIR> Windows Media Player
[12/17/2008|09:27] C:\Program Files\<DIR> Windows NT
[06/04/2005|07:20] C:\Program Files\<DIR> WindowsUpdate
[06/04/2005|07:21] C:\Program Files\<DIR> xerox
[01/01/2009|12:48] C:\Program Files\<DIR> Yahoo!
[11/12/2008|10:08] C:\Program Files\<DIR> Zero G Registry

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[09/01/2007|04:49] C:\Program Files\Common Files\<DIR> Adobe
[12/22/2008|06:52] C:\Program Files\Common Files\<DIR> Adobe Systems Shared
[06/04/2005|08:02] C:\Program Files\Common Files\<DIR> Ahead
[03/19/2008|08:33] C:\Program Files\Common Files\<DIR> AnswerWorks 4.0
[06/04/2005|07:52] C:\Program Files\Common Files\<DIR> Designer
[06/26/2005|09:05] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[12/28/2005|09:05] C:\Program Files\Common Files\<DIR> InstallShield
[04/08/2006|08:41] C:\Program Files\Common Files\<DIR> Intuit
[11/14/2005|05:08] C:\Program Files\Common Files\<DIR> Java
[02/20/2009|05:25] C:\Program Files\Common Files\<DIR> Microsoft Shared
[12/13/2008|09:22] C:\Program Files\Common Files\<DIR> Motive
[06/04/2005|07:19] C:\Program Files\Common Files\<DIR> MSSoap
[06/14/2005|10:08] C:\Program Files\Common Files\<DIR> Nikon
[06/04/2005|03:11] C:\Program Files\Common Files\<DIR> ODBC
[06/06/2006|06:15] C:\Program Files\Common Files\<DIR> Scanner
[06/04/2005|07:19] C:\Program Files\Common Files\<DIR> Services
[06/04/2005|03:11] C:\Program Files\Common Files\<DIR> SpeechEngines
[02/01/2009|09:20] C:\Program Files\Common Files\<DIR> System
[12/14/2008|11:50] C:\Program Files\Common Files\<DIR> Windows Live
[12/24/2008|11:27] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller

--------------------\\ Process

( 44 Processes )

IEXPLORE.EXE ~ [PID:980]
IEXPLORE.EXE ~ [PID:1224]
iexplore.exe ~ [PID:320]

--------------------\\ Recherche avec S_Lop

C:\DOCUME~1\Sharon\LOCALS~1\Temp\bis1F.exe

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default
C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default\First Readme.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default\First Readme.exe
C:\DOCUME~1\Sharon\APPLIC~1\drawmemo
C:\DOCUME~1\Sharon\APPLIC~1\drawmemo\Boob balm bone data.exe
C:\DOCUME~1\Sharon\APPLIC~1\drawmemo\gxtktvlx.exe
C:\DOCUME~1\Sharon\APPLIC~1\drawmemo\jump cash.exe
C:\DOCUME~1\Sharon\APPLIC~1\drawmemo\Type bore platform.exe
C:\Program Files\drawmemo
C:\DOCUME~1\Sharon\LOCALS~1\Temp\NSWODYWX.emf
C:\DOCUME~1\Sharon\Cookies\sharon@kidipede.advertserve[1].txt
C:\DOCUME~1\Sharon\Cookies\sharon@advertising.healthguru[2].txt
C:\DOCUME~1\Sharon\Cookies\sharon@bigpoint[1].txt
C:\DOCUME~1\Sharon\Cookies\sharon@us1.darkorbit.bigpoint[1].txt
C:\DOCUME~1\Sharon\Cookies\sharon@vegas[2].txt
C:\WINDOWS\Tasks\A73DCFEA91864072.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"multidebug"="C:\\DOCUME~1\\Sharon\\APPLIC~1\\DrawMemo\\jump cash.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Love default global mess"="C:\\Documents and Settings\\All Users\\Application Data\\great coal love default\\First Readme.exe"

