Virus cafard & Cie Résolu

Question

Bonjour,
Voilà mon problème, je tente de supprimer les virus sur l'ordinateur d'une amie qui avait attrapé le virus fond d'écran bleu avec les cafard qui mangent l'écran. Elle a un pentium 4 et windows xpSP2. Après avoir parcouru le forum j'ai fait diverses actions et je pensais en avoir fini avec ce virus mais je me rend compte que chaque fois que je scanne, et je l'ai fait pas mal de fois, avec des antivirus différents, je retrouve un nombre incalculable de problème...
J'ai donc téléchargé hijack et j'ai fait un rapport que je poste ici, en espérant que vous pourrez m'aider et me dire où j'en suis de l'éradication de toutes ces petites bêtes.... Merci d'avance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:16:23, on 19/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B5A74FD6-566F-4EA8-9818-C815954FDE5C} - (no file)
O2 - BHO: (no name) - {BFCF46FE-9BBC-49D9-BDBF-BF1303CF327C} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {EE7D3601-9F9B-49EA-A558-501010BF1396} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file)
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CAMTRAY.EXE"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] "C:\Program Files\IncrediMail\bin\IncMail.exe" /c
O4 - HKCU\..\Run: [BoontyBox] "C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" /boot
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC4FFD59-A688-45D6-ABBA-2ED03BFF17B3}: NameServer = 212.27.32.176,212.27.32.177
O20 - AppInit_DLLs: MsgPlusLoader.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: nnnKedcd - nnnKedcd.dll (file missing)
O20 - Winlogon Notify: urqNEXrO - urqNEXrO.dll (file missing)
O21 - SSODL: AvpKernel - {0a38e09c-9e5b-41bf-8851-a69cbde8a39b} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN
ipsvc.exe (file missing)

sKe69 · Answer

Salut,
1-Rends toi sur ton PC ici : "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe"<---clik droit sur ce dernier et choisis "renommer" : tapes monjack et valide .

-!!Déconnectes toi et fermes toute tes applications en cours !!

Double clik sur le raccourci du bureau,
Fais un scan monjack (ou HijackThis renommé) et postes le  rapport générer pour analyse ...

Une fois ce dernier poster , enchaine directement par ce-ci :

2-Télécharges VirtumundoBegone sur ton bureau: 
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe 

!!Ce déconnecter et fermer toute ces applications le temps de la manipe !!

Double cliquer sur VirtumundoBeGone.exe et suivre les instructions. 
Une fois terminé, redémarrer le PC, le rapport VBG.TXT sera crée sur le bureau . 
(Si un message Ecran bleu "Erreur fatale" apparaît, pas d’inquiétude car c'est normal et attendu). 

Postes le rapport VBG accompagné d'un nouveau rapport Hijackthis pour analyse ...

fdwrc · Answer

Salut, chui pas un pro en la matiere mais t'as essayé de scaner avec malwabyte's et avec kaspersky online ?

isa24 · Answer

salut,
d'abord merci de ta réponse et dsl du retard pour la réaction mai j'étais absente, j'ai fait ce que tu as dis et voilà le 1er rapport de monjack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:55, on 21/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B5A74FD6-566F-4EA8-9818-C815954FDE5C} - (no file)
O2 - BHO: (no name) - {BFCF46FE-9BBC-49D9-BDBF-BF1303CF327C} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {EE7D3601-9F9B-49EA-A558-501010BF1396} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file)
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CAMTRAY.EXE"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] "C:\Program Files\IncrediMail\bin\IncMail.exe" /c
O4 - HKCU\..\Run: [BoontyBox] "C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" /boot
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC4FFD59-A688-45D6-ABBA-2ED03BFF17B3}: NameServer = 212.27.32.176,212.27.32.177
O20 - AppInit_DLLs: MsgPlusLoader.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: nnnKedcd - nnnKedcd.dll (file missing)
O20 - Winlogon Notify: urqNEXrO - urqNEXrO.dll (file missing)
O21 - SSODL: AvpKernel - {0a38e09c-9e5b-41bf-8851-a69cbde8a39b} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN
ipsvc.exe (file missing)

sKe69 · Answer

Salut,
Télécharges VirtumundoBegone sur ton bureau: 
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe 

!!Ce déconnecter et fermer toute ces applications le temps de la manipe !!

Double cliquer sur VirtumundoBeGone.exe et suivre les instructions. 
Une fois terminé, redémarrer le PC, le rapport VBG.TXT sera crée sur le bureau . 
(Si un message Ecran bleu "Erreur fatale" apparaît, pas d’inquiétude car c'est normal et attendu). 

