Problème Messenger Skinner

Question

Bonjour,
une amie m'a prêté son pc pour que je le lui nettoie...
J'ai trouvé Messenger Skinner, que je sais être un malware, également Incredimail, et certainement d'autres...
Bref je commence par messenger skinner. J'ai lu sur un forum qu'il fallait télécharger navilog (c'est fait) et lancer l'option 2 (également fait)

voici le rapport affiché par navilog:

Clean Navipromo version 2.0.2 commencé le 09/06/2008 à 21:43:42,04

Fix lancé depuis C:\Program Files
avilog1
Mise a jour le 17.05.2007 a 23h00 by IL-MAFIOSO

Mode suppression automatique avec prise en charge résultats Blacklight


 
*** fsbl1.txt non trouvé ***
(Assurez-vous que Blacklight n'avait rien trouvé lors de la recherche)
 

*** Suppression dossiers dans C:\WINDOWS ***

C:\WINDOWS\msskinner ...suppression... 
C:\WINDOWS\msskinner supprimé ! 


*** Suppression dossiers dans C:\Program Files ***

C:\Program Files\InternetGameBox ...suppression... 
C:\Program Files\InternetGameBox supprimé ! 


*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***


*** Suppression dossiers dans C:\Documents and Settings\Dauchet marjorie\Application Data ***

...\Application Data\MessengerSkinner ...suppression... 
...\Application Data\MessengerSkinner supprimé ! 



*** Suppression fichiers ***

C:\WINDOWS\system32
vs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Dauchet marjorie\Local Settings\Temp effectué !

 
*** Sauvegarde du registre vers dossier Backupnavi*** 
 
 
sauvegarde du registre réalise avec succes !


*** Nettoyage registre ***


Nettoyage registre Ok

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

C:\WINDOWS\system32\dfhkj.ini2 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\ilkkj.ini2 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\vyadd.ini2 trouvé ! infection Vundo possible non traité par cet outil !

2)Recherche et Suppression Heuristique :

* 
C:\WINDOWS\System32\bijjgva.dat trouvé !
Copie C:\WINDOWS\system32\bijjgva.dat réalise avec succes !
C:\WINDOWS\system32\bijjgva.dat supprimé !

C:\WINDOWS\System32\gksyvw.dat trouvé !
Copie C:\WINDOWS\system32\gksyvw.dat réalise avec succes !
C:\WINDOWS\system32\gksyvw.dat supprimé !

C:\WINDOWS\System32\lrrubmqgq.dat trouvé !
Copie C:\WINDOWS\system32\lrrubmqgq.dat réalise avec succes !
C:\WINDOWS\system32\lrrubmqgq.dat supprimé !

C:\WINDOWS\System32\wkrmmsk.dat trouvé !
Copie C:\WINDOWS\system32\wkrmmsk.dat réalise avec succes !
C:\WINDOWS\system32\wkrmmsk.dat supprimé !

** 
*** 
**** 
C:\WINDOWS\System32\bijjgva_navps.dat trouvé !
Copie C:\WINDOWS\system32\bijjgva_navps.dat réalise avec succes !
C:\WINDOWS\system32\bijjgva_navps.dat supprimé !

C:\WINDOWS\System32\gksyvw_navps.dat trouvé !
Copie C:\WINDOWS\system32\gksyvw_navps.dat réalise avec succes !
C:\WINDOWS\system32\gksyvw_navps.dat supprimé !

***** 
C:\WINDOWS\System32\bijjgva_nav.dat trouvé !
Copie C:\WINDOWS\system32\bijjgva_nav.dat réalise avec succes !
C:\WINDOWS\system32\bijjgva_nav.dat supprimé !

C:\WINDOWS\System32\gksyvw_nav.dat trouvé !
Copie C:\WINDOWS\system32\gksyvw_nav.dat réalise avec succes !
C:\WINDOWS\system32\gksyvw_nav.dat supprimé !

C:\WINDOWS\System32\bijjgva_navup.dat trouvé !
Copie C:\WINDOWS\system32\bijjgva_navup.dat réalise avec succes !
C:\WINDOWS\system32\bijjgva_navup.dat supprimé !

C:\WINDOWS\System32\gksyvw_navup.dat trouvé !
Copie C:\WINDOWS\system32\gksyvw_navup.dat réalise avec succes !
C:\WINDOWS\system32\gksyvw_navup.dat supprimé !

C:\WINDOWS\System32\wkrmmsk_navup.dat trouvé !
Copie C:\WINDOWS\system32\wkrmmsk_navup.dat réalise avec succes !
C:\WINDOWS\system32\wkrmmsk_navup.dat supprimé !

****** 
******* 
******** 
C:\WINDOWS\System32\bijjgva.exe trouvé !
Copie C:\WINDOWS\system32\bijjgva.exe réalise avec succes !
C:\WINDOWS\system32\bijjgva.exe supprimé !

C:\WINDOWS\System32\cncyaje.exe trouvé !
Copie C:\WINDOWS\system32\cncyaje.exe réalise avec succes !
C:\WINDOWS\system32\cncyaje.exe supprimé !


3)Contrôle présence clés Rootkit dans le registre :

Aucune autre clés présente dans le registre !

*** Nettoyage termine le 09/06/2008 à 21:54:46,39 ***


Voilà, est-ce que quelqu'un pourrait m'aider pour la suite? Qu'est-ce que ça veut dire "infection VUNDO..."?
Merci beaucoup d'avance!

toxic-sweet · Answer

Je sais pas ce que tu as mais désinstalle tout msn en dehors de LA VERSION OFFICIELLE SUR LE SITE OFFICIEL, le mien a été infecté apr messenger plus.

Télécharge glary utilities, ca va bien nettoyer ton pc.

Utilisateur anonyme · Answer

salut grenouille 


Télécharge HijackThis ici : 

-> https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation) 

-> http://pageperso.aol.fr/balltrap34/Hijenr.gif 

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation) 

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm 

Post le rapport généré ici stp...

Utilisateur anonyme · Answer

en effet tres infectée tite grenouille ....!!


Telecharge malwarebytes 

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Tu l´instale; le programme va se mettre automatiquement a jour. 

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression". 

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet". 

Puis click sur "rechercher". 

Laisse le scanner le pc... 

Si des elements on ete trouvés > click sur supprimer la selection. 

si il t´es demandé de redemarrer > click sur "yes". 

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum. 

Copie et colle le rapport stp.

ps : les rapport sont aussi rangé dans l onglet rapport/log

Utilisateur anonyme · Answer

HI HI !! 

profites en pour tout scanner et faire un menage de printemps ...

Utilisateur anonyme · Answer

t as combien d espace disque ??

grenouille enchantée · Answer

attends j'ai un bug dans mon cerveau... comment on fait déjà pour savoir ça? (en temps normal je sais faire, on va mettre ça sur le compte du manque de sommeil lol)

Utilisateur anonyme · Answer

bah alors grenouille !! qué pasa ??

Va dans poste de travail 

met ta souris sur le disque C

grenouille enchantée · Answer

mdr ça y est j'avais trouvé :p
c'est un pc portable, donc espace disque faible: env. 80Go dont 60Go utilisés... je viens de réduire l'espace alloué aux points de restauration système (qui était à fond...)

Utilisateur anonyme · Answer

et t as des disque externe ?? 

le scan est encore en cours ??

grenouille enchantée · Answer

euh PROBLEME
il vient de faire la recherche heuristique et affiche 368 éléments infectés sauf que là une petite fenetre vient de s'ouvrir "Erreur d'exécution '9' : indice en dehors de la plage, avec pour seul choix "OK". la dernière fois que j'ai cliqué sur ce message d'erreur, tout a été perdu... JE FAIS QUOI SVP?????????

Utilisateur anonyme · Answer

bah fais ok 

si ça foire dis le moi on fera autrement

Utilisateur anonyme · Answer

lol 

on va deja degrossir un peux 

Télécharge clean.zip, de Malekal 
http://www.malekal.com/download/clean.zip 



(1) Dézippe-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean. 

(2) Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd 

une fenêtre noire va apparaître pendant un instant, laisse la ouverte. 

(3) Choisis l'option 1 puis patiente 
Poste le rapport obtenu 


pour retrouver le rapport : double clique sur > C > double clique sur " rapport_clean txt. 
et copie/colle le sur ta prochaine réponse . 

Ne passe pas à l'option 2 sans notre avis !

