Cheval de troie win32.trojandownloader.small

[Résolu/Fermé]
Signaler
-
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
-
Bonjour,

J'ai chopé le cheval de troie win32.trojandownloader.small !

Le fichier infecté est c:\windows\system32\khfdbyw.dll que je n'arrive pas à supprimer. J'ai essayé de le supprimer par des logiciels au reboot au reboot, ça ne fonctionne pas non plus...
Et dans Hijackthis, lorsque je fais "delete a file on reboot", je n'ai aucune fenêtre qui s'ouvre...

A l'aide !

Merci d'avance

58 réponses

Rapport Avenger :

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vjbxnhvp

*******************

Script file located at: \??\C:\Documents and Settings\uvlavlhv.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\74.tmp deleted successfully.
File C:\WINDOWS\system32\72.tmp deleted successfully.
File C:\WINDOWS\system32\70.tmp deleted successfully.
File C:\WINDOWS\system32\6E.tmp deleted successfully.
File C:\WINDOWS\system32\6C.tmp deleted successfully.
File C:\WINDOWS\system32\6A.tmp deleted successfully.


Could not open registry key [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\°€€] for deletion
Deletion of registry key [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\°€€] failed!
Status: 0xc000003b


Completed script processing.

*******************

Finished! Terminate.
Rapport HiJackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:12:27, on 25/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Wallpaper\Wallpaper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://news.google.com/topstories?hl=fr&gl=FR&ceid=FR:fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] ; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Update 3400C] ; C:\sj652\hpupdate.exe 3400C
O4 - HKLM\..\Run: [InCD] ; C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] ; C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] ; C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rainlendar2] "C:\Program Files\Rainlendar2\Rainlendar2.exe"
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - HKCU\..\Run: [WMPNSCFG] ; C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Diddl_Scr.exe] ; C:\Documents and Settings\Gaëtan\Local Settings\Temporary Internet Files\Content.IE5\E27ODY7W\Diddl_Scr[1].exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] ; "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] ; C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb001YYFR
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093333169531
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www2.photoweb.fr/telechargement/Photoweb_uploader.cab
O20 - Winlogon Notify: °€€ - °€€ (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Re,

Edite : J'ai modifié la procédure.

Oula. Elle est toujours là cette clé.

1/ # Télécharge SDFix (créé par Andy Manchesta) et sauvegarde le sur ton Bureau : http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
# Imprime ceci.
# Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

* Redémarre ton ordinateur.
* Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (ou F5).
* A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
* Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
* Choisis ton compte.

# Déroule la liste des instructions ci-dessous :

* En mode sans échec, double-clique sur le fichier SDFix.exe et clique sur install,
* Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le script.
* Appuie sur Y pour commencer le script.
* Il va supprimer les services de certains trojans, effectuera aussi quelques réparations du Registre et il te demandera d'appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.
* Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
* Enfin, ouvre le dossier de SDFix sur ton Bureau et copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

2/ Supprime combofix de ton bureau puis vide la corbeille.

3/ Ouvre PCA
# Clique sur l'onglet "diagnostic du PC" puis "analyser".
# Laisse l'analyse se dérouler. Cela ne prend que quelques secondes.
# Clique sur "enregistrer le rapport" en bas à droite et sauvegarde-le sur le bureau.
# Edite le contenu de ce rapport dans ta prochaine réponse. Il se nomme PCA_LOG.txt
Coche cette ligne :

O20 - Winlogon Notify: °€€ - °€€ (file missing)

Clique sur "réparer les éléments sélectionnés".

Edite le rapport Sdfix et un nouveau rapport PCA.

FillPCA

FillPCA
Rapport SDFIX :

SDFix: Version 1.115

Run by Gaëtan on 25/11/2007 at 19:28

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\168482~1 - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 19:32:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ed,94,61,d5,3f,ba,6b,4e,24,9e,e7,40,f0,69,34,8e,71,0c,04,fd,77,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,94,c3,98,d9,55,65,c6,b5,f4,d8,46,61,68,77,71,94,7a,..
"khjeh"=hex:08,a3,78,eb,e9,40,2b,8b,63,86,ed,2e,2d,5b,6c,70,b0,7b,35,94,bd,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:3a,f3,95,8e,79,7f,d9,08,4e,75,87,c3,9a,08,57,d8,2a,86,41,2c,53,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Lsa]
"LsaPid"=dword:00000280
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Watchdog\Display]
"ShutdownCount"=dword:000005c5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\ACPI\PNPA000\4&5d18f2df&0]
"Service"="azxsbejw"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Epoch]
"Epoch"=dword:00002cdc
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ed,94,61,d5,3f,ba,6b,4e,24,9e,e7,40,f0,69,34,8e,71,0c,04,fd,77,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,94,c3,98,d9,55,65,c6,b5,f4,d8,46,61,68,77,71,94,7a,..
"khjeh"=hex:08,a3,78,eb,e9,40,2b,8b,63,86,ed,2e,2d,5b,6c,70,b0,7b,35,94,bd,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:3a,f3,95,8e,79,7f,d9,08,4e,75,87,c3,9a,08,57,d8,2a,86,41,2c,53,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{678671A2-811F-4382-B566-9C427F79943C}]
"LeaseObtainedTime"=dword:4749ba48
"T1"=dword:474e5788
"T2"=dword:4751cd78
"LeaseTerminatesTime"=dword:4752f4c8
"DhcpRetryTime"=dword:00049d3e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{678671A2-811F-4382-B566-9C427F79943C}\Parameters\Tcpip]
"LeaseObtainedTime"=dword:4749ba48
"T1"=dword:474e5788
"T2"=dword:4751cd78
"LeaseTerminatesTime"=dword:4752f4c8

