Virus cafard & Cie Résolu

Question

Bonjour,
Voilà mon problème, je tente de supprimer les virus sur l'ordinateur d'une amie qui avait attrapé le virus fond d'écran bleu avec les cafard qui mangent l'écran. Elle a un pentium 4 et windows xpSP2. Après avoir parcouru le forum j'ai fait diverses actions et je pensais en avoir fini avec ce virus mais je me rend compte que chaque fois que je scanne, et je l'ai fait pas mal de fois, avec des antivirus différents, je retrouve un nombre incalculable de problème...
J'ai donc téléchargé hijack et j'ai fait un rapport que je poste ici, en espérant que vous pourrez m'aider et me dire où j'en suis de l'éradication de toutes ces petites bêtes.... Merci d'avance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:16:23, on 19/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B5A74FD6-566F-4EA8-9818-C815954FDE5C} - (no file)
O2 - BHO: (no name) - {BFCF46FE-9BBC-49D9-BDBF-BF1303CF327C} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {EE7D3601-9F9B-49EA-A558-501010BF1396} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file)
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CAMTRAY.EXE"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] "C:\Program Files\IncrediMail\bin\IncMail.exe" /c
O4 - HKCU\..\Run: [BoontyBox] "C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" /boot
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC4FFD59-A688-45D6-ABBA-2ED03BFF17B3}: NameServer = 212.27.32.176,212.27.32.177
O20 - AppInit_DLLs: MsgPlusLoader.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: nnnKedcd - nnnKedcd.dll (file missing)
O20 - Winlogon Notify: urqNEXrO - urqNEXrO.dll (file missing)
O21 - SSODL: AvpKernel - {0a38e09c-9e5b-41bf-8851-a69cbde8a39b} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN
ipsvc.exe (file missing)

sKe69 · Answer

Salut,
1-Rends toi sur ton PC ici : "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe"<---clik droit sur ce dernier et choisis "renommer" : tapes monjack et valide .

-!!Déconnectes toi et fermes toute tes applications en cours !!

Double clik sur le raccourci du bureau,
Fais un scan monjack (ou HijackThis renommé) et postes le  rapport générer pour analyse ...

Une fois ce dernier poster , enchaine directement par ce-ci :

2-Télécharges VirtumundoBegone sur ton bureau: 
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe 

!!Ce déconnecter et fermer toute ces applications le temps de la manipe !!

Double cliquer sur VirtumundoBeGone.exe et suivre les instructions. 
Une fois terminé, redémarrer le PC, le rapport VBG.TXT sera crée sur le bureau . 
(Si un message Ecran bleu "Erreur fatale" apparaît, pas d’inquiétude car c'est normal et attendu). 

Postes le rapport VBG accompagné d'un nouveau rapport Hijackthis pour analyse ...

fdwrc · Answer

Salut, chui pas un pro en la matiere mais t'as essayé de scaner avec malwabyte's et avec kaspersky online ?

isa24 · Answer

salut,
d'abord merci de ta réponse et dsl du retard pour la réaction mai j'étais absente, j'ai fait ce que tu as dis et voilà le 1er rapport de monjack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:55, on 21/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B5A74FD6-566F-4EA8-9818-C815954FDE5C} - (no file)
O2 - BHO: (no name) - {BFCF46FE-9BBC-49D9-BDBF-BF1303CF327C} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {EE7D3601-9F9B-49EA-A558-501010BF1396} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file)
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CAMTRAY.EXE"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] "C:\Program Files\IncrediMail\bin\IncMail.exe" /c
O4 - HKCU\..\Run: [BoontyBox] "C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" /boot
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC4FFD59-A688-45D6-ABBA-2ED03BFF17B3}: NameServer = 212.27.32.176,212.27.32.177
O20 - AppInit_DLLs: MsgPlusLoader.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: nnnKedcd - nnnKedcd.dll (file missing)
O20 - Winlogon Notify: urqNEXrO - urqNEXrO.dll (file missing)
O21 - SSODL: AvpKernel - {0a38e09c-9e5b-41bf-8851-a69cbde8a39b} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN
ipsvc.exe (file missing)

sKe69 · Answer

Salut,
Télécharges VirtumundoBegone sur ton bureau: 
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe 

!!Ce déconnecter et fermer toute ces applications le temps de la manipe !!

Double cliquer sur VirtumundoBeGone.exe et suivre les instructions. 
Une fois terminé, redémarrer le PC, le rapport VBG.TXT sera crée sur le bureau . 
(Si un message Ecran bleu "Erreur fatale" apparaît, pas d’inquiétude car c'est normal et attendu). 

Postes le rapport VBG accompagné d'un nouveau rapport Hijackthis pour analyse ...

sKe69 · Answer

...

isa24 · Answer

slt,
voila jai fait les différentes manip je poste le rapport vbg :

[06/21/2008, 12:26:34] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Thalie\Local Settings\Temporary Internet Files\Content.IE5\NT6LG7K0\VirtumundoBeGone[1].exe" )
[06/21/2008, 12:26:43] - Detected System Information:
[06/21/2008, 12:26:43] -  Windows Version: 5.1.2600, Service Pack 2
[06/21/2008, 12:26:43] -  Current Username: Thalie (Admin)
[06/21/2008, 12:26:43] -  Windows is in NORMAL mode.
[06/21/2008, 12:26:43] - Searching for Browser Helper Objects:
[06/21/2008, 12:26:43] -  BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[06/21/2008, 12:26:43] -  BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/21/2008, 12:26:43] -  BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/21/2008, 12:26:43] -  BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/21/2008, 12:26:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 12:26:43] -  No filename found. Continuing.
[06/21/2008, 12:26:43] -  BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/21/2008, 12:26:43] -  BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/21/2008, 12:26:43] -  BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/21/2008, 12:26:43] -  BHO 8: {B5A74FD6-566F-4EA8-9818-C815954FDE5C} ()
[06/21/2008, 12:26:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 12:26:43] -  No filename found. Continuing.
[06/21/2008, 12:26:43] -  BHO 9: {BFCF46FE-9BBC-49D9-BDBF-BF1303CF327C} ()
[06/21/2008, 12:26:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 12:26:43] -  No filename found. Continuing.
[06/21/2008, 12:26:43] -  BHO 10: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[06/21/2008, 12:26:43] -  BHO 11: {EE7D3601-9F9B-49EA-A558-501010BF1396} ()
[06/21/2008, 12:26:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 12:26:43] -  No filename found. Continuing.
[06/21/2008, 12:26:43] - Finished Searching Browser Helper Objects
[06/21/2008, 12:26:43] - Finishing up...
[06/21/2008, 12:26:43] - Nothing found! Exiting...

[06/21/2008, 12:27:29] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Thalie\Bureau\VirtumundoBeGone.exe" )
[06/21/2008, 12:27:39] - Detected System Information:
[06/21/2008, 12:27:39] -  Windows Version: 5.1.2600, Service Pack 2
[06/21/2008, 12:27:39] -  Current Username: Thalie (Admin)
[06/21/2008, 12:27:39] -  Windows is in NORMAL mode.
[06/21/2008, 12:27:39] - Searching for Browser Helper Objects:
[06/21/2008, 12:27:39] -  BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[06/21/2008, 12:27:39] -  BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/21/2008, 12:27:39] -  BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/21/2008, 12:27:39] -  BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/21/2008, 12:27:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 12:27:40] -  No filename found. Continuing.
[06/21/2008, 12:27:40] -  BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/21/2008, 12:27:40] -  BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/21/2008, 12:27:40] -  BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/21/2008, 12:27:40] -  BHO 8: {B5A74FD6-566F-4EA8-9818-C815954FDE5C} ()
[06/21/2008, 12:27:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 12:27:40] -  No filename found. Continuing.
[06/21/2008, 12:27:40] -  BHO 9: {BFCF46FE-9BBC-49D9-BDBF-BF1303CF327C} ()
[06/21/2008, 12:27:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 12:27:40] -  No filename found. Continuing.
[06/21/2008, 12:27:40] -  BHO 10: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[06/21/2008, 12:27:40] -  BHO 11: {EE7D3601-9F9B-49EA-A558-501010BF1396} ()
[06/21/2008, 12:27:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 12:27:40] -  No filename found. Continuing.
[06/21/2008, 12:27:40] - Finished Searching Browser Helper Objects
[06/21/2008, 12:27:40] - Finishing up...
[06/21/2008, 12:27:40] - Nothing found! Exiting...


et le rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:42, on 21/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Boonty\BoontyBox\PBCheckGames.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B5A74FD6-566F-4EA8-9818-C815954FDE5C} - (no file)
O2 - BHO: (no name) - {BFCF46FE-9BBC-49D9-BDBF-BF1303CF327C} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {EE7D3601-9F9B-49EA-A558-501010BF1396} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file)
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CAMTRAY.EXE"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] "C:\Program Files\IncrediMail\bin\IncMail.exe" /c
O4 - HKCU\..\Run: [BoontyBox] "C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" /boot
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC4FFD59-A688-45D6-ABBA-2ED03BFF17B3}: NameServer = 212.27.32.176,212.27.32.177
O20 - AppInit_DLLs: MsgPlusLoader.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: nnnKedcd - nnnKedcd.dll (file missing)
O20 - Winlogon Notify: urqNEXrO - urqNEXrO.dll (file missing)
O21 - SSODL: AvpKernel - {0a38e09c-9e5b-41bf-8851-a69cbde8a39b} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN
ipsvc.exe (file missing)

sKe69 · Answer

Télécharges MalwareByte's : 
ftp://ftp.commentcamarche.com/download/mbam-setup.exe
 
un tuto sympa : https://forum.pcastuces.com/sujet.asp?f=31&s=3 

Instales le ( choisis bien "francais" ; ne modifies pas les parramètres d'instale ) et mets le à jour . 

Puis redémarres en mode sans échec : 
Comment aller en Mode sans échec 
1) Redémarres ton ordi 
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" 
3) Tu verras un écran avec options de démarrage apparaître 
4) Choisis la première option : Sans Échec, et valide avec "Entrée" 
5) Choisis ton compte habituel, et non Administrateur (si besoin ... ) 
(attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreur ...)
 
Lances Malwarebyte's .

Fais un scan dit "complet" ( sélectionnes bien tout tes disks avant le scan )  et supprimes tout ce qu'il peut trouver :
--->une fois le scan terminé , click sur "résultat" : puis vérifies que tous les ojbets infectés soient validés, puis click sur " supression " .

Redémarres ton PC ( mode normal ). 

Postes le rapport sauvegardé après la supression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes) accompagné d'un nouvel hijackthis ( fait en mode normal ) ...

isa24 · Answer

voilà le résultat du scan :
Malwarebytes' Anti-Malware 1.18
Version de la base de données: 873

10:51:50 22/06/2008
mbam-log-6-22-2008 (10-51-37).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 269431
Temps écoulé: 15 hour(s), 3 minute(s), 1 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> No action taken.
HKEY_CURRENT_USER\Software\MySidesearch (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Control Panel\Desktop\Wallpaper (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\OriginalWallpaper (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\ConvertedWallpaper (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE (Trojan.FakeAlert) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Dédé\Local Settings\Temporary Internet Files\Content.IE5\J5T1O8G8\css4[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Dédé\Local Settings\Temporary Internet Files\Content.IE5\J5T1O8G8\kb456456[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settingsemi\Local Settings\Temporary Internet Files\Content.IE5\GOJ669VD\PLAY_MP3[1].exe (Trojan.Downloader) -> No action taken.

et maintenant le hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:31, on 22/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B5A74FD6-566F-4EA8-9818-C815954FDE5C} - (no file)
O2 - BHO: (no name) - {BFCF46FE-9BBC-49D9-BDBF-BF1303CF327C} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {EE7D3601-9F9B-49EA-A558-501010BF1396} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file)
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CAMTRAY.EXE"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] "C:\Program Files\IncrediMail\bin\IncMail.exe" /c
O4 - HKCU\..\Run: [BoontyBox] "C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" /boot
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC4FFD59-A688-45D6-ABBA-2ED03BFF17B3}: NameServer = 212.27.32.176,212.27.32.177
O20 - AppInit_DLLs: MsgPlusLoader.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: nnnKedcd - nnnKedcd.dll (file missing)
O20 - Winlogon Notify: urqNEXrO - urqNEXrO.dll (file missing)
O21 - SSODL: AvpKernel - {0a38e09c-9e5b-41bf-8851-a69cbde8a39b} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN
ipsvc.exe (file missing)

sKe69 · Answer

salut,
Fais exactement ce qui suit :

Télécharges ComboFix (par sUBs) sur ton Bureau (et pas ailleur !): 
http://download.bleepingcomputer.com/sUBs/ComboFix.exe <--- clik droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix et valide . 

----------------------------------------------- ATTENTION ---------------------------------------------------------------
!! déconnectes toi,fermes tes applications en cours et DESACTIVES TES DEFENCES (anti-virus, guardes anti spy-ware, pare-feu) le temps de la manipe : 
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après  !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
---------------------------------------------------------------------------------------------------------------------------------

Ensuite :
double-cliques C-Fix.exe ( = combofix.exe ) . 

Appuyes sur la touche Y (Yes) pour démarrer le scan . 

Attention : n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi. 
---> si un message d'erreur windows apparait à un momment , clik sur la croix en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! ) 

Le rapport sera crée dans: C:\Combofix.txt 
 
Postes le rapport Combofix accompagné d'un nouveau rapport hijackthis pour analyse ...

isa24 · Answer

voila le rapport combo :
ComboFix 08-06-20.4 - Thalie 2008-06-22 14:38:06.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.529 [GMT 2:00]
Endroit: C:\Documents and Settings\Thalie\Bureau\C-Fix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Advanced XP Defender
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Advanced XP Defender\How to register.lnk
C:\WINDOWS\BMabeb7b5e.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\CKkSAJjl.ini
C:\WINDOWS\system32\CKkSAJjl.ini2
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\pmcfduhv.ini
C:\WINDOWS\system32\QYGhknpo.ini2
C:\WINDOWS\system32\urmtbshh.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-22 to 2008-06-22 ))))))))))))))))))))))))))))))))))))
.

2025-07-05 10:37 . 2025-07-05 10:37 3,120 --a------ C:\WINDOWS\IM_PREM.lfa
2008-06-21 12:51 . 2008-06-21 12:51 <REP> d-------- C:\Documents and Settings\Thalie\Application Data\Malwarebytes
2008-06-21 12:51 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-21 12:51 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-19 16:16 . 2008-06-19 16:16 <REP> d-------- C:\Program Files\Trend Micro
2008-06-17 18:00 . 2008-06-17 18:00 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-17 09:04 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-17 09:04 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-17 09:04 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-17 08:09 . 2008-06-17 08:09 <REP> d-------- C:\Program Files\Avira
2008-06-17 08:09 . 2008-06-17 08:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-17 07:48 . 2008-06-17 07:49 <REP> d-------- C:\Program Files\Windows Live
2008-06-17 07:48 . 2008-06-17 07:48 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-06-17 07:47 . 2008-06-17 07:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-17 07:30 . 2008-06-17 07:30 <REP> d-------- C:\Program Files\Sun
2008-06-16 19:17 . 2008-06-16 19:17 10,872,790 --a------ C:\upload_moi_SECR-5EE85B317A.tar.gz
2008-06-16 12:00 . 2008-06-21 12:51 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-16 12:00 . 2008-06-16 12:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-16 11:10 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-16 11:10 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-16 10:58 . 2003-11-08 05:16 265,728 -ra------ C:\WINDOWS\system32\drivers\BCMWL5.SYS
2008-06-12 11:49 . 2008-06-12 11:49 99,264 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-05-29 07:43 . 2008-05-29 07:43 <REP> d-------- C:\Program Files\Incredijeux
2008-05-24 08:30 . 2008-05-24 08:45 <REP> d-------- C:\Documents and Settings\Thalie\Application Data\Pirateville

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 05:30 --------- d-----w C:\Program Files\Java
2008-06-16 09:48 4,910 ----a-w C:\WINDOWS\system32\tmp.reg
2008-05-29 08:44 --------- d-----w C:\Documents and Settings\remi\Application Data\LimeWire
2008-05-29 06:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-29 05:43 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2008-05-24 06:30 --------- d-----w C:\Documents and Settings\Thalie\Application Data\Zylom
2008-05-24 06:29 --------- d-----w C:\Program Files\Zylom Games
2008-05-16 17:25 --------- d-----w C:\Program Files\BoontyGames
2008-05-16 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecretsOfOlympus
2008-05-15 10:11 446,976 ----a-w C:\WINDOWS\system32\ShellMPD.dll
2008-05-15 10:11 --------- d-----w C:\Program Files\MSN Pictures Displayer
2008-05-15 10:11 --------- d-----w C:\Documents and Settings\valerie\Application Data\MSN Pictures Displayer
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-05 08:00 --------- d-----w C:\Program Files\Mes Jeux Installés
2008-05-03 13:06 --------- d-----w C:\Program Files\iTunes
2008-05-03 13:06 --------- d-----w C:\Program Files\iPod
2008-05-03 13:04 --------- d-----w C:\Program Files\Bonjour
2008-05-03 13:03 --------- d-----w C:\Program Files\QuickTime Alternative
2008-05-03 12:59 --------- d-----w C:\Program Files\Apple Software Update
2008-05-03 12:58 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-05-03 12:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-02 16:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-02 16:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-30 16:20 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-30 11:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-30 10:29 --------- d-----w C:\Program Files\Enigma Software Group
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-21 19:52 860 ----a-w C:\Documents and Settings\Thalie\Application Data\wklnhst.dat
2008-04-02 08:59 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2007-08-03 13:25 13,043,226 ----a-w C:\Program Files\klcodec330f.exe
2007-07-25 13:02 2,591,956 ----a-w C:\Program Files\eMulePlus-1.2b.Installer.exe
2007-05-27 09:44 92,064 ----a-w C:\Documents and Settings\Thalie\mqdmmdm.sys
2007-05-27 09:44 9,232 ----a-w C:\Documents and Settings\Thalie\mqdmmdfl.sys
2007-05-27 09:44 79,328 ----a-w C:\Documents and Settings\Thalie\mqdmserd.sys
2007-05-27 09:44 66,656 ----a-w C:\Documents and Settings\Thalie\mqdmbus.sys
2007-05-27 09:44 6,208 ----a-w C:\Documents and Settings\Thalie\mqdmcmnt.sys
2007-05-27 09:44 5,936 ----a-w C:\Documents and Settings\Thalie\mqdmwhnt.sys
2007-05-27 09:44 4,048 ----a-w C:\Documents and Settings\Thalie\mqdmcr.sys
2007-05-27 09:44 25,600 ----a-w C:\Documents and Settings\Thalie\usbsermptxp.sys
2007-05-27 09:44 22,768 ----a-w C:\Documents and Settings\Thalie\usbsermpt.sys
2006-03-03 14:59 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2003-01-13 09:55 282,624 ----a-w C:\Program Files\internet explorer\plugins\PanoViewer.dll
1999-04-30 15:00 98,304 ----a-w C:\Program Files\internet explorer\plugins\UPjpeg.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5A74FD6-566F-4EA8-9818-C815954FDE5C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFCF46FE-9BBC-49D9-BDBF-BF1303CF327C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE7D3601-9F9B-49EA-A558-501010BF1396}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-01-23 09:06 204843]
"BoontyBox"="C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" [2005-04-15 14:24 667648]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-06-13 13:36 2137024]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 07:56 68856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21 57344]
"EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 05:00 98304]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-04-15 12:03 190024]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 12:04 245760]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 22:42 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 22:05 344064]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [ ]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2005-03-24 14:52 94770]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12 90112]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 01:15 366400]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-09 15:21 1836544]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-22 16:24 180269]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnKedcd]
nnnKedcd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqNEXrO]
urqNEXrO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=MsgPlusLoader.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"msacm.divxa32"= DivXa32.acm
"SENTINEL"= snti386.dll
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
"vidc.i263"= C:\WINDOWS\system32\i263_32.drv
"vidc.vp31"= vp31vfw.dll
"vidc.yv12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\VideoLink Pro\\Engine.exe"=
"C:\\Program Files\\VideoLink Pro\\SMListenEngine.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Infogrames\\Combat\\Combat.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=
"C:\\Program Files\\EpieGames\\Parawolffist\\Parawolffist.exe"=
"C:\\Program Files\\GigaByte\\VGA Utility Manager\\G-vga.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6662:TCP"= 6662:TCP:portemule
"6672:UDP"= 6672:UDP:emuleport2
"8862:TCP"= 8862:TCP:emuletcp
"8872:UDP"= 8872:UDP:emuleudp
"22636:TCP"= 22636:TCP:BitComet 22636 TCP
"22636:UDP"= 22636:UDP:BitComet 22636 UDP

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2005-12-10 17:18]
S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys []
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 13:41]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 V0080Dev;Creative Camera VF0080 Driver;C:\WINDOWS\system32\DRIVERS\V0080Dev.sys [2004-10-09 11:51]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-22 20:51:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-16 13:00:18 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 15:05:33
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\MSN Toolbar Suite\DS\[u]0[/u]2.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\MSN Toolbar Suite\DS\[u]0[/u]2.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\MSN Toolbar Suite\DS\[u]0[/u]2.05.0001.1119\fr-fr\bin\WindowsSearchFilter.exe
C:\Program Files\MSN Toolbar Suite\SL\[u]0[/u]2.05.0001.1119\fr-fr\msn_sl.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-22 15:16:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-22 13:15:55

Pre-Run: 35,362,107,392 octets libres
Post-Run: 38,898,348,032 octets libres

231 --- E O F --- 2008-06-22 08:58:55

et le rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:41:33, on 22/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B5A74FD6-566F-4EA8-9818-C815954FDE5C} - (no file)
O2 - BHO: (no name) - {BFCF46FE-9BBC-49D9-BDBF-BF1303CF327C} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {EE7D3601-9F9B-49EA-A558-501010BF1396} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file)
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CAMTRAY.EXE"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] "C:\Program Files\IncrediMail\bin\IncMail.exe" /c
O4 - HKCU\..\Run: [BoontyBox] "C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" /boot
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC4FFD59-A688-45D6-ABBA-2ED03BFF17B3}: NameServer = 212.27.32.176,212.27.32.177
O20 - AppInit_DLLs: MsgPlusLoader.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: nnnKedcd - nnnKedcd.dll (file missing)
O20 - Winlogon Notify: urqNEXrO - urqNEXrO.dll (file missing)
O21 - SSODL: AvpKernel - {0a38e09c-9e5b-41bf-8851-a69cbde8a39b} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)

sKe69 · Answer

impec , on continue :

1-Crée un doc texte sur ton bureau : 
pointes ta souris sur ton bureau , click droit : vas dans "nouveau" et choisis "document texte" . 

Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de crée : 

Registry:: 
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5A74FD6-566F-4EA8-9818-C815954FDE5C}] 

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFCF46FE-9BBC-49D9-BDBF-BF1303CF327C}] 

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE7D3601-9F9B-49EA-A558-501010BF1396}] 

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify
nnKedcd] 

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\urqNEXrO] 


Puis vas dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi : 
CFScript puis valides ...
 

2-Nettoyage :
!! Déconnectes toi,fermes toute tes application et désactive ton antivirus le temps de la manipe ( tu le réactiveras après )  !! 

