Msn vérolé, virus incrusté besoin d'aide svp

bonjour,

merci pour ton aide,
voici le resultat de msnfix

MSNFix 1.701

C:\Documents and Settings\Karine et Romain\Bureau\MSNFix
Fix exécuté le 10/04/2008 - 19:58:59,15 By Karine et Romain
mode normal

************************ Recherche les fichiers présents

Aucun Fichier trouvé

************************ Recherche les dossiers présents

... \TEMP\




************************ Suppression des fichiers



************************ Suppression des dossiers

/!\ ... \TEMP\


************************ Nettoyage du registre



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\ATF-Cleaner.exe] D9DE89F0FAF18019BC9595F0F47BCA61
[C:\CertiNomis.exe] 885AF93F7CF596BB231779463096C9C8

[color=#FF0000][b]==>/b/color SVP merci d'envoyer le fichier [b] C:\DOCUME~1\KARINE~1\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 10042008_20000463.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

et voici hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:02:37, on 10/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\KARINE~1\LOCALS~1\Temp\ICD1.tmp\jinstall.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.aubertphotos.com/Components/Upload/ImageUploader3.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxentelechargement.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

quelqu'un de ce forum m'a déjà donné un bon coup de main, mais il y a quelque chose que je ne comprends pas, c'est que msnfix m'indique "infection présente" et pourtant apparemment je n'ai plus rien ... t'en penses quoi ?

j'ai analysé le premier (C:\ATF-Cleaner.exe) avec virus total, tu peux me dire si c bon ? je t'avoue que je n'y comprends pas grand chose !

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.4.9.0 2008.04.10 -
AntiVir 7.6.0.81 2008.04.10 -
Authentium 4.93.8 2008.04.10 -
Avast 4.8.1169.0 2008.04.09 -
AVG 7.5.0.516 2008.04.09 -
BitDefender 7.2 2008.04.10 -
CAT-QuickHeal 9.50 2008.04.10 -
ClamAV 0.92.1 2008.04.10 -
DrWeb 4.44.0.09170 2008.04.10 -
eSafe 7.0.15.0 2008.04.09 suspicious Trojan/Worm
eTrust-Vet 31.3.5687 2008.04.10 -
Ewido 4.0 2008.04.09 -
F-Prot 4.4.2.54 2008.04.08 -
F-Secure 6.70.13260.0 2008.04.10 -
FileAdvisor 1 2008.04.10 -
Fortinet 3.14.0.0 2008.04.10 -
Ikarus T3.1.1.26 2008.04.10 -
Kaspersky 7.0.0.125 2008.04.10 -
McAfee 5270 2008.04.09 -
Microsoft 1.3408 2008.04.10 -
NOD32v2 3014 2008.04.09 -
Norman 5.80.02 2008.04.09 -
Panda 9.0.0.4 2008.04.10 -
Prevx1 V2 2008.04.10 -
Rising 20.39.22.00 2008.04.10 -
Sophos 4.28.0 2008.04.10 -
Sunbelt 3.0.1032.0 2008.04.08 -
Symantec 10 2008.04.10 -
TheHacker 6.2.92.271 2008.04.10 -
VBA32 3.12.6.4 2008.04.06 -
VirusBuster 4.3.26:9 2008.04.09 -
Webwasher-Gateway 6.6.2 2008.04.10 -
Information additionnelle
File size: 50688 bytes
MD5...: d9de89f0faf18019bc9595f0f47bca61
SHA1..: 7a044dfe1c5e780f3f2b52b3bd066e463a37886e
SHA256: e900d883001ec60353c2e8e1a54e1c5948a11513fffafbd5a28b44c1e319677a
SHA512: 236d2908eb66bf50e4645e9f1d1b6bf8f276d7d3648625c84c5fe1fed5c7a8e6
9383515201a6ba92804f5fa2ee2f63fcb73f32b6932990ab8d43750edcc4768e
PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x44eb90
timedatestamp.....: 0x45d4597b (Thu Feb 15 13:00:43 2007)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x43000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x44000 0xb000 0xae00 7.87 2ee445c9295114c0f7460ea2faf9f9ac
.rsrc 0x4f000 0x2000 0x1400 5.64 ae57805166aa636a1bca8c6d9e8d1c4e

( 2 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> MSVBVM60.DLL: -

( 0 exports )

packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX

et le deuxième (C:\CertiNomis.exe)

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.4.10.2 2008.04.11 -
AntiVir 7.6.0.84 2008.04.11 -
Authentium 4.93.8 2008.04.10 -
Avast 4.8.1169.0 2008.04.10 -
AVG 7.5.0.516 2008.04.10 -
BitDefender 7.2 2008.04.11 -
CAT-QuickHeal 9.50 2008.04.10 -
ClamAV 0.92.1 2008.04.11 -
DrWeb 4.44.0.09170 2008.04.10 -
eSafe 7.0.15.0 2008.04.09 -
eTrust-Vet 31.3.5687 2008.04.10 -
Ewido 4.0 2008.04.10 -
F-Prot 4.4.2.54 2008.04.10 -
F-Secure 6.70.13260.0 2008.04.11 -
FileAdvisor 1 2008.04.11 -
Fortinet 3.14.0.0 2008.04.10 -
Ikarus T3.1.1.26.0 2008.04.11 -
Kaspersky 7.0.0.125 2008.04.11 -
McAfee 5271 2008.04.10 -
Microsoft 1.3408 2008.04.11 -
NOD32v2 3017 2008.04.10 -
Norman 5.80.02 2008.04.10 -
Panda 9.0.0.4 2008.04.10 -
Prevx1 V2 2008.04.11 -
Rising 20.39.32.00 2008.04.10 -
Sophos 4.28.0 2008.04.11 -
Sunbelt 3.0.1032.0 2008.04.08 -
Symantec 10 2008.04.11 -
TheHacker 6.2.92.273 2008.04.11 -
VBA32 3.12.6.4 2008.04.06 -
VirusBuster 4.3.26:9 2008.04.10 -
Webwasher-Gateway 6.6.2 2008.04.11 -
Information additionnelle
File size: 62464 bytes
MD5...: 885af93f7cf596bb231779463096c9c8
SHA1..: bd349fbcd4444f3b48fa582aa8fb3b7da0b2d55a
SHA256: db2f310321ca57020f5659a506880a7d0dcc5c7912f3a9d580c5135c4d7f8afa
SHA512: 1651cd7573c96ad8c1dafde49c647baea5cb55b7d999646bd2a13893cab79d52
d571f5f85e08d77af3a1d38192c0b2bc84c63150fe0c9bc14882cb414458eca9
PEiD..: WinZip 32-bit SFX v8.x module
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x403f8f
timedatestamp.....: 0x3a5b1b81 (Tue Jan 09 14:09:05 2001)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5486 0x5600 6.46 e221bb9839316c17fe5d237cfc21c85a
.rdata 0x7000 0xbd2 0xc00 5.08 f08a945b329e91d2622a9faaad1e057d
.data 0x8000 0x1735 0xe00 6.88 6628371a6e103e0ee540a9901faa8c9f
.rsrc 0xa000 0x508 0x600 3.57 31a59612ef46764ac11858e8811d6739
_winzip_ 0xb000 0x8000 0x7a00 7.95 f9176d07aa63886659bd066247354c2d

( 3 imports )
> USER32.dll: GetWindowRect, SetCursor, EndDialog, DefWindowProcA, GetWindowWord, SetWindowWord, BeginPaint, GetSysColor, GetClientRect, SetRect, EndPaint, RegisterClassA, LoadIconA, OemToCharBuffA, LoadCursorA, GetLastActivePopup, ShowWindow, PostMessageA, EnableWindow, GetTopWindow, DestroyWindow, GetWindowLongA, SetWindowLongA, SetWindowTextA, SetForegroundWindow, SetActiveWindow, CharNextA, SetTimer, GetMessageA, PostQuitMessage, KillTimer, DialogBoxIndirectParamA, GetDlgItemTextA, SendMessageA, GetSystemMetrics, SetWindowPos, PeekMessageA, TranslateMessage, DispatchMessageA, GetParent, SetDlgItemTextA, SendDlgItemMessageA, GetDlgItem, InvalidateRect, UpdateWindow, wsprintfA, MessageBoxA
> KERNEL32.dll: _lopen, WinExec, CreateProcessA, _lclose, GetVolumeInformationA, RtlUnwind, GetCommandLineA, GetModuleHandleA, ExitProcess, FindNextFileA, MoveFileExA, CreateFileA, GetFileSize, CreateFileMappingA, MapViewOfFile, UnmapViewOfFile, CloseHandle, SetFilePointer, SetEndOfFile, RemoveDirectoryA, SetFileAttributesA, DeleteFileA, GetACP, GetModuleFileNameA, SetErrorMode, GetVersion, LoadLibraryA, GetProcAddress, GetLastError, FormatMessageA, FreeLibrary, WaitForSingleObject, GetTickCount, GetWindowsDirectoryA, FindClose, FindFirstFileA, SetCurrentDirectoryA, lstrlenA, CreateDirectoryA, lstrcatA, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, _lcreat, lstrcpyA, LocalAlloc, GetEnvironmentVariableA, OpenFile, _lwrite, _lread, GetDriveTypeA, _llseek, LocalFree, GlobalLock, GlobalAlloc, GlobalFree, GlobalUnlock, GlobalHandle
> GDI32.dll: GetTextExtentPoint32A, SetBkColor, SetTextColor, SetTextAlign, GetBkColor, DeleteObject, ExtTextOutA, CreateDCA, GetDeviceCaps, CreateFontIndirectA, DeleteDC, SelectObject

( 0 exports )

packers (F-Prot): ZIP

Bonjour,

j'ai fait ce que tu m'as demandé, voici les resuletats des analyses sur virus total, je fais le reste de suite.

