virus lien photo

Question

Bonjour,
voilà, moi aussi j'ai reçu le message me disant "qu'est ce que ta photo fait sur ce site?" et j'ai cliqué dessus!! depuis, mon msn bug!! d'aillleurs, depuis heir je n'arrive plus a me connecter .... 
j'ai parcouru un peu le forum et j'ai vu qu'il fallait faire un scan avec hijackthis , donc, je l'ai téléchargé et je l'ai fait.....je vous publie le rapport ...
j'espère que quelqu'un pourra m'aider parce que niveau informatique, je suis super nulle!!! ^^
donc, merci d'avance pour votre aide!!!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:25:27, on 10/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\Program Files\Hotbar\bin\10.0.356.0\HotbarSA.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Livecom\APPLIC~1\Exe\Livecom.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Hotbar\bin\10.0.356.0\Weather.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\PROGRA~1\Livecom\APPLIC~1\eConfv4\livecomp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Hotbar /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B9499803B2A2303766A - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Hotbar\bin\10.0.356.0\HostIE.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet
ewdotnet7_48.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Hotbar - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Hotbar\bin\10.0.356.0\HostIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [HotbarSA] "C:\Program Files\Hotbar\bin\10.0.356.0\HotbarSA.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWSeminder\fsc-reminder.exe 2453721 14
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Livecom] "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Hotbar\bin\10.0.356.0\Weather.exe" -auto
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\Messager.exe" (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\Messager.exe" (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/WebfettiInitialSetup1.0.0.15-3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pineapple101.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F49B0312-A43F-497F-B9B6-C50E3869AA5A}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: bw+0 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {519AD519-3D49-4963-9881-7EC4A7B90C39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

Powax · Answer

Bonjour,

1) Télécharge MSNFix.zip sur ton bureau: http://sosvirus.changelog.fr/MSNFix.zip

    * Décompresse-le (clic droit << Extraire ici) et double-clique sur le fichier MSNFix.bat
    * Exécute l'option R
    * Si l'infection est détectée, exécute l'option N
    * Sauvegarde le rapport puis copie/colle-le ici

2) Télécharge BTFix : http://cluster1.easy-hebergement.net/

Dézippe l'archive sur ton Bureau

    * Ouvre le dossier BTFix
    * Double clique sur BTFix.exe
    * Clique sur Rechercher
    * Un rapport va apparaître, copie/colle-le dans ta prochaine réponse

cacahuète · Answer

MSNFix 1.701  
 
C:\Documents and Settings\Ga‰lle Murcy\Bureau\msnfix\MSNFix 
Fix exécuté le 10/04/2008 - 17:23:07,10 By Ga‰lle Murcy 
mode normal    
    
************************ Recherche les fichiers présents      
    
Aucun Fichier trouvé 
 
************************ Recherche les dossiers présents       
 
... C:\WINDOWS\system32\updatelinkmsn\ 
 
 
 
 
************************ Suppression des fichiers       
    



je dois faire quoi maintenant????
en tout cas, merci beaucoup de m'aider!!! c'est sympa!^^

 
 
************************ Suppression des dossiers       
 
/!\ ...  C:\WINDOWS\system32\updatelinkmsn\   
 
 
************************ Nettoyage du registre 
 
bonjour!!! 
voilà ce que j'ai eu avec msnfix = 
 
************************ Fichiers suspects 
 
Aucun Fichier trouvé 
 
  
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 10042008_17235571.zip
 
************************ HKLM\...\Winlogon\Userinit 
 
Userinit = C:\WINDOWS\system32\userinit.exe, 


------------------------------------------------------------------------  
Auteur : !aur3n7                     Contact: https://www.ionos.fr/     
------------------------------------------------------------------------   
 
---------------------------------------------   END   --------------------------------------------- 
 





voilà ce que j'ai eu avec BetFix=

BTFix 1.095 (par bibi26) - 10/04/2008 17:27:33 - Analyse
Lancé depuis C:\Documents and Settings\Gaëlle Murcy\Bureau\btfix\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés

 - [Heuristique : Hotbar] C:\WINDOWS\system32\hotewldf.exe
 - [Heuristique : Hotbar] C:\WINDOWS\system32\xqsxomtv.exe
 - C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
 - C:\Program Files\ShoppingReport\
 - C:\Program Files\Hotbar\
 - C:\Program Files\FunWebProducts\
 - C:\Program Files\ShopperReports\
 - C:\Documents and Settings\Gaëlle Murcy\Application Data\ShoppingReport\
 - C:\Documents and Settings\Gaëlle Murcy\Application Data\HbTools\
 - C:\Documents and Settings\Gaëlle Murcy\Application Data\Hotbar\
 - C:\Documents and Settings\Gaëlle Murcy\Application Data\WeatherDPA\
 - C:\Documents and Settings\All Users\Application Data\HotbarSA\
 - C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65\
 - C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hotbar\

---> Analyse terminée le 10/04/2008 17:27:40

cacahuète · Answer

oula! jcrois que ya eu un petit bug..

jte republie ce que j'ai eu avec MSnfix=

MSNFix 1.701  
 
C:\Documents and Settings\Ga‰lle Murcy\Bureau\msnfix\MSNFix 
Fix exécuté le 10/04/2008 - 17:23:07,10 By Ga‰lle Murcy 
mode normal    
    
************************ Recherche les fichiers présents      
    
Aucun Fichier trouvé 
 
************************ Recherche les dossiers présents       
 
... C:\WINDOWS\system32\updatelinkmsn\ 
 
 
 
 
************************ Suppression des fichiers       
    
 
 
************************ Suppression des dossiers       
 
/!\ ...  C:\WINDOWS\system32\updatelinkmsn\   
 
 
************************ Nettoyage du registre 
 
 
 
************************ Fichiers suspects 
 
Aucun Fichier trouvé 
 
  
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 10042008_17235571.zip
 
************************ HKLM\...\Winlogon\Userinit 
 
Userinit = C:\WINDOWS\system32\userinit.exe, 


------------------------------------------------------------------------  
Auteur : !aur3n7                     Contact: https://www.ionos.fr/     
------------------------------------------------------------------------   
 
---------------------------------------------   END   --------------------------------------------- 
 






^^

Powax · Answer

Très bien

* Ouvre à nouveau BTFix
    * Clique sur Nettoyer
    * Un rapport va apparaître, copie/colle-le dans ta prochaine réponse stp

Powax · Answer

Parfait

Poste un nouveau rapport HiJackThis stp

Powax · Answer

Bonjour,

* télécharge, installe et scanne avec: http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware

Poste le rapport stp.