--->Sur ton bureau, fais un glisser avec ta souris le fichier CFScript sur l'icone de ComboFix.exe . 

(Regarde ici : http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif )

Cette manipulation va relancer combofix .
--> Une fenêtre bleue va apparaître: au message qui apparaît "Type 1 to continue, or 2 to abort" : tape 1 puis valide. 

Puis patientes le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!) 

!! Ne touche à rien tant que le scan n'est pas terminé !! 

Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisses-le faire. 

Une fois le scan achevé, un rapport va s'afficher : Postes le accompagné d' un nouveau rapport HijackThis pour analyse ...

( Attention : cette manipe a été fait pour ce PC . Toute réutilisation peut endommager sévèrement le système d'exploitation )

isa24 · Answer

voila le rapport combo :
ComboFix 08-06-20.4 - Thalie 2008-06-22 14:38:06.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.529 [GMT 2:00]
Endroit: C:\Documents and Settings\Thalie\Bureau\C-Fix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Advanced XP Defender
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Advanced XP Defender\How to register.lnk
C:\WINDOWS\BMabeb7b5e.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\CKkSAJjl.ini
C:\WINDOWS\system32\CKkSAJjl.ini2
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\pmcfduhv.ini
C:\WINDOWS\system32\QYGhknpo.ini2
C:\WINDOWS\system32\urmtbshh.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-22 to 2008-06-22 ))))))))))))))))))))))))))))))))))))
.

2025-07-05 10:37 . 2025-07-05 10:37 3,120 --a------ C:\WINDOWS\IM_PREM.lfa
2008-06-21 12:51 . 2008-06-21 12:51 <REP> d-------- C:\Documents and Settings\Thalie\Application Data\Malwarebytes
2008-06-21 12:51 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-21 12:51 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-19 16:16 . 2008-06-19 16:16 <REP> d-------- C:\Program Files\Trend Micro
2008-06-17 18:00 . 2008-06-17 18:00 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-17 09:04 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-17 09:04 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-17 09:04 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-17 08:09 . 2008-06-17 08:09 <REP> d-------- C:\Program Files\Avira
2008-06-17 08:09 . 2008-06-17 08:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-17 07:48 . 2008-06-17 07:49 <REP> d-------- C:\Program Files\Windows Live
2008-06-17 07:48 . 2008-06-17 07:48 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-06-17 07:47 . 2008-06-17 07:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-17 07:30 . 2008-06-17 07:30 <REP> d-------- C:\Program Files\Sun
2008-06-16 19:17 . 2008-06-16 19:17 10,872,790 --a------ C:\upload_moi_SECR-5EE85B317A.tar.gz
2008-06-16 12:00 . 2008-06-21 12:51 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-16 12:00 . 2008-06-16 12:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-16 11:10 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-16 11:10 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-16 10:58 . 2003-11-08 05:16 265,728 -ra------ C:\WINDOWS\system32\drivers\BCMWL5.SYS
2008-06-12 11:49 . 2008-06-12 11:49 99,264 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-05-29 07:43 . 2008-05-29 07:43 <REP> d-------- C:\Program Files\Incredijeux
2008-05-24 08:30 . 2008-05-24 08:45 <REP> d-------- C:\Documents and Settings\Thalie\Application Data\Pirateville

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 05:30 --------- d-----w C:\Program Files\Java
2008-06-16 09:48 4,910 ----a-w C:\WINDOWS\system32\tmp.reg
2008-05-29 08:44 --------- d-----w C:\Documents and Settings\remi\Application Data\LimeWire
2008-05-29 06:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-29 05:43 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2008-05-24 06:30 --------- d-----w C:\Documents and Settings\Thalie\Application Data\Zylom
2008-05-24 06:29 --------- d-----w C:\Program Files\Zylom Games
2008-05-16 17:25 --------- d-----w C:\Program Files\BoontyGames
2008-05-16 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecretsOfOlympus
2008-05-15 10:11 446,976 ----a-w C:\WINDOWS\system32\ShellMPD.dll
2008-05-15 10:11 --------- d-----w C:\Program Files\MSN Pictures Displayer
2008-05-15 10:11 --------- d-----w C:\Documents and Settings\valerie\Application Data\MSN Pictures Displayer
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-05 08:00 --------- d-----w C:\Program Files\Mes Jeux Installés
2008-05-03 13:06 --------- d-----w C:\Program Files\iTunes
2008-05-03 13:06 --------- d-----w C:\Program Files\iPod
2008-05-03 13:04 --------- d-----w C:\Program Files\Bonjour
2008-05-03 13:03 --------- d-----w C:\Program Files\QuickTime Alternative
2008-05-03 12:59 --------- d-----w C:\Program Files\Apple Software Update
2008-05-03 12:58 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-05-03 12:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-02 16:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-02 16:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-30 16:20 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-30 11:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-30 10:29 --------- d-----w C:\Program Files\Enigma Software Group
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-21 19:52 860 ----a-w C:\Documents and Settings\Thalie\Application Data\wklnhst.dat
2008-04-02 08:59 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2007-08-03 13:25 13,043,226 ----a-w C:\Program Files\klcodec330f.exe
2007-07-25 13:02 2,591,956 ----a-w C:\Program Files\eMulePlus-1.2b.Installer.exe
2007-05-27 09:44 92,064 ----a-w C:\Documents and Settings\Thalie\mqdmmdm.sys
2007-05-27 09:44 9,232 ----a-w C:\Documents and Settings\Thalie\mqdmmdfl.sys
2007-05-27 09:44 79,328 ----a-w C:\Documents and Settings\Thalie\mqdmserd.sys
2007-05-27 09:44 66,656 ----a-w C:\Documents and Settings\Thalie\mqdmbus.sys
2007-05-27 09:44 6,208 ----a-w C:\Documents and Settings\Thalie\mqdmcmnt.sys
2007-05-27 09:44 5,936 ----a-w C:\Documents and Settings\Thalie\mqdmwhnt.sys
2007-05-27 09:44 4,048 ----a-w C:\Documents and Settings\Thalie\mqdmcr.sys
2007-05-27 09:44 25,600 ----a-w C:\Documents and Settings\Thalie\usbsermptxp.sys
2007-05-27 09:44 22,768 ----a-w C:\Documents and Settings\Thalie\usbsermpt.sys
2006-03-03 14:59 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2003-01-13 09:55 282,624 ----a-w C:\Program Files\internet explorer\plugins\PanoViewer.dll
1999-04-30 15:00 98,304 ----a-w C:\Program Files\internet explorer\plugins\UPjpeg.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5A74FD6-566F-4EA8-9818-C815954FDE5C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFCF46FE-9BBC-49D9-BDBF-BF1303CF327C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE7D3601-9F9B-49EA-A558-501010BF1396}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-01-23 09:06 204843]
"BoontyBox"="C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" [2005-04-15 14:24 667648]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-06-13 13:36 2137024]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 07:56 68856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21 57344]
"EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 05:00 98304]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-04-15 12:03 190024]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 12:04 245760]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 22:42 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 22:05 344064]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [ ]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2005-03-24 14:52 94770]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12 90112]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 01:15 366400]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-09 15:21 1836544]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-22 16:24 180269]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnKedcd]
nnnKedcd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqNEXrO]
urqNEXrO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=MsgPlusLoader.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"msacm.divxa32"= DivXa32.acm
"SENTINEL"= snti386.dll
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
"vidc.i263"= C:\WINDOWS\system32\i263_32.drv
"vidc.vp31"= vp31vfw.dll
"vidc.yv12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\VideoLink Pro\\Engine.exe"=
"C:\\Program Files\\VideoLink Pro\\SMListenEngine.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Infogrames\\Combat\\Combat.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=
"C:\\Program Files\\EpieGames\\Parawolffist\\Parawolffist.exe"=
"C:\\Program Files\\GigaByte\\VGA Utility Manager\\G-vga.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6662:TCP"= 6662:TCP:portemule
"6672:UDP"= 6672:UDP:emuleport2
"8862:TCP"= 8862:TCP:emuletcp
"8872:UDP"= 8872:UDP:emuleudp
"22636:TCP"= 22636:TCP:BitComet 22636 TCP
"22636:UDP"= 22636:UDP:BitComet 22636 UDP

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2005-12-10 17:18]
S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys []
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 13:41]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 V0080Dev;Creative Camera VF0080 Driver;C:\WINDOWS\system32\DRIVERS\V0080Dev.sys [2004-10-09 11:51]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-22 20:51:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-16 13:00:18 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 15:05:33
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\MSN Toolbar Suite\DS\[u]0[/u]2.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\MSN Toolbar Suite\DS\[u]0[/u]2.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\MSN Toolbar Suite\DS\[u]0[/u]2.05.0001.1119\fr-fr\bin\WindowsSearchFilter.exe
C:\Program Files\MSN Toolbar Suite\SL\[u]0[/u]2.05.0001.1119\fr-fr\msn_sl.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-22 15:16:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-22 13:15:55

Pre-Run: 35,362,107,392 octets libres
Post-Run: 38,898,348,032 octets libres

231 --- E O F --- 2008-06-22 08:58:55

et le rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:41:33, on 22/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B5A74FD6-566F-4EA8-9818-C815954FDE5C} - (no file)
O2 - BHO: (no name) - {BFCF46FE-9BBC-49D9-BDBF-BF1303CF327C} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {EE7D3601-9F9B-49EA-A558-501010BF1396} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file)
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CAMTRAY.EXE"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] "C:\Program Files\IncrediMail\bin\IncMail.exe" /c
O4 - HKCU\..\Run: [BoontyBox] "C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" /boot
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC4FFD59-A688-45D6-ABBA-2ED03BFF17B3}: NameServer = 212.27.32.176,212.27.32.177
O20 - AppInit_DLLs: MsgPlusLoader.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: nnnKedcd - nnnKedcd.dll (file missing)
O20 - Winlogon Notify: urqNEXrO - urqNEXrO.dll (file missing)
O21 - SSODL: AvpKernel - {0a38e09c-9e5b-41bf-8851-a69cbde8a39b} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)

sKe69 · Answer

1-Fermes toutes tes applications et déconnectes toi .

Relance Hijackthis mais click sur " Do a scan only " 
Tu vois donc apparaitre le résultat du scan : une multitudes de lignes ,chacunes précédées d'un carré vide . 
Tu vas clické sur les carré des lignes suivantes : 

R3 - URLSearchHook: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) 
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) 
O3 - Toolbar: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file) 
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime 
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe 
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') 
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') 
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') 
O9 - Extra button: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing) 
O9 - Extra 'Tools' menuitem: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing) 
O21 - SSODL: AvpKernel - {0a38e09c-9e5b-41bf-8851-a69cbde8a39b} - (no file)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN
ipsvc.exe (file missing)


Tu cliques en bas sur le bouton FIX CHECKED et valides .

2-Télécharges ToolsCleaner (de A.Rothstein) sur ton Bureau. 
http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe

Lances le . 
Cliques sur Recherche et laisses le scan se terminer (cela peut être long). 
Cliques sur Suppression pour finaliser. 
Tu peux, si tu le souhaites, te servir des Options facultatives 

Ce petit soft va te nettoyer tout les trucs dont on c'est servi pour la désinfection ( tu n'en as plus besion ! ) . 
Supprimes tout les outils , dossiers ou rapports consernant la désinfection que Toolsclaener2 n'a pas supprimé . 

Puis enfin supprimes Toolscleaner2 ... ( gardes Malwaresbytes : très utile )


3- Télécharges : - CCleaner 
https://www.pcastuces.com/logitheque/ccleaner.htm 
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corrigé ton registre .Lors de l'instalation, avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 première.
Une fois le prg instalé et lancé, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures"( Par la suite, laisse-le avec ses réglages par défaut. C'est tout ). 

Un tuto ( aide ): 
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm 

Utilisation:
vas dans "nettoyeur" : fait annalyse puis nettoyage 
et vas dans "registre" : fait chercher les erreurs et réparer ( plusieur fois jusqu'a ce qu'il n'y est plus d'erreur ) . 

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )

4- on va fair un scan avec AntiVir .

Mets le bien à jours
Puis fais ce petit réglage si cela n'est pas déjà fais :
******************************************************
une fois antivir ouvert click sur configuration et coche la case "expert mode" .
*puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >"scanner priority" = High 
*coches : "allow stopping the scanne"r, comme cela tu peux faire une pause pendant le scan si tu le desir. 
*puis sur la droite coches les case suivantes : 
"scan boot sectors of selected drives" 
"scan master boot sectors "
"scan memory" 
"search foe rootkit before scan" 
decoches : 
"ignore off line files" 
*toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level 
********************************************* 

Impératif : redémarres en mode sans échec

Lances un scan complet de ton PC avec AntiVir et mets tout ce qu'il peut trouver en quarantaine ... à la fin , demande à crée un rapport puis sauvegardes le de façon à le retrouver ...

Redémarres ton pc et postes moi le rapport obtenu ...

isa24 · Answer

Voila le rapport antivir :
Avira AntiVir Personal
Report file date: dimanche 22 juin 2008  19:56

Scanning for 1350570 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Boot mode:        Save mode
Username:         Thalie
Computer name:    SECR-5EE85B317A

Version information:
BUILD.DAT     : 8.1.0.308       16478 Bytes  28/05/2008 17:03:00
AVSCAN.EXE    : 8.1.2.12       311553 Bytes  18/03/2008 09:02:56
AVSCAN.DLL    : 8.1.1.0         53505 Bytes  07/02/2008 08:43:37
LUKE.DLL      : 8.1.2.9        151809 Bytes  28/02/2008 08:41:23
LUKERES.DLL   : 8.1.2.1         12033 Bytes  21/02/2008 08:28:40
ANTIVIR0.VDF  : 6.40.0.0     11030528 Bytes  18/07/2007 10:33:34
ANTIVIR1.VDF  : 7.0.3.2       5447168 Bytes  07/03/2008 13:08:58
ANTIVIR2.VDF  : 7.0.4.195     2546176 Bytes  14/06/2008 06:12:42
ANTIVIR3.VDF  : 7.0.4.233      260608 Bytes  21/06/2008 08:59:25
Engineversion : 8.1.0.59  
AEVDF.DLL     : 8.1.0.5        102772 Bytes  25/02/2008 09:58:21
AESCRIPT.DLL  : 8.1.0.44       278907 Bytes  21/06/2008 08:11:16
AESCN.DLL     : 8.1.0.22       119157 Bytes  21/06/2008 08:11:11
AERDL.DLL     : 8.1.0.20       418165 Bytes  17/06/2008 06:13:10
AEPACK.DLL    : 8.1.1.6        364918 Bytes  21/06/2008 08:11:07
AEOFFICE.DLL  : 8.1.0.20       192891 Bytes  21/06/2008 08:11:03
AEHEUR.DLL    : 8.1.0.32      1274231 Bytes  21/06/2008 08:11:01
AEHELP.DLL    : 8.1.0.15       115063 Bytes  17/06/2008 06:12:55
AEGEN.DLL     : 8.1.0.29       307573 Bytes  21/06/2008 08:10:45
AEEMU.DLL     : 8.1.0.6        430451 Bytes  17/06/2008 06:12:48
AECORE.DLL    : 8.1.0.31       168310 Bytes  17/06/2008 06:12:46
AVWINLL.DLL   : 1.0.0.7         14593 Bytes  23/01/2008 17:07:53
AVPREF.DLL    : 8.0.0.1         25857 Bytes  18/02/2008 10:37:50
AVREP.DLL     : 7.0.0.1        155688 Bytes  16/04/2007 13:26:47
AVREG.DLL     : 8.0.0.0         30977 Bytes  23/01/2008 17:07:49
AVARKT.DLL    : 1.0.0.23       307457 Bytes  12/02/2008 08:29:23
AVEVTLOG.DLL  : 8.0.0.11       114945 Bytes  28/02/2008 08:31:31
SQLITE3.DLL   : 3.3.17.1       339968 Bytes  22/01/2008 17:28:02
SMTPLIB.DLL   : 1.2.0.19        28929 Bytes  23/01/2008 17:08:39
NETNT.DLL     : 8.0.0.1          7937 Bytes  25/01/2008 12:05:10
RCIMAGE.DLL   : 8.0.0.35      2371841 Bytes  10/03/2008 14:37:25
RCTEXT.DLL    : 8.0.32.0        86273 Bytes  06/03/2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, 
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: dimanche 22 juin 2008  19:56

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
      [INFO]      No virus was found!
Master boot sector HD1
      [INFO]      No virus was found!
      [WARNING]   Le périphérique n'est pas prêt.
Master boot sector HD2
      [INFO]      No virus was found!
      [WARNING]   Le périphérique n'est pas prêt.
Master boot sector HD3
      [INFO]      No virus was found!
      [WARNING]   Le périphérique n'est pas prêt.
Master boot sector HD4
      [INFO]      No virus was found!
      [WARNING]   Le périphérique n'est pas prêt.
Master boot sector HD5
      [INFO]      No virus was found!
      [WARNING]   Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
      [INFO]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '47' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\Documents and Settings\Dédé\Incomplete\T-3545425-ma belle mere paricia.mpg
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '4891a14a.qua'!
C:\Documents and Settings\Dédé\Mes documents\LimeWire\Saved\helene grimaud.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '48caa263.qua'!
C:\Documents and Settings\Dédé\Mes documents\LimeWire\Saved	enkaichi 3 meteor.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '48cca274.qua'!
C:\Documents and Settings\Dédé\Mes documents\LimeWire\Saved\TOTALLY HIP TRACK.wma
      [DETECTION] Is the Trojan horse TR/Dldr.Age.3566386
      [NOTE]      The file was moved to '48b2a262.qua'!
C:\Documents and Settings\Dédé\Mes documents\LimeWire\Saved\wedontdance wearethedance smbd.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '48c2a27c.qua'!
C:\Documents and Settings\Dédé\Shared\au revoir sherifa luna.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '487ea37c.qua'!
C:\Documents and Settings\Dédé\Shared\il avait les mots sheriffa.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '487ea37e.qua'!
C:\Documents and Settings\Dédé\Shared\interlude sherifa luna.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '48d2a384.qua'!
C:\Documents and Settings\Dédé\Shared\mika happy ending.mpg
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '48c9a38e.qua'!
C:\Documents and Settingsemi\Bureau\dragon ball\dbz\budokai tenkaishi 3.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '48c2a447.qua'!
C:\Documents and Settingsemi\Bureau\dragon ball\dbz	enkaichi 3.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '48cca440.qua'!
C:\Documents and Settingsemi\Bureau\musiqueemi\dragon ball hantai.mpg
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '48bfa5e1.qua'!
C:\Documents and Settingsemi\Bureau\musiqueemi\le declic.mpg
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '487ea5ed.qua'!
C:\Documents and Settingsemi\Incomplete\Preview-T-3545425-tenkaichi 3.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '48c3a757.qua'!
C:\Documents and Settings\Thalie\Mes documents\dossier thalie\dossier thalie\mp3\bleending love leanna lewis.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '48c3b6c0.qua'!
C:\Documents and Settings\Thalie\Mes documents\dossier thalie\dossier thalie\mp3\in my arms kelly minogue.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '487eb6c8.qua'!
C:\Documents and Settings\Thalie\Mes documents\dossier thalie\dossier thalie\mp3\in my arms killy minogue.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '487eb6cd.qua'!
C:\Documents and Settings\Thalie\Mes documents\photos 18 06\album sherifa luna\interlude sherifa luna.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '48d2bd06.qua'!
C:\Documents and Settings\Thalie\Mes documents\photos 18 06\lorie\2lor en moi lorie.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '48cdbd0c.qua'!
C:\Documents and Settings\Thalie\Shared\bleending love leanna lewis.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '48c3d22a.qua'!
C:\Documents and Settings\Thalie\Shared\in my arms kelly minogue.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '487ed231.qua'!
C:\Documents and Settings\Thalie\Shared\in my arms killy minogue.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '487ed236.qua'!
C:\Documents and Settings\Thalie\Shared\whit love adaway.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '48c7d237.qua'!


End of the scan: lundi 23 juin 2008  12:21
Used time: 16:25:01 min

The scan has been done completely.

  16920 Scanning directories
 404368 Files were scanned
     23 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
     23 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
 404345 Files not concerned
   4022 Archives were scanned
      6 Warnings
     23 Notes

sKe69 · Answer

Et bien dis moi , tu avais pas mal de mp3 infectés ...

1-Supprimes tout les objet infectieux qu'il peut avoir dans les zone de "quarantaine " de Malwarebytes et de AntiVir ...

2-refais un coup de CCleaner ( registre compris ) 

---> Fais moi un petit topo sur l'état de ton PC , y a t'il du mieux ?

Puis ensuite fais ce-ci pour contrôler :

3-Télécharge DiagHelp.zip sur ton bureau :

http://www.malekal.com/download/DiagHelp.zip

!! déconnectes toi et fermes toutes tes applications en cours !!  

Fais un clic droit sur le fichier et extraire tout .

