Je veux desinstaller mirar

| עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español | English
Virustotal est un service qui analyse les fichiers suspects et facilite la détection rapide des virus, vers, chevaux de Troie et toutes sortes de malwares détectés par les moteurs antivirus. Plus d'informations...
Fichier ncntlkdm.exe reçu le 2008.05.21 10:25:09 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE


Résultat: 22/32 (68.75%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 1.
L'heure estimée de démarrage est entre 37 et 52 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:


Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.5.20.0 2008.05.21 -
AntiVir 7.8.0.19 2008.05.21 ADSPY/ZenoSearch.BC.1
Authentium 5.1.0.4 2008.05.21 -
Avast 4.8.1195.0 2008.05.21 Win32:ZenoSearch
AVG 7.5.0.516 2008.05.20 Adware Generic3.CYT
BitDefender 7.2 2008.05.21 Backdoor.Bot.14544
CAT-QuickHeal 9.50 2008.05.19 AdWare.ZenoSearch.bc (Not a Virus)
ClamAV 0.92.1 2008.05.21 Adware.Zeno-19
DrWeb 4.44.0.09170 2008.05.21 Adware.Hotbot.origin
eSafe 7.0.15.0 2008.05.20 -
eTrust-Vet 31.4.5808 2008.05.21 -
Ewido 4.0 2008.05.20 Not-A-Virus.Adware.ZenoSearch
F-Prot 4.4.2.54 2008.05.16 W32/ZenoSearch.B.gen!Eldorado
F-Secure 6.70.13260.0 2008.05.21 -
Fortinet 3.14.0.0 2008.05.21 Adware/ZenoSearch
GData 2.0.7306.1023 2008.05.21 Win32:ZenoSearch
Ikarus T3.1.1.26.0 2008.05.21 AdWare.Win32.ZenoSearch
Kaspersky 7.0.0.125 2008.05.21 not-a-virus:AdWare.Win32.ZenoSearch.bc
McAfee 5299 2008.05.20 potentially unwanted program Adware-Zeno
Microsoft 1.3520 2008.05.21 Adware:Win32/ZenoSearch
NOD32v2 3115 2008.05.20 -
Norman 5.80.02 2008.05.20 W32/ZenoSearch.DY
Panda 9.0.0.4 2008.05.21 Adware/Zenosearch
Prevx1 V2 2008.05.21 Adware
Rising 20.45.12.00 2008.05.20 -
Sophos 4.29.0 2008.05.21 ZenoSearch
Sunbelt 3.0.1123.1 2008.05.17 -
Symantec 10 2008.05.21 Adware.ZenoSearch
TheHacker 6.2.92.314 2008.05.20 -
VBA32 3.12.6.6 2008.05.20 AdWare.Win32.ZenoSearch.bc
VirusBuster 4.3.26:9 2008.05.20 -
Webwasher-Gateway 6.6.2 2008.05.21 Ad-Spyware.ZenoSearch.BC.1
Information additionnelle
File size: 200774 bytes
MD5...: 141843d8e2e6c8b047f10ae9c6cc3e7f
SHA1..: 1cb0ccc69fc5949c954c0455e50f47cc2c526503
SHA256: 29b20a786f50213e9df66c8126a05c030a21bf4ae42df09fc51f137e44097281
SHA512: 10492caa1f26683c9604d534e59c2c869e8058e4d23483fed72d918c11bb71b9
806a29ac86eb938a60736b9cb2083429b9aa2d4d1740ea2b8d536924a6727a75
PEiD..: Armadillo v1.71
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x418838
timedatestamp.....: 0x4821b35a (Wed May 07 13:49:14 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1b285 0x1c000 6.12 19c76ef9202fb9612fd309112920ecb9
.rdata 0x1d000 0x8652 0x9000 4.97 ccf55491777d44fed1483bc2910d49a6
.data 0x26000 0x7470 0x5000 5.78 c084e491c292acec37647e2175ff6701
.rsrc 0x2e000 0x5840 0x6000 3.37 0ea04674e9a8622d8f3b2a7e36e60e4d

( 10 imports )
> WININET.dll: InternetGetLastResponseInfoA, InternetOpenUrlA, InternetOpenA, InternetReadFile
> MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> MSVCRT.dll: _controlfp, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, _XcptFilter, _exit, __1type_info@@UAE@XZ, _onexit, __dllonexit, _purecall, strlen, toupper, exit, strrchr, memset, _stricmp, _setmbcp, __CxxFrameHandler, _mbscmp, rand, _ftol, srand, time, atoi, memcpy, _CxxThrowException
> KERNEL32.dll: GetTickCount, GetCurrentThreadId, lstrlenA, Sleep, CreateFileA, GetProcAddress, LoadLibraryA, FreeLibrary, lstrcmpiA, CreateMutexA, GetSystemDirectoryA, lstrlenW, GetLastError, WaitForSingleObject, OpenProcess, SetLastError, WideCharToMultiByte, HeapFree, HeapAlloc, DeleteFileA, lstrcmpA, MoveFileA, GetFileAttributesA, GetModuleHandleA, GetStartupInfoA, TerminateProcess, GetVolumeInformationA, MultiByteToWideChar, GetFullPathNameA, LocalFree, lstrcpyA, GetModuleFileNameA, WriteFile, CloseHandle
> USER32.dll: OffsetRect, ClientToScreen, SetTimer, GetClientRect, GetWindowRect, SetForegroundWindow, AttachThreadInput, GetSystemMetrics, KillTimer, GetWindowThreadProcessId, PostMessageA, EnumWindows, GetWindowTextLengthA, GetWindowTextA, IsWindow, GetForegroundWindow, EnableWindow, SetWindowTextA
> GDI32.dll: CreateFontA
> ADVAPI32.dll: RegDeleteKeyA, RegQueryValueExA, RegCreateKeyExA, RegDeleteValueA, RegSetValueExA, RegCloseKey, RegOpenKeyExA
> SHELL32.dll: SHGetSpecialFolderLocation, SHGetPathFromIDListA
> ole32.dll: CoUninitialize, CoCreateInstance, OleRun
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -

( 0 exports )

Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=FE43955846E74DAF104C03096B6A7F00D1F94095


ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.

VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com

bonjour,je te colle le rapport demandé.


BitDefender Online Scanner



Scan report generated at: Thu, May 22, 2008 - 00:12:45





Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;







Statistics

Time
01:47:58

Files
573667

Folders
12420

Boot Sectors
5

Archives
22748

Packed Files
22278




Results

Identified Viruses
16

Infected Files
36

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
36




Engines Info

Virus Definitions
1213623

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
16

Archive plugins
42

Unpack plugins
7

E-mail plugins
6

System plugins
5




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\sdfix\SDFix\backups\backups.zip=>backups/asappsrv.dll
Detected with: Adware.CommAd.A

C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\sdfix\SDFix\backups\backups.zip=>backups/asappsrv.dll
Deleted

C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\sdfix\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\sdfix\SDFix\backups\backups.zip=>backups/command.exe
Infected with: Trojan.Generic.107114

C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\sdfix\SDFix\backups\backups.zip=>backups/command.exe
Deleted

C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\sdfix\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\sdfix\SDFix\backups\backups.zip=>backups/iifgDwuU.dll
Infected with: Trojan.Vundo.END

C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\sdfix\SDFix\backups\backups.zip=>backups/iifgDwuU.dll
Deleted

C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\sdfix\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\sdfix\SDFix\backups\backups.zip=>backups/netmon.exe
Detected with: Adware.CommAd.A

C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\sdfix\SDFix\backups\backups.zip=>backups/netmon.exe
Deleted

C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\sdfix\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\sdfix\SDFix\backups\backups.zip=>backups/pac.txt
Infected with: Trojan.Downloader.VB.VPG

C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\sdfix\SDFix\backups\backups.zip=>backups/pac.txt
Deleted

C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\sdfix\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\sdfix\SDFix\backups\backups.zip=>backups/s0.vbs
Detected with: Adware.Isearch.D

C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\sdfix\SDFix\backups\backups.zip=>backups/s0.vbs
Deleted

C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\sdfix\SDFix\backups\backups.zip
Updated

C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\sdfix\SDFix\backups\backups.zip=>backups/uninstall_nmon.vbs
Infected with: Trojan.Small.WY

C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\sdfix\SDFix\backups\backups.zip=>backups/uninstall_nmon.vbs
Deleted

C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\sdfix\SDFix\backups\backups.zip
Updated

C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\g18.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: MemScan:Adware.Rotator.B

C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\g18.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted

C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\g18.exe=>(NSIS o)
Update failed

C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\lqrqibcu.exe
Infected with: Trojan.PrivacySet.A

C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\lqrqibcu.exe
Disinfection failed

C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\lqrqibcu.exe
Deleted

C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\olmukalt.exe
Infected with: Trojan.PrivacySet.A

C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\olmukalt.exe
Disinfection failed

C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\olmukalt.exe
Deleted

C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\qpurdosa.exe
Infected with: Trojan.PrivacySet.A

C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\qpurdosa.exe
Disinfection failed

C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\qpurdosa.exe
Deleted

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP135\A0019690.dll
Infected with: MemScan:Adware.Vundo.BE

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP135\A0019690.dll
Deleted

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP135\A0019691.dll
Infected with: MemScan:Adware.Vundo.BE

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP135\A0019691.dll
Deleted

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP135\A0019728.dll
Detected with: Adware.BHO.WRG

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP135\A0019728.dll
Deleted

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP136\A0020045.vbs
Detected with: Adware.Isearch.D

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP136\A0020045.vbs
Deleted

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP136\A0020079.exe
Infected with: Trojan.Retapu.D

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP136\A0020079.exe
Disinfection failed