Fichier CertiNomis.exe reçu le 2008.04.13 19:35:39 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE


Résultat: 0/32 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 5.
L'heure estimée de démarrage est entre 52 et 75 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:


Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.4.12.0 2008.04.11 -
AntiVir 7.6.0.85 2008.04.11 -
Authentium 4.93.8 2008.04.13 -
Avast 4.8.1169.0 2008.04.13 -
AVG 7.5.0.516 2008.04.13 -
BitDefender 7.2 2008.04.13 -
CAT-QuickHeal 9.50 2008.04.12 -
ClamAV 0.92.1 2008.04.13 -
DrWeb 4.44.0.09170 2008.04.13 -
eSafe 7.0.15.0 2008.04.09 -
eTrust-Vet 31.3.5692 2008.04.11 -
Ewido 4.0 2008.04.13 -
F-Prot 4.4.2.54 2008.04.13 -
F-Secure 6.70.13260.0 2008.04.13 -
FileAdvisor 1 2008.04.13 -
Fortinet 3.14.0.0 2008.04.13 -
Ikarus T3.1.1.26.0 2008.04.13 -
Kaspersky 7.0.0.125 2008.04.13 -
McAfee 5272 2008.04.11 -
Microsoft 1.3408 2008.04.13 -
NOD32v2 3021 2008.04.12 -
Norman 5.80.02 2008.04.12 -
Panda 9.0.0.4 2008.04.13 -
Prevx1 V2 2008.04.13 -
Rising 20.39.62.00 2008.04.13 -
Sophos 4.28.0 2008.04.13 -
Sunbelt 3.0.1041.0 2008.04.12 -
Symantec 10 2008.04.13 -
TheHacker 6.2.92.276 2008.04.12 -
VBA32 3.12.6.4 2008.04.13 -
VirusBuster 4.3.26:9 2008.04.13 -
Webwasher-Gateway 6.6.2 2008.04.11 -
Information additionnelle
File size: 62464 bytes
MD5...: 885af93f7cf596bb231779463096c9c8
SHA1..: bd349fbcd4444f3b48fa582aa8fb3b7da0b2d55a
SHA256: db2f310321ca57020f5659a506880a7d0dcc5c7912f3a9d580c5135c4d7f8afa
SHA512: 1651cd7573c96ad8c1dafde49c647baea5cb55b7d999646bd2a13893cab79d52
d571f5f85e08d77af3a1d38192c0b2bc84c63150fe0c9bc14882cb414458eca9
PEiD..: WinZip 32-bit SFX v8.x module
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x403f8f
timedatestamp.....: 0x3a5b1b81 (Tue Jan 09 14:09:05 2001)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5486 0x5600 6.46 e221bb9839316c17fe5d237cfc21c85a
.rdata 0x7000 0xbd2 0xc00 5.08 f08a945b329e91d2622a9faaad1e057d
.data 0x8000 0x1735 0xe00 6.88 6628371a6e103e0ee540a9901faa8c9f
.rsrc 0xa000 0x508 0x600 3.57 31a59612ef46764ac11858e8811d6739
_winzip_ 0xb000 0x8000 0x7a00 7.95 f9176d07aa63886659bd066247354c2d

( 3 imports )
> USER32.dll: GetWindowRect, SetCursor, EndDialog, DefWindowProcA, GetWindowWord, SetWindowWord, BeginPaint, GetSysColor, GetClientRect, SetRect, EndPaint, RegisterClassA, LoadIconA, OemToCharBuffA, LoadCursorA, GetLastActivePopup, ShowWindow, PostMessageA, EnableWindow, GetTopWindow, DestroyWindow, GetWindowLongA, SetWindowLongA, SetWindowTextA, SetForegroundWindow, SetActiveWindow, CharNextA, SetTimer, GetMessageA, PostQuitMessage, KillTimer, DialogBoxIndirectParamA, GetDlgItemTextA, SendMessageA, GetSystemMetrics, SetWindowPos, PeekMessageA, TranslateMessage, DispatchMessageA, GetParent, SetDlgItemTextA, SendDlgItemMessageA, GetDlgItem, InvalidateRect, UpdateWindow, wsprintfA, MessageBoxA
> KERNEL32.dll: _lopen, WinExec, CreateProcessA, _lclose, GetVolumeInformationA, RtlUnwind, GetCommandLineA, GetModuleHandleA, ExitProcess, FindNextFileA, MoveFileExA, CreateFileA, GetFileSize, CreateFileMappingA, MapViewOfFile, UnmapViewOfFile, CloseHandle, SetFilePointer, SetEndOfFile, RemoveDirectoryA, SetFileAttributesA, DeleteFileA, GetACP, GetModuleFileNameA, SetErrorMode, GetVersion, LoadLibraryA, GetProcAddress, GetLastError, FormatMessageA, FreeLibrary, WaitForSingleObject, GetTickCount, GetWindowsDirectoryA, FindClose, FindFirstFileA, SetCurrentDirectoryA, lstrlenA, CreateDirectoryA, lstrcatA, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, _lcreat, lstrcpyA, LocalAlloc, GetEnvironmentVariableA, OpenFile, _lwrite, _lread, GetDriveTypeA, _llseek, LocalFree, GlobalLock, GlobalAlloc, GlobalFree, GlobalUnlock, GlobalHandle
> GDI32.dll: GetTextExtentPoint32A, SetBkColor, SetTextColor, SetTextAlign, GetBkColor, DeleteObject, ExtTextOutA, CreateDCA, GetDeviceCaps, CreateFontIndirectA, DeleteDC, SelectObject

( 0 exports )

packers (F-Prot): ZIP

Bonjour !

voici le rapport :


Malwarebytes' Anti-Malware 1.11
Version de la base de données: 621

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 111175
Temps écoulé: 3 hour(s), 4 minute(s), 49 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\azwbvjr_navps.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\azwbvjr_nav.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.

ok merci beaucoup pour ton aide.
Je voudrais juste comprendre pourquoi msnfix (je l'ai refais ce matin) me dit encore "infection présente", c bizarre non ?

et aussi, que conseilles-tu comme anti virus ?
j'avais avast, on m'a conseillé de le virer, ce que j'ai fait et j'ai mis antivir, ça te paraît un bon choix ?

merci pour ton aide, c sympa.

msn fix me dit encore "infection présente"
voici le rapport :

MSNFix 1.711

C:\Documents and Settings\Karine et Romain\Bureau\MSNFix
Fix exécuté le 26/04/2008 - 19:08:39,44 By Karine et Romain
mode normal

************************ Recherche les fichiers présents

Aucun Fichier trouvé

************************ Recherche les dossiers présents

... \TEMP\




************************ Suppression des fichiers



************************ Suppression des dossiers

/!\ ... \TEMP\


************************ Nettoyage du registre



************************ Fichiers suspects

Aucun Fichier trouvé


Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 26042008_19094347.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

bonsoir

j'ai fait tout ce que tu m'as dis mais j'ai effacé le rapport Toolscleaner par erreur. J'avais tout fait come tu m'avais indiqué, "recherche" puis "supprimer"

Il semblerait que je n'ai plus rien malgré le fait que msnfix m'indique encore et toujours "infection présente"

Qu'en penses-tu ?

Mille mercis pour toute ton aide.

bonsoir;

voici le rapport

ça n'a pas arrêté de me dire "dossier XXX endommagé et illisible, veuillez executer l'utilitaire CHKDSK.

Ca veut dire quoi ???

ComboFix 08-05-01.3 - Karine et Romain 2008-05-03 9:04:46.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.599 [GMT 2:00]
Endroit: C:\Documents and Settings\Karine et Romain\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\pack.epk

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-03 to 2008-05-03 ))))))))))))))))))))))))))))))))))))
.

2008-04-27 09:40 . 2008-04-27 09:40 <REP> d----c--- C:\games
2008-04-27 09:23 . 2008-04-27 09:23 <REP> d----c--- C:\Program Files\ReflexiveArcade
2008-04-27 09:06 . 2008-04-27 09:06 <REP> d----c--- C:\Documents and Settings\Karine et Romain\Saved Games
2008-04-26 19:06 . 2008-04-26 19:06 <REP> d----c--- C:\Documents and Settings\Karine et Romain\Application Data\Big Fish Games
2008-04-21 18:20 . 2008-04-21 18:22 <REP> d----c--- C:\Documents and Settings\Karine et Romain\amsn
2008-04-16 19:33 . 2008-04-16 19:33 <REP> d----c--- C:\Program Files\iTunes
2008-04-16 19:33 . 2008-04-16 19:33 <REP> d----c--- C:\Program Files\iPod
2008-04-16 19:00 . 2008-04-16 19:00 <REP> d----c--- C:\Program Files\SAGEM WiFi manager
2008-04-16 19:00 . 2006-01-18 14:09 31,744 --a--c--- C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2008-04-16 19:00 . 2006-01-18 14:09 29,184 --a--c--- C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2008-04-16 19:00 . 2006-01-18 14:09 20,608 --a--c--- C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-04-16 19:00 . 2006-01-18 14:09 17,664 --a--c--- C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-04-16 18:58 . 2005-12-22 14:45 493,440 --a--c--- C:\WINDOWS\system32\drivers\WlanBZ64.SYS
2008-04-16 18:58 . 2005-12-22 14:45 402,432 --a--c--- C:\WINDOWS\system32\drivers\WlanBZXP.sys
2008-04-13 20:36 . 2008-04-13 20:36 <REP> d----c--- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-13 20:36 . 2008-04-13 20:36 <REP> d----c--- C:\Documents and Settings\Karine et Romain\Application Data\Malwarebytes
2008-04-13 20:36 . 2008-04-13 20:36 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-10 19:58 . 2008-04-10 19:58 <REP> d----c--- C:\Program Files\Avira
2008-04-10 19:58 . 2008-04-10 19:58 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-10 19:57 . 2008-04-10 19:57 17,788,920 --a--c--- C:\Program Files\antivir_workstation_win7u_en_h.exe
2008-04-10 19:41 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-10 19:41 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-10 19:41 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-10 19:41 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-10 19:41 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-10 19:41 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-10 19:41 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-10 19:41 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-10 19:41 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-09 19:20 . 2008-04-09 19:20 <REP> d----c--- C:\Documents and Settings\Karine et Romain\Application Data\Grisoft
2008-04-09 19:19 . 2007-05-30 14:10 10,872 --a--c--- C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-07 00:17 . 2008-04-27 09:21 <REP> d----c--- C:\Program Files\Trend Micro
2008-04-07 00:09 . 2008-04-07 00:45 <REP> d----c--- C:\WINDOWS\BDOSCAN8
2008-04-07 00:00 . 2008-04-27 09:24 <REP> d----c--- C:\WINDOWS\ERUNT
2008-04-06 18:05 . 2008-04-06 18:13 <REP> d----c--- C:\Program Files\RegCleaner