--> Un nouveau dossier va être créé : "DiagHelp"  
Ouvres le et double-clic sur go.cmd et pas sur autre chose ! (le .cmd peut ne pas apparaître )
 
--> Une fenêtre va s'ouvrir, choisis l'option 1 
L'analyse va commencer, ce-ci peut durer quelques minutes, laisses faire et appuies sur une touche quand on te le demandera : 
une page IE va s'ouvrir , fermes la . 
Re-appuis sur une touche, le bloc-note s'ouvre : 
Sauvegardes ce rapport de façon à le retrouver et postes tout son contenu dans ta prochaine réponse ...

isa24 · Answer

Alors pour ce qui est de l'état du PC comme je te l'ai dit au début ce n'est pas le mien mais je vois quand même une nette amélioration par rapport au jour ou je l'ai ramené chez moi ! Il va nettement plus vite et les actions comme fermer une session, redémarrer ou tout simplement démarrer vont nettement plus vite et ne plantent plus. Les analyses sont très longues mais je suppose que c'est normal.
Voila le dernier rapport :
DiagHelp version v1.4 - http://www.malekal.com
excute le 23/06/2008 à 15:16:20,33

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->23/06/2008 15:16:19
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->23/06/2008 15:16:17
C:\WINDOWS\prefetch\PBCHECKGAMES.EXE-0BF63BC3.pf -->23/06/2008 15:16:01
C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->23/06/2008 15:15:45
C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->23/06/2008 15:15:11
C:\WINDOWS\prefetch\AVWSC.EXE-347FCF75.pf -->23/06/2008 15:12:52
C:\WINDOWS\prefetch\BOONTY.EXE-31979621.pf -->23/06/2008 15:00:56
C:\WINDOWS\prefetch\BOONTYGAMES.0001-2079209C.pf -->23/06/2008 15:00:54
C:\WINDOWS\prefetch\~E5D141.TMP-03EECD97.pf -->23/06/2008 15:00:51
C:\WINDOWS\prefetch\CHKLICENCEOS.EXE-25190090.pf -->23/06/2008 15:00:51

C:\WINDOWS\System32\drivers\mbamcatchme.sys -->19/06/2008 17:48:04
C:\WINDOWS\System32\drivers\mbam.sys -->19/06/2008 17:47:58
C:\WINDOWS\System32\drivers\bthport.sys -->14/06/2008 19:59:52
C:\WINDOWS\System32\drivers\AnyDVD.sys -->12/06/2008 11:49:09
C:\WINDOWS\System32\drivers\rmcast.sys -->08/05/2008 14:28:49
C:\WINDOWS\System32\drivers\avipbb.sys -->04/03/2008 13:28:53
C:\WINDOWS\System32\drivers\GEARAspiWDM.sys -->29/01/2008 12:01:28

C:\WINDOWS\System32\wpa.dbl -->23/06/2008 13:07:08
C:\WINDOWS\System32\CONFIG.NT -->17/06/2008 08:02:01
C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log -->17/06/2008 07:30:16
C:\WINDOWS\System32\tmp.txt -->16/06/2008 11:48:32
C:\WINDOWS\System32\tmp.reg -->16/06/2008 11:48:32
C:\WINDOWS\System32\MRT.exe -->30/05/2008 01:35:11
C:\WINDOWS\System32\ShellMPD.dll -->15/05/2008 12:11:39
C:\WINDOWS\System32\quartz.dll -->07/05/2008 07:15:36
C:\WINDOWS\System32\mshtml.dll -->23/04/2008 22:16:42
C:\WINDOWS\System32\wininet.dll -->23/04/2008 06:16:40
C:\WINDOWS\System32\webcheck.dll -->23/04/2008 06:16:40
C:\WINDOWS\System32\urlmon.dll -->23/04/2008 06:16:40
C:\WINDOWS\System32\url.dll -->23/04/2008 06:16:40
C:\WINDOWS\System32\pngfilt.dll -->23/04/2008 06:16:40
C:\WINDOWS\System32\occache.dll -->23/04/2008 06:16:40
C:\WINDOWS\System32\mstime.dll -->23/04/2008 06:16:40
C:\WINDOWS\System32\msrating.dll -->23/04/2008 06:16:40
C:\WINDOWS\System32\mshtmled.dll -->23/04/2008 06:16:40
C:\WINDOWS\System32\msfeedsbs.dll -->23/04/2008 06:16:40
C:\WINDOWS\System32\msfeeds.dll -->23/04/2008 06:16:40
C:\WINDOWS\System32\jsproxy.dll -->23/04/2008 06:16:40
C:\WINDOWS\System32\inetcpl.cpl -->23/04/2008 06:16:40
C:\WINDOWS\System32\iertutil.dll -->23/04/2008 06:16:39
C:\WINDOWS\System32\iernonce.dll -->23/04/2008 06:16:39
C:\WINDOWS\System32\ieframe.dll -->23/04/2008 06:16:39

C:\WINDOWS\IM_PREM.lfa -->05/07/2025 10:37:10
C:\WINDOWS\setupapi.log -->23/06/2008 15:15:23
C:\WINDOWS\WindowsUpdate.log -->23/06/2008 14:10:13
C:\WINDOWS\wiadebug.log -->23/06/2008 13:05:21
C:\WINDOWS\wiaservc.log -->23/06/2008 13:05:18
C:\WINDOWS\bootstat.dat -->23/06/2008 13:05:04
C:\WINDOWS\SchedLgU.Txt -->22/06/2008 19:30:32
C:\WINDOWS\system.ini -->22/06/2008 16:11:20
C:\WINDOWS\NeroDigital.ini -->18/06/2008 18:38:13
C:\WINDOWS\WININIT.INI -->17/06/2008 22:52:04
C:\WINDOWS\popcinfo.dat -->29/05/2008 08:38:24
C:\WINDOWS\BMabeb7b5e.txt -->02/05/2008 18:11:01
C:\WINDOWS\EPISMF00.SWB -->28/04/2008 12:20:02
C:\WINDOWS\QTW.INI -->02/04/2008 11:48:57
C:\WINDOWS\Thumbs.db -->30/03/2008 17:16:39

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 592
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x44080000 0xd0000 7.00.6000.16674 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16674 C:\WINDOWS\system32\iertutil.dll
0x10000000 0xe000 3.63.0004.0000 C:\WINDOWS\system32\MsgPlusLoader.dll
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x649b0000 0x97000 2.05.0001.1119 C:\Program Files\MSN Toolbar Suite\DB\02.05.0001.1119\fr-fr\deskbar.dll
0x014a0000 0x40000 2.05.0001.1119 C:\Program Files\MSN Toolbar Suite\DB\02.05.0001.1119\fr-fr\dbres.dll
0x64910000 0x94000 2.05.0001.1119 C:\Program Files\MSN Toolbar Suite\DB\02.05.0001.1119\fr-fr\wordwheel.dll
0x621f0000 0x1f000 1.00.2536.0000 C:\WINDOWS\system32\MAPI32.dll
0x01510000 0x83000 2.05.0001.1119 C:\Program Files\MSN Toolbar Suite\EXT\02.05.0001.1119\fr-fr\msnlExtRes.dll
0x63bf0000 0x84000 2.05.0000.1105 C:\Program Files\MSN Toolbar Suite\TEM\02.05.0000.1105\fr-fr\Tem.dll
0x44160000 0x127000 7.00.6000.16674 C:\WINDOWS\system32\urlmon.dll
0x63fc0000 0x7000 2.05.0001.1119 C:\Program Files\MSN Toolbar Suite\SL\02.05.0001.1119\fr-fr\msn_slps.dll
0x13420000 0x1a000 11.00.5721.5145 C:\PROGRA~1\WINDOW~2\wmpband.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x44360000 0x5cd000 7.00.6000.16674 C:\WINDOWS\system32\ieframe.dll
0x442b0000 0x3c000 7.00.6000.16674 C:\WINDOWS\system32\webcheck.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x00d70000 0x19000 1.00.0000.0003 C:\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll
0x03ad0000 0x173000 1.01.0000.0006 C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll
0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MFC71.DLL
0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCR71.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCP71.dll
0x03d50000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
0x03db0000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
0x02340000 0x8000 1.00.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x028d0000 0x2c000 C:\Program Files\WinRAR\rarext.dll
0x023c0000 0x8000 1.00.0000.0001 C:\Program Files\MP3 Player Utilities 4.04\AMVConverter\AmvTransform.dll
0x04280000 0x13000 7.00.0000.0011 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
0x042a0000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL
0x043b0000 0x1c000 1.01.0223.0000 C:\WINDOWS\system32\CmdLineExt.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x04410000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll
0x64130000 0x79000 2.05.0000.1105 C:\Program Files\MSN Toolbar Suite\HV\02.05.0000.1105\fr-fr\msnHiliteViewer.dll
0x01b70000 0x1d000 2.05.0000.1105 C:\Program Files\MSN Toolbar Suite\HV\02.05.0000.1105\fr-fr\hvres.dll
0x63fd0000 0x80000 2.05.0000.1105 C:\Program Files\MSN Toolbar Suite\PB\02.05.0000.1105\fr-fr\msnPopupBlocker.dll
0x04b70000 0x2f000 2.05.0000.1105 C:\Program Files\MSN Toolbar Suite\PB\02.05.0000.1105\fr-fr\pgres.dll
0x04d30000 0x185000 1.05.0000.0011 C:\PROGRA~1\SPYBOT~1\SDHelper.dll
0x43ff0000 0xa000 7.00.6000.16674 C:\WINDOWS\system32\jsproxy.dll
0x01b30000 0x13000 1.00.0000.0001 C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll
0x04610000 0x92000 2.05.0000.1105 C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
0x046b0000 0x3d000 2.05.0000.1105 C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\mtbres.dll
0x05140000 0x54000 1.00.0000.0000 C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
0x60980000 0x7000 3.01.4000.1823 C:\WINDOWS\system32\MSISIP.DLL
0x74e10000 0x10000 5.06.0000.8820 C:\WINDOWS\system32\wshext.dll
0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL
0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\system32\wshFR.DLL
0x05640000 0x3b000 8.05.1302.1018 C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC8~1.DLL

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 484
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x10000000 0xe000 3.63.0004.0000 C:\WINDOWS\system32\MsgPlusLoader.dll
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x00fb0000 0x1d000 6.14.0010.4155 C:\WINDOWS\system32\Ati2evxx.dll
0x012a0000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est A8D8-486D

Répertoire de C:\WINDOWS\system32

05/08/2004 14:00 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 39 035 518 976 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est A8D8-486D

Répertoire de C:\WINDOWS\Downloaded Program Files

16/06/2008 20:53 <REP> .
16/06/2008 20:53 <REP> ..
04/12/2006 16:19 65 desktop.ini
09/02/2005 17:54 1 271 erma.inf
11/07/2006 09:41 345 656 ewidoOnlineScan.dll
13/04/2007 02:14 382 344 GAME_UNO1.dll
17/01/2007 15:44 316 GAME_UNO1.INF
11/12/2006 16:44 367 LegitCheckControl.inf
29/05/2003 16:00 160 864 messengerstatsclient.dll
23/02/2007 00:41 304 544 MessengerStatsPAClient.dll
29/05/2003 16:00 84 064 minesweeper.dll
29/05/2003 16:00 77 408 msgrchkr.dll
30/06/2005 16:19 227 MsnMessengerSetupDownloader.inf
14/08/2005 01:26 113 664 MsnMessengerSetupDownloader.ocx
28/02/2007 14:21 142 248 SolitaireShowdown.dll
09/11/2006 15:36 5 019 swflash.inf
26/05/2005 04:19 291 wuweb.inf
15 fichier(s) 1 618 348 octets

Total des fichiers listés :
15 fichier(s) 1 618 348 octets
2 Rép(s) 39 035 518 976 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..

Liste des fichiers en exception sur le pare-feu XP SP2

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\VideoLink Pro\\Engine.exe"="C:\\Program Files\\VideoLink Pro\\Engine.exe:*:Disabled:VideoLink Engine"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Infogrames\\Combat\\Combat.exe"="C:\\Program Files\\Infogrames\\Combat\\Combat.exe:*:Enabled:Combat"
"C:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"="C:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\EpieGames\\Parawolffist\\Parawolffist.exe"="C:\\Program Files\\EpieGames\\Parawolffist\\Parawolffist.exe:*:Enabled:CannonPlane"
"C:\\Program Files\\GigaByte\\VGA Utility Manager\\G-vga.exe"="C:\\Program Files\\GigaByte\\VGA Utility Manager\\G-vga.exe:*:Enabled:Menu"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableRegistryTools"=dword:00000000
"HideLegacyLogonScripts"=dword:00000000
"HideLogoffScripts"=dword:00000000
"RunLogonScriptSync"=dword:00000001
"RunStartupScriptSync"=dword:00000000
"HideStartupScripts"=dword:00000000

Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 15:17:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000001f6

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
160 - CDAC11BA.EXE
264 - alg.exe
408 - WindowsSearchIn
444 - csrss.exe
484 - winlogon.exe
528 - services.exe
540 - lsass.exe
592 - explorer.exe
696 - svchost.exe
1124 - BoontyGames.000
1200 - svchost.exe
1240 - svchost.exe
1284 - svchost.exe
1364 - svchost.exe
1392 - ati2evxx.exe
1740 - spoolsv.exe
1892 - avguard.exe
1960 - AppleMobileDevi
2012 - mDNSResponder.e
2100 - cmd.exe
2268 - E_FATI9BE.EXE
2320 - MsgPlus.exe
2352 - Boonty.exe
2424 - CamTray.exe
2560 - apdproxy.exe
2592 - CLI.exe
2644 - PicasaMediaDete
2660 - GoogleDesktop.e
2736 - CLI.exe
2884 - avgnt.exe
2916 - BoontyBox.exe
2940 - AnyDVDtray.exe
2976 - GoogleToolbarNo
2984 - msnmsgr.exe
3000 - ctfmon.exe
3204 - PBCheckGames.ex
3216 - CLI.exe
3296 - BTTray.exe
3340 - CalCheck.exe
3648 - WindowsSearch.e
3824 - BTSTAC~1.EXE
3940 - IMApp.exe

Total number of processes = 43
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntkrnlpa.exe
806CE000 - \WINDOWS\system32\hal.dll
F7ADB000 - \WINDOWS\system32\KDCOM.DLL
F79EB000 - \WINDOWS\system32\BOOTVID.dll
F74AB000 - ACPI.sys
F7ADD000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS
F749A000 - pci.sys
F75DB000 - isapnp.sys
F75EB000 - ohci1394.sys
F75FB000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS
F7BA3000 - pciide.sys
F785B000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
F760B000 - MountMgr.sys
F747B000 - ftdisk.sys
F7863000 - PartMgr.sys
F761B000 - VolSnap.sys
F7463000 - atapi.sys
F762B000 - disk.sys
F763B000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F7443000 - fltMgr.sys
F7431000 - sr.sys
F764B000 - PxHelp20.sys
F741A000 - KSecDD.sys
F738D000 - Ntfs.sys
F7360000 - NDIS.sys
F734C000 - sfvfs02.sys
F786B000 - sfhlp02.sys
F733A000 - sfdrv01.sys
F731F000 - Mup.sys
F77DB000 - \SystemRoot\system32\DRIVERS\intelppm.sys
F621E000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys
F620A000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F77EB000 - \SystemRoot\system32\DRIVERS\imapi.sys
F61F3000 - \SystemRoot\System32\Drivers\AnyDVD.sys
F7B29000 - \SystemRoot\System32\Drivers\ElbyDelay.sys
F78A3000 - \SystemRoot\System32\Drivers\ElbyCDFL.sys
F77FB000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F780B000 - \SystemRoot\system32\DRIVERS\redbook.sys
F61D0000 - \SystemRoot\system32\DRIVERS\ks.sys
F72D7000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys
F5F98000 - \SystemRoot\system32\drivers\ALCXWDM.SYS
F5F74000 - \SystemRoot\system32\drivers\portcls.sys
F781B000 - \SystemRoot\system32\drivers\drmk.sys
F78AB000 - \SystemRoot\system32\DRIVERS\usbohci.sys
F5F51000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F78B3000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F5F32000 - \SystemRoot\system32\DRIVERS\SiSGbeXP.sys
F5EFE000 - \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
F5DFF000 - \SystemRoot\system32\DRIVERS\HSF_DP.sys
F5D59000 - \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
F78BB000 - \SystemRoot\System32\Drivers\Modem.SYS
F782B000 - \SystemRoot\system32\DRIVERS\nic1394.sys
F5D07000 - \SystemRoot\system32\DRIVERS\serial.sys
F7A6B000 - \SystemRoot\system32\DRIVERS\serenum.sys
F5CF3000 - \SystemRoot\system32\DRIVERS\parport.sys
F783B000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
F78C3000 - \SystemRoot\system32\DRIVERS\mouclass.sys
F78CB000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F5C26000 - \SystemRoot\system32\DRIVERS\btkrnl.sys
F7C00000 - \SystemRoot\system32\DRIVERS\audstub.sys
F784B000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
F7A6F000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
F5C0F000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F6E9B000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F6E8B000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F78D3000 - \SystemRoot\system32\DRIVERS\TDI.SYS
F5BFE000 - \SystemRoot\system32\DRIVERS\psched.sys
F6E7B000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F78DB000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F78E3000 - \SystemRoot\system32\DRIVERS\raspti.sys
F6E6B000 - \SystemRoot\system32\DRIVERS\termdd.sys
F7B2B000 - \SystemRoot\system32\DRIVERS\swenum.sys
F5BA5000 - \SystemRoot\system32\DRIVERS\update.sys
F7A77000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F6E5B000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F6E2B000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F7B2D000 - \SystemRoot\system32\DRIVERS\USBD.SYS
F7B41000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7C5B000 - \SystemRoot\System32\Drivers\Null.SYS
F7B43000 - \SystemRoot\System32\Drivers\Beep.SYS
F7903000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
F790B000 - \SystemRoot\System32\drivers\vga.sys
F7B45000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7B47000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F7913000 - \SystemRoot\System32\Drivers\Msfs.SYS
F791B000 - \SystemRoot\System32\Drivers\Npfs.SYS
F6429000 - \SystemRoot\system32\DRIVERS\rasacd.sys
EDB52000 - \SystemRoot\system32\DRIVERS\ipsec.sys
EDAFA000 - \SystemRoot\system32\DRIVERS\tcpip.sys
EDAD2000 - \SystemRoot\system32\DRIVERS\netbt.sys
EDAB0000 - \SystemRoot\System32\drivers\afd.sys
F6AD5000 - \SystemRoot\system32\DRIVERS\netbios.sys
F7923000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys
EDA85000 - \SystemRoot\system32\DRIVERS\rdbss.sys
ED9EE000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
F6AC5000 - \SystemRoot\System32\Drivers\Fips.SYS
ED9CD000 - \SystemRoot\system32\DRIVERS\ipnat.sys
F7933000 - \SystemRoot\System32\Drivers\ElbyCDIO.sys
ED9BA000 - \SystemRoot\system32\DRIVERS\avipbb.sys
F7B4B000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
F6AA5000 - \SystemRoot\System32\Drivers\Cdfs.SYS
F793B000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS
ED97A000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F7B51000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
F72F3000 - \SystemRoot\System32\drivers\Dxapi.sys
F794B000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
F7C4D000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\ati2dvag.dll
BFA19000 - \SystemRoot\System32\ati2cqag.dll
BFA66000 - \SystemRoot\System32\atikvmag.dll
BFAB2000 - \SystemRoot\System32\ati3duag.dll
BFD40000 - \SystemRoot\System32\ativvaxx.dll
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
F777B000 - \SystemRoot\system32\DRIVERS\wanarp.sys
F778B000 - \SystemRoot\system32\DRIVERS\arp1394.sys
EB716000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
EB406000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
F7AF9000 - \SystemRoot\System32\Drivers\ParVdm.SYS
EB542000 - \SystemRoot\System32\Drivers\SENTINEL.SYS
EB3E6000 - \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS
EB212000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
EB30E000 - \SystemRoot\system32\DRIVERS\mdmxsdk.sys
EB3A6000 - \SystemRoot\system32\DRIVERS\secdrv.sys
EB170000 - \SystemRoot\system32\DRIVERS\srv.sys
F6920000 - \SystemRoot\system32\drivers\wdmaud.sys
EB63A000 - \SystemRoot\system32\drivers\sysaudio.sys
F6547000 - \SystemRoot\System32\Drivers\HTTP.sys
F7BEE000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 130

Liste des programmes installes

2001 TetRize version 1.31
5 Spots fr
7 Wonders fr
Abundante
AC3Filter (remove only)
Ad-Aware SE Personal
Adobe Acrobat 4.0 ME
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS
Adobe Reader 8.1.2 - Français
Adobe Stock Photos 1.0
Adobe Stock Photos 1.0
Adobe® Photoshop® Album Edition Découverte 3.0
Anglais Cm1-Cm2
AnyDVD
Apple Mobile Device Support
Apple Software Update
Apprendre à jouer à Magic
Arabian nights
Archiveur WinRAR
ArcSoft PhotoBase 3
ArcSoft PhotoImpression
ArcSoft VideoImpression 1.6
Assistant de connexion Windows Live
Astrobatics fr
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
ATI HydraVision
Audacity 1.2.6
AutoUpdate
Avanquest update
Avira AntiVir Personal – Free Antivirus
Barre d'outils MSN Search
Bejeweled
Bonjour
BoontyBox
CCleaner (remove only)
CDDC-Mahjongg (Supprimer uniquement)
CloneCD
CloneDVD2
Combat (remove only)
Correctif pour Windows Internet Explorer 7 (KB947864)
Cradle of Persia fr
Creative WebCam Center
Creative WebCam Live! Pro Driver (1.01.01.1011)
Dames 3D fr
Digital Video
Diner Dash - Flo on the Go fr
Diner Dash 2 Deluxe
Diner Dash fr
Diner Dash fr
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Dynasty
Elemental
EPSON CardMonitor
EPSON Copy Utility 3
EPSON Logiciel imprimante
EPSON PhotoQuicker3.5
EPSON PhotoStarter3.1
EPSON PRINT Image Framer Tool2.1
EPSON Scan
EPSON Smart Panel
EPSON Web-To-Page
Escape from paradise fr
ESCX3600 Guide de réf.
ESCX3600 Guide des logiciels
ffdshow (remove only)
Fireworks Extravaganza fr
Free Spider
Gemsweeper fr
GIGABYTE VGA Utility Manager
Google Desktop
Google Earth
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Hammer Heads
Harvest Mania To Go
Incrediball
IncrediMail Xe
Installer Yahoo! Messenger
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Jeune Styliste
Jeune Styliste HC Fix
K-Lite Codec Pack 3.3.0 Full
Kit de Connexion Alice ADSL
Lanceur du programme d'installation de Microsoft Works 2000
Language pack for Ad-Aware SE
Lecteur Windows Media 11
LimeWire 4.16.6
Luxor - Amun Rising
Luxor 2
Luxor 2 fr
Luxor Amun Rising Deluxe
Luxor Amun Rising fr
LUXOR Amun Rising fr
Luxor fr
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Manuel d'utilisation de Creative WebCam Live! Pro (Français)
Maxi Mots fr
Media Player Classic fr
Messenger Plus! 3 & Sponsor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2000 Standard
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Office PowerPoint Viewer 2007 (French)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
Motorola Phone Tools
MP3 Player Utilities 3.68
MP3 Player Utilities 4.04
Mr Quizz et la malédiction du Manoir
MSN
MSN Pictures Displayer 4.5
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero Suite
Nertz Solitaire fr
Norton™ Security Scan
Nostale Online FR (Remove)
OpenOffice.org Installer 1.0
Pack Luxor et Amun Rising fr
Parawolffist
Pcsx2 0.9.2 Watermoose
Peggle Deluxe 1.0
Picasa 2
Pirateville Deluxe
Pixia 3.3b
QuickTime
QuickTime Alternative 1.44
Rainbow Ruffle fr
Rainbow Web 2 fr
Real Alternative 1.35
RealArcade
RealPlayer
SafeCast Shared Components
Search Assistant Adssite
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
SoftV92 Data Fax Modem with SmartCP
Spybot - Search & Destroy
Storm Codec
The Magician's Handbook Deluxe
Time Breaker
Tinos Fruit Stand
Top 10 Solitaire fr
Totally Spies, le blues du monstre
Travelogue 360 - Paris fr
Téléchargeur de Beach Life fr
Téléchargeur de Ghost Recon Advance Warfighter fr
Téléchargeur de Mers Du Sud fr
Téléchargeur de Restaurant Empire fr
Téléchargeur de Silverfall fr
Téléchargeur de Singles 2 fr
Téléchargeur de Soirées et Fêtes Organiseur fr
Téléchargeur de Sonic Mega Collection Plus fr
Téléchargeur de Space Colony fr
Téléchargeur de War on Terror fr
Téléchargeur de Worms 4 Mayhem fr
Ulead COOL 360 1.0
Ulead Photo Express 4.0 SE
Ulead VideoStudio 7 SE Basic
VideoLAN VLC media player 0.8.5
VideoLink Pro
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Wonderland - Secret Worlds
XVID Codec Installation
XviD Video Codec 04102002-1 (Koepi's build with EPSZ ME)
Yahoo! Install Manager
Yahoo! Toolbar
Yahoo! Toolbar