Postes le rapport VBG accompagné d'un nouveau rapport Hijackthis pour analyse ...

sKe69 · Answer

...

isa24 · Answer

slt,
voila jai fait les différentes manip je poste le rapport vbg :

[06/21/2008, 12:26:34] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Thalie\Local Settings\Temporary Internet Files\Content.IE5\NT6LG7K0\VirtumundoBeGone[1].exe" )
[06/21/2008, 12:26:43] - Detected System Information:
[06/21/2008, 12:26:43] -  Windows Version: 5.1.2600, Service Pack 2
[06/21/2008, 12:26:43] -  Current Username: Thalie (Admin)
[06/21/2008, 12:26:43] -  Windows is in NORMAL mode.
[06/21/2008, 12:26:43] - Searching for Browser Helper Objects:
[06/21/2008, 12:26:43] -  BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[06/21/2008, 12:26:43] -  BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/21/2008, 12:26:43] -  BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/21/2008, 12:26:43] -  BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/21/2008, 12:26:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 12:26:43] -  No filename found. Continuing.
[06/21/2008, 12:26:43] -  BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/21/2008, 12:26:43] -  BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/21/2008, 12:26:43] -  BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/21/2008, 12:26:43] -  BHO 8: {B5A74FD6-566F-4EA8-9818-C815954FDE5C} ()
[06/21/2008, 12:26:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 12:26:43] -  No filename found. Continuing.
[06/21/2008, 12:26:43] -  BHO 9: {BFCF46FE-9BBC-49D9-BDBF-BF1303CF327C} ()
[06/21/2008, 12:26:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 12:26:43] -  No filename found. Continuing.
[06/21/2008, 12:26:43] -  BHO 10: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[06/21/2008, 12:26:43] -  BHO 11: {EE7D3601-9F9B-49EA-A558-501010BF1396} ()
[06/21/2008, 12:26:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 12:26:43] -  No filename found. Continuing.
[06/21/2008, 12:26:43] - Finished Searching Browser Helper Objects
[06/21/2008, 12:26:43] - Finishing up...
[06/21/2008, 12:26:43] - Nothing found! Exiting...

[06/21/2008, 12:27:29] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Thalie\Bureau\VirtumundoBeGone.exe" )
[06/21/2008, 12:27:39] - Detected System Information:
[06/21/2008, 12:27:39] -  Windows Version: 5.1.2600, Service Pack 2
[06/21/2008, 12:27:39] -  Current Username: Thalie (Admin)
[06/21/2008, 12:27:39] -  Windows is in NORMAL mode.
[06/21/2008, 12:27:39] - Searching for Browser Helper Objects:
[06/21/2008, 12:27:39] -  BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[06/21/2008, 12:27:39] -  BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/21/2008, 12:27:39] -  BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/21/2008, 12:27:39] -  BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/21/2008, 12:27:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 12:27:40] -  No filename found. Continuing.
[06/21/2008, 12:27:40] -  BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/21/2008, 12:27:40] -  BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/21/2008, 12:27:40] -  BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/21/2008, 12:27:40] -  BHO 8: {B5A74FD6-566F-4EA8-9818-C815954FDE5C} ()
[06/21/2008, 12:27:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 12:27:40] -  No filename found. Continuing.
[06/21/2008, 12:27:40] -  BHO 9: {BFCF46FE-9BBC-49D9-BDBF-BF1303CF327C} ()
[06/21/2008, 12:27:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 12:27:40] -  No filename found. Continuing.
[06/21/2008, 12:27:40] -  BHO 10: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[06/21/2008, 12:27:40] -  BHO 11: {EE7D3601-9F9B-49EA-A558-501010BF1396} ()
[06/21/2008, 12:27:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/21/2008, 12:27:40] -  No filename found. Continuing.
[06/21/2008, 12:27:40] - Finished Searching Browser Helper Objects
[06/21/2008, 12:27:40] - Finishing up...
[06/21/2008, 12:27:40] - Nothing found! Exiting...


et le rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:42, on 21/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Boonty\BoontyBox\PBCheckGames.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B5A74FD6-566F-4EA8-9818-C815954FDE5C} - (no file)
O2 - BHO: (no name) - {BFCF46FE-9BBC-49D9-BDBF-BF1303CF327C} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {EE7D3601-9F9B-49EA-A558-501010BF1396} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file)
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CAMTRAY.EXE"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] "C:\Program Files\IncrediMail\bin\IncMail.exe" /c
O4 - HKCU\..\Run: [BoontyBox] "C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" /boot
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC4FFD59-A688-45D6-ABBA-2ED03BFF17B3}: NameServer = 212.27.32.176,212.27.32.177
O20 - AppInit_DLLs: MsgPlusLoader.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: nnnKedcd - nnnKedcd.dll (file missing)
O20 - Winlogon Notify: urqNEXrO - urqNEXrO.dll (file missing)
O21 - SSODL: AvpKernel - {0a38e09c-9e5b-41bf-8851-a69cbde8a39b} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN
ipsvc.exe (file missing)

sKe69 · Answer

Télécharges MalwareByte's : 
ftp://ftp.commentcamarche.com/download/mbam-setup.exe
 
un tuto sympa : https://forum.pcastuces.com/sujet.asp?f=31&s=3 

Instales le ( choisis bien "francais" ; ne modifies pas les parramètres d'instale ) et mets le à jour . 

Puis redémarres en mode sans échec : 
Comment aller en Mode sans échec 
1) Redémarres ton ordi 
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" 
3) Tu verras un écran avec options de démarrage apparaître 
4) Choisis la première option : Sans Échec, et valide avec "Entrée" 
5) Choisis ton compte habituel, et non Administrateur (si besoin ... ) 
(attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreur ...)
 