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 07:03 --------- dc----w C:\Program Files\eMule
2008-04-27 07:28 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-27 07:00 --------- dc----w C:\Program Files\MSN Games
2008-04-19 15:31 --------- dc----w C:\Documents and Settings\Karine et Romain\Application Data\MyPhoneExplorer
2008-04-16 17:31 --------- dc----w C:\Program Files\QuickTime
2008-04-16 17:21 --------- dc----w C:\Documents and Settings\Karine et Romain\Application Data\Apple Computer
2008-04-16 17:00 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-04-16 16:53 --------- dc----w C:\Program Files\Apple Software Update
2008-04-10 17:23 --------- dc----w C:\Program Files\Google
2008-04-10 17:07 --------- dc----w C:\Program Files\Java
2008-04-09 17:18 --------- dc----w C:\Program Files\WordBiz
2008-04-09 16:59 --------- dc----w C:\Program Files\Wanadoo
2008-04-06 14:38 --------- dc----w C:\Program Files\a-squared Free
2008-03-30 21:57 --------- dc----w C:\Program Files\Messenger Plus! Live
2008-03-30 21:54 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-30 21:51 --------- dc----w C:\Program Files\Spybot - Search & Destroy
2008-03-30 21:51 --------- dc----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-30 21:50 691,545 -c--a-w C:\WINDOWS\unins000.exe
2008-03-20 08:09 1,845,376 -c--a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 12:58 826,368 -c--a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 -c--a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 -c--a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-01 18:30 278,528 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2008-01-25 13:29 5,597 -c-ha-w C:\Program Files\hpothb07.tif
2008-01-25 13:29 3,354 -c-ha-w C:\Program Files\hpothb07.dat
2007-03-30 12:59 2,442,222 -c--a-w C:\Program Files\eMule047c.exe
2006-11-16 11:17 4,875,864 -c--a-w C:\Program Files\MsgPlusLive-410.exe
2006-11-16 11:16 4,752,968 -c--a-w C:\Program Files\MsgPlus-363.exe
2006-10-20 19:30 8,282,187 -c--a-w C:\Program Files\vlc-0.8.5-win32.exe
2006-10-20 19:26 15,926,792 -c--a-w C:\Program Files\DivXPlay.exe
2006-10-10 23:09 6,652,812 -c--a-w C:\Program Files\sld.codec.pack.2.2.exe
2006-10-10 22:34 18,715,215 -c--a-w C:\Program Files\klcodec277f.exe
2006-10-10 22:25 1,004,139 -c--a-w C:\Program Files\pack_ultime.exe
2006-10-10 22:21 2,919,160 -c--a-w C:\Program Files\WindowsMedia-Q828026-x86-FRA.exe
2006-10-10 22:21 12,814,336 -c--a-w C:\Program Files\mp10setup.exe
2006-10-03 22:22 15,030,904 -c--a-w C:\Program Files\DivXInstaller.exe
2006-09-25 12:14 1,035,090 -c--a-w C:\Program Files\wrar361.exe
2006-09-24 21:38 699,177 -c--a-w C:\Program Files\WordBiz18.exe
2006-09-24 17:41 16,277,288 -c--a-w C:\Program Files\Install_Messenger.exe
2006-09-24 17:33 867,392 -c--a-w C:\Program Files\GoogleToolbarInstaller.exe
2006-09-24 17:27 3,511,538 -c--a-w C:\Program Files\eMule0.47c-Installer.exe
2006-09-24 16:40 12,023,296 -c--a-w C:\Program Files\setupfre.exe
2006-09-24 16:33 5,037,072 -c--a-w C:\Program Files\spybotsd14.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 16:57 5308416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-17 15:07 262401]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 2000 Series.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hp psc 2000 Series.lnk
backup=C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk
backup=C:\WINDOWS\pss\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a--c--- 2007-06-11 11:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2007-03-16 11:45 63712 C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a--c--- 2004-10-28 23:37 88363 C:\WINDOWS\agrsmmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a--c--- 2006-05-10 12:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a--c--- 2005-03-22 21:05 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\azwbvjr]
--a--c--- 2007-03-14 16:57 314368 c:\windows\system32\azwbvjr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a--c--- 2004-08-05 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Diddl_Scr.exe]
C:\Program Files\Diddl Screenmate\Diddl_Scr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a--c--- 2004-08-03 02:05 122939 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3600 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2005-05-11 23:12 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
--a--c--- 2005-06-01 18:35 49152 C:\Program Files\Hewlett-Packard\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--a--c--- 2003-09-06 02:16 184320 C:\Program Files\ltmoh\Ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
C:\Program Files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\messengerskinner]
C:\Program Files\MessengerSkinner\MessengerSkinner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
--a--c--- 2004-11-17 11:56 1077327 C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a--c--- 2004-12-21 10:48 118784 C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a--c--- 2004-08-06 08:27 860160 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a--c--- 2004-07-27 13:48 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahsc--- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\synkib]
c:\windows\system32\synkib.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a--c--- 2004-10-15 00:26 688218 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a--c--- 2004-10-15 00:28 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
--a--c--- 2005-01-14 17:45 352256 C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-09-24 22:53 185784 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
--a--c--- 2003-09-15 17:19 65536 C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
--a--c--- 2005-01-21 11:28 266240 C:\WINDOWS\system32\TPSMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
--a--c--- 2004-11-12 18:57 73728 C:\Program Files\Toshiba\Tvs\TvsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra--c--- 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
C:\PROGRA~1\Wanadoo\Shell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\Wanadoo\GestMaj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~1\Wanadoo\Watch.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphver08.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7561:TCP"= 7561:TCP:EMULE TCP
"7571:UDP"= 7571:UDP:EMULE UDP

R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 14:45]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 13:16]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 13:17]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 13:17]
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-18 00:18]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-16 17:24:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-04-18 11:59:15 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1159185512.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2006-09-24 15:27:39 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2006-09-24 15:27:40 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2006-09-24 15:27:40 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-05-03 07:07:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
"2008-01-22 12:59:07 C:\WINDOWS\Tasks\WebReg 20060925135956.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exeQ/TaskName 20060925135956 /N
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-03 09:08:20
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-03 9:10:03
ComboFix-quarantined-files.txt 2008-05-03 07:09:43

Pre-Run: 32,198,021,120 octets libres
Post-Run: 32,565,080,064 octets libres

259 --- E O F --- 2008-04-10 17:02:15

COUCOU
voici le comboxfix, je te fais le hijackthis de suite



ComboFix 08-05-01.3 - Karine et Romain 2008-05-04 18:16:36.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.616 [GMT 2:00]
Endroit: C:\Documents and Settings\Karine et Romain\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-04 to 2008-05-04 ))))))))))))))))))))))))))))))))))))
.

2008-05-03 09:02 . 2008-05-03 09:02 <REP> d----c--- C:\Program Files\Farm Frenzy
2008-04-27 09:40 . 2008-04-27 09:40 <REP> d----c--- C:\games
2008-04-27 09:23 . 2008-04-27 09:23 <REP> d----c--- C:\Program Files\ReflexiveArcade
2008-04-27 09:06 . 2008-04-27 09:06 <REP> d----c--- C:\Documents and Settings\Karine et Romain\Saved Games
2008-04-26 19:06 . 2008-04-26 19:06 <REP> d----c--- C:\Documents and Settings\Karine et Romain\Application Data\Big Fish Games
2008-04-21 18:20 . 2008-04-21 18:22 <REP> d----c--- C:\Documents and Settings\Karine et Romain\amsn
2008-04-16 19:33 . 2008-04-16 19:33 <REP> d----c--- C:\Program Files\iTunes
2008-04-16 19:33 . 2008-04-16 19:33 <REP> d----c--- C:\Program Files\iPod
2008-04-16 19:00 . 2008-04-16 19:00 <REP> d----c--- C:\Program Files\SAGEM WiFi manager
2008-04-16 19:00 . 2006-01-18 14:09 31,744 --a--c--- C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2008-04-16 19:00 . 2006-01-18 14:09 29,184 --a--c--- C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2008-04-16 19:00 . 2006-01-18 14:09 20,608 --a--c--- C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-04-16 19:00 . 2006-01-18 14:09 17,664 --a--c--- C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-04-16 18:58 . 2005-12-22 14:45 493,440 --a--c--- C:\WINDOWS\system32\drivers\WlanBZ64.SYS
2008-04-16 18:58 . 2005-12-22 14:45 402,432 --a--c--- C:\WINDOWS\system32\drivers\WlanBZXP.sys
2008-04-13 20:36 . 2008-04-13 20:36 <REP> d----c--- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-13 20:36 . 2008-04-13 20:36 <REP> d----c--- C:\Documents and Settings\Karine et Romain\Application Data\Malwarebytes
2008-04-13 20:36 . 2008-04-13 20:36 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-10 19:58 . 2008-04-10 19:58 <REP> d----c--- C:\Program Files\Avira
2008-04-10 19:58 . 2008-04-10 19:58 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-10 19:57 . 2008-04-10 19:57 17,788,920 --a--c--- C:\Program Files\antivir_workstation_win7u_en_h.exe
2008-04-10 19:41 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-10 19:41 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-10 19:41 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-10 19:41 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-10 19:41 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-10 19:41 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-10 19:41 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-10 19:41 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-10 19:41 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-09 19:20 . 2008-04-09 19:20 <REP> d----c--- C:\Documents and Settings\Karine et Romain\Application Data\Grisoft
2008-04-09 19:19 . 2007-05-30 14:10 10,872 --a--c--- C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-07 00:17 . 2008-04-27 09:21 <REP> d----c--- C:\Program Files\Trend Micro
2008-04-07 00:09 . 2008-04-07 00:45 <REP> d----c--- C:\WINDOWS\BDOSCAN8
2008-04-07 00:00 . 2008-04-27 09:24 <REP> d----c--- C:\WINDOWS\ERUNT
2008-04-06 18:05 . 2008-04-06 18:13 <REP> d----c--- C:\Program Files\RegCleaner

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 07:03 --------- dc----w C:\Program Files\eMule
2008-04-27 07:28 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-27 07:00 --------- dc----w C:\Program Files\MSN Games
2008-04-19 15:31 --------- dc----w C:\Documents and Settings\Karine et Romain\Application Data\MyPhoneExplorer
2008-04-16 17:31 --------- dc----w C:\Program Files\QuickTime
2008-04-16 17:21 --------- dc----w C:\Documents and Settings\Karine et Romain\Application Data\Apple Computer
2008-04-16 17:00 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-04-16 16:53 --------- dc----w C:\Program Files\Apple Software Update
2008-04-10 17:23 --------- dc----w C:\Program Files\Google
2008-04-10 17:07 --------- dc----w C:\Program Files\Java
2008-04-09 17:18 --------- dc----w C:\Program Files\WordBiz
2008-04-09 16:59 --------- dc----w C:\Program Files\Wanadoo
2008-04-06 14:38 --------- dc----w C:\Program Files\a-squared Free
2008-03-30 21:57 --------- dc----w C:\Program Files\Messenger Plus! Live
2008-03-30 21:54 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-30 21:51 --------- dc----w C:\Program Files\Spybot - Search & Destroy
2008-03-30 21:51 --------- dc----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-30 21:50 691,545 -c--a-w C:\WINDOWS\unins000.exe
2008-03-20 08:09 1,845,376 -c--a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 12:58 826,368 -c--a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 -c--a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 -c--a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-01 18:30 278,528 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2008-01-25 13:29 5,597 -c-ha-w C:\Program Files\hpothb07.tif
2008-01-25 13:29 3,354 -c-ha-w C:\Program Files\hpothb07.dat
2007-03-30 12:59 2,442,222 -c--a-w C:\Program Files\eMule047c.exe
2006-11-16 11:17 4,875,864 -c--a-w C:\Program Files\MsgPlusLive-410.exe
2006-11-16 11:16 4,752,968 -c--a-w C:\Program Files\MsgPlus-363.exe
2006-10-20 19:30 8,282,187 -c--a-w C:\Program Files\vlc-0.8.5-win32.exe
2006-10-20 19:26 15,926,792 -c--a-w C:\Program Files\DivXPlay.exe
2006-10-10 23:09 6,652,812 -c--a-w C:\Program Files\sld.codec.pack.2.2.exe
2006-10-10 22:34 18,715,215 -c--a-w C:\Program Files\klcodec277f.exe
2006-10-10 22:25 1,004,139 -c--a-w C:\Program Files\pack_ultime.exe
2006-10-10 22:21 2,919,160 -c--a-w C:\Program Files\WindowsMedia-Q828026-x86-FRA.exe
2006-10-10 22:21 12,814,336 -c--a-w C:\Program Files\mp10setup.exe
2006-10-03 22:22 15,030,904 -c--a-w C:\Program Files\DivXInstaller.exe
2006-09-25 12:14 1,035,090 -c--a-w C:\Program Files\wrar361.exe
2006-09-24 21:38 699,177 -c--a-w C:\Program Files\WordBiz18.exe
2006-09-24 17:41 16,277,288 -c--a-w C:\Program Files\Install_Messenger.exe
2006-09-24 17:33 867,392 -c--a-w C:\Program Files\GoogleToolbarInstaller.exe
2006-09-24 17:27 3,511,538 -c--a-w C:\Program Files\eMule0.47c-Installer.exe
2006-09-24 16:40 12,023,296 -c--a-w C:\Program Files\setupfre.exe
2006-09-24 16:33 5,037,072 -c--a-w C:\Program Files\spybotsd14.exe
.