* télécharge, installe et scanne avec: http://www.commentcamarche.net/telecharger/telecharger 34055042 trojan remover

Poste le rapport stp.

cacahuète · Answer

bonjour!!!!!

j'ai fait un scan avec avg antispyware et voilà le rapport=

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	19:39:02 15/04/2008

 + Résultat de l'analyse:	



C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050928.exe -> Adware.180Solutions : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050929.exe -> Adware.180Solutions : Ignoré.
C:\Documents and Settings\Gaëlle Murcy\Mes documents\Mes images\peintures\globalfireworks.exe -> Adware.Gator : Ignoré.
C:\RECYCLER\S-1-5-21-2347378556-2114766761-2044428692-1007\Dc263\peintures\globalfireworks.exe -> Adware.Gator : Ignoré.
C:\Documents and Settings\Gaëlle Murcy\Bureau\btfix\BTFix\BTFixBackups\hotewldf.exe -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050934.exe -> Adware.Hotbar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050935.dll -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050936.dll -> Adware.Hotbar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050937.dll -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050938.dll -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050939.exe -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050942.dll -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050943.exe -> Adware.Hotbar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050945.exe -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050947.dll -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050948.dll -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050949.exe -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050950.dll -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050951.dll -> Adware.Hotbar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050952.dll -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050953.dll -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050954.exe -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050955.exe -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050956.dll -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050958.exe -> Adware.Hotbar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050959.exe -> Adware.Hotbar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050961.dll -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050962.dll -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050963.exe -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050964.dll -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050965.dll -> Adware.Hotbar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050966.dll -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050967.dll -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050968.exe -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050969.exe -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050970.dll -> Adware.Hotbar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050971.dll -> Adware.Hotbar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050972.exe -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050973.exe -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050975.exe -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050976.dll -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050977.dll -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050978.exe -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050979.dll -> Adware.Hotbar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050980.exe -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050999.dll -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0051000.dll -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0051001.dll -> Adware.HotBar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0051002.dll -> Adware.Hotbar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0051003.exe -> Adware.Hotbar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0051004.dll -> Adware.Hotbar : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP98\A0065398.exe -> Adware.HotBar : Ignoré.
C:\Program Files\NewDotNet -> Adware.NewDotNet : Ignoré.
C:\Program Files\NewDotNet
ewdotnet7_48.dll -> Adware.NewDotNet : Ignoré.
C:\Program Files\NewDotNeteadme.html -> Adware.NewDotNet : Ignoré.
C:\Program Files\NewDotNet\uninstall6_38.exe -> Adware.NewDotNet : Ignoré.
C:\Program Files\NewDotNet\uninstall7_48.exe -> Adware.NewDotNet : Ignoré.
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Ignoré.
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Ignoré.
C:\WINDOWS\NDNuninstall7_48.exe -> Adware.NewDotNet : Ignoré.
HKLM\SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Ignoré.
HKLM\SOFTWARE\Classes\Tldctl2.URLLink -> Adware.NewDotNet : Ignoré.
HKLM\SOFTWARE\Classes\Tldctl2.URLLink.1 -> Adware.NewDotNet : Ignoré.
HKLM\SOFTWARE\Classes\Tldctl2.URLLink\CLSID -> Adware.NewDotNet : Ignoré.
HKLM\SOFTWARE\Classes\Tldctl2.URLLink\CurVer -> Adware.NewDotNet : Ignoré.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Ignoré.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net -> Adware.NewDotNet : Ignoré.
HKLM\SOFTWARE\New.net -> Adware.NewDotNet : Ignoré.
HKU\S-1-5-21-2347378556-2114766761-2044428692-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Ignoré.
HKU\S-1-5-21-2347378556-2114766761-2044428692-1007\Software\New.net -> Adware.NewDotNet : Ignoré.
[1132] C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL -> Adware.NewDotNet : Ignoré.
[3248] C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL -> Adware.NewDotNet : Ignoré.
[3564] C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL -> Adware.NewDotNet : Ignoré.
[3748] C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL -> Adware.NewDotNet : Ignoré.
[4284] C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL -> Adware.NewDotNet : Ignoré.
[5420] C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL -> Adware.NewDotNet : Ignoré.
[716] C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL -> Adware.NewDotNet : Ignoré.
C:\WINDOWS\system32k.bin -> Adware.RK : Ignoré.
C:\WINDOWS\system32lvknlg.exe -> Adware.RK : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050944.exe -> Adware.Shopper : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050982.dll -> Adware.Shopper : Ignoré.
C:\Documents and Settings\Gaëlle Murcy\Bureau\btfix\BTFix\BTFixBackups\xqsxomtv.exe -> Not-A-Virus.Adware.180Solutions : Ignoré.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP98\A0066391.exe -> Not-A-Virus.Adware.180Solutions : Ignoré.
C:\Program Files\Global Fireworks Screensaver\GlobalFireworks.exe -> Not-A-Virus.Adware.GAINNetwork : Ignoré.
C:\Documents and Settings\Gaëlle Murcy\Cookies\gaëlle_murcy@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Ignoré.
C:\Documents and Settings\Gaëlle Murcy\Cookies\gaëlle_murcy@burstnet[1].txt -> TrackingCookie.Burstnet : Ignoré.
C:\Documents and Settings\Gaëlle Murcy\Cookies\gaëlle_murcy@estat[1].txt -> TrackingCookie.Estat : Ignoré.
C:\Documents and Settings\Gaëlle Murcy\Cookies\gaëlle_murcy@data3.perf.overture[1].txt -> TrackingCookie.Overture : Ignoré.
:mozilla.13:C:\Documents and Settings\Gaëlle Murcy\Application Data\Mozilla\Firefox\Profiles\zlwjngs6.default\cookies.txt -> TrackingCookie.Real : Ignoré.
:mozilla.14:C:\Documents and Settings\Gaëlle Murcy\Application Data\Mozilla\Firefox\Profiles\zlwjngs6.default\cookies.txt -> TrackingCookie.Real : Ignoré.
C:\Documents and Settings\Gaëlle Murcy\Cookies\gaëlle_murcy@france.real[2].txt -> TrackingCookie.Real : Ignoré.
C:\Documents and Settings\Gaëlle Murcy\Cookies\gaëlle_murcy@realguide.real[1].txt -> TrackingCookie.Real : Ignoré.
C:\Documents and Settings\Gaëlle Murcy\Cookies\gaëlle_murcy@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Ignoré.
C:\Documents and Settings\Gaëlle Murcy\Cookies\gaëlle_murcy@m.webtrends[2].txt -> TrackingCookie.Webtrends : Ignoré.
C:\Addon\proginst.exe -> Trojan.Small.gv : Ignoré.


Fin du rapport







par contre, je n'ai pas encore eu le temps de faire un scan avec trojan remover mais j'essayerai de le faire dès que possible!! 

^^

cacahuète · Answer

boujour!!
voilà la suite!!
le scan avec Trojan remover=

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.5.9, Build 2457. For information, email simplysupsupport@aol.com
[Unregistered version]
Scan started at: 16/04/2008 16:40:04
Using Database v6759
Operating System: Windows XP Home Edition Service Pack 2 (Build 2600)
Using data directory: C:\Documents and Settings\Gaëlle Murcy\Application Data\Simply Super Software\Trojan Remover\
Logfile directory:    C:\Documents and Settings\Gaëlle Murcy\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Running with Administrator privileges


**************************************************
Checking Registry exefile command for modifications
Checking Registry comfile command for modifications
Checking Registry piffile command for modifications
Checking Registry batfile command for modifications
Checking Registry regfile command for modifications
Checking Registry cmdfile command for modifications
Checking Registry scrfile command for modifications

******************************
16:40:04: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

******************************
16:40:04: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
The SCRNSAVE.EXE statement on line 14 attempts to load the following program(s):
C:\WINDOWS\system32\GLOBAL~1.SCR - this command has been left in place

