Msn vérolé, virus incrusté besoin d'aide svp

Ninou -  
ludsfa Messages postés 1287 Statut Membre -
Bonjour,

J'ai chopé un virus msn en ouvrant un fichier photo et je n'arrive pas à m'en débarasser, ce malgré plusieurs manips... quelqu'un veut-il bien m'aider ? je ne sais plus quoi faire pour me débarasser de ce truc.

Ma connexion coupe sans arrêt, j'ai propagé le virus à tous mes contacts msn et plus les jours passent plus mon ordi fait des trucs bizarres (pages internet qui ne s'ouvrent plus, l'ordinateur qui ne s'éteind plus...)

Msn fix me dit "infection présente", avast et spybot ne me détectent rien.

Merci d'avance.
Configuration: Windows XP
Internet Explorer 6.0

19 réponses

Résumé de la discussion

Une infection présumée par un virus MSN survient après l'ouverture d'un fichier image, entraînant des coupures réseau, des pages qui ne s'ouvrent plus et la diffusion du malware vers les contacts. Face à cela, Avast et Spybot ne détectent pas l'infection et MSNFix affiche une alerte, tandis que des utilisateurs échangent des recommandations comme Lop S&D, ComboFix pour nettoyage en profondeur. Le contenu partagé inclut des diagnostics sur des fichiers et des clés de registre, ainsi que des observations sur des fichiers hosts et des tâches planifiées suspectes.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. ludsfa Messages postés 1287 Statut Membre 15
     
    bonjour à toi Ninou

    voilà ce que tu vas faire.

    Télécharge MSNFix.zip (!aur3n7) sur ton Bureau.http://sosvirus.changelog.fr/MSNFix.zip
    Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).

    Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
    - Exécute l'option R.
    -- Si l'infection est détectée, presse une touche pour lancer le nettoyage.

    Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
    Dans ce cas il suffit de redémarrer l'ordinateur manuellement.

    Poste le rapport situé dans le dossier MSNFix.
    Le nom du rapport correspond au moment de sa création : date_heure.log

    et après ça.

    Télécharge puis installe Hijackthis (Trend Micro)http://www.infos-du-net.com/forum/271838-11-tuto-utiliser-hijackthis
    Poste ensuite un rapport dans ta prochaine réponse.
    AIDE : Comment utiliser Hijackthis v2.0.2
    0
    1. ninou
       
      bonjour,

      merci pour ton aide,
      voici le resultat de msnfix

      MSNFix 1.701

      C:\Documents and Settings\Karine et Romain\Bureau\MSNFix
      Fix exécuté le 10/04/2008 - 19:58:59,15 By Karine et Romain
      mode normal

      ************************ Recherche les fichiers présents

      Aucun Fichier trouvé

      ************************ Recherche les dossiers présents

      ... \TEMP\




      ************************ Suppression des fichiers



      ************************ Suppression des dossiers

      /!\ ... \TEMP\


      ************************ Nettoyage du registre



      ************************ Fichiers suspects

      /!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

      [C:\ATF-Cleaner.exe] D9DE89F0FAF18019BC9595F0F47BCA61
      [C:\CertiNomis.exe] 885AF93F7CF596BB231779463096C9C8

      [color=#FF0000][b]==>/b/color SVP merci d'envoyer le fichier [b] C:\DOCUME~1\KARINE~1\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr



      Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 10042008_20000463.zip

      ************************ HKLM\...\Winlogon\Userinit

      Userinit = C:\WINDOWS\system32\userinit.exe,


      ------------------------------------------------------------------------
      Auteur : !aur3n7 Contact: https://www.ionos.fr/
      ------------------------------------------------------------------------

      --------------------------------------------- END ---------------------------------------------
      0
    2. ninou
       
      et voici hijackthis


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:02:37, on 10/04/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.5730.0013)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      c:\program files\a-squared free\a2service.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
      C:\Program Files\QuickTime\QTTask.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
      C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
      C:\WINDOWS\system32\wuauclt.exe
      C:\DOCUME~1\KARINE~1\LOCALS~1\Temp\ICD1.tmp\jinstall.exe
      C:\WINDOWS\system32\msiexec.exe
      C:\WINDOWS\system32\msiexec.exe
      C:\WINDOWS\system32\MsiExec.exe
      C:\WINDOWS\system32\MsiExec.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.aubertphotos.com/Components/Upload/ImageUploader3.cab
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
      O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
      O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxentelechargement.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
      O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
      O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
      0
    3. ninou
       
      quelqu'un de ce forum m'a déjà donné un bon coup de main, mais il y a quelque chose que je ne comprends pas, c'est que msnfix m'indique "infection présente" et pourtant apparemment je n'ai plus rien ... t'en penses quoi ?
      0
  2. ludsfa Messages postés 1287 Statut Membre 15
     
    oui apparement un doute subsiste.

    rend toi sur virus total:https://www.virustotal.com/gui/

    et analyse les fichiers suivant:

    [C:\ATF-Cleaner.exe]
    [C:\CertiNomis.exe]

    j'analyse ton hijackthis en attendant.
    0
    1. ninou
       
      j'ai analysé le premier (C:\ATF-Cleaner.exe) avec virus total, tu peux me dire si c bon ? je t'avoue que je n'y comprends pas grand chose !

      Antivirus Version Dernière mise à jour Résultat
      AhnLab-V3 2008.4.9.0 2008.04.10 -
      AntiVir 7.6.0.81 2008.04.10 -
      Authentium 4.93.8 2008.04.10 -
      Avast 4.8.1169.0 2008.04.09 -
      AVG 7.5.0.516 2008.04.09 -
      BitDefender 7.2 2008.04.10 -
      CAT-QuickHeal 9.50 2008.04.10 -
      ClamAV 0.92.1 2008.04.10 -
      DrWeb 4.44.0.09170 2008.04.10 -
      eSafe 7.0.15.0 2008.04.09 suspicious Trojan/Worm
      eTrust-Vet 31.3.5687 2008.04.10 -
      Ewido 4.0 2008.04.09 -
      F-Prot 4.4.2.54 2008.04.08 -
      F-Secure 6.70.13260.0 2008.04.10 -
      FileAdvisor 1 2008.04.10 -
      Fortinet 3.14.0.0 2008.04.10 -
      Ikarus T3.1.1.26 2008.04.10 -
      Kaspersky 7.0.0.125 2008.04.10 -
      McAfee 5270 2008.04.09 -
      Microsoft 1.3408 2008.04.10 -
      NOD32v2 3014 2008.04.09 -
      Norman 5.80.02 2008.04.09 -
      Panda 9.0.0.4 2008.04.10 -
      Prevx1 V2 2008.04.10 -
      Rising 20.39.22.00 2008.04.10 -
      Sophos 4.28.0 2008.04.10 -
      Sunbelt 3.0.1032.0 2008.04.08 -
      Symantec 10 2008.04.10 -
      TheHacker 6.2.92.271 2008.04.10 -
      VBA32 3.12.6.4 2008.04.06 -
      VirusBuster 4.3.26:9 2008.04.09 -
      Webwasher-Gateway 6.6.2 2008.04.10 -
      Information additionnelle
      File size: 50688 bytes
      MD5...: d9de89f0faf18019bc9595f0f47bca61
      SHA1..: 7a044dfe1c5e780f3f2b52b3bd066e463a37886e
      SHA256: e900d883001ec60353c2e8e1a54e1c5948a11513fffafbd5a28b44c1e319677a
      SHA512: 236d2908eb66bf50e4645e9f1d1b6bf8f276d7d3648625c84c5fe1fed5c7a8e6
      9383515201a6ba92804f5fa2ee2f63fcb73f32b6932990ab8d43750edcc4768e
      PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
      PEInfo: PE Structure information

      ( base data )
      entrypointaddress.: 0x44eb90
      timedatestamp.....: 0x45d4597b (Thu Feb 15 13:00:43 2007)
      machinetype.......: 0x14c (I386)

      ( 3 sections )
      name viradd virsiz rawdsiz ntrpy md5
      UPX0 0x1000 0x43000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
      UPX1 0x44000 0xb000 0xae00 7.87 2ee445c9295114c0f7460ea2faf9f9ac
      .rsrc 0x4f000 0x2000 0x1400 5.64 ae57805166aa636a1bca8c6d9e8d1c4e

      ( 2 imports )
      > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
      > MSVBVM60.DLL: -

      ( 0 exports )

      packers: UPX
      packers: UPX
      packers: PE_Patch.UPX, UPX
      0
  3. ludsfa Messages postés 1287 Statut Membre 15
     
    as tu envoyé le fichier comme demandé?

    [color=#FF0000][b]==>/b/color SVP merci d'envoyer le fichier [b] C:\DOCUME~1\KARINE~1\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr

    sinon après;

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.https://www.majorgeeks.com/files/details/malwarebytes_anti_malware.html
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuée, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec :http://www.infos-du-net.com/forum/272325-11-tuto-demarrer-mode-echec

    * Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
    * Afin de lancer la recherche, clique sur "Rechercher".
    * Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

    AIDE : Tuto en images sur MBAM: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    0
    1. ninou
       
      et le deuxième (C:\CertiNomis.exe)

      Antivirus Version Dernière mise à jour Résultat
      AhnLab-V3 2008.4.10.2 2008.04.11 -
      AntiVir 7.6.0.84 2008.04.11 -
      Authentium 4.93.8 2008.04.10 -
      Avast 4.8.1169.0 2008.04.10 -
      AVG 7.5.0.516 2008.04.10 -
      BitDefender 7.2 2008.04.11 -
      CAT-QuickHeal 9.50 2008.04.10 -
      ClamAV 0.92.1 2008.04.11 -
      DrWeb 4.44.0.09170 2008.04.10 -
      eSafe 7.0.15.0 2008.04.09 -
      eTrust-Vet 31.3.5687 2008.04.10 -
      Ewido 4.0 2008.04.10 -
      F-Prot 4.4.2.54 2008.04.10 -
      F-Secure 6.70.13260.0 2008.04.11 -
      FileAdvisor 1 2008.04.11 -
      Fortinet 3.14.0.0 2008.04.10 -
      Ikarus T3.1.1.26.0 2008.04.11 -
      Kaspersky 7.0.0.125 2008.04.11 -
      McAfee 5271 2008.04.10 -
      Microsoft 1.3408 2008.04.11 -
      NOD32v2 3017 2008.04.10 -
      Norman 5.80.02 2008.04.10 -
      Panda 9.0.0.4 2008.04.10 -
      Prevx1 V2 2008.04.11 -
      Rising 20.39.32.00 2008.04.10 -
      Sophos 4.28.0 2008.04.11 -
      Sunbelt 3.0.1032.0 2008.04.08 -
      Symantec 10 2008.04.11 -
      TheHacker 6.2.92.273 2008.04.11 -
      VBA32 3.12.6.4 2008.04.06 -
      VirusBuster 4.3.26:9 2008.04.10 -
      Webwasher-Gateway 6.6.2 2008.04.11 -
      Information additionnelle
      File size: 62464 bytes
      MD5...: 885af93f7cf596bb231779463096c9c8
      SHA1..: bd349fbcd4444f3b48fa582aa8fb3b7da0b2d55a
      SHA256: db2f310321ca57020f5659a506880a7d0dcc5c7912f3a9d580c5135c4d7f8afa
      SHA512: 1651cd7573c96ad8c1dafde49c647baea5cb55b7d999646bd2a13893cab79d52
      d571f5f85e08d77af3a1d38192c0b2bc84c63150fe0c9bc14882cb414458eca9
      PEiD..: WinZip 32-bit SFX v8.x module
      PEInfo: PE Structure information

      ( base data )
      entrypointaddress.: 0x403f8f
      timedatestamp.....: 0x3a5b1b81 (Tue Jan 09 14:09:05 2001)
      machinetype.......: 0x14c (I386)

      ( 5 sections )
      name viradd virsiz rawdsiz ntrpy md5
      .text 0x1000 0x5486 0x5600 6.46 e221bb9839316c17fe5d237cfc21c85a
      .rdata 0x7000 0xbd2 0xc00 5.08 f08a945b329e91d2622a9faaad1e057d
      .data 0x8000 0x1735 0xe00 6.88 6628371a6e103e0ee540a9901faa8c9f
      .rsrc 0xa000 0x508 0x600 3.57 31a59612ef46764ac11858e8811d6739
      _winzip_ 0xb000 0x8000 0x7a00 7.95 f9176d07aa63886659bd066247354c2d

      ( 3 imports )
      > USER32.dll: GetWindowRect, SetCursor, EndDialog, DefWindowProcA, GetWindowWord, SetWindowWord, BeginPaint, GetSysColor, GetClientRect, SetRect, EndPaint, RegisterClassA, LoadIconA, OemToCharBuffA, LoadCursorA, GetLastActivePopup, ShowWindow, PostMessageA, EnableWindow, GetTopWindow, DestroyWindow, GetWindowLongA, SetWindowLongA, SetWindowTextA, SetForegroundWindow, SetActiveWindow, CharNextA, SetTimer, GetMessageA, PostQuitMessage, KillTimer, DialogBoxIndirectParamA, GetDlgItemTextA, SendMessageA, GetSystemMetrics, SetWindowPos, PeekMessageA, TranslateMessage, DispatchMessageA, GetParent, SetDlgItemTextA, SendDlgItemMessageA, GetDlgItem, InvalidateRect, UpdateWindow, wsprintfA, MessageBoxA
      > KERNEL32.dll: _lopen, WinExec, CreateProcessA, _lclose, GetVolumeInformationA, RtlUnwind, GetCommandLineA, GetModuleHandleA, ExitProcess, FindNextFileA, MoveFileExA, CreateFileA, GetFileSize, CreateFileMappingA, MapViewOfFile, UnmapViewOfFile, CloseHandle, SetFilePointer, SetEndOfFile, RemoveDirectoryA, SetFileAttributesA, DeleteFileA, GetACP, GetModuleFileNameA, SetErrorMode, GetVersion, LoadLibraryA, GetProcAddress, GetLastError, FormatMessageA, FreeLibrary, WaitForSingleObject, GetTickCount, GetWindowsDirectoryA, FindClose, FindFirstFileA, SetCurrentDirectoryA, lstrlenA, CreateDirectoryA, lstrcatA, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, _lcreat, lstrcpyA, LocalAlloc, GetEnvironmentVariableA, OpenFile, _lwrite, _lread, GetDriveTypeA, _llseek, LocalFree, GlobalLock, GlobalAlloc, GlobalFree, GlobalUnlock, GlobalHandle
      > GDI32.dll: GetTextExtentPoint32A, SetBkColor, SetTextColor, SetTextAlign, GetBkColor, DeleteObject, ExtTextOutA, CreateDCA, GetDeviceCaps, CreateFontIndirectA, DeleteDC, SelectObject

      ( 0 exports )

      packers (F-Prot): ZIP
      0
  4. ludsfa Messages postés 1287 Statut Membre 15
     
    salut ninou.

    analyse les deux dossiers sur virus total si il te dis que l'analyse à déjà été faite refais le.

    et refais moi un hijackthis.

    a très vite.
    0
    1. ninou
       
      Bonjour,

      j'ai fait ce que tu m'as demandé, voici les resuletats des analyses sur virus total, je fais le reste de suite.