((((((((((((((((((((((((((((( snapshot@2008-05-03_ 9.09.31.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-03 07:03:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-03 07:02:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 16:57 5308416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-17 15:07 262401]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 2000 Series.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hp psc 2000 Series.lnk
backup=C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk
backup=C:\WINDOWS\pss\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a--c--- 2007-06-11 11:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2007-03-16 11:45 63712 C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a--c--- 2004-10-28 23:37 88363 C:\WINDOWS\agrsmmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a--c--- 2006-05-10 12:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a--c--- 2005-03-22 21:05 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\azwbvjr]
--a--c--- 2007-03-14 16:57 314368 c:\windows\system32\azwbvjr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a--c--- 2004-08-05 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Diddl_Scr.exe]
C:\Program Files\Diddl Screenmate\Diddl_Scr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a--c--- 2004-08-03 02:05 122939 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3600 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2005-05-11 23:12 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
--a--c--- 2005-06-01 18:35 49152 C:\Program Files\Hewlett-Packard\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--a--c--- 2003-09-06 02:16 184320 C:\Program Files\ltmoh\Ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
C:\Program Files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\messengerskinner]
C:\Program Files\MessengerSkinner\MessengerSkinner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
--a--c--- 2004-11-17 11:56 1077327 C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a--c--- 2004-12-21 10:48 118784 C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a--c--- 2004-08-06 08:27 860160 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a--c--- 2004-07-27 13:48 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahsc--- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\synkib]
c:\windows\system32\synkib.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a--c--- 2004-10-15 00:26 688218 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a--c--- 2004-10-15 00:28 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
--a--c--- 2005-01-14 17:45 352256 C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-09-24 22:53 185784 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
--a--c--- 2003-09-15 17:19 65536 C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
--a--c--- 2005-01-21 11:28 266240 C:\WINDOWS\system32\TPSMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
--a--c--- 2004-11-12 18:57 73728 C:\Program Files\Toshiba\Tvs\TvsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra--c--- 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
C:\PROGRA~1\Wanadoo\Shell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\Wanadoo\GestMaj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~1\Wanadoo\Watch.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphver08.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7561:TCP"= 7561:TCP:EMULE TCP
"7571:UDP"= 7571:UDP:EMULE UDP

R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 14:45]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 13:16]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 13:17]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 13:17]
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-18 00:18]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-16 17:24:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-04-18 11:59:15 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1159185512.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2006-09-24 15:27:39 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2006-09-24 15:27:40 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2006-09-24 15:27:40 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-05-04 16:17:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
"2008-01-22 12:59:07 C:\WINDOWS\Tasks\WebReg 20060925135956.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exeQ/TaskName 20060925135956 /N
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 18:19:14
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-04 18:20:57
ComboFix-quarantined-files.txt 2008-05-04 16:20:28
ComboFix2.txt 2008-05-03 07:10:04

Pre-Run: 33,074,147,328 octets libres
Post-Run: 33,150,799,872 octets libres

259 --- E O F --- 2008-04-10 17:02:15

Voilà :


Fichier userinit.exe reçu le 2008.05.06 19:25:18 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE


Résultat: 0/31 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 6.
L'heure estimée de démarrage est entre 58 et 83 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:


Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.5.3.0 2008.05.06 -
AntiVir 7.8.0.11 2008.05.06 -
Authentium 4.93.8 2008.05.06 -
Avast 4.8.1169.0 2008.05.05 -
AVG 7.5.0.516 2008.05.06 -
BitDefender 7.2 2008.05.06 -
CAT-QuickHeal 9.50 2008.05.06 -
ClamAV 0.92.1 2008.05.06 -
DrWeb 4.44.0.09170 2008.05.06 -
eSafe 7.0.15.0 2008.05.06 -
eTrust-Vet 31.3.5763 2008.05.06 -
Ewido 4.0 2008.05.06 -
F-Prot 4.4.2.54 2008.05.05 -
F-Secure 6.70.13260.0 2008.05.06 -
Fortinet 3.14.0.0 2008.05.06 -
Ikarus T3.1.1.26.0 2008.05.06 -
Kaspersky 7.0.0.125 2008.05.06 -
McAfee 5289 2008.05.06 -
Microsoft 1.3408 2008.05.06 -
NOD32v2 3079 2008.05.06 -
Norman 5.80.02 2008.05.06 -
Panda 9.0.0.4 2008.05.06 -
Prevx1 V2 2008.05.06 -
Rising 20.43.12.00 2008.05.06 -
Sophos 4.29.0 2008.05.06 -
Sunbelt 3.0.1097.0 2008.05.06 -
Symantec 10 2008.05.06 -
TheHacker 6.2.92.300 2008.05.03 -
VBA32 3.12.6.5 2008.05.06 -
VirusBuster 4.3.26:9 2008.05.06 -
Webwasher-Gateway 6.6.2 2008.05.06 -
Information additionnelle
File size: 25088 bytes
MD5...: d6d65ea32b190401b57edb6706f29669
SHA1..: 273ea1a839056c60444238b248213ce6c94d1c3f
SHA256: bf8cb19c5ce66d4cf7d410ea3824d082888cefa21b59c1e8fc509b2098afef27
SHA512: 66b0335682c84fad3c3792725565d6ec695c7709b13607b38208f21bad12593c
520ca0aed2377e5758b7b9ed2853973d50c56ece608a9079166ab84c50327494
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10050e5
timedatestamp.....: 0x41107b78 (Wed Aug 04 06:00:24 2004)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4db8 0x4e00 6.01 28bb30acf8de6ab97244272748e6d31f
.data 0x6000 0x14c 0x200 1.86 cbb599f9267bf53209039d14a3574eb1
.rsrc 0x7000 0xd74 0xe00 3.62 fb3de6f4736007e3cd67ad42d5ed9eda

( 7 imports )
> USER32.dll: CreateWindowExW, DestroyWindow, RegisterClassExW, DefWindowProcW, LoadRemoteFonts, wsprintfW, GetSystemMetrics, GetKeyboardLayout, SystemParametersInfoW, GetDesktopWindow, LoadStringW, MessageBoxW, ExitWindowsEx, CharNextW
> ADVAPI32.dll: RegOpenKeyExA, ReportEventW, RegisterEventSourceW, DeregisterEventSource, OpenProcessToken, RegCreateKeyExW, RegSetValueExW, GetUserNameW, RegQueryValueExW, RegOpenKeyExW, RegQueryInfoKeyW, RegCloseKey, RegQueryValueExA
> CRYPT32.dll: CryptProtectData
> WINSPOOL.DRV: SpoolerInit
> ntdll.dll: RtlLengthSid, RtlCopySid, _itow, RtlFreeUnicodeString, DbgPrint, wcslen, wcscpy, wcscat, wcscmp, RtlInitUnicodeString, NtOpenKey, NtClose, _wcsicmp, memmove, NtQueryInformationToken, RtlConvertSidToUnicodeString
> msvcrt.dll: _controlfp, _except_handler3, __set_app_type, __p__fmode, __p__commode, __setusermatherr, __getmainargs, _acmdln, exit, _cexit, _XcptFilter, _exit, _c_exit, _initterm, _adjust_fdiv
> KERNEL32.dll: GetVersionExW, LocalFree, LocalAlloc, GetEnvironmentVariableW, SetEnvironmentVariableW, lstrlenW, lstrcpyW, FreeLibrary, GetProcAddress, LoadLibraryW, CompareFileTime, CloseHandle, lstrcatW, WaitForSingleObject, DelayLoadFailureHook, GetStartupInfoA, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LoadLibraryA, InterlockedCompareExchange, LocalReAlloc, GetSystemTime, lstrcmpW, GetCurrentThread, SetThreadPriority, CreateThread, GetFileAttributesExW, GetSystemDirectoryW, SetCurrentDirectoryW, FormatMessageW, lstrcmpiW, GetCurrentProcess, GetUserDefaultLangID, GetCurrentProcessId, ExpandEnvironmentStringsW, SetEvent, OpenEventW, Sleep, GetLastError, SearchPathW, CreateProcessW

( 0 exports )

Bonjour

j'ai fait ce que tu m'as dit (pour faire le CFScript.txt j'ai ouvert le bloc note que j'ai renommé et copier/coller dedans les éléments en gras puis j'ai glissé le dossier sur combofix, c'était bien ça ???)