Lances Malwarebyte's .

Fais un scan dit "complet" ( sélectionnes bien tout tes disks avant le scan )  et supprimes tout ce qu'il peut trouver :
--->une fois le scan terminé , click sur "résultat" : puis vérifies que tous les ojbets infectés soient validés, puis click sur " supression " .

Redémarres ton PC ( mode normal ). 

Postes le rapport sauvegardé après la supression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes) accompagné d'un nouvel hijackthis ( fait en mode normal ) ...

isa24 · Answer

voilà le résultat du scan :
Malwarebytes' Anti-Malware 1.18
Version de la base de données: 873

10:51:50 22/06/2008
mbam-log-6-22-2008 (10-51-37).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 269431
Temps écoulé: 15 hour(s), 3 minute(s), 1 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> No action taken.
HKEY_CURRENT_USER\Software\MySidesearch (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Control Panel\Desktop\Wallpaper (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\OriginalWallpaper (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\ConvertedWallpaper (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE (Trojan.FakeAlert) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Dédé\Local Settings\Temporary Internet Files\Content.IE5\J5T1O8G8\css4[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Dédé\Local Settings\Temporary Internet Files\Content.IE5\J5T1O8G8\kb456456[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settingsemi\Local Settings\Temporary Internet Files\Content.IE5\GOJ669VD\PLAY_MP3[1].exe (Trojan.Downloader) -> No action taken.

et maintenant le hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:31, on 22/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B5A74FD6-566F-4EA8-9818-C815954FDE5C} - (no file)
O2 - BHO: (no name) - {BFCF46FE-9BBC-49D9-BDBF-BF1303CF327C} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {EE7D3601-9F9B-49EA-A558-501010BF1396} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file)
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CAMTRAY.EXE"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] "C:\Program Files\IncrediMail\bin\IncMail.exe" /c
O4 - HKCU\..\Run: [BoontyBox] "C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" /boot
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC4FFD59-A688-45D6-ABBA-2ED03BFF17B3}: NameServer = 212.27.32.176,212.27.32.177
O20 - AppInit_DLLs: MsgPlusLoader.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: nnnKedcd - nnnKedcd.dll (file missing)
O20 - Winlogon Notify: urqNEXrO - urqNEXrO.dll (file missing)
O21 - SSODL: AvpKernel - {0a38e09c-9e5b-41bf-8851-a69cbde8a39b} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN
ipsvc.exe (file missing)

sKe69 · Answer

salut,
Fais exactement ce qui suit :

Télécharges ComboFix (par sUBs) sur ton Bureau (et pas ailleur !): 
http://download.bleepingcomputer.com/sUBs/ComboFix.exe <--- clik droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix et valide . 

----------------------------------------------- ATTENTION ---------------------------------------------------------------
!! déconnectes toi,fermes tes applications en cours et DESACTIVES TES DEFENCES (anti-virus, guardes anti spy-ware, pare-feu) le temps de la manipe : 
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après  !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
---------------------------------------------------------------------------------------------------------------------------------

Ensuite :
double-cliques C-Fix.exe ( = combofix.exe ) . 

Appuyes sur la touche Y (Yes) pour démarrer le scan . 

Attention : n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi. 
---> si un message d'erreur windows apparait à un momment , clik sur la croix en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! ) 

Le rapport sera crée dans: C:\Combofix.txt 
 
Postes le rapport Combofix accompagné d'un nouveau rapport hijackthis pour analyse ...