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est A8D8-486D

Répertoire de C:\Program Files

19/06/2008 16:16 <REP> .
19/06/2008 16:16 <REP> ..
29/11/2005 18:38 <REP> AC3Filter
21/02/2008 10:13 <REP> Adobe
29/08/2007 18:07 <REP> Ahead
21/11/2005 19:48 <REP> Alice
13/03/2007 18:31 <REP> Alwil Software
03/05/2008 14:59 <REP> Apple Software Update
26/12/2005 17:33 <REP> ArcSoft
07/02/2007 16:05 <REP> ATI Technologies
04/09/2007 09:11 <REP> Audacity
17/01/2008 16:42 <REP> Avanquest update
17/06/2008 08:09 <REP> Avira
05/01/2008 01:38 <REP> BFG
11/08/2007 10:38 <REP> Billy Blade and the Temple of Time
29/11/2007 19:20 <REP> BitComet
03/05/2008 15:04 <REP> Bonjour
10/11/2006 20:39 <REP> Boonty
16/05/2008 19:25 <REP> BoontyGames
19/10/2007 19:40 <REP> Camfrog
28/10/2006 18:16 <REP> CCleaner
05/01/2008 01:38 <REP> CDDC-MahJongg
04/11/2005 20:11 <REP> ComPlus Applications
05/11/2005 16:18 <REP> CONEXANT
16/06/2006 08:13 <REP> Creative
02/12/2005 14:30 <REP> Digital Video
24/03/2007 17:02 <REP> Disney Interactive
05/01/2008 01:38 <REP> DivX
30/07/2007 02:36 <REP> eChanblard
29/11/2007 19:54 <REP> Eidos Interactive
18/03/2006 11:36 <REP> Elaborate Bytes
29/11/2007 18:27 <REP> eMule
25/07/2007 15:02 2 591 956 eMulePlus-1.2b.Installer.exe
30/04/2008 12:29 <REP> Enigma Software Group
20/11/2006 16:03 <REP> EpieGames
21/04/2008 18:11 <REP> epson
05/01/2008 01:38 <REP> Eracha
22/02/2006 21:35 <REP> ffdshow
17/06/2008 07:48 <REP> Fichiers communs
02/05/2007 07:07 <REP> Free Spider
29/12/2006 16:45 <REP> GigaByte
10/08/2007 10:16 <REP> Google
29/05/2008 07:43 <REP> Incredijeux
07/02/2007 15:37 <REP> IncrediMail
12/11/2006 13:45 <REP> Infogrames
06/12/2005 19:11 <REP> InterActual
16/06/2008 19:28 <REP> Internet Explorer
03/05/2008 15:06 <REP> iPod
03/05/2008 15:06 <REP> iTunes
17/06/2008 07:30 <REP> Java
02/04/2008 11:47 <REP> Jeune Styliste
30/12/2007 12:17 <REP> KaraFun
03/08/2007 15:25 13 043 226 klcodec330f.exe
03/08/2007 15:27 <REP> K-Lite Codec Pack
28/10/2006 18:13 <REP> Lavasoft
29/02/2008 17:18 <REP> LimeWire
21/06/2008 12:51 <REP> Malwarebytes' Anti-Malware
05/01/2008 01:38 <REP> Media Player Classic
05/05/2008 10:00 <REP> Mes Jeux Installés
05/01/2008 01:38 <REP> Messenger
15/04/2006 12:03 <REP> MessengerPlus! 3
17/06/2008 18:00 <REP> Microsoft CAPICOM 2.1.0.2
21/11/2005 18:23 <REP> microsoft frontpage
24/11/2005 18:07 <REP> Microsoft Money
16/07/2007 21:53 <REP> Microsoft Office
05/01/2008 01:38 <REP> Microsoft Works
24/11/2005 18:03 <REP> Microsoft Works Suite 2000
29/11/2007 20:00 <REP> Mindscape
05/01/2008 01:38 <REP> Motorola Phone Tools
04/11/2005 20:12 <REP> Movie Maker
10/08/2007 10:29 <REP> Mozilla Firefox
05/01/2007 17:31 <REP> MP3 Player Utilities 4.04
16/07/2007 21:53 <REP> MSECache
22/11/2005 15:14 <REP> MSN
19/03/2006 16:33 <REP> MSN Games
04/11/2005 20:11 <REP> MSN Gaming Zone
15/05/2008 12:11 <REP> MSN Pictures Displayer
10/02/2006 11:29 <REP> MSN Toolbar Suite
18/11/2006 17:19 <REP> MSXML 4.0
04/11/2005 20:12 <REP> NetMeeting
06/12/2005 17:54 <REP> Norton AntiVirus
31/08/2007 15:00 <REP> Norton Security Scan
29/11/2007 19:26 <REP> Oberon Media
04/11/2005 20:11 <REP> Online Services
13/06/2007 06:26 <REP> Outlook Express
23/11/2007 20:01 <REP> Pcsx2
12/11/2006 14:52 <REP> PhotoFiltre
05/08/2007 18:06 <REP> Picasa2
05/01/2008 01:38 <REP> PopCap Games
07/02/2007 16:23 <REP> QuickTime
03/05/2008 15:03 <REP> QuickTime Alternative
03/03/2006 17:01 <REP> Real
05/01/2008 01:38 <REP> Real Alternative
10/12/2005 13:31 <REP> ReflexiveArcade
05/01/2007 17:53 <REP> Ringz Studio
03/03/2006 16:59 774 144 RngInterstitial.dll
01/10/2006 14:59 <REP> RoadRoll
15/01/2008 21:25 <REP> Seagrand
04/11/2005 20:13 <REP> Services en ligne
27/10/2006 18:06 <REP> Show
25/04/2007 07:01 <REP> Size Date Find
27/05/2006 17:37 <REP> Slickball
21/11/2005 18:32 <REP> SlySoft
04/03/2007 10:35 <REP> Smart Panel
21/04/2008 17:59 <REP> SPAMfighter
02/05/2008 18:23 <REP> Spybot - Search & Destroy
17/06/2008 07:30 <REP> Sun
30/04/2008 18:20 <REP> SUPERAntiSpyware
12/01/2008 13:54 <REP> Téléchargeur de Beach Life
08/10/2006 11:29 <REP> Téléchargeur de Ghost Recon Advance Warfighter
05/01/2008 01:38 <REP> Téléchargeur de Pacific Fighters
05/01/2008 01:38 <REP> Téléchargeur de Peter Jackson's King Kong
05/01/2008 01:38 <REP> Téléchargeur de Peter Jackson's King Kong - Gamer Edition
06/04/2008 20:02 <REP> Téléchargeur de Restaurant Empire
08/04/2008 16:07 <REP> Téléchargeur de Singles 2
12/01/2008 14:47 <REP> Téléchargeur de Soirées et Fêtes Organiseur
04/04/2008 10:14 <REP> Téléchargeur de Sonic Mega Collection Plus
12/01/2008 14:45 <REP> Téléchargeur de Space Colony
28/04/2006 18:24 <REP> TLC-Edusoft
15/02/2008 18:16 <REP> TLKGAMES
22/06/2008 19:20 <REP> Trend Micro
20/11/2006 16:17 <REP> Trymedia
11/07/2006 18:06 <REP> Ubisoft
02/12/2005 15:27 <REP> Ulead Systems
30/12/2007 11:41 <REP> vanBasco's Karaoke Player
24/07/2006 14:34 <REP> VideoLAN
05/01/2008 01:38 <REP> VideoLink Pro
13/09/2006 18:11 <REP> VTech
27/10/2006 16:57 <REP> WIDCOMM
09/02/2006 16:23 <REP> WildTangent
17/06/2008 07:49 <REP> Windows Live
05/01/2008 01:38 <REP> Windows Media Connect 2
29/04/2007 17:33 <REP> Windows Media Player
04/11/2005 20:11 <REP> Windows NT
02/11/2006 09:27 <REP> WinRAR
08/09/2006 19:36 <REP> Wizards of the Coast
04/11/2005 20:17 <REP> xerox
05/01/2008 01:38 <REP> XviD
03/12/2005 16:01 <REP> Yahoo!
24/05/2008 08:29 <REP> Zylom Games
3 fichier(s) 16 409 326 octets
137 Rép(s) 39 028 490 240 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est A8D8-486D

Répertoire de C:\Program Files\fichiers communs

17/06/2008 07:48 <REP> .
17/06/2008 07:48 <REP> ..
21/02/2008 10:13 <REP> Adobe
18/02/2006 19:54 <REP> Adobe Systems Shared
17/11/2005 18:14 <REP> Ahead
03/05/2008 14:58 <REP> Apple
10/12/2005 17:18 <REP> BOONTY Shared
21/11/2005 18:25 <REP> Designer
22/11/2005 12:28 <REP> InstallShield
19/02/2007 16:37 <REP> Java
26/01/2006 18:01 <REP> Macrovision Shared
17/06/2008 07:49 <REP> Microsoft Shared
04/11/2005 20:12 <REP> MSSoap
29/11/2005 17:55 <REP> Nero
29/05/2008 07:43 <REP> Oberon Media
04/11/2005 21:06 <REP> ODBC
22/01/2008 16:25 <REP> Real
21/04/2008 18:12 <REP> Sandlot Shared
30/04/2008 08:16 <REP> Services
26/12/2005 17:24 <REP> Smith Micro Shared
04/11/2005 21:06 <REP> SpeechEngines
01/09/2007 07:38 <REP> Symantec Shared
13/06/2007 06:26 <REP> System
02/12/2005 15:22 <REP> Ulead Systems
22/01/2008 16:25 <REP> xing shared
0 fichier(s) 0 octets
25 Rép(s) 39 028 486 144 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est A8D8-486D

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

04/11/2005 20:21 <REP> .
04/11/2005 20:21 <REP> ..
18/05/2001 16:57 561 209 MSONSEXT.DLL
03/06/1999 13:09 122 937 MSOWS409.DLL
07/03/2001 08:00 127 033 MSOWS40c.DLL
18/03/1999 06:37 593 977 RAGENT.DLL
4 fichier(s) 1 405 156 octets
2 Rép(s) 39 028 486 144 octets libres

c:\Documents and Settings\All Users\Application Data\Alawar Stargaze\Hyperballoid2\en\unins000.exe
c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.2.9\iTunesSetupAdmin.exe
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\chocolatier\fr-FR\chocolatier.exe
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\dinerdash2\fr-FR\dinerdash2.exe
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\ZylomExtension\HardwareTest.exe
c:\Documents and Settings\amelie\Bureau\PhotoFiltre\PhotoFiltre.exe
c:\Documents and Settings\amelie\Bureau\PhotoFiltre\Uninst.exe
c:\Documents and Settings\Dédé\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\Documents and Settings\Dédé\Bureau\SlickballSetup.exe
c:\Documents and Settings\Dédé\Mes documents\karafun_101b.exe
c:\Documents and Settings\Dédé\Mes documents\vkaraoke.exe
c:\Documents and Settings\Dédé\Mes documents\WoW-1.9.4-frFR-Installer\Installer.exe
c:\Documents and Settings\Dédé\Mes documents\WoW-1.9.4-frFR-Installer\DirectX\dxsetup.exe
c:\Documents and Settings\remi\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\Documents and Settings\remi\Application Data\Microsoft\Installer\{0AA3AF26-2FA7-4719-9A97-664CD6D332F6}\ARPPRODUCTICON.exe
c:\Documents and Settings\remi\Application Data\Microsoft\Installer\{0AA3AF26-2FA7-4719-9A97-664CD6D332F6}\NewShortcut1_0AA3AF262FA747199A97664CD6D332F6.exe
c:\Documents and Settings\remi\Application Data\Microsoft\Installer\{0AA3AF26-2FA7-4719-9A97-664CD6D332F6}\NewShortcut3_0AA3AF262FA747199A97664CD6D332F6.exe
c:\Documents and Settings\remi\Application Data\Microsoft\Installer\{0AA3AF26-2FA7-4719-9A97-664CD6D332F6}\Uninstall_Learn_to_p_0AA3AF262FA747199A97664CD6D332F6.exe
c:\Documents and Settings\remi\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_16496df1.exe
c:\Documents and Settings\remi\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_18be6784.exe
c:\Documents and Settings\remi\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_294823.exe
c:\Documents and Settings\remi\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_2cd672ae.exe
c:\Documents and Settings\remi\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_4ae13d6c.exe
c:\Documents and Settings\remi\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_69525f90.exe
c:\Documents and Settings\remi\Bureau\Alcohol120_trial_1.9.6.5429.exe
c:\Documents and Settings\remi\Bureau\MsnSearchToolbarSetup_fr-fr.exe
c:\Documents and Settings\remi\Bureau\NosTale_FR_20080319.exe
c:\Documents and Settings\remi\Bureau\RPG_RT.exe
c:\Documents and Settings\remi\Bureau\Emulateur PSX\ePSXe.exe
c:\Documents and Settings\remi\Bureau\ffalpha_V2.0\Setup.exe
c:\Documents and Settings\remi\Bureau\Pc vs Mac\MACBLAST.EXE
c:\Documents and Settings\remi\Bureau\PSX2PSP 1.1\PSX2PSP.exe
c:\Documents and Settings\remi\Bureau\super smash bros melee\Emulateur PSX\ePSXe.exe
c:\Documents and Settings\remi\Mes documents\Mes images\jeux\VisualBoyAdvance.exe
c:\Documents and Settings\Thalie\.limewire\.NetworkShare\LimeWireWin4.16.6.exe
c:\Documents and Settings\Thalie\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe
c:\Documents and Settings\Thalie\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\Thalie\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\Thalie\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\Thalie\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Thalie\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\Thalie\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\Thalie\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\Thalie\Bureau\DiagHelp\gzip.exe
c:\Documents and Settings\Thalie\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Thalie\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\Thalie\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Thalie\Bureau\DiagHelp\md5sums.exe
c:\Documents and Settings\Thalie\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\Thalie\Bureau\DiagHelp\sigcheck.exe
c:\Documents and Settings\Thalie\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\Thalie\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\Thalie\Bureau\DiagHelp\tar.exe
c:\Documents and Settings\Thalie\Bureau\jeux\yoda_soccer_070\yoda_soccer.exe
c:\Documents and Settings\Thalie\Local Settings\Application Data\IM\Identities\{F679376D-350F-42BC-B430-BA2B0C5008BF}\Message Store\Attachments\Pamela-ATTN.exe
c:\Documents and Settings\Thalie\Mes documents\Bejeweled 2 Deluxe [ found on PeerAnia.com].exe
c:\Documents and Settings\Thalie\Mes documents\WinBej2.exe
c:\Documents and Settings\Thalie\Mes documents\STAGE REMI\Tempo\Photoshop_CS2_F_TryOut\instmsia.exe
c:\Documents and Settings\Thalie\Mes documents\STAGE REMI\Tempo\Photoshop_CS2_F_TryOut\instmsiw.exe
c:\Documents and Settings\Thalie\Mes documents\STAGE REMI\Tempo\Photoshop_CS2_F_TryOut\setup.exe
c:\Documents and Settings\valerie\Bureau\Install MPD.exe
c:\Documents and Settings\valerie\Local Settings\Application Data\Google\Picasa2\update\LifescapeUpdater\setup.exe
c:\Documents and Settings\All Users\Application Data\Alawar Stargaze\Hyperballoid2\en\bass.dll
c:\Documents and Settings\All Users\Application Data\Alawar Stargaze\Hyperballoid2\en\FLEXnet Activation Service Installer.dll
c:\Documents and Settings\All Users\Application Data\Alawar Stargaze\Hyperballoid2\en\game.dll
c:\Documents and Settings\All Users\Application Data\Alawar Stargaze\Hyperballoid2\en\NxCooking.dll
c:\Documents and Settings\All Users\Application Data\Alawar Stargaze\Hyperballoid2\en\NxPhysics.dll
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aecore.dll
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeemu.dll
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aegen.dll
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aehelp.dll
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeheur.dll
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeoffice.dll
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aepack.dll
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aerdl.dll
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aescn.dll
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aescript.dll
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aevdf.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\USMT\iconlib.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\MyZylomExtension\MyZylomExtension.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\PlayfirstExtension\PlayfirstExtension.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\ShangriLa2\fr-FR\fmod.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\ShangriLa2\fr-FR\Shangrila2.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\ZylomDeluxeInstaller\ZylomDeluxeInstaller.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\ZylomExtension\ZylomExtension.dll
c:\Documents and Settings\amelie\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\Dédé\Application Data\Identities\{00009BV5-V6E6-N99D-O8SF-9VRP3OLUMVIB}\xmlparse.dll
c:\Documents and Settings\Dédé\Application Data\Identities\{00009BV5-V6E6-N99D-O8SF-9VRP3OLUMVJ0}\xmlparse.dll
c:\Documents and Settings\Dédé\Application Data\Identities\{0004LVIV-J73B-KKMS-6OG1-5VTHJTSI0VVV}\xmlparse.dll
c:\Documents and Settings\Dédé\Application Data\Identities\{000HQ7FF-AD7A-3FG3-USK1-22JKKIT3EVVD}\xmlparse.dll
c:\Documents and Settings\Dédé\Application Data\Identities\{000HQ7FF-AD7A-3FG4-7162-239Q3NAHCVU8}\xmlparse.dll
c:\Documents and Settings\Dédé\Application Data\Identities\{000HQ7FF-AD7A-3FG6-5I21-21UMR3484VVA}\xmlparse.dll
c:\Documents and Settings\Dédé\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
c:\Documents and Settings\remi\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{00009BV5-V6E6-N99D-O8SF-9VRP3OLUMVK3}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{00013KEU-UKQE-K6V0-DNSL-22H2BN66GVVO}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG1-0C15-24GTSFND4VVA}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG1-UOH6-232NI3D9QVV1}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG2-BTPP-21HGNJ8AQVVQ}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG3-4A90-24BL1LF8IVVD}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG3-8AT4-258NF6K78VV2}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG3-M7KB-24AAHNHOQVVE}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG3-M7KB-24AAHNHOQVVM}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG3-NSEA-256L3V7L2VVM}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG3-RD83-23EFBBCPGVVC}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG3-VK8A-25GG67KOIVUJ}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG3-VK8A-25GG67KOIVV3}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG3-VK8A-25GG67KOIVVO}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG4-7162-239Q3NAHCVVC}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG4-JM9C-24JLMUCREVUJ}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVRV}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG4-OIBL-25SSVB6LMVV7}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG4-SA0C-22B8SP58AVV3}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG5-49D7-2630EVQ4IVVA}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG5-CHL5-24516UNKQ674}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG5-EF3Q-2491NM57EVVG}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG5-KO19-25DIJFDG6VUK}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG6-LH31-23G9CBQV6VSL}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG6-LH31-23G9CBQV6VUQ}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG6-NHPR-247TGT4QGVVN}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG6-OKQM-24KG7RVO4VUM}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG6-S7TH-22P2K55U4VUU}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG7-7R56-23RS4QKC0VUD}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG7-7R56-23RS4QKC0VV8}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG7-7R56-23RS4QKC0VVF}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG7-9568-243JELPN2VVD}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG7-9568-243JELPN2VVP}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG7-DNQC-2227NIQAQVVA}\xmlparse.dll
c:\Documents and Settings\Thalie\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\valerie\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll

****** Fin du rapport DiagHelp

sKe69 · Answer

Les analyses sont très longues mais je suppose que c'est normal.  ---> tout à fait , c'est normale ^^


1- Il y a qlque chose qui me chagrine sur le rapport hijackthis , j'aimerai que l'on arrête le service concernant Boonty Games ( nid à spam et autres ) 
Voici une petite information sur Boonty games :

Leur politique : 

"Il se peut que nous partageons aussi des informations payantes avec des tiers 
qui fournissent des services payants et partage des données regroupées montrant le type 
et le nombre de jeux vidéos que vous téléchargez, votre âge, votre sexe, vos occupations, 
niveau d'éducation, localité géographique, données sur l'équipement de votre ordinateur, 
internet et intérêts pour les jeux vidéos, activités et entraînement des jeux édités. 
De plus, nous partageons les adresses email avec des tiers fournisseurs de compte mails 
qui nous assistent en envoyant nos mails a de nombreux clients en même temps..." 

Si tu n'y vois aucune objection , libre à toi ... on passe .

sinon pour supprimer ,fais ce qui suit : 

Désactivation de service : 
- Cliques sur Démarrer ---> Exécuter 
- Saisis : Services.msc puis OK 
- Choisis le mode "Etendu" (onglets inférieurs) 
- Grâce à la barre de défilement (à droite) recherches le service suivant: 

Code: 
" Boonty Games " 

- Quand le service est trouvé, pointes dessus, double-clique (bouton gauche). 
- Dans la fenêtre suivante qui apparaît, sous l'onglet Général cliques sur le bouton Arrêter, 
puis déroules le Type de Démarrage pour le modifier en "Désactivé" 
- Cliques sur "Appliquer" puis OK 

Tuto si besoin : https://www.zebulon.fr/dossiers/windows/31-services.html 

Ensuite rends toi su ton PC ici : "C:\Program Files\Common Files\BOONTY " <---supprimes ce dossier ( et tout son contenu ...) . 

2- Tu as MessengerPlus! 3 ( ici : C:\Program Files\MessengerPlus! 3\MsgPlus.exe )

--> il faudrai que tu le désinstalles puis le réinstaller en REFUSANT le sponsor ... Regardes cette astuce pour ce fair : 
http://www.commentcamarche.net/faq/sujet 2490 popups ouverture de fenetres internet publicitaires pop up#autres infections generant des fenetres publicitaires

Une fois ces deux point vu , undernier scan en ligne :

3- -Fais un scan antivirus en ligne, avec Internet Explorer et accepter l'ActiveX :
https://www.bitdefender.fr/ 
(pour le rapport ,qui est un doc IE , clik sur l'onglet "plus de détailles" : et à la fin du scan tu demandes à le sauvegarder sur ton bureau) 

--->fais un copier/coller et postes le rapport dans ta prochaine réponse ... 

Aide : En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE 
Dans la nouvelle fenêtre, clique sur j’accepte .
La fenêtre change encore, clique sur scanner .
Les signatures se chargent, etc.

