[virus] Explorer démarre pas, PC bloqué. Aide

Amink -  
 Utilisateur anonyme -
Bonjour Messieurs;

je suis confronté visiblement à un grave problème avec mon PC.

Hier soir je surfais avec Firefox, et il y a eu uen fenetre du firefox agent qui est apparu, j'ai cliqué sur "don't send" et là subitement ça a entrainé une mise à jour de Firefox.
Du coup Firefox ne marchait plus il ne s'ouvrait plus. Emule s'ouvre mais quand il se bloque par la suite. MSN ne s'ouvre plus. IE ne s'ouvre plus. Je ne peux plus ouvrir aucun folder. Tout est bloqué.
Je téléchrge Firefox 2.0, apparemment il n'arrive pas à s'installer, rien ne change.
J'ai des données importantes à récupérer, alors je quitte Windows pour ouvrir ma partition Linux. Mais mon modem n'est pas configuré ds linux.

Je reviens dans Windows, j'arrive à lancer firefox en safe mode, et je vide le cache. Je parcours pas mal de forums. Je télécharge tous les outils anti malware, spyware.

Je lance Spybot, il ne détecte rien.
Je lance Symantec anti-virus, il ne détecte rien.
Je lance Ad-aware SE, il trouve 23 fichiers critiques mais le scan se bloque toujours à HKLM/Software/Microsoft/Windows/CurrentVersion/SharedDLLs
Je lance CCleaner, l'analyse se passe bien, ça fait sortir pas mal de résultats, mais quand je lance le nettoyage, il se plante.
J'ai lancé ewido antispyware, le scan se passe bien il me sort beaucoup de spywares avec risk medium et un Trojan.Noclose.i et 2 autres trucs j'ai oublié leur nom avec risk high. Il les a mis en quarantaine et je les ai effacé.
J'ai lancé jv16 power tools, il a sorti pas mal de résultats, j'ai fait remove.
J'ai téléchargé Kaspersky Internet Security, mais l'installation ne s'effectue pas, elle plante.
J'ai téléchargé Smitfraudfix.

Comme Internet Explorer ne s'ouvre pas, je n'arrive pas à faire de scan en ligne avec Bitdefender, Kaspersky ou tout autre site (ca marche pas avec firefox).

J'ai redemarré en mode sans échec, j'ai lancé Smitfraudfix. il s'est executé.
J'ai voulu lancé Ad_aware SE, il bloque toujours au même endroit (SharedDLLs). CCleaner se bloque encore au moment du nettoyage.

Ah oui j'oubliais, j'ai fait un scan Hijackthis, au début et à la fin, et j'ai analysé le log avec le site hijackthis.de/fr , et il n'y a rien qui est signalé comme méchant.

Bref, je sens que je suis bloqué, à court de solution.
Internet Explorer ne se lance toujours pas, je ne peux pas donc pas effacer les Temporary internet files, le cache, ni faire un scan en ligne.
Firefox ne marche qu'en Safe mode.
Je ne peux pas travailler dans mon PC, naviguer dans mes dossiers. Je peux pratiquement rien ouvrir.
MSN ne se lance pas, il est bloqué.
emule se lance, mais après se plante.
Skype marche bien par contre.

Que dois je faire de plus ? A l'aide SVP :)
Désolé d'avoir été long, et merci d'avance pour toute aide éventuelle.
Configuration: windows XP

6 réponses

  1. Amink
     
    Je vais peut être mettre certains rapports, ca peut donner des infos en plus.
    J'ai redemarré mon ordi pour passer en safemode. En refermant l'ordi, je vois que toutes les tâches que j'essayais de lancer et qui étaient bloquées, se débloquer ... dc il y a sûrement un trojan ou spyware qui bloque le tout.
    En se refermant, il y a des messages d'erreurs qui apparaissent sur java.exe, CcApp.exe, dwwin.exe ... certains ont du mal à se fermer, il faut faire "End Now" ou des dll failed to initialize. Ca passe très vite, j'ai pas le temps de lire.

    En safe mode, voila le rapport de Smitfraudfix

    SmitFraudFix v2.120

    Scan done at 0:58:30,24, 14/11/2006
    Run from C:\Documents and Settings\khechine\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\khechine

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\khechine\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\khechine\FAVORI~1

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="MsgPlusLoader.dll"

    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

    »»»»»»»»»»»»»»»»»»»»»»»» End

    Par la suite j'ai essayé de lancer Kaspersky internet Security, ca m'a sorti un message d'erreur :
    The I/O operation has been aborted because of either a thread exit or an application request.