isa24 · Answer

voila le rapport combo : ComboFix 08-06-20.4 - Thalie 2008-06-22 14:38:06.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.529 [GMT 2:00] Endroit: C:\Documents and Settings\Thalie\Bureau\C-Fix.exe * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Advanced XP Defender C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Advanced XP Defender\How to register.lnk C:\WINDOWS\BMabeb7b5e.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\CKkSAJjl.ini C:\WINDOWS\system32\CKkSAJjl.ini2 C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe C:\WINDOWS\system32\pmcfduhv.ini C:\WINDOWS\system32\QYGhknpo.ini2 C:\WINDOWS\system32\urmtbshh.ini . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))))))) . 2025-07-05 10:37 . 2025-07-05 10:37 3,120 --a------ C:\WINDOWS\IM_PREM.lfa 2008-06-21 12:51 . 2008-06-21 12:51 d-------- C:\Documents and Settings\Thalie\Application Data\Malwarebytes 2008-06-21 12:51 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-06-21 12:51 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-06-19 16:16 . 2008-06-19 16:16 d-------- C:\Program Files\Trend Micro 2008-06-17 18:00 . 2008-06-17 18:00 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-06-17 09:04 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-06-17 09:04 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-06-17 09:04 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-06-17 08:09 . 2008-06-17 08:09 d-------- C:\Program Files\Avira 2008-06-17 08:09 . 2008-06-17 08:09 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-06-17 07:48 . 2008-06-17 07:49 d-------- C:\Program Files\Windows Live 2008-06-17 07:48 . 2008-06-17 07:48 d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-06-17 07:47 . 2008-06-17 07:47 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-06-17 07:30 . 2008-06-17 07:30 d-------- C:\Program Files\Sun 2008-06-16 19:17 . 2008-06-16 19:17 10,872,790 --a------ C:\upload_moi_SECR-5EE85B317A.tar.gz 2008-06-16 12:00 . 2008-06-21 12:51 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-16 12:00 . 2008-06-16 12:00 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-16 11:10 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-16 11:10 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-16 10:58 . 2003-11-08 05:16 265,728 -ra------ C:\WINDOWS\system32\drivers\BCMWL5.SYS 2008-06-12 11:49 . 2008-06-12 11:49 99,264 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys 2008-05-29 07:43 . 2008-05-29 07:43 d-------- C:\Program Files\Incredijeux 2008-05-24 08:30 . 2008-05-24 08:45 d-------- C:\Documents and Settings\Thalie\Application Data\Pirateville . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-17 05:30 --------- d-----w C:\Program Files\Java 2008-06-16 09:48 4,910 ----a-w C:\WINDOWS\system32\tmp.reg 2008-05-29 08:44 --------- d-----w C:\Documents and Settings\remi\Application Data\LimeWire 2008-05-29 06:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-29 05:43 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media 2008-05-24 06:30 --------- d-----w C:\Documents and Settings\Thalie\Application Data\Zylom 2008-05-24 06:29 --------- d-----w C:\Program Files\Zylom Games 2008-05-16 17:25 --------- d-----w C:\Program Files\BoontyGames 2008-05-16 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecretsOfOlympus 2008-05-15 10:11 446,976 ----a-w C:\WINDOWS\system32\ShellMPD.dll 2008-05-15 10:11 --------- d-----w C:\Program Files\MSN Pictures Displayer 2008-05-15 10:11 --------- d-----w C:\Documents and Settings\valerie\Application Data\MSN Pictures Displayer 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-05 08:00 --------- d-----w C:\Program Files\Mes Jeux Installés 2008-05-03 13:06 --------- d-----w C:\Program Files\iTunes 2008-05-03 13:06 --------- d-----w C:\Program Files\iPod 2008-05-03 13:04 --------- d-----w C:\Program Files\Bonjour 2008-05-03 13:03 --------- d-----w C:\Program Files\QuickTime Alternative 2008-05-03 12:59 --------- d-----w C:\Program Files\Apple Software Update 2008-05-03 12:58 --------- d-----w C:\Program Files\Fichiers communs\Apple 2008-05-03 12:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2008-05-02 16:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-02 16:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-04-30 16:20 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-04-30 11:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-04-30 10:29 --------- d-----w C:\Program Files\Enigma Software Group 2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-04-21 19:52 860 ----a-w C:\Documents and Settings\Thalie\Application Data\wklnhst.dat 2008-04-02 08:59 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2007-08-03 13:25 13,043,226 ----a-w C:\Program Files\klcodec330f.exe 2007-07-25 13:02 2,591,956 ----a-w C:\Program Files\eMulePlus-1.2b.Installer.exe 2007-05-27 09:44 92,064 ----a-w C:\Documents and Settings\Thalie\mqdmmdm.sys 2007-05-27 09:44 9,232 ----a-w C:\Documents and Settings\Thalie\mqdmmdfl.sys 2007-05-27 09:44 79,328 ----a-w C:\Documents and Settings\Thalie\mqdmserd.sys 2007-05-27 09:44 66,656 ----a-w C:\Documents and Settings\Thalie\mqdmbus.sys 2007-05-27 09:44 6,208 ----a-w C:\Documents and Settings\Thalie\mqdmcmnt.sys 2007-05-27 09:44 5,936 ----a-w C:\Documents and Settings\Thalie\mqdmwhnt.sys 2007-05-27 09:44 4,048 ----a-w C:\Documents and Settings\Thalie\mqdmcr.sys 2007-05-27 09:44 25,600 ----a-w C:\Documents and Settings\Thalie\usbsermptxp.sys 2007-05-27 09:44 22,768 ----a-w C:\Documents and Settings\Thalie\usbsermpt.sys 2006-03-03 14:59 774,144 ----a-w C:\Program Files\RngInterstitial.dll 2003-01-13 09:55 282,624 ----a-w C:\Program Files\internet explorer\plugins\PanoViewer.dll 1999-04-30 15:00 98,304 ----a-w C:\Program Files\internet explorer\plugins\UPjpeg.