******************************
16:40:04: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

******************************
16:40:06: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Explorer.exe - this entry has been left in place
----------
This key's "Userinit" value calls the following program(s):
C:\WINDOWS\system32\userinit.exe - this entry has been left in place
----------
This key's "System" value appears to be blank
----------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = ATIPTA
Value Data = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe - this command has been left in place
--------------------
Value Name = SynTPLpr
Value Data = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe - this command has been left in place
--------------------
Value Name = SynTPEnh
Value Data = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - this command has been left in place
--------------------
Value Name = SMSERIAL
Value Data = sm56hlpr.exe - this command has been left in place
--------------------
Value Name = AudioDeck
Value Data = C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1  - this command has been left in place
--------------------
Value Name = NeroFilterCheck
Value Data = C:\WINDOWS\system32\NeroCheck.exe - this command has been left in place
--------------------
Value Name = PCMService
Value Data = C:\Program Files\CyberLink\PowerCinema\PCMService.exe - this command has been left in place
--------------------
Value Name = RemoteControl
Value Data = C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe - this command has been left in place
--------------------
Value Name = CnxDslTaskBar
Value Data = C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852 - this command has been left in place
--------------------
Value Name = WOOWATCH
Value Data = C:\PROGRA~1\Wanadoo\Watch.exe - this command has been left in place
--------------------
Value Name = WOOTASKBARICON
Value Data = C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe - this command has been left in place [file not found to scan]
--------------------
Value Name = HP Software Update
Value Data = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe - this command has been left in place
--------------------
Value Name = LVCOMSX
Value Data = C:\WINDOWS\system32\LVCOMSX.EXE - this command has been left in place
--------------------
Value Name = LogitechVideoRepair
Value Data = C:\Program Files\Logitech\Video\ISStart.exe  - this command has been left in place
--------------------
Value Name = LogitechVideoTray
Value Data = C:\Program Files\Logitech\Video\LogiTray.exe - this command has been left in place
--------------------
Value Name = New.net Startup
Value Data = rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s - this command has been left in place [file not found to scan]
--------------------
Value Name = Zone Labs Client
Value Data = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe - this command has been left in place
--------------------
Value Name = F-Secure Manager
Value Data = C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash - this command has been left in place
--------------------
Value Name = F-Secure TNB
Value Data = C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW - this command has been left in place
--------------------
Value Name = F-Secure Startup Wizard
Value Data = C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot - this command has been left in place
--------------------
Value Name = News Service
Value Data = C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe - this command has been left in place
--------------------
Value Name = SunJavaUpdateSched
Value Data = C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe - this command has been left in place
--------------------
Value Name = QuickTime Task
Value Data = C:\Program Files\QuickTime\qttask.exe" -atboottime - this command has been left in place
--------------------
Value Name = TkBellExe
Value Data = C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot - this command has been left in place
--------------------
Value Name = !AVG Anti-Spyware
Value Data = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized - this command has been left in place
--------------------
Value Name = TrojanScanner
Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
--------------------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = CTFMON.EXE
Value Data = C:\WINDOWS\system32\ctfmon.exe - this command has been left in place
--------------------
Value Name = fsc-reminder.exe
Value Data = C:\WINDOWSeminder\fsc-reminder.exe 2453721 14 - this command has been left in place
--------------------
Value Name = Yahoo! Pager
Value Data = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet - this command has been left in place
--------------------
Value Name = WOOKIT
Value Data = C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe - this command has been left in place [file not found to scan]
--------------------
Value Name = MsnMsgr
Value Data = C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background - this command has been left in place [file not found to scan]
--------------------
Value Name = Livecom
Value Data = C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen - this command has been left in place
--------------------
Value Name = LDM
Value Data = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe - this command has been left in place
--------------------
Value Name = LogitechSoftwareUpdate
Value Data = C:\Program Files\Logitech\Video\ManifestEngine.exe" boot - this command has been left in place
--------------------
Value Name = Skype
Value Data = C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized - this command has been left in place
--------------------
Value Name = updateMgr
Value Data = C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 - this command has been left in place
--------------------
Value Name = swg
Value Data = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - this command has been left in place
--------------------
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

******************************
16:40:13: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File:      shell32.dll - this file is expected and has been left in place
----------
ValueName: {57B86673-276A-48B2-BAE7-C6DBB3020EB8}
Value:     AVG Anti-Spyware 7.5
File:      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll - this ShellExecuteHook has been left in place
----------

******************************
16:40:13: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Registry Run Keys Hidden Entries found
----------

******************************
16:40:15: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver=C:\WINDOWS\system32\GLOBAL~1.SCR - this command has been left in place
--------------------

******************************
16:40:15: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Checking the StubPath calls in the Active Setup\Installed Components registry keys:
Key=<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
StubPath=C:\WINDOWS\system32\ieudinit.exe - this reference has been left in place
----------
Key=>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
StubPath=C:\WINDOWS\inf\unregmp2.exe - this reference has been left in place
----------
Key=>{26923b43-4d38-484f-9b9e-de460746276c}
StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
----------
Key=>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
----------
Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
StubPath=C:\WINDOWS\system32egsvr32.exe - this reference has been left in place
----------
Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={7790769C-0471-11d2-AF11-00C04FA35D02}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4340}
StubPath=regsvr32.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4383}
StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
----------