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIIc\\Win32\\RpcDataSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIIc\\Win32\\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIIc\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIIc\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sat 3 Nov 2007 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Fri 20 May 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 10 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 19 Aug 2005 2,160,128 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\Ga‰tan\~WRL1819.tmp"
Tue 28 Sep 2004 2,021,888 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL0032.tmp"
Fri 1 Oct 2004 2,782,720 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL0289.tmp"
Mon 4 Oct 2004 3,615,744 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL0355.tmp"
Tue 5 Oct 2004 3,646,976 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL0416.tmp"
Tue 5 Oct 2004 3,646,976 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL0594.tmp"
Fri 8 Oct 2004 4,808,192 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL0681.tmp"
Fri 1 Oct 2004 2,782,208 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL0908.tmp"
Sun 3 Oct 2004 3,547,136 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL0997.tmp"
Thu 30 Sep 2004 2,449,920 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL1084.tmp"
Mon 27 Sep 2004 876,544 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL1257.tmp"
Mon 4 Oct 2004 3,686,912 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL1367.tmp"
Mon 4 Oct 2004 3,613,184 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL1491.tmp"
Mon 20 Sep 2004 47,616 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL1792.tmp"
Sun 3 Oct 2004 2,827,776 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL2047.tmp"
Tue 21 Sep 2004 829,952 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL2254.tmp"
Wed 22 Sep 2004 846,848 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL2273.tmp"
Thu 7 Oct 2004 4,782,592 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL2377.tmp"
Thu 23 Sep 2004 847,872 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL2678.tmp"
Mon 27 Sep 2004 883,712 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL2933.tmp"
Sun 19 Sep 2004 45,568 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL3014.tmp"
Fri 8 Oct 2004 5,096,448 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL3542.tmp"
Wed 29 Sep 2004 4,167,168 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL4002.tmp"
Wed 29 Sep 2004 4,173,824 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL4055.tmp"
Fri 8 Oct 2004 6,900,224 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL4075.tmp"
Sun 29 Feb 2004 19,968 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\~WRL0928.tmp"
Sun 25 Jun 2006 54,520 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\visualstudio\7.1\vs000223.tmp"
Tue 15 Jun 2004 56,832 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0001.tmp"
Fri 18 Jun 2004 1,883,136 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0003.tmp"
Thu 17 Jun 2004 70,656 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0004.tmp"
Fri 18 Jun 2004 2,665,984 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0107.tmp"
Thu 17 Jun 2004 749,056 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0119.tmp"
Thu 17 Jun 2004 1,652,736 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0318.tmp"
Thu 17 Jun 2004 1,882,624 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0361.tmp"
Fri 18 Jun 2004 1,908,224 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0385.tmp"
Fri 18 Jun 2004 1,896,448 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0402.tmp"
Fri 18 Jun 2004 1,890,304 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0403.tmp"
Fri 18 Jun 2004 1,890,304 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0436.tmp"
Fri 18 Jun 2004 1,882,624 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0452.tmp"
Fri 18 Jun 2004 1,891,840 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0498.tmp"
Fri 18 Jun 2004 2,667,008 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0541.tmp"
Fri 18 Jun 2004 1,894,400 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0577.tmp"
Fri 18 Jun 2004 2,666,496 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0590.tmp"
Thu 17 Jun 2004 1,652,224 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0614.tmp"
Fri 18 Jun 2004 1,891,840 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0673.tmp"
Thu 17 Jun 2004 749,056 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0694.tmp"
Fri 18 Jun 2004 1,909,760 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0765.tmp"
Fri 18 Jun 2004 2,667,520 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0821.tmp"
Fri 18 Jun 2004 1,883,136 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1081.tmp"
Fri 18 Jun 2004 1,901,056 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1082.tmp"
Fri 18 Jun 2004 1,894,912 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1107.tmp"
Fri 18 Jun 2004 1,906,176 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1134.tmp"
Fri 18 Jun 2004 1,904,128 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1232.tmp"
Thu 17 Jun 2004 377,856 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1242.tmp"
Fri 18 Jun 2004 1,897,472 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1243.tmp"
Thu 17 Jun 2004 749,056 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1403.tmp"
Wed 16 Jun 2004 56,832 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1417.tmp"
Thu 17 Jun 2004 1,882,624 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1426.tmp"
Fri 18 Jun 2004 1,912,320 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1515.tmp"
Fri 18 Jun 2004 1,895,936 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1526.tmp"
Fri 18 Jun 2004 2,666,496 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1567.tmp"
Fri 18 Jun 2004 1,891,840 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1609.tmp"
Fri 18 Jun 2004 1,911,808 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1610.tmp"
Thu 17 Jun 2004 72,704 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1666.tmp"
Thu 17 Jun 2004 1,652,224 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1667.tmp"
Fri 18 Jun 2004 1,888,768 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1672.tmp"
Fri 18 Jun 2004 1,909,760 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1679.tmp"
Fri 18 Jun 2004 1,894,912 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1724.tmp"
Thu 17 Jun 2004 72,704 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1884.tmp"
Fri 18 Jun 2004 1,884,672 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1938.tmp"
Fri 18 Jun 2004 1,906,688 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2012.tmp"
Fri 18 Jun 2004 1,908,736 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2079.tmp"
Wed 16 Jun 2004 59,904 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2216.tmp"
Fri 18 Jun 2004 1,891,328 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2232.tmp"
Fri 18 Jun 2004 1,894,400 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2238.tmp"
Thu 17 Jun 2004 54,272 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2270.tmp"
Fri 18 Jun 2004 1,896,448 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2292.tmp"
Wed 16 Jun 2004 60,416 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2393.tmp"
Fri 18 Jun 2004 1,894,912 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2487.tmp"
Fri 18 Jun 2004 1,888,256 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2494.tmp"
Fri 18 Jun 2004 1,891,328 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2603.tmp"
Fri 18 Jun 2004 1,900,544 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2652.tmp"
Fri 18 Jun 2004 1,904,640 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2778.tmp"
Fri 18 Jun 2004 1,882,624 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2866.tmp"
Thu 17 Jun 2004 1,882,624 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2892.tmp"
Thu 17 Jun 2004 72,704 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2919.tmp"
Fri 18 Jun 2004 1,909,760 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2920.tmp"
Fri 18 Jun 2004 1,886,208 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2944.tmp"
Thu 17 Jun 2004 71,168 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3030.tmp"
Fri 18 Jun 2004 1,904,640 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3049.tmp"
Thu 17 Jun 2004 1,652,224 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3135.tmp"
Wed 16 Jun 2004 60,416 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3179.tmp"
Thu 17 Jun 2004 1,638,400 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3183.tmp"
Fri 18 Jun 2004 2,665,984 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3432.tmp"
Thu 17 Jun 2004 1,882,624 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3490.tmp"
Fri 18 Jun 2004 1,894,912 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3491.tmp"
Wed 16 Jun 2004 59,904 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3571.tmp"
Thu 17 Jun 2004 73,216 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3582.tmp"
Fri 18 Jun 2004 2,665,984 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3589.tmp"
Thu 17 Jun 2004 71,680 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3600.tmp"
Wed 16 Jun 2004 59,904 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3615.tmp"
Fri 18 Jun 2004 1,905,152 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3628.tmp"
Fri 18 Jun 2004 1,885,696 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3671.tmp"
Thu 17 Jun 2004 25,088 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3777.tmp"
Fri 18 Jun 2004 1,909,248 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3798.tmp"
Wed 16 Jun 2004 59,904 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3801.tmp"
Wed 16 Jun 2004 59,904 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3812.tmp"
Fri 18 Jun 2004 1,902,080 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3816.tmp"
Fri 18 Jun 2004 1,907,200 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3928.tmp"
Fri 18 Jun 2004 1,894,400 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3933.tmp"
Thu 17 Jun 2004 1,653,248 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL4028.tmp"
Fri 18 Jun 2004 1,911,808 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL4076.tmp"