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5A74FD6-566F-4EA8-9818-C815954FDE5C}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFCF46FE-9BBC-49D9-BDBF-BF1303CF327C}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE7D3601-9F9B-49EA-A558-501010BF1396}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-01-23 09:06 204843] "BoontyBox"="C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" [2005-04-15 14:24 667648] "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-06-13 13:36 2137024] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 07:56 68856] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21 57344] "EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 05:00 98304] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-04-15 12:03 190024] "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 12:04 245760] "SoundMan"="SOUNDMAN.EXE" [2005-06-20 22:42 77824 C:\WINDOWS\SOUNDMAN.EXE] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 22:05 344064] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [ ] "StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2005-03-24 14:52 94770] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12 90112] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 01:15 366400] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-09 15:21 1836544] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-22 16:24 180269] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnKedcd] nnnKedcd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqNEXrO] urqNEXrO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=MsgPlusLoader.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.DIV3"= DivXc32.dll "msacm.divxa32"= DivXa32.acm "SENTINEL"= snti386.dll "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm "vidc.i263"= C:\WINDOWS\system32\i263_32.drv "vidc.vp31"= vp31vfw.dll "vidc.yv12"= yv12vfw.dll "msacm.ac3filter"= ac3filter.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\IncrediMail\bin\IMApp.exe"= "C:\Program Files\IncrediMail\bin\IncMail.exe"= "C:\Program Files\IncrediMail\bin\ImpCnt.exe"= "C:\Program Files\VideoLink Pro\Engine.exe"= "C:\Program Files\VideoLink Pro\SMListenEngine.exe"= "C:\Program Files\Real\RealPlayer\realplay.exe"= "C:\Program Files\Infogrames\Combat\Combat.exe"= "C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe"= "C:\Program Files\EpieGames\Parawolffist\Parawolffist.exe"= "C:\Program Files\GigaByte\VGA Utility Manager\G-vga.exe"= "C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"= "C:\Program Files\LimeWire\LimeWire.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Bonjour\mDNSResponder.exe"= "C:\Program Files\iTunes\iTunes.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6662:TCP"= 6662:TCP:portemule "6672:UDP"= 6672:UDP:emuleport2 "8862:TCP"= 8862:TCP:emuletcp "8872:UDP"= 8872:UDP:emuleudp "22636:TCP"= 22636:TCP:BitComet 22636 TCP "22636:UDP"= 22636:UDP:BitComet 22636 UDP R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00] S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2005-12-10 17:18] S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys [] S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 13:41] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58] S3 V0080Dev;Creative Camera VF0080 Driver;C:\WINDOWS\system32\DRIVERS\V0080Dev.sys [2004-10-09 11:51] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-05-22 20:51:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-05-16 13:00:18 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-22 15:05:33 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe C:\Program Files\MSN Toolbar Suite\DS\[u]0[/u]2.05.0001.1119\fr-fr\bin\WindowsSearch.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE C:\Program Files\MSN Toolbar Suite\DS\[u]0[/u]2.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\MSN Toolbar Suite\DS\[u]0[/u]2.05.0001.1119\fr-fr\bin\WindowsSearchFilter.exe C:\Program Files\MSN Toolbar Suite\SL\[u]0[/u]2.05.0001.1119\fr-fr\msn_sl.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-22 15:16:04 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-22 13:15:55 Pre-Run: 35,362,107,392 octets libres Post-Run: 38,898,348,032 octets libres 231 --- E O F --- 2008-06-22 08:58:55 et le rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:41:33, on 22/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Boonty\BoontyBox\BoontyBox.exe C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe C:\PROGRA~1\INCRED~1\bin\ImApp.exe C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\explorer.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\monjack.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: (no name) - {B5A74FD6-566F-4EA8-9818-C815954FDE5C} - (no file) O2 - BHO: (no name) - {BFCF46FE-9BBC-49D9-BDBF-BF1303CF327C} - (no file) O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: (no name) - {EE7D3601-9F9B-49EA-A558-501010BF1396} - (no file) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file) O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600" O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IncrediMail] "C:\Program Files\IncrediMail\bin\IncMail.exe" /c O4 - HKCU\..\Run: [BoontyBox] "C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" /boot O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra button: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing) O9 - Extra 'Tools' menuitem: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/... O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{DC4FFD59-A688-45D6-ABBA-2ED03BFF17B3}: NameServer = 212.27.32.176,212.27.32.177 O20 - AppInit_DLLs: MsgPlusLoader.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: nnnKedcd - nnnKedcd.dll (file missing) O20 - Winlogon Notify: urqNEXrO - urqNEXrO.dll (file missing) O21 - SSODL: AvpKernel - {0a38e09c-9e5b-41bf-8851-a69cbde8a39b} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)