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-27 11:12:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 114

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:2510][D:113]-> C:\DOCUME~1\Sharon\LOCALS~1\Temp
[F:2023][D:0]-> C:\DOCUME~1\Sharon\Cookies
[F:15755][D:22]-> C:\DOCUME~1\Sharon\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Fri 03/27/2009|11:15 - Option : [1]

--------------------\\ Fin du rapport a 11:15:14

--> Double-clique sur le raccourci de Lop S&D pour le lancer.
(Sous Vista, il faut cliquer droit sur le raccourci de Lop S&D et choisir Exécuter en tant qu'administrateur)

--> Choisis cette fois-ci l'option 2 (Suppression).

--> Ne ferme pas la fenêtre lors de la suppression !

--> Poste le rapport généré (C:\lopR.txt).

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

voici le log apres avoir effuctuer l'option 2

log:

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2800+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Sharon ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:49 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
G:\ (USB) - FAT32 - Total:7654 Mo (Free:7 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( Fri 03/27/2009|11:35 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default\First Readme.dat
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default\First Readme.exe
Supprime! - C:\DOCUME~1\Sharon\APPLIC~1\drawmemo\Boob balm bone data.exe
Supprime! - C:\DOCUME~1\Sharon\APPLIC~1\drawmemo\gxtktvlx.exe
Supprime! - C:\DOCUME~1\Sharon\APPLIC~1\drawmemo\jump cash.exe
Supprime! - C:\DOCUME~1\Sharon\APPLIC~1\drawmemo\Type bore platform.exe
Supprime! - C:\DOCUME~1\Sharon\LOCALS~1\Temp\NSWODYWX.emf
Supprime! - C:\DOCUME~1\Sharon\Cookies\sharon@kidipede.advertserve[1].txt
Supprime! - C:\DOCUME~1\Sharon\Cookies\sharon@advertising.healthguru[2].txt
Supprime! - C:\DOCUME~1\Sharon\Cookies\sharon@bigpoint[1].txt
Supprime! - C:\DOCUME~1\Sharon\Cookies\sharon@us1.darkorbit.bigpoint[1].txt
Supprime! - C:\DOCUME~1\Sharon\Cookies\sharon@vegas[2].txt
Supprime! - C:\WINDOWS\Tasks\A73DCFEA91864072.job
Supprime! - C:\DOCUME~1\Sharon\LOCALS~1\Temp\bis1F.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default
Supprime! - C:\DOCUME~1\Sharon\APPLIC~1\drawmemo
Supprime! - C:\Program Files\drawmemo
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Supprime! - C:\Program Files\Viewpoint
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans APPLIC~1

[01/27/2007|10:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[10/24/2006|04:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[10/23/2006|09:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[10/23/2006|09:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[12/28/2005|09:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[02/05/2009|05:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[06/06/2006|06:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CA
[06/04/2005|07:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[03/26/2009|08:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google Updater
[03/16/2007|06:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Hewlett-Packard
[04/08/2006|08:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intuit
[12/24/2008|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Messenger Plus!
[12/23/2008|04:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[12/13/2008|09:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Motive
[05/17/2006|10:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles
[06/14/2005|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[06/04/2005|07:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBT
[04/01/2007|08:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TurboTax 2006
[06/01/2006|05:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[12/24/2008|11:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[01/01/2009|09:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!