Finished!
Rapport HiJackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:37:24, on 25/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Wallpaper\Wallpaper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://news.google.com/topstories?hl=fr&gl=FR&ceid=FR:fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] ; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Update 3400C] ; C:\sj652\hpupdate.exe 3400C
O4 - HKLM\..\Run: [InCD] ; C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] ; C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] ; C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rainlendar2] "C:\Program Files\Rainlendar2\Rainlendar2.exe"
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - HKCU\..\Run: [WMPNSCFG] ; C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Diddl_Scr.exe] ; C:\Documents and Settings\Gaëtan\Local Settings\Temporary Internet Files\Content.IE5\E27ODY7W\Diddl_Scr[1].exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] ; "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] ; C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb001YYFR
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093333169531
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www2.photoweb.fr/telechargement/Photoweb_uploader.cab
O20 - Winlogon Notify: °€€ - °€€ (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Rapport PCA : (je ne peux pas cocher 020..., je n'ai pas accès)

# PCA Sécurité V 1.0.2, (fichier LOG).
# Rapport du :25/11/2007 19:47:00
Microsoft Windows XP Service Pack 2

==>> Processus <==
\SystemRoot\System32\smss.exe
\??\C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Wallpaper\Wallpaper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PCA\pca.exe

//pages de démarrage et de recherche d'Internet Explorer
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Start Page = https://www.msn.com/fr-fr/?ocid=iehp
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
RO - HKCU\Software\Microsoft\Internet Explorer\Main\Start Page = https://news.google.com/topstories?hl=fr&gl=FR&ceid=FR:fr
RO - HKCU\Software\Microsoft\Internet Explorer\Toolbar\LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main\Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
//applications lancées depuis system.ini,win.ini
//03 - Browser Helper Objects (BHOs)
02 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
02 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL
02 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
02 - BHO: - {7E853D72-626A-48EC-A868-BA8D5E23E045} -
//04 - applications chargées automatiquement
04 - HKLM\..\RUN: [NeroFilterCheck] - C:\WINDOWS\system32\NeroCheck.exe
04 - HKLM\..\RUN: [Cmaudio] - RunDll32 cmicnfg.cpl,CMICtrlWnd
04 - HKLM\..\RUN: [Dit] - Dit.exe
04 - HKLM\..\RUN: [CHotkey] - zHotkey.exe
04 - HKLM\..\RUN: [AGRSMMSG] - AGRSMMSG.exe
04 - HKLM\..\RUN: [LVCOMSX] - C:\WINDOWS\system32\LVCOMSX.EXE
04 - HKLM\..\RUN: [SunJavaUpdateSched] - "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
04 - HKLM\..\RUN: [EoEngine] -
04 - HKLM\..\RUN: [EoWeather] -
04 - HKLM\..\RUN: [EoClock] -
04 - HKLM\..\RUN: [Zone Labs Client] - "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
04 - HKLM\..\RUN: [avast!] - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
04 - HKLM\..\RUN: [ZoneAlarm Client] - "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
04 - HKLM\..\RUN: [NvCplDaemon] - "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKLM\..\RUN: [nwiz] - "nwiz.exe" /install
04 - HKLM\..\RUN: [NvMediaCenter] - "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
04 - HKLM\..\RUN: [Adobe Reader Speed Launcher] - ; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
04 - HKLM\..\RUN: [HP Update 3400C] - ; C:\sj652\hpupdate.exe 3400C
04 - HKLM\..\RUN: [InCD] - ; C:\Program Files\Ahead\InCD\InCD.exe
04 - HKLM\..\RUN: [LogitechVideoRepair] - ; C:\Program Files\Logitech\Video\ISStart.exe
04 - HKLM\..\RUN: [LogitechVideoTray] - ; C:\Program Files\Logitech\Video\LogiTray.exe
04 - HKLU\..\RUN: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe
04 - HKLU\..\RUN: [Rainlendar2] - "C:\Program Files\Rainlendar2\Rainlendar2.exe"
04 - HKLU\..\RUN: [Wallpaper] - "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
04 - HKLU\..\RUN: [WMPNSCFG] - ; C:\Program Files\Windows Media Player\WMPNSCFG.exe
04 - HKLU\..\RUN: [DAEMON Tools] - "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
04 - HKLU\..\RUN: [Diddl_Scr.exe] - ; C:\Documents and Settings\Gaëtan\Local Settings\Temporary Internet Files\Content.IE5\E27ODY7W\Diddl_Scr[1].exe
04 - HKLU\..\RUN: [LogitechSoftwareUpdate] - ; "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
04 - HKLU\..\RUN: [Uniblue RegistryBooster 2] - ; C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
04 - HKUS\S-1-5-18\..\RUN: [CTFMON.EXE] - C:\WINDOWS\system32\NeroCheck.exe
04 - HKUS\S-1-5-19\..\RUN: [CTFMON.EXE] - C:\WINDOWS\system32\NeroCheck.exe
04 - HKUS\S-1-5-20\..\RUN: [CTFMON.EXE] - C:\WINDOWS\system32\NeroCheck.exe
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [ctfmon.exe] - C:\WINDOWS\system32\NeroCheck.exe
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [Rainlendar2] - RunDll32 cmicnfg.cpl,CMICtrlWnd
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [Wallpaper] - Dit.exe
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [WMPNSCFG] - zHotkey.exe
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [DAEMON Tools] - AGRSMMSG.exe
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [Diddl_Scr.exe] - C:\WINDOWS\system32\LVCOMSX.EXE
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [LogitechSoftwareUpdate] - "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [Uniblue RegistryBooster 2] -
//05 - Accès au panneau de contrôle d'Internet Explorer (control.ini)
//06- interdiction à l' accès au options (Internet Explorer)
//07 - blocage de l'exécution de Regedit
//08 - lignes supplémentaires dans le menu contextuel d'Internet Explorer
08 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
08 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb001YYFR
//09 - boutons situés sur la barre d'outils principale d'Internet Explorer
09 - Extra button: - CmdMapping -
09 - Extra 'Tools' menuitem: - CmdMapping -
09 - Extra button: - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
09 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