voici le rapport



ComboFix 08-05-01.3 - Karine et Romain 2008-05-07 18:26:20.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.628 [GMT 2:00]
Endroit: C:\Documents and Settings\Karine et Romain\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Karine et Romain\Bureau\CFScript.txt.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Karine et Romain\amsn
C:\Documents and Settings\Karine et Romain\amsn\abook.xml
C:\Documents and Settings\Karine et Romain\amsn\config.xml
C:\Documents and Settings\Karine et Romain\amsn\displaypic\cache\25834677f684d4c6746464a58695f623f2159475b4f41314366437d3.dat
C:\Documents and Settings\Karine et Romain\amsn\displaypic\cache\25834677f684d4c6746464a58695f623f2159475b4f41314366437d3.png
C:\Documents and Settings\Karine et Romain\amsn\displaypic\cache\27e6963625c4d474142395e613f4d6d4a71525f6446657e6570754d3.dat
C:\Documents and Settings\Karine et Romain\amsn\displaypic\cache\27e6963625c4d474142395e613f4d6d4a71525f6446657e6570754d3.png
C:\Documents and Settings\Karine et Romain\amsn\displaypic\cache\4765179717758714d66324f65397759324636597968644f684f243d3.dat
C:\Documents and Settings\Karine et Romain\amsn\displaypic\cache\4765179717758714d66324f65397759324636597968644f684f243d3.png
C:\Documents and Settings\Karine et Romain\amsn\displaypic\cache\6387275663b495531363a475151766179426239556735454767754d3.dat
C:\Documents and Settings\Karine et Romain\amsn\displaypic\cache\6387275663b495531363a475151766179426239556735454767754d3.png
C:\Documents and Settings\Karine et Romain\amsn\displaypic\cache\65f47503d463e644c4576656b2f40313e6738395f4368556e62577d3.dat
C:\Documents and Settings\Karine et Romain\amsn\displaypic\cache\65f47503d463e644c4576656b2f40313e6738395f4368556e62577d3.png
C:\Documents and Settings\Karine et Romain\amsn\displaypic\cache\831394a4737477539514876334e64375e467c46495847366662415d3.dat
C:\Documents and Settings\Karine et Romain\amsn\displaypic\cache\831394a4737477539514876334e64375e467c46495847366662415d3.png
C:\Documents and Settings\Karine et Romain\amsn\displaypic\cache\94554336a417e4b286036476d674e6775405649767e4f2e6367754d3.dat
C:\Documents and Settings\Karine et Romain\amsn\displaypic\cache\94554336a417e4b286036476d674e6775405649767e4f2e6367754d3.png
C:\Documents and Settings\Karine et Romain\amsn\displaypic\cache\a67763a5930573c4a59403e673a7756525d447d44416a42586b437d3.dat
C:\Documents and Settings\Karine et Romain\amsn\displaypic\cache\a67763a5930573c4a59403e673a7756525d447d44416a42586b437d3.png
C:\Documents and Settings\Karine et Romain\amsn\gconfig.xml
C:\Documents and Settings\Karine et Romain\amsn\langlist.xml
C:\Documents and Settings\Karine et Romain\amsn\profiles
C:\Documents and Settings\Karine et Romain\amsn\states.xml
C:\Documents and Settings\Karine et Romain\Application Data\Big Fish Games
C:\Documents and Settings\Karine et Romain\Application Data\Big Fish Games\Azada\azada.txt
C:\Documents and Settings\Karine et Romain\Application Data\Big Fish Games\Azada\joueur.gam
C:\Documents and Settings\Karine et Romain\Application Data\Big Fish Games\Azada\options.ini
C:\Documents and Settings\Karine et Romain\Application Data\Big Fish Games\Azada\player.gam
C:\Documents and Settings\Karine et Romain\Application Data\Big Fish Games\Azada\players.dat
C:\Documents and Settings\Karine et Romain\Saved Games
C:\Documents and Settings\Karine et Romain\Saved Games\Oberon Games\Dream Day First Home\ddfh.save
C:\games
C:\games\Azada\-TAC-CM.nfo
C:\games\Azada\Azada.exe
C:\games\Azada\Basilisk.dll
C:\games\Azada\channel.gpk
C:\games\Azada\data.gpk
C:\games\Azada\j2k-codec.dll
C:\games\Azada\local\-TAC-CM.nfo
C:\games\Azada\local\options.ini
C:\games\Azada\pics\60x40.jpg
C:\games\Azada\pics\80x80.jpg
C:\games\Azada\pics\azada notei.jpg
C:\games\Azada\pics\feature.jpg
C:\games\Azada\SDL.dll
C:\games\Azada\SDL_image.dll
C:\Program Files\Farm Frenzy
C:\Program Files\Farm Frenzy\Data\data.pack
C:\Program Files\Farm Frenzy\Data\en.pack
C:\Program Files\Farm Frenzy\Data\profiles\ninou
C:\Program Files\Farm Frenzy\Data\sys\settings.xml
C:\Program Files\Farm Frenzy\farm.exe
C:\Program Files\Farm Frenzy\JNGLoad.dll
C:\Program Files\Farm Frenzy\Squall.dll
C:\Program Files\Farm Frenzy\Uninstal.exe
C:\Program Files\Messenger Plus! Live
C:\Program Files\Messenger Plus! Live\Detoured.dll
C:\Program Files\Messenger Plus! Live\Events Style Sheet.xsl
C:\Program Files\Messenger Plus! Live\lame_enc.dll
C:\Program Files\Messenger Plus! Live\Languages\Lng_Arabic.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_ChineseSimplified.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_ChineseTraditional.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Danish.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Default.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Dutch.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Estonian.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Finnish.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_French.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_German.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Hebrew.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Hungarian.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Italian.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Japanese.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Korean.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Norwegian.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Portuguese.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Spanish.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Swedish.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Thai.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Turkish.ini
C:\Program Files\Messenger Plus! Live\libsndfile.dll
C:\Program Files\Messenger Plus! Live\Log Viewer.exe
C:\Program Files\Messenger Plus! Live\MPScripts.dll
C:\Program Files\Messenger Plus! Live\MPSkins.dll
C:\Program Files\Messenger Plus! Live\MPTools.exe
C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
C:\Program Files\Messenger Plus! Live\MsgPlusLiveRes.dll
C:\Program Files\Messenger Plus! Live\MsgPlusLoader.dll
C:\Program Files\Messenger Plus! Live\Uninstall.exe
C:\Program Files\MsgPlus-363.exe\
C:\Program Files\MsgPlusLive-410.exe\
C:\Program Files\ReflexiveArcade
C:\Program Files\ReflexiveArcade\Channels\4381\Channel.dat

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-07 to 2008-05-07 ))))))))))))))))))))))))))))))))))))
.

2008-05-07 19:00 . 2008-05-07 19:00 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn
2008-05-07 19:00 . 2008-05-07 19:00 1,409 --a--c--- C:\WINDOWS\QTFont.for
2008-04-16 19:33 . 2008-04-16 19:33 <REP> d----c--- C:\Program Files\iTunes
2008-04-16 19:33 . 2008-04-16 19:33 <REP> d----c--- C:\Program Files\iPod
2008-04-16 19:00 . 2008-04-16 19:00 <REP> d----c--- C:\Program Files\SAGEM WiFi manager
2008-04-16 19:00 . 2006-01-18 14:09 31,744 --a--c--- C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2008-04-16 19:00 . 2006-01-18 14:09 29,184 --a--c--- C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2008-04-16 19:00 . 2006-01-18 14:09 20,608 --a--c--- C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-04-16 19:00 . 2006-01-18 14:09 17,664 --a--c--- C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-04-16 18:58 . 2005-12-22 14:45 493,440 --a--c--- C:\WINDOWS\system32\drivers\WlanBZ64.SYS
2008-04-16 18:58 . 2005-12-22 14:45 402,432 --a--c--- C:\WINDOWS\system32\drivers\WlanBZXP.sys
2008-04-13 20:36 . 2008-04-13 20:36 <REP> d----c--- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-13 20:36 . 2008-04-13 20:36 <REP> d----c--- C:\Documents and Settings\Karine et Romain\Application Data\Malwarebytes
2008-04-13 20:36 . 2008-04-13 20:36 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-10 19:58 . 2008-04-10 19:58 <REP> d----c--- C:\Program Files\Avira
2008-04-10 19:58 . 2008-04-10 19:58 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-10 19:57 . 2008-04-10 19:57 17,788,920 --a--c--- C:\Program Files\antivir_workstation_win7u_en_h.exe
2008-04-10 19:41 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-10 19:41 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-10 19:41 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-10 19:41 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-10 19:41 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-10 19:41 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-10 19:41 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-10 19:41 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-10 19:41 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-09 19:20 . 2008-04-09 19:20 <REP> d----c--- C:\Documents and Settings\Karine et Romain\Application Data\Grisoft
2008-04-09 19:19 . 2007-05-30 14:10 10,872 --a--c--- C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-07 00:17 . 2008-05-04 18:30 <REP> d----c--- C:\Program Files\Trend Micro
2008-04-07 00:09 . 2008-04-07 00:45 <REP> d----c--- C:\WINDOWS\BDOSCAN8
2008-04-07 00:00 . 2008-04-27 09:24 <REP> d----c--- C:\WINDOWS\ERUNT

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-07 16:49 --------- dc----w C:\Documents and Settings\Karine et Romain\Application Data\AdobeUM
2008-05-07 16:16 --------- dc----w C:\Program Files\eMule
2008-04-27 07:28 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-27 07:00 --------- dc----w C:\Program Files\MSN Games
2008-04-19 15:31 --------- dc----w C:\Documents and Settings\Karine et Romain\Application Data\MyPhoneExplorer
2008-04-16 17:31 --------- dc----w C:\Program Files\QuickTime
2008-04-16 17:21 --------- dc----w C:\Documents and Settings\Karine et Romain\Application Data\Apple Computer
2008-04-16 17:00 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-04-16 16:53 --------- dc----w C:\Program Files\Apple Software Update
2008-04-10 17:23 --------- dc----w C:\Program Files\Google
2008-04-10 17:07 --------- dc----w C:\Program Files\Java
2008-04-09 17:18 --------- dc----w C:\Program Files\WordBiz
2008-04-09 16:59 --------- dc----w C:\Program Files\Wanadoo
2008-04-06 16:13 --------- dc----w C:\Program Files\RegCleaner
2008-04-06 14:38 --------- dc----w C:\Program Files\a-squared Free
2008-03-30 21:54 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-30 21:51 --------- dc----w C:\Program Files\Spybot - Search & Destroy
2008-03-30 21:51 --------- dc----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-30 21:50 691,545 -c--a-w C:\WINDOWS\unins000.exe
2008-03-20 08:09 1,845,376 -c--a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 12:58 826,368 -c--a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 -c--a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 -c--a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-01 18:30 278,528 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2008-01-25 13:29 5,597 -c-ha-w C:\Program Files\hpothb07.tif
2008-01-25 13:29 3,354 -c-ha-w C:\Program Files\hpothb07.dat
2007-03-30 12:59 2,442,222 -c--a-w C:\Program Files\eMule047c.exe
2006-11-16 11:17 4,875,864 -c--a-w C:\Program Files\MsgPlusLive-410.exe
2006-11-16 11:16 4,752,968 -c--a-w C:\Program Files\MsgPlus-363.exe
2006-10-20 19:30 8,282,187 -c--a-w C:\Program Files\vlc-0.8.5-win32.exe
2006-10-20 19:26 15,926,792 -c--a-w C:\Program Files\DivXPlay.exe
2006-10-10 23:09 6,652,812 -c--a-w C:\Program Files\sld.codec.pack.2.2.exe
2006-10-10 22:34 18,715,215 -c--a-w C:\Program Files\klcodec277f.exe
2006-10-10 22:25 1,004,139 -c--a-w C:\Program Files\pack_ultime.exe
2006-10-10 22:21 2,919,160 -c--a-w C:\Program Files\WindowsMedia-Q828026-x86-FRA.exe
2006-10-10 22:21 12,814,336 -c--a-w C:\Program Files\mp10setup.exe
2006-10-03 22:22 15,030,904 -c--a-w C:\Program Files\DivXInstaller.exe
2006-09-25 12:14 1,035,090 -c--a-w C:\Program Files\wrar361.exe
2006-09-24 21:38 699,177 -c--a-w C:\Program Files\WordBiz18.exe
2006-09-24 17:41 16,277,288 -c--a-w C:\Program Files\Install_Messenger.exe
2006-09-24 17:33 867,392 -c--a-w C:\Program Files\GoogleToolbarInstaller.exe
2006-09-24 17:27 3,511,538 -c--a-w C:\Program Files\eMule0.47c-Installer.exe
2006-09-24 16:40 12,023,296 -c--a-w C:\Program Files\setupfre.exe
2006-09-24 16:33 5,037,072 -c--a-w C:\Program Files\spybotsd14.exe
.