******************************
16:40:17: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Checking DLL files called from the CurrentControlSet\Services Keys:
--------------------
Key=Alerter
ServiceDLL=%SystemRoot%\system32\alrsvc.dll - this reference has been left in place
--------------------
Key=AppMgmt
ServiceDLL=%SystemRoot%\System32\appmgmts.dll - this file is globally excluded (file cannot be found)
--------------------
Key=AudioSrv
ServiceDLL=%SystemRoot%\System32\audiosrv.dll - this reference has been left in place
--------------------
Key=BITS
ServiceDLL=C:\WINDOWS\system32\qmgr.dll - this reference has been left in place
--------------------
Key=Browser
ServiceDLL=%SystemRoot%\System32\browser.dll - this reference has been left in place
--------------------
Key=CryptSvc
ServiceDLL=%SystemRoot%\System32\cryptsvc.dll - this reference has been left in place
--------------------
Key=DcomLaunch
ServiceDLL=%SystemRoot%\system32pcss.dll - this reference has been left in place
--------------------
Key=Dhcp
ServiceDLL=%SystemRoot%\System32\dhcpcsvc.dll - this reference has been left in place
--------------------
Key=dmserver
ServiceDLL=%SystemRoot%\System32\dmserver.dll - this reference has been left in place
--------------------
Key=Dnscache
ServiceDLL=%SystemRoot%\System32\dnsrslvr.dll - this reference has been left in place
--------------------
Key=ERSvc
ServiceDLL=%SystemRoot%\System32\ersvc.dll - this reference has been left in place
--------------------
Key=EventSystem
ServiceDLL=C:\WINDOWS\system32\es.dll - this reference has been left in place
--------------------
Key=FastUserSwitchingCompatibility
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=helpsvc
ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place
--------------------
Key=HidServ
ServiceDLL=%SystemRoot%\System32\hidserv.dll - this file is globally excluded (file cannot be found)
--------------------
Key=HTTPFilter
ServiceDLL=%SystemRoot%\System32\w3ssl.dll - this reference has been left in place
--------------------
Key=lanmanserver
ServiceDLL=%SystemRoot%\System32\srvsvc.dll - this reference has been left in place
--------------------
Key=lanmanworkstation
ServiceDLL=%SystemRoot%\System32\wkssvc.dll - this reference has been left in place
--------------------
Key=LmHosts
ServiceDLL=%SystemRoot%\System32\lmhsvc.dll - this reference has been left in place
--------------------
Key=Messenger
ServiceDLL=%SystemRoot%\System32\msgsvc.dll - this reference has been left in place
--------------------
Key=Netman
ServiceDLL=%SystemRoot%\System32
etman.dll - this reference has been left in place
--------------------
Key=Nla
ServiceDLL=%SystemRoot%\System32\mswsock.dll - this reference has been left in place
--------------------
Key=NtmsSvc
ServiceDLL=%SystemRoot%\system32
tmssvc.dll - this reference has been left in place
--------------------
Key=RasAuto
ServiceDLL=%SystemRoot%\System32asauto.dll - this reference has been left in place
--------------------
Key=RasMan
ServiceDLL=%SystemRoot%\System32asmans.dll - this reference has been left in place
--------------------
Key=RemoteAccess
ServiceDLL=%SystemRoot%\System32\mprdim.dll - this reference has been left in place
--------------------
Key=RpcSs
ServiceDLL=%SystemRoot%\system32pcss.dll - this reference has been left in place
--------------------
Key=Schedule
ServiceDLL=%SystemRoot%\system32\schedsvc.dll - this reference has been left in place
--------------------
Key=seclogon
ServiceDLL=%SystemRoot%\System32\seclogon.dll - this reference has been left in place
--------------------
Key=SENS
ServiceDLL=%SystemRoot%\system32\sens.dll - this reference has been left in place
--------------------
Key=SharedAccess
ServiceDLL=%SystemRoot%\System32\ipnathlp.dll - this reference has been left in place
--------------------
Key=ShellHWDetection
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=srservice
ServiceDLL=C:\WINDOWS\system32\srsvc.dll - this reference has been left in place
--------------------
Key=SSDPSRV
ServiceDLL=%SystemRoot%\System32\ssdpsrv.dll - this reference has been left in place
--------------------
Key=stisvc
ServiceDLL=%SystemRoot%\system32\wiaservc.dll - this reference has been left in place
--------------------
Key=TapiSrv
ServiceDLL=%SystemRoot%\System32	apisrv.dll - this reference has been left in place
--------------------
Key=TermService
ServiceDLL=%SystemRoot%\System32	ermsrv.dll - this reference has been left in place
--------------------
Key=Themes
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=TrkWks
ServiceDLL=%SystemRoot%\system32	rkwks.dll - this reference has been left in place
--------------------
Key=upnphost
ServiceDLL=%SystemRoot%\System32\upnphost.dll - this reference has been left in place
--------------------
Key=W32Time
ServiceDLL=C:\WINDOWS\system32\w32time.dll - this reference has been left in place
--------------------
Key=WebClient
ServiceDLL=%SystemRoot%\System32\webclnt.dll - this reference has been left in place
--------------------
Key=winmgmt
ServiceDLL=%SystemRoot%\system32\wbem\WMIsvc.dll - this reference has been left in place
--------------------
Key=WmdmPmSN
ServiceDLL=C:\WINDOWS\system32\MsPMSNSv.dll - this reference has been left in place
--------------------
Key=wscsvc
ServiceDLL=%SYSTEMROOT%\system32\wscsvc.dll - this reference has been left in place
--------------------
Key=wuauserv
ServiceDLL=C:\WINDOWS\system32\wuauserv.dll - this reference has been left in place
--------------------
Key=WudfSvc
ServiceDLL=%SystemRoot%\System32\WUDFSvc.dll - this reference has been left in place
--------------------
Key=WZCSVC
ServiceDLL=%SystemRoot%\System32\wzcsvc.dll - this reference has been left in place
--------------------
Key=xmlprov
ServiceDLL=%SystemRoot%\System32\xmlprov.dll - this reference has been left in place