      Fichier CertiNomis.exe reçu le 2008.04.13 19:35:39 (CET)
      Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE


      Résultat: 0/32 (0%)
      en train de charger les informations du serveur...
      Votre fichier est dans la file d'attente, en position: 5.
      L'heure estimée de démarrage est entre 52 et 75 secondes.
      Ne fermez pas la fenêtre avant la fin de l'analyse.
      L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
      Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
      Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
      les résultats seront affichés au fur et à mesure de leur génération.
      Formaté Impression des résultats
      Votre fichier a expiré ou n'existe pas.
      Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

      Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
      Email:


      Antivirus Version Dernière mise à jour Résultat
      AhnLab-V3 2008.4.12.0 2008.04.11 -
      AntiVir 7.6.0.85 2008.04.11 -
      Authentium 4.93.8 2008.04.13 -
      Avast 4.8.1169.0 2008.04.13 -
      AVG 7.5.0.516 2008.04.13 -
      BitDefender 7.2 2008.04.13 -
      CAT-QuickHeal 9.50 2008.04.12 -
      ClamAV 0.92.1 2008.04.13 -
      DrWeb 4.44.0.09170 2008.04.13 -
      eSafe 7.0.15.0 2008.04.09 -
      eTrust-Vet 31.3.5692 2008.04.11 -
      Ewido 4.0 2008.04.13 -
      F-Prot 4.4.2.54 2008.04.13 -
      F-Secure 6.70.13260.0 2008.04.13 -
      FileAdvisor 1 2008.04.13 -
      Fortinet 3.14.0.0 2008.04.13 -
      Ikarus T3.1.1.26.0 2008.04.13 -
      Kaspersky 7.0.0.125 2008.04.13 -
      McAfee 5272 2008.04.11 -
      Microsoft 1.3408 2008.04.13 -
      NOD32v2 3021 2008.04.12 -
      Norman 5.80.02 2008.04.12 -
      Panda 9.0.0.4 2008.04.13 -
      Prevx1 V2 2008.04.13 -
      Rising 20.39.62.00 2008.04.13 -
      Sophos 4.28.0 2008.04.13 -
      Sunbelt 3.0.1041.0 2008.04.12 -
      Symantec 10 2008.04.13 -
      TheHacker 6.2.92.276 2008.04.12 -
      VBA32 3.12.6.4 2008.04.13 -
      VirusBuster 4.3.26:9 2008.04.13 -
      Webwasher-Gateway 6.6.2 2008.04.11 -
      Information additionnelle
      File size: 62464 bytes
      MD5...: 885af93f7cf596bb231779463096c9c8
      SHA1..: bd349fbcd4444f3b48fa582aa8fb3b7da0b2d55a
      SHA256: db2f310321ca57020f5659a506880a7d0dcc5c7912f3a9d580c5135c4d7f8afa
      SHA512: 1651cd7573c96ad8c1dafde49c647baea5cb55b7d999646bd2a13893cab79d52
      d571f5f85e08d77af3a1d38192c0b2bc84c63150fe0c9bc14882cb414458eca9
      PEiD..: WinZip 32-bit SFX v8.x module
      PEInfo: PE Structure information

      ( base data )
      entrypointaddress.: 0x403f8f
      timedatestamp.....: 0x3a5b1b81 (Tue Jan 09 14:09:05 2001)
      machinetype.......: 0x14c (I386)

      ( 5 sections )
      name viradd virsiz rawdsiz ntrpy md5
      .text 0x1000 0x5486 0x5600 6.46 e221bb9839316c17fe5d237cfc21c85a
      .rdata 0x7000 0xbd2 0xc00 5.08 f08a945b329e91d2622a9faaad1e057d
      .data 0x8000 0x1735 0xe00 6.88 6628371a6e103e0ee540a9901faa8c9f
      .rsrc 0xa000 0x508 0x600 3.57 31a59612ef46764ac11858e8811d6739
      _winzip_ 0xb000 0x8000 0x7a00 7.95 f9176d07aa63886659bd066247354c2d

      ( 3 imports )
      > USER32.dll: GetWindowRect, SetCursor, EndDialog, DefWindowProcA, GetWindowWord, SetWindowWord, BeginPaint, GetSysColor, GetClientRect, SetRect, EndPaint, RegisterClassA, LoadIconA, OemToCharBuffA, LoadCursorA, GetLastActivePopup, ShowWindow, PostMessageA, EnableWindow, GetTopWindow, DestroyWindow, GetWindowLongA, SetWindowLongA, SetWindowTextA, SetForegroundWindow, SetActiveWindow, CharNextA, SetTimer, GetMessageA, PostQuitMessage, KillTimer, DialogBoxIndirectParamA, GetDlgItemTextA, SendMessageA, GetSystemMetrics, SetWindowPos, PeekMessageA, TranslateMessage, DispatchMessageA, GetParent, SetDlgItemTextA, SendDlgItemMessageA, GetDlgItem, InvalidateRect, UpdateWindow, wsprintfA, MessageBoxA
      > KERNEL32.dll: _lopen, WinExec, CreateProcessA, _lclose, GetVolumeInformationA, RtlUnwind, GetCommandLineA, GetModuleHandleA, ExitProcess, FindNextFileA, MoveFileExA, CreateFileA, GetFileSize, CreateFileMappingA, MapViewOfFile, UnmapViewOfFile, CloseHandle, SetFilePointer, SetEndOfFile, RemoveDirectoryA, SetFileAttributesA, DeleteFileA, GetACP, GetModuleFileNameA, SetErrorMode, GetVersion, LoadLibraryA, GetProcAddress, GetLastError, FormatMessageA, FreeLibrary, WaitForSingleObject, GetTickCount, GetWindowsDirectoryA, FindClose, FindFirstFileA, SetCurrentDirectoryA, lstrlenA, CreateDirectoryA, lstrcatA, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, _lcreat, lstrcpyA, LocalAlloc, GetEnvironmentVariableA, OpenFile, _lwrite, _lread, GetDriveTypeA, _llseek, LocalFree, GlobalLock, GlobalAlloc, GlobalFree, GlobalUnlock, GlobalHandle
      > GDI32.dll: GetTextExtentPoint32A, SetBkColor, SetTextColor, SetTextAlign, GetBkColor, DeleteObject, ExtTextOutA, CreateDCA, GetDeviceCaps, CreateFontIndirectA, DeleteDC, SelectObject

      ( 0 exports )

      packers (F-Prot): ZIP
      0
      1. ninou > ninou
         
        voici le 2eme, je vais faire MalwareByte's Anti-Malware 1.08 puis le hijackthis et je te l'envoie



        Fichier ATF-Cleaner.exe reçu le 2008.04.13 19:39:13 (CET)
        Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE


        Résultat: 1/32 (3.13%)
        en train de charger les informations du serveur...
        Votre fichier est dans la file d'attente, en position: 2.
        L'heure estimée de démarrage est entre 42 et 60 secondes.
        Ne fermez pas la fenêtre avant la fin de l'analyse.
        L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
        Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
        Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
        les résultats seront affichés au fur et à mesure de leur génération.
        Formaté Impression des résultats
        Votre fichier a expiré ou n'existe pas.
        Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

        Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
        Email:


        Antivirus Version Dernière mise à jour Résultat
        AhnLab-V3 2008.4.12.0 2008.04.11 -
        AntiVir 7.6.0.85 2008.04.11 -
        Authentium 4.93.8 2008.04.13 -
        Avast 4.8.1169.0 2008.04.13 -
        AVG 7.5.0.516 2008.04.13 -
        BitDefender 7.2 2008.04.13 -
        CAT-QuickHeal 9.50 2008.04.12 -
        ClamAV 0.92.1 2008.04.13 -
        DrWeb 4.44.0.09170 2008.04.13 -
        eSafe 7.0.15.0 2008.04.09 suspicious Trojan/Worm
        eTrust-Vet 31.3.5692 2008.04.11 -
        Ewido 4.0 2008.04.13 -
        F-Prot 4.4.2.54 2008.04.13 -
        F-Secure 6.70.13260.0 2008.04.13 -
        FileAdvisor 1 2008.04.13 -
        Fortinet 3.14.0.0 2008.04.13 -
        Ikarus T3.1.1.26 2008.04.13 -
        Kaspersky 7.0.0.125 2008.04.13 -
        McAfee 5272 2008.04.11 -
        Microsoft 1.3408 2008.04.13 -
        NOD32v2 3021 2008.04.12 -
        Norman 5.80.02 2008.04.12 -
        Panda 9.0.0.4 2008.04.13 -
        Prevx1 V2 2008.04.13 -
        Rising 20.39.62.00 2008.04.13 -
        Sophos 4.28.0 2008.04.13 -
        Sunbelt 3.0.1041.0 2008.04.12 -
        Symantec 10 2008.04.13 -
        TheHacker 6.2.92.276 2008.04.12 -
        VBA32 3.12.6.4 2008.04.13 -
        VirusBuster 4.3.26:9 2008.04.13 -
        Webwasher-Gateway 6.6.2 2008.04.11 -
        Information additionnelle
        File size: 50688 bytes
        MD5...: d9de89f0faf18019bc9595f0f47bca61
        SHA1..: 7a044dfe1c5e780f3f2b52b3bd066e463a37886e
        SHA256: e900d883001ec60353c2e8e1a54e1c5948a11513fffafbd5a28b44c1e319677a
        SHA512: 236d2908eb66bf50e4645e9f1d1b6bf8f276d7d3648625c84c5fe1fed5c7a8e6
        9383515201a6ba92804f5fa2ee2f63fcb73f32b6932990ab8d43750edcc4768e
        PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
        PEInfo: PE Structure information

        ( base data )
        entrypointaddress.: 0x44eb90
        timedatestamp.....: 0x45d4597b (Thu Feb 15 13:00:43 2007)
        machinetype.......: 0x14c (I386)

        ( 3 sections )
        name viradd virsiz rawdsiz ntrpy md5
        UPX0 0x1000 0x43000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
        UPX1 0x44000 0xb000 0xae00 7.87 2ee445c9295114c0f7460ea2faf9f9ac
        .rsrc 0x4f000 0x2000 0x1400 5.64 ae57805166aa636a1bca8c6d9e8d1c4e

        ( 2 imports )
        > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
        > MSVBVM60.DLL: -

        ( 0 exports )

        packers: UPX
        packers: UPX
        packers: PE_Patch.UPX, UPX
        0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. ludsfa Messages postés 1287 Statut Membre 15
     
    bien

    pas de soucis.

    passe à l'analyse de malware byte's posté un peu plus haut.
    j'attends ton rapport.
    0
  7. ninou
     
    je n'arrive pas à faire cette opération

    l'envoi du fichier dans le rapport msnfix :

    [color=#FF0000][b]==>/b/color SVP merci d'envoyer le fichier [b] C:\DOCUME~1\KARINE~1\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr

    tu peux m'aider ?
    0
  8. ludsfa Messages postés 1287 Statut Membre 15
     
    ce n'est pas grave laisse tomber cette partie.

    fait plutôt l'analyse malware byte's.
    0
    1. ninou
       
      Bonjour !

      voici le rapport :


      Malwarebytes' Anti-Malware 1.11
      Version de la base de données: 621

      Type de recherche: Examen complet (C:\|D:\|)
      Eléments examinés: 111175
      Temps écoulé: 3 hour(s), 4 minute(s), 49 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 2

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\WINDOWS\system32\azwbvjr_navps.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\azwbvjr_nav.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
      0
      1. ninou > ninou
         
        et voici le hijackthis :



        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 07:13:16, on 14/04/2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16640)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        c:\program files\a-squared free\a2service.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
        C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
        C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
        C:\WINDOWS\system32\HPZipm12.exe
        C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
        C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
        C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2filovemessenger%2fmars2005%2fbetty_boop.png%3f
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
        O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
        O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
        O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
        O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
        O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
        O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.aubertphotos.com/Components/Upload/ImageUploader3.cab
        O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
        O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
        O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxentelechargement.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
        O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
        O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
        O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
        O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
        O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
        O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
        O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
        O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
        0
      2. ninou > ninou
         
        et voici le hijackthis :



        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 07:13:16, on 14/04/2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16640)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        c:\program files\a-squared free\a2service.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
        C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
        C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
        C:\WINDOWS\system32\HPZipm12.exe
        C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
        C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
        C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2filovemessenger%2fmars2005%2fbetty_boop.png%3f
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
        O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
        O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
        O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
        O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
        O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
        O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.aubertphotos.com/Components/Upload/ImageUploader3.cab
        O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
        O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
        O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxentelechargement.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
        O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
        O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
        O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
        O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
        O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
        O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
        O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
        O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
        0
      3. ninou > ninou
         
        et voici le hijackthis :



        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 07:13:16, on 14/04/2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16640)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        c:\program files\a-squared free\a2service.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
        C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
        C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
        C:\WINDOWS\system32\HPZipm12.exe
        C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
        C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
        C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2filovemessenger%2fmars2005%2fbetty_boop.png%3f
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
        O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
        O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
        O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
        O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
        O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
        O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.aubertphotos.com/Components/Upload/ImageUploader3.cab
        O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
        O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
        O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxentelechargement.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
        O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
        O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
        O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
        O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
        O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
        O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
        O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
        O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
        0
  9. ludsfa Messages postés 1287 Statut Membre 15
     
    salut ninou.

    bon pour moi pas de soucis c'est bon.

    je ne suis pas là cette semaine .
    mais normalement c'est impec.

    a+
    0
    1. ninou
       
      ok merci beaucoup pour ton aide.
      Je voudrais juste comprendre pourquoi msnfix (je l'ai refais ce matin) me dit encore "infection présente", c bizarre non ?

      et aussi, que conseilles-tu comme anti virus ?
      j'avais avast, on m'a conseillé de le virer, ce que j'ai fait et j'ai mis antivir, ça te paraît un bon choix ?

      merci pour ton aide, c sympa.
      0
  10. ludsfa Messages postés 1287 Statut Membre 15
     
    oui ninou c'est un bon choix.

    fais ta première analyse en mode sans echec.ci-dessous le lien pour t'expliquer comment redémarrer en mode sans échec.

    http://forum.telecharger.01net.com/forum/high-tech/SECURITE/Securite/redemarrer-mode-echec-sujet_1526_1.htm

    Pour les alertes msn c'est juste qu'il à une suspicion envers les deux fichiers que je t'ai fait analyser mais apparemment virus total ne les décrits pas comme menaçant.
    Mais si tu le préfère tu peux les supprimés. les voici:
    1) [C:\ATF-Cleaner.exe] D9DE89F0FAF18019BC9595F0F47BCA61
    2) [C:\CertiNomis.exe] 885AF93F7CF596BB231779463096C9C8



    supprimes ces fichiers et ensuite dis moi si tu as encore des alertes.Et poste moi le rapport antivir en mode sans échec.

    ensuite par mesure de sécurité on fera une recherche trojan.
    0
  11. ninou
     
    Bonjour

    mille mercis pour ton aide, excuse moi pour ces quelques jours d'absences

    voici le rapport antivir mode dans echec comme tu me l'as demandé :

    Avira AntiVir Personal
    Report file date: samedi 19 avril 2008 15:08

    Scanning for 1218459 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Save mode
    Username: Karine et Romain
    Computer name: NINOU

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 17/04/2008 13:07:19
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 17/04/2008 13:07:19
    LUKE.DLL : 8.1.2.9 151809 Bytes 17/04/2008 13:07:20
    LUKERES.DLL : 8.1.2.1 12033 Bytes 17/04/2008 13:07:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 17:05:59
    ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 18:05:10
    ANTIVIR3.VDF : 7.0.3.188 342016 Bytes 18/04/2008 13:07:20
    Engineversion : 8.1.0.32
    AEVDF.DLL : 8.1.0.5 102772 Bytes 17/04/2008 13:07:21
    AESCRIPT.DLL : 8.1.0.26 233850 Bytes 17/04/2008 13:07:21
    AESCN.DLL : 8.1.0.14 119156 Bytes 17/04/2008 13:07:21
    AERDL.DLL : 8.1.0.19 418164 Bytes 17/04/2008 13:07:21
    AEPACK.DLL : 8.1.1.2 364917 Bytes 17/04/2008 13:07:21
    AEOFFICE.DLL : 8.1.0.18 192890 Bytes 17/04/2008 13:07:21
    AEHEUR.DLL : 8.1.0.18 1167735 Bytes 17/04/2008 13:07:21
    AEHELP.DLL : 8.1.0.14 115063 Bytes 17/04/2008 13:07:20
    AEGEN.DLL : 8.1.0.17 299380 Bytes 17/04/2008 13:07:20
    AEEMU.DLL : 8.1.0.5 430450 Bytes 17/04/2008 13:07:20
    AECORE.DLL : 8.1.0.27 168310 Bytes 17/04/2008 13:07:20
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 17/04/2008 13:07:19
    AVPREF.DLL : 8.0.0.1 25857 Bytes 17/04/2008 13:07:19
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVREG.DLL : 8.0.0.0 30977 Bytes 17/04/2008 13:07:19
    AVARKT.DLL : 1.0.0.23 307457 Bytes 17/04/2008 13:07:18
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 17/04/2008 13:07:19
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 17/04/2008 13:07:20
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 17/04/2008 13:07:20
    NETNT.DLL : 8.0.0.1 7937 Bytes 17/04/2008 13:07:20
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 17/04/2008 13:07:13
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 17/04/2008 13:07:14

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: samedi 19 avril 2008 15:08

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    13 processes with 13 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '26' files ).