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP136\A0020079.exe
Deleted

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP136\A0020080.exe
Infected with: Trojan.Downloader.Matcash.J

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP136\A0020080.exe
Disinfection failed

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP136\A0020080.exe
Deleted

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP136\A0020081.exe
Infected with: Trojan.Downloader.Matcash.J

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP136\A0020081.exe
Disinfection failed

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP136\A0020081.exe
Deleted

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP137\A0020312.exe
Infected with: Generic.Zeno.0100E940

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP137\A0020312.exe
Disinfection failed

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP137\A0020312.exe
Deleted

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP137\A0020313.exe
Infected with: Backdoor.Bot.14544

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP137\A0020313.exe
Deleted

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP137\A0020314.exe
Infected with: Backdoor.Bot.14544

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP137\A0020314.exe
Deleted

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP138\A0020398.exe
Infected with: Trojan.PrivacySet.A

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP138\A0020398.exe
Disinfection failed

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP138\A0020398.exe
Deleted

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP138\A0020399.exe
Infected with: Trojan.PrivacySet.A

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP138\A0020399.exe
Disinfection failed

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP138\A0020399.exe
Deleted

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP138\A0020400.exe
Infected with: Trojan.PrivacySet.A

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP138\A0020400.exe
Disinfection failed

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP138\A0020400.exe
Deleted

C:\WINDOWS\pack.epk=>(NSIS 2g)=>lzma_solid_nsis0006
Detected with: Adware.Navipromo.BC

C:\WINDOWS\pack.epk=>(NSIS 2g)=>lzma_solid_nsis0006
Deleted

C:\WINDOWS\pack.epk=>(NSIS 2g)
Update failed

C:\WINDOWS\pack.epk=>(NSIS 2g)=>lzma_solid_nsis0009
Infected with: Backdoor.Skinymes.Agent.A

C:\WINDOWS\pack.epk=>(NSIS 2g)=>lzma_solid_nsis0009
Deleted

C:\WINDOWS\pack.epk=>(NSIS 2g)
Update failed

C:\WINDOWS\pack.epk=>(NSIS 2g)=>lzma_solid_nsis0028=>(NSIS g)=>lzma_solid_nsis0005
Detected with: Adware.Navipromo.BC

C:\WINDOWS\pack.epk=>(NSIS 2g)=>lzma_solid_nsis0028=>(NSIS g)=>lzma_solid_nsis0005
Deleted

C:\WINDOWS\pack.epk=>(NSIS 2g)=>lzma_solid_nsis0028=>(NSIS g)
Update failed

C:\WINDOWS1\system32\3056v\Wvram13.exe
Infected with: Generic.Zeno.0100E940

C:\WINDOWS1\system32\3056v\Wvram13.exe
Disinfection failed

C:\WINDOWS1\system32\3056v\Wvram13.exe
Deleted

C:\WINDOWS1\system32\dlsjuybn.dll
Infected with: Trojan.Vundo.END

C:\WINDOWS1\system32\dlsjuybn.dll
Deleted

C:\WINDOWS1\system32\eitketcm.dll
Infected with: Trojan.Vundo.END

C:\WINDOWS1\system32\eitketcm.dll
Deleted

C:\WINDOWS1\system32\fvohlyic.exe
Infected with: Trojan.PrivacySet.A

C:\WINDOWS1\system32\fvohlyic.exe
Disinfection failed

C:\WINDOWS1\system32\fvohlyic.exe
Deleted

C:\WINDOWS1\system32\gside.exe=>(NSIS o)=>bzip2_solid_nsis0002
Detected with: Adware.BHO.WRG

C:\WINDOWS1\system32\gside.exe=>(NSIS o)=>bzip2_solid_nsis0002
Deleted

C:\WINDOWS1\system32\gside.exe=>(NSIS o)
Update failed

C:\WINDOWS1\system32\jkwnw64k.exe
Infected with: Generic.Zeno.0100E940

C:\WINDOWS1\system32\jkwnw64k.exe
Disinfection failed

C:\WINDOWS1\system32\jkwnw64k.exe
Deleted

C:\WINDOWS1\system32\kxytnkig.dll
Infected with: Trojan.Vundo.END

C:\WINDOWS1\system32\kxytnkig.dll
Deleted

C:\WINDOWS1\system32\owjhxbdg.dll
Infected with: Trojan.Vundo.END

C:\WINDOWS1\system32\owjhxbdg.dll
Deleted

C:\WINDOWS1\system32\vnnapwuy.exe
Infected with: Trojan.PrivacySet.A

C:\WINDOWS1\system32\vnnapwuy.exe
Disinfection failed

C:\WINDOWS1\system32\vnnapwuy.exe
Deleted

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:00:31, on 22/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\Ati2evxx.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\system32\Ati2evxx.exe
C:\WINDOWS1\Explorer.EXE
C:\WINDOWS1\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS1\system32\HPZipm12.exe
C:\WINDOWS1\system32\svchost.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro\vk_service.exe
C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
C:\WINDOWS1\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS1\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS1\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro\viruskeeper.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {8b7d47ec-fdf8-8f8a-2c84-4184b2cbec8a} - {a8cebc2b-4814-48c2-a8f8-8fdfce74d7b8} - C:\WINDOWS1\system32\oqrrajqo.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro\VirusKeeper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\Program Files\AxBx\VirusKeeper 2008 Pro\Quarantaine\ncntlkdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS1\system32\rwwnw64d.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS1\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS1\bdoscandel.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS1\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS1\system32\ati2sgag.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS1\System32\FTRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS1\system32\HPZipm12.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2008 Pro\vk_service.exe

Search Navipromo version 3.5.7 commencé le 22/05/2008 à 8:23:40,09

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "pc"

Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS1" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1.win\applic~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1.win\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\pc\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\H5456\applic~1" ***

...\MessengerSkinner trouvé !

*** Recherche dossiers dans "C:\Documents and Settings\pc\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\H5456\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\pc\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\H5456\menudm~1\progra~1" ***

...\MessengerSkinner trouvé !
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS1\system32" *

* Recherche dans "C:\Documents and Settings\pc\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\H5456\locals~1\applic~1" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS1\system32" :


* Dans "C:\Documents and Settings\pc\locals~1\applic~1" :


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


* Dans "C:\DOCUME~1\H5456\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 22/05/2008 à 8:34:18,82 ***
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 722

Type de recherche: Examen rapide
Eléments examinés: 60079
Temps écoulé: 11 minute(s), 12 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS1\system32\jkkKabbA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\AbbaKkkj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\{321ef3c3-2dec-97d5-7c96-b96f7805d764}.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\{bb6b0ce1-9426-f927-8ca0-f8cf6811368c}.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\zxdnt3d.cfg. (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.

je dois a nouveau partir,je m'en occupe des que je reviens!!

u la mais pour peu de temps!
Clean Navipromo version 3.5.7 commencé le 22/05/2008 à 15:54:51,29

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "pc"

Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS

Mode suppression automatique
sans prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur



*** Suppression dossiers dans "C:\WINDOWS1" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1.win\applic~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1.win\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\pc\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\H5456\applic~1" ***

...\MessengerSkinner ...suppression...
...\MessengerSkinner supprimé !


*** Suppression dossiers dans "C:\Documents and Settings\pc\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\H5456\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\pc\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\H5456\menudm~1\progra~1" ***

...\MessengerSkinner ...suppression...
...\MessengerSkinner supprimé !



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS1\Temp effectué !
Nettoyage contenu C:\Documents and Settings\pc\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS1\system32" *


* Dans "C:\Documents and Settings\pc\locals~1\applic~1" *


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *


* Dans "C:\DOCUME~1\H5456\locals~1\applic~1" *


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 22/05/2008 à 15:57:05,96 ***

bonjour,
ComboFix 08-05-21.3 - pc 2008-05-23 6:57:09.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.646 [GMT 2:00]
Endroit: C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\combofix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\H5456\Application Data\FunWebProducts
C:\Program Files\Google\googletoolbar1.dll
C:\Program Files\iMeshBar
C:\Program Files\iMeshBar\bar\History\search
C:\WINDOWS1\BM834990b6.xml
C:\WINDOWS1\cookies.ini
C:\WINDOWS1\pskt.ini
C:\WINDOWS1\system32\jcaqynax.ini
C:\WINDOWS1\system32\lqoohfay.ini
C:\WINDOWS1\system32\mcrh.tmp
C:\WINDOWS1\system32\MSINET.oca
C:\WINDOWS1\system32\ogclybbv.ini
C:\WINDOWS1\system32\ssgiptpd.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-23 to 2008-05-23 ))))))))))))))))))))))))))))))))))))
.