    J'ai redemarré en mode normal, il a un message qui apparait , j'ai capté :
    "Disk is RAW.
    AUTOCHK not available for RAW Disk"

    Voici le rapport de Hijackthis

    Logfile of HijackThis v1.99.1
    Scan saved at 01:53:23, on 14/11/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\dwwin.exe
    C:\Program Files\looknstop\looknstop.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
    C:\Documents and Settings\khechine\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = NC NUMERICABLE
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
    O1 - Hosts: 84.16.81.52 www.taraji.net
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_18_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_18_0.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\looknstop\looknstop.exe" -auto
    O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
    O4 - HKLM\..\Run: [DSLAGENTEXE] DSLAGENT.EXE USB
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020124/qtinstall.info.apple.com/qt505/fr/win/QuickTimeInstaller.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://follakdaddou.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    Si vous avez des pistes, merci de m'éclairer !
    0
  2. Utilisateur anonyme
     
    Salut,

    Désinstalle FlashGet il contient un spyware
    en remplcement regarde ici:
    http://kerio.probb.fr/ftopic59.Logiciels-pour-gerer-vos-telechargements.htm

    Tu peux faire un scanne en ligne avec FireFox ici:
    https://www.trendmicro.com/fr_fr/business.html

    0
  3. Amink
     
    Salut boulepate62,

    Mrci pour le coup de main. J'ai supprimé FlashGet. Par contre quand je launch HuoseCall, Firefox se ferme. Ca ne veut pas marcher.

    Entre temps j'ai voulu essayer d'autres outils.
    J'ai lancé ATF Cleaner. Quand je fais un selectAll, il bloque. Et quadn je choisis quoi cocher, je remarque que ça ne coince pour Cookies et Temporary Internet Files dans l'onglet Main. Dans l'onglet Firefox, il passe bien.

    Après j'ai réessayé CCleaner, en choisissant ce que je coche (parce que précédemment je vous disais qu'il se plantait tj quand je lancais le nettoyage).
    Et là j'ai remarqué, en analysant seulement le cache de Firefox, qu'il y avait des fichiers avec des caractères bizarres. On dirait qu'ils sont corrompus, et CCleaner n'arrive pas à les effacer.
    Et dans les cases à cocher de Internet Explorer, CCleaner bugge quand je coche Temporary Internet Files, ou History (les fichiers index.dat)

    Un autre outil Notracks.exe, ne s'execute pas bien, un message d'erreur sort :
    Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\index.dat is corrupted

    C'est dans le cache de firefox, et Temporary Internet Files et History de IE , que ça coince apparemment.
    Et je vois toujours pas comment me débarrasser de la saleté que j'ai.

    Encore merci à toute personne qui y voit une piste.
    0
    1. Utilisateur anonyme
       
      As tu essayé en mdoe sans echec ? ça pourrait régler ce problème

      **Redemarres ton pc, dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaitre choisis "mode sans echec" attends un peu..
      0
  4. Amink
     
    Salut,

    j'ai oublié de le préciser, c'était justement en mode sans échec que j'ai fait ça.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Amink
     
    Bon apparemment ça va un peu mieux.
    Je ne sais pas trop comment ... mais Internet Explorer n'est plus bloqué.
    J'ai désinstallé Firefox et redemarré l'ordi.

    J'ai tenté de lancer ATF Cleaner, et il a bien marché. Puis CCleaner, et il marche aussi.

    Par la suite j'ai tenté Ad-aware SE, il ne s'arrête plus il a finit et j'ai pu voir le log des fichiers qu'il a répéré comme malicieux. Puis je les ai mis en quarantainet effacé.