09 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
09 - Extra 'Tools' menuitem: - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
09 - Extra button: - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
09 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
09 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
09 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
//O10 - Pirates de Winsock
//O11 - Onglet supplémentaire dans les options avancées d'Internet Explorer)
O11 - Options group: [INTERNATIONAL] - International*
//O12 - IE plugins
//013 : DefaultPrefix
//014 - Option : (Rétablir les paramètres Web)
//015 - Zone de confiance d'Internet Explorer
//O16 - Objets ActiveX
O16 - DPF : - DirectAnimation Java Classes -
O16 - DPF : - Microsoft XML Parser for Java -
O16 - DPF : Shockwave ActiveX Control - {166B1BCA-3F9C-11CF-8075-444553540000} - C:\WINDOWS\system32\macromed\Director\SwDir.dll
O16 - DPF : WUWebControl Class - {6414512B-B978-451D-A0D8-FCFDF33E833C} - C:\WINDOWS\system32\wuweb.dll
O16 - DPF : telechargement-photoweb - {68C1822F-F5C7-4404-A73F-03C10E0E94DA} - C:\WINDOWS\Downloaded Program Files\telechargement-photoweb.ocx
O16 - DPF : Shockwave Flash Object - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx
//O17 - piratage de domaine Lop.com
//O18 - protocoles additionnels
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} -
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
//O19 - feuille de style de l'utilisateur
//O20 - valeur de Registre AppInit_DLLs et les sous-clés Winlogon Notify
//O21 - ShellServiceObjectDelayLoad
//O22 - SharedTaskScheduler
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\System32\browseui.dll
//O23 - services de XP,NT, 2000, et 2003
O23 - Service: [Service de la passerelle de la couche Application] - %SystemRoot%\System32\alg.exe
O23 - Service: [avast! iAVS4 Control Service] - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
O23 - Service: [avast! Antivirus] - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
O23 - Service: [avast! Mail Scanner] - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
O23 - Service: [avast! Web Scanner] - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
O23 - Service: [Client de licence CA] - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: [Serveur de licence CA] - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: [Gestionnaire de l'Album] - %SystemRoot%\system32\clipsrv.exe
O23 - Service: [Application système COM+] - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: [Fax] - %systemroot%\system32\fxssvc.exe
O23 - Service: [Google Updater Service] - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
O23 - Service: [InstallDriver Table Manager] - "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: [Service COM de gravage de CD IMAPI] -
O23 - Service: [InCD Helper] -
O23 - Service: [Event Log Watch] - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: [Machine Debug Manager] - "C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"
O23 - Service: [Partage de Bureau à distance NetMeeting] - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: [Distributed Transaction Coordinator] - C:\WINDOWS\system32\msdtc.exe
O23 - Service: [NVIDIA Display Driver Service] - %SystemRoot%\system32\nvsvc32.exe
O23 - Service: [Gestionnaire de session d'aide sur le Bureau à distance] - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: [Localisateur d'appels de procédure distante (RPC)] - %SystemRoot%\System32\locator.exe
O23 - Service: [QoS RSVP] - %SystemRoot%\System32\rsvp.exe
O23 - Service: [SiSoftware Database Agent Service] - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: [SiSoftware Sandra Agent Service] - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: [Spouleur d'impression] - %SystemRoot%\system32\spoolsv.exe
O23 - Service: [MS Software Shadow Copy Provider] - C:\WINDOWS\System32\dllhost.exe /Processid:{DB0CDB63-F5CF-4D8E-910E-E037CBFB0C95}
O23 - Service: [Journaux et alertes de performance] - %SystemRoot%\system32\smlogsvc.exe
O23 - Service: [Uninterruptible Power Supply] - %SystemRoot%\System32\ups.exe
O23 - Service: [Service Messenger Sharing Folders USN Journal Reader] - "C:\Program Files\MSN Messenger\usnsvc.exe"
O23 - Service: [TrueVector Internet Monitor] - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
O23 - Service: [Cliché instantané de volume] - %SystemRoot%\System32\vssvc.exe
O23 - Service: [Windows Media Connect (WMC)] - c:\program files\windows media connect\mswmccds.exe
O23 - Service: [Aide de Windows Media Connect (WMC)] - C:\Program Files\Windows Media Connect\mswmcls.exe
O23 - Service: [Carte de performance WMI] - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: [Service Partage réseau du Lecteur Windows Media] - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Re,

1/ * Zippe le contenu de ce dossier : C:\Qoobox
* Pour cela, ouvre le poste de travail>C:
* Fais un clic droit sur _OTMoveIT puis choisis envoyer vers>dossier compressé.
* Un fichier au format zip est alors créé.
* Clique sur ce lien : http://upload.malekal.com/
* Clique sur le bouton parcourir et indique le chemin du fichier zippé.
* Clique enfin sur "envoyer le fichier".

2/ Supprime le fichier c:\Qoobox.zip

3/ * Prière d'imprimer ces instructions, ou de les coller dans un fichier texte pour lecture en mode Sans Échec.

* Télécharge Brute Force Uninstaller (de Merijn) : http://www.merijn.org/files/bfu.zip
* Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU).
* Fais un clic droit ici : http://perso.orange.fr/Chercheur-perso/scripts/toolbar.bfu
et choisis "Enregistrer la cible sous..." afin de télécharger toolbar.bfu (de Chercheur). Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : toolbar.bfu et BFU.exe (très important).
* Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8 ou F5 ; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.
* Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU).
o Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur : toolbar.bfu
o Il faut cocher en plus des réglages par défaut "show log after scrïpt ends"
o Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\toolbar.bfu
o Clique sur Execute et laisse-le faire son travail.
o Attendre que Complete script execution apparaîsse et clique sur OK.
o Clique Exit pour fermer le programme BFU.
* Redémarre normalement.