Utilisateur anonyme · Answer

> Redémarre en mode sans échec : 

Comment redémarrer en mode sans echec? 

Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter. 
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. 
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal! 
Ps : si F8 ne marche pas utilise la touche F5. 

-> Tuto : http://forum.telecharger.01net.com/forum/ 

-> Une fois en mode sans echec, ouvre le dossier que tu auvais crée et click sur clean.cmd et choisis l'option 2. 

-> Redémarre normalement et poste le rapport de clean + un nouveau rapport hijackthis stp

grenouille enchantée · Answer

c'est normal que le nettoyage de disque de windows se lance pendant l'opération???

Utilisateur anonyme · Answer

?? non pas trop !!

Utilisateur anonyme · Answer

non laisse le faire

grenouille enchantée · Answer

Vi chef! lol

par ailleurs est-ce normal que sur mon pc à moi firefox plante régulièrement lorsque je poste un message?

Utilisateur anonyme · Answer

non c pas normal non plus on verra ça a la fin du nettoyage

grenouille enchantée · Answer

Script execute en mode sans echec 
Rapport clean par Malekal_morte - http://www.malekal.com 
Script execute en mode sans echec 10/06/2008 a 12:29:24,90 

Microsoft Windows XP [version 5.1.2600]
 
*** Suppression des fichiers dans C: 
 
*** Suppression des fichiers dans C:\WINDOWS\ 
 
*** Suppression des fichiers dans C:\WINDOWS\system32 
tentative de suppression de C:\WINDOWS\system32\f3PSSavr.scr 
 
*** Suppression des fichiers dans C:\Program Files 
tentative de suppression de "C:\Program Files\funwebproducts\" 
tentative de suppression de "C:\Program Files\HbTools\" 
tentative de suppression de "C:\Program Files\msn messenger\riched20.dll" 
tentative de suppression de "C:\Program Files\MyWebSearch\" 
tentative de suppression de "C:\Program Files\vmntoolbar\" 
 
*** Suppression des clefs du registre effectuee.. 
*** Fin du rapport !

Utilisateur anonyme · Answer

ok un rapport hijackthis stp

Utilisateur anonyme · Answer

IL en reste encore ....


Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 


-> Double clique combofix.exe. 
-> Tape sur la touche 1 (Yes) pour démarrer le scan. 
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt 

Avant d'utiliser ComboFix : 

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours. 

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil. 

Une fois fait, sur ton bureau double-clic sur Combofix.exe. 

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc. 

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. 

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire. 

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt) 

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. 

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message. 

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

grenouille enchantée · Answer

ok pas de souci...
Faut-il que je le lance en mode normal ou sans échec??

Utilisateur anonyme · Answer

en normal c bon

grenouille enchantée · Answer

VOILA ENFIN LE RAPPORT!!

ComboFix 08-06-09.7 - Dauchet marjorie 2008-06-10 13:16:57.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.587 [GMT 2:00]
Endroit: C:\Documents and Settings\Dauchet marjorie\Bureau\ComboFixmarjo.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Starware370
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\563_button_1b_def.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\563_button_1b_over.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\572_button_1b_def.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\572_button_1b_over.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\573_button_1b_def.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\573_button_1b_over.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\findit_music.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\lyrics.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\music_search.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\radio.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\starware_toolbar_icon.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware370\contexts\related.xml
C:\Documents and Settings\All Users\Application Data\Starware370\contexts\travel.xml
C:\Documents and Settings\Dauchet marjorie\Application Data\Hotbar
C:\Documents and Settings\Dauchet marjorie\Application Data\ShoppingReport
C:\Documents and Settings\Dauchet marjorie\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Dauchet marjorie\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Dauchet marjorie\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Dauchet marjorie\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Dauchet marjorie\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Dauchet marjorie\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Dauchet marjorie\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Documents and Settings\jeremy\Application Data\Hotbar_Icons
C:\Documents and Settings\jeremy\Application Data\Hotbar_Icons\meetic.ico
C:\Documents and Settings\jeremy\Application Data\Hotbar_Icons\Registryrepair.ico
C:\Documents and Settings\jeremy\Application Data\Hotbar_Icons\wallpapere1.ico
C:\Documents and Settings\jeremy\Application Data\MessengerSkinner
C:\Documents and Settings\jeremy\Application Data\MessengerSkinner\Userdata\defaultPack.cab
C:\Documents and Settings\jeremy\Application Data\MessengerSkinner\Userdata\languages.xml
C:\Documents and Settings\jeremy\Application Data\MessengerSkinner\Userdata\languages_v2.xml
C:\Documents and Settings\jeremy\Application Data\MessengerSkinner\Userdata\pack1.cab
C:\Documents and Settings\jeremy\Application Data\ShoppingReport
C:\Documents and Settings\jeremy\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\jeremy\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\jeremy\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\jeremy\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\jeremy\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\jeremy\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\jeremy\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\jeremy\Bureau\Free PC Wallpapers.lnk
C:\Documents and Settings\jeremy_2\Application Data\Hotbar_Icons
C:\Documents and Settings\jeremy_2\Application Data\Hotbar_Icons\3bSoftware_icon_1.ico
C:\Documents and Settings\jeremy_2\Application Data\Hotbar_Icons\Registryrepair.ico
C:\Documents and Settings\jeremy_2\Application Data\macromedia\Flash Player\#SharedObjects\GVP00001\iforex.com
C:\Documents and Settings\jeremy_2\Application Data\macromedia\Flash Player\#SharedObjects\GVP00001\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\jeremy_2\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\jeremy_2\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\jeremy_2\Application Data\ShoppingReport
C:\Documents and Settings\jeremy_2\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\jeremy_2\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\jeremy_2\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\jeremy_2\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\jeremy_2\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\jeremy_2\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\jeremy_2\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\nadine dauchet\Menu Démarrer\Programmes\InternetGameBox
C:\Documents and Settings\nadine dauchet\Menu Démarrer\Programmes\InternetGameBox\Conditions générales.lnk
C:\Documents and Settings\nadine dauchet\Menu Démarrer\Programmes\InternetGameBox\Confidentialité.lnk
C:\Documents and Settings\nadine dauchet\Menu Démarrer\Programmes\InternetGameBox\InternetGameBox.lnk
C:\Documents and Settings\nadine dauchet\Menu Démarrer\Programmes\InternetGameBox\Website.lnk
C:\Documents and Settings\nadine dauchet\Menu Démarrer\Programmes\MessengerSkinner
C:\Documents and Settings\nadine dauchet\Menu Démarrer\Programmes\MessengerSkinner\MessengerSkinner.lnk
C:\Documents and Settings\nadine dauchet\Menu Démarrer\Programmes\MessengerSkinner\Website.lnk
C:\Documents and Settings\Nadine\Application Data\Hotbar_Icons
C:\Documents and Settings\Nadine\Application Data\Hotbar_Icons\meetic.ico
C:\Documents and Settings\Nadine\Application Data\Hotbar_Icons\Registryrepair.ico
C:\Documents and Settings\Nadine\Application Data\Hotbar_Icons\wallpapere1.ico
C:\Documents and Settings\Nadine\Application Data\inst.exe
C:\Documents and Settings\Nadine\Application Data\ShoppingReport
C:\Documents and Settings\Nadine\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Nadine\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Nadine\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Nadine\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Nadine\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Nadine\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Nadine\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Documents and Settings\Nadine\Application Data\WeatherDPA
C:\Documents and Settings\Nadine\Application Data\WeatherDPA\Weather\log.txt
C:\Documents and Settings\Nadine\Application Data\WeatherDPA\Weather\WeatherStartup.xml
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Uninst.exe
C:\Program Files\Starware370
C:\Program Files\Starware370\Setup.exe
C:\WINDOWS\explorer.exe.tmp
C:\WINDOWS\system32\dfhkj.ini
C:\WINDOWS\system32\dfhkj.ini2
C:\WINDOWS\system32\ilkkj.ini
C:\WINDOWS\system32\ilkkj.ini2
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\vyadd.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-10 to 2008-06-10 ))))))))))))))))))))))))))))))))))))
.