******************************
16:40:48: Scanning ----- SERVICES REGISTRY KEYS -----
Checking files called from the CurrentControlSet\Services Keys:
Key=ACPI
ImagePath=system32\DRIVERS\ACPI.sys - this reference has been left in place
----------
Key=ACPIEC
ImagePath=system32\DRIVERS\ACPIEC.sys - this reference has been left in place
----------
Key=aec
ImagePath=system32\drivers\aec.sys - this reference has been left in place
----------
Key=AFD
ImagePath=\SystemRoot\System32\drivers\afd.sys - this reference has been left in place
----------
Key=ALG
ImagePath=%SystemRoot%\System32\alg.exe - this reference has been left in place
----------
Key=AmdK8
ImagePath=system32\DRIVERS\AmdK8.sys - this reference has been left in place
----------
Key=Arp1394
ImagePath=system32\DRIVERS\arp1394.sys - this reference has been left in place
----------
Key=aspnet_state
ImagePath=%SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe - this reference has been left in place
----------
Key=AsyncMac
ImagePath=system32\DRIVERS\asyncmac.sys - this reference has been left in place
----------
Key=atapi
ImagePath=system32\DRIVERS\atapi.sys - this reference has been left in place
----------
Key=Ati HotKey Poller
ImagePath=%SystemRoot%\system32\Ati2evxx.exe - this reference has been left in place
----------
Key=ati2mtag
ImagePath=system32\DRIVERS\ati2mtag.sys - this reference has been left in place
----------
Key=Atmarpc
ImagePath=system32\DRIVERS\atmarpc.sys - this reference has been left in place
----------
Key=audstub
ImagePath=system32\DRIVERS\audstub.sys - this reference has been left in place
----------
Key=AVG Anti-Spyware Driver
ImagePath=\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys - this reference has been left in place
----------
Key=AVG Anti-Spyware Guard
ImagePath=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe - this reference has been left in place
----------
Key=AvgAsCln
ImagePath=System32\DRIVERS\AvgAsCln.sys - this reference has been left in place
----------
Key=BackWeb Plug-in - 6588780
ImagePath=C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE - this reference has been left in place
----------
Key=BCM43XX
ImagePath=system32\DRIVERS\bcmwl5.sys - this reference has been left in place
----------
Key=CAISafe
ImagePath=C:\WINDOWS\system32\ZoneLabs\isafe.exe - this reference has been left in place
----------
Key=CCDECODE
ImagePath=system32\DRIVERS\CCDECODE.sys - this reference has been left in place
----------
Key=Cdrom
ImagePath=system32\DRIVERS\cdrom.sys - this reference has been left in place
----------
Key=CiSvc
ImagePath=%SystemRoot%\system32\cisvc.exe - this reference has been left in place
----------
Key=CLCapSvc
ImagePath="C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe" - this reference has been left in place
----------
Key=ClipSrv
ImagePath=%SystemRoot%\system32\clipsrv.exe - this reference has been left in place
----------
Key=CLSched
ImagePath="C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe" - this reference has been left in place
----------
Key=CmBatt
ImagePath=system32\DRIVERS\CmBatt.sys - this reference has been left in place
----------
Key=CnxEtP
ImagePath=system32\DRIVERS\CnxEtP.sys - this reference has been left in place
----------
Key=CnxEtU
ImagePath=system32\DRIVERS\CnxEtU.sys - this reference has been left in place
----------
Key=CnxTgNW
ImagePath=system32\DRIVERS\CnxTgNW.sys - this reference has been left in place
----------
Key=Compbatt
ImagePath=system32\DRIVERS\compbatt.sys - this reference has been left in place
----------
Key=COMSysApp
ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - this reference has been left in place
----------
Key=CyberLink Media Library Service
ImagePath="C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe" - this reference has been left in place
----------
Key=Disk
ImagePath=system32\DRIVERS\disk.sys - this reference has been left in place
----------
Key=dmadmin
ImagePath=%SystemRoot%\System32\dmadmin.exe /com - this reference has been left in place
----------
Key=dmboot
ImagePath=System32\drivers\dmboot.sys - this reference has been left in place
----------
Key=dmio
ImagePath=System32\drivers\dmio.sys - this reference has been left in place
----------
Key=dmload
ImagePath=System32\drivers\dmload.sys - this reference has been left in place
----------
Key=DMusic
ImagePath=system32\drivers\DMusic.sys - this reference has been left in place
----------
Key=drmkaud
ImagePath=system32\drivers\drmkaud.sys - this reference has been left in place
----------
Key=Eventlog
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=F-Secure Filter
ImagePath=\??\C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys - this reference has been left in place
----------
Key=F-Secure Gatekeeper
ImagePath=\??\C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys - this reference has been left in place
----------
Key=F-Secure Gatekeeper Handler Starter
ImagePath="C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe" - this reference has been left in place
----------
Key=F-Secure Recognizer
ImagePath=\??\C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys - this reference has been left in place
----------
Key=Fax
ImagePath=%systemroot%\system32\fxssvc.exe - this reference has been left in place
----------
Key=FltMgr
ImagePath=system32\DRIVERS\fltMgr.sys - this reference has been left in place
----------
Key=fsbwsys
ImagePath="C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe" - this reference has been left in place
----------
Key=FSDFWD
ImagePath="C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe" - this reference has been left in place
----------
Key=FSFW
ImagePath=System32\drivers\fsdfw.sys - this reference has been left in place
----------
Key=FSMA
ImagePath="C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE" - this reference has been left in place
----------
Key=Ftdisk
ImagePath=system32\DRIVERS\ftdisk.sys - this reference has been left in place
----------
Key=FTRTSVC
ImagePath=C:\WINDOWS\System32\FTRTSVC.exe - this reference has been left in place
----------
Key=Gpc
ImagePath=system32\DRIVERS\msgpc.sys - this reference has been left in place
----------
Key=gusvc
ImagePath="C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" - this reference has been left in place
----------
Key=HPZid412
ImagePath=system32\DRIVERS\HPZid412.sys - this reference has been left in place
----------
Key=HPZipr12
ImagePath=system32\DRIVERS\HPZipr12.sys - this reference has been left in place
----------
Key=HPZius12
ImagePath=system32\DRIVERS\HPZius12.sys - this reference has been left in place
----------
Key=HTTP
ImagePath=System32\Drivers\HTTP.sys - this reference has been left in place
----------
Key=i8042prt
ImagePath=system32\DRIVERS\i8042prt.sys - this reference has been left in place
----------
Key=iaStor
ImagePath=system32\drivers\iaStor.sys - this reference has been left in place
----------
Key=Imapi
ImagePath=system32\DRIVERS\imapi.sys - this reference has been left in place
----------
Key=ImapiService
ImagePath=C:\WINDOWS\system32\imapi.exe - this reference has been left in place
----------
Key=Ip6Fw
ImagePath=system32\DRIVERS\Ip6Fw.sys - this reference has been left in place
----------
Key=IpFilterDriver
ImagePath=system32\DRIVERS\ipfltdrv.sys - this reference has been left in place
----------
Key=IpInIp
ImagePath=system32\DRIVERS\ipinip.sys - this reference has been left in place
----------
Key=IpNat
ImagePath=system32\DRIVERS\ipnat.sys - this reference has been left in place
----------
Key=IPSec
ImagePath=system32\DRIVERS\ipsec.sys - this reference has been left in place
----------
Key=IRENUM
ImagePath=system32\DRIVERS\irenum.sys - this reference has been left in place
----------
Key=isapnp
ImagePath=system32\DRIVERS\isapnp.sys - this reference has been left in place
----------
Key=Kbdclass
ImagePath=system32\DRIVERS\kbdclass.sys - this reference has been left in place
----------
Key=kmixer
ImagePath=system32\drivers\kmixer.sys - this reference has been left in place
----------
Key=LVUSBSta
ImagePath=system32\drivers\lvusbsta.sys - this reference has been left in place
----------
Key=MDM
ImagePath="C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE" - this reference has been left in place
----------
Key=mnmsrvc
ImagePath=C:\WINDOWS\system32\mnmsrvc.exe - this reference has been left in place
----------
Key=Mouclass
ImagePath=system32\DRIVERS\mouclass.sys - this reference has been left in place
----------
Key=MRxDAV
ImagePath=system32\DRIVERS\mrxdav.sys - this reference has been left in place
----------
Key=MRxSmb
ImagePath=system32\DRIVERS\mrxsmb.sys - this reference has been left in place
----------
Key=MSDTC
ImagePath=C:\WINDOWS\system32\msdtc.exe - this reference has been left in place
----------
Key=MSIServer
ImagePath=C:\WINDOWS\system32\msiexec.exe /V - this reference has been left in place
----------
Key=MSKSSRV
ImagePath=system32\drivers\MSKSSRV.sys - this reference has been left in place
----------
Key=MSPCLOCK
ImagePath=system32\drivers\MSPCLOCK.sys - this reference has been left in place
----------
Key=MSPQM