Ensuite , on finalysera ...  ;)

isa24 · Answer

Voila le rapport bit defender : 

BitDefender Online Scanner
  
  
 
Rapport d'analyse généré à: Mon, Jun 23, 2008 - 21:50:44
 
 
  
  
 
Voie d'analyse: C:\;D:\;E:\;G:\;H:\;I:\;J:\;
  
  
 
 
  
  
 
Statistiques
 
Temps
 04:46:16
 
Fichiers
 103241
 
Directoires
 17905
 
Secteurs de boot
 2
 
Archives
 1533
 
Paquets programmes
 8680
 
  
  
 
Résultats
 
Virus identifiés
 2
 
Fichiers infectés
 4
 
Fichiers suspects
 0
 
Avertissements
 0
 
Désinfectés
 0
 
Fichiers effacés
 0
 
  
  
 
Info sur les moteurs
 
Définition virus
 1262603
 
Version des moteurs
 AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
 
Analyse des plugins
 16
 
Archive des plugins
 42
 
Unpack des plugins
 7
 
E-mail plugins
 6
 
Système plugins
 5
 
  
  
 
Paramètres d'analyse
 
Première action
 Désinfecté
 
Seconde Action
 Supprimé
 
Heuristique
 Oui
 
Acceptez les avertissements
 Oui
 
Extensions analysées
 exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
 
Excludez les extensions
  
 
Analyse d'emails
 Oui
 
Analyse des Archives
 Oui
 
Analyser paquets programmes
 Oui
 
Analyse des fichiers
 Oui
 
Analyse de boot
 Oui
 
  
  
 
  Fichier analysé
  Statut
 
C:\Documents and Settings\Thalie\Local Settings\Application Data\IM\Identities\{F679376D-350F-42BC-B430-BA2B0C5008BF}\Message Store\Attachments\Pamela-ATTN.exe
 Infecté par: Joke.Cursor.A
 
C:\Documents and Settings\Thalie\Local Settings\Application Data\IM\Identities\{F679376D-350F-42BC-B430-BA2B0C5008BF}\Message Store\Attachments\Pamela-ATTN.exe
 Echec de la désinfection
 
C:\Documents and Settings\Thalie\Local Settings\Application Data\IM\Identities\{F679376D-350F-42BC-B430-BA2B0C5008BF}\Message Store\Attachments\Pamela-ATTN.exe
 Echec de la suppression
 
C:\Program Files\Oberon Media\Incrediball\SlgClientServicesRedists.exe
 Infecté par: Trojan.Generic.189697
 
C:\Program Files\Oberon Media\Incrediball\SlgClientServicesRedists.exe
 Echec de la désinfection
 
C:\Program Files\Oberon Media\Incrediball\SlgClientServicesRedists.exe
 Echec de la suppression
 
C:\System Volume Information\_restore{F8BA3C52-2657-4922-B82B-3595DA1AFD00}\RP17\A0007661.exe
 Infecté par: Joke.Cursor.A
 
C:\System Volume Information\_restore{F8BA3C52-2657-4922-B82B-3595DA1AFD00}\RP17\A0007661.exe
 Echec de la désinfection
 
C:\System Volume Information\_restore{F8BA3C52-2657-4922-B82B-3595DA1AFD00}\RP17\A0007661.exe
 Echec de la suppression
 
C:\System Volume Information\_restore{F8BA3C52-2657-4922-B82B-3595DA1AFD00}\RP17\A0007662.exe
 Infecté par: Trojan.Generic.189697
 
C:\System Volume Information\_restore{F8BA3C52-2657-4922-B82B-3595DA1AFD00}\RP17\A0007662.exe
 Echec de la désinfection
 
C:\System Volume Information\_restore{F8BA3C52-2657-4922-B82B-3595DA1AFD00}\RP17\A0007662.exe
 Echec de la suppression

sKe69 · Answer

Bien ... il restes des saltés ...

1-Avoir accès aux fichiers cachés. 
Menu Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage 
"Afficher les fichiers et dossiers cachés" ---> coché 
"Masquer les extensions des fichiers dont le type est connu" ---> décoché

2-Télécharges SDFix sur ton bureau :
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe. 

--->Double clique sur SDFix.exe et choisis "Install" .

Puis une fois l'instale faite ,redémarre en mode sans échec . 
Comment aller en Mode sans échec :
1) Redémarre ton ordi 
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" 
3) Tu verras un écran avec options de démarrage apparaître 
4) Choisis la première option : Sans Échec, et valide avec "Entrée" 
5) Choisis ton compte habituel, et non Administrateur (si besoin ... ) 

Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script. 
--->Tape Y pour lancer le script. 
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
presses une touche pour redémarrer quand il te le sera demandé . 

Le PC va mettre du temps avant de démarrer ( c'est normale ), après le chargement du Bureau presses une touche lorsque "Finished" s'affiche .

Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier C:\SDFix sous le nom "Report.txt".
Postes ce dernier dans ta prochaine réponse pour analyse ...

isa24 · Answer

Voila le rapport SDFix :

[b]SDFix: Version 1.196 [/b]
Run by Thalie on 24/06/2008 at 08:14

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]: 

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:
 


                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 12:54:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\VideoLink Pro\Engine.exe"="C:\Program Files\VideoLink Pro\Engine.exe:*:Disabled:VideoLink Engine"
"C:\Program Files\VideoLink Pro\SMListenEngine.exe"="C:\Program Files\VideoLink Pro\SMListenEngine.exe:*:Enabled:Tray Listening Engine"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Infogrames\Combat\Combat.exe"="C:\Program Files\Infogrames\Combat\Combat.exe:*:Enabled:Combat"
"C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe"="C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer"
"C:\Program Files\EpieGames\Parawolffist\Parawolffist.exe"="C:\Program Files\EpieGames\Parawolffist\Parawolffist.exe:*:Enabled:CannonPlane"
"C:\Program Files\GigaByte\VGA Utility Manager\G-vga.exe"="C:\Program Files\GigaByte\VGA Utility Manager\G-vga.exe:*:Enabled:Menu"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Sun 16 Sep 2007            24 ..SH. --- "C:\WINDOWS\S222913AB.tmp"
Sun  5 Aug 2007     5,388,088 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 28 Jan 2008     1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008     5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008     2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Mon 21 Nov 2005         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue  3 Jul 2007     2,383,872 ...H. --- "C:\Program Files\PopCap Games\Peggle Deluxe\popcapgame1.exe"
Sun 29 Apr 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Wed  7 May 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\71fa8e4b1f1c72b0e3a5d30a0a049f55\BITA.tmp"
Wed 18 Jun 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\74c894d34ade36c7c397472b8bec2c10\BIT3E.tmp"
Thu 10 Apr 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c57cd590c1f8d8f8f70d62332e13288c\BITB.tmp"
Fri  4 Apr 2008        14,499 ...HR --- "C:\Documents and Settings\D‚d‚\Application Data\SecuROM\UserData\securom_v7_01.bak"
Sat 16 Dec 2006     1,942,016 ...H. --- "C:\Documents and Settings\Thalie\Application Data\Microsoft\Word\~WRL0005.tmp"
Mon 21 Nov 2005         4,348 ...H. --- "C:\Documents and Settings\valerie\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Sat  9 Sep 2006            20 A..H. --- "C:\Documents and Settings\valerie\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Tue  1 Aug 2006           400 A.SH. --- "C:\Documents and Settings\valerie\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Mon 21 Nov 2005         4,348 A..H. --- "C:\Documents and Settings\Thalie\Mes documents\sauvegarde 2\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Sat 28 Oct 2006            20 A..H. --- "C:\Documents and Settings\Thalie\Mes documents\sauvegarde 2\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Tue  1 Aug 2006           400 A.SH. --- "C:\Documents and Settings\Thalie\Mes documents\sauvegarde 2\Ma musique\Sauvegarde de la licence\drmv2key.bak"

[b]Finished![/b]

sKe69 · Answer

rien de ce côté là ...

Fais ce-ci :

Télécharges GenProc  (de Jean-Chretien1 et Narco4) sur ton bureau (et pas ailleur !) :
http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip 

!!Déconnectes toi et fermes tes application en cours !!

Dézippes (extraire tout) le dossier : double-clique sur GenProc.bat et laisses faire...
Postes le contenu du rapport qui s'ouvre . 

Aide en images ici : http://www.alt-shift-return.org/Info/GenProc-HowTo.html 
IMPORTANT : postes le rapport et ne fait rien d'autre pour l'instant ( souvant il faut ajouter des consignes à la manipe indiquée pour que cela fonctionne parfaitement ) .

isa24 · Answer

voila le rapport :
Rapport GenProc 1.972 [1] effectué le 24/06/2008 à 16:58:07,26 - Windows XP  

Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.
 
# Etape 1/ Télécharge :  
  
- Lop S&D.exe (Eric 71 & Angeldark) https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2 sur ton bureau. 
 
- MSNFix.zip (!aur3n7) http://sosvirus.changelog.fr/MSNFix.zip et décompresse-le sur le Bureau. 
 
 
***** Copie la suite de la procédure dans un fichier texte et redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ (choisis ta session courante "Thalie") ***** 
 
 
# Etape 2/ 
 
Lance le fichier MSNFix.bat qui se trouve dans le dossier MSNfix, sur le bureau.
- Exécute l'option R.
- Si l'infection est détectée, exécute l'option N.
- Sauvegarde ce rapport sur ton bureau. 
 
# Etape 3/ 
 
Double-clique sur Lop S&D pour lancer l'installation, séléctionne la langue souhaitée, puis choisis l'Option 2 - Suppression - et patiente jusqu'à ce qu'il ait terminé. 
 
# Etape 4/ 
 
Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout. 
 
# Etape 5/ 

Redémarre normalement et poste, dans la même réponse : 
- Un nouveau rapport HijackThis, toutes fenêtres et applications fermées http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.exe ; 
- Le contenu du rapport MSNfix situé sur le Bureau ; 
- Le contenu du rapport C:\lopR.txt ; 


Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

sKe69 · Answer

bien , on va voir :

Télécharges Lop S&D :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

Double clik sur sur l'.exe que tu viens de télécharger pour lancer l'instale .

Une fois l'instalation faite, click droit sur le raccourci et choisis " exécuter entant qu' admin..." .  

Là,laisses toi guider: 
--->choisis l'option 1 (recherche) et valides.

(Tu ne fais pas l'option de nettoyage ( 2 ou 3) ).
 
Une fois le scan terminer ,le Bloc-Notes contenant le rapport va s'ouvrir.
Postes ce rapport dans ta prochaine réponse pour analyse .

Tuto : https://sites.google.com/site/eric71mespages/lop.sd.exe

isa24 · Answer

juste une chose : impossible d'executer en tant qu'administrateur, il me dit que l'accès est impossible, je l'ai donc effectué sur l'utilisateur courant qui est un compte administrateur j'espère que ca ira quand même.
Voilà le rapport obtenu :

-----------------------[  Lop S&D 4.2.1-8  XP/Vista  ]---------------------

   [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
   [ USER : Thalie ] [ "C:\Lop SD" ] [ Selection : 1 ]
   [ 24/06/2008 | 17:14:33,65 ] [ PC : SECR-5EE85B317A ]
   [ MAJ : 24-06-2008 | 11:00 ]
 
   -------------[ Listing des dossiers dans Application Data ]------------  

   [04/11/2005|21:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
   [04/11/2005|20:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

   [17/05/2008|14:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.zreglib
   [21/02/2008|10:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [18/02/2006|20:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
   [29/11/2005|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
   [25/03/2008|11:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Alawar Stargaze
   [02/01/2008|19:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Aliasworlds
   [03/05/2008|14:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
   [22/10/2006|19:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [17/06/2008|08:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
   [14/03/2008|10:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Awem
   [20/05/2006|14:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
   [27/05/2007|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
   [07/08/2006|08:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Chasing Dogs Studios
   [22/12/2007|13:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Christmasville
   [04/12/2006|16:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
   [07/12/2005|16:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
   [23/02/2008|15:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EA
   [02/01/2007|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Elaborate Bytes
   [08/04/2008|16:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Escape From Paradise
   [23/11/2007|14:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Friends Games
   [23/02/2008|11:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Gogii
   [18/09/2006|18:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
   [20/12/2007|19:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grey Alien Games
   [21/09/2007|19:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
   [21/06/2006|17:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
   [16/06/2008|12:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [23/06/2008|16:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
   [16/06/2008|10:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [10/02/2006|11:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN Search Toolbar
   [22/12/2007|14:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
   [06/04/2008|09:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\My Games
   [24/11/2007|12:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NeptunesAdve
   [04/12/2006|15:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1
View_Profiles
   [11/11/2007|12:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
   [28/05/2007|18:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
   [17/07/2007|11:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
   [16/05/2008|14:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecretsOfOlympus
   [10/11/2007|10:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
   [19/03/2007|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
   [23/06/2008|16:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
   [09/04/2008|08:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SugarGames
   [30/04/2008|13:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
   [06/12/2005|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
   [29/05/2008|08:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
   [13/04/2007|14:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TERMINAL Studio
   [14/04/2007|08:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Test bone comp inside
   [05/11/2006|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
   [22/11/2005|12:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
   [02/12/2005|15:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
   [06/07/2006|11:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [17/06/2008|07:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
   [03/12/2005|16:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
   [22/09/2006|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

   [23/01/2007|17:32] C:\DOCUME~1\amelie\APPLIC~1\Adobe
   [04/03/2006|14:16] C:\DOCUME~1\amelie\APPLIC~1\AdobeUM
   [03/08/2006|20:19] C:\DOCUME~1\amelie\APPLIC~1\Alawar
   [06/07/2006|17:15] C:\DOCUME~1\amelie\APPLIC~1\Apple Computer
   [31/12/2006|15:49] C:\DOCUME~1\amelie\APPLIC~1\ATI
   [18/02/2006|16:55] C:\DOCUME~1\amelie\APPLIC~1\Creative
   [04/11/2005|21:06] C:\DOCUME~1\amelie\APPLIC~1\desktop.ini
   [23/11/2007|19:33] C:\DOCUME~1\amelie\APPLIC~1\DivX
   [30/09/2006|19:15] C:\DOCUME~1\amelie\APPLIC~1\Google
   [29/08/2006|17:52] C:\DOCUME~1\amelie\APPLIC~1\Help
   [18/02/2006|16:55] C:\DOCUME~1\amelie\APPLIC~1\Identities
   [18/03/2006|12:18] C:\DOCUME~1\amelie\APPLIC~1\Macromedia
   [31/12/2006|16:12] C:\DOCUME~1\amelie\APPLIC~1\Media Player Classic
   [29/03/2007|17:35] C:\DOCUME~1\amelie\APPLIC~1\Microsoft
   [18/02/2006|16:56] C:\DOCUME~1\amelie\APPLIC~1\MSN Search Toolbar
   [10/03/2006|15:31] C:\DOCUME~1\amelie\APPLIC~1\PlayFirst
   [31/10/2006|16:25] C:\DOCUME~1\amelie\APPLIC~1\Real
   [18/02/2006|16:56] C:\DOCUME~1\amelie\APPLIC~1\SlySoft
   [30/04/2006|10:44] C:\DOCUME~1\amelie\APPLIC~1\Smart Panel
   [20/06/2007|22:09] C:\DOCUME~1\amelie\APPLIC~1\SPAMfighter
   [05/11/2007|18:41] C:\DOCUME~1\amelie\APPLIC~1\Sun

   [04/12/2006|16:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
   [04/11/2005|20:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

   [28/12/2006|18:21] C:\DOCUME~1\DDD570~1\APPLIC~1\.zreglib
   [18/03/2006|08:20] C:\DOCUME~1\DDD570~1\APPLIC~1\7Wonders
   [04/04/2008|16:32] C:\DOCUME~1\DDD570~1\APPLIC~1\Adobe
   [28/07/2007|15:46] C:\DOCUME~1\DDD570~1\APPLIC~1\AdobeUM
   [05/12/2005|10:55] C:\DOCUME~1\DDD570~1\APPLIC~1\Ahead
   [24/07/2007|22:36] C:\DOCUME~1\DDD570~1\APPLIC~1\Alawar
   [27/12/2005|10:58] C:\DOCUME~1\DDD570~1\APPLIC~1\Apple Computer
   [25/12/2005|09:39] C:\DOCUME~1\DDD570~1\APPLIC~1\ArcSoft
   [29/12/2006|16:42] C:\DOCUME~1\DDD570~1\APPLIC~1\ATI
   [11/11/2007|15:14] C:\DOCUME~1\DDD570~1\APPLIC~1\Big Fish Games
   [20/11/2006|21:36] C:\DOCUME~1\DDD570~1\APPLIC~1\Camfrog
   [12/07/2006|14:11] C:\DOCUME~1\DDD570~1\APPLIC~1\CamfrogBar
   [26/04/2007|15:16] C:\DOCUME~1\DDD570~1\APPLIC~1\Chicken Chase
   [30/12/2005|12:33] C:\DOCUME~1\DDD570~1\APPLIC~1\Creative
   [08/06/2007|15:40] C:\DOCUME~1\DDD570~1\APPLIC~1\CTXM
   [04/11/2005|21:06] C:\DOCUME~1\DDD570~1\APPLIC~1\desktop.ini
   [01/12/2007|19:00] C:\DOCUME~1\DDD570~1\APPLIC~1\DivX
   [15/01/2007|22:01] C:\DOCUME~1\DDD570~1\APPLIC~1\dvdcss
   [23/04/2006|16:56] C:\DOCUME~1\DDD570~1\APPLIC~1\Elaborate Bytes
   [30/03/2008|12:59] C:\DOCUME~1\DDD570~1\APPLIC~1\EPSON
   [11/11/2007|12:29] C:\DOCUME~1\DDD570~1\APPLIC~1\FlowPlay
   [01/07/2007|14:51] C:\DOCUME~1\DDD570~1\APPLIC~1\fltk.org
   [18/11/2007|10:42] C:\DOCUME~1\DDD570~1\APPLIC~1\ForgottenRiddles
   [30/11/2005|12:36] C:\DOCUME~1\DDD570~1\APPLIC~1\Free Spider TreeCardGames
   [10/02/2007|10:53] C:\DOCUME~1\DDD570~1\APPLIC~1\funkitron
   [25/11/2007|20:29] C:\DOCUME~1\DDD570~1\APPLIC~1\Gaijin Ent
   [23/02/2008|13:02] C:\DOCUME~1\DDD570~1\APPLIC~1\Gamelab
   [06/04/2008|09:59] C:\DOCUME~1\DDD570~1\APPLIC~1\gemsweeperextractedgfx
   [19/09/2006|16:01] C:\DOCUME~1\DDD570~1\APPLIC~1\Google
   [25/11/2005|17:10] C:\DOCUME~1\DDD570~1\APPLIC~1\Help
   [14/11/2007|20:00] C:\DOCUME~1\DDD570~1\APPLIC~1\Hulabee
   [06/11/2006|16:56] C:\DOCUME~1\DDD570~1\APPLIC~1\Identities
   [01/11/2007|19:31] C:\DOCUME~1\DDD570~1\APPLIC~1\Intenium
   [14/07/2007|16:15] C:\DOCUME~1\DDD570~1\APPLIC~1\iWin
   [02/01/2008|17:35] C:\DOCUME~1\DDD570~1\APPLIC~1\Jane s Hotel
   [21/11/2006|12:53] C:\DOCUME~1\DDD570~1\APPLIC~1\Lavasoft
   [21/04/2007|07:20] C:\DOCUME~1\DDD570~1\APPLIC~1\Leadertech
   [28/10/2007|12:15] C:\DOCUME~1\DDD570~1\APPLIC~1\Legends of pirates
   [28/05/2008|16:43] C:\DOCUME~1\DDD570~1\APPLIC~1\LimeWire
   [10/02/2006|23:38] C:\DOCUME~1\DDD570~1\APPLIC~1\Macromedia
   [30/04/2008|19:08] C:\DOCUME~1\DDD570~1\APPLIC~1\Malwarebytes
   [29/12/2006|17:53] C:\DOCUME~1\DDD570~1\APPLIC~1\Media Player Classic
   [28/06/2007|15:12] C:\DOCUME~1\DDD570~1\APPLIC~1\Microsoft
   [21/11/2005|18:23] C:\DOCUME~1\DDD570~1\APPLIC~1\Microsoft Web Folders
   [11/11/2007|12:16] C:\DOCUME~1\DDD570~1\APPLIC~1\Mind Control Software
   [07/06/2006|17:03] C:\DOCUME~1\DDD570~1\APPLIC~1\Mozilla
   [10/02/2006|18:04] C:\DOCUME~1\DDD570~1\APPLIC~1\MSN Search Toolbar
   [22/11/2005|18:40] C:\DOCUME~1\DDD570~1\APPLIC~1\MSNInstaller
   [14/07/2007|15:12] C:\DOCUME~1\DDD570~1\APPLIC~1\MysteryStudio
   [20/12/2007|18:13] C:\DOCUME~1\DDD570~1\APPLIC~1\PlayFirst
   [28/10/2007|20:13] C:\DOCUME~1\DDD570~1\APPLIC~1\Pogo Games
   [08/07/2007|17:16] C:\DOCUME~1\DDD570~1\APPLIC~1\PTV Game
   [09/12/2005|18:47] C:\DOCUME~1\DDD570~1\APPLIC~1\Real
   [08/11/2007|19:23] C:\DOCUME~1\DDD570~1\APPLIC~1\ScreenSeven
   [08/10/2006|11:29] C:\DOCUME~1\DDD570~1\APPLIC~1\SecuROM
   [29/12/2006|17:09] C:\DOCUME~1\DDD570~1\APPLIC~1\SlySoft
   [30/11/2005|09:34] C:\DOCUME~1\DDD570~1\APPLIC~1\Smart Panel
   [28/05/2007|20:24] C:\DOCUME~1\DDD570~1\APPLIC~1\SPAMfighter
   [26/11/2005|17:09] C:\DOCUME~1\DDD570~1\APPLIC~1\Sun
   [30/04/2008|18:20] C:\DOCUME~1\DDD570~1\APPLIC~1\SUPERAntiSpyware.com
   [01/11/2007|19:30] C:\DOCUME~1\DDD570~1\APPLIC~1\Super-Cow
   [25/11/2005|17:35] C:\DOCUME~1\DDD570~1\APPLIC~1\Symantec
   [07/12/2005|13:48] C:\DOCUME~1\DDD570~1\APPLIC~1\Template
   [02/12/2005|15:31] C:\DOCUME~1\DDD570~1\APPLIC~1\Ulead Systems
   [23/09/2006|14:30] C:\DOCUME~1\DDD570~1\APPLIC~1\UNBALANCE
   [24/07/2006|14:36] C:\DOCUME~1\DDD570~1\APPLIC~1\vlc
   [04/02/2006|19:22] C:\DOCUME~1\DDD570~1\APPLIC~1\Wildfire
   [25/11/2007|19:42] C:\DOCUME~1\DDD570~1\APPLIC~1\wklnhst.dat
   [06/11/2006|16:56] C:\DOCUME~1\DDD570~1\APPLIC~1\Zylom



   [29/08/2007|17:06] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
   [29/04/2007|17:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [05/04/2007|14:30] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
   [06/12/2005|13:13] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