2008-06-10 12:17 . 2008-06-10 12:17 12,315,550 --a------ C:\upload_moi_D1ZP4L2J.tar.gz
2008-06-09 23:34 . 2008-06-09 23:34 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-09 23:34 . 2008-06-09 23:34 <REP> d-------- C:\Documents and Settings\Dauchet marjorie\Application Data\Malwarebytes
2008-06-09 23:34 . 2008-06-09 23:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-09 23:34 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-09 23:34 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-09 21:41 . 2008-06-09 21:54 <REP> d-------- C:\Program Files\Navilog1
2008-06-07 15:06 . 2008-06-07 15:06 33 --a------ C:\WINDOWS\Multimedia manager.INI
2008-05-31 08:55 . 2008-05-31 08:55 <REP> d-------- C:\Program Files\64 kind
2008-05-27 23:27 . 2008-05-27 23:27 <REP> d-------- C:\Documents and Settings\Dauchet marjorie\Application Data\Exodus

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 10:29 --------- d-----w C:\Program Files\MSN Messenger
2008-06-09 19:31 --------- d-----w C:\Documents and Settings\Dauchet marjorie\Application Data\VMNTOOLBAR
2008-06-09 19:07 --------- d-----w C:\Program Files\eMule
2008-06-09 18:43 --------- d-----w C:\Program Files\IncrediMail
2008-06-09 14:30 11,366 ----a-w C:\Documents and Settings\Dauchet marjorie\Application Data\wklnhst.dat
2008-06-09 13:10 --------- d-----w C:\Program Files\Oberon Media
2008-06-09 11:03 --------- d-----w C:\Program Files\Dl_cats
2008-06-09 10:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-08 17:00 --------- d-----w C:\Documents and Settings\Dauchet marjorie\Application Data\LimeWire
2008-05-31 06:57 --------- d-----w C:\Documents and Settings\Dauchet marjorie\Application Data\64 kind
2008-05-31 06:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Mfcd upload army browse
2008-05-27 14:57 --------- d-----w C:\Documents and Settings\Dauchet marjorie\Application Data\dvdcss
2008-05-19 17:44 --------- d-----w C:\Documents and Settings\Nadine\Application Data\DNA
2008-05-18 17:19 --------- d-----w C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR
2008-05-15 06:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-12 09:59 304,160 ----a-w C:\PA207.DAT
2008-05-09 19:49 --------- d-----w C:\Documents and Settings\Nadine\Application Data\64 kind
2008-05-09 06:16 --------- d-----w C:\Documents and Settings\Nadine\Application Data\vmntoolbar
2008-05-08 16:29 --------- d-----w C:\Program Files\Wanadoo
2008-05-04 18:06 --------- d-----w C:\Program Files\Corel
2008-04-30 05:24 --------- d-----w C:\Documents and Settings\jeremy_2\Application Data\64 kind
2008-04-24 10:20 --------- d-----w C:\Program Files\Picasa2
2008-04-18 10:02 --------- d-----w C:\Documents and Settings\jeremy_2\Application Data\Corel
2008-04-16 16:31 330 ----a-w C:\Documents and Settings\jeremy_2\Application Data\wklnhst.dat
2008-04-12 07:03 --------- d-----w C:\Documents and Settings\jeremy_2\Application Data\Template
2008-04-09 16:00 37,074 ----a-w C:\Documents and Settings\jeremy_2\sxwtyvjq.exe
2008-04-09 07:00 37,074 ----a-w C:\Documents and Settings\Dauchet marjorie\sxwtyvjq.exe
2008-04-05 07:23 37,074 ----a-w C:\Documents and Settings\Nadine\sxwtyvjq.exe
2008-03-16 19:35 3,168 ----a-w C:\Documents and Settings\Nadine\Application Data\wklnhst.dat
2008-03-16 13:12 37,074 ----a-w C:\Documents and Settings\jeremy\sxwtyvjq.exe
2008-03-15 09:52 70 ----a-w C:\Documents and Settings\Dauchet marjorie\SCORES.DAT
2008-01-12 12:34 47,360 ----a-w C:\Documents and Settings\Nadine\Application Data\pcouffin.sys
2007-10-26 17:11 1,716 ----a-w C:\Documents and Settings\jeremy\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E1B2879-88FF-11D2-8D96-D7ACAC95951F}]
2001-12-12 22:42 49152 --a------ C:\Program Files\Traction Software\Popup Nuker\IEPopupNuker.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 04:24 20480]
"DellSupport"="C:\PROGRA~1\DELLSU~1\DSAgnt.exe" [2006-07-16 23:29 389120]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 15:50 122880]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-19 16:30 68856]
"Diddl_Scr.exe"="C:\Program Files\Diddl Screenmate\Diddl_Scr.exe" [2007-05-29 18:24 5857280]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-02-20 16:15 816368]
"delete admin"="C:\DOCUME~1\DAUCHE~1\APPLIC~1\64KIND~1\BONEREADME.exe" [2008-05-31 08:55 448000]
"AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 00:06 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-12-09 14:05 185896]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 12:01 319488]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 20:38 69632]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 13:48 1392640]
"SysVContoller32"="C:\WINDOWS\system32\log\svcl32.exe" [2007-06-26 19:00 328192]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50 221184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R3 ActivHIDSerMini;Promethean Serial Board Driver;C:\WINDOWS\system32\DRIVERS\activhidsermini.sys [2006-10-04 17:14]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys []
S3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys []
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-28 16:21]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-06-05 16:04]
S3 PAC207;PC Camera;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-29 14:30]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fbus.sys [2006-11-10 09:55]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Fmdfl.sys [2006-11-10 09:55]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Fmdm.sys [2006-11-10 09:55]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fmgmt.sys [2006-11-10 09:55]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);C:\WINDOWS\system32\DRIVERS\se2Fnd5.sys [2006-11-10 09:55]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Fobex.sys [2006-11-10 09:55]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);C:\WINDOWS\system32\DRIVERS\se2Funic.sys [2006-11-10 09:55]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 15:45]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-09 20:00:00 C:\WINDOWS\Tasks\AA900F0898C3BF5C.job"
- c:\docume~1\jeremy_2\applic~1\64kind~1\Bore Htm Trans.exe
"2008-06-09 20:00:00 C:\WINDOWS\Tasks\B5663E298049B465.job"
- c:\docume~1\dauche~1\applic~1\64kind~1\Bore Htm Trans.exe
"2008-06-09 20:00:00 C:\WINDOWS\Tasks\BC5F5385945CF875.job"
- c:\docume~1\nadine\applic~1\64kind~1\Bore Htm Trans.exe
"2008-06-06 13:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-06-10 11:35:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

Utilisateur anonyme · Answer

il a fait le menage .........

Refais un scan hijackthis et post le rapport stp

grenouille enchantée · Answer

J'ai anticipé... Voilà un autre rapport Hijackthis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:06, on 2008-06-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\log\svcl32.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetWaiting
etWaiting.exe
C:\PROGRA~1\DELLSU~1\DSAgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\HiJackThismarjo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell.com/fr-fr?c=fr&l=fr&s=gen&redirect=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=6061109
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: HTML Source Editor - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - C:\Program Files\Traction Software\Popup Nuker\IEPopupNuker.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SysVContoller32] C:\WINDOWS\system32\log\svcl32.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting
etWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Diddl_Scr.exe] C:\Program Files\Diddl Screenmate\Diddl_Scr.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [delete admin] C:\DOCUME~1\DAUCHE~1\APPLIC~1\64KIND~1\BONEREADME.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?aca8a2a120fa42d6b02a34bd328aa39a
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?aca8a2a120fa42d6b02a34bd328aa39a
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CF9D94B-CC64-4494-A065-EE3995132F68}: NameServer = 192.168.1.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Utilisateur anonyme · Answer

Copie le texte ci-dessous : 



File:: 
C:\Documents and Settings\jeremy_2\Application Data\wklnhst.dat 
C:\Documents and Settings\jeremy_2\Application Data\Template 
C:\Documents and Settings\jeremy_2\sxwtyvjq.exe 
C:\Documents and Settings\Dauchet marjorie\sxwtyvjq.exe 
C:\Documents and Settings\Nadine\sxwtyvjq.exe 
C:\Documents and Settings\Nadine\Application Data\wklnhst.dat 
C:\Documents and Settings\jeremy\sxwtyvjq.exe 
C:\Documents and Settings\Dauchet marjorie\SCORES.DAT 
C:\Documents and Settings\Nadine\Application Data\pcouffin.sys 
C:\Documents and Settings\jeremy\Application Data\wklnhst.dat 
C:\upload_moi_D1ZP4L2J.tar.gz 
C:\PA207.DAT 
C:\WINDOWS\Tasks\AA900F0898C3BF5C.job
c:\docume~1\jeremy_2\applic~1\64kind~1\Bore Htm Trans.exe 
C:\WINDOWS\Tasks\B5663E298049B465.job
c:\docume~1\dauche~1\applic~1\64kind~1\Bore Htm Trans.exe 
C:\WINDOWS\Tasks\BC5F5385945CF875.job
c:\docume~1
adine\applic~1\64kind~1\Bore Htm Trans.exe 
C:\Program Files\Traction Software\Popup Nuker\IEPopupNuker.dll 
C:\DOCUME~1\DAUCHE~1\APPLIC~1\64KIND~1\BONEREADME.exe