4/ Télécharge Ccleaner Basic https://www.ccleaner.com/ccleaner/download

Ouvre Ccleaner, clique sur "lancer le nettoyage".

5/ Télécharge AVGantispyware : https://www.avg.com/en-ww/free-antivirus-download
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente.

Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. Ensuite.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

6/ * Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
* Choisis Kaspersky.
* Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
* Réalise un scan complet du système.
* Sauvegarde le rapport en mode texte à l'issue du scan.

7/ Edite le rapport AVGantispyware, le rapport BFU et un rapport Hijackthis.

FillPCA
C'est lancé, je te donnerais les résultats demain soir...
A bientôt
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Pas de problème. Demain, on l'achève.

FillPCA
Rapport AVG Anti-Spyware :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 21:21:39 25/11/2007

+ Résultat de l'analyse:



Rien à signaler.



Fin du rapport
Rapport Kaspersky :

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, November 26, 2007 2:47:14 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/11/2007
Kaspersky Anti-Virus database records: 465550
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan Statistics:
Total number of scanned objects: 84160
Number of viruses found: 5
Number of infected objects: 316
Number of suspicious objects: 0
Duration of the scan process: 02:06:05

Infected Object Name / Virus Name / Last Action
C:\!KillBox\khfdbyw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.atj skipped
C:\!KillBox\khfdbyw.dll( 1) Infected: not-a-virus:AdWare.Win32.Virtumonde.atj skipped
C:\!KillBox\khfdbyw.dll( 2) Infected: not-a-virus:AdWare.Win32.Virtumonde.atj skipped
C:\avenger\backup.zip/avenger/6A.tmp Infected: Email-Worm.Win32.Locksky.bo skipped
C:\avenger\backup.zip/avenger/6C.tmp Infected: Email-Worm.Win32.Locksky.bo skipped
C:\avenger\backup.zip/avenger/6E.tmp Infected: Email-Worm.Win32.Locksky.bo skipped
C:\avenger\backup.zip/avenger/70.tmp Infected: Email-Worm.Win32.Locksky.bo skipped
C:\avenger\backup.zip/avenger/72.tmp Infected: Email-Worm.Win32.Locksky.bo skipped
C:\avenger\backup.zip/avenger/74.tmp Infected: Email-Worm.Win32.Locksky.bo skipped
C:\avenger\backup.zip ZIP: infected - 6 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Gaëtan\.rainlendar2\rainlendar2.log Object is locked skipped
C:\Documents and Settings\Gaëtan\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Gaëtan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Gaëtan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Gaëtan\Local Settings\Application Data\Mozilla\Firefox\Profiles\wa5km24g.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Gaëtan\Local Settings\Application Data\Mozilla\Firefox\Profiles\wa5km24g.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Gaëtan\Local Settings\Application Data\Mozilla\Firefox\Profiles\wa5km24g.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Gaëtan\Local Settings\Application Data\Mozilla\Firefox\Profiles\wa5km24g.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Gaëtan\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Gaëtan\Local Settings\Historique\History.IE5\MSHist012007112520071126\index.dat Object is locked skipped
C:\Documents and Settings\Gaëtan\Local Settings\Temp\Perflib_Perfdata_fb4.dat Object is locked skipped
C:\Documents and Settings\Gaëtan\Local Settings\Temp\~DF1BC2.tmp Object is locked skipped
C:\Documents and Settings\Gaëtan\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Gaëtan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Gaëtan\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Gaëtan\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped
C:\qoobox\Quarantine\C\d.exe.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\opnvmwvi.exe.vir Infected: Trojan-Downloader.Win32.Injecter.ai skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\101.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\103.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\105.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\107.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\109.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\10B.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\10D.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\10F.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\111.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\113.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\115.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\117.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\119.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\11B.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\11D.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\11F.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\121.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\123.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\125.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\127.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\129.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\12B.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\12D.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\12F.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\131.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\76.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\78.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\7A.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\7C.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\7E.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\84.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\89.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\8B.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\8D.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\8F.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\91.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\93.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\95.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\96.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\97.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\99.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\9B.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\9D.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\9F.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\A1.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\A3.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\A5.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\A7.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\A9.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\AB.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\AD.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\AF.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\B1.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\B3.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\B5.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\B7.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\B9.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\BB.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\BD.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\BF.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\C1.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\C3.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\C5.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\C7.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\C9.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\CB.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\CD.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\CF.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\crehcjid.dll.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\D1.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\D3.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\D5.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\D7.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\D9.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\DB.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\DD.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\DF.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\E1.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\E3.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\E5.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\E7.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\E9.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\EB.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ED.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\EF.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\F1.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\F3.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\F5.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\F7.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\F9.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\FB.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\FD.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\FF.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox\Quarantine\catchme2007-11-25_180957.15.zip/khfdbyw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.atj skipped
C:\qoobox\Quarantine\catchme2007-11-25_180957.15.zip ZIP: infected - 1 skipped
C:\qoobox.zip/qoobox/Quarantine/C/d.exe.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/opnvmwvi.exe.vir Infected: Trojan-Downloader.Win32.Injecter.ai skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/101.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/103.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/105.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/107.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/109.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/10B.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/10D.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/10F.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/111.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/113.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/115.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/117.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/119.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/11B.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/11D.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/11F.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/121.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/123.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/125.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/127.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/129.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/12B.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/12D.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/12F.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/131.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/76.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/78.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/7A.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/7C.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/7E.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/84.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/89.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/8B.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/8D.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/8F.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/91.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/93.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/95.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/96.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/97.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/99.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/9B.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/9D.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/9F.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/A1.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/A3.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/A5.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/A7.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/A9.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/AB.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/AD.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/AF.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/B1.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/B3.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/B5.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/B7.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/B9.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/BB.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/BD.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/BF.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/C1.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/C3.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/C5.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/C7.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/C9.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/CB.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/CD.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/CF.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/crehcjid.dll.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/D1.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/D3.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/D5.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/D7.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/D9.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/DB.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/DD.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/DF.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/E1.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/E3.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/E5.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/E7.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/E9.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/EB.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/ED.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/EF.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/F1.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/F3.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/F5.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/F7.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/F9.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/FB.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/FD.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/FF.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\qoobox.zip/qoobox/Quarantine/catchme2007-11-25_180957.15.zip/khfdbyw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.atj skipped
C:\qoobox.zip/qoobox/Quarantine/catchme2007-11-25_180957.15.zip Infected: not-a-virus:AdWare.Win32.Virtumonde.atj skipped
C:\qoobox.zip ZIP: infected - 97 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP744\A0110752.exe/data.rar/keygen.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.atj skipped
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP744\A0110752.exe/data.rar/patch.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP744\A0110752.exe/data.rar/crack.exe Infected: Trojan.Win32.Inject.ks skipped
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP744\A0110752.exe/data.rar Infected: Trojan.Win32.Inject.ks skipped
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP744\A0110752.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP744\A0110753.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP745\A0110761.dll Infected: Email-Worm.Win32.Locksky.bo skipped
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP746\A0110786.dll Infected: Email-Worm.Win32.Locksky.bo skipped
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP750\A0114302.exe Infected: Email-Worm.Win32.Locksky.bo skipped
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP751\A0114418.exe Infected: Trojan-Downloader.Win32.Injecter.ai skipped
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP751\A0114420.dll Infected: Email-Worm.Win32.Locksky.bo skipped
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP751\A0114424.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.atj skipped
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP752\change.log Object is locked skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/d.exe.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/opnvmwvi.exe.vir Infected: Trojan-Downloader.Win32.Injecter.ai skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/101.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/103.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/105.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/107.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/109.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/10B.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/10D.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/10F.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/111.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/113.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/115.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/117.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/119.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/11B.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/11D.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/11F.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/121.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/123.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/125.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/127.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/129.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/12B.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/12D.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/12F.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/131.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/76.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/78.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/7A.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/7C.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/7E.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/84.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/89.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/8B.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/8D.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/8F.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/91.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/93.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/95.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/96.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/97.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/99.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/9B.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/9D.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/9F.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/A1.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/A3.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/A5.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/A7.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/A9.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/AB.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/AD.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/AF.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/B1.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/B3.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/B5.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/B7.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/B9.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/BB.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/BD.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/BF.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/C1.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/C3.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/C5.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/C7.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/C9.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/CB.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/CD.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/CF.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/crehcjid.dll.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/D1.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/D3.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/D5.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/D7.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/D9.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/DB.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/DD.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/DF.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/E1.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/E3.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/E5.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/E7.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/E9.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/EB.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/ED.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/EF.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/F1.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/F3.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/F5.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/F7.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/F9.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/FB.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/FD.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/FF.tmp.vir Infected: Email-Worm.Win32.Locksky.bo skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2007-11-25_180957.15.zip/khfdbyw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.atj skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2007-11-25_180957.15.zip Infected: not-a-virus:AdWare.Win32.Virtumonde.atj skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar Infected: not-a-virus:AdWare.Win32.Virtumonde.atj skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz GZIP: infected - 98 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\STEPH-GAËTAN.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_4ac.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT034ef.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT034f2.TMP Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP752\change.log Object is locked skipped
E:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP752\change.log Object is locked skipped