    Starting the file scan:

    Begin scan in 'C:\' <Karine et Romain>
    C:\pagefile.sys
    [WARNING] The file could not be opened!

    End of the scan: samedi 19 avril 2008 16:04
    Used time: 55:32 min

    The scan has been done completely.

    7685 Scanning directories
    286805 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    286805 Files not concerned
    7456 Archives were scanned
    1 Warnings
    0 Notes
    0
  12. ninou
     
    Bonjour

    mille mercis pour ton aide, excuse moi pour ces quelques jours d'absences

    voici le rapport antivir mode dans echec comme tu me l'as demandé :

    Avira AntiVir Personal
    Report file date: samedi 19 avril 2008 15:08

    Scanning for 1218459 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Save mode
    Username: Karine et Romain
    Computer name: NINOU

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 17/04/2008 13:07:19
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 17/04/2008 13:07:19
    LUKE.DLL : 8.1.2.9 151809 Bytes 17/04/2008 13:07:20
    LUKERES.DLL : 8.1.2.1 12033 Bytes 17/04/2008 13:07:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 17:05:59
    ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 18:05:10
    ANTIVIR3.VDF : 7.0.3.188 342016 Bytes 18/04/2008 13:07:20
    Engineversion : 8.1.0.32
    AEVDF.DLL : 8.1.0.5 102772 Bytes 17/04/2008 13:07:21
    AESCRIPT.DLL : 8.1.0.26 233850 Bytes 17/04/2008 13:07:21
    AESCN.DLL : 8.1.0.14 119156 Bytes 17/04/2008 13:07:21
    AERDL.DLL : 8.1.0.19 418164 Bytes 17/04/2008 13:07:21
    AEPACK.DLL : 8.1.1.2 364917 Bytes 17/04/2008 13:07:21
    AEOFFICE.DLL : 8.1.0.18 192890 Bytes 17/04/2008 13:07:21
    AEHEUR.DLL : 8.1.0.18 1167735 Bytes 17/04/2008 13:07:21
    AEHELP.DLL : 8.1.0.14 115063 Bytes 17/04/2008 13:07:20
    AEGEN.DLL : 8.1.0.17 299380 Bytes 17/04/2008 13:07:20
    AEEMU.DLL : 8.1.0.5 430450 Bytes 17/04/2008 13:07:20
    AECORE.DLL : 8.1.0.27 168310 Bytes 17/04/2008 13:07:20
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 17/04/2008 13:07:19
    AVPREF.DLL : 8.0.0.1 25857 Bytes 17/04/2008 13:07:19
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVREG.DLL : 8.0.0.0 30977 Bytes 17/04/2008 13:07:19
    AVARKT.DLL : 1.0.0.23 307457 Bytes 17/04/2008 13:07:18
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 17/04/2008 13:07:19
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 17/04/2008 13:07:20
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 17/04/2008 13:07:20
    NETNT.DLL : 8.0.0.1 7937 Bytes 17/04/2008 13:07:20
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 17/04/2008 13:07:13
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 17/04/2008 13:07:14

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: samedi 19 avril 2008 15:08

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    13 processes with 13 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '26' files ).

    Starting the file scan:

    Begin scan in 'C:\' <Karine et Romain>
    C:\pagefile.sys
    [WARNING] The file could not be opened!

    End of the scan: samedi 19 avril 2008 16:04
    Used time: 55:32 min

    The scan has been done completely.

    7685 Scanning directories
    286805 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    286805 Files not concerned
    7456 Archives were scanned
    1 Warnings
    0 Notes
    0
    1. ninou
       
      msn fix me dit encore "infection présente"
      voici le rapport :

      MSNFix 1.711

      C:\Documents and Settings\Karine et Romain\Bureau\MSNFix
      Fix exécuté le 26/04/2008 - 19:08:39,44 By Karine et Romain
      mode normal

      ************************ Recherche les fichiers présents

      Aucun Fichier trouvé

      ************************ Recherche les dossiers présents

      ... \TEMP\




      ************************ Suppression des fichiers



      ************************ Suppression des dossiers

      /!\ ... \TEMP\


      ************************ Nettoyage du registre



      ************************ Fichiers suspects

      Aucun Fichier trouvé


      Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 26042008_19094347.zip

      ************************ HKLM\...\Winlogon\Userinit

      Userinit = C:\WINDOWS\system32\userinit.exe,


      ------------------------------------------------------------------------
      Auteur : !aur3n7 Contact: https://www.ionos.fr/
      ------------------------------------------------------------------------

      --------------------------------------------- END ---------------------------------------------
      0
  13. ludsfa Messages postés 1287 Statut Membre 15
     
    salut

    pas d'envois à tes contacts?

    C'est bon alors.

    C'est clean pour moi.

    télécharge ToolsCleaner sur ton bureau.

    Une fois installé tu fais rechercher et ensuite tu fais suppression.
    Un rapport va être générer envois le moi.
    0
    1. Ninou
       
      bonsoir

      j'ai fait tout ce que tu m'as dis mais j'ai effacé le rapport Toolscleaner par erreur. J'avais tout fait come tu m'avais indiqué, "recherche" puis "supprimer"

      Il semblerait que je n'ai plus rien malgré le fait que msnfix m'indique encore et toujours "infection présente"

      Qu'en penses-tu ?

      Mille mercis pour toute ton aide.
      0
  14. ludsfa Messages postés 1287 Statut Membre 15
     
    salut

    Télécharge Combofix (par sUBs) sur ton Bureau:http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Double clique combofix.exe.
    Tape sur la touche 1 (Yes) pour démarrer le scan.
    Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : C:\Combofix.txt
    0
    1. ninou
       
      bonsoir;

      voici le rapport

      ça n'a pas arrêté de me dire "dossier XXX endommagé et illisible, veuillez executer l'utilitaire CHKDSK.

      Ca veut dire quoi ???

      ComboFix 08-05-01.3 - Karine et Romain 2008-05-03 9:04:46.2 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.599 [GMT 2:00]
      Endroit: C:\Documents and Settings\Karine et Romain\Bureau\ComboFix.exe

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      ---- Previous Run -------
      .
      C:\WINDOWS\pack.epk

      .
      ((((((((((((((((((((((((((((( Fichiers créés 2008-04-03 to 2008-05-03 ))))))))))))))))))))))))))))))))))))
      .

      2008-04-27 09:40 . 2008-04-27 09:40 <REP> d----c--- C:\games
      2008-04-27 09:23 . 2008-04-27 09:23 <REP> d----c--- C:\Program Files\ReflexiveArcade
      2008-04-27 09:06 . 2008-04-27 09:06 <REP> d----c--- C:\Documents and Settings\Karine et Romain\Saved Games
      2008-04-26 19:06 . 2008-04-26 19:06 <REP> d----c--- C:\Documents and Settings\Karine et Romain\Application Data\Big Fish Games
      2008-04-21 18:20 . 2008-04-21 18:22 <REP> d----c--- C:\Documents and Settings\Karine et Romain\amsn
      2008-04-16 19:33 . 2008-04-16 19:33 <REP> d----c--- C:\Program Files\iTunes
      2008-04-16 19:33 . 2008-04-16 19:33 <REP> d----c--- C:\Program Files\iPod
      2008-04-16 19:00 . 2008-04-16 19:00 <REP> d----c--- C:\Program Files\SAGEM WiFi manager
      2008-04-16 19:00 . 2006-01-18 14:09 31,744 --a--c--- C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
      2008-04-16 19:00 . 2006-01-18 14:09 29,184 --a--c--- C:\WINDOWS\system32\drivers\BRGSp50a64.sys
      2008-04-16 19:00 . 2006-01-18 14:09 20,608 --a--c--- C:\WINDOWS\system32\drivers\BRGSp50.sys
      2008-04-16 19:00 . 2006-01-18 14:09 17,664 --a--c--- C:\WINDOWS\system32\drivers\ZDPSp50.sys
      2008-04-16 18:58 . 2005-12-22 14:45 493,440 --a--c--- C:\WINDOWS\system32\drivers\WlanBZ64.SYS
      2008-04-16 18:58 . 2005-12-22 14:45 402,432 --a--c--- C:\WINDOWS\system32\drivers\WlanBZXP.sys
      2008-04-13 20:36 . 2008-04-13 20:36 <REP> d----c--- C:\Program Files\Malwarebytes' Anti-Malware
      2008-04-13 20:36 . 2008-04-13 20:36 <REP> d----c--- C:\Documents and Settings\Karine et Romain\Application Data\Malwarebytes
      2008-04-13 20:36 . 2008-04-13 20:36 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-04-10 19:58 . 2008-04-10 19:58 <REP> d----c--- C:\Program Files\Avira
      2008-04-10 19:58 . 2008-04-10 19:58 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Avira
      2008-04-10 19:57 . 2008-04-10 19:57 17,788,920 --a--c--- C:\Program Files\antivir_workstation_win7u_en_h.exe
      2008-04-10 19:41 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
      2008-04-10 19:41 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
      2008-04-10 19:41 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
      2008-04-10 19:41 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
      2008-04-10 19:41 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
      2008-04-10 19:41 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
      2008-04-10 19:41 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
      2008-04-10 19:41 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
      2008-04-10 19:41 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
      2008-04-09 19:20 . 2008-04-09 19:20 <REP> d----c--- C:\Documents and Settings\Karine et Romain\Application Data\Grisoft
      2008-04-09 19:19 . 2007-05-30 14:10 10,872 --a--c--- C:\WINDOWS\system32\drivers\AvgAsCln.sys
      2008-04-07 00:17 . 2008-04-27 09:21 <REP> d----c--- C:\Program Files\Trend Micro
      2008-04-07 00:09 . 2008-04-07 00:45 <REP> d----c--- C:\WINDOWS\BDOSCAN8
      2008-04-07 00:00 . 2008-04-27 09:24 <REP> d----c--- C:\WINDOWS\ERUNT
      2008-04-06 18:05 . 2008-04-06 18:13 <REP> d----c--- C:\Program Files\RegCleaner

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-05-03 07:03 --------- dc----w C:\Program Files\eMule
      2008-04-27 07:28 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
      2008-04-27 07:00 --------- dc----w C:\Program Files\MSN Games
      2008-04-19 15:31 --------- dc----w C:\Documents and Settings\Karine et Romain\Application Data\MyPhoneExplorer
      2008-04-16 17:31 --------- dc----w C:\Program Files\QuickTime
      2008-04-16 17:21 --------- dc----w C:\Documents and Settings\Karine et Romain\Application Data\Apple Computer
      2008-04-16 17:00 --------- dc-h--w C:\Program Files\InstallShield Installation Information
      2008-04-16 16:53 --------- dc----w C:\Program Files\Apple Software Update
      2008-04-10 17:23 --------- dc----w C:\Program Files\Google
      2008-04-10 17:07 --------- dc----w C:\Program Files\Java
      2008-04-09 17:18 --------- dc----w C:\Program Files\WordBiz
      2008-04-09 16:59 --------- dc----w C:\Program Files\Wanadoo
      2008-04-06 14:38 --------- dc----w C:\Program Files\a-squared Free
      2008-03-30 21:57 --------- dc----w C:\Program Files\Messenger Plus! Live
      2008-03-30 21:54 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-03-30 21:51 --------- dc----w C:\Program Files\Spybot - Search & Destroy
      2008-03-30 21:51 --------- dc----w C:\Documents and Settings\All Users\Application Data\Grisoft
      2008-03-30 21:50 691,545 -c--a-w C:\WINDOWS\unins000.exe
      2008-03-20 08:09 1,845,376 -c--a-w C:\WINDOWS\system32\win32k.sys
      2008-03-01 12:58 826,368 -c--a-w C:\WINDOWS\system32\wininet.dll
      2008-02-20 06:51 282,624 -c--a-w C:\WINDOWS\system32\gdi32.dll
      2008-02-20 05:35 45,568 -c--a-w C:\WINDOWS\system32\dnsrslvr.dll
      2008-02-01 18:30 278,528 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
      2008-01-25 13:29 5,597 -c-ha-w C:\Program Files\hpothb07.tif
      2008-01-25 13:29 3,354 -c-ha-w C:\Program Files\hpothb07.dat
      2007-03-30 12:59 2,442,222 -c--a-w C:\Program Files\eMule047c.exe
      2006-11-16 11:17 4,875,864 -c--a-w C:\Program Files\MsgPlusLive-410.exe
      2006-11-16 11:16 4,752,968 -c--a-w C:\Program Files\MsgPlus-363.exe
      2006-10-20 19:30 8,282,187 -c--a-w C:\Program Files\vlc-0.8.5-win32.exe
      2006-10-20 19:26 15,926,792 -c--a-w C:\Program Files\DivXPlay.exe
      2006-10-10 23:09 6,652,812 -c--a-w C:\Program Files\sld.codec.pack.2.2.exe
      2006-10-10 22:34 18,715,215 -c--a-w C:\Program Files\klcodec277f.exe
      2006-10-10 22:25 1,004,139 -c--a-w C:\Program Files\pack_ultime.exe
      2006-10-10 22:21 2,919,160 -c--a-w C:\Program Files\WindowsMedia-Q828026-x86-FRA.exe
      2006-10-10 22:21 12,814,336 -c--a-w C:\Program Files\mp10setup.exe
      2006-10-03 22:22 15,030,904 -c--a-w C:\Program Files\DivXInstaller.exe
      2006-09-25 12:14 1,035,090 -c--a-w C:\Program Files\wrar361.exe
      2006-09-24 21:38 699,177 -c--a-w C:\Program Files\WordBiz18.exe
      2006-09-24 17:41 16,277,288 -c--a-w C:\Program Files\Install_Messenger.exe
      2006-09-24 17:33 867,392 -c--a-w C:\Program Files\GoogleToolbarInstaller.exe
      2006-09-24 17:27 3,511,538 -c--a-w C:\Program Files\eMule0.47c-Installer.exe
      2006-09-24 16:40 12,023,296 -c--a-w C:\Program Files\setupfre.exe
      2006-09-24 16:33 5,037,072 -c--a-w C:\Program Files\spybotsd14.exe
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
      "eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 16:57 5308416]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-17 15:07 262401]
      "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.l3acm"= l3codecp.acm

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
      backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 2000 Series.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hp psc 2000 Series.lnk
      backup=C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk
      backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
      backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk
      backup=C:\WINDOWS\pss\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
      --a--c--- 2007-06-11 11:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
      --a--c--- 2007-03-16 11:45 63712 C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
      --a--c--- 2004-10-28 23:37 88363 C:\WINDOWS\agrsmmsg.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
      --a--c--- 2006-05-10 12:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
      --a--c--- 2005-03-22 21:05 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\azwbvjr]
      --a--c--- 2007-03-14 16:57 314368 c:\windows\system32\azwbvjr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]