    Voici le log en question de Ad-aware

    Ad-Aware SE Build 1.06r1
    Logfile Created on:mardi 14 novembre 2006 17:02:38
    Created with Ad-Aware SE Personal, free for private use.
    Using definitions file:SE1R131 09-11-2006
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    References detected during the scan:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Adware.P2PNetworking(TAC index:3):13 total references
    Alexa(TAC index:5):3 total references
    AltnetBDE(TAC index:4):5 total references
    BrilliantDigital(TAC index:6):5 total references
    BullaBHO(TAC index:10):1 total references
    CommonName(TAC index:7):5 total references
    ExactSearchBar(TAC index:5):1 total references
    MRU List(TAC index:0):36 total references
    Tracking Cookie(TAC index:3):2 total references
    UCmore(TAC index:3):1 total references
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Ad-Aware SE Settings
    ===========================
    Set : Search for negligible risk entries
    Set : Safe mode (always request confirmation)
    Set : Scan registry

    Extended Ad-Aware SE Settings
    ===========================
    Set : Unload recognized processes & modules during scan
    Set : Scan registry for all users instead of current user only
    Set : Always try to unload modules before deletion
    Set : During removal, unload Explorer and IE if necessary
    Set : Let Windows remove files in use at next reboot
    Set : Delete quarantined objects after restoring
    Set : Include basic Ad-Aware settings in log file
    Set : Include additional Ad-Aware settings in log file
    Set : Include reference summary in log file
    Set : Include alternate data stream details in log file
    Set : Play sound at scan completion if scan locates critical objects

    14-11-2006 17:02:38 - Scan started. (Smart mode)

    Listing running processes
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ProcessID : 676
    ThreadCreationTime : 14-11-2006 15:56:16
    BasePriority : Normal

    #:2 [csrss.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ProcessID : 744
    ThreadCreationTime : 14-11-2006 15:56:18
    BasePriority : Normal

    #:3 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\SYSTEM32\
    ProcessID : 768
    ThreadCreationTime : 14-11-2006 15:56:20
    BasePriority : High

    #:4 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 812
    ThreadCreationTime : 14-11-2006 15:56:21
    BasePriority : Normal
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Services and Controller app
    InternalName : services.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : services.exe

    #:5 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 824
    ThreadCreationTime : 14-11-2006 15:56:21
    BasePriority : Normal
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : lsass.exe

    #:6 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 984
    ThreadCreationTime : 14-11-2006 15:56:22
    BasePriority : Normal
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:7 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1112
    ThreadCreationTime : 14-11-2006 15:56:22
    BasePriority : Normal
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:8 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1184
    ThreadCreationTime : 14-11-2006 15:56:23
    BasePriority : Normal
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:9 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1552
    ThreadCreationTime : 14-11-2006 15:56:46
    BasePriority : Normal
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:10 [alg.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1580
    ThreadCreationTime : 14-11-2006 15:56:46
    BasePriority : Normal
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Application Layer Gateway Service
    InternalName : ALG.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : ALG.exe

    #:11 [avp.exe]
    FilePath : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\
    ProcessID : 1596
    ThreadCreationTime : 14-11-2006 15:56:46
    BasePriority : Normal
    FileVersion : 6.0.0.299
    ProductVersion : 6.0.0.299
    ProductName : Kaspersky Anti-Virus
    CompanyName : Kaspersky Lab
    FileDescription : Kaspersky Anti-Virus
    InternalName : AVP
    LegalCopyright : Copyright © Kaspersky Lab 1996-2006.
    LegalTrademarks : Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab.
    OriginalFilename : AVP.EXE

    #:12 [guard.exe]
    FilePath : C:\Program Files\ewido anti-spyware 4.0\
    ProcessID : 1624
    ThreadCreationTime : 14-11-2006 15:56:46
    BasePriority : Normal
    FileVersion : 4, 0, 0, 172
    ProductVersion : 4, 0, 0, 172
    ProductName : ewido anti-spyware
    CompanyName : Anti-Malware Development a.s.
    FileDescription : ewido anti-spyware guard
    InternalName : ewido anti-spywareguard
    LegalCopyright : Copyright © 2005 Anti-Malware Development a.s.
    OriginalFilename : guard.exe

    #:13 [wdfmgr.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1680
    ThreadCreationTime : 14-11-2006 15:56:46
    BasePriority : Normal
    FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
    ProductVersion : 5.2.3790.1230
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Windows User Mode Driver Manager
    InternalName : WdfMgr
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : WdfMgr.exe

    #:14 [explorer.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 576
    ThreadCreationTime : 14-11-2006 15:57:13
    BasePriority : Normal
    FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
    ProductVersion : 6.00.2600.0000
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Windows Explorer
    InternalName : explorer
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : EXPLORER.EXE