sKe69 · Answer

impec , on continue :

1-Crée un doc texte sur ton bureau : 
pointes ta souris sur ton bureau , click droit : vas dans "nouveau" et choisis "document texte" . 

Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de crée : 

Registry:: 
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5A74FD6-566F-4EA8-9818-C815954FDE5C}] 

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFCF46FE-9BBC-49D9-BDBF-BF1303CF327C}] 

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE7D3601-9F9B-49EA-A558-501010BF1396}] 

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify
nnKedcd] 

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\urqNEXrO] 


Puis vas dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi : 
CFScript puis valides ...
 

2-Nettoyage :
!! Déconnectes toi,fermes toute tes application et désactive ton antivirus le temps de la manipe ( tu le réactiveras après )  !! 

--->Sur ton bureau, fais un glisser avec ta souris le fichier CFScript sur l'icone de ComboFix.exe . 

(Regarde ici : http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif )

Cette manipulation va relancer combofix .
--> Une fenêtre bleue va apparaître: au message qui apparaît "Type 1 to continue, or 2 to abort" : tape 1 puis valide. 

Puis patientes le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!) 

!! Ne touche à rien tant que le scan n'est pas terminé !! 

Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisses-le faire. 

Une fois le scan achevé, un rapport va s'afficher : Postes le accompagné d' un nouveau rapport HijackThis pour analyse ...

( Attention : cette manipe a été fait pour ce PC . Toute réutilisation peut endommager sévèrement le système d'exploitation )