2008-05-23 02:56 . 2008-05-23 03:00 725,031,072 --a------ C:\Coup De Foudre A Notting Hill - Julia Roberts-Hugh Grant - DVD Rip Francais.avi
2008-05-23 02:48 . 2008-05-23 02:55 732,745,728 --a------ C:\Confessions D'un Homme Dangereux - Fran‡ais (George Clooney,Julia Roberts,Brad Pitt,Drue Barrymore,Matt Damon) Dvdrip Divx.avi
2008-05-22 21:34 . 2008-05-23 04:38 700,155,904 --a------ C:\La V‚rit‚ Si Je Mens.avi
2008-05-22 07:12 . 2007-04-11 10:23 35,328 --a------ C:\WINDOWS1\system32\drivers\Capt905c.sys
2008-05-22 07:12 . 2007-04-09 14:54 25,216 --a------ C:\WINDOWS1\system32\drivers\Camd905c.sys
2008-05-21 22:20 . 2008-05-22 00:12 <REP> d-------- C:\WINDOWS1\BDOSCAN8
2008-05-21 20:48 . 2008-05-21 20:48 <REP> d-------- C:\Program Files\CCleaner
2008-05-21 09:22 . 2008-05-21 14:20 716,974,080 --a------ C:\Cocktail ( Tom Cruise) DVDRIP FR.avi
2008-05-21 09:22 . 2008-05-21 13:47 698,900,480 --a------ C:\Dirty Dancing (1987) [Divx].avi
2008-05-21 09:21 . 2008-05-21 14:47 725,630,976 --a------ C:\Film - Tom Cruise - Top Gun - Fr.avi
2008-05-20 18:17 . 2008-05-20 18:17 <REP> d-------- C:\WINDOWS1\system32\Kaspersky Lab
2008-05-20 15:05 . 2008-05-20 15:05 847 --a------ C:\WINDOWS1\system32\winpfz33.sys
2008-05-20 09:13 . 2008-05-21 21:57 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-20 09:13 . 2008-05-20 09:13 <REP> d-------- C:\Documents and Settings\pc\Application Data\Malwarebytes
2008-05-20 09:13 . 2008-05-20 09:13 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Malwarebytes
2008-05-20 09:13 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS1\system32\drivers\mbamcatchme.sys
2008-05-20 09:13 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS1\system32\drivers\mbam.sys
2008-05-20 08:23 . 2008-05-20 08:23 <REP> d-------- C:\WINDOWS1\ERUNT
2008-05-20 07:51 . 2008-05-17 02:23 <REP> d-------- C:\SDFix
2008-05-19 22:25 . 2008-05-20 06:46 4,078 --a------ C:\WINDOWS1\system32\tmp.reg
2008-05-19 22:22 . 2008-02-10 02:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-05-19 22:22 . 2008-02-10 02:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-05-19 22:22 . 2008-02-10 01:32 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-05-19 22:22 . 2008-02-10 02:00 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-05-19 22:22 . 2008-02-10 02:00 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-05-19 22:22 . 2008-02-10 02:00 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-05-19 22:22 . 2008-02-10 02:00 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-05-19 22:22 . 2008-05-19 22:22 <REP> d-------- C:\Documents and Settings\Administrateur
2008-05-19 18:24 . 2008-05-20 15:02 95,232 --------- C:\WINDOWS1\system32\hvpoyuma.dll
2008-05-19 18:07 . 2008-05-20 15:03 109,056 --------- C:\WINDOWS1\system32\mylbiima.dll
2008-05-19 08:56 . 2008-05-19 08:56 118,784 --a------ C:\WINDOWS1\system32\oqrrajqo.dll
2008-05-19 07:15 . 2008-05-19 07:15 118,784 --a------ C:\WINDOWS1\system32\svxnufoe.dll
2008-05-18 19:25 . 2008-05-18 19:25 <REP> d-------- C:\Sun
2008-05-18 19:15 . 2008-05-22 15:57 <REP> d-------- C:\Program Files\Navilog1
2008-05-18 18:04 . 2008-05-18 18:04 <REP> d-------- C:\Program Files\Trend Micro
2008-05-17 22:26 . 2008-05-17 22:26 118,784 --a------ C:\WINDOWS1\system32\evromfqc.dll
2008-05-17 19:11 . 2008-05-17 19:11 <REP> d-------- C:\Documents and Settings\pc\Application Data\DefenseNetSurfage
2008-05-17 19:06 . 2008-05-20 15:03 <REP> d-------- C:\Program Files\Fichiers communs\DefenseNetSurfage
2008-05-17 19:06 . 2008-05-17 19:06 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS1\Application Data\DefenseNetSurfage
2008-05-17 19:05 . 2008-05-17 19:05 255,000 --a------ C:\Documents and Settings\pc\Application Data\installer_fr[1].exe
2008-05-16 22:24 . 2008-05-16 22:24 118,784 --a------ C:\WINDOWS1\system32\cfjhymjp.dll
2008-05-16 20:04 . 2007-09-25 00:31 69,632 --a------ C:\WINDOWS1\system32\javacpl.cpl
2008-05-16 10:13 . 2008-05-16 10:13 298,312 --a------ C:\WINDOWS1\system32\gside.exe
2008-05-16 09:53 . 2008-05-20 08:37 <REP> d-------- C:\WINDOWS1\Yg
2008-05-16 09:52 . 2008-05-20 15:03 <REP> d-------- C:\WINDOWS1\system32\rDA
2008-05-16 09:52 . 2008-05-20 15:03 <REP> d-------- C:\WINDOWS1\system32\emL1
2008-05-16 09:52 . 2008-05-22 00:09 <REP> d-------- C:\WINDOWS1\system32\3056v
2008-05-16 09:52 . 2008-05-20 08:44 <REP> d-------- C:\Temp
2008-05-09 11:46 . 1996-10-29 11:29 29,732 --a------ C:\WINDOWS1\system\HYENA.TTF
2008-05-09 11:42 . 2008-05-09 12:00 579 --a------ C:\WINDOWS1\7thlevel.ini
2008-05-03 21:00 . 2008-05-16 10:06 <REP> d-------- C:\Documents and Settings\pc\Application Data\Azureus
2008-05-03 21:00 . 2008-05-03 21:00 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Azureus
2008-05-03 20:44 . 2008-05-15 08:13 <REP> d-------- C:\Program Files\Azureus
2008-05-02 22:37 . 2008-05-02 22:37 <REP> d-------- C:\Program Files\LiveCAD
2008-05-02 21:24 . 2008-05-02 21:24 <REP> d-------- C:\Documents and Settings\pc\Application Data\Anuman Interactive

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 05:04 --------- d-----w C:\Program Files\Wanadoo
2008-05-23 04:57 --------- d-----w C:\Program Files\Google
2008-05-22 18:13 --------- d-----w C:\Documents and Settings\pc\Application Data\LimeWire
2008-05-22 05:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-19 06:00 --------- d-----w C:\Program Files\eMule
2008-05-18 19:42 --------- d-----w C:\Documents and Settings\pc\Application Data\OpenOffice.org2
2008-05-17 18:58 --------- d-----w C:\Program Files\Free Easy Burner
2008-05-16 18:40 --------- d-----w C:\Program Files\LimeWire
2008-04-21 19:44 --------- d-----w C:\Program Files\7-Zip
2008-04-17 05:57 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-04-15 17:58 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-09 13:13 --------- d-----w C:\Program Files\AxBx
2008-04-09 12:41 --------- d-----w C:\Program Files\SweetIM
2008-04-02 04:37 --------- d-----w C:\Documents and Settings\All Users.WINDOWS1\Application Data\SweetIM
2008-04-02 04:26 --------- d-----w C:\Program Files\Free Audio Pack
2008-03-29 07:12 --------- d-----w C:\Program Files\AVIConverter
2008-03-29 07:08 --------- d-----w C:\Program Files\Ultra AVI Converter
2008-03-29 07:05 --------- d-----w C:\Program Files\SLD Codec Pack
2008-03-29 06:47 --------- d-----w C:\Program Files\MyMPxPlayer.org
2008-03-28 16:58 --------- d-----w C:\Documents and Settings\pc\Application Data\Image Zone Express
2008-03-28 16:35 --------- d-----w C:\Program Files\MP4 Converter
2008-03-28 16:34 --------- d-----w C:\Program Files\DivX
2008-03-28 16:20 --------- d-----w C:\Program Files\FairUse Wizard 2
2008-03-28 16:00 --------- d-----w C:\Program Files\Allok Video to MP4 Converter
2008-03-28 15:41 --------- d-----w C:\Program Files\WinAVI MP4 Converter
2008-03-27 17:11 39,032 -c--a-w C:\Documents and Settings\pc\Application Data\GDIPFONTCACHEV1.DAT
2007-12-20 19:54 87,240 -c--a-w C:\Documents and Settings\H5456\Application Data\GDIPFONTCACHEV1.DAT
2008-01-04 21:58 479,232 -c--a-w C:\Program Files\mozilla firefox\plugins\msvcm80.dll
2008-01-04 21:58 548,864 -c--a-w C:\Program Files\mozilla firefox\plugins\msvcp80.dll
2008-01-04 21:58 626,688 -c--a-w C:\Program Files\mozilla firefox\plugins\msvcr80.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a8cebc2b-4814-48c2-a8f8-8fdfce74d7b8}]
2008-05-19 08:56 118784 --a------ C:\WINDOWS1\system32\oqrrajqo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS1\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 15:50 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-15 21:04 2879488 C:\WINDOWS1\SkyTel.exe]
"AsusServiceProvider"="C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe" [2006-10-22 23:28 593920]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe" [2006-10-29 18:07 362496]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-11 19:58 16264192 C:\WINDOWS1\RTHDCPL.exe]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"VirusKeeper"="C:\Program Files\AxBx\VirusKeeper 2008 Pro\VirusKeeper.exe" [2008-05-21 11:43 2878320]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS1\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS1\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\SAGEM WiFi manager\\WLANUTL.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1818:UDP"= 1818:UDP:Windows Media Format SDK (WOOBrowser.exe)
"1819:UDP"= 1819:UDP:Windows Media Format SDK (WOOBrowser.exe)

R2 vkservice;VirusKeeper antivirus/antispyware;C:\Program Files\AxBx\VirusKeeper 2008 Pro\vk_service.exe [2008-05-14 11:58]
R3 Cap713x;Cap713x Video Capture;C:\WINDOWS1\system32\DRIVERS\Cap713x.sys [2004-10-08 17:58]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS1\system32\DRIVERS\WlanBZXP.sys [2005-12-22 15:45]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS1\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS1\system32\DRIVERS\se59bus.sys [2006-09-05 22:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS1\system32\DRIVERS\se59mdfl.sys [2006-09-05 22:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS1\system32\DRIVERS\se59mdm.sys [2006-09-05 22:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS1\system32\DRIVERS\se59mgmt.sys [2006-09-05 22:08]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS1\system32\DRIVERS\se59obex.sys [2006-09-05 22:09]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS1\system32\ZDCndis5.SYS []