Scan process completed.
Rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:56:55, on 26/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Wallpaper\Wallpaper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://news.google.com/topstories?hl=fr&gl=FR&ceid=FR:fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] ; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Update 3400C] ; C:\sj652\hpupdate.exe 3400C
O4 - HKLM\..\Run: [InCD] ; C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] ; C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] ; C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rainlendar2] "C:\Program Files\Rainlendar2\Rainlendar2.exe"
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - HKCU\..\Run: [WMPNSCFG] ; C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Diddl_Scr.exe] ; C:\Documents and Settings\Gaëtan\Local Settings\Temporary Internet Files\Content.IE5\E27ODY7W\Diddl_Scr[1].exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] ; "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] ; C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093333169531
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www2.photoweb.fr/telechargement/Photoweb_uploader.cab
O20 - Winlogon Notify: °€€ - °€€ (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Rapport BFU (j'ai omis de le sauvegarder hier soir, je l'ai relancé ce soir) :

BFU v1.10.0
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 19:00:53, on 26/11/2007

Option Unload Explorer: Yes
Failed: DllUnregister C:\Program Files\Mozilla Firefox\plugins\NPND2FN.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Internet Explorer\msimg32.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Need2Find\bar\1.bin\NPND2FN.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Need2Find\bar\2.bin\NPND2FN.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Need2Find\bar\3.bin\NPND2FN.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Need2Find\bar\3.bin\ND2FNBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Need2Find\bar\4.bin\ND2FNBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Need2Find\bar\5.bin\ND2FNBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Need2Find\bar\6.bin\ND2FNBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Need2Find\bar\7.bin\ND2FNBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\INSTAFINK\instafink.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\RXToolBar\RXToolBar.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\RXToolBar\sfcont.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\1.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\2.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\3.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\4.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\5.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\6.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\7.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\8.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\9.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\a.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\b.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\c.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\d.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\e.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\f.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\i.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\l.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\7.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\8.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\9.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\a.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\b.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\c.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\d.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\e.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearchWB\bar\1.bin\NPMYSRWB.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearchWB\bar\2.bin\NPMYSRWB.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Uninstall My Web Search.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\MyTotalSearch\SrchAstt\1.bin\MTSSRCAS.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\MyTotalSearch\SrchAstt\2.bin\MTSSRCAS.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\MyTotalSearch\SrchAstt\3.bin\MTSSRCAS.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\MyTotalSearch\SrchAstt\4.bin\MTSSRCAS.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\MyTotalSearch\SrchAstt\5.bin\MTSSRCAS.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\MyTotalSearch\bar\1.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\MyTotalSearch\bar\5.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\mybar.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\installr\1.bin\myezsetp.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\1.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\2.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\3.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\4.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\5.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\6.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\7.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\8.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\9.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\a.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\b.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\c.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\d.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\srchastt\1.bin\mysrchas.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\srchastt\2.bin\mysrchas.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\srchastt\3.bin\mysrchas.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mywaysa\srchasde\1.bin\desrcas.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mywaysa\srchasde\desrcas.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\1.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\2.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\3.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\4.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\5.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\6.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\7.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\8.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\9.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\10.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\11.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myglobalsearch\bar\1.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myglobalsearch\bar\2.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myglobalsearch\bar\3.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myglobalsearch\bar\4.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\AskTBar\bar\3.bin\ASKTBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\AskTBar\bar\4.bin\ASKTBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\AskTBar\SrchAstt\3.bin\A5SRCHAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\AskTBar\SrchAstt\4.bin\A5SRCHAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\bar\1.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\bar\2.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\bar\3.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\bar\4.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\bar\5.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\bar\i.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\installr\1.bin\s4ezsetp.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\srchastt\1.bin\mysrchas.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\srchastt\2.bin\mysrchas.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\srchastt\3.bin\mysrchas.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\srchastt\4.bin\mysrchas.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\srchastt\5.bin\mysrchas.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.6.1.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.6.2.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.6.4.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.6.4.1\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.7.0.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.7.1.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.7.2.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.7.2.1\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.7.3.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.7.5.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.7.7.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.8.0.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.8.2.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.8.4.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.8.7.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.7.3.0\rb2f.tmp\hbt*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\Bin.7.5.0\HbtWallpaper.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\hbtv\hbtvhelper.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.1.7.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.1.8.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.2.6.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.2.8.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.2.11.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.2.13.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.3.1.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.3.5.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.3.6.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.3.9.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.0.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.2.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.5.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.8.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.9.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.5.0.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.5.1.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.5.3.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.6.1.