    #:15 [realsched.exe]
    FilePath : C:\Program Files\Common Files\Real\Update_OB\
    ProcessID : 1136
    ThreadCreationTime : 14-11-2006 15:57:21
    BasePriority : Normal
    FileVersion : 0.1.0.3427
    ProductVersion : 0.1.0.3427
    ProductName : RealPlayer (32-bit)
    CompanyName : RealNetworks, Inc.
    FileDescription : RealNetworks Scheduler
    InternalName : schedapp
    LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
    LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
    OriginalFilename : realsched.exe

    #:16 [qttask.exe]
    FilePath : C:\Program Files\QuickTime\
    ProcessID : 1268
    ThreadCreationTime : 14-11-2006 15:57:21
    BasePriority : Normal
    FileVersion : 7.0.3
    ProductVersion : QuickTime 7.0.3
    ProductName : QuickTime
    CompanyName : Apple Computer, Inc.
    FileDescription : QuickTime Task
    InternalName : QuickTime Task
    LegalCopyright : Copyright Apple Computer, Inc. 1989-2005
    OriginalFilename : QTTask.exe

    #:17 [looknstop.exe]
    FilePath : C:\Program Files\looknstop\
    ProcessID : 1224
    ThreadCreationTime : 14-11-2006 15:57:22
    BasePriority : Normal
    FileVersion : 2, 0, 0, 5
    ProductVersion : 2, 0, 0, 5
    ProductName : Look 'n' Stop Firewall Personnel
    CompanyName : Soft4Ever
    FileDescription : Look 'n' Stop Firewall Personnel
    InternalName : LooknStop
    LegalCopyright : Copyright © 2004
    OriginalFilename : LooknStop.EXE
    Comments : LooknStop

    #:18 [jusched.exe]
    FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
    ProcessID : 1412
    ThreadCreationTime : 14-11-2006 15:57:23
    BasePriority : Normal

    #:19 [winampa.exe]
    FilePath : C:\Program Files\Winamp\
    ProcessID : 1504
    ThreadCreationTime : 14-11-2006 15:57:24
    BasePriority : Normal

    #:20 [avp.exe]
    FilePath : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\
    ProcessID : 1712
    ThreadCreationTime : 14-11-2006 15:57:24
    BasePriority : Normal
    FileVersion : 6.0.0.299
    ProductVersion : 6.0.0.299
    ProductName : Kaspersky Anti-Virus
    CompanyName : Kaspersky Lab
    FileDescription : Kaspersky Anti-Virus
    InternalName : AVP
    LegalCopyright : Copyright © Kaspersky Lab 1996-2006.
    LegalTrademarks : Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab.
    OriginalFilename : AVP.EXE

    #:21 [msnmsgr.exe]
    FilePath : C:\Program Files\MSN Messenger\
    ProcessID : 1676
    ThreadCreationTime : 14-11-2006 15:57:24
    BasePriority : Normal
    FileVersion : 7.5.0324
    ProductVersion : 7.5.0324
    ProductName : MSN Messenger
    CompanyName : Microsoft Corporation
    FileDescription : MSN Messenger
    InternalName : msnmsgr
    LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004
    LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
    OriginalFilename : msnmsgr.exe

    #:22 [firefox.exe]
    FilePath : C:\Program Files\Mozilla Firefox\
    ProcessID : 2540
    ThreadCreationTime : 14-11-2006 16:01:54
    BasePriority : Normal

    #:23 [ad-aware.exe]
    FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
    ProcessID : 3576
    ThreadCreationTime : 14-11-2006 16:02:16
    BasePriority : Normal
    FileVersion : 6.2.0.236
    ProductVersion : SE 106
    ProductName : Lavasoft Ad-Aware SE
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-Aware SE Core application
    InternalName : Ad-Aware.exe
    LegalCopyright : Copyright © Lavasoft AB Sweden
    OriginalFilename : Ad-Aware.exe
    Comments : All Rights Reserved

    Memory scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 0

    Started registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Adware.P2PNetworking Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Adware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0}

    Adware.P2PNetworking Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Adware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2}

    Adware.P2PNetworking Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Adware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : interface\{16097036-894c-4c00-a61f-93ca0d49a70e}

    Adware.P2PNetworking Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Adware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : interface\{1b540d44-3f61-4394-ae30-25fdc3649405}