ImagePath=system32\drivers\MSPQM.sys - this reference has been left in place
----------
Key=mssmbios
ImagePath=system32\DRIVERS\mssmbios.sys - this reference has been left in place
----------
Key=MSTEE
ImagePath=system32\drivers\MSTEE.sys - this reference has been left in place
----------
Key=NABTSFEC
ImagePath=system32\DRIVERS\NABTSFEC.sys - this reference has been left in place
----------
Key=NdisIP
ImagePath=system32\DRIVERS\NdisIP.sys - this reference has been left in place
----------
Key=NdisTapi
ImagePath=system32\DRIVERS
distapi.sys - this reference has been left in place
----------
Key=Ndisuio
ImagePath=system32\DRIVERS
disuio.sys - this reference has been left in place
----------
Key=NdisWan
ImagePath=system32\DRIVERS
diswan.sys - this reference has been left in place
----------
Key=NetBIOS
ImagePath=system32\DRIVERS
etbios.sys - this reference has been left in place
----------
Key=NetBT
ImagePath=system32\DRIVERS
etbt.sys - this reference has been left in place
----------
Key=NetDDE
ImagePath=%SystemRoot%\system32
etdde.exe - this reference has been left in place
----------
Key=NetDDEdsdm
ImagePath=%SystemRoot%\system32
etdde.exe - this reference has been left in place
----------
Key=Netlogon
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=NIC1394
ImagePath=system32\DRIVERS
ic1394.sys - this reference has been left in place
----------
Key=NtLmSsp
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=NwlnkFlt
ImagePath=system32\DRIVERS
wlnkflt.sys - this reference has been left in place
----------
Key=NwlnkFwd
ImagePath=system32\DRIVERS
wlnkfwd.sys - this reference has been left in place
----------
Key=odserv
ImagePath="C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE" - this reference has been left in place
----------
Key=ohci1394
ImagePath=system32\DRIVERS\ohci1394.sys - this reference has been left in place
----------
Key=ose
ImagePath="C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE" - this reference has been left in place
----------
Key=PCI
ImagePath=system32\DRIVERS\pci.sys - this reference has been left in place
----------
Key=pepifilter
ImagePath=system32\DRIVERS\lv302af.sys - this reference has been left in place
----------
Key=PID_08A0
ImagePath=system32\DRIVERS\LV302AV.SYS - this reference has been left in place
----------
Key=PlugPlay
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=Pml Driver HPZ12
ImagePath=C:\WINDOWS\system32\HPZipm12.exe - this reference has been left in place
----------
Key=PolicyAgent
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=PptpMiniport
ImagePath=system32\DRIVERSaspptp.sys - this reference has been left in place
----------
Key=Processor
ImagePath=system32\DRIVERS\processr.sys - this reference has been left in place
----------
Key=ProtectedStorage
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=PSched
ImagePath=system32\DRIVERS\psched.sys - this reference has been left in place
----------
Key=Ptilink
ImagePath=system32\DRIVERS\ptilink.sys - this reference has been left in place
----------
Key=PxHelp20
ImagePath=System32\Drivers\PxHelp20.sys - this reference has been left in place
----------
Key=RasAcd
ImagePath=system32\DRIVERSasacd.sys - this reference has been left in place
----------
Key=Rasl2tp
ImagePath=system32\DRIVERSasl2tp.sys - this reference has been left in place
----------
Key=RasPppoe
ImagePath=system32\DRIVERSaspppoe.sys - this reference has been left in place
----------
Key=Raspti
ImagePath=system32\DRIVERSaspti.sys - this reference has been left in place
----------
Key=Rdbss
ImagePath=system32\DRIVERSdbss.sys - this reference has been left in place
----------
Key=RDPCDD
ImagePath=System32\DRIVERS\RDPCDD.sys - this reference has been left in place
----------
Key=RDSessMgr
ImagePath=C:\WINDOWS\system32\sessmgr.exe - this reference has been left in place
----------
Key=redbook
ImagePath=system32\DRIVERSedbook.sys - this reference has been left in place
----------
Key=RpcLocator
ImagePath=%SystemRoot%\system32\locator.exe - this reference has been left in place
----------
Key=RSVP
ImagePath=%SystemRoot%\system32svp.exe - this reference has been left in place
----------
Key=RTL8023xp
ImagePath=system32\DRIVERS\Rtlnicxp.sys - this reference has been left in place
----------
Key=SamSs
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=SCardSvr
ImagePath=%SystemRoot%\System32\SCardSvr.exe - this reference has been left in place
----------
Key=Secdrv
ImagePath=system32\DRIVERS\secdrv.sys - this reference has been left in place
----------
Key=Sfloppy
ImagePath=system32\DRIVERS\sfloppy.sys - this reference has been left in place
----------
Key=SiSRaid2
ImagePath=system32\drivers\SiSRaid2.sys - this reference has been left in place
----------
Key=SLIP
ImagePath=system32\DRIVERS\SLIP.sys - this reference has been left in place
----------
Key=smserial
ImagePath=system32\DRIVERS\smserial.sys - this reference has been left in place
----------
Key=splitter
ImagePath=system32\drivers\splitter.sys - this reference has been left in place
----------
Key=Spooler
ImagePath=%SystemRoot%\system32\spoolsv.exe - this reference has been left in place
----------
Key=sr
ImagePath=system32\DRIVERS\sr.sys - this reference has been left in place
----------
Key=Srv
ImagePath=system32\DRIVERS\srv.sys - this reference has been left in place
----------
Key=streamip
ImagePath=system32\DRIVERS\StreamIP.sys - this reference has been left in place
----------
Key=swenum
ImagePath=system32\DRIVERS\swenum.sys - this reference has been left in place
----------
Key=swmidi
ImagePath=system32\drivers\swmidi.sys - this reference has been left in place
----------
Key=SwPrv
ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{A154A873-8C94-4F30-91F9-B17E78EB1C57} - this reference has been left in place
----------
Key=SynTP
ImagePath=system32\DRIVERS\SynTP.sys - this reference has been left in place
----------
Key=sysaudio
ImagePath=system32\drivers\sysaudio.sys - this reference has been left in place
----------
Key=SysmonLog
ImagePath=%SystemRoot%\system32\smlogsvc.exe - this reference has been left in place
----------
Key=Tcpip
ImagePath=system32\DRIVERS	cpip.sys - this reference has been left in place
----------
Key=TermDD
ImagePath=system32\DRIVERS	ermdd.sys - this reference has been left in place
----------
Key=Update
ImagePath=system32\DRIVERS\update.sys - this reference has been left in place
----------
Key=UPS
ImagePath=%SystemRoot%\System32\ups.exe - this reference has been left in place
----------
Key=usbaudio
ImagePath=system32\drivers\usbaudio.sys - this reference has been left in place
----------
Key=usbccgp
ImagePath=system32\DRIVERS\usbccgp.sys - this reference has been left in place
----------
Key=usbehci
ImagePath=system32\DRIVERS\usbehci.sys - this reference has been left in place
----------
Key=usbhub
ImagePath=system32\DRIVERS\usbhub.sys - this reference has been left in place
----------
Key=usbprint
ImagePath=system32\DRIVERS\usbprint.sys - this reference has been left in place
----------
Key=usbscan
ImagePath=system32\DRIVERS\usbscan.sys - this reference has been left in place
----------
Key=USBSTOR
ImagePath=system32\DRIVERS\USBSTOR.SYS - this reference has been left in place
----------
Key=usbuhci
ImagePath=system32\DRIVERS\usbuhci.sys - this reference has been left in place
----------
Key=VgaSave
ImagePath=\SystemRoot\System32\drivers\vga.sys - this reference has been left in place
----------
Key=ViaIde
ImagePath=system32\DRIVERS\viaide.sys - this reference has been left in place
----------
Key=viamraid
ImagePath=system32\drivers\viamraid.sys - this reference has been left in place
----------
Key=VIAudio
ImagePath=system32\drivers\vinyl97.sys - this reference has been left in place
----------
Key=vsdatant
ImagePath=\??\C:\WINDOWS\system32\vsdatant.sys - this reference has been left in place
----------
Key=VSS
ImagePath=%SystemRoot%\System32\vssvc.exe - this reference has been left in place
----------
Key=Wanarp
ImagePath=system32\DRIVERS\wanarp.sys - this reference has been left in place
----------
Key=wdmaud
ImagePath=system32\drivers\wdmaud.sys - this reference has been left in place
----------
Key=WLSetupSvc
ImagePath="C:\Program Files\Windows Live\installer\WLSetupSvc.exe" - this reference has been left in place
----------
Key=WmiAcpi
ImagePath=system32\DRIVERS\wmiacpi.sys - this reference has been left in place
----------
Key=WmiApSrv
ImagePath=C:\WINDOWS\system32\wbem\wmiapsrv.exe - this reference has been left in place
----------
Key=WMPNetworkSvc
ImagePath="C:\Program Files\Windows Media Player\WMPNetwk.exe" - this reference has been left in place
----------
Key=WpdUsb
ImagePath=system32\DRIVERS\wpdusb.sys - this reference has been left in place
----------
Key=WS2IFSL
ImagePath=\SystemRoot\System32\drivers\ws2ifsl.sys - this reference has been left in place
----------
Key=WSTCODEC
ImagePath=system32\DRIVERS\WSTCODEC.SYS - this reference has been left in place
----------
Key=WudfPf
ImagePath=system32\DRIVERS\WudfPf.sys - this reference has been left in place
----------
Key=WudfRd
ImagePath=system32\DRIVERS\wudfrd.sys - this reference has been left in place
----------