[06/04/2005|07:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[02/05/2009|05:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[02/05/2009|05:25] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[10/23/2006|10:29] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> acccore
[01/23/2009|01:12] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Adobe
[05/22/2008|05:10] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> AdobeUM
[06/04/2005|08:05] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Ahead
[10/23/2006|10:29] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> AIMLogger
[02/06/2006|06:34] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Apple Computer
[08/11/2005|04:09] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> ArcSoft
[04/04/2006|08:54] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> CyberLink
[12/24/2008|12:33] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Google
[12/08/2005|08:37] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Help
[06/22/2005|09:54] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Identities
[04/01/2007|08:53] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> InstallShield
[03/19/2008|08:38] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Intuit
[12/27/2005|11:38] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Macromedia
[10/12/2006|08:28] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Media Player Classic
[02/05/2009|05:25] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Microsoft
[06/04/2005|07:49] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Microsoft Web Folders
[12/13/2008|09:24] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Motive
[06/14/2005|10:09] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Nikon
[02/21/2006|06:08] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Opera
[12/28/2005|09:54] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Snapfish
[01/22/2006|07:23] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Sun
[03/23/2009|06:54] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> U3
[09/04/2005|03:20] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Xerox
[01/01/2009|04:08] C:\DOCUME~1\Sharon\APPLIC~1\<DIR> Yahoo!

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[03/27/2009 10:50 AM][--a------] C:\WINDOWS\tasks\Google Software Updater.job
[03/27/2009 10:20 AM][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[03/27/2009 10:20 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 08:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[12/22/2008|06:51] C:\Program Files\<DIR> Adobe
[06/04/2005|08:04] C:\Program Files\<DIR> Ahead
[06/26/2005|09:08] C:\Program Files\<DIR> ArcSoft
[02/05/2009|05:26] C:\Program Files\<DIR> AVG
[02/21/2009|03:58] C:\Program Files\<DIR> BookSmart
[11/12/2008|10:09] C:\Program Files\<DIR> Britannica 2003
[06/05/2006|10:11] C:\Program Files\<DIR> CA
[02/18/2009|01:01] C:\Program Files\<DIR> Circe Developement
[12/24/2008|11:22] C:\Program Files\<DIR> Common Files
[06/04/2005|07:18] C:\Program Files\<DIR> ComPlus Applications
[12/01/2007|05:04] C:\Program Files\<DIR> CONEXANT
[06/04/2005|07:48] C:\Program Files\<DIR> CREATIVE
[06/04/2005|07:33] C:\Program Files\<DIR> CyberLink
[07/04/2006|12:31] C:\Program Files\<DIR> eTrust
[02/10/2009|10:04] C:\Program Files\<DIR> Google
[03/10/2007|07:30] C:\Program Files\<DIR> Grisoft
[03/16/2007|06:51] C:\Program Files\<DIR> Hewlett-Packard
[03/16/2007|06:51] C:\Program Files\<DIR> HP
[12/13/2008|09:24] C:\Program Files\<DIR> HughesNetTools
[12/22/2008|06:48] C:\Program Files\<DIR> InstallShield Installation Information
[02/11/2009|09:12] C:\Program Files\<DIR> Internet Explorer
[03/17/2006|09:57] C:\Program Files\<DIR> iPod
[04/08/2006|08:42] C:\Program Files\<DIR> ItsDeductible2005
[04/01/2007|09:04] C:\Program Files\<DIR> ItsDeductible2006
[03/17/2006|09:57] C:\Program Files\<DIR> iTunes
[11/14/2005|05:11] C:\Program Files\<DIR> Java
[12/17/2008|09:34] C:\Program Files\<DIR> Messenger
[12/23/2008|04:10] C:\Program Files\<DIR> Microsoft
[05/09/2007|11:22] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[06/04/2005|07:21] C:\Program Files\<DIR> microsoft frontpage
[06/04/2005|07:56] C:\Program Files\<DIR> Microsoft Office
[02/28/2009|10:21] C:\Program Files\<DIR> Microsoft Silverlight
[02/20/2009|05:27] C:\Program Files\<DIR> Microsoft SQL Server Compact Edition
[06/04/2005|07:52] C:\Program Files\<DIR> Microsoft Visual Studio
[12/17/2008|09:30] C:\Program Files\<DIR> Movie Maker
[12/31/2005|07:01] C:\Program Files\<DIR> MSN
[06/04/2005|07:18] C:\Program Files\<DIR> MSN Gaming Zone
[11/20/2006|01:42] C:\Program Files\<DIR> MSXML 4.0
[06/06/2006|06:23] C:\Program Files\<DIR> netbeans-4.1
[12/17/2008|09:27] C:\Program Files\<DIR> NetMeeting
[12/01/2007|05:01] C:\Program Files\<DIR> NetWaiting
[06/14/2005|10:08] C:\Program Files\<DIR> Nikon
[06/04/2005|07:20] C:\Program Files\<DIR> Online Services
[12/17/2008|09:27] C:\Program Files\<DIR> Outlook Express
[03/13/2009|12:43] C:\Program Files\<DIR> Photo Story 3 for Windows
[06/09/2008|06:32] C:\Program Files\<DIR> QuickTime
[06/04/2005|07:56] C:\Program Files\<DIR> Snapshot Viewer
[06/09/2008|06:29] C:\Program Files\<DIR> Tech4Learning
[11/22/2007|02:11] C:\Program Files\<DIR> The Birthday Banner
[03/26/2009|09:49] C:\Program Files\<DIR> Trend Micro
[03/19/2008|08:27] C:\Program Files\<DIR> TurboTax
[06/04/2005|07:25] C:\Program Files\<DIR> Uninstall Information
[02/20/2009|05:28] C:\Program Files\<DIR> Windows Live
[12/23/2008|04:10] C:\Program Files\<DIR> Windows Live SkyDrive
[03/02/2009|08:14] C:\Program Files\<DIR> Windows Media Connect 2
[03/02/2009|08:17] C:\Program Files\<DIR> Windows Media Player
[12/17/2008|09:27] C:\Program Files\<DIR> Windows NT
[06/04/2005|07:20] C:\Program Files\<DIR> WindowsUpdate
[06/04/2005|07:21] C:\Program Files\<DIR> xerox
[01/01/2009|12:48] C:\Program Files\<DIR> Yahoo!
[11/12/2008|10:08] C:\Program Files\<DIR> Zero G Registry