    Adware.P2PNetworking Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Adware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : interface\{2ed5af98-9258-45ba-b79b-06625c92f662}

    Adware.P2PNetworking Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Adware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd}

    Adware.P2PNetworking Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Adware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : interface\{c91e8926-d4be-4685-99f4-0d996b96bac0}

    Adware.P2PNetworking Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Adware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : interface\{ce9b37ec-d243-47a2-83db-3a8350175193}

    Adware.P2PNetworking Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Adware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : interface\{fd42f6d3-7ab1-470c-979b-7996edc99099}

    AltnetBDE Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 4
    Category : Data Miner
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : clsid\{3646c2bd-3554-49ca-8125-44deefb881de}

    BrilliantDigital Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 6
    Category : Data Miner
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : clsid\{3eec42b5-fb94-40d3-a588-bb54b383a7cb}

    BrilliantDigital Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 6
    Category : Data Miner
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : clsid\{51958169-d5e3-11d1-aa42-0000e842e40a}

    BrilliantDigital Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 6
    Category : Data Miner
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : clsid\{67925165-c4b6-11d2-b9c6-0000e84f59a6}

    CommonName Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 7
    Category : Data Miner
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : typelib\{ac04dc43-28e9-4746-9164-c200a04b8921}

    CommonName Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 7
    Category : Data Miner
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : interface\{64809b75-d8c3-4052-a7ad-6a3ecc39218e}

    CommonName Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 7
    Category : Data Miner
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : interface\{4f476e6b-1eca-4a3b-845a-505d8892da1a}

    CommonName Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 7
    Category : Data Miner
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : clsid\{a6475e6b-3c2e-4b1f-82fd-8f1c0b1d8ad0}

    CommonName Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 7
    Category : Data Miner
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : clsid\{4f9ca775-2c5f-4e2a-b157-cb440564f7f4}

    UCmore Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Data Miner
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : clsid\{53cbee82-d747-11d3-9ed0-005004189684}

    AltnetBDE Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 4
    Category : Data Miner
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : software\classes\appid\{8b0fef15-54dc-49f5-8377-8172de975f75}

    AltnetBDE Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 4
    Category : Data Miner
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : software\classes\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}

    AltnetBDE Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 4
    Category : Data Miner
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : software\classes\typelib\{5830698f-7fc0-40cd-a453-9a0cafdf3a64}

    BrilliantDigital Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 6
    Category : Data Miner
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : software\classes\interface\{29e825aa-13bc-457c-806a-d72e4a25b3c5}

    BrilliantDigital Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 6
    Category : Data Miner
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : software\classes\interface\{e79dadc6-18d0-4a2a-831f-d196d41f8438}

    BullaBHO Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 10
    Category : Data Miner
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : software\kfh

    Alexa Object Recognized!
    Type : RegValue
    Data :
    TAC Rating : 5
    Category : Data Miner
    Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
    Rootkey : HKEY_USERS
    Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
    Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

    Alexa Object Recognized!
    Type : RegValue
    Data :
    TAC Rating : 5
    Category : Data Miner
    Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
    Rootkey : HKEY_USERS
    Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping
    Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

    Alexa Object Recognized!
    Type : RegValue
    Data :
    TAC Rating : 5
    Category : Data Miner
    Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
    Rootkey : HKEY_USERS
    Object : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\internet explorer\extensions\cmdmapping
    Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

    Registry Scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 28
    Objects found so far: 28

    Started deep registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Deep registry scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 28

    Started Tracking Cookie scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : khechine@weborama[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:2
    Value : Cookie:khechine@weborama.fr/
    Expires : 13-11-2008 17:00:40
    LastSync : Hits:2
    UseCount : 0
    Hits : 2

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : khechine@atdmt[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:1
    Value : Cookie:khechine@atdmt.com/
    Expires : 13-11-2011 01:00:00
    LastSync : Hits:1
    UseCount : 0
    Hits : 1

    Tracking cookie scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 2
    Objects found so far: 30

    Deep scanning and examining files...
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Disk Scan Result for C:\WINDOWS
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 30

    ExactSearchBar Object Recognized!
    Type : File
    Data : chktrust.exe
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\WINDOWS\System32\
    FileVersion : 5.101.1663.1
    ProductVersion : 5.101.1663.1
    ProductName : Microsoft(R) Windows NT(R) Operating System
    CompanyName : Microsoft Corporation
    FileDescription : ECM ChkTrust
    InternalName : CHKTRUST.EXE
    LegalCopyright : Copyright (C) Microsoft Corp. 1981-1997
    OriginalFilename : CHKTRUST.EXE