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-17 15:41:00 C:\WINDOWS1\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-23 07:04:35
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS1\system32\ati2evxx.exe
C:\WINDOWS1\system32\ati2evxx.exe
C:\WINDOWS1\system32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS1\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS1\system32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS1\system32\msiexec.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-23 7:08:12 - machine was rebooted [pc]
ComboFix-quarantined-files.txt 2008-05-23 05:08:09

Pre-Run: 47,288,143,872 octets libres
Post-Run: 47,571,689,472 octets libres

220 --- E O F --- 2008-05-16 06:34:22

bonjour,
j'espereComboFix 08-05-21.3 - pc 2008-05-23 19:53:54.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.709 [GMT 2:00]
Endroit: C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\combofix.exe
Command switches used :: C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\CFscript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\WINDOWS1\system32\cfjhymjp.dll
C:\WINDOWS1\system32\evromfqc.dll
C:\WINDOWS1\system32\hvpoyuma.dll
C:\WINDOWS1\system32\mylbiima.dll
C:\WINDOWS1\system32\oqrrajqo.dll
C:\WINDOWS1\system32\svxnufoe.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users.WINDOWS1\Application Data\DefenseNetSurfage
C:\Documents and Settings\All Users.WINDOWS1\Application Data\DefenseNetSurfage\Abbr
C:\Documents and Settings\All Users.WINDOWS1\Application Data\DefenseNetSurfage\prod_code
C:\Documents and Settings\pc\Application Data\DefenseNetSurfage
C:\Documents and Settings\pc\Application Data\DefenseNetSurfage\Logs\update.log
C:\Documents and Settings\pc\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
C:\Documents and Settings\pc\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
C:\WINDOWS1\system32\cfjhymjp.dll
C:\WINDOWS1\system32\evromfqc.dll
C:\WINDOWS1\system32\hvpoyuma.dll
C:\WINDOWS1\system32\mylbiima.dll
C:\WINDOWS1\system32\oqrrajqo.dll
C:\WINDOWS1\system32\svxnufoe.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-23 to 2008-05-23 ))))))))))))))))))))))))))))))))))))
.

2008-05-23 02:56 . 2008-05-23 03:00 725,031,072 --a------ C:\Coup De Foudre A Notting Hill - Julia Roberts-Hugh Grant - DVD Rip Francais.avi
2008-05-23 02:48 . 2008-05-23 02:55 732,745,728 --a------ C:\Confessions D'un Homme Dangereux - Français (George Clooney,Julia Roberts,Brad Pitt,Drue Barrymore,Matt Damon) Dvdrip Divx.avi
2008-05-22 21:34 . 2008-05-23 04:38 700,155,904 --a------ C:\La Vérité Si Je Mens.avi
2008-05-22 07:12 . 2007-04-11 10:23 35,328 --a------ C:\WINDOWS1\system32\drivers\Capt905c.sys
2008-05-22 07:12 . 2007-04-09 14:54 25,216 --a------ C:\WINDOWS1\system32\drivers\Camd905c.sys
2008-05-21 22:20 . 2008-05-22 00:12 <REP> d-------- C:\WINDOWS1\BDOSCAN8
2008-05-21 20:48 . 2008-05-21 20:48 <REP> d-------- C:\Program Files\CCleaner
2008-05-21 09:22 . 2008-05-21 14:20 716,974,080 --a------ C:\Cocktail ( Tom Cruise) DVDRIP FR.avi
2008-05-21 09:22 . 2008-05-21 13:47 698,900,480 --a------ C:\Dirty Dancing (1987) [Divx].avi
2008-05-21 09:21 . 2008-05-21 14:47 725,630,976 --a------ C:\Film - Tom Cruise - Top Gun - Fr.avi
2008-05-20 18:17 . 2008-05-20 18:17 <REP> d-------- C:\WINDOWS1\system32\Kaspersky Lab
2008-05-20 15:05 . 2008-05-20 15:05 847 --a------ C:\WINDOWS1\system32\winpfz33.sys
2008-05-20 09:13 . 2008-05-21 21:57 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-20 09:13 . 2008-05-20 09:13 <REP> d-------- C:\Documents and Settings\pc\Application Data\Malwarebytes
2008-05-20 09:13 . 2008-05-20 09:13 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Malwarebytes
2008-05-20 09:13 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS1\system32\drivers\mbamcatchme.sys
2008-05-20 09:13 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS1\system32\drivers\mbam.sys
2008-05-20 08:23 . 2008-05-20 08:23 <REP> d-------- C:\WINDOWS1\ERUNT
2008-05-20 07:51 . 2008-05-17 02:23 <REP> d-------- C:\SDFix
2008-05-19 22:25 . 2008-05-20 06:46 4,078 --a------ C:\WINDOWS1\system32\tmp.reg
2008-05-19 22:22 . 2008-02-10 02:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-05-19 22:22 . 2008-02-10 02:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-05-19 22:22 . 2008-02-10 01:32 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-05-19 22:22 . 2008-02-10 02:00 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-05-19 22:22 . 2008-02-10 02:00 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-05-19 22:22 . 2008-02-10 02:00 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-05-19 22:22 . 2008-02-10 02:00 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-05-19 22:22 . 2008-05-19 22:22 <REP> d-------- C:\Documents and Settings\Administrateur
2008-05-18 19:25 . 2008-05-18 19:25 <REP> d-------- C:\Sun
2008-05-18 19:15 . 2008-05-22 15:57 <REP> d-------- C:\Program Files\Navilog1
2008-05-18 18:04 . 2008-05-18 18:04 <REP> d-------- C:\Program Files\Trend Micro
2008-05-17 19:05 . 2008-05-17 19:05 255,000 --a------ C:\Documents and Settings\pc\Application Data\installer_fr[1].exe
2008-05-16 20:04 . 2007-09-25 00:31 69,632 --a------ C:\WINDOWS1\system32\javacpl.cpl
2008-05-16 10:13 . 2008-05-16 10:13 298,312 --a------ C:\WINDOWS1\system32\gside.exe
2008-05-16 09:53 . 2008-05-20 08:37 <REP> d-------- C:\WINDOWS1\Yg
2008-05-16 09:52 . 2008-05-20 15:03 <REP> d-------- C:\WINDOWS1\system32\rDA
2008-05-16 09:52 . 2008-05-20 15:03 <REP> d-------- C:\WINDOWS1\system32\emL1
2008-05-16 09:52 . 2008-05-22 00:09 <REP> d-------- C:\WINDOWS1\system32\3056v
2008-05-16 09:52 . 2008-05-20 08:44 <REP> d-------- C:\Temp
2008-05-09 11:46 . 1996-10-29 11:29 29,732 --a------ C:\WINDOWS1\system\HYENA.TTF
2008-05-09 11:42 . 2008-05-09 12:00 579 --a------ C:\WINDOWS1\7thlevel.ini
2008-05-03 21:00 . 2008-05-16 10:06 <REP> d-------- C:\Documents and Settings\pc\Application Data\Azureus
2008-05-03 21:00 . 2008-05-03 21:00 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Azureus
2008-05-03 20:44 . 2008-05-15 08:13 <REP> d-------- C:\Program Files\Azureus
2008-05-02 22:37 . 2008-05-02 22:37 <REP> d-------- C:\Program Files\LiveCAD
2008-05-02 21:24 . 2008-05-02 21:24 <REP> d-------- C:\Documents and Settings\pc\Application Data\Anuman Interactive

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 17:52 --------- d-----w C:\Program Files\Wanadoo
2008-05-23 06:38 --------- d-----w C:\Documents and Settings\pc\Application Data\LimeWire
2008-05-23 04:57 --------- d-----w C:\Program Files\Google
2008-05-22 05:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-19 06:00 --------- d-----w C:\Program Files\eMule
2008-05-18 19:42 --------- d-----w C:\Documents and Settings\pc\Application Data\OpenOffice.org2
2008-05-17 18:58 --------- d-----w C:\Program Files\Free Easy Burner
2008-05-16 18:40 --------- d-----w C:\Program Files\LimeWire
2008-04-21 19:44 --------- d-----w C:\Program Files\7-Zip
2008-04-17 05:57 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-04-15 17:58 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-09 13:13 --------- d-----w C:\Program Files\AxBx
2008-04-09 12:41 --------- d-----w C:\Program Files\SweetIM
2008-04-02 04:37 --------- d-----w C:\Documents and Settings\All Users.WINDOWS1\Application Data\SweetIM
2008-04-02 04:26 --------- d-----w C:\Program Files\Free Audio Pack
2008-03-29 07:12 --------- d-----w C:\Program Files\AVIConverter
2008-03-29 07:08 --------- d-----w C:\Program Files\Ultra AVI Converter
2008-03-29 07:05 --------- d-----w C:\Program Files\SLD Codec Pack
2008-03-29 06:47 --------- d-----w C:\Program Files\MyMPxPlayer.org
2008-03-28 16:58 --------- d-----w C:\Documents and Settings\pc\Application Data\Image Zone Express
2008-03-28 16:35 --------- d-----w C:\Program Files\MP4 Converter
2008-03-28 16:34 --------- d-----w C:\Program Files\DivX
2008-03-28 16:20 --------- d-----w C:\Program Files\FairUse Wizard 2
2008-03-28 16:00 --------- d-----w C:\Program Files\Allok Video to MP4 Converter
2008-03-28 15:41 --------- d-----w C:\Program Files\WinAVI MP4 Converter
2008-03-27 17:11 39,032 -c--a-w C:\Documents and Settings\pc\Application Data\GDIPFONTCACHEV1.DAT
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS1\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS1\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS1\system32\win32k.sys
2008-03-18 06:38 139,264 ----a-w C:\WINDOWS1\system32\hpzjrd01.dll
2007-12-20 19:54 87,240 -c--a-w C:\Documents and Settings\H5456\Application Data\GDIPFONTCACHEV1.DAT
2008-01-04 21:58 479,232 -c--a-w C:\Program Files\mozilla firefox\plugins\msvcm80.dll
2008-01-04 21:58 548,864 -c--a-w C:\Program Files\mozilla firefox\plugins\msvcp80.dll
2008-01-04 21:58 626,688 -c--a-w C:\Program Files\mozilla firefox\plugins\msvcr80.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS1\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 15:50 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-15 21:04 2879488 C:\WINDOWS1\SkyTel.exe]
"AsusServiceProvider"="C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe" [2006-10-22 23:28 593920]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe" [2006-10-29 18:07 362496]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-11 19:58 16264192 C:\WINDOWS1\RTHDCPL.exe]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"VirusKeeper"="C:\Program Files\AxBx\VirusKeeper 2008 Pro\VirusKeeper.exe" [2008-05-21 11:43 2878320]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS1\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