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[09/01/2007|04:49] C:\Program Files\Common Files\<DIR> Adobe
[12/22/2008|06:52] C:\Program Files\Common Files\<DIR> Adobe Systems Shared
[06/04/2005|08:02] C:\Program Files\Common Files\<DIR> Ahead
[03/19/2008|08:33] C:\Program Files\Common Files\<DIR> AnswerWorks 4.0
[06/04/2005|07:52] C:\Program Files\Common Files\<DIR> Designer
[06/26/2005|09:05] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[12/28/2005|09:05] C:\Program Files\Common Files\<DIR> InstallShield
[04/08/2006|08:41] C:\Program Files\Common Files\<DIR> Intuit
[11/14/2005|05:08] C:\Program Files\Common Files\<DIR> Java
[02/20/2009|05:25] C:\Program Files\Common Files\<DIR> Microsoft Shared
[12/13/2008|09:22] C:\Program Files\Common Files\<DIR> Motive
[06/04/2005|07:19] C:\Program Files\Common Files\<DIR> MSSoap
[06/14/2005|10:08] C:\Program Files\Common Files\<DIR> Nikon
[06/04/2005|03:11] C:\Program Files\Common Files\<DIR> ODBC
[06/06/2006|06:15] C:\Program Files\Common Files\<DIR> Scanner
[06/04/2005|07:19] C:\Program Files\Common Files\<DIR> Services
[06/04/2005|03:11] C:\Program Files\Common Files\<DIR> SpeechEngines
[02/01/2009|09:20] C:\Program Files\Common Files\<DIR> System
[12/14/2008|11:50] C:\Program Files\Common Files\<DIR> Windows Live
[12/24/2008|11:27] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller

--------------------\\ Process

( 41 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-27 11:36:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 114

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:2508][D:113]-> C:\DOCUME~1\Sharon\LOCALS~1\Temp
[F:2018][D:0]-> C:\DOCUME~1\Sharon\Cookies
[F:15779][D:22]-> C:\DOCUME~1\Sharon\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Fri 03/27/2009|11:15 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Fri 03/27/2009|11:38 - Option : [2]

--------------------\\ Fin du rapport a 11:38:22

--> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

--> Clique sur Continue à l'écran Disclaimer.