      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
      --a--c--- 2004-08-05 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Diddl_Scr.exe]
      C:\Program Files\Diddl Screenmate\Diddl_Scr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
      --a--c--- 2004-08-03 02:05 122939 C:\WINDOWS\system32\dla\tfswctrl.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3600 Series]
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
      --a--c--- 2005-05-11 23:12 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
      --a--c--- 2005-06-01 18:35 49152 C:\Program Files\Hewlett-Packard\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
      --a--c--- 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
      C:\WINDOWS\system32\dumprep 0 -k

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
      --a--c--- 2003-09-06 02:16 184320 C:\Program Files\ltmoh\Ltmoh.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
      C:\Program Files\MessengerPlus! 3\MsgPlus.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\messengerskinner]
      C:\Program Files\MessengerSkinner\MessengerSkinner.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
      C:\Program Files\MSN Messenger\MsnMsgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]


      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
      --a--c--- 2004-11-17 11:56 1077327 C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      --a--c--- 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
      --a--c--- 2004-12-21 10:48 118784 C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
      C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
      --a--c--- 2004-08-06 08:27 860160 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
      --a--c--- 2004-07-27 13:48 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
      -rahsc--- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
      --a--c--- 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
      C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\synkib]
      c:\windows\system32\synkib.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
      --a--c--- 2004-10-15 00:26 688218 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
      --a--c--- 2004-10-15 00:28 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]


      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
      --a--c--- 2005-01-14 17:45 352256 C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
      --a------ 2006-09-24 22:53 185784 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
      --a--c--- 2003-09-15 17:19 65536 C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
      --a--c--- 2005-01-21 11:28 266240 C:\WINDOWS\system32\TPSMain.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
      --a--c--- 2004-11-12 18:57 73728 C:\Program Files\Toshiba\Tvs\TvsTray.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
      -ra--c--- 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
      C:\Program Files\Winamp\winampa.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
      C:\PROGRA~1\Wanadoo\Shell.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
      C:\PROGRA~1\Wanadoo\GestMaj.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
      C:\PROGRA~1\Wanadoo\Watch.exe

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphver08.exe"=
      "C:\\Program Files\\eMule\\emule.exe"=
      "C:\\WINDOWS\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "7561:TCP"= 7561:TCP:EMULE TCP
      "7571:UDP"= 7571:UDP:EMULE UDP

      R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 14:45]
      S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 13:16]
      S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 13:17]
      S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 13:17]
      S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-18 00:18]
      S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2008-04-16 17:24:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2007-04-18 11:59:15 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1159185512.job"
      - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
      "2006-09-24 15:27:39 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
      - C:\WINDOWS\system32\OOBE\oobebaln.exe
      "2006-09-24 15:27:40 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
      - C:\WINDOWS\system32\OOBE\oobebaln.exe
      "2006-09-24 15:27:40 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
      - C:\WINDOWS\system32\OOBE\oobebaln.exe
      "2008-05-03 07:07:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
      - C:\Program Files\Symantec\LiveUpdate\NDetect.exe
      "2008-01-22 12:59:07 C:\WINDOWS\Tasks\WebReg 20060925135956.job"
      - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exeQ/TaskName 20060925135956 /N
      .
      **************************************************************************

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-03 09:08:20
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-05-03 9:10:03
      ComboFix-quarantined-files.txt 2008-05-03 07:09:43

      Pre-Run: 32,198,021,120 octets libres
      Post-Run: 32,565,080,064 octets libres

      259 --- E O F --- 2008-04-10 17:02:15
      0
  15. ludsfa Messages postés 1287 Statut Membre 15
     
    salut ninou repasse combofix une fois .

    T'inquiète pas pour xxx.

    et fais moi un hijackthis après.
    0
    1. ninou
       
      COUCOU
      voici le comboxfix, je te fais le hijackthis de suite



      ComboFix 08-05-01.3 - Karine et Romain 2008-05-04 18:16:36.3 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.616 [GMT 2:00]
      Endroit: C:\Documents and Settings\Karine et Romain\Bureau\ComboFix.exe

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      ((((((((((((((((((((((((((((( Fichiers créés 2008-04-04 to 2008-05-04 ))))))))))))))))))))))))))))))))))))
      .

      2008-05-03 09:02 . 2008-05-03 09:02 <REP> d----c--- C:\Program Files\Farm Frenzy
      2008-04-27 09:40 . 2008-04-27 09:40 <REP> d----c--- C:\games
      2008-04-27 09:23 . 2008-04-27 09:23 <REP> d----c--- C:\Program Files\ReflexiveArcade
      2008-04-27 09:06 . 2008-04-27 09:06 <REP> d----c--- C:\Documents and Settings\Karine et Romain\Saved Games
      2008-04-26 19:06 . 2008-04-26 19:06 <REP> d----c--- C:\Documents and Settings\Karine et Romain\Application Data\Big Fish Games
      2008-04-21 18:20 . 2008-04-21 18:22 <REP> d----c--- C:\Documents and Settings\Karine et Romain\amsn
      2008-04-16 19:33 . 2008-04-16 19:33 <REP> d----c--- C:\Program Files\iTunes
      2008-04-16 19:33 . 2008-04-16 19:33 <REP> d----c--- C:\Program Files\iPod
      2008-04-16 19:00 . 2008-04-16 19:00 <REP> d----c--- C:\Program Files\SAGEM WiFi manager
      2008-04-16 19:00 . 2006-01-18 14:09 31,744 --a--c--- C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
      2008-04-16 19:00 . 2006-01-18 14:09 29,184 --a--c--- C:\WINDOWS\system32\drivers\BRGSp50a64.sys
      2008-04-16 19:00 . 2006-01-18 14:09 20,608 --a--c--- C:\WINDOWS\system32\drivers\BRGSp50.sys
      2008-04-16 19:00 . 2006-01-18 14:09 17,664 --a--c--- C:\WINDOWS\system32\drivers\ZDPSp50.sys
      2008-04-16 18:58 . 2005-12-22 14:45 493,440 --a--c--- C:\WINDOWS\system32\drivers\WlanBZ64.SYS
      2008-04-16 18:58 . 2005-12-22 14:45 402,432 --a--c--- C:\WINDOWS\system32\drivers\WlanBZXP.sys
      2008-04-13 20:36 . 2008-04-13 20:36 <REP> d----c--- C:\Program Files\Malwarebytes' Anti-Malware
      2008-04-13 20:36 . 2008-04-13 20:36 <REP> d----c--- C:\Documents and Settings\Karine et Romain\Application Data\Malwarebytes
      2008-04-13 20:36 . 2008-04-13 20:36 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-04-10 19:58 . 2008-04-10 19:58 <REP> d----c--- C:\Program Files\Avira
      2008-04-10 19:58 . 2008-04-10 19:58 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Avira
      2008-04-10 19:57 . 2008-04-10 19:57 17,788,920 --a--c--- C:\Program Files\antivir_workstation_win7u_en_h.exe
      2008-04-10 19:41 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
      2008-04-10 19:41 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
      2008-04-10 19:41 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
      2008-04-10 19:41 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
      2008-04-10 19:41 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
      2008-04-10 19:41 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
      2008-04-10 19:41 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
      2008-04-10 19:41 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
      2008-04-10 19:41 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
      2008-04-09 19:20 . 2008-04-09 19:20 <REP> d----c--- C:\Documents and Settings\Karine et Romain\Application Data\Grisoft
      2008-04-09 19:19 . 2007-05-30 14:10 10,872 --a--c--- C:\WINDOWS\system32\drivers\AvgAsCln.sys
      2008-04-07 00:17 . 2008-04-27 09:21 <REP> d----c--- C:\Program Files\Trend Micro
      2008-04-07 00:09 . 2008-04-07 00:45 <REP> d----c--- C:\WINDOWS\BDOSCAN8
      2008-04-07 00:00 . 2008-04-27 09:24 <REP> d----c--- C:\WINDOWS\ERUNT
      2008-04-06 18:05 . 2008-04-06 18:13 <REP> d----c--- C:\Program Files\RegCleaner

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-05-03 07:03 --------- dc----w C:\Program Files\eMule
      2008-04-27 07:28 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
      2008-04-27 07:00 --------- dc----w C:\Program Files\MSN Games
      2008-04-19 15:31 --------- dc----w C:\Documents and Settings\Karine et Romain\Application Data\MyPhoneExplorer
      2008-04-16 17:31 --------- dc----w C:\Program Files\QuickTime
      2008-04-16 17:21 --------- dc----w C:\Documents and Settings\Karine et Romain\Application Data\Apple Computer
      2008-04-16 17:00 --------- dc-h--w C:\Program Files\InstallShield Installation Information
      2008-04-16 16:53 --------- dc----w C:\Program Files\Apple Software Update
      2008-04-10 17:23 --------- dc----w C:\Program Files\Google
      2008-04-10 17:07 --------- dc----w C:\Program Files\Java
      2008-04-09 17:18 --------- dc----w C:\Program Files\WordBiz
      2008-04-09 16:59 --------- dc----w C:\Program Files\Wanadoo
      2008-04-06 14:38 --------- dc----w C:\Program Files\a-squared Free
      2008-03-30 21:57 --------- dc----w C:\Program Files\Messenger Plus! Live
      2008-03-30 21:54 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-03-30 21:51 --------- dc----w C:\Program Files\Spybot - Search & Destroy
      2008-03-30 21:51 --------- dc----w C:\Documents and Settings\All Users\Application Data\Grisoft
      2008-03-30 21:50 691,545 -c--a-w C:\WINDOWS\unins000.exe
      2008-03-20 08:09 1,845,376 -c--a-w C:\WINDOWS\system32\win32k.sys
      2008-03-01 12:58 826,368 -c--a-w C:\WINDOWS\system32\wininet.dll
      2008-02-20 06:51 282,624 -c--a-w C:\WINDOWS\system32\gdi32.dll
      2008-02-20 05:35 45,568 -c--a-w C:\WINDOWS\system32\dnsrslvr.dll
      2008-02-01 18:30 278,528 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
      2008-01-25 13:29 5,597 -c-ha-w C:\Program Files\hpothb07.tif
      2008-01-25 13:29 3,354 -c-ha-w C:\Program Files\hpothb07.dat
      2007-03-30 12:59 2,442,222 -c--a-w C:\Program Files\eMule047c.exe
      2006-11-16 11:17 4,875,864 -c--a-w C:\Program Files\MsgPlusLive-410.exe
      2006-11-16 11:16 4,752,968 -c--a-w C:\Program Files\MsgPlus-363.exe
      2006-10-20 19:30 8,282,187 -c--a-w C:\Program Files\vlc-0.8.5-win32.exe
      2006-10-20 19:26 15,926,792 -c--a-w C:\Program Files\DivXPlay.exe
      2006-10-10 23:09 6,652,812 -c--a-w C:\Program Files\sld.codec.pack.2.2.exe
      2006-10-10 22:34 18,715,215 -c--a-w C:\Program Files\klcodec277f.exe
      2006-10-10 22:25 1,004,139 -c--a-w C:\Program Files\pack_ultime.exe
      2006-10-10 22:21 2,919,160 -c--a-w C:\Program Files\WindowsMedia-Q828026-x86-FRA.exe
      2006-10-10 22:21 12,814,336 -c--a-w C:\Program Files\mp10setup.exe
      2006-10-03 22:22 15,030,904 -c--a-w C:\Program Files\DivXInstaller.exe
      2006-09-25 12:14 1,035,090 -c--a-w C:\Program Files\wrar361.exe
      2006-09-24 21:38 699,177 -c--a-w C:\Program Files\WordBiz18.exe
      2006-09-24 17:41 16,277,288 -c--a-w C:\Program Files\Install_Messenger.exe
      2006-09-24 17:33 867,392 -c--a-w C:\Program Files\GoogleToolbarInstaller.exe
      2006-09-24 17:27 3,511,538 -c--a-w C:\Program Files\eMule0.47c-Installer.exe
      2006-09-24 16:40 12,023,296 -c--a-w C:\Program Files\setupfre.exe
      2006-09-24 16:33 5,037,072 -c--a-w C:\Program Files\spybotsd14.exe
      .

      ((((((((((((((((((((((((((((( snapshot@2008-05-03_ 9.09.31.90 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-05-03 07:03:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
      + 2008-05-03 07:02:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
      "eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 16:57 5308416]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-17 15:07 262401]
      "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.l3acm"= l3codecp.acm

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
      backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 2000 Series.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hp psc 2000 Series.lnk
      backup=C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk
      backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
      backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk
      backup=C:\WINDOWS\pss\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
      --a--c--- 2007-06-11 11:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
      --a--c--- 2007-03-16 11:45 63712 C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
      --a--c--- 2004-10-28 23:37 88363 C:\WINDOWS\agrsmmsg.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
      --a--c--- 2006-05-10 12:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
      --a--c--- 2005-03-22 21:05 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\azwbvjr]
      --a--c--- 2007-03-14 16:57 314368 c:\windows\system32\azwbvjr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]


      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
      --a--c--- 2004-08-05 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Diddl_Scr.exe]
      C:\Program Files\Diddl Screenmate\Diddl_Scr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
      --a--c--- 2004-08-03 02:05 122939 C:\WINDOWS\system32\dla\tfswctrl.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3600 Series]
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
      --a--c--- 2005-05-11 23:12 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
      --a--c--- 2005-06-01 18:35 49152 C:\Program Files\Hewlett-Packard\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
      --a--c--- 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
      C:\WINDOWS\system32\dumprep 0 -k

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
      --a--c--- 2003-09-06 02:16 184320 C:\Program Files\ltmoh\Ltmoh.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
      C:\Program Files\MessengerPlus! 3\MsgPlus.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\messengerskinner]
      C:\Program Files\MessengerSkinner\MessengerSkinner.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
      C:\Program Files\MSN Messenger\MsnMsgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]


      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
      --a--c--- 2004-11-17 11:56 1077327 C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      --a--c--- 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
      --a--c--- 2004-12-21 10:48 118784 C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
      C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
      --a--c--- 2004-08-06 08:27 860160 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
      --a--c--- 2004-07-27 13:48 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
      -rahsc--- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
      --a--c--- 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
      C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\synkib]
      c:\windows\system32\synkib.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
      --a--c--- 2004-10-15 00:26 688218 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
      --a--c--- 2004-10-15 00:28 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]


      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
      --a--c--- 2005-01-14 17:45 352256 C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
      --a------ 2006-09-24 22:53 185784 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
      --a--c--- 2003-09-15 17:19 65536 C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
      --a--c--- 2005-01-21 11:28 266240 C:\WINDOWS\system32\TPSMain.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
      --a--c--- 2004-11-12 18:57 73728 C:\Program Files\Toshiba\Tvs\TvsTray.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
      -ra--c--- 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
      C:\Program Files\Winamp\winampa.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
      C:\PROGRA~1\Wanadoo\Shell.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
      C:\PROGRA~1\Wanadoo\GestMaj.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
      C:\PROGRA~1\Wanadoo\Watch.exe

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphver08.exe"=
      "C:\\Program Files\\eMule\\emule.exe"=
      "C:\\WINDOWS\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "7561:TCP"= 7561:TCP:EMULE TCP
      "7571:UDP"= 7571:UDP:EMULE UDP

      R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 14:45]
      S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 13:16]
      S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 13:17]
      S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 13:17]
      S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-18 00:18]
      S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2008-04-16 17:24:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2007-04-18 11:59:15 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1159185512.job"
      - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
      "2006-09-24 15:27:39 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
      - C:\WINDOWS\system32\OOBE\oobebaln.exe
      "2006-09-24 15:27:40 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
      - C:\WINDOWS\system32\OOBE\oobebaln.exe
      "2006-09-24 15:27:40 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
      - C:\WINDOWS\system32\OOBE\oobebaln.exe
      "2008-05-04 16:17:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
      - C:\Program Files\Symantec\LiveUpdate\NDetect.exe
      "2008-01-22 12:59:07 C:\WINDOWS\Tasks\WebReg 20060925135956.job"
      - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exeQ/TaskName 20060925135956 /N
      .
      **************************************************************************

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-04 18:19:14
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-05-04 18:20:57
      ComboFix-quarantined-files.txt 2008-05-04 16:20:28
      ComboFix2.txt 2008-05-03 07:10:04

      Pre-Run: 33,074,147,328 octets libres
      Post-Run: 33,150,799,872 octets libres

      259 --- E O F --- 2008-04-10 17:02:15
      0
      1. ninou > ninou
         
        et voilà :

        qu'en est-il ? moi je n'y comprends pas grand chose
        merci encore pour ta patience.