isa24 · Answer

voila le rapport combo : ComboFix 08-06-20.4 - Thalie 2008-06-22 16:08:42.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.530 [GMT 2:00] Endroit: C:\Documents and Settings\Thalie\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Thalie\Bureau\CFScript.txt * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . ((((((((((((((((((((((((((((( Fichiers créés 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))))))) . 2025-07-05 10:37 . 2025-07-05 10:37 3,120 --a------ C:\WINDOWS\IM_PREM.lfa 2008-06-22 15:16 . 2008-06-22 15:16 d-------- C:\Documents and Settings\DÚdÚ 2008-06-22 14:37 . 2008-06-22 15:16 d-------- C:\C-Fix 2008-06-21 12:51 . 2008-06-21 12:51 d-------- C:\Documents and Settings\Thalie\Application Data\Malwarebytes 2008-06-21 12:51 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-06-21 12:51 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-06-19 16:16 . 2008-06-19 16:16 d-------- C:\Program Files\Trend Micro 2008-06-17 18:00 . 2008-06-17 18:00 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-06-17 09:04 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-06-17 09:04 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-06-17 09:04 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-06-17 08:09 . 2008-06-17 08:09 d-------- C:\Program Files\Avira 2008-06-17 08:09 . 2008-06-17 08:09 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-06-17 07:48 . 2008-06-17 07:49 d-------- C:\Program Files\Windows Live 2008-06-17 07:48 . 2008-06-17 07:48 d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-06-17 07:47 . 2008-06-17 07:47 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-06-17 07:30 . 2008-06-17 07:30 d-------- C:\Program Files\Sun 2008-06-16 19:17 . 2008-06-16 19:17 10,872,790 --a------ C:\upload_moi_SECR-5EE85B317A.tar.gz 2008-06-16 12:00 . 2008-06-21 12:51 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-16 12:00 . 2008-06-16 12:00 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-16 11:10 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-16 11:10 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-16 10:58 . 2003-11-08 05:16 265,728 -ra------ C:\WINDOWS\system32\drivers\BCMWL5.SYS 2008-06-12 11:49 . 2008-06-12 11:49 99,264 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys 2008-05-29 07:43 . 2008-05-29 07:43 d-------- C:\Program Files\Incredijeux 2008-05-24 08:30 . 2008-05-24 08:45 d-------- C:\Documents and Settings\Thalie\Application Data\Pirateville . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-17 05:30 --------- d-----w C:\Program Files\Java 2008-06-16 09:48 4,910 ----a-w C:\WINDOWS\system32\tmp.reg 2008-05-29 08:44 --------- d-----w C:\Documents and Settings\remi\Application Data\LimeWire 2008-05-29 06:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-29 05:43 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media 2008-05-24 06:30 --------- d-----w C:\Documents and Settings\Thalie\Application Data\Zylom 2008-05-24 06:29 --------- d-----w C:\Program Files\Zylom Games 2008-05-16 17:25 --------- d-----w C:\Program Files\BoontyGames 2008-05-16 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecretsOfOlympus 2008-05-15 10:11 446,976 ----a-w C:\WINDOWS\system32\ShellMPD.dll 2008-05-15 10:11 --------- d-----w C:\Program Files\MSN Pictures Displayer 2008-05-15 10:11 --------- d-----w C:\Documents and Settings\valerie\Application Data\MSN Pictures Displayer 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-05 08:00 --------- d-----w C:\Program Files\Mes Jeux Installés 2008-05-03 13:06 --------- d-----w C:\Program Files\iTunes 2008-05-03 13:06 --------- d-----w C:\Program Files\iPod 2008-05-03 13:04 --------- d-----w C:\Program Files\Bonjour 2008-05-03 13:03 --------- d-----w C:\Program Files\QuickTime Alternative 2008-05-03 12:59 --------- d-----w C:\Program Files\Apple Software Update 2008-05-03 12:58 --------- d-----w C:\Program Files\Fichiers communs\Apple 2008-05-03 12:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2008-05-02 16:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-02 16:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-04-30 16:20 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-04-30 11:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-04-30 10:29 --------- d-----w C:\Program Files\Enigma Software Group 2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-04-21 19:52 860 ----a-w C:\Documents and Settings\Thalie\Application Data\wklnhst.dat 2008-04-02 08:59 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2007-08-03 13:25 13,043,226 ----a-w C:\Program Files\klcodec330f.exe 2007-07-25 13:02 2,591,956 ----a-w C:\Program Files\eMulePlus-1.2b.Installer.exe 2007-05-27 09:44 92,064 ----a-w C:\Documents and Settings\Thalie\mqdmmdm.sys 2007-05-27 09:44 9,232 ----a-w C:\Documents and Settings\Thalie\mqdmmdfl.sys 2007-05-27 09:44 79,328 ----a-w C:\Documents and Settings\Thalie\mqdmserd.sys 2007-05-27 09:44 66,656 ----a-w C:\Documents and Settings\Thalie\mqdmbus.sys 2007-05-27 09:44 6,208 ----a-w C:\Documents and Settings\Thalie\mqdmcmnt.sys 2007-05-27 09:44 5,936 ----a-w C:\Documents and Settings\Thalie\mqdmwhnt.sys 2007-05-27 09:44 4,048 ----a-w C:\Documents and Settings\Thalie\mqdmcr.sys 2007-05-27 09:44 25,600 ----a-w C:\Documents and Settings\Thalie\usbsermptxp.sys 2007-05-27 09:44 22,768 ----a-w C:\Documents and Settings\Thalie\usbsermpt.sys 2006-12-27 22:59 1,190,068 ----a-w C:\Documents and Settings\Dédé\cochonsalope.zip 2006-12-27 22:59 1,190,068 ----a-w C:\Documents and Settings\Dédé\cochonsalope.zip 2006-03-03 14:59 774,144 ----a-w C:\Program Files\RngInterstitial.dll 2003-01-13 09:55 282,624 ----a-w C:\Program Files\internet explorer\plugins\PanoViewer.dll 1999-04-30 15:00 98,304 ----a-w C:\Program Files\internet explorer\plugins\UPjpeg.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-01-23 09:06 204843] "BoontyBox"="C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" [2005-04-15 14:24 667648] "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-06-13 13:36 2137024] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 07:56 68856] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21 57344] "EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 05:00 98304] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-04-15 12:03 190024] "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 12:04 245760] "SoundMan"="SOUNDMAN.EXE" [2005-06-20 22:42 77824 C:\WINDOWS\SOUNDMAN.EXE] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 22:05 344064] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 21:33 57344] "StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2005-03-24 14:52 94770] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12 90112] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 01:15 366400] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-09 15:21 1836544] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-22 16:24 180269] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040] C:\Documents and Settings\valerie\Menu D‚marrer\Programmes\D‚marrage\ MSN Pictures Displayer.lnk - C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2008-05-15 12:06:51 4571136] C:\Documents and Settings\Thalie\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] BTTray.lnk - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2005-10-09 01:16:54 610365] Contr“leur de calendrier Ulead.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2005-12-02 15:24:26 69632] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588] Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\[u]0[/u]2.05.0001.1119\fr-fr\bin\WindowsSearch.exe [2005-09-20 19:10:04 238080] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=MsgPlusLoader.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.DIV3"= DivXc32.dll "msacm.divxa32"= DivXa32.acm "SENTINEL"= snti386.dll "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm "vidc.i263"= C:\WINDOWS\system32\i263_32.drv "vidc.vp31"= vp31vfw.dll "vidc.yv12"= yv12vfw.dll "msacm.ac3filter"= ac3filter.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\IncrediMail\bin\IMApp.exe"= "C:\Program Files\IncrediMail\bin\IncMail.exe"= "C:\Program Files\IncrediMail\bin\ImpCnt.exe"= "C:\Program Files\VideoLink Pro\Engine.exe"= "C:\Program Files\VideoLink Pro\SMListenEngine.exe"= "C:\Program Files\Real\RealPlayer\realplay.exe"= "C:\Program Files\Infogrames\Combat\Combat.exe"= "C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe"= "C:\Program Files\EpieGames\Parawolffist\Parawolffist.exe"= "C:\Program Files\GigaByte\VGA Utility Manager\G-vga.exe"= "C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"= "C:\Program Files\LimeWire\LimeWire.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Bonjour\mDNSResponder.exe"= "C:\Program Files\iTunes\iTunes.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6662:TCP"= 6662:TCP:portemule "6672:UDP"= 6672:UDP:emuleport2 "8862:TCP"= 8862:TCP:emuletcp "8872:UDP"= 8872:UDP:emuleudp "22636:TCP"= 22636:TCP:BitComet 22636 TCP "22636:UDP"= 22636:UDP:BitComet 22636 UDP R3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2005-12-10 17:18] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00] S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys [] S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 13:41] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58] S3 V0080Dev;Creative Camera VF0080 Driver;C:\WINDOWS\system32\DRIVERS\V0080Dev.sys [2004-10-09 11:51] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-05-22 20:51:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-05-16 13:00:18 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-22 16:11:21 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-06-22 16:15:54 ComboFix-quarantined-files.txt 2008-06-22 14:14:59 ComboFix2.txt 2008-06-22 13:16:06 Pre-Run: 38,959,022,080 octets libres Post-Run: 38,948,925,440 octets libres 200 --- E O F --- 2008-06-22 08:58:55 et le hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:30:13, on 22/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Boonty\BoontyBox\BoontyBox.exe C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe C:\PROGRA~1\INCRED~1\bin\ImApp.exe C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\monjack.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file) O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600" O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IncrediMail] "C:\Program Files\IncrediMail\bin\IncMail.exe" /c O4 - HKCU\..\Run: [BoontyBox] "C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" /boot O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra button: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing) O9 - Extra 'Tools' menuitem: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/... O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{DC4FFD59-A688-45D6-ABBA-2ED03BFF17B3}: NameServer = 212.27.32.176,212.27.32.177 O20 - AppInit_DLLs: MsgPlusLoader.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O21 - SSODL: AvpKernel - {0a38e09c-9e5b-41bf-8851-a69cbde8a39b} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)

sKe69 · Answer

1-Fermes toutes tes applications et déconnectes toi .