--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

--> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.

log1:

info.txt logfile of random's system information tool 1.06 2009-03-27 11:54:38

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
ArcSoft Collage Creator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C93A6CFE-2C74-428B-9CFE-6EAF1BE34BFA}\setup.exe" -l0x9
ArcSoft Software Suite-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\Software Suite\Uninst.isu"
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BookSmart™ 1.9.9 1.9.9-->C:\Program Files\BookSmart\uninstall.exe
CA eTrust PestPatrol Anti-Spyware-->"C:\Program Files\eTrust\eTrust PestPatrol Anti-Spyware\cauninst.exe" /u
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Creative Modem Blaster PCI Value DI5652-1-->C:\Program Files\CREATIVE\CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_1055148D\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F00&SUBSYS_1055148D
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Encyclopædia Britannica Complete Home Library-->"C:\Program Files\Britannica 2003\Complete Home Library\Uninstaller.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
Google Chrome-->"C:\Program Files\Google\Chrome\Application\1.0.154.53\Installer\setup.exe" --uninstall --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
HP Image Zone 4.0-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Scanjet 4070-->C:\Program Files\HP\Digital Imaging\{7DB9BF65-46AC-4803-82AA-14EFCA927789}\setup\hpzscr01.exe -datfile hpgscr01.dat
HughesNetTools-->C:\WINDOWS\system32\h53unin.bat
ImageBlender 3-->C:\WINDOWS\unvise32.exe C:\Program Files\Tech4Learning\ImageBlender 3_Install.log
InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
iTunes-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1033
J2SE Development Kit 5.0 Update 4-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150040}
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Media Player Classic fr-->"C:\Documents and Settings\Sharon\Desktop\Julien\Media Player Classic\uninstall.exe"
Messenger Plus! Live & Sponsor (CiD)-->"C:\Documents and Settings\Sharon\My Documents\marieswork\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Disc 2-->MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 SR-1 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero Media Player-->C:\WINDOWS\UNNMP.exe /UNINSTALL
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Nikon View 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}\setup.exe" UNINSTALL
NVIDIA Display Driver-->C:\WINDOWS\system32\nvudisp.exe Uninstall C:\WINDOWS\system32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Photo Story 3 for Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
The Birthday Banner-->C:\WINDOWS\uninst.exe -f"C:\Program Files\The Birthday Banner\DeIsL1.isu" -c"C:\Program Files\The Birthday Banner\_ISREG32.DLL"
TurboTax Deluxe 2005-->C:\Program Files\TurboTax\Deluxe 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2005\Uninstall.log" -NoGui
TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006-->C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2005-->MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
TurboTax ItsDeductible 2006-->MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
USB Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_USB_ACF\UIU32c.exe -U -I*.INF
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WexTech AnswerWorks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: SHARON-E84B59B7
Event Code: 6161
Message: The document Microsoft Word - Document in Windows Internet Explorer owned by Sharon failed to print on printer Epson Stylus COLOR 660 ESC/P 2. Data type: NT EMF 1.008. Size of the spool file in bytes: 131072. Number of bytes printed: 47009. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\SHARON-E84B59B7. Win32 error code returned by the print processor: 87 (0x57).