    Disk Scan Result for C:\WINDOWS\System32
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 31

    Disk Scan Result for C:\DOCUME~1\khechine\LOCALS~1\Temp\
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 31

    MRU List Object Recognized!
    Location: : C:\Documents and Settings\khechine\Application Data\microsoft\office\recent
    Description : list of recently opened documents using microsoft office

    MRU List Object Recognized!
    Location: : C:\Documents and Settings\khechine\recent
    Description : list of recently opened documents

    MRU List Object Recognized!
    Location: : software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft direct3d

    MRU List Object Recognized!
    Location: : software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft direct X

    MRU List Object Recognized!
    Location: : software\microsoft\directdraw\mostrecentapplication
    Description : most recent application to use microsoft directdraw

    MRU List Object Recognized!
    Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
    Description : list of recently entered addresses in microsoft internet explorer

    MRU List Object Recognized!
    Location: : S-1-5-18\software\microsoft\internet explorer\typedurls
    Description : list of recently entered addresses in microsoft internet explorer

    MRU List Object Recognized!
    Location: : S-1-5-19\software\microsoft\internet explorer\typedurls
    Description : list of recently entered addresses in microsoft internet explorer

    MRU List Object Recognized!
    Location: : S-1-5-20\software\microsoft\internet explorer\typedurls
    Description : list of recently entered addresses in microsoft internet explorer

    MRU List Object Recognized!
    Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\internet explorer\typedurls
    Description : list of recently entered addresses in microsoft internet explorer

    MRU List Object Recognized!
    Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\mediaplayer\medialibraryui
    Description : last selected node in the microsoft windows media player media library

    MRU List Object Recognized!
    Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\mediaplayer\player\settings
    Description : last open directory used in jasc paint shop pro

    MRU List Object Recognized!
    Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
    Description : last playlist loaded in microsoft windows media player

    MRU List Object Recognized!
    Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
    Description : last playlist loaded in microsoft windows media player

    MRU List Object Recognized!
    Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
    Description : last playlist loaded in microsoft windows media player

    MRU List Object Recognized!
    Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
    Description : last playlist loaded in microsoft windows media player

    MRU List Object Recognized!
    Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\office\10.0\clip organizer\search\last query
    Description : last query in microsoft clip organizer

    MRU List Object Recognized!
    Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\office\10.0\common\general
    Description : list of recently used symbols in microsoft office

    MRU List Object Recognized!
    Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\office\10.0\common\open find\microsoft powerpoint\settings\insert picture\file name mru
    Description : list of recent pictured inserted in microsoft powerpoint

    MRU List Object Recognized!
    Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\office\10.0\common\open find\microsoft powerpoint\settings\save as\file name mru
    Description : list of recent documents saved by microsoft powerpoint

    MRU List Object Recognized!
    Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru
    Description : list of recent documents opened by microsoft word

    MRU List Object Recognized!
    Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
    Description : list of recent documents saved by microsoft word

    MRU List Object Recognized!
    Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\office\10.0\powerpoint\recent templates
    Description : list of recent templates used by microsoft powerpoint

    MRU List Object Recognized!
    Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\office\10.0\powerpoint\recent typeface list
    Description : list of recently used typefaces in microsoft powerpoint

    MRU List Object Recognized!
    Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\office\10.0\powerpoint\recentfolderlist
    Description : list of recent folders used by microsoft powerpoint

    MRU List Object Recognized!
    Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\office\10.0\powerpoint\recenttemplatelist
    Description : list of recent templates used by microsoft powerpoint

    MRU List Object Recognized!
    Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\windows\currentversion\applets\regedit
    Description : last key accessed using the microsoft registry editor

    MRU List Object Recognized!
    Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
    Description : list of recently saved files, stored according to file extension

    MRU List Object Recognized!
    Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\windows\currentversion\explorer\recentdocs
    Description : list of recent documents opened

    MRU List Object Recognized!
    Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\realnetworks\realplayer\6.0\preferences
    Description : list of recent skins in realplayer

    MRU List Object Recognized!
    Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\realnetworks\realplayer\6.0\preferences
    Description : list of recent clips in realplayer

    MRU List Object Recognized!
    Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\realnetworks\realplayer\6.0\preferences
    Description : list of recent open locations in realplayer