******************************
16:41:54: Scanning -----VXD ENTRIES-----
Checking VMM32 VxD files being loaded

******************************
16:41:54: Scanning ----- WINLOGON\NOTIFY DLLS -----
Checking DLLs called from the Winlogon\Notify key:
Key=AtiExtEvent
DLLName=Ati2evxx.dll - this reference has been left in place
----------
Key=crypt32chain
DLLName=crypt32.dll - this reference has been left in place
----------
Key=cryptnet
DLLName=cryptnet.dll - this reference has been left in place
----------
Key=cscdll
DLLName=cscdll.dll - this reference has been left in place
----------
Key=ScCertProp
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=Schedule
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=sclgntfy
DLLName=sclgntfy.dll - this reference has been left in place
----------
Key=SensLogn
DLLName=WlNotify.dll - this reference has been left in place
----------
Key=termsrv
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=WgaLogon
DLLName=WgaLogon.dll - this reference has been left in place
----------
Key=wlballoon
DLLName=wlnotify.dll - this reference has been left in place
----------

******************************
16:41:55: Scanning ----- CONTEXTMENUHANDLERS -----
Key = AVG Anti-Spyware
CLSID = {8934FCEF-F5B8-468f-951F-78A921CD3920}
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll - this ContextMenuHandler has been left in place
----------
Key = Fichiers hors connexion
CLSID = {750fdf0e-2a26-11d1-a3ea-080036587f03}
%SystemRoot%\System32\cscui.dll - this ContextMenuHandler has been left in place
----------
Key = Open With
CLSID = {09799AFB-AD67-11d1-ABCD-00C04FC30936}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = Open With EncryptionMenu
CLSID = {A470F8CF-A1E8-4f65-8335-227475AA5C46}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = Trojan Remover
CLSID = {52B87208-9CCF-42C9-B88E-069281105805}
C:\PROGRA~1\TROJAN~1\Trshlex.dll - this ContextMenuHandler has been left in place
----------
Key = WinRAR
CLSID = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
C:\Program Files\WinRARarext.dll - this ContextMenuHandler has been left in place
----------
Key = ZLAVShExt
CLSID = {D9872D13-7651-4471-9EEE-F0A00218BEBB}
C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll - this ContextMenuHandler has been left in place
----------
Key = {23814B80-52A2-11d0-BC1A-004095606CB9}
C:\Program Files\AntivirusFirewall\Common\fpshx.dll - this ContextMenuHandler has been left in place
----------
Key = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------

******************************
16:41:56: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key = {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {24F14F01-7B1C-11d1-838f-0000F80461CF}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {24F14F02-7B1C-11d1-838f-0000F80461CF}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {66742402-F9B9-11D1-A202-0000F81FEDEE}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {7D4D6379-F301-4311-BEBA-E26EB0561882}
C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll - this Folder\ColumnHandler has been left in place
----------
Key = {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll - this Folder\ColumnHandler has been left in place
----------

******************************
16:41:57: Scanning ----- BROWSER HELPER OBJECTS -----
Key = {02478D38-C3F9-4efb-9B51-7695ECA05670}
C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll - this Browser Helper Object has been left in place
----------
Key = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - this Browser Helper Object has been left in place
----------
Key = {3049C3E9-B461-4BC5-8870-4C09146192CA}
C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll - this Browser Helper Object has been left in place
----------
Key = {4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
C:\Program Files\NewDotNet
ewdotnet7_48.dll - this Browser Helper Object has been left in place [file not found to scan]
----------
Key = {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll - this Browser Helper Object has been left in place
----------
Key = {9030D464-4C02-4ABF-8ECC-5164760863C6}
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - this Browser Helper Object has been left in place
----------
Key = {9394EDE7-C8B5-483E-8773-474BF36AF6E4}
C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll - this Browser Helper Object has been left in place
----------
Key = {AA58ED58-01DD-4d91-8333-CF10577473F7}
c:\program files\google\googletoolbar2.dll - this Browser Helper Object has been left in place
----------
Key = {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll - this Browser Helper Object has been left in place
----------
Key = {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll - this Browser Helper Object has been left in place
----------

******************************
16:44:53: Scanning ----- SHELLSERVICEOBJECTS -----
Key = PostBootReminder
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = CDBurn
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = WebCheck
C:\WINDOWS\system32\webcheck.dll - this ShellServiceObject has been left in place
----------
Key = SysTray
C:\WINDOWS\system32\stobject.dll - this ShellServiceObject has been left in place
----------
Key = WPDShServiceObj
C:\WINDOWS\system32\WPDShServiceObj.dll - this ShellServiceObject has been left in place
----------

******************************
16:44:54: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
Value = {438755C2-A8BA-11D1-B96B-00A0C90312E1}
Comment = Pré-chargeur Browseui
File: %SystemRoot%\system32\browseui.dll - this SharedTaskScheduler entry has been left in place
----------
Value = {8C7461EF-2B13-11d2-BE35-3078302C2030}
Comment = Démon de cache des catégories de composant
File: %SystemRoot%\system32\browseui.dll - this SharedTaskScheduler entry has been left in place
----------

******************************
16:44:54: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

******************************
16:44:54: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank

******************************
16:44:54: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
Antivirus Firewall.lnk - this links to C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe and has been left in place
--------------------
desktop.ini - this file is expected and has been left in place
--------------------
HP Digital Imaging Monitor.lnk - this links to C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe and has been left in place
--------------------
Lancement rapide d'Adobe Reader.lnk - this links to C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe and has been left in place
--------------------
Logitech Desktop Messenger.lnk - this links to C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe and has been left in place
--------------------
Microsoft Office.lnk - this links to C:\Program Files\Microsoft Office\Office10\OSA.EXE and has been left in place
--------------------

******************************
No User Startup Groups were located to check

******************************
16:44:55: Scanning ----- SCHEDULED TASKS -----

******************************
16:44:55: ----- EXTRA CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------

******************************
16:44:55: Scanning ------ DOWNLOADED PROGRAM FILES ------
The following files are located in the DOWNLOADED PROGRAM FILES directory:
C:\WINDOWS\Downloaded Program Files\desktop.ini - this file is expected and has been left in place
C:\WINDOWS\Downloaded Program Files\erma.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\ImageUploader4.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\ImageUploader4_5.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\ImageUploader4_5.ocx - this file has been left in place
C:\WINDOWS\Downloaded Program Files\jinstall-6u3.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx - this file has been left in place
C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\MsnPUpld.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\PURen-us.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\purfr-fr.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\swflash.inf - this file has been left in place

******************************
16:44:57: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
--------------------
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
--------------------
C:\WINDOWS\system32\ZoneLabs\isafe.exe
--------------------
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
--------------------
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
--------------------
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
--------------------
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
--------------------
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
--------------------
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
--------------------
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
--------------------
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
--------------------
C:\WINDOWS\System32\FTRTSVC.exe
--------------------
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
--------------------
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
--------------------
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
--------------------
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
--------------------
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
--------------------
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
--------------------
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
--------------------
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
--------------------
C:\WINDOWS\system32\wuauclt.exe
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\WINDOWS\Explorer.EXE
--------------------
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
--------------------
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
--------------------
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
--------------------
C:\WINDOWS\sm56hlpr.exe
--------------------
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
--------------------
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
--------------------
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
--------------------
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
--------------------
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
--------------------
C:\WINDOWS\system32\LVCOMSX.EXE
--------------------
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
--------------------
C:\Program Files\Logitech\Video\LogiTray.exe
--------------------
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
--------------------
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
--------------------
C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
--------------------
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
--------------------
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
--------------------
C:\Program Files\QuickTime\qttask.exe
--------------------
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
--------------------
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
--------------------
C:\WINDOWS\system32\ctfmon.exe
--------------------
C:\Program Files\Logitech\Video\FxSvr2.exe
--------------------
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
--------------------
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
--------------------
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
--------------------
C:\PROGRA~1\Livecom\APPLIC~1\Exe\Livecom.exe
--------------------
C:\PROGRA~1\Wanadoo\ComComp.exe
--------------------
C:\Program Files\Skype\Phone\Skype.exe
--------------------
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
--------------------
C:\PROGRA~1\Wanadoo\Toaster.exe
--------------------
C:\PROGRA~1\Wanadoo\Inactivity.exe
--------------------
C:\PROGRA~1\Wanadoo\PollingModule.exe
--------------------
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
--------------------
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
--------------------
C:\PROGRA~1\Wanadoo\Watch.exe
--------------------
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
--------------------
C:\PROGRA~1\Livecom\APPLIC~1\eConfv4\livecomp.exe
--------------------
C:\Program Files\MSN Messenger\msnmsgr.exe
--------------------
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
--------------------
C:\Documents and Settings\Gaëlle Murcy\Application Data\Simply Super Software\Trojan Remover\swt58.exe
FileSize:          1 782 336
[This is a Trojan Remover component]
--------------------

******************************
16:45:08: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

******************************
16:45:08: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

******************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.google.com/?gws_rd=ssl

******************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 16/04/2008 16:45:08
************************************************************




voilà!