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 18:30:43, on 04/05/2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16640)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
        C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\eMule\emule.exe
        c:\program files\a-squared free\a2service.exe
        C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
        C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
        C:\WINDOWS\system32\HPZipm12.exe
        C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
        C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
        C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
        C:\WINDOWS\explorer.exe
        C:\WINDOWS\system32\notepad.exe
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2filovemessenger%2fmars2005%2fbetty_boop.png%3f
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
        O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
        O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
        O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
        O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
        O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.aubertphotos.com/Components/Upload/ImageUploader3.cab
        O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
        O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
        O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxentelechargement.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
        O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
        O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
        O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
        O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
        O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
        O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
        O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
        O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
        0
  16. ludsfa Messages postés 1287 Statut Membre 15
     
    salut,

    rends toi sur virus total:https://www.virustotal.com/gui/

    fais analser ce fichier:

    C:\WINDOWS\system32\userinit.exe,


    envois ensuite le rapport.
    0
    1. ninou
       
      Voilà :


      Fichier userinit.exe reçu le 2008.05.06 19:25:18 (CET)
      Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE


      Résultat: 0/31 (0%)
      en train de charger les informations du serveur...
      Votre fichier est dans la file d'attente, en position: 6.
      L'heure estimée de démarrage est entre 58 et 83 secondes.
      Ne fermez pas la fenêtre avant la fin de l'analyse.
      L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
      Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
      Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
      les résultats seront affichés au fur et à mesure de leur génération.
      Formaté Impression des résultats
      Votre fichier a expiré ou n'existe pas.
      Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

      Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
      Email:


      Antivirus Version Dernière mise à jour Résultat
      AhnLab-V3 2008.5.3.0 2008.05.06 -
      AntiVir 7.8.0.11 2008.05.06 -
      Authentium 4.93.8 2008.05.06 -
      Avast 4.8.1169.0 2008.05.05 -
      AVG 7.5.0.516 2008.05.06 -
      BitDefender 7.2 2008.05.06 -
      CAT-QuickHeal 9.50 2008.05.06 -
      ClamAV 0.92.1 2008.05.06 -
      DrWeb 4.44.0.09170 2008.05.06 -
      eSafe 7.0.15.0 2008.05.06 -
      eTrust-Vet 31.3.5763 2008.05.06 -
      Ewido 4.0 2008.05.06 -
      F-Prot 4.4.2.54 2008.05.05 -
      F-Secure 6.70.13260.0 2008.05.06 -
      Fortinet 3.14.0.0 2008.05.06 -
      Ikarus T3.1.1.26.0 2008.05.06 -
      Kaspersky 7.0.0.125 2008.05.06 -
      McAfee 5289 2008.05.06 -
      Microsoft 1.3408 2008.05.06 -
      NOD32v2 3079 2008.05.06 -
      Norman 5.80.02 2008.05.06 -
      Panda 9.0.0.4 2008.05.06 -
      Prevx1 V2 2008.05.06 -
      Rising 20.43.12.00 2008.05.06 -
      Sophos 4.29.0 2008.05.06 -
      Sunbelt 3.0.1097.0 2008.05.06 -
      Symantec 10 2008.05.06 -
      TheHacker 6.2.92.300 2008.05.03 -
      VBA32 3.12.6.5 2008.05.06 -
      VirusBuster 4.3.26:9 2008.05.06 -
      Webwasher-Gateway 6.6.2 2008.05.06 -
      Information additionnelle
      File size: 25088 bytes
      MD5...: d6d65ea32b190401b57edb6706f29669
      SHA1..: 273ea1a839056c60444238b248213ce6c94d1c3f
      SHA256: bf8cb19c5ce66d4cf7d410ea3824d082888cefa21b59c1e8fc509b2098afef27
      SHA512: 66b0335682c84fad3c3792725565d6ec695c7709b13607b38208f21bad12593c
      520ca0aed2377e5758b7b9ed2853973d50c56ece608a9079166ab84c50327494
      PEiD..: -
      PEInfo: PE Structure information

      ( base data )
      entrypointaddress.: 0x10050e5
      timedatestamp.....: 0x41107b78 (Wed Aug 04 06:00:24 2004)
      machinetype.......: 0x14c (I386)

      ( 3 sections )
      name viradd virsiz rawdsiz ntrpy md5
      .text 0x1000 0x4db8 0x4e00 6.01 28bb30acf8de6ab97244272748e6d31f
      .data 0x6000 0x14c 0x200 1.86 cbb599f9267bf53209039d14a3574eb1
      .rsrc 0x7000 0xd74 0xe00 3.62 fb3de6f4736007e3cd67ad42d5ed9eda

      ( 7 imports )
      > USER32.dll: CreateWindowExW, DestroyWindow, RegisterClassExW, DefWindowProcW, LoadRemoteFonts, wsprintfW, GetSystemMetrics, GetKeyboardLayout, SystemParametersInfoW, GetDesktopWindow, LoadStringW, MessageBoxW, ExitWindowsEx, CharNextW
      > ADVAPI32.dll: RegOpenKeyExA, ReportEventW, RegisterEventSourceW, DeregisterEventSource, OpenProcessToken, RegCreateKeyExW, RegSetValueExW, GetUserNameW, RegQueryValueExW, RegOpenKeyExW, RegQueryInfoKeyW, RegCloseKey, RegQueryValueExA
      > CRYPT32.dll: CryptProtectData
      > WINSPOOL.DRV: SpoolerInit
      > ntdll.dll: RtlLengthSid, RtlCopySid, _itow, RtlFreeUnicodeString, DbgPrint, wcslen, wcscpy, wcscat, wcscmp, RtlInitUnicodeString, NtOpenKey, NtClose, _wcsicmp, memmove, NtQueryInformationToken, RtlConvertSidToUnicodeString
      > msvcrt.dll: _controlfp, _except_handler3, __set_app_type, __p__fmode, __p__commode, __setusermatherr, __getmainargs, _acmdln, exit, _cexit, _XcptFilter, _exit, _c_exit, _initterm, _adjust_fdiv
      > KERNEL32.dll: GetVersionExW, LocalFree, LocalAlloc, GetEnvironmentVariableW, SetEnvironmentVariableW, lstrlenW, lstrcpyW, FreeLibrary, GetProcAddress, LoadLibraryW, CompareFileTime, CloseHandle, lstrcatW, WaitForSingleObject, DelayLoadFailureHook, GetStartupInfoA, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LoadLibraryA, InterlockedCompareExchange, LocalReAlloc, GetSystemTime, lstrcmpW, GetCurrentThread, SetThreadPriority, CreateThread, GetFileAttributesExW, GetSystemDirectoryW, SetCurrentDirectoryW, FormatMessageW, lstrcmpiW, GetCurrentProcess, GetUserDefaultLangID, GetCurrentProcessId, ExpandEnvironmentStringsW, SetEvent, OpenEventW, Sleep, GetLastError, SearchPathW, CreateProcessW

      ( 0 exports )
      0
  17. ludsfa Messages postés 1287 Statut Membre 15
     
    salut.

    tu va faire un CFScript pour combofix .

    copie/colle ce qui est en gras ci-dessous et tu le renomme en CFScript.txt

    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif


    folder::
    C:\Program Files\Farm Frenzy
    C:\games
    C:\Program Files\ReflexiveArcade
    C:\Documents and Settings\Karine et Romain\Saved Games
    C:\Documents and Settings\Karine et Romain\Application Data\Big Fish Games
    C:\Documents and Settings\Karine et Romain\amsn
    C:\Program Files\Messenger Plus! Live
    C:\Program Files\MsgPlus-363.exe
    C:\Program Files\MsgPlusLive-410.exe

    registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\azwbvjr]
    --a--c--- 2007-03-14 16:57 314368 c:\windows\system32\azwbvjr.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\messengerskinner]
    C:\Program Files\MessengerSkinner\MessengerSkinner.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\synkib]
    c:\windows\system32\synkib.exe


    envois le rapport ensuite.
    ne réinstalle pas messenger plus ! live.
    et messenger skinner .

    regarde également cette liste qui t'évitera à l'avenir de ne pas savoir ce que tu télécharge .
    Copie ce lien dans tes favoris.

    http://www.infos-du-net.com/forum/272222-7-logiciels-eviter
    0
    1. ninou
       
      Bonjour

      j'ai fait ce que tu m'as dit (pour faire le CFScript.txt j'ai ouvert le bloc note que j'ai renommé et copier/coller dedans les éléments en gras puis j'ai glissé le dossier sur combofix, c'était bien ça ???)


      voici le rapport



      ComboFix 08-05-01.3 - Karine et Romain 2008-05-07 18:26:20.5 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.628 [GMT 2:00]
      Endroit: C:\Documents and Settings\Karine et Romain\Bureau\ComboFix.exe
      Command switches used :: C:\Documents and Settings\Karine et Romain\Bureau\CFScript.txt.txt
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\Karine et Romain\amsn
      C:\Documents and Settings\Karine et Romain\amsn\abook.xml
      C:\Documents and Settings\Karine et Romain\amsn\config.xml
      C:\Documents and Settings\Karine et Romain\amsn\displaypic\cache\25834677f684d4c6746464a58695f623f2159475b4f41314366437d3.dat
      C:\Documents and Settings\Karine et Romain\amsn\displaypic\cache\25834677f684d4c6746464a58695f623f2159475b4f41314366437d3.png
      C:\Documents and Settings\Karine et Romain\amsn\displaypic\cache\27e6963625c4d474142395e613f4d6d4a71525f6446657e6570754d3.dat
      C:\Documents and Settings\Karine et Romain\amsn\displaypic\cache\27e6963625c4d474142395e613f4d6d4a71525f6446657e6570754d3.png
      C:\Documents and Settings\Karine et Romain\amsn\displaypic\cache\4765179717758714d66324f65397759324636597968644f684f243d3.dat
      C:\Documents and Settings\Karine et Romain\amsn\displaypic\cache\4765179717758714d66324f65397759324636597968644f684f243d3.png
      C:\Documents and Settings\Karine et Romain\amsn\displaypic\cache\6387275663b495531363a475151766179426239556735454767754d3.dat
      C:\Documents and Settings\Karine et Romain\amsn\displaypic\cache\6387275663b495531363a475151766179426239556735454767754d3.png
      C:\Documents and Settings\Karine et Romain\amsn\displaypic\cache\65f47503d463e644c4576656b2f40313e6738395f4368556e62577d3.dat
      C:\Documents and Settings\Karine et Romain\amsn\displaypic\cache\65f47503d463e644c4576656b2f40313e6738395f4368556e62577d3.png
      C:\Documents and Settings\Karine et Romain\amsn\displaypic\cache\831394a4737477539514876334e64375e467c46495847366662415d3.dat
      C:\Documents and Settings\Karine et Romain\amsn\displaypic\cache\831394a4737477539514876334e64375e467c46495847366662415d3.png
      C:\Documents and Settings\Karine et Romain\amsn\displaypic\cache\94554336a417e4b286036476d674e6775405649767e4f2e6367754d3.dat
      C:\Documents and Settings\Karine et Romain\amsn\displaypic\cache\94554336a417e4b286036476d674e6775405649767e4f2e6367754d3.png
      C:\Documents and Settings\Karine et Romain\amsn\displaypic\cache\a67763a5930573c4a59403e673a7756525d447d44416a42586b437d3.dat
      C:\Documents and Settings\Karine et Romain\amsn\displaypic\cache\a67763a5930573c4a59403e673a7756525d447d44416a42586b437d3.png
      C:\Documents and Settings\Karine et Romain\amsn\gconfig.xml
      C:\Documents and Settings\Karine et Romain\amsn\langlist.xml
      C:\Documents and Settings\Karine et Romain\amsn\profiles
      C:\Documents and Settings\Karine et Romain\amsn\states.xml
      C:\Documents and Settings\Karine et Romain\Application Data\Big Fish Games
      C:\Documents and Settings\Karine et Romain\Application Data\Big Fish Games\Azada\azada.txt
      C:\Documents and Settings\Karine et Romain\Application Data\Big Fish Games\Azada\joueur.gam
      C:\Documents and Settings\Karine et Romain\Application Data\Big Fish Games\Azada\options.ini
      C:\Documents and Settings\Karine et Romain\Application Data\Big Fish Games\Azada\player.gam
      C:\Documents and Settings\Karine et Romain\Application Data\Big Fish Games\Azada\players.dat
      C:\Documents and Settings\Karine et Romain\Saved Games
      C:\Documents and Settings\Karine et Romain\Saved Games\Oberon Games\Dream Day First Home\ddfh.save
      C:\games
      C:\games\Azada\-TAC-CM.nfo
      C:\games\Azada\Azada.exe
      C:\games\Azada\Basilisk.dll
      C:\games\Azada\channel.gpk
      C:\games\Azada\data.gpk
      C:\games\Azada\j2k-codec.dll
      C:\games\Azada\local\-TAC-CM.nfo
      C:\games\Azada\local\options.ini
      C:\games\Azada\pics\60x40.jpg
      C:\games\Azada\pics\80x80.jpg
      C:\games\Azada\pics\azada notei.jpg
      C:\games\Azada\pics\feature.jpg
      C:\games\Azada\SDL.dll
      C:\games\Azada\SDL_image.dll
      C:\Program Files\Farm Frenzy
      C:\Program Files\Farm Frenzy\Data\data.pack
      C:\Program Files\Farm Frenzy\Data\en.pack
      C:\Program Files\Farm Frenzy\Data\profiles\ninou
      C:\Program Files\Farm Frenzy\Data\sys\settings.xml
      C:\Program Files\Farm Frenzy\farm.exe
      C:\Program Files\Farm Frenzy\JNGLoad.dll
      C:\Program Files\Farm Frenzy\Squall.dll
      C:\Program Files\Farm Frenzy\Uninstal.exe
      C:\Program Files\Messenger Plus! Live
      C:\Program Files\Messenger Plus! Live\Detoured.dll
      C:\Program Files\Messenger Plus! Live\Events Style Sheet.xsl
      C:\Program Files\Messenger Plus! Live\lame_enc.dll
      C:\Program Files\Messenger Plus! Live\Languages\Lng_Arabic.ini
      C:\Program Files\Messenger Plus! Live\Languages\Lng_ChineseSimplified.ini
      C:\Program Files\Messenger Plus! Live\Languages\Lng_ChineseTraditional.ini
      C:\Program Files\Messenger Plus! Live\Languages\Lng_Danish.ini
      C:\Program Files\Messenger Plus! Live\Languages\Lng_Default.ini
      C:\Program Files\Messenger Plus! Live\Languages\Lng_Dutch.ini
      C:\Program Files\Messenger Plus! Live\Languages\Lng_Estonian.ini
      C:\Program Files\Messenger Plus! Live\Languages\Lng_Finnish.ini
      C:\Program Files\Messenger Plus! Live\Languages\Lng_French.ini
      C:\Program Files\Messenger Plus! Live\Languages\Lng_German.ini
      C:\Program Files\Messenger Plus! Live\Languages\Lng_Hebrew.ini
      C:\Program Files\Messenger Plus! Live\Languages\Lng_Hungarian.ini
      C:\Program Files\Messenger Plus! Live\Languages\Lng_Italian.ini
      C:\Program Files\Messenger Plus! Live\Languages\Lng_Japanese.ini
      C:\Program Files\Messenger Plus! Live\Languages\Lng_Korean.ini
      C:\Program Files\Messenger Plus! Live\Languages\Lng_Norwegian.ini
      C:\Program Files\Messenger Plus! Live\Languages\Lng_Portuguese.ini
      C:\Program Files\Messenger Plus! Live\Languages\Lng_Spanish.ini
      C:\Program Files\Messenger Plus! Live\Languages\Lng_Swedish.ini
      C:\Program Files\Messenger Plus! Live\Languages\Lng_Thai.ini
      C:\Program Files\Messenger Plus! Live\Languages\Lng_Turkish.ini
      C:\Program Files\Messenger Plus! Live\libsndfile.dll
      C:\Program Files\Messenger Plus! Live\Log Viewer.exe
      C:\Program Files\Messenger Plus! Live\MPScripts.dll
      C:\Program Files\Messenger Plus! Live\MPSkins.dll
      C:\Program Files\Messenger Plus! Live\MPTools.exe
      C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
      C:\Program Files\Messenger Plus! Live\MsgPlusLiveRes.dll
      C:\Program Files\Messenger Plus! Live\MsgPlusLoader.dll
      C:\Program Files\Messenger Plus! Live\Uninstall.exe
      C:\Program Files\MsgPlus-363.exe\
      C:\Program Files\MsgPlusLive-410.exe\
      C:\Program Files\ReflexiveArcade
      C:\Program Files\ReflexiveArcade\Channels\4381\Channel.dat

      .
      ((((((((((((((((((((((((((((( Fichiers créés 2008-04-07 to 2008-05-07 ))))))))))))))))))))))))))))))))))))
      .