    MRU List Object Recognized!
    Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\realnetworks\realplayer\6.0\preferences
    Description : last login time in realplayer

    MRU List Object Recognized!
    Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
    Description : windows media sdk

    MRU List Object Recognized!
    Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
    Description : windows media sdk

    MRU List Object Recognized!
    Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\windows media\wmsdk\general
    Description : windows media sdk

    Performing conditional scans...
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Adware.P2PNetworking Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Adware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : jcde_stack

    Adware.P2PNetworking Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Adware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : jcde_stack.1

    Adware.P2PNetworking Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Adware
    Comment :
    Rootkey : HKEY_CURRENT_USER
    Object : software\p2p networking

    Adware.P2PNetworking Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Adware
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : software\p2p networking

    AltnetBDE Object Recognized!
    Type : Folder
    TAC Rating : 4
    Category : Data Miner
    Comment : AltnetBDE
    Object : C:\Documents and Settings\khechine\Start Menu\Programs\Altnet

    Conditional scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 5
    Objects found so far: 72

    17:04:42 Scan Complete

    Summary Of This Scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Total scanning time:00:02:04.479
    Objects scanned:87285
    Objects identified:36
    Objects ignored:0
    New critical objects:36

    Par la suite je tente de lancer Cleanup et lui aussi marche, voici le log qu'il me donne