Folder:: 
C:\DOCUME~1\DAUCHE~1\APPLIC~1\64KIND~1
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR 
C:\Documents and Settings\Dauchet marjorie\Application Data\64 kind 
C:\Program Files\Traction Software\Popup Nuker

Registry:: 
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E1B2879-88FF-11D2-8D96-D7ACAC95951F}] 
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"delete admin"=-




Ouvre le Bloc-Notes puis colle le texte copié. 
(Démarrer\Tous les programmes\Accessoires\Bloc notes.) 
Sauvegarde ce fichier sous le nom de CFScript.txt. 

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous : 

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif 

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. 

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal! 

Ne touche à rien tant que le scan n'est pas terminé. 

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis. 

S'il n'y a pas de rédémarrage, poste quand même les rapports.

grenouille enchantee · Answer

voià le rapport!

ComboFix 08-06-09.7 - Dauchet marjorie 2008-06-10 14:31:20.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.617 [GMT 2:00]
Endroit: C:\Documents and Settings\Dauchet marjorie\Bureau\ComboFixmarjo.exe
Command switches used :: E:\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\DOCUME~1\DAUCHE~1\APPLIC~1\64KIND~1\BONEREADME.exe
c:\docume~1\dauche~1\applic~1\64kind~1\Bore Htm Trans.exe
c:\docume~1\jeremy_2\applic~1\64kind~1\Bore Htm Trans.exe
c:\docume~1\nadine\applic~1\64kind~1\Bore Htm Trans.exe
C:\Documents and Settings\Dauchet marjorie\SCORES.DAT
C:\Documents and Settings\Dauchet marjorie\sxwtyvjq.exe
C:\Documents and Settings\jeremy\Application Data\wklnhst.dat
C:\Documents and Settings\jeremy\sxwtyvjq.exe
C:\Documents and Settings\jeremy_2\Application Data\Template
C:\Documents and Settings\jeremy_2\Application Data\wklnhst.dat
C:\Documents and Settings\jeremy_2\sxwtyvjq.exe
C:\Documents and Settings\Nadine\Application Data\pcouffin.sys
C:\Documents and Settings\Nadine\Application Data\wklnhst.dat
C:\Documents and Settings\Nadine\sxwtyvjq.exe
C:\PA207.DAT
C:\Program Files\Traction Software\Popup Nuker\IEPopupNuker.dll
C:\upload_moi_D1ZP4L2J.tar.gz
C:\WINDOWS\Tasks\AA900F0898C3BF5C.job
C:\WINDOWS\Tasks\B5663E298049B465.job
C:\WINDOWS\Tasks\BC5F5385945CF875.job
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\DAUCHE~1\APPLIC~1\64KIND~1
C:\DOCUME~1\DAUCHE~1\APPLIC~1\64KIND~1\0
C:\DOCUME~1\DAUCHE~1\APPLIC~1\64KIND~1\BONEREADME.exe
c:\docume~1\dauche~1\applic~1\64kind~1\Bore Htm Trans.exe
C:\DOCUME~1\DAUCHE~1\APPLIC~1\64KIND~1\huhijwgv.exe
C:\DOCUME~1\DAUCHE~1\APPLIC~1\64KIND~1\nurb fast settings spam.exe
C:\DOCUME~1\DAUCHE~1\APPLIC~1\64KIND~1\vhdmprvf.exe
c:\docume~1\jeremy_2\applic~1\64kind~1\Bore Htm Trans.exe
c:\docume~1\nadine\applic~1\64kind~1\Bore Htm Trans.exe
C:\Documents and Settings\Dauchet marjorie\Application Data\64 kind\0
C:\Documents and Settings\Dauchet marjorie\Application Data\64 kind\BONEREADME.exe
C:\Documents and Settings\Dauchet marjorie\Application Data\64 kind\Bore Htm Trans.exe
C:\Documents and Settings\Dauchet marjorie\Application Data\64 kind\huhijwgv.exe
C:\Documents and Settings\Dauchet marjorie\Application Data\64 kind\nurb fast settings spam.exe
C:\Documents and Settings\Dauchet marjorie\Application Data\64 kind\vhdmprvf.exe
C:\Documents and Settings\Dauchet marjorie\SCORES.DAT
C:\Documents and Settings\Dauchet marjorie\sxwtyvjq.exe
C:\Documents and Settings\jeremy\Application Data\wklnhst.dat
C:\Documents and Settings\jeremy\sxwtyvjq.exe
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\---Yahoo.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\01net.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\a.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\amazon.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\an.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\arrow_down.gif
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\arrow_up.gif
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\arrowB.gif
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\arrowT.gif
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\autofill.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\avstate.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\b.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\bg_pub.gif
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\bg_ttl.gif
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\bn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\bottom.png
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\bottom_left.png
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\bottom_right.png
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\c.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\canalblog.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\cn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\COMBOSEARCH.acs
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\d.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\dictionary2.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\dn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\DownloadCOM.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\dropdown.css
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\ErrorLog.txt
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\ErrorPageTemplate.css
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\f.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_argentine.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_australia.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_brazil.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_canada.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_china.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_france.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_germany.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_greece.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_hongkong.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_india.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_indonesia.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_italy.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_japan.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_korea.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_mexico.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_netherlands.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_spain.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_sweeden.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_taiwan.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_uk.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_usa.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\fn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\g.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\gaming.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\gn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\gograph.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\graphred0.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\graphred0_5.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\graphred1.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\graphred1_5.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\graphred2.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\graphred2_5.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\graphred3.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\graphred3_5.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\graphred4.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\graphred4_5.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\graphred5.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\h.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\h_aquarius.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\h_aries.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\h_cancer.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\h_capricorn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\h_gemini.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\h_leo.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\h_libra.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\h_pisces.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\h_sagittarius.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\h_scorpio.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\h_taurus.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\h_virgo.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\help.gif
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\hideremove.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\highlight.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\hn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\hororank.xml
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\i.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\IEtab1_7d.zip
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\in.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\ipsearch.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\j.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\jn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\k.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\kn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\l.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\left.png
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\ln.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\loading.gif
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\login.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\logo.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\n.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\New York_NY_weather.txt
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\New York_NY_weather.txt4158031
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\New York_NY_weather.txt4303000
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\New York_NY_weather.txt4672015
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\New York_NY_weather.txt6472000
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\New York_NY_weather.txt6730000
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\New York_NY_weather.txt691781
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\New York_NY_weather.txt7289000
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\New York_NY_weather.txt85743468
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\New York_NY_weather.txt9089000
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\New York_NY_weather.txt9371000
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\New York_NY_weather.txt9940453
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\new02.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\news.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\nn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\o.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\on.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\p.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\p_yahoo.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\p_yahoo_fr.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\pestscanimg.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\pixsy.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\pn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\popup_off.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\popup_on.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\popup_ona.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\q.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\qn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\r.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\relatedlinks.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\report.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\right.png
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\rn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\rss.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\rss.xsl
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\rss1.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\rsslib.js
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\rssmenu1_7a.zip
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\s.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\search.gif
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\search_fr.gif
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\security.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\sinfo.txt
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\sinfo.txt1855718
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\sinfo.txt40980625
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\sinfo.txt412332703
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\sinfo.txt58283281
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\sinfo.txt59588265
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\siteinfo.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\slider.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\sn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\spacer.gif
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\stars-red1.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\stars-red2.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\stars-red3.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\stars-red4.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\stars-red5.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\storage.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\t.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\tab_icon.png
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\tabdataV3.js
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\tablib.js
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\tabwelcome_en.html
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\tabwelcome_fr.html
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\technorati.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\thes_search.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\tn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\tools.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\top.png
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\top_left.png
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\top_right.png
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\translate.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\u.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\un.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\utf8.js
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\v.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\vmlib.js
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\vmntoolbartb0501.cfg
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\vn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\w.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\web_en.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\wikipedia.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\wn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\x.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\xp_close_small.gif
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\Yahoo.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\yahoo_search.gif
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\YouTube.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\z.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\zn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\zoom.bmp
C:\Documents and Settings\jeremy_2\Application Data\wklnhst.dat
C:\Documents and Settings\jeremy_2\sxwtyvjq.exe
C:\Documents and Settings\Nadine\Application Data\pcouffin.sys
C:\Documents and Settings\Nadine\Application Data\wklnhst.dat
C:\Documents and Settings\Nadine\sxwtyvjq.exe
C:\PA207.DAT
C:\Program Files\Traction Software\Popup Nuker
C:\Program Files\Traction Software\Popup Nuker\adkeywords.txt
C:\Program Files\Traction Software\Popup Nuker\IEPopupNuker.dll
C:\Program Files\Traction Software\Popup Nuker\keywords.txt
C:\Program Files\Traction Software\Popup Nuker\log.txt
C:\Program Files\Traction Software\Popup Nuker\OLCHK32.DLL
C:\Program Files\Traction Software\Popup Nuker\PopupNuker.chm
C:\Program Files\Traction Software\Popup Nuker\PopupNuker.exe
C:\Program Files\Traction Software\Popup Nuker\setup.ini
C:\WINDOWS\Tasks\AA900F0898C3BF5C.job
C:\WINDOWS\Tasks\B5663E298049B465.job
C:\WINDOWS\Tasks\BC5F5385945CF875.job
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Starware370
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\563_button_1b_def.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\563_button_1b_over.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\572_button_1b_def.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\572_button_1b_over.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\573_button_1b_def.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\573_button_1b_over.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\findit_music.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\lyrics.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\music_search.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\radio.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\starware_toolbar_icon.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware370\contexts\related.xml
C:\Documents and Settings\All Users\Application Data\Starware370\contexts\travel.xml
C:\Documents and Settings\Dauchet marjorie\Application Data\Hotbar
C:\Documents and Settings\Dauchet marjorie\Application Data\ShoppingReport
C:\Documents and Settings\Dauchet marjorie\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Dauchet marjorie\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Dauchet marjorie\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Dauchet marjorie\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Dauchet marjorie\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Dauchet marjorie\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Dauchet marjorie\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Documents and Settings\jeremy\Application Data\Hotbar_Icons
C:\Documents and Settings\jeremy\Application Data\Hotbar_Icons\meetic.ico
C:\Documents and Settings\jeremy\Application Data\Hotbar_Icons\Registryrepair.ico
C:\Documents and Settings\jeremy\Application Data\Hotbar_Icons\wallpapere1.ico
C:\Documents and Settings\jeremy\Application Data\MessengerSkinner
C:\Documents and Settings\jeremy\Application Data\MessengerSkinner\Userdata\defaultPack.cab
C:\Documents and Settings\jeremy\Application Data\MessengerSkinner\Userdata\languages.xml
C:\Documents and Settings\jeremy\Application Data\MessengerSkinner\Userdata\languages_v2.xml
C:\Documents and Settings\jeremy\Application Data\MessengerSkinner\Userdata\pack1.cab
C:\Documents and Settings\jeremy\Application Data\ShoppingReport
C:\Documents and Settings\jeremy\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\jeremy\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\jeremy\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\jeremy\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\jeremy\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\jeremy\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\jeremy\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\jeremy\Bureau\Free PC Wallpapers.lnk
C:\Documents and Settings\jeremy_2\Application Data\Hotbar_Icons
C:\Documents and Settings\jeremy_2\Application Data\Hotbar_Icons\3bSoftware_icon_1.ico
C:\Documents and Settings\jeremy_2\Application Data\Hotbar_Icons\Registryrepair.ico
C:\Documents and Settings\jeremy_2\Application Data\macromedia\Flash Player\#SharedObjects\GVP00001\iforex.com
C:\Documents and Settings\jeremy_2\Application Data\macromedia\Flash Player\#SharedObjects\GVP00001\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\jeremy_2\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\jeremy_2\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\jeremy_2\Application Data\ShoppingReport
C:\Documents and Settings\jeremy_2\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\jeremy_2\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\jeremy_2\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\jeremy_2\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\jeremy_2\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\jeremy_2\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\jeremy_2\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\nadine dauchet\Menu Démarrer\Programmes\InternetGameBox
C:\Documents and Settings\nadine dauchet\Menu Démarrer\Programmes\InternetGameBox\Conditions générales.lnk
C:\Documents and Settings\nadine dauchet\Menu Démarrer\Programmes\InternetGameBox\Confidentialité.lnk
C:\Documents and Settings\nadine dauchet\Menu Démarrer\Programmes\InternetGameBox\InternetGameBox.lnk
C:\Documents and Settings\nadine dauchet\Menu Démarrer\Programmes\InternetGameBox\Website.lnk
C:\Documents and Settings\nadine dauchet\Menu Démarrer\Programmes\MessengerSkinner
C:\Documents and Settings\nadine dauchet\Menu Démarrer\Programmes\MessengerSkinner\MessengerSkinner.lnk
C:\Documents and Settings\nadine dauchet\Menu Démarrer\Programmes\MessengerSkinner\Website.lnk
C:\Documents and Settings\Nadine\Application Data\Hotbar_Icons
C:\Documents and Settings\Nadine\Application Data\Hotbar_Icons\meetic.ico
C:\Documents and Settings\Nadine\Application Data\Hotbar_Icons\Registryrepair.ico
C:\Documents and Settings\Nadine\Application Data\Hotbar_Icons\wallpapere1.ico
C:\Documents and Settings\Nadine\Application Data\inst.exe
C:\Documents and Settings\Nadine\Application Data\ShoppingReport
C:\Documents and Settings\Nadine\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Nadine\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Nadine\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Nadine\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Nadine\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Nadine\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Nadine\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Documents and Settings\Nadine\Application Data\WeatherDPA
C:\Documents and Settings\Nadine\Application Data\WeatherDPA\Weather\log.txt
C:\Documents and Settings\Nadine\Application Data\WeatherDPA\Weather\WeatherStartup.xml
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Uninst.exe
C:\Program Files\Starware370
C:\Program Files\Starware370\Setup.exe
C:\WINDOWS\explorer.exe.tmp
C:\WINDOWS\system32\dfhkj.ini
C:\WINDOWS\system32\dfhkj.ini2
C:\WINDOWS\system32\ilkkj.ini
C:\WINDOWS\system32\ilkkj.ini2
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\vyadd.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-10 to 2008-06-10 ))))))))))))))))))))))))))))))))))))
.