      2008-05-07 19:00 . 2008-05-07 19:00 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn
      2008-05-07 19:00 . 2008-05-07 19:00 1,409 --a--c--- C:\WINDOWS\QTFont.for
      2008-04-16 19:33 . 2008-04-16 19:33 <REP> d----c--- C:\Program Files\iTunes
      2008-04-16 19:33 . 2008-04-16 19:33 <REP> d----c--- C:\Program Files\iPod
      2008-04-16 19:00 . 2008-04-16 19:00 <REP> d----c--- C:\Program Files\SAGEM WiFi manager
      2008-04-16 19:00 . 2006-01-18 14:09 31,744 --a--c--- C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
      2008-04-16 19:00 . 2006-01-18 14:09 29,184 --a--c--- C:\WINDOWS\system32\drivers\BRGSp50a64.sys
      2008-04-16 19:00 . 2006-01-18 14:09 20,608 --a--c--- C:\WINDOWS\system32\drivers\BRGSp50.sys
      2008-04-16 19:00 . 2006-01-18 14:09 17,664 --a--c--- C:\WINDOWS\system32\drivers\ZDPSp50.sys
      2008-04-16 18:58 . 2005-12-22 14:45 493,440 --a--c--- C:\WINDOWS\system32\drivers\WlanBZ64.SYS
      2008-04-16 18:58 . 2005-12-22 14:45 402,432 --a--c--- C:\WINDOWS\system32\drivers\WlanBZXP.sys
      2008-04-13 20:36 . 2008-04-13 20:36 <REP> d----c--- C:\Program Files\Malwarebytes' Anti-Malware
      2008-04-13 20:36 . 2008-04-13 20:36 <REP> d----c--- C:\Documents and Settings\Karine et Romain\Application Data\Malwarebytes
      2008-04-13 20:36 . 2008-04-13 20:36 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-04-10 19:58 . 2008-04-10 19:58 <REP> d----c--- C:\Program Files\Avira
      2008-04-10 19:58 . 2008-04-10 19:58 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Avira
      2008-04-10 19:57 . 2008-04-10 19:57 17,788,920 --a--c--- C:\Program Files\antivir_workstation_win7u_en_h.exe
      2008-04-10 19:41 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
      2008-04-10 19:41 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
      2008-04-10 19:41 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
      2008-04-10 19:41 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
      2008-04-10 19:41 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
      2008-04-10 19:41 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
      2008-04-10 19:41 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
      2008-04-10 19:41 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
      2008-04-10 19:41 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
      2008-04-09 19:20 . 2008-04-09 19:20 <REP> d----c--- C:\Documents and Settings\Karine et Romain\Application Data\Grisoft
      2008-04-09 19:19 . 2007-05-30 14:10 10,872 --a--c--- C:\WINDOWS\system32\drivers\AvgAsCln.sys
      2008-04-07 00:17 . 2008-05-04 18:30 <REP> d----c--- C:\Program Files\Trend Micro
      2008-04-07 00:09 . 2008-04-07 00:45 <REP> d----c--- C:\WINDOWS\BDOSCAN8
      2008-04-07 00:00 . 2008-04-27 09:24 <REP> d----c--- C:\WINDOWS\ERUNT

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-05-07 16:49 --------- dc----w C:\Documents and Settings\Karine et Romain\Application Data\AdobeUM
      2008-05-07 16:16 --------- dc----w C:\Program Files\eMule
      2008-04-27 07:28 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
      2008-04-27 07:00 --------- dc----w C:\Program Files\MSN Games
      2008-04-19 15:31 --------- dc----w C:\Documents and Settings\Karine et Romain\Application Data\MyPhoneExplorer
      2008-04-16 17:31 --------- dc----w C:\Program Files\QuickTime
      2008-04-16 17:21 --------- dc----w C:\Documents and Settings\Karine et Romain\Application Data\Apple Computer
      2008-04-16 17:00 --------- dc-h--w C:\Program Files\InstallShield Installation Information
      2008-04-16 16:53 --------- dc----w C:\Program Files\Apple Software Update
      2008-04-10 17:23 --------- dc----w C:\Program Files\Google
      2008-04-10 17:07 --------- dc----w C:\Program Files\Java
      2008-04-09 17:18 --------- dc----w C:\Program Files\WordBiz
      2008-04-09 16:59 --------- dc----w C:\Program Files\Wanadoo
      2008-04-06 16:13 --------- dc----w C:\Program Files\RegCleaner
      2008-04-06 14:38 --------- dc----w C:\Program Files\a-squared Free
      2008-03-30 21:54 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-03-30 21:51 --------- dc----w C:\Program Files\Spybot - Search & Destroy
      2008-03-30 21:51 --------- dc----w C:\Documents and Settings\All Users\Application Data\Grisoft
      2008-03-30 21:50 691,545 -c--a-w C:\WINDOWS\unins000.exe
      2008-03-20 08:09 1,845,376 -c--a-w C:\WINDOWS\system32\win32k.sys
      2008-03-01 12:58 826,368 -c--a-w C:\WINDOWS\system32\wininet.dll
      2008-02-20 06:51 282,624 -c--a-w C:\WINDOWS\system32\gdi32.dll
      2008-02-20 05:35 45,568 -c--a-w C:\WINDOWS\system32\dnsrslvr.dll
      2008-02-01 18:30 278,528 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
      2008-01-25 13:29 5,597 -c-ha-w C:\Program Files\hpothb07.tif
      2008-01-25 13:29 3,354 -c-ha-w C:\Program Files\hpothb07.dat
      2007-03-30 12:59 2,442,222 -c--a-w C:\Program Files\eMule047c.exe
      2006-11-16 11:17 4,875,864 -c--a-w C:\Program Files\MsgPlusLive-410.exe
      2006-11-16 11:16 4,752,968 -c--a-w C:\Program Files\MsgPlus-363.exe
      2006-10-20 19:30 8,282,187 -c--a-w C:\Program Files\vlc-0.8.5-win32.exe
      2006-10-20 19:26 15,926,792 -c--a-w C:\Program Files\DivXPlay.exe
      2006-10-10 23:09 6,652,812 -c--a-w C:\Program Files\sld.codec.pack.2.2.exe
      2006-10-10 22:34 18,715,215 -c--a-w C:\Program Files\klcodec277f.exe
      2006-10-10 22:25 1,004,139 -c--a-w C:\Program Files\pack_ultime.exe
      2006-10-10 22:21 2,919,160 -c--a-w C:\Program Files\WindowsMedia-Q828026-x86-FRA.exe
      2006-10-10 22:21 12,814,336 -c--a-w C:\Program Files\mp10setup.exe
      2006-10-03 22:22 15,030,904 -c--a-w C:\Program Files\DivXInstaller.exe
      2006-09-25 12:14 1,035,090 -c--a-w C:\Program Files\wrar361.exe
      2006-09-24 21:38 699,177 -c--a-w C:\Program Files\WordBiz18.exe
      2006-09-24 17:41 16,277,288 -c--a-w C:\Program Files\Install_Messenger.exe
      2006-09-24 17:33 867,392 -c--a-w C:\Program Files\GoogleToolbarInstaller.exe
      2006-09-24 17:27 3,511,538 -c--a-w C:\Program Files\eMule0.47c-Installer.exe
      2006-09-24 16:40 12,023,296 -c--a-w C:\Program Files\setupfre.exe
      2006-09-24 16:33 5,037,072 -c--a-w C:\Program Files\spybotsd14.exe
      .

      ((((((((((((((((((((((((((((( snapshot@2008-05-03_ 9.09.31.90 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-05-03 07:03:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
      + 2008-05-07 16:15:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
      "eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 16:57 5308416]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-17 15:07 262401]
      "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
      "ATIPTA"="C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" [2005-03-22 21:05 339968]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-09-24 22:53 185784]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.l3acm"= l3codecp.acm

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
      backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 2000 Series.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hp psc 2000 Series.lnk
      backup=C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk
      backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
      backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk
      backup=C:\WINDOWS\pss\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
      --a--c--- 2007-06-11 11:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
      --a--c--- 2007-03-16 11:45 63712 C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
      --a--c--- 2004-10-28 23:37 88363 C:\WINDOWS\agrsmmsg.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
      --a--c--- 2006-05-10 12:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
      --a--c--- 2005-03-22 21:05 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\azwbvjr]
      --a--c--- 2007-03-14 16:57 314368 c:\windows\system32\azwbvjr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]


      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
      --a--c--- 2004-08-05 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Diddl_Scr.exe]
      C:\Program Files\Diddl Screenmate\Diddl_Scr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
      --a--c--- 2004-08-03 02:05 122939 C:\WINDOWS\system32\dla\tfswctrl.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3600 Series]
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
      --a--c--- 2005-05-11 23:12 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
      --a--c--- 2005-06-01 18:35 49152 C:\Program Files\Hewlett-Packard\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
      --a--c--- 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
      C:\WINDOWS\system32\dumprep 0 -k

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
      --a--c--- 2003-09-06 02:16 184320 C:\Program Files\ltmoh\Ltmoh.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
      C:\Program Files\MessengerPlus! 3\MsgPlus.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\messengerskinner]
      C:\Program Files\MessengerSkinner\MessengerSkinner.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
      C:\Program Files\MSN Messenger\MsnMsgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]


      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
      --a--c--- 2004-11-17 11:56 1077327 C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      --a--c--- 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
      --a--c--- 2004-12-21 10:48 118784 C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
      C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
      --a--c--- 2004-08-06 08:27 860160 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
      --a--c--- 2004-07-27 13:48 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
      -rahsc--- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
      --a--c--- 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
      C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\synkib]
      c:\windows\system32\synkib.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
      --a--c--- 2004-10-15 00:26 688218 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
      --a--c--- 2004-10-15 00:28 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]


      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
      --a--c--- 2005-01-14 17:45 352256 C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
      --a------ 2006-09-24 22:53 185784 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
      --a--c--- 2003-09-15 17:19 65536 C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
      --a--c--- 2005-01-21 11:28 266240 C:\WINDOWS\system32\TPSMain.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
      --a--c--- 2004-11-12 18:57 73728 C:\Program Files\Toshiba\Tvs\TvsTray.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
      -ra--c--- 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
      C:\Program Files\Winamp\winampa.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
      C:\PROGRA~1\Wanadoo\Shell.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
      C:\PROGRA~1\Wanadoo\GestMaj.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
      C:\PROGRA~1\Wanadoo\Watch.exe

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphver08.exe"=
      "C:\\Program Files\\eMule\\emule.exe"=
      "C:\\WINDOWS\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "7561:TCP"= 7561:TCP:EMULE TCP
      "7571:UDP"= 7571:UDP:EMULE UDP

      R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 14:45]
      S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 13:16]
      S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 13:17]
      S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 13:17]
      S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-18 00:18]
      S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2008-04-16 17:24:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2007-04-18 11:59:15 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1159185512.job"
      - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
      "2006-09-24 15:27:39 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
      - C:\WINDOWS\system32\OOBE\oobebaln.exe
      "2006-09-24 15:27:40 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
      - C:\WINDOWS\system32\OOBE\oobebaln.exe
      "2006-09-24 15:27:40 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
      - C:\WINDOWS\system32\OOBE\oobebaln.exe
      "2008-05-07 16:27:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
      - C:\Program Files\Symantec\LiveUpdate\NDetect.exe
      "2008-01-22 12:59:07 C:\WINDOWS\Tasks\WebReg 20060925135956.job"
      - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exeQ/TaskName 20060925135956 /N
      .
      **************************************************************************

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-07 18:27:17
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-05-07 18:28:47
      ComboFix-quarantined-files.txt 2008-05-07 16:28:15
      ComboFix2.txt 2008-05-07 16:22:43
      ComboFix3.txt 2008-05-04 16:20:57
      ComboFix4.txt 2008-05-03 07:10:04

      Pre-Run: 33,097,510,912 octets libres
      Post-Run: 33,059,983,360 octets libres

      357 --- E O F --- 2008-04-10 17:02:15
      0
  18. ludsfa Messages postés 1287 Statut Membre 15
     
    salut,

    désactive ton antivirus.