   [08/11/2006|18:52] C:\DOCUME~1emi\APPLIC~1\.zreglib
   [21/09/2007|10:26] C:\DOCUME~1emi\APPLIC~1\Adobe
   [15/04/2006|19:45] C:\DOCUME~1emi\APPLIC~1\AdobeUM
   [28/05/2006|00:06] C:\DOCUME~1emi\APPLIC~1\Alawar
   [09/05/2006|20:34] C:\DOCUME~1emi\APPLIC~1\Apple Computer
   [09/07/2006|14:51] C:\DOCUME~1emi\APPLIC~1\ArcSoft
   [30/12/2006|13:30] C:\DOCUME~1emi\APPLIC~1\ATI
   [18/02/2006|17:21] C:\DOCUME~1emi\APPLIC~1\Creative
   [04/11/2005|21:06] C:\DOCUME~1emi\APPLIC~1\desktop.ini
   [06/06/2007|14:21] C:\DOCUME~1emi\APPLIC~1\DivX
   [01/08/2006|12:30] C:\DOCUME~1emi\APPLIC~1\Elaborate Bytes
   [04/09/2007|11:20] C:\DOCUME~1emi\APPLIC~1\fltk.org
   [04/09/2007|11:08] C:\DOCUME~1emi\APPLIC~1\Google
   [16/05/2006|20:45] C:\DOCUME~1emi\APPLIC~1\Help
   [18/02/2006|17:21] C:\DOCUME~1emi\APPLIC~1\Identities
   [10/01/2007|20:56] C:\DOCUME~1emi\APPLIC~1\Leadertech
   [29/05/2008|10:44] C:\DOCUME~1emi\APPLIC~1\LimeWire
   [17/09/2006|19:04] C:\DOCUME~1emi\APPLIC~1\Macromedia
   [04/01/2007|17:06] C:\DOCUME~1emi\APPLIC~1\Media Player Classic
   [19/07/2007|01:44] C:\DOCUME~1emi\APPLIC~1\Microsoft
   [18/02/2006|17:22] C:\DOCUME~1emi\APPLIC~1\MSN Search Toolbar
   [17/09/2006|19:13] C:\DOCUME~1emi\APPLIC~1\PlayFirst
   [25/01/2008|11:14] C:\DOCUME~1emi\APPLIC~1\Real
   [24/02/2006|20:03] C:\DOCUME~1emi\APPLIC~1\SlySoft
   [25/06/2006|19:52] C:\DOCUME~1emi\APPLIC~1\Smart Panel
   [06/06/2007|14:15] C:\DOCUME~1emi\APPLIC~1\SPAMfighter
   [01/08/2006|11:27] C:\DOCUME~1emi\APPLIC~1\vlc

   [02/01/2007|17:26] C:\DOCUME~1\Thalie\APPLIC~1\.zreglib
   [07/12/2005|00:25] C:\DOCUME~1\Thalie\APPLIC~1\123 Free Solitaire
   [21/04/2006|09:09] C:\DOCUME~1\Thalie\APPLIC~1\7Wonders
   [04/02/2008|12:57] C:\DOCUME~1\Thalie\APPLIC~1\Adobe
   [18/11/2006|17:02] C:\DOCUME~1\Thalie\APPLIC~1\AdobeDLM.log
   [26/06/2007|06:48] C:\DOCUME~1\Thalie\APPLIC~1\AdobeUM
   [01/08/2006|09:55] C:\DOCUME~1\Thalie\APPLIC~1\Ahead
   [27/05/2006|17:39] C:\DOCUME~1\Thalie\APPLIC~1\alawar
   [17/03/2006|19:09] C:\DOCUME~1\Thalie\APPLIC~1\Apple Computer
   [25/12/2005|21:14] C:\DOCUME~1\Thalie\APPLIC~1\ArcSoft
   [29/12/2006|22:45] C:\DOCUME~1\Thalie\APPLIC~1\ATI
   [19/03/2007|08:09] C:\DOCUME~1\Thalie\APPLIC~1\BitDownload
   [06/03/2007|13:53] C:\DOCUME~1\Thalie\APPLIC~1\Canvas Multi-Media
   [07/08/2006|08:53] C:\DOCUME~1\Thalie\APPLIC~1\Chasing Dogs Studios
   [30/12/2005|14:21] C:\DOCUME~1\Thalie\APPLIC~1\Creative
   [04/11/2005|21:06] C:\DOCUME~1\Thalie\APPLIC~1\desktop.ini
   [29/04/2007|17:28] C:\DOCUME~1\Thalie\APPLIC~1\DivX
   [13/10/2006|06:46] C:\DOCUME~1\Thalie\APPLIC~1\dm.ini
   [16/09/2007|18:59] C:\DOCUME~1\Thalie\APPLIC~1\dvdcss
   [06/02/2006|20:40] C:\DOCUME~1\Thalie\APPLIC~1\EA
   [24/11/2006|19:25] C:\DOCUME~1\Thalie\APPLIC~1\Elaborate Bytes
   [12/02/2008|14:25] C:\DOCUME~1\Thalie\APPLIC~1\Free Spider TreeCardGames
   [22/07/2007|11:28] C:\DOCUME~1\Thalie\APPLIC~1\Gaijin Ent
   [10/08/2007|10:24] C:\DOCUME~1\Thalie\APPLIC~1\Google
   [12/12/2005|14:26] C:\DOCUME~1\Thalie\APPLIC~1\Help
   [24/05/2008|08:30] C:\DOCUME~1\Thalie\APPLIC~1\Identities
   [27/05/2007|11:43] C:\DOCUME~1\Thalie\APPLIC~1\InstallShield
   [02/05/2007|12:40] C:\DOCUME~1\Thalie\APPLIC~1\iWin
   [28/10/2006|18:14] C:\DOCUME~1\Thalie\APPLIC~1\Lavasoft
   [10/01/2007|10:58] C:\DOCUME~1\Thalie\APPLIC~1\Leadertech
   [25/02/2006|19:28] C:\DOCUME~1\Thalie\APPLIC~1\Macromedia
   [21/06/2008|12:51] C:\DOCUME~1\Thalie\APPLIC~1\Malwarebytes
   [21/01/2007|13:32] C:\DOCUME~1\Thalie\APPLIC~1\Media Player Classic
   [29/12/2006|22:45] C:\DOCUME~1\Thalie\APPLIC~1\Microsoft
   [04/06/2006|08:58] C:\DOCUME~1\Thalie\APPLIC~1\Mozilla
   [10/02/2006|11:30] C:\DOCUME~1\Thalie\APPLIC~1\MSN Search Toolbar
   [24/05/2008|08:45] C:\DOCUME~1\Thalie\APPLIC~1\Pirateville
   [04/11/2007|12:17] C:\DOCUME~1\Thalie\APPLIC~1\PlayFirst
   [06/12/2005|22:19] C:\DOCUME~1\Thalie\APPLIC~1\Real
   [25/04/2007|07:02] C:\DOCUME~1\Thalie\APPLIC~1\Size Date Find
   [05/05/2007|18:06] C:\DOCUME~1\Thalie\APPLIC~1\SlySoft
   [03/12/2005|17:28] C:\DOCUME~1\Thalie\APPLIC~1\Smart Panel
   [31/05/2007|18:17] C:\DOCUME~1\Thalie\APPLIC~1\SPAMfighter
   [30/05/2007|15:21] C:\DOCUME~1\Thalie\APPLIC~1\Sun
   [10/08/2007|10:28] C:\DOCUME~1\Thalie\APPLIC~1\Talkback
   [05/12/2005|15:33] C:\DOCUME~1\Thalie\APPLIC~1\Template
   [11/02/2006|19:34] C:\DOCUME~1\Thalie\APPLIC~1\Ulead Systems
   [31/07/2006|11:34] C:\DOCUME~1\Thalie\APPLIC~1\vlc
   [21/04/2008|21:52] C:\DOCUME~1\Thalie\APPLIC~1\wklnhst.dat
   [24/05/2008|08:30] C:\DOCUME~1\Thalie\APPLIC~1\Zylom

   [26/11/2006|18:10] C:\DOCUME~1\valerie\APPLIC~1\.zreglib
   [28/02/2008|17:09] C:\DOCUME~1\valerie\APPLIC~1\Adobe
   [04/03/2006|20:48] C:\DOCUME~1\valerie\APPLIC~1\AdobeUM
   [04/08/2006|17:25] C:\DOCUME~1\valerie\APPLIC~1\Alawar
   [25/02/2006|20:01] C:\DOCUME~1\valerie\APPLIC~1\Apple Computer
   [29/12/2006|18:52] C:\DOCUME~1\valerie\APPLIC~1\ATI
   [18/02/2006|17:01] C:\DOCUME~1\valerie\APPLIC~1\Creative
   [04/11/2005|21:06] C:\DOCUME~1\valerie\APPLIC~1\desktop.ini
   [30/04/2007|19:45] C:\DOCUME~1\valerie\APPLIC~1\DivX
   [26/11/2006|18:10] C:\DOCUME~1\valerie\APPLIC~1\Elaborate Bytes
   [18/09/2006|17:48] C:\DOCUME~1\valerie\APPLIC~1\Google
   [18/02/2006|17:00] C:\DOCUME~1\valerie\APPLIC~1\Identities
   [10/01/2007|18:22] C:\DOCUME~1\valerie\APPLIC~1\Leadertech
   [02/06/2006|15:42] C:\DOCUME~1\valerie\APPLIC~1\Macromedia
   [30/04/2007|19:45] C:\DOCUME~1\valerie\APPLIC~1\Media Player Classic
   [29/12/2006|18:52] C:\DOCUME~1\valerie\APPLIC~1\Microsoft
   [15/05/2008|12:11] C:\DOCUME~1\valerie\APPLIC~1\MSN Pictures Displayer
   [18/02/2006|17:01] C:\DOCUME~1\valerie\APPLIC~1\MSN Search Toolbar
   [28/02/2006|19:34] C:\DOCUME~1\valerie\APPLIC~1\PlayFirst
   [04/03/2006|15:09] C:\DOCUME~1\valerie\APPLIC~1\Real
   [22/02/2006|14:50] C:\DOCUME~1\valerie\APPLIC~1\SlySoft
   [11/06/2007|18:07] C:\DOCUME~1\valerie\APPLIC~1\SPAMfighter
   [07/06/2006|11:38] C:\DOCUME~1\valerie\APPLIC~1\Ulead Systems
 
   ----------------[ Tâches planifiées dans C:\WINDOWS	asks ]---------------

   [16/05/2008 15:00][--a------] C:\WINDOWS	asks\Norton Security Scan.job
   [22/05/2008 22:51][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [24/06/2008 12:47][--ah-----] C:\WINDOWS	asks\SA.DAT
   [05/08/2004 14:00][-r-h-----] C:\WINDOWS	asks\desktop.ini
 
   ---------------[ Listing des dossiers dans C:\Program Files ]--------------
 
   [29/11/2005|18:38] C:\Program Files\AC3Filter
   [21/02/2008|10:13] C:\Program Files\Adobe
   [29/08/2007|18:07] C:\Program Files\Ahead
   [21/11/2005|19:48] C:\Program Files\Alice
   [13/03/2007|18:31] C:\Program Files\Alwil Software
   [03/05/2008|14:59] C:\Program Files\Apple Software Update
   [26/12/2005|17:33] C:\Program Files\ArcSoft
   [07/02/2007|16:05] C:\Program Files\ATI Technologies
   [04/09/2007|09:11] C:\Program Files\Audacity
   [17/01/2008|16:42] C:\Program Files\Avanquest update
   [17/06/2008|08:09] C:\Program Files\Avira
   [05/01/2008|01:38] C:\Program Files\BFG
   [11/08/2007|10:38] C:\Program Files\Billy Blade and the Temple of Time
   [29/11/2007|19:20] C:\Program Files\BitComet
   [03/05/2008|15:04] C:\Program Files\Bonjour
   [23/06/2008|15:56] C:\Program Files\Boonty
   [16/05/2008|19:25] C:\Program Files\BoontyGames
   [19/10/2007|19:40] C:\Program Files\Camfrog
   [28/10/2006|18:16] C:\Program Files\CCleaner
   [05/01/2008|01:38] C:\Program Files\CDDC-MahJongg
   [04/11/2005|20:11] C:\Program Files\ComPlus Applications
   [05/11/2005|16:18] C:\Program Files\CONEXANT
   [16/06/2006|08:13] C:\Program Files\Creative
   [02/12/2005|14:30] C:\Program Files\Digital Video
   [24/03/2007|17:02] C:\Program Files\Disney Interactive
   [05/01/2008|01:38] C:\Program Files\DivX
   [30/07/2007|02:36] C:\Program Files\eChanblard
   [29/11/2007|19:54] C:\Program Files\Eidos Interactive
   [18/03/2006|11:36] C:\Program Files\Elaborate Bytes
   [29/11/2007|18:27] C:\Program Files\eMule
   [25/07/2007|15:02] C:\Program Files\eMulePlus-1.2b.Installer.exe
   [30/04/2008|12:29] C:\Program Files\Enigma Software Group
   [20/11/2006|16:03] C:\Program Files\EpieGames
   [21/04/2008|18:11] C:\Program Files\epson
   [05/01/2008|01:38] C:\Program Files\Eracha
   [22/02/2006|21:35] C:\Program Files\ffdshow
   [17/06/2008|07:48] C:\Program Files\Fichiers communs
   [02/05/2007|07:07] C:\Program Files\Free Spider
   [29/12/2006|16:45] C:\Program Files\GigaByte
   [10/08/2007|10:16] C:\Program Files\Google
   [29/05/2008|07:43] C:\Program Files\Incredijeux
   [07/02/2007|15:37] C:\Program Files\IncrediMail
   [12/11/2006|13:45] C:\Program Files\Infogrames
   [21/04/2008|18:11] C:\Program Files\InstallShield Installation Information
   [06/12/2005|19:11] C:\Program Files\InterActual
   [16/06/2008|19:28] C:\Program Files\Internet Explorer
   [03/05/2008|15:06] C:\Program Files\iPod
   [03/05/2008|15:06] C:\Program Files\iTunes
   [17/06/2008|07:30] C:\Program Files\Java
   [02/04/2008|11:47] C:\Program Files\Jeune Styliste
   [30/12/2007|12:17] C:\Program Files\KaraFun
   [03/08/2007|15:25] C:\Program Files\klcodec330f.exe
   [03/08/2007|15:27] C:\Program Files\K-Lite Codec Pack
   [28/10/2006|18:13] C:\Program Files\Lavasoft
   [29/02/2008|17:18] C:\Program Files\LimeWire
   [21/06/2008|12:51] C:\Program Files\Malwarebytes' Anti-Malware
   [05/01/2008|01:38] C:\Program Files\Media Player Classic
   [05/05/2008|10:00] C:\Program Files\Mes Jeux Install‚s
   [05/01/2008|01:38] C:\Program Files\Messenger
   [23/06/2008|16:33] C:\Program Files\Messenger Plus! Live
   [17/06/2008|18:00] C:\Program Files\Microsoft CAPICOM 2.1.0.2
   [21/11/2005|18:23] C:\Program Files\microsoft frontpage
   [24/11/2005|18:07] C:\Program Files\Microsoft Money
   [16/07/2007|21:53] C:\Program Files\Microsoft Office
   [05/01/2008|01:38] C:\Program Files\Microsoft Works
   [24/11/2005|18:03] C:\Program Files\Microsoft Works Suite 2000
   [29/11/2007|20:00] C:\Program Files\Mindscape
   [05/01/2008|01:38] C:\Program Files\Motorola Phone Tools
   [04/11/2005|20:12] C:\Program Files\Movie Maker
   [10/08/2007|10:29] C:\Program Files\Mozilla Firefox
   [05/01/2007|17:31] C:\Program Files\MP3 Player Utilities 4.04
   [16/07/2007|21:53] C:\Program Files\MSECache
   [22/11/2005|15:14] C:\Program Files\MSN
   [19/03/2006|16:33] C:\Program Files\MSN Games
   [04/11/2005|20:11] C:\Program Files\MSN Gaming Zone
   [15/05/2008|12:11] C:\Program Files\MSN Pictures Displayer
   [10/02/2006|11:29] C:\Program Files\MSN Toolbar Suite
   [18/11/2006|17:19] C:\Program Files\MSXML 4.0
   [04/11/2005|20:12] C:\Program Files\NetMeeting
   [06/12/2005|17:54] C:\Program Files\Norton AntiVirus
   [31/08/2007|15:00] C:\Program Files\Norton Security Scan
   [29/11/2007|19:26] C:\Program Files\Oberon Media
   [04/11/2005|20:11] C:\Program Files\Online Services
   [13/06/2007|06:26] C:\Program Files\Outlook Express
   [23/11/2007|20:01] C:\Program Files\Pcsx2
   [12/11/2006|14:52] C:\Program Files\PhotoFiltre
   [05/08/2007|18:06] C:\Program Files\Picasa2
   [05/01/2008|01:38] C:\Program Files\PopCap Games
   [07/02/2007|16:23] C:\Program Files\QuickTime
   [03/05/2008|15:03] C:\Program Files\QuickTime Alternative
   [03/03/2006|17:01] C:\Program Files\Real
   [05/01/2008|01:38] C:\Program Files\Real Alternative
   [10/12/2005|13:31] C:\Program Files\ReflexiveArcade
   [05/01/2007|17:53] C:\Program Files\Ringz Studio
   [03/03/2006|16:59] C:\Program Files\RngInterstitial.dll
   [01/10/2006|14:59] C:\Program Files\RoadRoll
   [15/01/2008|21:25] C:\Program Files\Seagrand
   [04/11/2005|20:13] C:\Program Files\Services en ligne
   [27/10/2006|18:06] C:\Program Files\Show
   [25/04/2007|07:01] C:\Program Files\Size Date Find
   [27/05/2006|17:37] C:\Program Files\Slickball
   [21/11/2005|18:32] C:\Program Files\SlySoft
   [04/03/2007|10:35] C:\Program Files\Smart Panel
   [21/04/2008|17:59] C:\Program Files\SPAMfighter
   [23/06/2008|16:47] C:\Program Files\Spybot - Search & Destroy
   [17/06/2008|07:30] C:\Program Files\Sun
   [30/04/2008|18:20] C:\Program Files\SUPERAntiSpyware
   [12/01/2008|13:54] C:\Program Files\T‚l‚chargeur de Beach Life
   [08/10/2006|11:29] C:\Program Files\T‚l‚chargeur de Ghost Recon Advance Warfighter
   [05/01/2008|01:38] C:\Program Files\T‚l‚chargeur de Pacific Fighters
   [05/01/2008|01:38] C:\Program Files\T‚l‚chargeur de Peter Jackson's King Kong
   [05/01/2008|01:38] C:\Program Files\T‚l‚chargeur de Peter Jackson's King Kong - Gamer Edition
   [06/04/2008|20:02] C:\Program Files\T‚l‚chargeur de Restaurant Empire
   [08/04/2008|16:07] C:\Program Files\T‚l‚chargeur de Singles 2
   [12/01/2008|14:47] C:\Program Files\T‚l‚chargeur de Soir‚es et Fˆtes Organiseur
   [04/04/2008|10:14] C:\Program Files\T‚l‚chargeur de Sonic Mega Collection Plus
   [12/01/2008|14:45] C:\Program Files\T‚l‚chargeur de Space Colony
   [28/04/2006|18:24] C:\Program Files\TLC-Edusoft
   [15/02/2008|18:16] C:\Program Files\TLKGAMES
   [22/06/2008|19:20] C:\Program Files\Trend Micro
   [20/11/2006|16:17] C:\Program Files\Trymedia
   [11/07/2006|18:06] C:\Program Files\Ubisoft
   [02/12/2005|15:27] C:\Program Files\Ulead Systems
   [04/11/2005|20:20] C:\Program Files\Uninstall Information
   [30/12/2007|11:41] C:\Program Files\vanBasco's Karaoke Player
   [24/07/2006|14:34] C:\Program Files\VideoLAN
   [05/01/2008|01:38] C:\Program Files\VideoLink Pro
   [13/09/2006|18:11] C:\Program Files\VTech
   [27/10/2006|16:57] C:\Program Files\WIDCOMM
   [09/02/2006|16:23] C:\Program Files\WildTangent
   [17/06/2008|07:49] C:\Program Files\Windows Live
   [05/01/2008|01:38] C:\Program Files\Windows Media Connect 2
   [29/04/2007|17:33] C:\Program Files\Windows Media Player
   [04/11/2005|20:11] C:\Program Files\Windows NT
   [04/11/2005|20:13] C:\Program Files\WindowsUpdate
   [02/11/2006|09:27] C:\Program Files\WinRAR
   [08/09/2006|19:36] C:\Program Files\Wizards of the Coast
   [04/11/2005|20:17] C:\Program Files\xerox
   [05/01/2008|01:38] C:\Program Files\XviD
   [03/12/2005|16:01] C:\Program Files\Yahoo!
   [24/05/2008|08:29] C:\Program Files\Zylom Games
  
   ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
   
   [21/02/2008|10:13] C:\Program Files\Fichiers communs\Adobe
   [18/02/2006|19:54] C:\Program Files\Fichiers communs\Adobe Systems Shared
   [17/11/2005|18:14] C:\Program Files\Fichiers communs\Ahead
   [03/05/2008|14:58] C:\Program Files\Fichiers communs\Apple
   [10/12/2005|17:18] C:\Program Files\Fichiers communs\BOONTY Shared
   [21/11/2005|18:25] C:\Program Files\Fichiers communs\Designer
   [22/11/2005|12:28] C:\Program Files\Fichiers communs\InstallShield
   [19/02/2007|16:37] C:\Program Files\Fichiers communs\Java
   [26/01/2006|18:01] C:\Program Files\Fichiers communs\Macrovision Shared
   [17/06/2008|07:49] C:\Program Files\Fichiers communs\Microsoft Shared
   [04/11/2005|20:12] C:\Program Files\Fichiers communs\MSSoap
   [29/11/2005|17:55] C:\Program Files\Fichiers communs\Nero
   [29/05/2008|07:43] C:\Program Files\Fichiers communs\Oberon Media
   [04/11/2005|21:06] C:\Program Files\Fichiers communs\ODBC
   [22/01/2008|16:25] C:\Program Files\Fichiers communs\Real
   [21/04/2008|18:12] C:\Program Files\Fichiers communs\Sandlot Shared
   [30/04/2008|08:16] C:\Program Files\Fichiers communs\Services
   [26/12/2005|17:24] C:\Program Files\Fichiers communs\Smith Micro Shared
   [04/11/2005|21:06] C:\Program Files\Fichiers communs\SpeechEngines
   [01/09/2007|07:38] C:\Program Files\Fichiers communs\Symantec Shared
   [13/06/2007|06:26] C:\Program Files\Fichiers communs\System
   [02/12/2005|15:22] C:\Program Files\Fichiers communs\Ulead Systems
   [17/06/2008|07:48] C:\Program Files\Fichiers communs\WindowsLiveInstaller
   [22/01/2008|16:25] C:\Program Files\Fichiers communs\xing shared

   ---------------------------[ Process ]--------------------------

   ... 53

   ... OK !

   ----------------------[ Recherche avec S_Lop ]---------------------

   Aucun fichier / dossier Lop trouvé ! 
 
   -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

   C:\DOCUME~1\Thalie\APPLIC~1\Bitdownload
   C:\DOCUME~1\Thalie\APPLIC~1\Bitdownload\Data
   C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Bitdownload
 
   ----------------------[ Verification du Registre ]----------------------
 
   ..... OK !

   --------------------[ Verification du fichier Hosts ]---------------------

   Fichier Hosts PROPRE


   ----------------[ Recherche de fichiers avec Catchme ]-----------------
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-06-24 17:17:20
   Windows 5.1.2600 Service Pack 2 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 0
 
   --------------------[ Recherche d'autres infections ]---------------------

   => C:\Documents and Settings\Thalie\Local Settings\Application Data\IM\Animation\firecracker.ima


   [F:10][D:3]-> C:\DOCUME~1\Thalie\LOCALS~1\Temp
   [F:18][D:0]-> C:\DOCUME~1\Thalie\Cookies
   [F:270][D:5]-> C:\DOCUME~1\Thalie\LOCALS~1\TEMPOR~1\content.IE5

   --------------------[ Fin du rapport a 17:19:16,92  ]----------------------

sKe69 · Answer

relances Lop S&D .