C:\Documents and Settings\All Users.WINDOWS1\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE [2007-02-21 19:04:25 925696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS1\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\SAGEM WiFi manager\\WLANUTL.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1818:UDP"= 1818:UDP:Windows Media Format SDK (WOOBrowser.exe)
"1819:UDP"= 1819:UDP:Windows Media Format SDK (WOOBrowser.exe)

R2 vkservice;VirusKeeper antivirus/antispyware;C:\Program Files\AxBx\VirusKeeper 2008 Pro\vk_service.exe [2008-05-14 11:58]
R3 Cap713x;Cap713x Video Capture;C:\WINDOWS1\system32\DRIVERS\Cap713x.sys [2004-10-08 17:58]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS1\system32\DRIVERS\WlanBZXP.sys [2005-12-22 15:45]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS1\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS1\system32\DRIVERS\se59bus.sys [2006-09-05 22:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS1\system32\DRIVERS\se59mdfl.sys [2006-09-05 22:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS1\system32\DRIVERS\se59mdm.sys [2006-09-05 22:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS1\system32\DRIVERS\se59mgmt.sys [2006-09-05 22:08]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS1\system32\DRIVERS\se59obex.sys [2006-09-05 22:09]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS1\system32\ZDCndis5.SYS []

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-17 15:41:00 C:\WINDOWS1\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-23 19:56:50
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-23 19:58:38
ComboFix-quarantined-files.txt 2008-05-23 17:58:37
ComboFix2.txt 2008-05-23 05:08:13

Pre-Run: 49,668,939,776 octets libres
Post-Run: 49,681,141,760 octets libres

207 --- E O F --- 2008-05-16 06:34:22
que j'ai pas fait de betises,j'avais oublie de desactiver mon antivirus,je l'ai donc fait en debut de scan.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:59, on 23/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\Ati2evxx.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\system32\Ati2evxx.exe
C:\WINDOWS1\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS1\system32\HPZipm12.exe
C:\WINDOWS1\system32\svchost.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro\vk_service.exe
C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
C:\WINDOWS1\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro\VirusKeeper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS1\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS1\explorer.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Wanadoo\Watch.exe
C:\WINDOWS1\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro\VirusKeeper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS1\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS1\system32\ati2sgag.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS1\System32\FTRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS1\system32\HPZipm12.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2008 Pro\vk_service.exe

bonsoir,

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 722

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 177499
Temps écoulé: 36 minute(s), 14 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

bonjour,

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.5.22.1 2008.05.23 -
AntiVir 7.8.0.19 2008.05.23 -
Authentium 5.1.0.4 2008.05.23 -
Avast 4.8.1195.0 2008.05.23 -
AVG 7.5.0.516 2008.05.23 -
BitDefender 7.2 2008.05.24 -
CAT-QuickHeal 9.50 2008.05.24 -
ClamAV 0.92.1 2008.05.24 -
DrWeb 4.44.0.09170 2008.05.23 -
eSafe 7.0.15.0 2008.05.22 -
eTrust-Vet 31.4.5817 2008.05.23 -
Ewido 4.0 2008.05.23 -
F-Prot 4.4.4.56 2008.05.23 -
F-Secure 6.70.13260.0 2008.05.23 -
Fortinet 3.14.0.0 2008.05.24 -
GData 2.0.7306.1023 2008.05.23 -
Ikarus T3.1.1.26.0 2008.05.24 -
Kaspersky 7.0.0.125 2008.05.24 -
McAfee 5302 2008.05.23 -
Microsoft None 2008.05.24 -
NOD32v2 3128 2008.05.23 -
Norman 5.80.02 2008.05.23 -
Panda 9.0.0.4 2008.05.23 -
Prevx1 V2 2008.05.24 -
Rising 20.45.42.00 2008.05.23 -
Sophos 4.29.0 2008.05.24 -
Sunbelt 3.0.1123.1 2008.05.17 -
Symantec 10 2008.05.24 -
TheHacker 6.2.92.318 2008.05.23 -
VBA32 3.12.6.6 2008.05.23 -
VirusBuster 4.3.26:9 2008.05.23 -
Webwasher-Gateway 6.6.2 2008.05.24 -
Information additionnelle
File size: 847 bytes
MD5...: d1f9d6bca64162721161bf88443715d1
SHA1..: 081f1889e39d6f7b548673f8ede233a7b538555b
SHA256: b9f7066364f10cbc1888da40bc89d5fdc79cd0b3bc38bc50da4a83ae4304bcc5
SHA512: d84dcfa6d246e0001240110887a8f42fc4197dba1c114255f9e01bf1b0828c1f
67b347515a973830737b4d4b775a565ef9239b446434f86328d64c06118a2da7
PEiD..: -
PEInfo: -


ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.

bonjour,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:21:44, on 24/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\Ati2evxx.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\system32\Ati2evxx.exe
C:\WINDOWS1\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS1\system32\HPZipm12.exe
C:\WINDOWS1\system32\svchost.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro\vk_service.exe
C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
C:\WINDOWS1\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro\VirusKeeper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS1\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS1\explorer.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS1\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro\VirusKeeper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS1\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS1\system32\ati2sgag.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS1\System32\FTRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS1\system32\HPZipm12.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2008 Pro\vk_service.exe

bonsoir,
j'ai tout poste mais j'ai du faire une mauvaise manip car c'est pas parti!!


BitDefender Online Scanner



Scan report generated at: Sun, May 25, 2008 - 11:46:40





Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;







Statistics

Time
01:39:53

Files
546662

Folders
12306

Boot Sectors
5

Archives
23188

Packed Files
21475




Results

Identified Viruses
3

Infected Files
4

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
4




Engines Info

Virus Definitions
1234325

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
16

Archive plugins
42

Unpack plugins
7

E-mail plugins
6

System plugins
5




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\WINDOWS\pack.epk=>(NSIS 2g)=>lzma_solid_nsis0006
Detected with: Adware.Navipromo.BC

C:\WINDOWS\pack.epk=>(NSIS 2g)=>lzma_solid_nsis0006
Deleted

C:\WINDOWS\pack.epk=>(NSIS 2g)
Update failed

C:\WINDOWS\pack.epk=>(NSIS 2g)=>lzma_solid_nsis0009
Infected with: Backdoor.Skinymes.Agent.A

C:\WINDOWS\pack.epk=>(NSIS 2g)=>lzma_solid_nsis0009
Deleted

C:\WINDOWS\pack.epk=>(NSIS 2g)
Update failed

C:\WINDOWS\pack.epk=>(NSIS 2g)=>lzma_solid_nsis0028=>(NSIS g)=>lzma_solid_nsis0005
Detected with: Adware.Navipromo.BC

C:\WINDOWS\pack.epk=>(NSIS 2g)=>lzma_solid_nsis0028=>(NSIS g)=>lzma_solid_nsis0005
Deleted

C:\WINDOWS\pack.epk=>(NSIS 2g)=>lzma_solid_nsis0028=>(NSIS g)
Update failed

C:\WINDOWS1\system32\gside.exe=>(NSIS o)=>bzip2_solid_nsis0002
Detected with: Adware.BHO.WRG

C:\WINDOWS1\system32\gside.exe=>(NSIS o)=>bzip2_solid_nsis0002
Deleted

C:\WINDOWS1\system32\gside.exe=>(NSIS o)
Update failed

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 722

Type de recherche: Examen rapide
Eléments examinés: 39754
Temps écoulé: 7 minute(s), 38 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
ComboFix 08-05-21.3 - pc 2008-05-24 20:11:32.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.637 [GMT 2:00]
Endroit: C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\combofix.exe
Command switches used :: C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\CFscript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\WINDOWS1\system32\winpfz33.sys
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS1\system32\winpfz33.sys

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-24 to 2008-05-24 ))))))))))))))))))))))))))))))))))))
.