((((((((((((((((((((((((((((( snapshot@2008-05-03_ 9.09.31.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-03 07:03:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-07 16:15:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 16:57 5308416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-17 15:07 262401]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"ATIPTA"="C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" [2005-03-22 21:05 339968]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-09-24 22:53 185784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 2000 Series.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hp psc 2000 Series.lnk
backup=C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk
backup=C:\WINDOWS\pss\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a--c--- 2007-06-11 11:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2007-03-16 11:45 63712 C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a--c--- 2004-10-28 23:37 88363 C:\WINDOWS\agrsmmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a--c--- 2006-05-10 12:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a--c--- 2005-03-22 21:05 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\azwbvjr]
--a--c--- 2007-03-14 16:57 314368 c:\windows\system32\azwbvjr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a--c--- 2004-08-05 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Diddl_Scr.exe]
C:\Program Files\Diddl Screenmate\Diddl_Scr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a--c--- 2004-08-03 02:05 122939 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3600 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2005-05-11 23:12 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
--a--c--- 2005-06-01 18:35 49152 C:\Program Files\Hewlett-Packard\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--a--c--- 2003-09-06 02:16 184320 C:\Program Files\ltmoh\Ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
C:\Program Files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\messengerskinner]
C:\Program Files\MessengerSkinner\MessengerSkinner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
--a--c--- 2004-11-17 11:56 1077327 C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a--c--- 2004-12-21 10:48 118784 C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a--c--- 2004-08-06 08:27 860160 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a--c--- 2004-07-27 13:48 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahsc--- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\synkib]
c:\windows\system32\synkib.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a--c--- 2004-10-15 00:26 688218 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a--c--- 2004-10-15 00:28 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
--a--c--- 2005-01-14 17:45 352256 C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-09-24 22:53 185784 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
--a--c--- 2003-09-15 17:19 65536 C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
--a--c--- 2005-01-21 11:28 266240 C:\WINDOWS\system32\TPSMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
--a--c--- 2004-11-12 18:57 73728 C:\Program Files\Toshiba\Tvs\TvsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra--c--- 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
C:\PROGRA~1\Wanadoo\Shell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\Wanadoo\GestMaj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~1\Wanadoo\Watch.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphver08.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7561:TCP"= 7561:TCP:EMULE TCP
"7571:UDP"= 7571:UDP:EMULE UDP

R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 14:45]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 13:16]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 13:17]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 13:17]
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-18 00:18]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-16 17:24:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-04-18 11:59:15 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1159185512.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2006-09-24 15:27:39 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2006-09-24 15:27:40 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2006-09-24 15:27:40 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-05-07 16:27:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
"2008-01-22 12:59:07 C:\WINDOWS\Tasks\WebReg 20060925135956.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exeQ/TaskName 20060925135956 /N
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-07 18:27:17
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-07 18:28:47
ComboFix-quarantined-files.txt 2008-05-07 16:28:15
ComboFix2.txt 2008-05-07 16:22:43
ComboFix3.txt 2008-05-04 16:20:57
ComboFix4.txt 2008-05-03 07:10:04

Pre-Run: 33,097,510,912 octets libres
Post-Run: 33,059,983,360 octets libres

357 --- E O F --- 2008-04-10 17:02:15

SALUT

VOICI LE RAPPORT


-----------------------[ Lop S&D 4.2.0-7 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Karine et Romain ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 08/05/2008 | 9:45:46,73 ] [ PC : NINOU ]
[ MAJ : 06-05-2008 | 21:45 ]

-------------[ Listing des dossiers dans Application Data ]------------

[10/04/2008|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\addr_file.html
[16/06/2007|10:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[30/12/2007|14:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[26/12/2006|12:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[10/04/2008|19:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[24/01/2005|14:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[10/04/2008|19:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[30/03/2008|23:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[25/09/2006|13:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[25/09/2006|13:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
[13/04/2008|20:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[20/12/2007|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[27/04/2008|09:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[16/02/2008|22:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
[26/12/2006|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[24/01/2005|13:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[30/03/2008|23:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[24/09/2006|18:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[27/04/2008|09:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[11/10/2006|00:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[26/12/2006|13:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[04/10/2006|00:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[18/12/2007|13:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[08/03/2007|17:14] C:\DOCUME~1\APPLIC~1\APPLIC~1\Microsoft

[28/01/2005|11:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[28/01/2005|11:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\AdobeUM
[24/01/2005|14:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[24/01/2005|14:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[25/01/2005|13:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[25/01/2005|14:18] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
[25/01/2005|14:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[25/01/2005|13:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\toshiba

[16/02/2008|22:00] C:\DOCUME~1\KARINE~1\APPLIC~1\Adobe
[07/05/2008|18:49] C:\DOCUME~1\KARINE~1\APPLIC~1\AdobeUM
[16/04/2008|19:21] C:\DOCUME~1\KARINE~1\APPLIC~1\Apple Computer
[16/11/2006|13:02] C:\DOCUME~1\KARINE~1\APPLIC~1\ATI
[24/01/2005|14:32] C:\DOCUME~1\KARINE~1\APPLIC~1\desktop.ini
[20/10/2006|21:03] C:\DOCUME~1\KARINE~1\APPLIC~1\DivX
[25/09/2006|14:00] C:\DOCUME~1\KARINE~1\APPLIC~1\GdiplusUpgrade_MSIApproach_Wrapper.log
[25/03/2007|12:14] C:\DOCUME~1\KARINE~1\APPLIC~1\Google
[09/04/2008|19:20] C:\DOCUME~1\KARINE~1\APPLIC~1\Grisoft
[23/10/2006|22:12] C:\DOCUME~1\KARINE~1\APPLIC~1\Help
[25/09/2006|13:59] C:\DOCUME~1\KARINE~1\APPLIC~1\Hewlett-Packard
[25/09/2006|13:55] C:\DOCUME~1\KARINE~1\APPLIC~1\HP
[24/01/2005|14:27] C:\DOCUME~1\KARINE~1\APPLIC~1\Identities
[29/11/2006|15:00] C:\DOCUME~1\KARINE~1\APPLIC~1\Image Zone Express
[18/02/2007|10:41] C:\DOCUME~1\KARINE~1\APPLIC~1\InterVideo
[24/09/2006|19:45] C:\DOCUME~1\KARINE~1\APPLIC~1\Lavasoft
[22/12/2007|22:23] C:\DOCUME~1\KARINE~1\APPLIC~1\Leadertech
[06/01/2007|16:02] C:\DOCUME~1\KARINE~1\APPLIC~1\Macromedia
[13/04/2008|20:36] C:\DOCUME~1\KARINE~1\APPLIC~1\Malwarebytes
[08/02/2008|21:46] C:\DOCUME~1\KARINE~1\APPLIC~1\Microsoft
[19/04/2008|17:31] C:\DOCUME~1\KARINE~1\APPLIC~1\MyPhoneExplorer
[08/03/2007|17:14] C:\DOCUME~1\KARINE~1\APPLIC~1\MySpace
[25/09/2006|14:04] C:\DOCUME~1\KARINE~1\APPLIC~1\PatchUpdate_HP_CounterReport_Update_HPSU.log
[06/01/2007|16:02] C:\DOCUME~1\KARINE~1\APPLIC~1\PlayFirst
[25/09/2006|14:12] C:\DOCUME~1\KARINE~1\APPLIC~1\Real
[01/04/2007|16:19] C:\DOCUME~1\KARINE~1\APPLIC~1\Screenshot Sender
[25/01/2005|14:18] C:\DOCUME~1\KARINE~1\APPLIC~1\Sonic
[25/09/2006|14:10] C:\DOCUME~1\KARINE~1\APPLIC~1\Sun
[25/01/2005|14:52] C:\DOCUME~1\KARINE~1\APPLIC~1\Symantec
[04/10/2006|00:38] C:\DOCUME~1\KARINE~1\APPLIC~1\Teleca
[25/01/2005|13:24] C:\DOCUME~1\KARINE~1\APPLIC~1\toshiba
[25/09/2006|14:33] C:\DOCUME~1\KARINE~1\APPLIC~1\Update_HP_RedboxHprblog_HPSU.log
[20/10/2006|21:30] C:\DOCUME~1\KARINE~1\APPLIC~1\vlc