2008-06-09 23:34 . 2008-06-09 23:34 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-09 23:34 . 2008-06-09 23:34 <REP> d-------- C:\Documents and Settings\Dauchet marjorie\Application Data\Malwarebytes
2008-06-09 23:34 . 2008-06-09 23:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-09 23:34 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-09 23:34 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-09 21:41 . 2008-06-09 21:54 <REP> d-------- C:\Program Files\Navilog1
2008-06-07 15:06 . 2008-06-07 15:06 33 --a------ C:\WINDOWS\Multimedia manager.INI
2008-05-31 08:55 . 2008-05-31 08:55 <REP> d-------- C:\Program Files\64 kind
2008-05-27 23:27 . 2008-05-27 23:27 <REP> d-------- C:\Documents and Settings\Dauchet marjorie\Application Data\Exodus

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 12:32 --------- d-----w C:\Program Files\Traction Software
2008-06-10 12:32 --------- d-----w C:\Documents and Settings\Nadine\Application Data\64 kind
2008-06-10 12:32 --------- d-----w C:\Documents and Settings\jeremy_2\Application Data\64 kind
2008-06-10 10:29 --------- d-----w C:\Program Files\MSN Messenger
2008-06-09 19:31 --------- d-----w C:\Documents and Settings\Dauchet marjorie\Application Data\VMNTOOLBAR
2008-06-09 19:07 --------- d-----w C:\Program Files\eMule
2008-06-09 18:43 --------- d-----w C:\Program Files\IncrediMail
2008-06-09 14:30 11,366 ----a-w C:\Documents and Settings\Dauchet marjorie\Application Data\wklnhst.dat
2008-06-09 13:10 --------- d-----w C:\Program Files\Oberon Media
2008-06-09 11:03 --------- d-----w C:\Program Files\Dl_cats
2008-06-09 10:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-08 17:00 --------- d-----w C:\Documents and Settings\Dauchet marjorie\Application Data\LimeWire
2008-05-31 06:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Mfcd upload army browse
2008-05-27 14:57 --------- d-----w C:\Documents and Settings\Dauchet marjorie\Application Data\dvdcss
2008-05-19 17:44 --------- d-----w C:\Documents and Settings\Nadine\Application Data\DNA
2008-05-15 06:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-09 06:16 --------- d-----w C:\Documents and Settings\Nadine\Application Data\vmntoolbar
2008-05-08 16:29 --------- d-----w C:\Program Files\Wanadoo
2008-05-04 18:06 --------- d-----w C:\Program Files\Corel
2008-04-24 10:20 --------- d-----w C:\Program Files\Picasa2
2008-04-18 10:02 --------- d-----w C:\Documents and Settings\jeremy_2\Application Data\Corel
2008-04-12 07:03 --------- d-----w C:\Documents and Settings\jeremy_2\Application Data\Template
.