    CleanUp! started on 11/14/06 11:12:57.
    C:\Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\1AAMP20F\2D03AB9FF766DB730D237293D3D[1].jpg - deleted
    C:\Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\6453VZOG\override[1].css - deleted
    C:\Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\6453VZOG\ie[1].css - deleted
    C:\Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\1AAMP20F\2D03AB9FF766DB730D237293D3D[1].jpg - deleted
    C:\Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\1AAMP20F\2D03AB9FF766DB730D237293D3D[1].jpg - deleted
    C:\Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\1AAMP20F\2D03AB9FF766DB730D237293D3D[1].jpg - deleted
    https://www.msn.com/fr-fr/ - deleted
    https://www.msn.com/fr-fr/ - deleted
    C:\Documents and Settings\khechine\Local Settings\History\desktop (1).ini - deleted
    C:\Documents and Settings\khechine\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\khechine\Local Settings\History\History.IE5\MSHist012006111420061115\index.dat - deleted
    C:\Documents and Settings\khechine\Local Settings\History\History.IE5\MSHist012006111420061115\ - deleted
    C:\Documents and Settings\khechine\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\khechine\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
    'Typed URLs' (Internet Explorer) - removed from the registry.
    Visited: khechine@https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2faccess%2fallinone.asp%3f - deleted
    Visited: khechine@https://www.msn.com/fr-fr/ - deleted
    Visited: khechine@mk:@MSITStore:C:\Program%20Files\Lavasoft\Ad-Aware%20SE%20Personal\manual.chm::/whatisad_awarese.htm - deleted
    Visited: khechine@http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome - deleted
    C:\Documents and Settings\khechine\Cookies\khechine@msn[2].txt - deleted
    C:\Documents and Settings\khechine\Cookies\khechine@www.msn[2].txt - deleted
    C:\Documents and Settings\khechine\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\khechine\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
    Cookie:khechine@msn.com/ - deleted
    Cookie:khechine@www.msn.com/ - deleted
    C:\Documents and Settings\khechine\Application Data\Mozilla\Profiles\default\f9k9q8w1.slt\oldprefs.js - deleted
    C:\Documents and Settings\khechine\Application Data\Mozilla\Profiles\default\f9k9q8w1.slt\oldlocalstore.rdf - deleted
    C:\Documents and Settings\khechine\Application Data\Mozilla\Profiles\default\f9k9q8w1.slt\cookies.txt.old - deleted
    C:\Documents and Settings\khechine\Application Data\Mozilla\Profiles\default\f9k9q8w1.slt\oldprefs.js - deleted
    C:\Documents and Settings\khechine\Application Data\Mozilla\Profiles\default\f9k9q8w1.slt\oldlocalstore.rdf - deleted
    C:\Documents and Settings\khechine\Application Data\Mozilla\Profiles\default\f9k9q8w1.slt\cookies.txt.old - deleted
    C:\Documents and Settings\khechine\Recent\Photo arbi 155.lnk - deleted
    C:\Documents and Settings\khechine\Recent\Photo arbi 155.lnk - deleted
    C:\DOCUME~1\khechine\LOCALS~1\Temp\~DF8A05.tmp currently in use. Will be deleted when Windows is restarted.
    C:\DOCUME~1\khechine\LOCALS~1\Temp\~DF8A0E.tmp currently in use. Will be deleted when Windows is restarted.
    C:\DOCUME~1\khechine\LOCALS~1\Temp\jusched.log - deleted
    C:\DOCUME~1\khechine\LOCALS~1\Temp\data2.cab - deleted
    C:\DOCUME~1\khechine\LOCALS~1\Temp\Script_0011dcfc.html - deleted
    C:\DOCUME~1\khechine\LOCALS~1\Temp\~DF274.tmp - deleted
    C:\DOCUME~1\khechine\LOCALS~1\Temp\~DF4138.tmp - deleted
    C:\DOCUME~1\khechine\LOCALS~1\Temp\AAWTMP\ - deleted
    C:\DOCUME~1\khechine\LOCALS~1\Temp\~DF8A05.tmp currently in use. Will be deleted when Windows is restarted.
    C:\DOCUME~1\khechine\LOCALS~1\Temp\~DF8A0E.tmp currently in use. Will be deleted when Windows is restarted.
    C:\DOCUME~1\khechine\LOCALS~1\Temp\data2.cab - deleted
    C:\DOCUME~1\khechine\LOCALS~1\Temp\Script_0011dcfc.html - deleted
    C:\DOCUME~1\khechine\LOCALS~1\Temp\~DF274.tmp - deleted
    C:\DOCUME~1\khechine\LOCALS~1\Temp\~DF4138.tmp - deleted
    C:\WINDOWS\SET3.tmp - deleted
    C:\WINDOWS\SET7.tmp - deleted
    C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\khechine\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\khechine\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\khechine\locals~1\tempor~1\Content.IE5\1AAMP20F\2D03AB9FF766DB730D237293D3D[1].jpg - deleted
    C:\Documents and Settings\khechine\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\khechine\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\khechine\Local Settings\Temp\~DF8A05.tmp currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\khechine\Local Settings\Temp\~DF8A0E.tmp currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\khechine\Local Settings\Temp\data2.cab - deleted
    C:\Documents and Settings\khechine\Local Settings\Temp\Script_0011dcfc.html - deleted
    C:\Documents and Settings\khechine\Local Settings\Temp\~DF274.tmp - deleted
    C:\Documents and Settings\khechine\Local Settings\Temp\~DF4138.tmp - deleted
    C:\Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\1AAMP20F\2D03AB9FF766DB730D237293D3D[1].jpg - deleted
    C:\Documents and Settings\Default User\Local Settings\History\History.IE5\index.dat - deleted
    'Run MRU' list - removed from the registry.
    Search Assistant MRU list - removed from the registry.
    Explorer Open/Save MRU list - removed from the registry.
    Explorer Last Visited MRU list - removed from the registry.
    Paint Recent File List - removed from the registry.
    WordPad Recent File List - removed from the registry.
    Telnet's MRU list - removed from the registry.
    WinZip Extract MRU list - removed from the registry.
    WinZip File MRU list - removed from the registry.
    CleanUp! 4.5.2 recovered 1.1 MB of disk space from 44 files.
    CleanUp! finished on 11/14/06 11:12:59.

    Enfin, j'ai pu cette fois ci installer Kaspersky Internet Security, et j'ai fait un scan sur tout le poste, il a supprimé pas mal de Adware et Trojan.

    Bref, Interner Explorer, MSN, Emule, Firefox ... remarchent.
    Je pense donc que je m'en suis sorti cette fois ci... j'ai du mal à le croire, tellement j'étais désespéré hier, je pensais qu'il ne restait que le formatage devant moi.

    Si vous avez d'autres remarques sur des précautions que je dois encore prendre, je suis preneur.
    Merci encore !
    0
  7. Utilisateur anonyme
     
    Salut Amink

    Fait un clique droit sur hijackthis, choisis "renommer" marque: abcde.exe puis clique sur "ok" puis remet un rapport hijackthis

    Puis essaye de faire ça si internet explorer refonctionne

    Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
    Une fois qu'il a terminé colle le rapport ici stp

    https://www.bitdefender.com/toolbox/
    0