[05/12/2006|18:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[18/12/2007|13:04] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[16/04/2008 19:24][--a--c---] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[22/01/2008 14:59][--a--c---] C:\WINDOWS\tasks\WebReg 20060925135956.job
[18/04/2007 13:59][--a--c---] C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1159185512.job
[08/05/2008 09:47][--a--c---] C:\WINDOWS\tasks\Symantec NetDetect.job
[24/09/2006 17:27][--a--c---] C:\WINDOWS\tasks\Rappel d'enregistrement 3.job
[24/09/2006 17:27][--a--c---] C:\WINDOWS\tasks\Rappel d'enregistrement 2.job
[24/09/2006 17:27][--a--c---] C:\WINDOWS\tasks\Rappel d'enregistrement 1.job
[08/05/2008 09:43][--ah-c---] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[13/01/2008|15:31] C:\Program Files\Adobe
[06/01/2007|16:26] C:\Program Files\Alawar
[24/09/2006|18:40] C:\Program Files\Alwil Software
[16/06/2005|09:30] C:\Program Files\Analog Devices
[10/04/2008|19:57] C:\Program Files\antivir_workstation_win7u_en_h.exe
[16/04/2008|18:53] C:\Program Files\Apple Software Update
[26/12/2006|12:48] C:\Program Files\a-squared Anti-Malware
[06/04/2008|16:38] C:\Program Files\a-squared Free
[16/11/2006|13:54] C:\Program Files\ATI Technologies
[10/04/2008|19:58] C:\Program Files\Avira
[06/01/2007|16:30] C:\Program Files\BFG
[24/01/2005|13:40] C:\Program Files\ComPlus Applications
[28/02/2007|15:06] C:\Program Files\Diddl Screenmate
[31/01/2008|16:40] C:\Program Files\DivX
[04/10/2006|00:22] C:\Program Files\DivXInstaller.exe
[20/10/2006|21:26] C:\Program Files\DivXPlay.exe
[15/01/2008|12:35] C:\Program Files\EA GAMES
[08/05/2008|09:44] C:\Program Files\eMule
[24/09/2006|19:27] C:\Program Files\eMule0.47c-Installer.exe
[30/03/2007|14:59] C:\Program Files\eMule047c.exe
[11/03/2007|16:22] C:\Program Files\EPSON
[01/02/2008|20:30] C:\Program Files\Fichiers communs
[06/01/2007|16:10] C:\Program Files\GameHouse
[10/04/2008|19:23] C:\Program Files\Google
[24/09/2006|19:33] C:\Program Files\GoogleToolbarInstaller.exe
[30/03/2008|23:51] C:\Program Files\Grisoft
[08/04/2007|16:49] C:\Program Files\Hasbro Interactive
[25/09/2006|14:24] C:\Program Files\Hewlett-Packard
[25/09/2006|14:24] C:\Program Files\HP
[25/01/2008|15:29] C:\Program Files\hpothb07.dat
[25/01/2008|15:29] C:\Program Files\hpothb07.tif
[24/09/2006|19:41] C:\Program Files\Install_Messenger.exe
[16/04/2008|19:00] C:\Program Files\InstallShield Installation Information
[25/01/2005|11:49] C:\Program Files\Intel
[10/04/2008|19:02] C:\Program Files\Internet Explorer
[25/01/2005|14:13] C:\Program Files\InterVideo
[01/02/2008|20:30] C:\Program Files\Inventel
[16/04/2008|19:33] C:\Program Files\iPod
[16/04/2008|19:33] C:\Program Files\iTunes
[10/04/2008|19:07] C:\Program Files\Java
[11/10/2006|00:34] C:\Program Files\klcodec277f.exe
[24/09/2006|19:45] C:\Program Files\Lavasoft
[25/01/2005|12:09] C:\Program Files\ltmoh
[11/10/2006|00:56] C:\Program Files\Luxor 2
[16/02/2008|22:05] C:\Program Files\Luxor 3
[01/06/2007|14:21] C:\Program Files\Macrogaming
[06/01/2007|16:19] C:\Program Files\Magic Ball 2
[13/04/2008|20:36] C:\Program Files\Malwarebytes' Anti-Malware
[16/06/2005|09:14] C:\Program Files\Messenger
[01/06/2007|14:18] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[24/01/2005|13:44] C:\Program Files\microsoft frontpage
[24/09/2006|19:43] C:\Program Files\Microsoft Office
[24/09/2006|19:42] C:\Program Files\Microsoft.NET
[24/01/2005|13:41] C:\Program Files\Movie Maker
[11/10/2006|00:21] C:\Program Files\mp10setup.exe
[16/11/2006|13:16] C:\Program Files\MsgPlus-363.exe
[16/11/2006|13:17] C:\Program Files\MsgPlusLive-410.exe
[24/01/2005|13:39] C:\Program Files\MSN
[27/04/2008|09:00] C:\Program Files\MSN Games
[24/01/2005|13:39] C:\Program Files\MSN Gaming Zone
[25/01/2008|15:54] C:\Program Files\MyPhoneExplorer
[08/03/2007|16:20] C:\Program Files\MySpace
[24/01/2005|13:41] C:\Program Files\NetMeeting
[24/09/2006|20:03] C:\Program Files\OfficeUpdate11
[24/01/2005|13:39] C:\Program Files\Online Services
[06/01/2007|16:47] C:\Program Files\orange
[12/06/2007|02:43] C:\Program Files\Outlook Express
[11/10/2006|00:25] C:\Program Files\pack_ultime.exe
[16/04/2008|19:31] C:\Program Files\QuickTime
[24/09/2006|22:53] C:\Program Files\Real
[06/04/2008|18:13] C:\Program Files\RegCleaner
[26/06/2007|11:58] C:\Program Files\SAGEM
[16/04/2008|19:00] C:\Program Files\SAGEM WiFi manager
[24/01/2005|13:42] C:\Program Files\Services en ligne
[24/09/2006|18:40] C:\Program Files\setupfre.exe
[11/10/2006|01:10] C:\Program Files\SLD Codec Pack
[11/10/2006|01:09] C:\Program Files\sld.codec.pack.2.2.exe
[25/01/2005|14:25] C:\Program Files\Sonic
[30/03/2008|23:51] C:\Program Files\Spybot - Search & Destroy
[24/09/2006|18:33] C:\Program Files\spybotsd14.exe
[24/09/2006|18:29] C:\Program Files\Symantec
[25/01/2005|12:02] C:\Program Files\Synaptics
[16/11/2006|13:37] C:\Program Files\THQ
[22/01/2007|00:04] C:\Program Files\TOSHIBA
[04/05/2008|18:30] C:\Program Files\Trend Micro
[26/01/2005|15:18] C:\Program Files\Uninstall Information
[20/10/2006|21:30] C:\Program Files\VideoLAN
[20/10/2006|21:30] C:\Program Files\vlc-0.8.5-win32.exe
[09/04/2008|18:59] C:\Program Files\Wanadoo
[11/10/2006|00:18] C:\Program Files\Winamp
[18/12/2007|13:06] C:\Program Files\Windows Live
[05/12/2006|18:45] C:\Program Files\Windows Media Connect 2
[05/12/2006|18:45] C:\Program Files\Windows Media Player
[24/01/2005|13:39] C:\Program Files\Windows NT
[11/10/2006|00:21] C:\Program Files\WindowsMedia-Q828026-x86-FRA.exe
[24/01/2005|13:42] C:\Program Files\WindowsUpdate
[02/05/2008|09:33] C:\Program Files\WinRAR
[09/04/2008|19:18] C:\Program Files\WordBiz
[24/09/2006|23:38] C:\Program Files\WordBiz18.exe
[25/09/2006|14:14] C:\Program Files\wrar361.exe
[24/01/2005|13:44] C:\Program Files\xerox

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[16/06/2007|10:20] C:\Program Files\Fichiers communs\Adobe
[30/12/2007|14:50] C:\Program Files\Fichiers communs\Apple
[24/09/2006|19:43] C:\Program Files\Fichiers communs\DESIGNER
[01/02/2008|20:30] C:\Program Files\Fichiers communs\FDEUnInstaller.exe
[25/09/2006|13:55] C:\Program Files\Fichiers communs\Hewlett-Packard
[25/09/2006|14:24] C:\Program Files\Fichiers communs\HP
[25/01/2005|12:03] C:\Program Files\Fichiers communs\InstallShield
[24/01/2005|13:55] C:\Program Files\Fichiers communs\Java
[27/04/2008|09:01] C:\Program Files\Fichiers communs\Microsoft Shared
[24/01/2005|13:41] C:\Program Files\Fichiers communs\MSSoap
[24/01/2005|14:33] C:\Program Files\Fichiers communs\ODBC
[24/09/2006|22:54] C:\Program Files\Fichiers communs\Real
[24/01/2005|13:41] C:\Program Files\Fichiers communs\Services
[24/01/2005|14:33] C:\Program Files\Fichiers communs\SpeechEngines
[24/09/2006|18:29] C:\Program Files\Fichiers communs\Symantec Shared
[12/06/2007|02:43] C:\Program Files\Fichiers communs\System
[04/10/2006|00:19] C:\Program Files\Fichiers communs\Teleca Shared
[17/12/2007|13:18] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[24/09/2006|22:54] C:\Program Files\Fichiers communs\xing shared

---------------------------[ Process ]--------------------------

... 36

... OK !

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

Aucun fichier / dossier Lop trouvé !

----------------------[ Verification du Registre ]----------------------

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE


----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-08 09:46:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------


Aucune autre infection trouvée !

/!\ [Fich:7][Doss:2] C:\DOCUME~1\KARINE~1\LOCALS~1\Temp
/!\ [Fich:334][Doss:0] C:\DOCUME~1\KARINE~1\Cookies
/!\ [Fich:774][Doss:5] C:\DOCUME~1\KARINE~1\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 9:47:28,41 ]----------------------

Voici le rapport que tu m'as demandé

je vais être absente cette semaine donc je ne te répondrai que la semaine du 19 maintenant (sauf ce soir je suis encore là)

qu'en est-il ?

merci.
-----------------------[ Lop S&D 4.2.0-7 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Karine et Romain ] [ "C:\Lop SD" ] [ Selection : 2 ]
[ 09/05/2008 | 10:19:03,87 ] [ PC : NINOU ]
[ MAJ : 06-05-2008 | 21:45 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

Restauré! - Fichier Hosts

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


-------------[ Listing des dossiers dans Application Data ]------------

[10/04/2008|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\addr_file.html
[16/06/2007|10:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[30/12/2007|14:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[26/12/2006|12:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[10/04/2008|19:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[24/01/2005|14:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[10/04/2008|19:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[30/03/2008|23:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[25/09/2006|13:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[25/09/2006|13:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
[13/04/2008|20:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[20/12/2007|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[27/04/2008|09:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[16/02/2008|22:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
[26/12/2006|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[24/01/2005|13:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[30/03/2008|23:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[24/09/2006|18:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[27/04/2008|09:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[11/10/2006|00:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[26/12/2006|13:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[04/10/2006|00:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[18/12/2007|13:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[08/03/2007|17:14] C:\DOCUME~1\APPLIC~1\APPLIC~1\Microsoft

[28/01/2005|11:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[28/01/2005|11:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\AdobeUM
[24/01/2005|14:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[24/01/2005|14:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[25/01/2005|13:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[25/01/2005|14:18] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
[25/01/2005|14:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[25/01/2005|13:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\toshiba

[16/02/2008|22:00] C:\DOCUME~1\KARINE~1\APPLIC~1\Adobe
[07/05/2008|18:49] C:\DOCUME~1\KARINE~1\APPLIC~1\AdobeUM
[16/04/2008|19:21] C:\DOCUME~1\KARINE~1\APPLIC~1\Apple Computer
[16/11/2006|13:02] C:\DOCUME~1\KARINE~1\APPLIC~1\ATI
[24/01/2005|14:32] C:\DOCUME~1\KARINE~1\APPLIC~1\desktop.ini
[20/10/2006|21:03] C:\DOCUME~1\KARINE~1\APPLIC~1\DivX
[25/09/2006|14:00] C:\DOCUME~1\KARINE~1\APPLIC~1\GdiplusUpgrade_MSIApproach_Wrapper.log
[25/03/2007|12:14] C:\DOCUME~1\KARINE~1\APPLIC~1\Google
[09/04/2008|19:20] C:\DOCUME~1\KARINE~1\APPLIC~1\Grisoft
[23/10/2006|22:12] C:\DOCUME~1\KARINE~1\APPLIC~1\Help
[25/09/2006|13:59] C:\DOCUME~1\KARINE~1\APPLIC~1\Hewlett-Packard
[25/09/2006|13:55] C:\DOCUME~1\KARINE~1\APPLIC~1\HP
[24/01/2005|14:27] C:\DOCUME~1\KARINE~1\APPLIC~1\Identities
[29/11/2006|15:00] C:\DOCUME~1\KARINE~1\APPLIC~1\Image Zone Express
[18/02/2007|10:41] C:\DOCUME~1\KARINE~1\APPLIC~1\InterVideo
[24/09/2006|19:45] C:\DOCUME~1\KARINE~1\APPLIC~1\Lavasoft
[22/12/2007|22:23] C:\DOCUME~1\KARINE~1\APPLIC~1\Leadertech
[06/01/2007|16:02] C:\DOCUME~1\KARINE~1\APPLIC~1\Macromedia
[13/04/2008|20:36] C:\DOCUME~1\KARINE~1\APPLIC~1\Malwarebytes
[08/02/2008|21:46] C:\DOCUME~1\KARINE~1\APPLIC~1\Microsoft
[19/04/2008|17:31] C:\DOCUME~1\KARINE~1\APPLIC~1\MyPhoneExplorer
[08/03/2007|17:14] C:\DOCUME~1\KARINE~1\APPLIC~1\MySpace
[25/09/2006|14:04] C:\DOCUME~1\KARINE~1\APPLIC~1\PatchUpdate_HP_CounterReport_Update_HPSU.log
[06/01/2007|16:02] C:\DOCUME~1\KARINE~1\APPLIC~1\PlayFirst
[25/09/2006|14:12] C:\DOCUME~1\KARINE~1\APPLIC~1\Real
[01/04/2007|16:19] C:\DOCUME~1\KARINE~1\APPLIC~1\Screenshot Sender
[25/01/2005|14:18] C:\DOCUME~1\KARINE~1\APPLIC~1\Sonic
[25/09/2006|14:10] C:\DOCUME~1\KARINE~1\APPLIC~1\Sun
[25/01/2005|14:52] C:\DOCUME~1\KARINE~1\APPLIC~1\Symantec
[04/10/2006|00:38] C:\DOCUME~1\KARINE~1\APPLIC~1\Teleca
[25/01/2005|13:24] C:\DOCUME~1\KARINE~1\APPLIC~1\toshiba
[25/09/2006|14:33] C:\DOCUME~1\KARINE~1\APPLIC~1\Update_HP_RedboxHprblog_HPSU.log
[20/10/2006|21:30] C:\DOCUME~1\KARINE~1\APPLIC~1\vlc