    Télécharge Lop S&D.exe sur ton Bureau:https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

    * Double-clique dessus pour lancer l'installation
    * Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
    * Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
    * Patiente jusqu'à la fin du scan
    * Poste le rapport généré (C:\lopR.txt)

    (Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
    0
    1. ninou
       
      SALUT

      VOICI LE RAPPORT


      -----------------------[ Lop S&D 4.2.0-7 XP/Vista ]---------------------

      [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
      [ USER : Karine et Romain ] [ "C:\Lop SD" ] [ Selection : 1 ]
      [ 08/05/2008 | 9:45:46,73 ] [ PC : NINOU ]
      [ MAJ : 06-05-2008 | 21:45 ]

      -------------[ Listing des dossiers dans Application Data ]------------

      [10/04/2008|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\addr_file.html
      [16/06/2007|10:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
      [30/12/2007|14:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
      [26/12/2006|12:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
      [10/04/2008|19:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
      [24/01/2005|14:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
      [10/04/2008|19:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
      [30/03/2008|23:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
      [25/09/2006|13:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
      [25/09/2006|13:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
      [13/04/2008|20:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
      [20/12/2007|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
      [27/04/2008|09:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
      [16/02/2008|22:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
      [26/12/2006|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
      [24/01/2005|13:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
      [30/03/2008|23:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
      [24/09/2006|18:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
      [27/04/2008|09:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
      [11/10/2006|00:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
      [26/12/2006|13:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
      [04/10/2006|00:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
      [18/12/2007|13:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

      [08/03/2007|17:14] C:\DOCUME~1\APPLIC~1\APPLIC~1\Microsoft

      [28/01/2005|11:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
      [28/01/2005|11:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\AdobeUM
      [24/01/2005|14:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
      [24/01/2005|14:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
      [25/01/2005|13:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
      [25/01/2005|14:18] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
      [25/01/2005|14:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
      [25/01/2005|13:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\toshiba

      [16/02/2008|22:00] C:\DOCUME~1\KARINE~1\APPLIC~1\Adobe
      [07/05/2008|18:49] C:\DOCUME~1\KARINE~1\APPLIC~1\AdobeUM
      [16/04/2008|19:21] C:\DOCUME~1\KARINE~1\APPLIC~1\Apple Computer
      [16/11/2006|13:02] C:\DOCUME~1\KARINE~1\APPLIC~1\ATI
      [24/01/2005|14:32] C:\DOCUME~1\KARINE~1\APPLIC~1\desktop.ini
      [20/10/2006|21:03] C:\DOCUME~1\KARINE~1\APPLIC~1\DivX
      [25/09/2006|14:00] C:\DOCUME~1\KARINE~1\APPLIC~1\GdiplusUpgrade_MSIApproach_Wrapper.log
      [25/03/2007|12:14] C:\DOCUME~1\KARINE~1\APPLIC~1\Google
      [09/04/2008|19:20] C:\DOCUME~1\KARINE~1\APPLIC~1\Grisoft
      [23/10/2006|22:12] C:\DOCUME~1\KARINE~1\APPLIC~1\Help
      [25/09/2006|13:59] C:\DOCUME~1\KARINE~1\APPLIC~1\Hewlett-Packard
      [25/09/2006|13:55] C:\DOCUME~1\KARINE~1\APPLIC~1\HP
      [24/01/2005|14:27] C:\DOCUME~1\KARINE~1\APPLIC~1\Identities
      [29/11/2006|15:00] C:\DOCUME~1\KARINE~1\APPLIC~1\Image Zone Express
      [18/02/2007|10:41] C:\DOCUME~1\KARINE~1\APPLIC~1\InterVideo
      [24/09/2006|19:45] C:\DOCUME~1\KARINE~1\APPLIC~1\Lavasoft
      [22/12/2007|22:23] C:\DOCUME~1\KARINE~1\APPLIC~1\Leadertech
      [06/01/2007|16:02] C:\DOCUME~1\KARINE~1\APPLIC~1\Macromedia
      [13/04/2008|20:36] C:\DOCUME~1\KARINE~1\APPLIC~1\Malwarebytes
      [08/02/2008|21:46] C:\DOCUME~1\KARINE~1\APPLIC~1\Microsoft
      [19/04/2008|17:31] C:\DOCUME~1\KARINE~1\APPLIC~1\MyPhoneExplorer
      [08/03/2007|17:14] C:\DOCUME~1\KARINE~1\APPLIC~1\MySpace
      [25/09/2006|14:04] C:\DOCUME~1\KARINE~1\APPLIC~1\PatchUpdate_HP_CounterReport_Update_HPSU.log
      [06/01/2007|16:02] C:\DOCUME~1\KARINE~1\APPLIC~1\PlayFirst
      [25/09/2006|14:12] C:\DOCUME~1\KARINE~1\APPLIC~1\Real
      [01/04/2007|16:19] C:\DOCUME~1\KARINE~1\APPLIC~1\Screenshot Sender
      [25/01/2005|14:18] C:\DOCUME~1\KARINE~1\APPLIC~1\Sonic
      [25/09/2006|14:10] C:\DOCUME~1\KARINE~1\APPLIC~1\Sun
      [25/01/2005|14:52] C:\DOCUME~1\KARINE~1\APPLIC~1\Symantec
      [04/10/2006|00:38] C:\DOCUME~1\KARINE~1\APPLIC~1\Teleca
      [25/01/2005|13:24] C:\DOCUME~1\KARINE~1\APPLIC~1\toshiba
      [25/09/2006|14:33] C:\DOCUME~1\KARINE~1\APPLIC~1\Update_HP_RedboxHprblog_HPSU.log
      [20/10/2006|21:30] C:\DOCUME~1\KARINE~1\APPLIC~1\vlc

      [05/12/2006|18:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

      [18/12/2007|13:04] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

      ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

      [16/04/2008 19:24][--a--c---] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
      [22/01/2008 14:59][--a--c---] C:\WINDOWS\tasks\WebReg 20060925135956.job
      [18/04/2007 13:59][--a--c---] C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1159185512.job
      [08/05/2008 09:47][--a--c---] C:\WINDOWS\tasks\Symantec NetDetect.job
      [24/09/2006 17:27][--a--c---] C:\WINDOWS\tasks\Rappel d'enregistrement 3.job
      [24/09/2006 17:27][--a--c---] C:\WINDOWS\tasks\Rappel d'enregistrement 2.job
      [24/09/2006 17:27][--a--c---] C:\WINDOWS\tasks\Rappel d'enregistrement 1.job
      [08/05/2008 09:43][--ah-c---] C:\WINDOWS\tasks\SA.DAT
      [05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

      ---------------[ Listing des dossiers dans C:\Program Files ]--------------

      [13/01/2008|15:31] C:\Program Files\Adobe
      [06/01/2007|16:26] C:\Program Files\Alawar
      [24/09/2006|18:40] C:\Program Files\Alwil Software
      [16/06/2005|09:30] C:\Program Files\Analog Devices
      [10/04/2008|19:57] C:\Program Files\antivir_workstation_win7u_en_h.exe
      [16/04/2008|18:53] C:\Program Files\Apple Software Update
      [26/12/2006|12:48] C:\Program Files\a-squared Anti-Malware
      [06/04/2008|16:38] C:\Program Files\a-squared Free
      [16/11/2006|13:54] C:\Program Files\ATI Technologies
      [10/04/2008|19:58] C:\Program Files\Avira
      [06/01/2007|16:30] C:\Program Files\BFG
      [24/01/2005|13:40] C:\Program Files\ComPlus Applications
      [28/02/2007|15:06] C:\Program Files\Diddl Screenmate
      [31/01/2008|16:40] C:\Program Files\DivX
      [04/10/2006|00:22] C:\Program Files\DivXInstaller.exe
      [20/10/2006|21:26] C:\Program Files\DivXPlay.exe
      [15/01/2008|12:35] C:\Program Files\EA GAMES
      [08/05/2008|09:44] C:\Program Files\eMule
      [24/09/2006|19:27] C:\Program Files\eMule0.47c-Installer.exe
      [30/03/2007|14:59] C:\Program Files\eMule047c.exe
      [11/03/2007|16:22] C:\Program Files\EPSON
      [01/02/2008|20:30] C:\Program Files\Fichiers communs
      [06/01/2007|16:10] C:\Program Files\GameHouse
      [10/04/2008|19:23] C:\Program Files\Google
      [24/09/2006|19:33] C:\Program Files\GoogleToolbarInstaller.exe
      [30/03/2008|23:51] C:\Program Files\Grisoft
      [08/04/2007|16:49] C:\Program Files\Hasbro Interactive
      [25/09/2006|14:24] C:\Program Files\Hewlett-Packard
      [25/09/2006|14:24] C:\Program Files\HP
      [25/01/2008|15:29] C:\Program Files\hpothb07.dat
      [25/01/2008|15:29] C:\Program Files\hpothb07.tif
      [24/09/2006|19:41] C:\Program Files\Install_Messenger.exe
      [16/04/2008|19:00] C:\Program Files\InstallShield Installation Information
      [25/01/2005|11:49] C:\Program Files\Intel
      [10/04/2008|19:02] C:\Program Files\Internet Explorer
      [25/01/2005|14:13] C:\Program Files\InterVideo
      [01/02/2008|20:30] C:\Program Files\Inventel
      [16/04/2008|19:33] C:\Program Files\iPod
      [16/04/2008|19:33] C:\Program Files\iTunes
      [10/04/2008|19:07] C:\Program Files\Java
      [11/10/2006|00:34] C:\Program Files\klcodec277f.exe
      [24/09/2006|19:45] C:\Program Files\Lavasoft
      [25/01/2005|12:09] C:\Program Files\ltmoh
      [11/10/2006|00:56] C:\Program Files\Luxor 2
      [16/02/2008|22:05] C:\Program Files\Luxor 3
      [01/06/2007|14:21] C:\Program Files\Macrogaming
      [06/01/2007|16:19] C:\Program Files\Magic Ball 2
      [13/04/2008|20:36] C:\Program Files\Malwarebytes' Anti-Malware
      [16/06/2005|09:14] C:\Program Files\Messenger
      [01/06/2007|14:18] C:\Program Files\Microsoft CAPICOM 2.1.0.2
      [24/01/2005|13:44] C:\Program Files\microsoft frontpage
      [24/09/2006|19:43] C:\Program Files\Microsoft Office
      [24/09/2006|19:42] C:\Program Files\Microsoft.NET
      [24/01/2005|13:41] C:\Program Files\Movie Maker
      [11/10/2006|00:21] C:\Program Files\mp10setup.exe
      [16/11/2006|13:16] C:\Program Files\MsgPlus-363.exe
      [16/11/2006|13:17] C:\Program Files\MsgPlusLive-410.exe
      [24/01/2005|13:39] C:\Program Files\MSN
      [27/04/2008|09:00] C:\Program Files\MSN Games
      [24/01/2005|13:39] C:\Program Files\MSN Gaming Zone
      [25/01/2008|15:54] C:\Program Files\MyPhoneExplorer
      [08/03/2007|16:20] C:\Program Files\MySpace
      [24/01/2005|13:41] C:\Program Files\NetMeeting
      [24/09/2006|20:03] C:\Program Files\OfficeUpdate11
      [24/01/2005|13:39] C:\Program Files\Online Services
      [06/01/2007|16:47] C:\Program Files\orange
      [12/06/2007|02:43] C:\Program Files\Outlook Express
      [11/10/2006|00:25] C:\Program Files\pack_ultime.exe
      [16/04/2008|19:31] C:\Program Files\QuickTime
      [24/09/2006|22:53] C:\Program Files\Real
      [06/04/2008|18:13] C:\Program Files\RegCleaner
      [26/06/2007|11:58] C:\Program Files\SAGEM
      [16/04/2008|19:00] C:\Program Files\SAGEM WiFi manager
      [24/01/2005|13:42] C:\Program Files\Services en ligne
      [24/09/2006|18:40] C:\Program Files\setupfre.exe
      [11/10/2006|01:10] C:\Program Files\SLD Codec Pack
      [11/10/2006|01:09] C:\Program Files\sld.codec.pack.2.2.exe
      [25/01/2005|14:25] C:\Program Files\Sonic
      [30/03/2008|23:51] C:\Program Files\Spybot - Search & Destroy
      [24/09/2006|18:33] C:\Program Files\spybotsd14.exe
      [24/09/2006|18:29] C:\Program Files\Symantec
      [25/01/2005|12:02] C:\Program Files\Synaptics
      [16/11/2006|13:37] C:\Program Files\THQ
      [22/01/2007|00:04] C:\Program Files\TOSHIBA
      [04/05/2008|18:30] C:\Program Files\Trend Micro
      [26/01/2005|15:18] C:\Program Files\Uninstall Information
      [20/10/2006|21:30] C:\Program Files\VideoLAN
      [20/10/2006|21:30] C:\Program Files\vlc-0.8.5-win32.exe
      [09/04/2008|18:59] C:\Program Files\Wanadoo
      [11/10/2006|00:18] C:\Program Files\Winamp
      [18/12/2007|13:06] C:\Program Files\Windows Live
      [05/12/2006|18:45] C:\Program Files\Windows Media Connect 2
      [05/12/2006|18:45] C:\Program Files\Windows Media Player
      [24/01/2005|13:39] C:\Program Files\Windows NT
      [11/10/2006|00:21] C:\Program Files\WindowsMedia-Q828026-x86-FRA.exe
      [24/01/2005|13:42] C:\Program Files\WindowsUpdate
      [02/05/2008|09:33] C:\Program Files\WinRAR
      [09/04/2008|19:18] C:\Program Files\WordBiz
      [24/09/2006|23:38] C:\Program Files\WordBiz18.exe
      [25/09/2006|14:14] C:\Program Files\wrar361.exe
      [24/01/2005|13:44] C:\Program Files\xerox

      ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

      [16/06/2007|10:20] C:\Program Files\Fichiers communs\Adobe
      [30/12/2007|14:50] C:\Program Files\Fichiers communs\Apple
      [24/09/2006|19:43] C:\Program Files\Fichiers communs\DESIGNER
      [01/02/2008|20:30] C:\Program Files\Fichiers communs\FDEUnInstaller.exe
      [25/09/2006|13:55] C:\Program Files\Fichiers communs\Hewlett-Packard
      [25/09/2006|14:24] C:\Program Files\Fichiers communs\HP
      [25/01/2005|12:03] C:\Program Files\Fichiers communs\InstallShield
      [24/01/2005|13:55] C:\Program Files\Fichiers communs\Java
      [27/04/2008|09:01] C:\Program Files\Fichiers communs\Microsoft Shared
      [24/01/2005|13:41] C:\Program Files\Fichiers communs\MSSoap
      [24/01/2005|14:33] C:\Program Files\Fichiers communs\ODBC
      [24/09/2006|22:54] C:\Program Files\Fichiers communs\Real
      [24/01/2005|13:41] C:\Program Files\Fichiers communs\Services
      [24/01/2005|14:33] C:\Program Files\Fichiers communs\SpeechEngines
      [24/09/2006|18:29] C:\Program Files\Fichiers communs\Symantec Shared
      [12/06/2007|02:43] C:\Program Files\Fichiers communs\System
      [04/10/2006|00:19] C:\Program Files\Fichiers communs\Teleca Shared
      [17/12/2007|13:18] C:\Program Files\Fichiers communs\WindowsLiveInstaller
      [24/09/2006|22:54] C:\Program Files\Fichiers communs\xing shared

      ---------------------------[ Process ]--------------------------

      ... 36

      ... OK !

      ----------------------[ Recherche avec S_Lop ]---------------------

      Aucun fichier / dossier Lop trouvé !

      -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

      Aucun fichier / dossier Lop trouvé !

      ----------------------[ Verification du Registre ]----------------------

      ..... OK !

      --------------------[ Verification du fichier Hosts ]---------------------

      Fichier Hosts PROPRE


      ----------------[ Recherche de fichiers avec Catchme ]-----------------

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-08 09:46:31
      Windows 5.1.2600 Service Pack 2 NTFS
      scanning hidden processes ...
      scanning hidden files ...
      scan completed successfully
      hidden processes: 0
      hidden files: 0

      --------------------[ Recherche d'autres infections ]---------------------


      Aucune autre infection trouvée !

      /!\ [Fich:7][Doss:2] C:\DOCUME~1\KARINE~1\LOCALS~1\Temp
      /!\ [Fich:334][Doss:0] C:\DOCUME~1\KARINE~1\Cookies
      /!\ [Fich:774][Doss:5] C:\DOCUME~1\KARINE~1\LOCALS~1\TEMPOR~1\content.IE5

      --------------------[ Fin du rapport a 9:47:28,41 ]----------------------
      0
  19. ludsfa Messages postés 1287 Statut Membre 15
     
    ok désactive ton antivirus.