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.1.7.0\rb24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.1.8.0\rb24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.2.6.0\rb24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.2.8.0\rb24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.2.11.0\rb24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.2.13.0\rb24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.3.1.0\rb24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.3.5.0\rb24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.3.6.0\rb24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.3.9.0\rb24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.0.0\rb24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.2.0\rb24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.5.0\rb24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.8.0\rb24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.9.0\rb24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.5.0.0\rb24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.5.1.0\rb24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.5.3.0\rb24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.6.1.0\rb24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\0.4.0\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\1.0.0\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\1.0.5.0\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\1.0.10.0\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\1.1.1.0\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\1.3.0.0\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShoppingReportBin\2.0.21\ShoppingReport.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\SmartShopper\Bin\1.0.9.0\SmrtShpr.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\smartshopper\bin\2.0.1\smrtshpr.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\shoppingreport\shoppingreport.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\SmartShopper\js.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\smartshopper\shoppingreport.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\SmartShopper\SmartShopper0.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\starware\bin\starware.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\starware305\bin\starware305.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\starware316\bin\starware316.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Starware343\bin\Starware343.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Starware343\bin\Starware347.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Starware354\bin\Starware354.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Starware370\bin\Starware370.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Starware343\bin\Starware390.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\minijuegos\bin\minijuegos.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\starware\bin\dlls\jokester.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\temp\asearchassist.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\accoona\adesktopsearch.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\accoona\asearchassist.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\accoona\atl71.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\accoona\atoolbar.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\accoona\AToolbarCN.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\accoona\atts.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\accoona\mapidll.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\accoona\viewers\AThes.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\gamesbar\oberontb.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\vstoolbar\vstoolbar.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\vsadd-in\vsadd-in.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\8848\mysearch\0.9.4.2\pagerevisor.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\8848\mysearch\0.9.5.0\pagerevisor.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\8848\mysearch\0.9.7.6\pagerevisor.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\8848\mysearch\0.9.8.4\pagerevisor.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\8848\mysearch\pagerevisor.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\downloaded program files\hbinstie.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\Downloaded Program Files\instafin.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\Downloaded Program Files\mwsearch.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\Downloaded Program Files\pagerevisor.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\azentretien.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\cpu.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\iasada.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\zsettings.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\azentretien.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\iacad.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\iasad.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\iasada.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\lmhhmbhe.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\nn_bar*.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\winats*.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\windmy.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\winnb*.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\xcite.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\zolk.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\zolker*.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\ztoolb*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Uninstall Fun Web Products.dll|1 (file not found)
Failed: DllUnregister C:\Documents and Settings\Gaëtan\Bureau\a7find.dll|1 (file not found)
Failed: DllUnregister C:\Documents and Settings\Gaëtan\Bureau\wmeayl32.dll|1 (file not found)
Failed: DllUnregister C:\msearch.dll|1 (file not found)
Failed: FolderDelete C:\Documents and Settings\Gaëtan\Application Data\hbtools (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaëtan\Application Data\hotbar (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaëtan\Application Data\searchtoolbarcorp (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaëtan\Application Data\ShopperReports (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaëtan\Application Data\ShopperReportss (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaëtan\Application Data\SpamBlocker (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaëtan\Application Data\SpamBlockerUtility (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaëtan\Application Data\starware (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaëtan\Application Data\starware305 (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaëtan\Application Data\starware316 (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaëtan\Application Data\starware343 (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaëtan\Application Data\starware347 (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaëtan\Application Data\starware354 (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaëtan\Application Data\starware370 (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaëtan\Application Data\starware390 (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaëtan\Application Data\HbTools_Icons (folder not found)
Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\HbTools_Icons (folder not found)
Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\hbtools (folder not found)
Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\ShopperReports (folder not found)
Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\starware (folder not found)
Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\starware305 (folder not found)
Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\starware316 (folder not found)
Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\starware343 (folder not found)
Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\starware347 (folder not found)
Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\starware354 (folder not found)
Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\starware370 (folder not found)
Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\starware390 (folder not found)
Failed: FolderDelete C:\WINDOWS\system32\shoppingreport (folder not found)
Failed: FolderDelete C:\WINDOWS\system32\SmartShopper (folder not found)
Failed: FolderDelete C:\Program Files\accoona (folder not found)
Failed: FolderDelete C:\Program Files\AskTBar (folder not found)
Failed: FolderDelete C:\Program Files\FunWebProducts (folder not found)
Failed: FolderDelete C:\Program Files\GamesBar (folder not found)
Failed: FolderDelete C:\Program Files\hbinst (folder not found)
Failed: FolderDelete C:\Program Files\hbtools (folder not found)
Failed: FolderDelete C:\Program Files\HbTools_Icons (folder not found)
Failed: FolderDelete C:\Program Files\hotbar (folder not found)
Failed: FolderDelete C:\Program Files\INSTAFIN (folder not found)
Failed: FolderDelete C:\Program Files\INSTAFINK (folder not found)
Failed: FolderDelete C:\Program Files\minijuegos (folder not found)
Failed: FolderDelete C:\Program Files\myglobalsearch (folder not found)
Failed: FolderDelete C:\Program Files\mysearch (folder not found)
Failed: FolderDelete C:\Program Files\MyTotalSearch (folder not found)
Failed: FolderDelete C:\Program Files\myway (folder not found)
Failed: FolderDelete C:\Program Files\mywaysa (folder not found)
Failed: FolderDelete C:\Program Files\MyWebSearch (folder not found)
Failed: FolderDelete C:\Program Files\MyWebSearchWB (folder not found)
Failed: FolderDelete C:\Program Files\Need2Find (folder not found)
Failed: FolderDelete C:\Program Files\rxtoolbar (folder not found)
Failed: FolderDelete C:\Program Files\ShopperReports (folder not found)
Failed: FolderDelete C:\Program Files\ShoppingReport (folder not found)
Failed: FolderDelete C:\Program Files\SmartShopper (folder not found)
Failed: FolderDelete C:\Program Files\SpamBlockerUtility (folder not found)
Failed: FolderDelete C:\Program Files\SpamBlockerUtility_Icons (folder not found)
Failed: FolderDelete C:\Program Files\starware (folder not found)
Failed: FolderDelete C:\Program Files\starware305 (folder not found)
Failed: FolderDelete C:\Program Files\starware316 (folder not found)
Failed: FolderDelete C:\Program Files\starware343 (folder not found)
Failed: FolderDelete C:\Program Files\starware347 (folder not found)
Failed: FolderDelete C:\Program Files\starware354 (folder not found)
Failed: FolderDelete C:\Program Files\starware370 (folder not found)
Failed: FolderDelete C:\Program Files\starware390 (folder not found)
Failed: FolderDelete C:\Program Files\vsadd-in (folder not found)
Failed: FolderDelete C:\Program Files\vstoolbar (folder not found)
Failed: FolderDelete C:\Program Files\YOUCOULDWINTHIS (folder not found)
Failed: FolderDelete C:\Program Files\8848 (folder not found)
Failed: FileDelete C:\DOCUME~1\GATAN~1\LOCALS~1\Temp\~DF8DAE.tmp (operation failed)
Script completed.
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Salut,