((((((((((((((((((((((((((((( snapshot@2008-06-10_13.54.37.96 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-10 11:27:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-10 12:36:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-10 12:36:46 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6d4.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-12-09 14:05 185896]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 12:01 319488]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 20:38 69632]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 13:48 1392640]
"SysVContoller32"="C:\WINDOWS\system32\log\svcl32.exe" [2007-06-26 19:00 328192]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50 221184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R3 ActivHIDSerMini;Promethean Serial Board Driver;C:\WINDOWS\system32\DRIVERS\activhidsermini.sys [2006-10-04 17:14]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys []
S3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys []
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-28 16:21]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-06-05 16:04]
S3 PAC207;PC Camera;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-29 14:30]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fbus.sys [2006-11-10 09:55]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Fmdfl.sys [2006-11-10 09:55]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Fmdm.sys [2006-11-10 09:55]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fmgmt.sys [2006-11-10 09:55]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);C:\WINDOWS\system32\DRIVERS\se2Fnd5.sys [2006-11-10 09:55]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Fobex.sys [2006-11-10 09:55]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);C:\WINDOWS\system32\DRIVERS\se2Funic.sys [2006-11-10 09:55]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 15:45]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-06 13:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-06-10 12:35:03 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

Utilisateur anonyme · Answer

reste encore un peux on recommence :

Copie le texte ci-dessous : 

File:: 
C:\WINDOWS\bootstat.dat 
C:\WINDOWS\bootstat.dat 
C:\WINDOWS\Temp\Perflib_Perfdata_6d4.dat 

Folder:: 
C:\Program Files\64 kind 
C:\Documents and Settings\Dauchet marjorie\Application Data\Exodus 
C:\Documents and Settings\Nadine\Application Data\64 kind 
C:\Documents and Settings\jeremy_2\Application Data\64 kind 
C:\Program Files\Dl_cats 




Ouvre le Bloc-Notes puis colle le texte copié. 
(Démarrer\Tous les programmes\Accessoires\Bloc notes.) 
Sauvegarde ce fichier sous le nom de CFScript.txt. 

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous : 

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif 

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. 

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal! 

Ne touche à rien tant que le scan n'est pas terminé. 

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis. 

S'il n'y a pas de rédémarrage, poste quand même les rapports.

grenouille enchantée · Answer

RAPPORT COMBOFIX:

ComboFix 08-06-09.7 - Dauchet marjorie 2008-06-10 15:07:45.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.601 [GMT 2:00]
Endroit: C:\Documents and Settings\Dauchet marjorie\Bureau\ComboFixmarjo.exe
Command switches used :: E:\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\bootstat.dat
C:\WINDOWS\Temp\Perflib_Perfdata_6d4.dat
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Dauchet marjorie\Application Data\Exodus
C:\Documents and Settings\Dauchet marjorie\Application Data\Exodus\exodus.xml
C:\Documents and Settings\jeremy_2\Application Data\64 kind
C:\Documents and Settings\Nadine\Application Data\64 kind
C:\Program Files\64 kind
C:\Program Files\Dl_cats
C:\Program Files\Dl_cats\DB2TT81.A00
C:\Program Files\Dl_cats\DB2TT81.A01
C:\Program Files\Dl_cats\DB2TT81.A02
C:\Program Files\Dl_cats\DLCCCATS.INI
C:\Program Files\Dl_cats\dlccdefs.xml
C:\WINDOWS\bootstat.dat
C:\WINDOWS\Temp\Perflib_Perfdata_6d4.dat . . . . Echec de suppression
.
---- Previous Run -------
.
C:\DOCUME~1\DAUCHE~1\APPLIC~1\64KIND~1
C:\DOCUME~1\DAUCHE~1\APPLIC~1\64KIND~1\0
C:\DOCUME~1\DAUCHE~1\APPLIC~1\64KIND~1\BONEREADME.exe
c:\docume~1\dauche~1\applic~1\64kind~1\Bore Htm Trans.exe
C:\DOCUME~1\DAUCHE~1\APPLIC~1\64KIND~1\huhijwgv.exe
C:\DOCUME~1\DAUCHE~1\APPLIC~1\64KIND~1\nurb fast settings spam.exe
C:\DOCUME~1\DAUCHE~1\APPLIC~1\64KIND~1\vhdmprvf.exe
c:\docume~1\jeremy_2\applic~1\64kind~1\Bore Htm Trans.exe
c:\docume~1\nadine\applic~1\64kind~1\Bore Htm Trans.exe
C:\Documents and Settings\All Users\Application Data\Starware370
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\563_button_1b_def.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\563_button_1b_over.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\572_button_1b_def.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\572_button_1b_over.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\573_button_1b_def.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\573_button_1b_over.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\findit_music.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\lyrics.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\music_search.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\radio.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\starware_toolbar_icon.bmp
C:\Documents and Settings\All Users\Application Data\Starware370\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware370\contexts\related.xml
C:\Documents and Settings\All Users\Application Data\Starware370\contexts\travel.xml
C:\Documents and Settings\Dauchet marjorie\Application Data\64 kind\0
C:\Documents and Settings\Dauchet marjorie\Application Data\64 kind\BONEREADME.exe
C:\Documents and Settings\Dauchet marjorie\Application Data\64 kind\Bore Htm Trans.exe
C:\Documents and Settings\Dauchet marjorie\Application Data\64 kind\huhijwgv.exe
C:\Documents and Settings\Dauchet marjorie\Application Data\64 kind\nurb fast settings spam.exe
C:\Documents and Settings\Dauchet marjorie\Application Data\64 kind\vhdmprvf.exe
C:\Documents and Settings\Dauchet marjorie\Application Data\Hotbar
C:\Documents and Settings\Dauchet marjorie\Application Data\ShoppingReport
C:\Documents and Settings\Dauchet marjorie\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Dauchet marjorie\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Dauchet marjorie\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Dauchet marjorie\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Dauchet marjorie\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Dauchet marjorie\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Dauchet marjorie\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Documents and Settings\Dauchet marjorie\SCORES.DAT
C:\Documents and Settings\Dauchet marjorie\sxwtyvjq.exe
C:\Documents and Settings\jeremy\Application Data\Hotbar_Icons
C:\Documents and Settings\jeremy\Application Data\Hotbar_Icons\meetic.ico
C:\Documents and Settings\jeremy\Application Data\Hotbar_Icons\Registryrepair.ico
C:\Documents and Settings\jeremy\Application Data\Hotbar_Icons\wallpapere1.ico
C:\Documents and Settings\jeremy\Application Data\MessengerSkinner
C:\Documents and Settings\jeremy\Application Data\MessengerSkinner\Userdata\defaultPack.cab
C:\Documents and Settings\jeremy\Application Data\MessengerSkinner\Userdata\languages.xml
C:\Documents and Settings\jeremy\Application Data\MessengerSkinner\Userdata\languages_v2.xml
C:\Documents and Settings\jeremy\Application Data\MessengerSkinner\Userdata\pack1.cab
C:\Documents and Settings\jeremy\Application Data\ShoppingReport
C:\Documents and Settings\jeremy\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\jeremy\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\jeremy\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\jeremy\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\jeremy\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\jeremy\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\jeremy\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\jeremy\Application Data\wklnhst.dat
C:\Documents and Settings\jeremy\Bureau\Free PC Wallpapers.lnk
C:\Documents and Settings\jeremy\sxwtyvjq.exe
C:\Documents and Settings\jeremy_2\Application Data\Hotbar_Icons
C:\Documents and Settings\jeremy_2\Application Data\Hotbar_Icons\3bSoftware_icon_1.ico
C:\Documents and Settings\jeremy_2\Application Data\Hotbar_Icons\Registryrepair.ico
C:\Documents and Settings\jeremy_2\Application Data\macromedia\Flash Player\#SharedObjects\GVP00001\iforex.com
C:\Documents and Settings\jeremy_2\Application Data\macromedia\Flash Player\#SharedObjects\GVP00001\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\jeremy_2\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\jeremy_2\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\jeremy_2\Application Data\ShoppingReport
C:\Documents and Settings\jeremy_2\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\jeremy_2\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\jeremy_2\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\jeremy_2\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\jeremy_2\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\jeremy_2\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\jeremy_2\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\---Yahoo.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\01net.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\a.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\amazon.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\an.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\arrow_down.gif
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\arrow_up.gif
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\arrowB.gif
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\arrowT.gif
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\autofill.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\avstate.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\b.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\bg_pub.gif
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\bg_ttl.gif
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\bn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\bottom.png
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\bottom_left.png
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\bottom_right.png
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\c.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\canalblog.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\cn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\COMBOSEARCH.acs
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\d.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\dictionary2.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\dn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\DownloadCOM.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\dropdown.css
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\ErrorLog.txt
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\ErrorPageTemplate.css
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\f.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_argentine.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_australia.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_brazil.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_canada.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_china.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_france.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_germany.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_greece.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_hongkong.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_india.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_indonesia.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_italy.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_japan.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_korea.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_mexico.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_netherlands.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_spain.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_sweeden.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_taiwan.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_uk.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\flag_usa.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\fn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\g.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\gaming.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\gn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\gograph.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\graphred0.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\graphred0_5.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\graphred1.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\graphred1_5.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\graphred2.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\graphred2_5.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\graphred3.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\graphred3_5.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\graphred4.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\graphred4_5.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\graphred5.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\h.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\h_aquarius.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\h_aries.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\h_cancer.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\h_capricorn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\h_gemini.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\h_leo.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\h_libra.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\h_pisces.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\h_sagittarius.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\h_scorpio.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\h_taurus.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\h_virgo.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\help.gif
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\hideremove.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\highlight.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\hn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\hororank.xml
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\i.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\IEtab1_7d.zip
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\in.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\ipsearch.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\j.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\jn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\k.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\kn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\l.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\left.png
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\ln.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\loading.gif
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\login.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\logo.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\n.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\New York_NY_weather.txt
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\New York_NY_weather.txt4158031
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\New York_NY_weather.txt4303000
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\New York_NY_weather.txt4672015
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\New York_NY_weather.txt6472000
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\New York_NY_weather.txt6730000
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\New York_NY_weather.txt691781
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\New York_NY_weather.txt7289000
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\New York_NY_weather.txt85743468
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\New York_NY_weather.txt9089000
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\New York_NY_weather.txt9371000
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\New York_NY_weather.txt9940453
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\new02.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\news.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\nn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\o.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\on.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\p.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\p_yahoo.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\p_yahoo_fr.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\pestscanimg.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\pixsy.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\pn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\popup_off.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\popup_on.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\popup_ona.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\q.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\qn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\r.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\relatedlinks.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\report.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\right.png
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\rn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\rss.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\rss.xsl
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\rss1.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\rsslib.js
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\rssmenu1_7a.zip
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\s.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\search.gif
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\search_fr.gif
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\security.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\sinfo.txt
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\sinfo.txt1855718
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\sinfo.txt40980625
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\sinfo.txt412332703
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\sinfo.txt58283281
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\sinfo.txt59588265
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\siteinfo.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\slider.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\sn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\spacer.gif
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\stars-red1.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\stars-red2.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\stars-red3.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\stars-red4.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\stars-red5.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\storage.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\t.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\tab_icon.png
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\tabdataV3.js
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\tablib.js
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\tabwelcome_en.html
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\tabwelcome_fr.html
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\technorati.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\thes_search.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\tn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\tools.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\top.png
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\top_left.png
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\top_right.png
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\translate.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\u.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\un.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\utf8.js
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\v.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\vmlib.js
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\vmntoolbartb0501.cfg
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\vn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\w.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\web_en.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\wikipedia.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\wn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\x.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\xp_close_small.gif
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\Yahoo.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\yahoo_search.gif
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\YouTube.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\z.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\zn.bmp
C:\Documents and Settings\jeremy_2\Application Data\VMNTOOLBAR\zoom.bmp
C:\Documents and Settings\jeremy_2\Application Data\wklnhst.dat
C:\Documents and Settings\jeremy_2\sxwtyvjq.exe
C:\Documents and Settings\nadine dauchet\Menu Démarrer\Programmes\InternetGameBox
C:\Documents and Settings\nadine dauchet\Menu Démarrer\Programmes\InternetGameBox\Conditions générales.lnk
C:\Documents and Settings\nadine dauchet\Menu Démarrer\Programmes\InternetGameBox\Confidentialité.lnk
C:\Documents and Settings\nadine dauchet\Menu Démarrer\Programmes\InternetGameBox\InternetGameBox.lnk
C:\Documents and Settings\nadine dauchet\Menu Démarrer\Programmes\InternetGameBox\Website.lnk
C:\Documents and Settings\nadine dauchet\Menu Démarrer\Programmes\MessengerSkinner
C:\Documents and Settings\nadine dauchet\Menu Démarrer\Programmes\MessengerSkinner\MessengerSkinner.lnk
C:\Documents and Settings\nadine dauchet\Menu Démarrer\Programmes\MessengerSkinner\Website.lnk
C:\Documents and Settings\Nadine\Application Data\Hotbar_Icons
C:\Documents and Settings\Nadine\Application Data\Hotbar_Icons\meetic.ico
C:\Documents and Settings\Nadine\Application Data\Hotbar_Icons\Registryrepair.ico
C:\Documents and Settings\Nadine\Application Data\Hotbar_Icons\wallpapere1.ico
C:\Documents and Settings\Nadine\Application Data\inst.exe
C:\Documents and Settings\Nadine\Application Data\pcouffin.sys
C:\Documents and Settings\Nadine\Application Data\ShoppingReport
C:\Documents and Settings\Nadine\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Nadine\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Nadine\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Nadine\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Nadine\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Nadine\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Nadine\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Documents and Settings\Nadine\Application Data\WeatherDPA
C:\Documents and Settings\Nadine\Application Data\WeatherDPA\Weather\log.txt
C:\Documents and Settings\Nadine\Application Data\WeatherDPA\Weather\WeatherStartup.xml
C:\Documents and Settings\Nadine\Application Data\wklnhst.dat
C:\Documents and Settings\Nadine\sxwtyvjq.exe
C:\PA207.DAT
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Uninst.exe
C:\Program Files\Starware370
C:\Program Files\Starware370\Setup.exe
C:\Program Files\Traction Software\Popup Nuker
C:\Program Files\Traction Software\Popup Nuker\adkeywords.txt
C:\Program Files\Traction Software\Popup Nuker\IEPopupNuker.dll
C:\Program Files\Traction Software\Popup Nuker\keywords.txt
C:\Program Files\Traction Software\Popup Nuker\log.txt
C:\Program Files\Traction Software\Popup Nuker\OLCHK32.DLL
C:\Program Files\Traction Software\Popup Nuker\PopupNuker.chm
C:\Program Files\Traction Software\Popup Nuker\PopupNuker.exe
C:\Program Files\Traction Software\Popup Nuker\setup.ini
C:\WINDOWS\explorer.exe.tmp
C:\WINDOWS\system32\dfhkj.ini
C:\WINDOWS\system32\dfhkj.ini2
C:\WINDOWS\system32\ilkkj.ini
C:\WINDOWS\system32\ilkkj.ini2
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\vyadd.ini2
C:\WINDOWS\Tasks\AA900F0898C3BF5C.job
C:\WINDOWS\Tasks\B5663E298049B465.job
C:\WINDOWS\Tasks\BC5F5385945CF875.job

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-10 to 2008-06-10 ))))))))))))))))))))))))))))))))))))
.