2008-05-24 17:33 . 2008-05-24 17:34 731,207,936 --a------ C:\Collateral Fr(Tom Cruise).avi
2008-05-24 08:02 . 2008-05-24 15:18 733,337,706 --a------ C:\La Guerre Des Mondes 2005 Tom Cruise Divx French.avi
2008-05-23 20:13 . 2008-05-24 13:32 734,280,066 --a------ C:\Braveheart.(Mel.Gibson).[BarnZ.DVDrip.Francais]teste.avi
2008-05-23 20:13 . 2008-05-24 13:04 733,835,264 --a------ C:\Ce Que Veulent Les Femmes (2000) - Fr Dvdrip Avec Mel Gibson, Helen Hunt.avi
2008-05-23 20:12 . 2008-05-24 13:32 734,312,872 --a------ C:\La.Ligne.Verte.(Tom.Hanks).[BarnZ.DVDrip.Francais].avi
2008-05-23 02:56 . 2008-05-23 03:00 725,031,072 --a------ C:\Coup De Foudre A Notting Hill - Julia Roberts-Hugh Grant - DVD Rip Francais.avi
2008-05-23 02:48 . 2008-05-23 02:55 732,745,728 --a------ C:\Confessions D'un Homme Dangereux - Français (George Clooney,Julia Roberts,Brad Pitt,Drue Barrymore,Matt Damon) Dvdrip Divx.avi
2008-05-22 21:34 . 2008-05-23 04:38 700,155,904 --a------ C:\La Vérité Si Je Mens.avi
2008-05-22 07:12 . 2007-04-11 10:23 35,328 --a------ C:\WINDOWS1\system32\drivers\Capt905c.sys
2008-05-22 07:12 . 2007-04-09 14:54 25,216 --a------ C:\WINDOWS1\system32\drivers\Camd905c.sys
2008-05-21 22:20 . 2008-05-22 00:12 <REP> d-------- C:\WINDOWS1\BDOSCAN8
2008-05-21 20:48 . 2008-05-21 20:48 <REP> d-------- C:\Program Files\CCleaner
2008-05-21 09:22 . 2008-05-21 14:20 716,974,080 --a------ C:\Cocktail ( Tom Cruise) DVDRIP FR.avi
2008-05-21 09:22 . 2008-05-21 13:47 698,900,480 --a------ C:\Dirty Dancing (1987) [Divx].avi
2008-05-21 09:21 . 2008-05-21 14:47 725,630,976 --a------ C:\Film - Tom Cruise - Top Gun - Fr.avi
2008-05-20 18:17 . 2008-05-20 18:17 <REP> d-------- C:\WINDOWS1\system32\Kaspersky Lab
2008-05-20 09:13 . 2008-05-23 21:18 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-20 09:13 . 2008-05-20 09:13 <REP> d-------- C:\Documents and Settings\pc\Application Data\Malwarebytes
2008-05-20 09:13 . 2008-05-20 09:13 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Malwarebytes
2008-05-20 09:13 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS1\system32\drivers\mbamcatchme.sys
2008-05-20 09:13 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS1\system32\drivers\mbam.sys
2008-05-20 08:23 . 2008-05-20 08:23 <REP> d-------- C:\WINDOWS1\ERUNT
2008-05-20 07:51 . 2008-05-17 02:23 <REP> d-------- C:\SDFix
2008-05-19 22:25 . 2008-05-20 06:46 4,078 --a------ C:\WINDOWS1\system32\tmp.reg
2008-05-19 22:22 . 2008-02-10 02:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-05-19 22:22 . 2008-02-10 02:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-05-19 22:22 . 2008-02-10 01:32 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-05-19 22:22 . 2008-02-10 02:00 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-05-19 22:22 . 2008-02-10 02:00 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-05-19 22:22 . 2008-02-10 02:00 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-05-19 22:22 . 2008-02-10 02:00 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-05-19 22:22 . 2008-05-19 22:22 <REP> d-------- C:\Documents and Settings\Administrateur
2008-05-18 19:25 . 2008-05-18 19:25 <REP> d-------- C:\Sun
2008-05-18 19:15 . 2008-05-22 15:57 <REP> d-------- C:\Program Files\Navilog1
2008-05-18 18:04 . 2008-05-18 18:04 <REP> d-------- C:\Program Files\Trend Micro
2008-05-17 19:05 . 2008-05-17 19:05 255,000 --a------ C:\Documents and Settings\pc\Application Data\installer_fr[1].exe
2008-05-16 20:04 . 2007-09-25 00:31 69,632 --a------ C:\WINDOWS1\system32\javacpl.cpl
2008-05-16 10:13 . 2008-05-16 10:13 298,312 --a------ C:\WINDOWS1\system32\gside.exe
2008-05-16 09:53 . 2008-05-20 08:37 <REP> d-------- C:\WINDOWS1\Yg
2008-05-16 09:52 . 2008-05-20 15:03 <REP> d-------- C:\WINDOWS1\system32\rDA
2008-05-16 09:52 . 2008-05-20 15:03 <REP> d-------- C:\WINDOWS1\system32\emL1
2008-05-16 09:52 . 2008-05-22 00:09 <REP> d-------- C:\WINDOWS1\system32\3056v
2008-05-16 09:52 . 2008-05-20 08:44 <REP> d-------- C:\Temp
2008-05-09 11:46 . 1996-10-29 11:29 29,732 --a------ C:\WINDOWS1\system\HYENA.TTF
2008-05-09 11:42 . 2008-05-09 12:00 579 --a------ C:\WINDOWS1\7thlevel.ini
2008-05-03 21:00 . 2008-05-16 10:06 <REP> d-------- C:\Documents and Settings\pc\Application Data\Azureus
2008-05-03 21:00 . 2008-05-03 21:00 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Azureus
2008-05-03 20:44 . 2008-05-15 08:13 <REP> d-------- C:\Program Files\Azureus
2008-05-02 22:37 . 2008-05-02 22:37 <REP> d-------- C:\Program Files\LiveCAD
2008-05-02 21:24 . 2008-05-02 21:24 <REP> d-------- C:\Documents and Settings\pc\Application Data\Anuman Interactive

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 18:10 --------- d-----w C:\Program Files\Wanadoo
2008-05-24 06:05 --------- d-----w C:\Documents and Settings\pc\Application Data\Image Zone Express
2008-05-24 05:37 --------- d-----w C:\Documents and Settings\pc\Application Data\LimeWire
2008-05-23 04:57 --------- d-----w C:\Program Files\Google
2008-05-22 05:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-19 06:00 --------- d-----w C:\Program Files\eMule
2008-05-18 19:42 --------- d-----w C:\Documents and Settings\pc\Application Data\OpenOffice.org2
2008-05-17 18:58 --------- d-----w C:\Program Files\Free Easy Burner
2008-05-16 18:40 --------- d-----w C:\Program Files\LimeWire
2008-04-21 19:44 --------- d-----w C:\Program Files\7-Zip
2008-04-17 05:57 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-04-15 17:58 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-09 13:13 --------- d-----w C:\Program Files\AxBx
2008-04-09 12:41 --------- d-----w C:\Program Files\SweetIM
2008-04-02 04:37 --------- d-----w C:\Documents and Settings\All Users.WINDOWS1\Application Data\SweetIM
2008-04-02 04:26 --------- d-----w C:\Program Files\Free Audio Pack
2008-03-29 07:12 --------- d-----w C:\Program Files\AVIConverter
2008-03-29 07:08 --------- d-----w C:\Program Files\Ultra AVI Converter
2008-03-29 07:05 --------- d-----w C:\Program Files\SLD Codec Pack
2008-03-29 06:47 --------- d-----w C:\Program Files\MyMPxPlayer.org
2008-03-28 16:35 --------- d-----w C:\Program Files\MP4 Converter
2008-03-28 16:34 --------- d-----w C:\Program Files\DivX
2008-03-28 16:20 --------- d-----w C:\Program Files\FairUse Wizard 2
2008-03-28 16:00 --------- d-----w C:\Program Files\Allok Video to MP4 Converter
2008-03-28 15:41 --------- d-----w C:\Program Files\WinAVI MP4 Converter
2008-03-27 17:11 39,032 -c--a-w C:\Documents and Settings\pc\Application Data\GDIPFONTCACHEV1.DAT
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS1\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS1\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS1\system32\win32k.sys
2008-03-18 06:38 139,264 ----a-w C:\WINDOWS1\system32\hpzjrd01.dll
2007-12-20 19:54 87,240 -c--a-w C:\Documents and Settings\H5456\Application Data\GDIPFONTCACHEV1.DAT
2008-01-04 21:58 479,232 -c--a-w C:\Program Files\mozilla firefox\plugins\msvcm80.dll
2008-01-04 21:58 548,864 -c--a-w C:\Program Files\mozilla firefox\plugins\msvcp80.dll
2008-01-04 21:58 626,688 -c--a-w C:\Program Files\mozilla firefox\plugins\msvcr80.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-23_ 7.07.59.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-23 05:04:01 2,048 --s-a-w C:\WINDOWS1\bootstat.dat
+ 2008-05-24 05:24:46 2,048 --s-a-w C:\WINDOWS1\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS1\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 15:50 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-15 21:04 2879488 C:\WINDOWS1\SkyTel.exe]
"AsusServiceProvider"="C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe" [2006-10-22 23:28 593920]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe" [2006-10-29 18:07 362496]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-11 19:58 16264192 C:\WINDOWS1\RTHDCPL.exe]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"VirusKeeper"="C:\Program Files\AxBx\VirusKeeper 2008 Pro\VirusKeeper.exe" [2008-05-21 11:43 2878320]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS1\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

C:\Documents and Settings\All Users.WINDOWS1\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE [2007-02-21 19:04:25 925696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS1\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\SAGEM WiFi manager\\WLANUTL.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1818:UDP"= 1818:UDP:Windows Media Format SDK (WOOBrowser.exe)
"1819:UDP"= 1819:UDP:Windows Media Format SDK (WOOBrowser.exe)

R2 vkservice;VirusKeeper antivirus/antispyware;C:\Program Files\AxBx\VirusKeeper 2008 Pro\vk_service.exe [2008-05-14 11:58]
R3 Cap713x;Cap713x Video Capture;C:\WINDOWS1\system32\DRIVERS\Cap713x.sys [2004-10-08 17:58]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS1\system32\DRIVERS\WlanBZXP.sys [2005-12-22 15:45]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS1\system32\DRIVERS\se59bus.sys [2006-09-05 22:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS1\system32\DRIVERS\se59mdfl.sys [2006-09-05 22:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS1\system32\DRIVERS\se59mdm.sys [2006-09-05 22:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS1\system32\DRIVERS\se59mgmt.sys [2006-09-05 22:08]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS1\system32\DRIVERS\se59obex.sys [2006-09-05 22:09]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS1\system32\ZDCndis5.SYS []