    Relance Lop S&D
    * Choisis cette fois ci l'Option 2 (Suppression)
    * Ne ferme pas la fenêtre lors de la suppression !
    * Poste le rapport généré (C:\lopR.txt)

    (Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
    0
    1. ninou
       
      Voici le rapport que tu m'as demandé

      je vais être absente cette semaine donc je ne te répondrai que la semaine du 19 maintenant (sauf ce soir je suis encore là)

      qu'en est-il ?

      merci.
      -----------------------[ Lop S&D 4.2.0-7 XP/Vista ]---------------------

      [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
      [ USER : Karine et Romain ] [ "C:\Lop SD" ] [ Selection : 2 ]
      [ 09/05/2008 | 10:19:03,87 ] [ PC : NINOU ]
      [ MAJ : 06-05-2008 | 21:45 ]


      \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

      Restauré! - Fichier Hosts

      //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


      -------------[ Listing des dossiers dans Application Data ]------------

      [10/04/2008|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\addr_file.html
      [16/06/2007|10:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
      [30/12/2007|14:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
      [26/12/2006|12:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
      [10/04/2008|19:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
      [24/01/2005|14:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
      [10/04/2008|19:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
      [30/03/2008|23:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
      [25/09/2006|13:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
      [25/09/2006|13:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
      [13/04/2008|20:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
      [20/12/2007|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
      [27/04/2008|09:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
      [16/02/2008|22:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
      [26/12/2006|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
      [24/01/2005|13:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
      [30/03/2008|23:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
      [24/09/2006|18:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
      [27/04/2008|09:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
      [11/10/2006|00:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
      [26/12/2006|13:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
      [04/10/2006|00:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
      [18/12/2007|13:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

      [08/03/2007|17:14] C:\DOCUME~1\APPLIC~1\APPLIC~1\Microsoft

      [28/01/2005|11:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
      [28/01/2005|11:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\AdobeUM
      [24/01/2005|14:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
      [24/01/2005|14:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
      [25/01/2005|13:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
      [25/01/2005|14:18] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
      [25/01/2005|14:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
      [25/01/2005|13:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\toshiba

      [16/02/2008|22:00] C:\DOCUME~1\KARINE~1\APPLIC~1\Adobe
      [07/05/2008|18:49] C:\DOCUME~1\KARINE~1\APPLIC~1\AdobeUM
      [16/04/2008|19:21] C:\DOCUME~1\KARINE~1\APPLIC~1\Apple Computer
      [16/11/2006|13:02] C:\DOCUME~1\KARINE~1\APPLIC~1\ATI
      [24/01/2005|14:32] C:\DOCUME~1\KARINE~1\APPLIC~1\desktop.ini
      [20/10/2006|21:03] C:\DOCUME~1\KARINE~1\APPLIC~1\DivX
      [25/09/2006|14:00] C:\DOCUME~1\KARINE~1\APPLIC~1\GdiplusUpgrade_MSIApproach_Wrapper.log
      [25/03/2007|12:14] C:\DOCUME~1\KARINE~1\APPLIC~1\Google
      [09/04/2008|19:20] C:\DOCUME~1\KARINE~1\APPLIC~1\Grisoft
      [23/10/2006|22:12] C:\DOCUME~1\KARINE~1\APPLIC~1\Help
      [25/09/2006|13:59] C:\DOCUME~1\KARINE~1\APPLIC~1\Hewlett-Packard
      [25/09/2006|13:55] C:\DOCUME~1\KARINE~1\APPLIC~1\HP
      [24/01/2005|14:27] C:\DOCUME~1\KARINE~1\APPLIC~1\Identities
      [29/11/2006|15:00] C:\DOCUME~1\KARINE~1\APPLIC~1\Image Zone Express
      [18/02/2007|10:41] C:\DOCUME~1\KARINE~1\APPLIC~1\InterVideo
      [24/09/2006|19:45] C:\DOCUME~1\KARINE~1\APPLIC~1\Lavasoft
      [22/12/2007|22:23] C:\DOCUME~1\KARINE~1\APPLIC~1\Leadertech
      [06/01/2007|16:02] C:\DOCUME~1\KARINE~1\APPLIC~1\Macromedia
      [13/04/2008|20:36] C:\DOCUME~1\KARINE~1\APPLIC~1\Malwarebytes
      [08/02/2008|21:46] C:\DOCUME~1\KARINE~1\APPLIC~1\Microsoft
      [19/04/2008|17:31] C:\DOCUME~1\KARINE~1\APPLIC~1\MyPhoneExplorer
      [08/03/2007|17:14] C:\DOCUME~1\KARINE~1\APPLIC~1\MySpace
      [25/09/2006|14:04] C:\DOCUME~1\KARINE~1\APPLIC~1\PatchUpdate_HP_CounterReport_Update_HPSU.log
      [06/01/2007|16:02] C:\DOCUME~1\KARINE~1\APPLIC~1\PlayFirst
      [25/09/2006|14:12] C:\DOCUME~1\KARINE~1\APPLIC~1\Real
      [01/04/2007|16:19] C:\DOCUME~1\KARINE~1\APPLIC~1\Screenshot Sender
      [25/01/2005|14:18] C:\DOCUME~1\KARINE~1\APPLIC~1\Sonic
      [25/09/2006|14:10] C:\DOCUME~1\KARINE~1\APPLIC~1\Sun
      [25/01/2005|14:52] C:\DOCUME~1\KARINE~1\APPLIC~1\Symantec
      [04/10/2006|00:38] C:\DOCUME~1\KARINE~1\APPLIC~1\Teleca
      [25/01/2005|13:24] C:\DOCUME~1\KARINE~1\APPLIC~1\toshiba
      [25/09/2006|14:33] C:\DOCUME~1\KARINE~1\APPLIC~1\Update_HP_RedboxHprblog_HPSU.log
      [20/10/2006|21:30] C:\DOCUME~1\KARINE~1\APPLIC~1\vlc

      [05/12/2006|18:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

      [18/12/2007|13:04] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

      ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

      [16/04/2008 19:24][--a--c---] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
      [22/01/2008 14:59][--a--c---] C:\WINDOWS\tasks\WebReg 20060925135956.job
      [18/04/2007 13:59][--a--c---] C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1159185512.job
      [09/05/2008 10:17][--a--c---] C:\WINDOWS\tasks\Symantec NetDetect.job
      [24/09/2006 17:27][--a--c---] C:\WINDOWS\tasks\Rappel d'enregistrement 3.job
      [24/09/2006 17:27][--a--c---] C:\WINDOWS\tasks\Rappel d'enregistrement 2.job
      [24/09/2006 17:27][--a--c---] C:\WINDOWS\tasks\Rappel d'enregistrement 1.job
      [09/05/2008 09:51][--ah-c---] C:\WINDOWS\tasks\SA.DAT
      [05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

      ---------------[ Listing des dossiers dans C:\Program Files ]--------------

      [13/01/2008|15:31] C:\Program Files\Adobe
      [06/01/2007|16:26] C:\Program Files\Alawar
      [24/09/2006|18:40] C:\Program Files\Alwil Software
      [16/06/2005|09:30] C:\Program Files\Analog Devices
      [10/04/2008|19:57] C:\Program Files\antivir_workstation_win7u_en_h.exe
      [16/04/2008|18:53] C:\Program Files\Apple Software Update
      [26/12/2006|12:48] C:\Program Files\a-squared Anti-Malware
      [06/04/2008|16:38] C:\Program Files\a-squared Free
      [16/11/2006|13:54] C:\Program Files\ATI Technologies
      [10/04/2008|19:58] C:\Program Files\Avira
      [06/01/2007|16:30] C:\Program Files\BFG
      [24/01/2005|13:40] C:\Program Files\ComPlus Applications
      [28/02/2007|15:06] C:\Program Files\Diddl Screenmate
      [31/01/2008|16:40] C:\Program Files\DivX
      [04/10/2006|00:22] C:\Program Files\DivXInstaller.exe
      [20/10/2006|21:26] C:\Program Files\DivXPlay.exe
      [15/01/2008|12:35] C:\Program Files\EA GAMES
      [09/05/2008|10:44] C:\Program Files\eMule
      [24/09/2006|19:27] C:\Program Files\eMule0.47c-Installer.exe
      [30/03/2007|14:59] C:\Program Files\eMule047c.exe
      [11/03/2007|16:22] C:\Program Files\EPSON
      [01/02/2008|20:30] C:\Program Files\Fichiers communs
      [06/01/2007|16:10] C:\Program Files\GameHouse
      [10/04/2008|19:23] C:\Program Files\Google
      [24/09/2006|19:33] C:\Program Files\GoogleToolbarInstaller.exe
      [30/03/2008|23:51] C:\Program Files\Grisoft
      [08/04/2007|16:49] C:\Program Files\Hasbro Interactive
      [25/09/2006|14:24] C:\Program Files\Hewlett-Packard
      [25/09/2006|14:24] C:\Program Files\HP
      [25/01/2008|15:29] C:\Program Files\hpothb07.dat
      [25/01/2008|15:29] C:\Program Files\hpothb07.tif
      [24/09/2006|19:41] C:\Program Files\Install_Messenger.exe
      [16/04/2008|19:00] C:\Program Files\InstallShield Installation Information
      [25/01/2005|11:49] C:\Program Files\Intel
      [10/04/2008|19:02] C:\Program Files\Internet Explorer
      [25/01/2005|14:13] C:\Program Files\InterVideo
      [01/02/2008|20:30] C:\Program Files\Inventel
      [16/04/2008|19:33] C:\Program Files\iPod
      [16/04/2008|19:33] C:\Program Files\iTunes
      [10/04/2008|19:07] C:\Program Files\Java
      [11/10/2006|00:34] C:\Program Files\klcodec277f.exe
      [24/09/2006|19:45] C:\Program Files\Lavasoft
      [25/01/2005|12:09] C:\Program Files\ltmoh
      [11/10/2006|00:56] C:\Program Files\Luxor 2
      [16/02/2008|22:05] C:\Program Files\Luxor 3
      [01/06/2007|14:21] C:\Program Files\Macrogaming
      [06/01/2007|16:19] C:\Program Files\Magic Ball 2
      [13/04/2008|20:36] C:\Program Files\Malwarebytes' Anti-Malware
      [16/06/2005|09:14] C:\Program Files\Messenger
      [01/06/2007|14:18] C:\Program Files\Microsoft CAPICOM 2.1.0.2
      [24/01/2005|13:44] C:\Program Files\microsoft frontpage
      [24/09/2006|19:43] C:\Program Files\Microsoft Office
      [24/09/2006|19:42] C:\Program Files\Microsoft.NET
      [24/01/2005|13:41] C:\Program Files\Movie Maker
      [11/10/2006|00:21] C:\Program Files\mp10setup.exe
      [16/11/2006|13:16] C:\Program Files\MsgPlus-363.exe
      [16/11/2006|13:17] C:\Program Files\MsgPlusLive-410.exe
      [24/01/2005|13:39] C:\Program Files\MSN
      [27/04/2008|09:00] C:\Program Files\MSN Games
      [24/01/2005|13:39] C:\Program Files\MSN Gaming Zone
      [25/01/2008|15:54] C:\Program Files\MyPhoneExplorer
      [08/03/2007|16:20] C:\Program Files\MySpace
      [24/01/2005|13:41] C:\Program Files\NetMeeting
      [24/09/2006|20:03] C:\Program Files\OfficeUpdate11
      [24/01/2005|13:39] C:\Program Files\Online Services
      [06/01/2007|16:47] C:\Program Files\orange
      [12/06/2007|02:43] C:\Program Files\Outlook Express
      [11/10/2006|00:25] C:\Program Files\pack_ultime.exe
      [16/04/2008|19:31] C:\Program Files\QuickTime
      [24/09/2006|22:53] C:\Program Files\Real
      [06/04/2008|18:13] C:\Program Files\RegCleaner
      [26/06/2007|11:58] C:\Program Files\SAGEM
      [16/04/2008|19:00] C:\Program Files\SAGEM WiFi manager
      [24/01/2005|13:42] C:\Program Files\Services en ligne
      [24/09/2006|18:40] C:\Program Files\setupfre.exe
      [11/10/2006|01:10] C:\Program Files\SLD Codec Pack
      [11/10/2006|01:09] C:\Program Files\sld.codec.pack.2.2.exe
      [25/01/2005|14:25] C:\Program Files\Sonic
      [30/03/2008|23:51] C:\Program Files\Spybot - Search & Destroy
      [24/09/2006|18:33] C:\Program Files\spybotsd14.exe
      [24/09/2006|18:29] C:\Program Files\Symantec
      [25/01/2005|12:02] C:\Program Files\Synaptics
      [16/11/2006|13:37] C:\Program Files\THQ
      [22/01/2007|00:04] C:\Program Files\TOSHIBA
      [04/05/2008|18:30] C:\Program Files\Trend Micro
      [26/01/2005|15:18] C:\Program Files\Uninstall Information
      [20/10/2006|21:30] C:\Program Files\VideoLAN
      [20/10/2006|21:30] C:\Program Files\vlc-0.8.5-win32.exe
      [09/04/2008|18:59] C:\Program Files\Wanadoo
      [11/10/2006|00:18] C:\Program Files\Winamp
      [18/12/2007|13:06] C:\Program Files\Windows Live
      [05/12/2006|18:45] C:\Program Files\Windows Media Connect 2
      [05/12/2006|18:45] C:\Program Files\Windows Media Player
      [24/01/2005|13:39] C:\Program Files\Windows NT
      [11/10/2006|00:21] C:\Program Files\WindowsMedia-Q828026-x86-FRA.exe
      [24/01/2005|13:42] C:\Program Files\WindowsUpdate
      [02/05/2008|09:33] C:\Program Files\WinRAR
      [09/04/2008|19:18] C:\Program Files\WordBiz
      [24/09/2006|23:38] C:\Program Files\WordBiz18.exe
      [25/09/2006|14:14] C:\Program Files\wrar361.exe
      [24/01/2005|13:44] C:\Program Files\xerox

      ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

      [16/06/2007|10:20] C:\Program Files\Fichiers communs\Adobe
      [30/12/2007|14:50] C:\Program Files\Fichiers communs\Apple
      [24/09/2006|19:43] C:\Program Files\Fichiers communs\DESIGNER
      [01/02/2008|20:30] C:\Program Files\Fichiers communs\FDEUnInstaller.exe
      [25/09/2006|13:55] C:\Program Files\Fichiers communs\Hewlett-Packard
      [25/09/2006|14:24] C:\Program Files\Fichiers communs\HP
      [25/01/2005|12:03] C:\Program Files\Fichiers communs\InstallShield
      [24/01/2005|13:55] C:\Program Files\Fichiers communs\Java
      [27/04/2008|09:01] C:\Program Files\Fichiers communs\Microsoft Shared
      [24/01/2005|13:41] C:\Program Files\Fichiers communs\MSSoap
      [24/01/2005|14:33] C:\Program Files\Fichiers communs\ODBC
      [24/09/2006|22:54] C:\Program Files\Fichiers communs\Real
      [24/01/2005|13:41] C:\Program Files\Fichiers communs\Services
      [24/01/2005|14:33] C:\Program Files\Fichiers communs\SpeechEngines
      [24/09/2006|18:29] C:\Program Files\Fichiers communs\Symantec Shared
      [12/06/2007|02:43] C:\Program Files\Fichiers communs\System
      [04/10/2006|00:19] C:\Program Files\Fichiers communs\Teleca Shared
      [17/12/2007|13:18] C:\Program Files\Fichiers communs\WindowsLiveInstaller
      [24/09/2006|22:54] C:\Program Files\Fichiers communs\xing shared

      ---------------------------[ Process ]--------------------------

      ... 38

      ... OK !

      ----------------------[ Recherche avec S_Lop ]---------------------

      Aucun fichier / dossier Lop trouvé !

      -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

      Aucun fichier / dossier Lop trouvé !

      ----------------------[ Verification du Registre ]----------------------

      ..... OK !

      --------------------[ Verification du fichier Hosts ]---------------------

      Fichier Hosts PROPRE


      ----------------[ Recherche de fichiers avec Catchme ]-----------------

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-09 10:20:11
      Windows 5.1.2600 Service Pack 2 NTFS
      scanning hidden processes ...
      scanning hidden files ...
      scan completed successfully
      hidden processes: 0
      hidden files: 0

      --------------------[ Recherche d'autres infections ]---------------------


      Aucune autre infection trouvée !

      /!\ [Fich:7][Doss:2] C:\DOCUME~1\KARINE~1\LOCALS~1\Temp
      /!\ [Fich:339][Doss:0] C:\DOCUME~1\KARINE~1\Cookies
      /!\ [Fich:3694][Doss:5] C:\DOCUME~1\KARINE~1\LOCALS~1\TEMPOR~1\content.IE5

      --------------------[ Fin du rapport a 10:21:04,77 ]----------------------
      0
  20. ludsfa Messages postés 1287 Statut Membre 15
     
    salut ninou,

    pou moi c'est pas mal

    passe un coup de CCleaner pour nettoyer ta base de registre .

    voici le tuto Ccleaner lit bien tout et nettoie ton registre:
    https://www.malekal.com/tutoriel-ccleaner/

    Quand tu télécharge Ccleaner lors de l'installation tu devra décocher la case yahoo toolbar.
    0