2008-06-09 23:34 . 2008-06-09 23:34 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-09 23:34 . 2008-06-09 23:34 <REP> d-------- C:\Documents and Settings\Dauchet marjorie\Application Data\Malwarebytes
2008-06-09 23:34 . 2008-06-09 23:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-09 23:34 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-09 23:34 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-09 21:41 . 2008-06-09 21:54 <REP> d-------- C:\Program Files\Navilog1
2008-06-07 15:06 . 2008-06-07 15:06 33 --a------ C:\WINDOWS\Multimedia manager.INI

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 12:32 --------- d-----w C:\Program Files\Traction Software
2008-06-10 10:29 --------- d-----w C:\Program Files\MSN Messenger
2008-06-09 19:31 --------- d-----w C:\Documents and Settings\Dauchet marjorie\Application Data\VMNTOOLBAR
2008-06-09 19:07 --------- d-----w C:\Program Files\eMule
2008-06-09 18:43 --------- d-----w C:\Program Files\IncrediMail
2008-06-09 14:30 11,366 ----a-w C:\Documents and Settings\Dauchet marjorie\Application Data\wklnhst.dat
2008-06-09 13:10 --------- d-----w C:\Program Files\Oberon Media
2008-06-09 10:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-08 17:00 --------- d-----w C:\Documents and Settings\Dauchet marjorie\Application Data\LimeWire
2008-05-31 06:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Mfcd upload army browse
2008-05-27 14:57 --------- d-----w C:\Documents and Settings\Dauchet marjorie\Application Data\dvdcss
2008-05-19 17:44 --------- d-----w C:\Documents and Settings\Nadine\Application Data\DNA
2008-05-15 06:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-09 06:16 --------- d-----w C:\Documents and Settings\Nadine\Application Data\vmntoolbar
2008-05-08 16:29 --------- d-----w C:\Program Files\Wanadoo
2008-05-04 18:06 --------- d-----w C:\Program Files\Corel
2008-04-24 10:20 --------- d-----w C:\Program Files\Picasa2
2008-04-18 10:02 --------- d-----w C:\Documents and Settings\jeremy_2\Application Data\Corel
2008-04-12 07:03 --------- d-----w C:\Documents and Settings\jeremy_2\Application Data\Template
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-12-09 14:05 185896]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 12:01 319488]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 20:38 69632]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 13:48 1392640]
"SysVContoller32"="C:\WINDOWS\system32\log\svcl32.exe" [2007-06-26 19:00 328192]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50 221184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R3 ActivHIDSerMini;Promethean Serial Board Driver;C:\WINDOWS\system32\DRIVERS\activhidsermini.sys [2006-10-04 17:14]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys []
S3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys []
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-28 16:21]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-06-05 16:04]
S3 PAC207;PC Camera;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-29 14:30]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fbus.sys [2006-11-10 09:55]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Fmdfl.sys [2006-11-10 09:55]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Fmdm.sys [2006-11-10 09:55]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fmgmt.sys [2006-11-10 09:55]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);C:\WINDOWS\system32\DRIVERS\se2Fnd5.sys [2006-11-10 09:55]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Fobex.sys [2006-11-10 09:55]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);C:\WINDOWS\system32\DRIVERS\se2Funic.sys [2006-11-10 09:55]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 15:45]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-06 13:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-06-10 12:35:03 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

ET MAINTENANT LE RAPPORT HIJACKTHIS:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:29, on 2008-06-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\log\svcl32.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Digital Line Detect\DLG.exe
E:\HiJackThismarjo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell.com/fr-fr?c=fr&l=fr&s=gen&redirect=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=6061109
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SysVContoller32] C:\WINDOWS\system32\log\svcl32.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?aca8a2a120fa42d6b02a34bd328aa39a
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?aca8a2a120fa42d6b02a34bd328aa39a
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CF9D94B-CC64-4494-A065-EE3995132F68}: NameServer = 192.168.1.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Utilisateur anonyme · Answer

réouvre hijackthis
fais scan only
coche ces lignes :

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) 

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') 
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') 
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')


O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN 

tu les coches et tu clic sur fix checked

ensuite désinstal java car pas a jours et telecharge et instal cette version :

https://www.java.com/fr/download/manual.jsp

ensuite :

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. 
double-clique sur OTMoveIt.exe pour le lancer. 
copie la liste qui se trouve en gras ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved. 

C:\WINDOWS\system32\log\svcl32.exe


clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

grenouille enchantee · Answer

C:\WINDOWS\system32\log\svcl32.exe moved successfully.
File/Folder C:\WINDOWS\PixArt\PAC2007\Monitor.exe not found.
Folder move failed. C:\WINDOWS\Pixart\PAC207 scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\Pixart scheduled to be moved on reboot.
 
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06102008_162746

Files moved on Reboot...
C:\WINDOWS\Pixart\PAC207 moved successfully.
C:\WINDOWS\Pixart moved successfully.



VOILAAAAA

Utilisateur anonyme · Answer

ok refais un scan hijackthis et post le rapport stp on va terminer

grenouille enchantée · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:01, on 2008-06-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
E:\HiJackThismarjo.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell.com/fr-fr?c=fr&l=fr&s=gen&redirect=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=6061109
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?aca8a2a120fa42d6b02a34bd328aa39a
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?aca8a2a120fa42d6b02a34bd328aa39a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CF9D94B-CC64-4494-A065-EE3995132F68}: NameServer = 192.168.1.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Utilisateur anonyme · Answer

oki c clean on termine :



regarde ceci concernant avast : 

antivir vs avast : 

-> http://forum.malekal.com/ftopic3528.php 

alors je te conseille de le desinstaller et d´installer antivir a la place 

Telecharge et instales l'antivirus Antivir Personal Edition Classic : 

->https://www.malekal.com/avira-free-security-antivirus-gratuit/ 

https://www.avira.com/en/prime 

http://mickael.barroux.free.fr/securite/antivir.php 
http://speedweb1.free.fr/frames2.php?page=tuto5 

Pour désinstaller Avast telecharge cet outil

https://www.avast.com/fr-fr/uninstall-utility


ensuite :


Télecharge et instal AVG anti spyware:

http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware


instal le et met le a jours

ensuite lance le scan et supprime


ensuite :


telecharge Ccleaner :

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

instal le sans la barre yahoo 

fais lancer le nettoyage

repete l opération jusqu a ce qu il trouve rien 

ensuite fais registre

fais chercher les erreures 

ensuite fais corriger les erreures 

repete l opération jusqu a ce qu il trouve rien 


ensuite :


Telecharge reg cleaner pour nettoyer le registre: 


http://manuelsdaide.com/RegCleaner/RegCleaner.htm 
________________ 

ouvre le et clic sur TOOL 

Choisi registry cleanup 

clic sur automatic registry cleaner 

laisse scanner et supprime tout


et pour finir :


* pour supprimer les outils/fix utilisés : 

Télécharge ToolsCleaner sur ton bureau. 
--> 
http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe 
http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe 

# Clique sur Recherche et laisse le scan agir ... 
# Clique sur Suppression pour finaliser. 
# Tu peux, si tu le souhaites, te servir des Options facultatives. 
# Clique sur Quitter pour obtenir le rapport. 
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 


et ensuite fais ça :


Clic sur "démarrer", cliques droit sur "poste de travail", "propriétés", onglet "restauration du système" 

¤ coche la case "désactiver la Restauration du systéme sur tous les lecteurs", puis clic sur "appliquer" 
¤ décoche la case et clic sur "appliquer" puis "ok". 

Maintenant, que l'ont à effacés les point infectés, nous allons créer un point propre: 

Clic sur "démarrer", "tous les programmes", "accessoires", "outils système", "restauration du système", choisis "créer un point de restauration" nommes le " ccm" par exemple, cliques sur "créer" puis "ok". 
Voilà, maintenant le point de restauration est créé. Si un jour tu décides tu pourras revenir en arrière à la date créée.

grenouille enchantée · Answer

ok merci!
Ccleaner et Regcleaner sont déjà installés.
Pour Avast! et le reste je m'en charge illico, désolée d'avoir mis du temps à répondre j'ai du sortir faire une course.
Je m'y attaque tout de suite...
Merci !!!

Utilisateur anonyme · Answer

ok pas de soucis

Problème Messenger Skinner

37 réponses

Votre réponse

Discussions similaires

Newsletters