Là,laisses toi guider: 
--->choisis l'option 3 (recherche) et valides.
 
Une fois le scan terminer ,le Bloc-Notes contenant le rapport va s'ouvrir.
Postes ce nouveau rapport dans ta prochaine réponse pour analyse .

isa24 · Answer

voila le nouveau rapport :

   -----------------------[  Lop S&D 4.2.1-8  XP/Vista  ]---------------------

   [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
   [ USER : Thalie ] [ "C:\Lop SD" ] [ Selection : 3 ]
   [ 24/06/2008 | 17:55:24,57 ] [ PC : SECR-5EE85B317A ]
   [ MAJ : 24-06-2008 | 11:00 ]


   \\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

   Echec   ! - C:\DOCUME~1\Thalie\APPLIC~1\Bitdownload\Data
   Supprime! - C:\DOCUME~1\Thalie\APPLIC~1\Bitdownload
   Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Bitdownload
 
   //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\ 

 
   -------------[ Listing des dossiers dans APPLIC~1 ]------------  

   [04/11/2005|21:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
   [04/11/2005|20:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

   [17/05/2008|14:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.zreglib
   [21/02/2008|10:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [18/02/2006|20:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
   [29/11/2005|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
   [25/03/2008|11:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Alawar Stargaze
   [02/01/2008|19:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Aliasworlds
   [03/05/2008|14:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
   [22/10/2006|19:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [17/06/2008|08:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
   [14/03/2008|10:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Awem
   [20/05/2006|14:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
   [27/05/2007|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
   [07/08/2006|08:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Chasing Dogs Studios
   [22/12/2007|13:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Christmasville
   [04/12/2006|16:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
   [07/12/2005|16:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
   [23/02/2008|15:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EA
   [02/01/2007|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Elaborate Bytes
   [08/04/2008|16:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Escape From Paradise
   [23/11/2007|14:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Friends Games
   [23/02/2008|11:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Gogii
   [18/09/2006|18:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
   [20/12/2007|19:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grey Alien Games
   [21/09/2007|19:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
   [21/06/2006|17:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
   [16/06/2008|12:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [23/06/2008|16:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
   [16/06/2008|10:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [10/02/2006|11:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN Search Toolbar
   [22/12/2007|14:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
   [06/04/2008|09:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\My Games
   [24/11/2007|12:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NeptunesAdve
   [04/12/2006|15:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1
View_Profiles
   [11/11/2007|12:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
   [28/05/2007|18:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
   [17/07/2007|11:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
   [16/05/2008|14:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecretsOfOlympus
   [10/11/2007|10:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
   [19/03/2007|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
   [23/06/2008|16:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
   [09/04/2008|08:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SugarGames
   [30/04/2008|13:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
   [06/12/2005|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
   [29/05/2008|08:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
   [13/04/2007|14:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TERMINAL Studio
   [14/04/2007|08:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Test bone comp inside
   [05/11/2006|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
   [22/11/2005|12:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
   [02/12/2005|15:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
   [06/07/2006|11:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [17/06/2008|07:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
   [03/12/2005|16:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
   [22/09/2006|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

   [23/01/2007|17:32] C:\DOCUME~1\amelie\APPLIC~1\Adobe
   [04/03/2006|14:16] C:\DOCUME~1\amelie\APPLIC~1\AdobeUM
   [03/08/2006|20:19] C:\DOCUME~1\amelie\APPLIC~1\Alawar
   [06/07/2006|17:15] C:\DOCUME~1\amelie\APPLIC~1\Apple Computer
   [31/12/2006|15:49] C:\DOCUME~1\amelie\APPLIC~1\ATI
   [18/02/2006|16:55] C:\DOCUME~1\amelie\APPLIC~1\Creative
   [04/11/2005|21:06] C:\DOCUME~1\amelie\APPLIC~1\desktop.ini
   [23/11/2007|19:33] C:\DOCUME~1\amelie\APPLIC~1\DivX
   [30/09/2006|19:15] C:\DOCUME~1\amelie\APPLIC~1\Google
   [29/08/2006|17:52] C:\DOCUME~1\amelie\APPLIC~1\Help
   [18/02/2006|16:55] C:\DOCUME~1\amelie\APPLIC~1\Identities
   [18/03/2006|12:18] C:\DOCUME~1\amelie\APPLIC~1\Macromedia
   [31/12/2006|16:12] C:\DOCUME~1\amelie\APPLIC~1\Media Player Classic
   [29/03/2007|17:35] C:\DOCUME~1\amelie\APPLIC~1\Microsoft
   [18/02/2006|16:56] C:\DOCUME~1\amelie\APPLIC~1\MSN Search Toolbar
   [10/03/2006|15:31] C:\DOCUME~1\amelie\APPLIC~1\PlayFirst
   [31/10/2006|16:25] C:\DOCUME~1\amelie\APPLIC~1\Real
   [18/02/2006|16:56] C:\DOCUME~1\amelie\APPLIC~1\SlySoft
   [30/04/2006|10:44] C:\DOCUME~1\amelie\APPLIC~1\Smart Panel
   [20/06/2007|22:09] C:\DOCUME~1\amelie\APPLIC~1\SPAMfighter
   [05/11/2007|18:41] C:\DOCUME~1\amelie\APPLIC~1\Sun

   [04/12/2006|16:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
   [04/11/2005|20:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

   [28/12/2006|18:21] C:\DOCUME~1\DDD570~1\APPLIC~1\.zreglib
   [18/03/2006|08:20] C:\DOCUME~1\DDD570~1\APPLIC~1\7Wonders
   [04/04/2008|16:32] C:\DOCUME~1\DDD570~1\APPLIC~1\Adobe
   [28/07/2007|15:46] C:\DOCUME~1\DDD570~1\APPLIC~1\AdobeUM
   [05/12/2005|10:55] C:\DOCUME~1\DDD570~1\APPLIC~1\Ahead
   [24/07/2007|22:36] C:\DOCUME~1\DDD570~1\APPLIC~1\Alawar
   [27/12/2005|10:58] C:\DOCUME~1\DDD570~1\APPLIC~1\Apple Computer
   [25/12/2005|09:39] C:\DOCUME~1\DDD570~1\APPLIC~1\ArcSoft
   [29/12/2006|16:42] C:\DOCUME~1\DDD570~1\APPLIC~1\ATI
   [11/11/2007|15:14] C:\DOCUME~1\DDD570~1\APPLIC~1\Big Fish Games
   [20/11/2006|21:36] C:\DOCUME~1\DDD570~1\APPLIC~1\Camfrog
   [12/07/2006|14:11] C:\DOCUME~1\DDD570~1\APPLIC~1\CamfrogBar
   [26/04/2007|15:16] C:\DOCUME~1\DDD570~1\APPLIC~1\Chicken Chase
   [30/12/2005|12:33] C:\DOCUME~1\DDD570~1\APPLIC~1\Creative
   [08/06/2007|15:40] C:\DOCUME~1\DDD570~1\APPLIC~1\CTXM
   [04/11/2005|21:06] C:\DOCUME~1\DDD570~1\APPLIC~1\desktop.ini
   [01/12/2007|19:00] C:\DOCUME~1\DDD570~1\APPLIC~1\DivX
   [15/01/2007|22:01] C:\DOCUME~1\DDD570~1\APPLIC~1\dvdcss
   [23/04/2006|16:56] C:\DOCUME~1\DDD570~1\APPLIC~1\Elaborate Bytes
   [30/03/2008|12:59] C:\DOCUME~1\DDD570~1\APPLIC~1\EPSON
   [11/11/2007|12:29] C:\DOCUME~1\DDD570~1\APPLIC~1\FlowPlay
   [01/07/2007|14:51] C:\DOCUME~1\DDD570~1\APPLIC~1\fltk.org
   [18/11/2007|10:42] C:\DOCUME~1\DDD570~1\APPLIC~1\ForgottenRiddles
   [30/11/2005|12:36] C:\DOCUME~1\DDD570~1\APPLIC~1\Free Spider TreeCardGames
   [10/02/2007|10:53] C:\DOCUME~1\DDD570~1\APPLIC~1\funkitron
   [25/11/2007|20:29] C:\DOCUME~1\DDD570~1\APPLIC~1\Gaijin Ent
   [23/02/2008|13:02] C:\DOCUME~1\DDD570~1\APPLIC~1\Gamelab
   [06/04/2008|09:59] C:\DOCUME~1\DDD570~1\APPLIC~1\gemsweeperextractedgfx
   [19/09/2006|16:01] C:\DOCUME~1\DDD570~1\APPLIC~1\Google
   [25/11/2005|17:10] C:\DOCUME~1\DDD570~1\APPLIC~1\Help
   [14/11/2007|20:00] C:\DOCUME~1\DDD570~1\APPLIC~1\Hulabee
   [06/11/2006|16:56] C:\DOCUME~1\DDD570~1\APPLIC~1\Identities
   [01/11/2007|19:31] C:\DOCUME~1\DDD570~1\APPLIC~1\Intenium
   [14/07/2007|16:15] C:\DOCUME~1\DDD570~1\APPLIC~1\iWin
   [02/01/2008|17:35] C:\DOCUME~1\DDD570~1\APPLIC~1\Jane s Hotel
   [21/11/2006|12:53] C:\DOCUME~1\DDD570~1\APPLIC~1\Lavasoft
   [21/04/2007|07:20] C:\DOCUME~1\DDD570~1\APPLIC~1\Leadertech
   [28/10/2007|12:15] C:\DOCUME~1\DDD570~1\APPLIC~1\Legends of pirates
   [28/05/2008|16:43] C:\DOCUME~1\DDD570~1\APPLIC~1\LimeWire
   [10/02/2006|23:38] C:\DOCUME~1\DDD570~1\APPLIC~1\Macromedia
   [30/04/2008|19:08] C:\DOCUME~1\DDD570~1\APPLIC~1\Malwarebytes
   [29/12/2006|17:53] C:\DOCUME~1\DDD570~1\APPLIC~1\Media Player Classic
   [28/06/2007|15:12] C:\DOCUME~1\DDD570~1\APPLIC~1\Microsoft
   [21/11/2005|18:23] C:\DOCUME~1\DDD570~1\APPLIC~1\Microsoft Web Folders
   [11/11/2007|12:16] C:\DOCUME~1\DDD570~1\APPLIC~1\Mind Control Software
   [07/06/2006|17:03] C:\DOCUME~1\DDD570~1\APPLIC~1\Mozilla
   [10/02/2006|18:04] C:\DOCUME~1\DDD570~1\APPLIC~1\MSN Search Toolbar
   [22/11/2005|18:40] C:\DOCUME~1\DDD570~1\APPLIC~1\MSNInstaller
   [14/07/2007|15:12] C:\DOCUME~1\DDD570~1\APPLIC~1\MysteryStudio
   [20/12/2007|18:13] C:\DOCUME~1\DDD570~1\APPLIC~1\PlayFirst
   [28/10/2007|20:13] C:\DOCUME~1\DDD570~1\APPLIC~1\Pogo Games
   [08/07/2007|17:16] C:\DOCUME~1\DDD570~1\APPLIC~1\PTV Game
   [09/12/2005|18:47] C:\DOCUME~1\DDD570~1\APPLIC~1\Real
   [08/11/2007|19:23] C:\DOCUME~1\DDD570~1\APPLIC~1\ScreenSeven
   [08/10/2006|11:29] C:\DOCUME~1\DDD570~1\APPLIC~1\SecuROM
   [29/12/2006|17:09] C:\DOCUME~1\DDD570~1\APPLIC~1\SlySoft
   [30/11/2005|09:34] C:\DOCUME~1\DDD570~1\APPLIC~1\Smart Panel
   [28/05/2007|20:24] C:\DOCUME~1\DDD570~1\APPLIC~1\SPAMfighter
   [26/11/2005|17:09] C:\DOCUME~1\DDD570~1\APPLIC~1\Sun
   [30/04/2008|18:20] C:\DOCUME~1\DDD570~1\APPLIC~1\SUPERAntiSpyware.com
   [01/11/2007|19:30] C:\DOCUME~1\DDD570~1\APPLIC~1\Super-Cow
   [25/11/2005|17:35] C:\DOCUME~1\DDD570~1\APPLIC~1\Symantec
   [07/12/2005|13:48] C:\DOCUME~1\DDD570~1\APPLIC~1\Template
   [02/12/2005|15:31] C:\DOCUME~1\DDD570~1\APPLIC~1\Ulead Systems
   [23/09/2006|14:30] C:\DOCUME~1\DDD570~1\APPLIC~1\UNBALANCE
   [24/07/2006|14:36] C:\DOCUME~1\DDD570~1\APPLIC~1\vlc
   [04/02/2006|19:22] C:\DOCUME~1\DDD570~1\APPLIC~1\Wildfire
   [25/11/2007|19:42] C:\DOCUME~1\DDD570~1\APPLIC~1\wklnhst.dat
   [06/11/2006|16:56] C:\DOCUME~1\DDD570~1\APPLIC~1\Zylom



   [29/08/2007|17:06] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
   [29/04/2007|17:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [05/04/2007|14:30] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
   [06/12/2005|13:13] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

   [08/11/2006|18:52] C:\DOCUME~1emi\APPLIC~1\.zreglib
   [21/09/2007|10:26] C:\DOCUME~1emi\APPLIC~1\Adobe
   [15/04/2006|19:45] C:\DOCUME~1emi\APPLIC~1\AdobeUM
   [28/05/2006|00:06] C:\DOCUME~1emi\APPLIC~1\Alawar
   [09/05/2006|20:34] C:\DOCUME~1emi\APPLIC~1\Apple Computer
   [09/07/2006|14:51] C:\DOCUME~1emi\APPLIC~1\ArcSoft
   [30/12/2006|13:30] C:\DOCUME~1emi\APPLIC~1\ATI
   [18/02/2006|17:21] C:\DOCUME~1emi\APPLIC~1\Creative
   [04/11/2005|21:06] C:\DOCUME~1emi\APPLIC~1\desktop.ini
   [06/06/2007|14:21] C:\DOCUME~1emi\APPLIC~1\DivX
   [01/08/2006|12:30] C:\DOCUME~1emi\APPLIC~1\Elaborate Bytes
   [04/09/2007|11:20] C:\DOCUME~1emi\APPLIC~1\fltk.org
   [04/09/2007|11:08] C:\DOCUME~1emi\APPLIC~1\Google
   [16/05/2006|20:45] C:\DOCUME~1emi\APPLIC~1\Help
   [18/02/2006|17:21] C:\DOCUME~1emi\APPLIC~1\Identities
   [10/01/2007|20:56] C:\DOCUME~1emi\APPLIC~1\Leadertech
   [29/05/2008|10:44] C:\DOCUME~1emi\APPLIC~1\LimeWire
   [17/09/2006|19:04] C:\DOCUME~1emi\APPLIC~1\Macromedia
   [04/01/2007|17:06] C:\DOCUME~1emi\APPLIC~1\Media Player Classic
   [19/07/2007|01:44] C:\DOCUME~1emi\APPLIC~1\Microsoft
   [18/02/2006|17:22] C:\DOCUME~1emi\APPLIC~1\MSN Search Toolbar
   [17/09/2006|19:13] C:\DOCUME~1emi\APPLIC~1\PlayFirst
   [25/01/2008|11:14] C:\DOCUME~1emi\APPLIC~1\Real
   [24/02/2006|20:03] C:\DOCUME~1emi\APPLIC~1\SlySoft
   [25/06/2006|19:52] C:\DOCUME~1emi\APPLIC~1\Smart Panel
   [06/06/2007|14:15] C:\DOCUME~1emi\APPLIC~1\SPAMfighter
   [01/08/2006|11:27] C:\DOCUME~1emi\APPLIC~1\vlc

   [02/01/2007|17:26] C:\DOCUME~1\Thalie\APPLIC~1\.zreglib
   [07/12/2005|00:25] C:\DOCUME~1\Thalie\APPLIC~1\123 Free Solitaire
   [21/04/2006|09:09] C:\DOCUME~1\Thalie\APPLIC~1\7Wonders
   [04/02/2008|12:57] C:\DOCUME~1\Thalie\APPLIC~1\Adobe
   [18/11/2006|17:02] C:\DOCUME~1\Thalie\APPLIC~1\AdobeDLM.log
   [26/06/2007|06:48] C:\DOCUME~1\Thalie\APPLIC~1\AdobeUM
   [01/08/2006|09:55] C:\DOCUME~1\Thalie\APPLIC~1\Ahead
   [27/05/2006|17:39] C:\DOCUME~1\Thalie\APPLIC~1\alawar
   [17/03/2006|19:09] C:\DOCUME~1\Thalie\APPLIC~1\Apple Computer
   [25/12/2005|21:14] C:\DOCUME~1\Thalie\APPLIC~1\ArcSoft
   [29/12/2006|22:45] C:\DOCUME~1\Thalie\APPLIC~1\ATI
   [06/03/2007|13:53] C:\DOCUME~1\Thalie\APPLIC~1\Canvas Multi-Media
   [07/08/2006|08:53] C:\DOCUME~1\Thalie\APPLIC~1\Chasing Dogs Studios
   [30/12/2005|14:21] C:\DOCUME~1\Thalie\APPLIC~1\Creative
   [04/11/2005|21:06] C:\DOCUME~1\Thalie\APPLIC~1\desktop.ini
   [29/04/2007|17:28] C:\DOCUME~1\Thalie\APPLIC~1\DivX
   [13/10/2006|06:46] C:\DOCUME~1\Thalie\APPLIC~1\dm.ini
   [16/09/2007|18:59] C:\DOCUME~1\Thalie\APPLIC~1\dvdcss
   [06/02/2006|20:40] C:\DOCUME~1\Thalie\APPLIC~1\EA
   [24/11/2006|19:25] C:\DOCUME~1\Thalie\APPLIC~1\Elaborate Bytes
   [12/02/2008|14:25] C:\DOCUME~1\Thalie\APPLIC~1\Free Spider TreeCardGames
   [22/07/2007|11:28] C:\DOCUME~1\Thalie\APPLIC~1\Gaijin Ent
   [10/08/2007|10:24] C:\DOCUME~1\Thalie\APPLIC~1\Google
   [12/12/2005|14:26] C:\DOCUME~1\Thalie\APPLIC~1\Help
   [24/05/2008|08:30] C:\DOCUME~1\Thalie\APPLIC~1\Identities
   [27/05/2007|11:43] C:\DOCUME~1\Thalie\APPLIC~1\InstallShield
   [02/05/2007|12:40] C:\DOCUME~1\Thalie\APPLIC~1\iWin
   [28/10/2006|18:14] C:\DOCUME~1\Thalie\APPLIC~1\Lavasoft
   [10/01/2007|10:58] C:\DOCUME~1\Thalie\APPLIC~1\Leadertech
   [25/02/2006|19:28] C:\DOCUME~1\Thalie\APPLIC~1\Macromedia
   [21/06/2008|12:51] C:\DOCUME~1\Thalie\APPLIC~1\Malwarebytes
   [21/01/2007|13:32] C:\DOCUME~1\Thalie\APPLIC~1\Media Player Classic
   [29/12/2006|22:45] C:\DOCUME~1\Thalie\APPLIC~1\Microsoft
   [04/06/2006|08:58] C:\DOCUME~1\Thalie\APPLIC~1\Mozilla
   [10/02/2006|11:30] C:\DOCUME~1\Thalie\APPLIC~1\MSN Search Toolbar
   [24/05/2008|08:45] C:\DOCUME~1\Thalie\APPLIC~1\Pirateville
   [04/11/2007|12:17] C:\DOCUME~1\Thalie\APPLIC~1\PlayFirst
   [06/12/2005|22:19] C:\DOCUME~1\Thalie\APPLIC~1\Real
   [25/04/2007|07:02] C:\DOCUME~1\Thalie\APPLIC~1\Size Date Find
   [05/05/2007|18:06] C:\DOCUME~1\Thalie\APPLIC~1\SlySoft
   [03/12/2005|17:28] C:\DOCUME~1\Thalie\APPLIC~1\Smart Panel
   [31/05/2007|18:17] C:\DOCUME~1\Thalie\APPLIC~1\SPAMfighter
   [30/05/2007|15:21] C:\DOCUME~1\Thalie\APPLIC~1\Sun
   [10/08/2007|10:28] C:\DOCUME~1\Thalie\APPLIC~1\Talkback
   [05/12/2005|15:33] C:\DOCUME~1\Thalie\APPLIC~1\Template
   [11/02/2006|19:34] C:\DOCUME~1\Thalie\APPLIC~1\Ulead Systems
   [31/07/2006|11:34] C:\DOCUME~1\Thalie\APPLIC~1\vlc
   [21/04/2008|21:52] C:\DOCUME~1\Thalie\APPLIC~1\wklnhst.dat
   [24/05/2008|08:30] C:\DOCUME~1\Thalie\APPLIC~1\Zylom

   [26/11/2006|18:10] C:\DOCUME~1\valerie\APPLIC~1\.zreglib
   [28/02/2008|17:09] C:\DOCUME~1\valerie\APPLIC~1\Adobe
   [04/03/2006|20:48] C:\DOCUME~1\valerie\APPLIC~1\AdobeUM
   [04/08/2006|17:25] C:\DOCUME~1\valerie\APPLIC~1\Alawar
   [25/02/2006|20:01] C:\DOCUME~1\valerie\APPLIC~1\Apple Computer
   [29/12/2006|18:52] C:\DOCUME~1\valerie\APPLIC~1\ATI
   [18/02/2006|17:01] C:\DOCUME~1\valerie\APPLIC~1\Creative
   [04/11/2005|21:06] C:\DOCUME~1\valerie\APPLIC~1\desktop.ini
   [30/04/2007|19:45] C:\DOCUME~1\valerie\APPLIC~1\DivX
   [26/11/2006|18:10] C:\DOCUME~1\valerie\APPLIC~1\Elaborate Bytes
   [18/09/2006|17:48] C:\DOCUME~1\valerie\APPLIC~1\Google
   [18/02/2006|17:00] C:\DOCUME~1\valerie\APPLIC~1\Identities
   [10/01/2007|18:22] C:\DOCUME~1\valerie\APPLIC~1\Leadertech
   [02/06/2006|15:42] C:\DOCUME~1\valerie\APPLIC~1\Macromedia
   [30/04/2007|19:45] C:\DOCUME~1\valerie\APPLIC~1\Media Player Classic
   [29/12/2006|18:52] C:\DOCUME~1\valerie\APPLIC~1\Microsoft
   [15/05/2008|12:11] C:\DOCUME~1\valerie\APPLIC~1\MSN Pictures Displayer
   [18/02/2006|17:01] C:\DOCUME~1\valerie\APPLIC~1\MSN Search Toolbar
   [28/02/2006|19:34] C:\DOCUME~1\valerie\APPLIC~1\PlayFirst
   [04/03/2006|15:09] C:\DOCUME~1\valerie\APPLIC~1\Real
   [22/02/2006|14:50] C:\DOCUME~1\valerie\APPLIC~1\SlySoft
   [11/06/2007|18:07] C:\DOCUME~1\valerie\APPLIC~1\SPAMfighter
   [07/06/2006|11:38] C:\DOCUME~1\valerie\APPLIC~1\Ulead Systems
 