Ouvre Hijackthis>"Do a scan only" et coche ceci
:
O20 - Winlogon Notify: °€€ - °€€ (file missing)

Clique sur fix/réparer.

Edite un nouveau rapport Hijackthis.

On passe ensuite à la dernière si tu me dis que ton pc se porte bien.

FillPCA
Salut,
Merci encore pour ton aide, mon PC se porte beaucoup mieux !

Rapport Hijackthis :

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21:56, on 26/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Wallpaper\Wallpaper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://news.google.com/topstories?hl=fr&gl=FR&ceid=FR:fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] ; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Update 3400C] ; C:\sj652\hpupdate.exe 3400C
O4 - HKLM\..\Run: [InCD] ; C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] ; C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] ; C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rainlendar2] "C:\Program Files\Rainlendar2\Rainlendar2.exe"
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - HKCU\..\Run: [WMPNSCFG] ; C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Diddl_Scr.exe] ; C:\Documents and Settings\Gaëtan\Local Settings\Temporary Internet Files\Content.IE5\E27ODY7W\Diddl_Scr[1].exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] ; "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] ; C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093333169531
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www2.photoweb.fr/telechargement/Photoweb_uploader.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Re,

C'est propre.

Supprime ceci :
C:\qoobox.zip
C:\upload_moi_STEPH-GAËTAN.tar.gz


Vide ta corbeille.

Télécharge OTMoveIt (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
* Lance OTmoveIT.
* Clique sur CleanUp! (le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargés).

NOTE : Normalement, ton firewall (parefeu) devrait te demander si OTmoveIT peut accéder à internet, Autorise le.

* Une liste apparaît dans la partie gauche d'OTmoveIT.
* Un message apparaît pour confirmer le nettoyage. Confirme.
* Les fichiers infectés qui se trouvent dans les quarantaines seront supprimés aussi.

Il est fortement recommandé d'avoir tous ses logiciels de sécurité à jour, afin d'éviter les failles par lesquelles s'engouffrent les infections.

Tu peux supprimer tous les logiciels que nous avons utilisés (Avenger, Combofix etc...) qui traitent des infections spécifiques et qui sont mis à jour régulièrement. Il est inutile de les garder sur ton PC. Vide ta corbeille ensuite.
Tu peux par contre, garder AVG Antispyware et CCleaner.

/!\ Maintenant que ton PC n'est plus infecté, désactive puis réactive ta "Restauration du système" afin de créer un point de restauration sain.
Pour désactiver ou activer la Restauration du système, tu dois ouvrir une session Administrateur sous Windows XP.
Désactivation:
Cliquer droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > cocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer et Ok.
Activation:
Suivre le même chemin ; décocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer et Ok. Redémarrer l'ordinateur.

Comment faire pour...(lettre A): https://forum.pcastuces.com/sujet.asp?f=25&s=3902
Pour améliorer la sécurité de ton PC prend quelques instants pour lire:
Sécuriser son PC +WIFI (versions "hot" & "light"): https://forum.pcastuces.com/default.asp

Dénonce ton infection pour faire condamner les auteurs.

Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être les plus nombreux possibles, alors rends compte de ton infection :
- Voir les règles du forum : https://malwarecomplaints.info/
- Après t'être enregistré à l'aide du bouton en haut se nommant "Register"
Si tu as plus de 13 ans, choisir : "I Agree to these terms and am over or exactly 13 years of age"
Si tu as moins, clique sur : "I Agree to these terms and am under 13 years of age"

Tu as alors, sous forme de liste, un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..).

*** Tes infections : Vundo, Email-Worm.Win32.Locksky, Trojan.Win32.Dialer.qn, Trojan.Win32.Inject.ks***
>> https://malwarecomplaints.info/
Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas par quoi tu étais infecté(e), crée un message dans le sujet Autres infections, conforme au règle du forum (âge, ville, département etc..)
Indique aussi le nom du Forum qui t'a aidé : CCM

Tu peux marquer ton sujet comme résolu en cliquant sur le bouton.

Je te conseille enfin de défragmenter ton PC : http://www.coupdepoucepc.com/modules/news/article.php?storyid=218

Bon surf !

FillPCA
Encore merci pour tout !
Je n'y serais certainement pas arrivé sans ton aide...
C'est vraiment très sympa !
Bon surf à toi aussi !
Bye,
Gaëtan
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Salut,

Content d'avoir pu t'être utile. Sois prudent !

FillPCA