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-24 15:41:00 C:\WINDOWS1\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 20:14:26
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-24 20:16:36
ComboFix-quarantined-files.txt 2008-05-24 18:16:33
ComboFix2.txt 2008-05-23 17:58:51
ComboFix3.txt 2008-05-23 05:08:13

Pre-Run: 43,667,341,312 octets libres
Post-Run: 43,681,865,728 octets libres

188 --- E O F --- 2008-05-16 06:34:22

bonjour,

Search Navipromo version 3.5.7 commencé le 26/05/2008 à 6:54:27,98

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "pc"

Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS1" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1.win\applic~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1.win\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\pc\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\H5456\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\pc\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\H5456\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\pc\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\H5456\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS1\system32" *

* Recherche dans "C:\Documents and Settings\pc\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\H5456\locals~1\applic~1" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS1\system32" :


* Dans "C:\Documents and Settings\pc\locals~1\applic~1" :


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


* Dans "C:\DOCUME~1\H5456\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 26/05/2008 à 7:02:02,28 ***

GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-05-26 21:58:43
Windows 5.1.2600 Service Pack 2


---- Registry - GMER 1.0.14 ----

Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@F:\Tool\AVIConverter_220X176\xff08EN\xff09_Smart Setup.exe AVIConverter_220X176?EN?_Smart Setup
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@E:\Tool\AVIConverter_220X176\xff08EN\xff09_Smart Setup.exe AVIConverter_220X176?EN?_Smart Setup
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Documents and Settings\pc\Mes documents\AVIConverter_220X176\xff08EN\xff09_Smart Setup.exe AVIConverter_220X176?EN?_Smart Setup

---- EOF - GMER 1.0.14 ----

bonsoir,

ComboFix 08-05-21.3 - pc 2008-05-26 22:09:01.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.587 [GMT 2:00]
Endroit: C:\Documents and Settings\pc\Mes documents\combofix.exe
Command switches used :: C:\Documents and Settings\pc\Bureau\cfscript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\WINDOWS\pack.epk
C:\WINDOWS1\system32\gside.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pack.epk
C:\WINDOWS1\system32\gside.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-26 to 2008-05-26 ))))))))))))))))))))))))))))))))))))
.

2008-05-26 21:34 . 2008-05-26 21:34 250 --a------ C:\WINDOWS1\gmer.ini
2008-05-24 20:55 . 2008-05-24 20:56 <REP> d-------- C:\Program Files\PhotoFiltre
2008-05-24 20:30 . 2008-05-24 20:30 <REP> d-------- C:\Program Files\XnView
2008-05-24 20:30 . 2008-05-24 20:52 <REP> d-------- C:\Documents and Settings\pc\Application Data\XnView
2008-05-24 17:33 . 2008-05-24 17:34 731,207,936 --a------ C:\Collateral Fr(Tom Cruise).avi
2008-05-24 08:02 . 2008-05-24 15:18 733,337,706 --a------ C:\La Guerre Des Mondes 2005 Tom Cruise Divx French.avi
2008-05-23 20:13 . 2008-05-24 13:32 734,280,066 --a------ C:\Braveheart.(Mel.Gibson).[BarnZ.DVDrip.Francais]teste.avi
2008-05-23 20:13 . 2008-05-24 13:04 733,835,264 --a------ C:\Ce Que Veulent Les Femmes (2000) - Fr Dvdrip Avec Mel Gibson, Helen Hunt.avi
2008-05-23 20:12 . 2008-05-24 13:32 734,312,872 --a------ C:\La.Ligne.Verte.(Tom.Hanks).[BarnZ.DVDrip.Francais].avi
2008-05-23 02:56 . 2008-05-23 03:00 725,031,072 --a------ C:\Coup De Foudre A Notting Hill - Julia Roberts-Hugh Grant - DVD Rip Francais.avi
2008-05-23 02:48 . 2008-05-23 02:55 732,745,728 --a------ C:\Confessions D'un Homme Dangereux - Français (George Clooney,Julia Roberts,Brad Pitt,Drue Barrymore,Matt Damon) Dvdrip Divx.avi
2008-05-22 21:34 . 2008-05-23 04:38 700,155,904 --a------ C:\La Vérité Si Je Mens.avi
2008-05-22 07:12 . 2007-04-11 10:23 35,328 --a------ C:\WINDOWS1\system32\drivers\Capt905c.sys
2008-05-22 07:12 . 2007-04-09 14:54 25,216 --a------ C:\WINDOWS1\system32\drivers\Camd905c.sys
2008-05-21 22:20 . 2008-05-25 10:06 <REP> d-------- C:\WINDOWS1\BDOSCAN8
2008-05-21 20:48 . 2008-05-21 20:48 <REP> d-------- C:\Program Files\CCleaner
2008-05-21 09:22 . 2008-05-21 14:20 716,974,080 --a------ C:\Cocktail ( Tom Cruise) DVDRIP FR.avi
2008-05-21 09:22 . 2008-05-21 13:47 698,900,480 --a------ C:\Dirty Dancing (1987) [Divx].avi
2008-05-21 09:21 . 2008-05-21 14:47 725,630,976 --a------ C:\Film - Tom Cruise - Top Gun - Fr.avi
2008-05-20 18:17 . 2008-05-20 18:17 <REP> d-------- C:\WINDOWS1\system32\Kaspersky Lab
2008-05-20 09:13 . 2008-05-23 21:18 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-20 09:13 . 2008-05-20 09:13 <REP> d-------- C:\Documents and Settings\pc\Application Data\Malwarebytes
2008-05-20 09:13 . 2008-05-20 09:13 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Malwarebytes
2008-05-20 09:13 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS1\system32\drivers\mbamcatchme.sys
2008-05-20 09:13 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS1\system32\drivers\mbam.sys
2008-05-20 08:23 . 2008-05-20 08:23 <REP> d-------- C:\WINDOWS1\ERUNT
2008-05-20 07:51 . 2008-05-17 02:23 <REP> d-------- C:\SDFix
2008-05-19 22:25 . 2008-05-20 06:46 4,078 --a------ C:\WINDOWS1\system32\tmp.reg
2008-05-19 22:22 . 2008-02-10 02:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-05-19 22:22 . 2008-02-10 02:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-05-19 22:22 . 2008-02-10 01:32 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-05-19 22:22 . 2008-02-10 02:00 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-05-19 22:22 . 2008-02-10 02:00 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-05-19 22:22 . 2008-02-10 02:00 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-05-19 22:22 . 2008-02-10 02:00 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-05-19 22:22 . 2008-05-19 22:22 <REP> d-------- C:\Documents and Settings\Administrateur
2008-05-18 19:25 . 2008-05-18 19:25 <REP> d-------- C:\Sun
2008-05-18 19:15 . 2008-05-26 07:02 <REP> d-------- C:\Program Files\Navilog1
2008-05-18 18:04 . 2008-05-18 18:04 <REP> d-------- C:\Program Files\Trend Micro
2008-05-17 19:05 . 2008-05-17 19:05 255,000 --a------ C:\Documents and Settings\pc\Application Data\installer_fr[1].exe
2008-05-16 20:04 . 2007-09-25 00:31 69,632 --a------ C:\WINDOWS1\system32\javacpl.cpl
2008-05-16 09:53 . 2008-05-20 08:37 <REP> d-------- C:\WINDOWS1\Yg
2008-05-16 09:52 . 2008-05-20 15:03 <REP> d-------- C:\WINDOWS1\system32\rDA
2008-05-16 09:52 . 2008-05-20 15:03 <REP> d-------- C:\WINDOWS1\system32\emL1
2008-05-16 09:52 . 2008-05-22 00:09 <REP> d-------- C:\WINDOWS1\system32\3056v
2008-05-16 09:52 . 2008-05-20 08:44 <REP> d-------- C:\Temp
2008-05-09 11:46 . 1996-10-29 11:29 29,732 --a------ C:\WINDOWS1\system\HYENA.TTF
2008-05-09 11:42 . 2008-05-09 12:00 579 --a------ C:\WINDOWS1\7thlevel.ini
2008-05-03 21:00 . 2008-05-16 10:06 <REP> d-------- C:\Documents and Settings\pc\Application Data\Azureus
2008-05-03 21:00 . 2008-05-03 21:00 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Azureus
2008-05-03 20:44 . 2008-05-15 08:13 <REP> d-------- C:\Program Files\Azureus
2008-05-02 22:37 . 2008-05-02 22:37 <REP> d-------- C:\Program Files\LiveCAD
2008-05-02 21:24 . 2008-05-02 21:24 <REP> d-------- C:\Documents and Settings\pc\Application Data\Anuman Interactive