[05/12/2006|18:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[18/12/2007|13:04] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[16/04/2008 19:24][--a--c---] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[22/01/2008 14:59][--a--c---] C:\WINDOWS\tasks\WebReg 20060925135956.job
[18/04/2007 13:59][--a--c---] C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1159185512.job
[09/05/2008 10:17][--a--c---] C:\WINDOWS\tasks\Symantec NetDetect.job
[24/09/2006 17:27][--a--c---] C:\WINDOWS\tasks\Rappel d'enregistrement 3.job
[24/09/2006 17:27][--a--c---] C:\WINDOWS\tasks\Rappel d'enregistrement 2.job
[24/09/2006 17:27][--a--c---] C:\WINDOWS\tasks\Rappel d'enregistrement 1.job
[09/05/2008 09:51][--ah-c---] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[13/01/2008|15:31] C:\Program Files\Adobe
[06/01/2007|16:26] C:\Program Files\Alawar
[24/09/2006|18:40] C:\Program Files\Alwil Software
[16/06/2005|09:30] C:\Program Files\Analog Devices
[10/04/2008|19:57] C:\Program Files\antivir_workstation_win7u_en_h.exe
[16/04/2008|18:53] C:\Program Files\Apple Software Update
[26/12/2006|12:48] C:\Program Files\a-squared Anti-Malware
[06/04/2008|16:38] C:\Program Files\a-squared Free
[16/11/2006|13:54] C:\Program Files\ATI Technologies
[10/04/2008|19:58] C:\Program Files\Avira
[06/01/2007|16:30] C:\Program Files\BFG
[24/01/2005|13:40] C:\Program Files\ComPlus Applications
[28/02/2007|15:06] C:\Program Files\Diddl Screenmate
[31/01/2008|16:40] C:\Program Files\DivX
[04/10/2006|00:22] C:\Program Files\DivXInstaller.exe
[20/10/2006|21:26] C:\Program Files\DivXPlay.exe
[15/01/2008|12:35] C:\Program Files\EA GAMES
[09/05/2008|10:44] C:\Program Files\eMule
[24/09/2006|19:27] C:\Program Files\eMule0.47c-Installer.exe
[30/03/2007|14:59] C:\Program Files\eMule047c.exe
[11/03/2007|16:22] C:\Program Files\EPSON
[01/02/2008|20:30] C:\Program Files\Fichiers communs
[06/01/2007|16:10] C:\Program Files\GameHouse
[10/04/2008|19:23] C:\Program Files\Google
[24/09/2006|19:33] C:\Program Files\GoogleToolbarInstaller.exe
[30/03/2008|23:51] C:\Program Files\Grisoft
[08/04/2007|16:49] C:\Program Files\Hasbro Interactive
[25/09/2006|14:24] C:\Program Files\Hewlett-Packard
[25/09/2006|14:24] C:\Program Files\HP
[25/01/2008|15:29] C:\Program Files\hpothb07.dat
[25/01/2008|15:29] C:\Program Files\hpothb07.tif
[24/09/2006|19:41] C:\Program Files\Install_Messenger.exe
[16/04/2008|19:00] C:\Program Files\InstallShield Installation Information
[25/01/2005|11:49] C:\Program Files\Intel
[10/04/2008|19:02] C:\Program Files\Internet Explorer
[25/01/2005|14:13] C:\Program Files\InterVideo
[01/02/2008|20:30] C:\Program Files\Inventel
[16/04/2008|19:33] C:\Program Files\iPod
[16/04/2008|19:33] C:\Program Files\iTunes
[10/04/2008|19:07] C:\Program Files\Java
[11/10/2006|00:34] C:\Program Files\klcodec277f.exe
[24/09/2006|19:45] C:\Program Files\Lavasoft
[25/01/2005|12:09] C:\Program Files\ltmoh
[11/10/2006|00:56] C:\Program Files\Luxor 2
[16/02/2008|22:05] C:\Program Files\Luxor 3
[01/06/2007|14:21] C:\Program Files\Macrogaming
[06/01/2007|16:19] C:\Program Files\Magic Ball 2
[13/04/2008|20:36] C:\Program Files\Malwarebytes' Anti-Malware
[16/06/2005|09:14] C:\Program Files\Messenger
[01/06/2007|14:18] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[24/01/2005|13:44] C:\Program Files\microsoft frontpage
[24/09/2006|19:43] C:\Program Files\Microsoft Office
[24/09/2006|19:42] C:\Program Files\Microsoft.NET
[24/01/2005|13:41] C:\Program Files\Movie Maker
[11/10/2006|00:21] C:\Program Files\mp10setup.exe
[16/11/2006|13:16] C:\Program Files\MsgPlus-363.exe
[16/11/2006|13:17] C:\Program Files\MsgPlusLive-410.exe
[24/01/2005|13:39] C:\Program Files\MSN
[27/04/2008|09:00] C:\Program Files\MSN Games
[24/01/2005|13:39] C:\Program Files\MSN Gaming Zone
[25/01/2008|15:54] C:\Program Files\MyPhoneExplorer
[08/03/2007|16:20] C:\Program Files\MySpace
[24/01/2005|13:41] C:\Program Files\NetMeeting
[24/09/2006|20:03] C:\Program Files\OfficeUpdate11
[24/01/2005|13:39] C:\Program Files\Online Services
[06/01/2007|16:47] C:\Program Files\orange
[12/06/2007|02:43] C:\Program Files\Outlook Express
[11/10/2006|00:25] C:\Program Files\pack_ultime.exe
[16/04/2008|19:31] C:\Program Files\QuickTime
[24/09/2006|22:53] C:\Program Files\Real
[06/04/2008|18:13] C:\Program Files\RegCleaner
[26/06/2007|11:58] C:\Program Files\SAGEM
[16/04/2008|19:00] C:\Program Files\SAGEM WiFi manager
[24/01/2005|13:42] C:\Program Files\Services en ligne
[24/09/2006|18:40] C:\Program Files\setupfre.exe
[11/10/2006|01:10] C:\Program Files\SLD Codec Pack
[11/10/2006|01:09] C:\Program Files\sld.codec.pack.2.2.exe
[25/01/2005|14:25] C:\Program Files\Sonic
[30/03/2008|23:51] C:\Program Files\Spybot - Search & Destroy
[24/09/2006|18:33] C:\Program Files\spybotsd14.exe
[24/09/2006|18:29] C:\Program Files\Symantec
[25/01/2005|12:02] C:\Program Files\Synaptics
[16/11/2006|13:37] C:\Program Files\THQ
[22/01/2007|00:04] C:\Program Files\TOSHIBA
[04/05/2008|18:30] C:\Program Files\Trend Micro
[26/01/2005|15:18] C:\Program Files\Uninstall Information
[20/10/2006|21:30] C:\Program Files\VideoLAN
[20/10/2006|21:30] C:\Program Files\vlc-0.8.5-win32.exe
[09/04/2008|18:59] C:\Program Files\Wanadoo
[11/10/2006|00:18] C:\Program Files\Winamp
[18/12/2007|13:06] C:\Program Files\Windows Live
[05/12/2006|18:45] C:\Program Files\Windows Media Connect 2
[05/12/2006|18:45] C:\Program Files\Windows Media Player
[24/01/2005|13:39] C:\Program Files\Windows NT
[11/10/2006|00:21] C:\Program Files\WindowsMedia-Q828026-x86-FRA.exe
[24/01/2005|13:42] C:\Program Files\WindowsUpdate
[02/05/2008|09:33] C:\Program Files\WinRAR
[09/04/2008|19:18] C:\Program Files\WordBiz
[24/09/2006|23:38] C:\Program Files\WordBiz18.exe
[25/09/2006|14:14] C:\Program Files\wrar361.exe
[24/01/2005|13:44] C:\Program Files\xerox

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[16/06/2007|10:20] C:\Program Files\Fichiers communs\Adobe
[30/12/2007|14:50] C:\Program Files\Fichiers communs\Apple
[24/09/2006|19:43] C:\Program Files\Fichiers communs\DESIGNER
[01/02/2008|20:30] C:\Program Files\Fichiers communs\FDEUnInstaller.exe
[25/09/2006|13:55] C:\Program Files\Fichiers communs\Hewlett-Packard
[25/09/2006|14:24] C:\Program Files\Fichiers communs\HP
[25/01/2005|12:03] C:\Program Files\Fichiers communs\InstallShield
[24/01/2005|13:55] C:\Program Files\Fichiers communs\Java
[27/04/2008|09:01] C:\Program Files\Fichiers communs\Microsoft Shared
[24/01/2005|13:41] C:\Program Files\Fichiers communs\MSSoap
[24/01/2005|14:33] C:\Program Files\Fichiers communs\ODBC
[24/09/2006|22:54] C:\Program Files\Fichiers communs\Real
[24/01/2005|13:41] C:\Program Files\Fichiers communs\Services
[24/01/2005|14:33] C:\Program Files\Fichiers communs\SpeechEngines
[24/09/2006|18:29] C:\Program Files\Fichiers communs\Symantec Shared
[12/06/2007|02:43] C:\Program Files\Fichiers communs\System
[04/10/2006|00:19] C:\Program Files\Fichiers communs\Teleca Shared
[17/12/2007|13:18] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[24/09/2006|22:54] C:\Program Files\Fichiers communs\xing shared

---------------------------[ Process ]--------------------------

... 38

... OK !

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

Aucun fichier / dossier Lop trouvé !

----------------------[ Verification du Registre ]----------------------

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE


----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 10:20:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------


Aucune autre infection trouvée !

/!\ [Fich:7][Doss:2] C:\DOCUME~1\KARINE~1\LOCALS~1\Temp
/!\ [Fich:339][Doss:0] C:\DOCUME~1\KARINE~1\Cookies
/!\ [Fich:3694][Doss:5] C:\DOCUME~1\KARINE~1\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 10:21:04,77 ]----------------------