Powax · Answer

J'ai oublié qq instructions pour AVG ... du coup, il a pas supprimé les fichiers infectés

* lance le logiciel

* mets-le à jour

* clique sur l'onglet "Paramètres"

Dans la partie "Comment réagir ?", clique sur "Actions recommandées" et sélectionne Supprimer

* Puis fais l'analyse et poste le nouveau rapport stp

cacahuète · Answer

voilà c'est fait!!!!
le nouveau rapport=

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	18:27:38 17/04/2008

 + Résultat de l'analyse:	



C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050928.exe -> Adware.180Solutions : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050929.exe -> Adware.180Solutions : Aucune action entreprise.
C:\Documents and Settings\Gaëlle Murcy\Mes documents\Mes images\peintures\globalfireworks.exe -> Adware.Gator : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-2347378556-2114766761-2044428692-1007\Dc263\peintures\globalfireworks.exe -> Adware.Gator : Aucune action entreprise.
C:\Documents and Settings\Gaëlle Murcy\Bureau\btfix\BTFix\BTFixBackups\hotewldf.exe -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050934.exe -> Adware.Hotbar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050935.dll -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050936.dll -> Adware.Hotbar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050937.dll -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050938.dll -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050939.exe -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050942.dll -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050943.exe -> Adware.Hotbar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050945.exe -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050947.dll -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050948.dll -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050949.exe -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050950.dll -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050951.dll -> Adware.Hotbar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050952.dll -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050953.dll -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050954.exe -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050955.exe -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050956.dll -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050958.exe -> Adware.Hotbar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050959.exe -> Adware.Hotbar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050961.dll -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050962.dll -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050963.exe -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050964.dll -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050965.dll -> Adware.Hotbar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050966.dll -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050967.dll -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050968.exe -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050969.exe -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050970.dll -> Adware.Hotbar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050971.dll -> Adware.Hotbar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050972.exe -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050973.exe -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050975.exe -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050976.dll -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050977.dll -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050978.exe -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050979.dll -> Adware.Hotbar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050980.exe -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050999.dll -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0051000.dll -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0051001.dll -> Adware.HotBar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0051002.dll -> Adware.Hotbar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0051003.exe -> Adware.Hotbar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0051004.dll -> Adware.Hotbar : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP98\A0065398.exe -> Adware.HotBar : Aucune action entreprise.
C:\Program Files\NewDotNet -> Adware.NewDotNet : Aucune action entreprise.
C:\Program Files\NewDotNet\readme.html -> Adware.NewDotNet : Aucune action entreprise.
C:\Program Files\NewDotNet\uninstall6_38.exe -> Adware.NewDotNet : Aucune action entreprise.
C:\Program Files\NewDotNet\uninstall7_48.exe -> Adware.NewDotNet : Aucune action entreprise.
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Aucune action entreprise.
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Aucune action entreprise.
C:\WINDOWS\NDNuninstall7_48.exe -> Adware.NewDotNet : Aucune action entreprise.
HKLM\SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Aucune action entreprise.
HKLM\SOFTWARE\Classes\Tldctl2.URLLink -> Adware.NewDotNet : Aucune action entreprise.
HKLM\SOFTWARE\Classes\Tldctl2.URLLink.1 -> Adware.NewDotNet : Aucune action entreprise.
HKLM\SOFTWARE\Classes\Tldctl2.URLLink\CLSID -> Adware.NewDotNet : Aucune action entreprise.
HKLM\SOFTWARE\Classes\Tldctl2.URLLink\CurVer -> Adware.NewDotNet : Aucune action entreprise.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Aucune action entreprise.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net -> Adware.NewDotNet : Aucune action entreprise.
HKLM\SOFTWARE\New.net -> Adware.NewDotNet : Aucune action entreprise.
HKU\S-1-5-21-2347378556-2114766761-2044428692-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Aucune action entreprise.
HKU\S-1-5-21-2347378556-2114766761-2044428692-1007\Software\New.net -> Adware.NewDotNet : Aucune action entreprise.
C:\WINDOWS\system32\rk.bin -> Adware.RK : Aucune action entreprise.
C:\WINDOWS\system32\rlvknlg.exe -> Adware.RK : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050944.exe -> Adware.Shopper : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP84\A0050982.dll -> Adware.Shopper : Aucune action entreprise.
C:\Documents and Settings\Gaëlle Murcy\Bureau\btfix\BTFix\BTFixBackups\xqsxomtv.exe -> Not-A-Virus.Adware.180Solutions : Aucune action entreprise.
C:\System Volume Information\_restore{3DE71F8E-CB40-42BA-AA68-D0343A27CBDD}\RP98\A0066391.exe -> Not-A-Virus.Adware.180Solutions : Aucune action entreprise.
C:\Program Files\Global Fireworks Screensaver\GlobalFireworks.exe -> Not-A-Virus.Adware.GAINNetwork : Aucune action entreprise.
C:\Documents and Settings\Gaëlle Murcy\Cookies\gaëlle_murcy@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Aucune action entreprise.
C:\Documents and Settings\Gaëlle Murcy\Cookies\gaëlle_murcy@burstnet[1].txt -> TrackingCookie.Burstnet : Aucune action entreprise.
C:\Documents and Settings\Gaëlle Murcy\Cookies\gaëlle_murcy@data3.perf.overture[1].txt -> TrackingCookie.Overture : Aucune action entreprise.
:mozilla.13:C:\Documents and Settings\Gaëlle Murcy\Application Data\Mozilla\Firefox\Profiles\zlwjngs6.default\cookies.txt -> TrackingCookie.Real : Aucune action entreprise.
:mozilla.14:C:\Documents and Settings\Gaëlle Murcy\Application Data\Mozilla\Firefox\Profiles\zlwjngs6.default\cookies.txt -> TrackingCookie.Real : Aucune action entreprise.
C:\Documents and Settings\Gaëlle Murcy\Cookies\gaëlle_murcy@france.real[2].txt -> TrackingCookie.Real : Aucune action entreprise.
C:\Documents and Settings\Gaëlle Murcy\Cookies\gaëlle_murcy@realguide.real[1].txt -> TrackingCookie.Real : Aucune action entreprise.
C:\Documents and Settings\Gaëlle Murcy\Cookies\gaëlle_murcy@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Aucune action entreprise.
C:\Documents and Settings\Gaëlle Murcy\Cookies\gaëlle_murcy@m.webtrends[2].txt -> TrackingCookie.Webtrends : Aucune action entreprise.
C:\Addon\proginst.exe -> Trojan.Small.gv : Aucune action entreprise.


Fin du rapport

Powax · Answer

Il n'a rien supprimé ; tu as bien fait:clique sur l'onglet "Paramètres"

Dans la partie "Comment réagir ?", clique sur "Actions recommandées" et sélectionne Supprimer?

cacahuète · Answer

oui c'est ce que j'ai fait!!!
bon , attend alors , je recommence!^^

Virus lien photo

12 réponses

Votre réponse

Discussions similaires

Newsletters