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 20:03 --------- d-----w C:\Program Files\Wanadoo
2008-05-24 19:26 --------- d-----w C:\Documents and Settings\pc\Application Data\OpenOffice.org2
2008-05-24 19:07 --------- d-----w C:\Documents and Settings\pc\Application Data\Image Zone Express
2008-05-24 05:37 --------- d-----w C:\Documents and Settings\pc\Application Data\LimeWire
2008-05-23 04:57 --------- d-----w C:\Program Files\Google
2008-05-22 05:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-19 06:00 --------- d-----w C:\Program Files\eMule
2008-05-17 18:58 --------- d-----w C:\Program Files\Free Easy Burner
2008-05-16 18:40 --------- d-----w C:\Program Files\LimeWire
2008-04-21 19:44 --------- d-----w C:\Program Files\7-Zip
2008-04-17 05:57 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-04-15 17:58 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-09 13:13 --------- d-----w C:\Program Files\AxBx
2008-04-09 12:41 --------- d-----w C:\Program Files\SweetIM
2008-04-02 04:37 --------- d-----w C:\Documents and Settings\All Users.WINDOWS1\Application Data\SweetIM
2008-04-02 04:26 --------- d-----w C:\Program Files\Free Audio Pack
2008-03-29 07:12 --------- d-----w C:\Program Files\AVIConverter
2008-03-29 07:08 --------- d-----w C:\Program Files\Ultra AVI Converter
2008-03-29 07:05 --------- d-----w C:\Program Files\SLD Codec Pack
2008-03-29 06:47 --------- d-----w C:\Program Files\MyMPxPlayer.org
2008-03-28 16:35 --------- d-----w C:\Program Files\MP4 Converter
2008-03-28 16:34 --------- d-----w C:\Program Files\DivX
2008-03-28 16:20 --------- d-----w C:\Program Files\FairUse Wizard 2
2008-03-28 16:00 --------- d-----w C:\Program Files\Allok Video to MP4 Converter
2008-03-28 15:41 --------- d-----w C:\Program Files\WinAVI MP4 Converter
2008-03-27 17:11 39,032 -c--a-w C:\Documents and Settings\pc\Application Data\GDIPFONTCACHEV1.DAT
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS1\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS1\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS1\system32\win32k.sys
2008-03-18 06:38 139,264 ----a-w C:\WINDOWS1\system32\hpzjrd01.dll
2007-12-20 19:54 87,240 -c--a-w C:\Documents and Settings\H5456\Application Data\GDIPFONTCACHEV1.DAT
2008-01-04 21:58 479,232 -c--a-w C:\Program Files\mozilla firefox\plugins\msvcm80.dll
2008-01-04 21:58 548,864 -c--a-w C:\Program Files\mozilla firefox\plugins\msvcp80.dll
2008-01-04 21:58 626,688 -c--a-w C:\Program Files\mozilla firefox\plugins\msvcr80.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-23_ 7.07.59.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-21 20:21:04 181,760 ----a-w C:\WINDOWS1\BDOSCAN8\bdcore.dll
+ 2008-05-25 08:06:33 181,760 ----a-w C:\WINDOWS1\BDOSCAN8\bdcore.dll
- 2008-05-21 20:21:07 142,848 ----a-w C:\WINDOWS1\BDOSCAN8\libfn.dll
+ 2008-05-25 08:06:34 142,848 ----a-w C:\WINDOWS1\BDOSCAN8\libfn.dll
- 2008-05-23 05:04:01 2,048 --s-a-w C:\WINDOWS1\bootstat.dat
+ 2008-05-26 15:47:18 2,048 --s-a-w C:\WINDOWS1\bootstat.dat
+ 2008-05-26 19:34:09 819,200 ----a-w C:\WINDOWS1\gmer.dll
+ 2008-03-03 18:29:06 761,856 ----a-r C:\WINDOWS1\gmer.exe
+ 2008-05-26 19:34:09 86,097 ----a-w C:\WINDOWS1\system32\drivers\gmer.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS1\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 15:50 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-15 21:04 2879488 C:\WINDOWS1\SkyTel.exe]
"AsusServiceProvider"="C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe" [2006-10-22 23:28 593920]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe" [2006-10-29 18:07 362496]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-11 19:58 16264192 C:\WINDOWS1\RTHDCPL.exe]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"VirusKeeper"="C:\Program Files\AxBx\VirusKeeper 2008 Pro\VirusKeeper.exe" [2008-05-21 11:43 2878320]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS1\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

C:\Documents and Settings\pc\Menu D‚marrer\Programmes\D‚marrage\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2008-02-09 19:09:13 157008]

C:\Documents and Settings\All Users.WINDOWS1\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE [2007-02-21 19:04:25 925696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS1\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\SAGEM WiFi manager\\WLANUTL.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1818:UDP"= 1818:UDP:Windows Media Format SDK (WOOBrowser.exe)
"1819:UDP"= 1819:UDP:Windows Media Format SDK (WOOBrowser.exe)

R2 vkservice;VirusKeeper antivirus/antispyware;C:\Program Files\AxBx\VirusKeeper 2008 Pro\vk_service.exe [2008-05-14 11:58]
R3 Cap713x;Cap713x Video Capture;C:\WINDOWS1\system32\DRIVERS\Cap713x.sys [2004-10-08 17:58]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS1\system32\DRIVERS\WlanBZXP.sys [2005-12-22 15:45]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS1\system32\DRIVERS\se59bus.sys [2006-09-05 22:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS1\system32\DRIVERS\se59mdfl.sys [2006-09-05 22:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS1\system32\DRIVERS\se59mdm.sys [2006-09-05 22:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS1\system32\DRIVERS\se59mgmt.sys [2006-09-05 22:08]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS1\system32\DRIVERS\se59obex.sys [2006-09-05 22:09]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS1\system32\ZDCndis5.SYS []

*Newly Created Service* - GMER
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-24 15:41:00 C:\WINDOWS1\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-26 22:10:10
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-26 22:10:59
ComboFix-quarantined-files.txt 2008-05-26 20:10:49
ComboFix2.txt 2008-05-24 18:16:36
ComboFix3.txt 2008-05-23 17:58:51
ComboFix4.txt 2008-05-23 05:08:13

Pre-Run: 41,039,368,192 octets libres
Post-Run: 41,048,211,456 octets libres

203 --- E O F --- 2008-05-16 06:34:22
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:11:39, on 26/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\Ati2evxx.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\system32\Ati2evxx.exe
C:\WINDOWS1\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS1\system32\HPZipm12.exe
C:\WINDOWS1\system32\svchost.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro\vk_service.exe
C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
C:\WINDOWS1\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro\VirusKeeper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS1\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS1\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro\VirusKeeper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS1\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS1\system32\ati2sgag.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS1\System32\FTRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS1\system32\HPZipm12.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2008 Pro\vk_service.exe

bonjour,
non elles ne sont pas en rouge.

bonjour,
BitDefender Online Scanner



Scan report generated at: Wed, May 28, 2008 - 10:10:45





Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;







Statistics

Time
01:39:14

Files
550092

Folders
12343

Boot Sectors
5

Archives
23636

Packed Files
21660




Results

Identified Viruses
4

Infected Files
6

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
6




Engines Info

Virus Definitions
1248201

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
16

Archive plugins
42

Unpack plugins
7

E-mail plugins
6

System plugins
5




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\sdfix\SDFix\backups\backups.zip=>backups/dFrnx051080.exe
Infected with: Trojan.Generic.279322

C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\sdfix\SDFix\backups\backups.zip=>backups/dFrnx051080.exe
Deleted

C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\sdfix\SDFix\backups\backups.zip
Updated

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0006
Detected with: Adware.Navipromo.BC

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0006
Deleted

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)
Update failed

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0009
Infected with: Backdoor.Skinymes.Agent.A

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0009
Deleted

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)
Update failed

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0028=>(NSIS g)=>lzma_solid_nsis0005
Detected with: Adware.Navipromo.BC

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0028=>(NSIS g)=>lzma_solid_nsis0005
Deleted

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0028=>(NSIS g)
Update failed

C:\QooBox\Quarantine\C\WINDOWS1\system32\gside.exe.vir=>(NSIS o)=>bzip2_solid_nsis0002
Detected with: Adware.BHO.WRG

C:\QooBox\Quarantine\C\WINDOWS1\system32\gside.exe.vir=>(NSIS o)=>bzip2_solid_nsis0002
Deleted

C:\QooBox\Quarantine\C\WINDOWS1\system32\gside.exe.vir=>(NSIS o)
Update failed

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP146\A0020895.exe=>(NSIS o)=>bzip2_solid_nsis0002
Detected with: Adware.BHO.WRG

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP146\A0020895.exe=>(NSIS o)=>bzip2_solid_nsis0002
Deleted

C:\System Volume Information\_restore{7674EA49-55C8-47DD-91EF-C34D26692378}\RP146\A0020895.exe=>(NSIS o)
Update failed

bonjour,




-->- Recherche:

C:\SDFIX: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users.WINDOWS1\Bureau\Navilog1.lnk: trouvé !
C:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\pc\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\pc\Mes documents\ComboFix.exe: trouvé !
C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\SdFix.exe: trouvé !
C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\Gmer.zip: trouvé !
C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\BtFix.zip: trouvé !
C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\Navilog1.exe: trouvé !
C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\ComboFix.exe: trouvé !
C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\HJTInstall.exe: trouvé !
C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\SDFIX: trouvé !
C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\Btfix: trouvé !
C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\SmitFraudfix: trouvé !
C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\btfix\Btfix: trouvé !
C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\sdfix\SDFIX: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\WINDOWS1\Gmer.exe: trouvé !
C:\WINDOWS1\ERUNT\SDFIX: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users.WINDOWS1\Bureau\Navilog1.lnk: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\pc\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\pc\Mes documents\ComboFix.exe: supprimé !
C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\SdFix.exe: supprimé !
C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\Gmer.zip: supprimé !
C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\BtFix.zip: supprimé !
C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\Navilog1.exe: supprimé !
C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\ComboFix.exe: supprimé !
C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\HJTInstall.exe: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\WINDOWS1\Gmer.exe: ERREUR DE SUPPRESSION !!
C:\SDFIX: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\SDFIX: supprimé !
C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\Btfix: supprimé !
C:\Documents and Settings\pc\Mes documents\Francois LAFORGE\SmitFraudfix: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\WINDOWS1\ERUNT\SDFIX: supprimé !