Record Number: 27206
Source Name: Print
Time Written: 20090316094658.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: SHARON-E84B59B7
Event Code: 50
Message: {Delayed Write Failed}
Windows was unable to save all the data for the file . The data has been lost.
This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

Record Number: 26556
Source Name: Fastfat
Time Written: 20090310200341.000000-300
Event Type: warning
User:

Computer Name: SHARON-E84B59B7
Event Code: 6161
Message: The document Microsoft Word - FLEX_Guidelines_QuarterlyReport__3_CL[1].doc owned by Sharon failed to print on printer Epson Stylus COLOR 660 ESC/P 2. Data type: NT EMF 1.008. Size of the spool file in bytes: 280968. Number of bytes printed: 154892. Total number of pages in the document: 3. Number of pages printed: 1. Client machine: \\SHARON-E84B59B7. Win32 error code returned by the print processor: 1167 (0x48f). The device is not connected.

Record Number: 26178
Source Name: Print
Time Written: 20090306125136.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: SHARON-E84B59B7
Event Code: 8
Message: Printer Epson Stylus COLOR 660 ESC/P 2 was purged.

Record Number: 26177
Source Name: Print
Time Written: 20090306125042.000000-300
Event Type: warning
User: SHARON-E84B59B7\Sharon

Computer Name: SHARON-E84B59B7
Event Code: 8
Message: Printer Epson Stylus COLOR 660 ESC/P 2 was purged.

Record Number: 26176
Source Name: Print
Time Written: 20090306125032.000000-300
Event Type: warning
User: SHARON-E84B59B7\Sharon

=====Application event log=====

Computer Name: SHARON-E84B59B7
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16735, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 4779
Source Name: Application Hang
Time Written: 20081021130539.000000-240
Event Type: error
User:

Computer Name: SHARON-E84B59B7
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16735, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 4778
Source Name: Application Hang
Time Written: 20081021124953.000000-240
Event Type: error
User:

Computer Name: SHARON-E84B59B7
Event Code: 1000
Message: Faulting application nkvbrows.exe, version 6.0.0.3005, faulting module unknown, version 0.0.0.0, fault address 0xe8ed3df0.

Record Number: 4759
Source Name: Application Error
Time Written: 20081015090427.000000-240
Event Type: error
User:

Computer Name: SHARON-E84B59B7
Event Code: 1000
Message: Faulting application nkvbrows.exe, version 6.0.0.3005, faulting module unknown, version 0.0.0.0, fault address 0xe8ed3df0.

Record Number: 4758
Source Name: Application Error
Time Written: 20081015090347.000000-240
Event Type: error
User:

Computer Name: SHARON-E84B59B7
Event Code: 1000
Message: Faulting application nkvbrows.exe, version 6.0.0.3005, faulting module unknown, version 0.0.0.0, fault address 0xe8ed3df0.

Record Number: 4757
Source Name: Application Error
Time Written: 20081015090211.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip

-----------------EOF-----------------

log 2:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Sharon at 2009-03-27 11:54:22
Microsoft Windows XP Professional Service Pack 3
System drive C: has 51 GB (66%) free of 76 GB
Total RAM: 511 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:36 AM, on 3/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\eTrust\caissdt.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\eTrust\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sharon\Local Settings\Temporary Internet Files\Content.IE5\MED2Y1IO\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Sharon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.yahoo.com/?p=us
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\eTrust\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\eTrust\caissdt.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HughesNetTools_McciTrayApp] C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.clarkcolor.com/ClarkActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by135fd.bay135.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAEAFE12-7726-4C39-B620-2601216CFBB5} (McciContext Class) - http://phughescw.hughes.motive.com/wizlet/spaceway/static/controls/Mcci_6-1-0.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1c965e531f0fb44) (gupdate1c965e531f0fb44) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

"Messenger Plus! Live & Sponsor (CiD)"
---> Voici la cause de ton infection Lop/Swizzor. La prochaine fois que tu installes Messenger Plus Live, n'installe pas le sponsor.

---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:files
C:\Program Files\Circe Developement

:commands
[purity]
[emptytemp]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

voici le log mai en me connectan sur internet apre le reboot, une fenetre s'est ouverte.....donc ca na pa du marcher...

log:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Program Files\Circe Developement moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03272009_121600

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

Ça a fonctionné.

---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

Des nouvelles ?