   ----------------[ Tâches planifiées dans C:\WINDOWS	asks ]---------------

   [16/05/2008 15:00][--a------] C:\WINDOWS	asks\Norton Security Scan.job
   [22/05/2008 22:51][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [24/06/2008 12:47][--ah-----] C:\WINDOWS	asks\SA.DAT
   [05/08/2004 14:00][-r-h-----] C:\WINDOWS	asks\desktop.ini
 
   ---------------[ Listing des dossiers dans C:\Program Files ]--------------
 
   [29/11/2005|18:38] C:\Program Files\AC3Filter
   [21/02/2008|10:13] C:\Program Files\Adobe
   [29/08/2007|18:07] C:\Program Files\Ahead
   [21/11/2005|19:48] C:\Program Files\Alice
   [13/03/2007|18:31] C:\Program Files\Alwil Software
   [03/05/2008|14:59] C:\Program Files\Apple Software Update
   [26/12/2005|17:33] C:\Program Files\ArcSoft
   [07/02/2007|16:05] C:\Program Files\ATI Technologies
   [04/09/2007|09:11] C:\Program Files\Audacity
   [17/01/2008|16:42] C:\Program Files\Avanquest update
   [17/06/2008|08:09] C:\Program Files\Avira
   [05/01/2008|01:38] C:\Program Files\BFG
   [11/08/2007|10:38] C:\Program Files\Billy Blade and the Temple of Time
   [29/11/2007|19:20] C:\Program Files\BitComet
   [03/05/2008|15:04] C:\Program Files\Bonjour
   [23/06/2008|15:56] C:\Program Files\Boonty
   [16/05/2008|19:25] C:\Program Files\BoontyGames
   [19/10/2007|19:40] C:\Program Files\Camfrog
   [28/10/2006|18:16] C:\Program Files\CCleaner
   [05/01/2008|01:38] C:\Program Files\CDDC-MahJongg
   [04/11/2005|20:11] C:\Program Files\ComPlus Applications
   [05/11/2005|16:18] C:\Program Files\CONEXANT
   [16/06/2006|08:13] C:\Program Files\Creative
   [02/12/2005|14:30] C:\Program Files\Digital Video
   [24/03/2007|17:02] C:\Program Files\Disney Interactive
   [05/01/2008|01:38] C:\Program Files\DivX
   [30/07/2007|02:36] C:\Program Files\eChanblard
   [29/11/2007|19:54] C:\Program Files\Eidos Interactive
   [18/03/2006|11:36] C:\Program Files\Elaborate Bytes
   [29/11/2007|18:27] C:\Program Files\eMule
   [25/07/2007|15:02] C:\Program Files\eMulePlus-1.2b.Installer.exe
   [30/04/2008|12:29] C:\Program Files\Enigma Software Group
   [20/11/2006|16:03] C:\Program Files\EpieGames
   [21/04/2008|18:11] C:\Program Files\epson
   [05/01/2008|01:38] C:\Program Files\Eracha
   [22/02/2006|21:35] C:\Program Files\ffdshow
   [17/06/2008|07:48] C:\Program Files\Fichiers communs
   [02/05/2007|07:07] C:\Program Files\Free Spider
   [29/12/2006|16:45] C:\Program Files\GigaByte
   [10/08/2007|10:16] C:\Program Files\Google
   [29/05/2008|07:43] C:\Program Files\Incredijeux
   [07/02/2007|15:37] C:\Program Files\IncrediMail
   [12/11/2006|13:45] C:\Program Files\Infogrames
   [21/04/2008|18:11] C:\Program Files\InstallShield Installation Information
   [06/12/2005|19:11] C:\Program Files\InterActual
   [16/06/2008|19:28] C:\Program Files\Internet Explorer
   [03/05/2008|15:06] C:\Program Files\iPod
   [03/05/2008|15:06] C:\Program Files\iTunes
   [17/06/2008|07:30] C:\Program Files\Java
   [02/04/2008|11:47] C:\Program Files\Jeune Styliste
   [30/12/2007|12:17] C:\Program Files\KaraFun
   [03/08/2007|15:25] C:\Program Files\klcodec330f.exe
   [03/08/2007|15:27] C:\Program Files\K-Lite Codec Pack
   [28/10/2006|18:13] C:\Program Files\Lavasoft
   [29/02/2008|17:18] C:\Program Files\LimeWire
   [21/06/2008|12:51] C:\Program Files\Malwarebytes' Anti-Malware
   [05/01/2008|01:38] C:\Program Files\Media Player Classic
   [05/05/2008|10:00] C:\Program Files\Mes Jeux Install‚s
   [05/01/2008|01:38] C:\Program Files\Messenger
   [23/06/2008|16:33] C:\Program Files\Messenger Plus! Live
   [17/06/2008|18:00] C:\Program Files\Microsoft CAPICOM 2.1.0.2
   [21/11/2005|18:23] C:\Program Files\microsoft frontpage
   [24/11/2005|18:07] C:\Program Files\Microsoft Money
   [16/07/2007|21:53] C:\Program Files\Microsoft Office
   [05/01/2008|01:38] C:\Program Files\Microsoft Works
   [24/11/2005|18:03] C:\Program Files\Microsoft Works Suite 2000
   [29/11/2007|20:00] C:\Program Files\Mindscape
   [05/01/2008|01:38] C:\Program Files\Motorola Phone Tools
   [04/11/2005|20:12] C:\Program Files\Movie Maker
   [10/08/2007|10:29] C:\Program Files\Mozilla Firefox
   [05/01/2007|17:31] C:\Program Files\MP3 Player Utilities 4.04
   [16/07/2007|21:53] C:\Program Files\MSECache
   [22/11/2005|15:14] C:\Program Files\MSN
   [19/03/2006|16:33] C:\Program Files\MSN Games
   [04/11/2005|20:11] C:\Program Files\MSN Gaming Zone
   [15/05/2008|12:11] C:\Program Files\MSN Pictures Displayer
   [10/02/2006|11:29] C:\Program Files\MSN Toolbar Suite
   [18/11/2006|17:19] C:\Program Files\MSXML 4.0
   [04/11/2005|20:12] C:\Program Files\NetMeeting
   [06/12/2005|17:54] C:\Program Files\Norton AntiVirus
   [31/08/2007|15:00] C:\Program Files\Norton Security Scan
   [29/11/2007|19:26] C:\Program Files\Oberon Media
   [04/11/2005|20:11] C:\Program Files\Online Services
   [13/06/2007|06:26] C:\Program Files\Outlook Express
   [23/11/2007|20:01] C:\Program Files\Pcsx2
   [12/11/2006|14:52] C:\Program Files\PhotoFiltre
   [05/08/2007|18:06] C:\Program Files\Picasa2
   [05/01/2008|01:38] C:\Program Files\PopCap Games
   [07/02/2007|16:23] C:\Program Files\QuickTime
   [03/05/2008|15:03] C:\Program Files\QuickTime Alternative
   [03/03/2006|17:01] C:\Program Files\Real
   [05/01/2008|01:38] C:\Program Files\Real Alternative
   [10/12/2005|13:31] C:\Program Files\ReflexiveArcade
   [05/01/2007|17:53] C:\Program Files\Ringz Studio
   [03/03/2006|16:59] C:\Program Files\RngInterstitial.dll
   [01/10/2006|14:59] C:\Program Files\RoadRoll
   [15/01/2008|21:25] C:\Program Files\Seagrand
   [04/11/2005|20:13] C:\Program Files\Services en ligne
   [27/10/2006|18:06] C:\Program Files\Show
   [25/04/2007|07:01] C:\Program Files\Size Date Find
   [27/05/2006|17:37] C:\Program Files\Slickball
   [21/11/2005|18:32] C:\Program Files\SlySoft
   [04/03/2007|10:35] C:\Program Files\Smart Panel
   [21/04/2008|17:59] C:\Program Files\SPAMfighter
   [23/06/2008|16:47] C:\Program Files\Spybot - Search & Destroy
   [17/06/2008|07:30] C:\Program Files\Sun
   [30/04/2008|18:20] C:\Program Files\SUPERAntiSpyware
   [12/01/2008|13:54] C:\Program Files\T‚l‚chargeur de Beach Life
   [08/10/2006|11:29] C:\Program Files\T‚l‚chargeur de Ghost Recon Advance Warfighter
   [05/01/2008|01:38] C:\Program Files\T‚l‚chargeur de Pacific Fighters
   [05/01/2008|01:38] C:\Program Files\T‚l‚chargeur de Peter Jackson's King Kong
   [05/01/2008|01:38] C:\Program Files\T‚l‚chargeur de Peter Jackson's King Kong - Gamer Edition
   [06/04/2008|20:02] C:\Program Files\T‚l‚chargeur de Restaurant Empire
   [08/04/2008|16:07] C:\Program Files\T‚l‚chargeur de Singles 2
   [12/01/2008|14:47] C:\Program Files\T‚l‚chargeur de Soir‚es et Fˆtes Organiseur
   [04/04/2008|10:14] C:\Program Files\T‚l‚chargeur de Sonic Mega Collection Plus
   [12/01/2008|14:45] C:\Program Files\T‚l‚chargeur de Space Colony
   [28/04/2006|18:24] C:\Program Files\TLC-Edusoft
   [15/02/2008|18:16] C:\Program Files\TLKGAMES
   [22/06/2008|19:20] C:\Program Files\Trend Micro
   [20/11/2006|16:17] C:\Program Files\Trymedia
   [11/07/2006|18:06] C:\Program Files\Ubisoft
   [02/12/2005|15:27] C:\Program Files\Ulead Systems
   [04/11/2005|20:20] C:\Program Files\Uninstall Information
   [30/12/2007|11:41] C:\Program Files\vanBasco's Karaoke Player
   [24/07/2006|14:34] C:\Program Files\VideoLAN
   [05/01/2008|01:38] C:\Program Files\VideoLink Pro
   [13/09/2006|18:11] C:\Program Files\VTech
   [27/10/2006|16:57] C:\Program Files\WIDCOMM
   [09/02/2006|16:23] C:\Program Files\WildTangent
   [17/06/2008|07:49] C:\Program Files\Windows Live
   [05/01/2008|01:38] C:\Program Files\Windows Media Connect 2
   [29/04/2007|17:33] C:\Program Files\Windows Media Player
   [04/11/2005|20:11] C:\Program Files\Windows NT
   [04/11/2005|20:13] C:\Program Files\WindowsUpdate
   [02/11/2006|09:27] C:\Program Files\WinRAR
   [08/09/2006|19:36] C:\Program Files\Wizards of the Coast
   [04/11/2005|20:17] C:\Program Files\xerox
   [05/01/2008|01:38] C:\Program Files\XviD
   [03/12/2005|16:01] C:\Program Files\Yahoo!
   [24/05/2008|08:29] C:\Program Files\Zylom Games
  
   ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
   
   [21/02/2008|10:13] C:\Program Files\Fichiers communs\Adobe
   [18/02/2006|19:54] C:\Program Files\Fichiers communs\Adobe Systems Shared
   [17/11/2005|18:14] C:\Program Files\Fichiers communs\Ahead
   [03/05/2008|14:58] C:\Program Files\Fichiers communs\Apple
   [10/12/2005|17:18] C:\Program Files\Fichiers communs\BOONTY Shared
   [21/11/2005|18:25] C:\Program Files\Fichiers communs\Designer
   [22/11/2005|12:28] C:\Program Files\Fichiers communs\InstallShield
   [19/02/2007|16:37] C:\Program Files\Fichiers communs\Java
   [26/01/2006|18:01] C:\Program Files\Fichiers communs\Macrovision Shared
   [17/06/2008|07:49] C:\Program Files\Fichiers communs\Microsoft Shared
   [04/11/2005|20:12] C:\Program Files\Fichiers communs\MSSoap
   [29/11/2005|17:55] C:\Program Files\Fichiers communs\Nero
   [29/05/2008|07:43] C:\Program Files\Fichiers communs\Oberon Media
   [04/11/2005|21:06] C:\Program Files\Fichiers communs\ODBC
   [22/01/2008|16:25] C:\Program Files\Fichiers communs\Real
   [21/04/2008|18:12] C:\Program Files\Fichiers communs\Sandlot Shared
   [30/04/2008|08:16] C:\Program Files\Fichiers communs\Services
   [26/12/2005|17:24] C:\Program Files\Fichiers communs\Smith Micro Shared
   [04/11/2005|21:06] C:\Program Files\Fichiers communs\SpeechEngines
   [01/09/2007|07:38] C:\Program Files\Fichiers communs\Symantec Shared
   [13/06/2007|06:26] C:\Program Files\Fichiers communs\System
   [02/12/2005|15:22] C:\Program Files\Fichiers communs\Ulead Systems
   [17/06/2008|07:48] C:\Program Files\Fichiers communs\WindowsLiveInstaller
   [22/01/2008|16:25] C:\Program Files\Fichiers communs\xing shared

   ---------------------------[ Process ]--------------------------

   ... 54

   ... OK !

   ----------------------[ Recherche avec S_Lop ]---------------------

   Aucun fichier / dossier Lop trouvé ! 
 
   -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

   Aucun fichier / dossier Lop trouvé ! 
 
   ----------------------[ Verification du Registre ]----------------------
 
   ..... OK !

   --------------------[ Verification du fichier Hosts ]---------------------

   Fichier Hosts PROPRE


   ----------------[ Recherche de fichiers avec Catchme ]-----------------
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-06-24 17:58:10
   Windows 5.1.2600 Service Pack 2 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 0
 
   --------------------[ Recherche d'autres infections ]---------------------

   => C:\Documents and Settings\Thalie\Local Settings\Application Data\IM\Animation\firecracker.ima


   [F:8][D:3]-> C:\DOCUME~1\Thalie\LOCALS~1\Temp
   [F:18][D:0]-> C:\DOCUME~1\Thalie\Cookies
   [F:277][D:5]-> C:\DOCUME~1\Thalie\LOCALS~1\TEMPOR~1\content.IE5

   --------------------[ Fin du rapport a 17:59:01,40  ]----------------------

sKe69 · Answer

Bien , voilà la suite donc :

1- refais un coup de CCleaner ( registre compris ) 

2-Télécharges MSNFix.zip (de !aur3n7) : 
http://sosvirus.changelog.fr/MSNFix.zip 
---> décompresses-le sur le Bureau ( = extraire tout ). 

Impératif : Démarrer en mode sans echec : 
Comment aller en Mode sans échec 
1) Redémarres ton ordi 
2) Tapotes la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" 
3) Tu verras un écran avec options de démarrage apparaître 
4) Choisis la première option : Sans Échec, et valide avec "Entrée" 
5) Choisis ton compte habituel, et non Administrateur (si besoin ... ) 
(attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreur ...) 

Lances le fichier MSNFix.bat qui se trouve dans le dossier MSNfix, sur le bureau. 
- Exécute l'option R (recherche). 
- Si l'infection est détectée, exécute l'option N (nettoyage) . 
---> Une fois finit, sauvegardes ce rapport sur ton bureau .

Redémarres ton PC ( = retour au mode normal ), 
et postes moi ce rapport dans ta prochaine réponse pour analyse ...

isa24 · Answer

voila le rapport après recherche et nettoyage :

MSNFix 1.726  
 
C:\Documents and Settings\Thalie\Bureau\MSNFix 
Fix exécuté le 24/06/2008 - 18:15:40,48 By Thalie 
mode sans échec           
    
************************ Recherche les fichiers présents      
    
... C:\WINDOWS\system32	mp.txt 
 
************************ Recherche les dossiers présents       
 
Aucun dossier trouvé 
 
 
 
 
************************ Suppression des fichiers       
    
.. OK ... C:\WINDOWS\system32	mp.txt  
 
 
 
************************ Nettoyage du registre 
 
 
 
Les fichiers encore présents seront supprimés au prochain redémarrage 
 
 
Aucun Fichier trouvé 
 
 
 
************************ Fichiers suspects 
 
Aucun Fichier trouvé 
 
  
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 24062008_18261643.zip
 
************************ HKLM\...\Winlogon\Userinit 
 
Userinit = C:\WINDOWS\system32\userinit.exe, 

Important : http://msnfix.changelog.fr/index.php/2008/05/18/32-alerte


------------------------------------------------------------------------  
Auteur : !aur3n7                     Contact: https://www.ionos.fr/     
------------------------------------------------------------------------   
 
---------------------------------------------   END   ---------------------------------------------

sKe69 · Answer

Ok maintenant , fais ce-ci :

1-Re-Télécharges ToolsCleaner (de A.Rothstein) sur ton Bureau. 
http://pc-system.fr/

Lances le . 
*Cliques sur Recherche et laisses le scan se terminer (cela peut être long). 
*Cliques sur Suppression pour finaliser. 
*Tu peux, si tu le souhaites, te servir des Options facultatives 
*Click sur "quitter" pour générer un rapport :
---> Postes le (TCleaner.txt), il se trouve à la racine de ton disque dur (C:\). 

Note : Ce petit soft va te nettoyer tout les trucs dont on c'est servi pour la désinfection ( tu n'en as plus besion ! ) . 
Supprimes tout les outils , dossiers ou rapports consernant la désinfection que Toolsclaener2 n'a pas supprimé . 

Puis enfin supprimes Toolscleaner2 ... 

2-Restauration système 
*Désactives ta restauration :
Cliques droit sur poste de travail/propriétés/Restauration système/coche la case désactiver la restauration, appliquer, OK 
--->Redémarres ton PC 
*Réactives ta restauration :
Cliques droit sur poste de travail/propriétés/Restauration système/décoche la case désactiver la restauration, appliquer, OK 
--->Redémarres ton PC

3--Fais un scan antivirus en ligne, avec Internet Explorer et accepter l'ActiveX :
https://www.bitdefender.fr/ 
(pour le rapport ,qui est un doc IE , clik sur l'onglet "plus de détailles" : et à la fin du scan tu demandes à le sauvegarder sur ton bureau) 

--->fais un copier/coller et postes le rapport dans ta prochaine réponse ... 

Aide : En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE 
Dans la nouvelle fenêtre, clique sur j’accepte .
La fenêtre change encore, clique sur scanner .
Les signatures se chargent, etc.

isa24 · Answer

Le rapport toolscleaner :

-->- Recherche: 

C:\SDFIX: trouvé !
C:\Lop SD: trouvé !
C:\Documents and Settings\Thalie\Bureau\Lop S&D.lnk: trouvé !
C:\Documents and Settings\Thalie\Bureau\LopSD.exe: trouvé !
C:\Documents and Settings\Thalie\Bureau\Msnfix.zip: trouvé !
C:\Documents and Settings\Thalie\Bureau\GenProc.zip: trouvé !
C:\Documents and Settings\Thalie\Bureau\MsnFix: trouvé !
C:\Documents and Settings\Thalie\Bureau\GenProc: trouvé !
C:\Documents and Settings\Thalie\Menu Démarrer\Programmes\Lop S&D: trouvé !
C:\Lop SD\Lop S&D.lnk: trouvé !

---------------------------------
-->- Suppression: 

C:\Documents and Settings\Thalie\Bureau\Lop S&D.lnk: supprimé !
C:\Documents and Settings\Thalie\Bureau\LopSD.exe: supprimé !
C:\Documents and Settings\Thalie\Bureau\Msnfix.zip: supprimé !
C:\Documents and Settings\Thalie\Bureau\GenProc.zip: supprimé !
C:\Lop SD\Lop S&D.lnk: supprimé !
C:\SDFIX: supprimé !
C:\Lop SD: supprimé !
C:\Documents and Settings\Thalie\Bureau\MsnFix: supprimé !
C:\Documents and Settings\Thalie\Bureau\GenProc: supprimé !
C:\Documents and Settings\Thalie\Menu Démarrer\Programmes\Lop S&D: supprimé !

et le rapport bitdefender qui apparement n'a rien trouvé !!!

BitDefender Online Scanner
  
  
 
Rapport d'analyse généré à: Wed, Jun 25, 2008 - 01:28:53
 
 
  
  
 
Voie d'analyse: C:\;D:\;E:\;G:\;H:\;I:\;J:\;
  
  
 
 
  
  
 
Statistiques
 
Temps
 02:15:57
 
Fichiers
 90412
 
Directoires
 17842
 
Secteurs de boot
 2
 
Archives
 1397
 
Paquets programmes
 7940
 
  
  
 
Résultats
 
Virus identifiés
 0
 
Fichiers infectés
 0
 
Fichiers suspects
 0
 
Avertissements
 0
 
Désinfectés
 0
 
Fichiers effacés
 0
 
  
  
 
Info sur les moteurs
 
Définition virus
 1263152
 
Version des moteurs
 AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
 
Analyse des plugins
 16
 
Archive des plugins
 42
 
Unpack des plugins
 7
 
E-mail plugins
 6
 
Système plugins
 5
 
  
  
 
Paramètres d'analyse
 
Première action
 Désinfecté
 
Seconde Action
 Supprimé
 
Heuristique
 Oui
 
Acceptez les avertissements
 Oui
 
Extensions analysées
 exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
 
Excludez les extensions
  
 
Analyse d'emails
 Oui
 
Analyse des Archives
 Oui
 
Analyser paquets programmes
 Oui
 
Analyse des fichiers
 Oui
 
Analyse de boot
 Oui
 
  
  
 
  Fichier analysé
  Statut
 
Aucun virus trouvé.

sKe69 · Answer

Tout semble nickel  =)

Prb résolu donc ? 

Dès que tu peux ( le plus rapidement possible ) fais ce-ci : 

** Un petit checkup qui est nécessaire au vu de l'infection qu'il y a eu **

-Nettoyage et Défragmentation de tes Disques 
*Nettoyage : 
Clic droit sur "poste de travail" ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Général" 
Cliques sur le bouton "nettoyage de disque", OK 
tu le fais pour chacun de tes disques 

*Vérifications des erreurs : 
Clic droit sur "poste de travail" ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Outil" 
"Vérifier maintenant", une boîte s'ouvre, cocher les cases : 
-réparer automatiquement les erreurs... 
-rechercher et tenter une récupération... 
--->Démarrer, ok 
Note : s'il te dis de redémarrer ton Pc pour le faire , tu redémarres et tu laisses faire, cela prend un peu de temps c'est normal 
tu le fais pour chacun de tes disques 

ensuite toujours dans le même onglet tu choisis : 
*Défragmentation : 
"défragmenter maintenant", OK 
une boîte s'ouvre, tu sélectionnes le disque à défragmenter, et tu cliques sur "analyser", puis après l'analyse, "défragmenter" . OK 
tu le fais pour chacun de tes disques 

Voili , voilà ...

Bonne continuation à toi  ;)

A+

???????? · Answer

Il y a aussi un scan avec Window Lve OneCare(le scanner est vraiment excellent)télécharge la version d'évaluation,fais un scan,met-le à jour(je ne te dis pas d'activer la protection permanente),et fais un bon scan,qui sait,il y aura peut être des chevals de Troie que tu n'as pas remarqué,le scan prend 2ans et c'est normal,il a détecté 2Cheval de Troie dangeureux wue BitDefender,Malwarebytes et Avira Antivir qui ne l'ont pas détcté^^

Virus cafard & Cie

32 réponses

Votre réponse

Discussions similaires

Newsletters