Relance Hijackthis mais click sur " Do a scan only " 
Tu vois donc apparaitre le résultat du scan : une multitudes de lignes ,chacunes précédées d'un carré vide . 
Tu vas clické sur les carré des lignes suivantes : 

R3 - URLSearchHook: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) 
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) 
O3 - Toolbar: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file) 
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime 
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe 
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') 
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') 
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') 
O9 - Extra button: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing) 
O9 - Extra 'Tools' menuitem: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing) 
O21 - SSODL: AvpKernel - {0a38e09c-9e5b-41bf-8851-a69cbde8a39b} - (no file)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN
ipsvc.exe (file missing)


Tu cliques en bas sur le bouton FIX CHECKED et valides .

2-Télécharges ToolsCleaner (de A.Rothstein) sur ton Bureau. 
http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe

Lances le . 
Cliques sur Recherche et laisses le scan se terminer (cela peut être long). 
Cliques sur Suppression pour finaliser. 
Tu peux, si tu le souhaites, te servir des Options facultatives 

Ce petit soft va te nettoyer tout les trucs dont on c'est servi pour la désinfection ( tu n'en as plus besion ! ) . 
Supprimes tout les outils , dossiers ou rapports consernant la désinfection que Toolsclaener2 n'a pas supprimé . 

Puis enfin supprimes Toolscleaner2 ... ( gardes Malwaresbytes : très utile )


3- Télécharges : - CCleaner 
https://www.pcastuces.com/logitheque/ccleaner.htm 
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corrigé ton registre .Lors de l'instalation, avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 première.
Une fois le prg instalé et lancé, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures"( Par la suite, laisse-le avec ses réglages par défaut. C'est tout ). 

Un tuto ( aide ): 
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm 

Utilisation:
vas dans "nettoyeur" : fait annalyse puis nettoyage 
et vas dans "registre" : fait chercher les erreurs et réparer ( plusieur fois jusqu'a ce qu'il n'y est plus d'erreur ) . 

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )

4- on va fair un scan avec AntiVir .

Mets le bien à jours
Puis fais ce petit réglage si cela n'est pas déjà fais :
******************************************************
une fois antivir ouvert click sur configuration et coche la case "expert mode" .
*puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >"scanner priority" = High 
*coches : "allow stopping the scanne"r, comme cela tu peux faire une pause pendant le scan si tu le desir. 
*puis sur la droite coches les case suivantes : 
"scan boot sectors of selected drives" 
"scan master boot sectors "
"scan memory" 
"search foe rootkit before scan" 
decoches : 
"ignore off line files" 
*toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level 
********************************************* 

Impératif : redémarres en mode sans échec

Lances un scan complet de ton PC avec AntiVir et mets tout ce qu'il peut trouver en quarantaine ... à la fin , demande à crée un rapport puis sauvegardes le de façon à le retrouver ...

Redémarres ton pc et postes moi le rapport obtenu ...

isa24 · Answer

Voila le rapport antivir :
Avira AntiVir Personal
Report file date: dimanche 22 juin 2008  19:56

Scanning for 1350570 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Boot mode:        Save mode
Username:         Thalie
Computer name:    SECR-5EE85B317A

Version information:
BUILD.DAT     : 8.1.0.308       16478 Bytes  28/05/2008 17:03:00
AVSCAN.EXE    : 8.1.2.12       311553 Bytes  18/03/2008 09:02:56
AVSCAN.DLL    : 8.1.1.0         53505 Bytes  07/02/2008 08:43:37
LUKE.DLL      : 8.1.2.9        151809 Bytes  28/02/2008 08:41:23
LUKERES.DLL   : 8.1.2.1         12033 Bytes  21/02/2008 08:28:40
ANTIVIR0.VDF  : 6.40.0.0     11030528 Bytes  18/07/2007 10:33:34
ANTIVIR1.VDF  : 7.0.3.2       5447168 Bytes  07/03/2008 13:08:58
ANTIVIR2.VDF  : 7.0.4.195     2546176 Bytes  14/06/2008 06:12:42
ANTIVIR3.VDF  : 7.0.4.233      260608 Bytes  21/06/2008 08:59:25
Engineversion : 8.1.0.59  
AEVDF.DLL     : 8.1.0.5        102772 Bytes  25/02/2008 09:58:21
AESCRIPT.DLL  : 8.1.0.44       278907 Bytes  21/06/2008 08:11:16
AESCN.DLL     : 8.1.0.22       119157 Bytes  21/06/2008 08:11:11
AERDL.DLL     : 8.1.0.20       418165 Bytes  17/06/2008 06:13:10
AEPACK.DLL    : 8.1.1.6        364918 Bytes  21/06/2008 08:11:07
AEOFFICE.DLL  : 8.1.0.20       192891 Bytes  21/06/2008 08:11:03
AEHEUR.DLL    : 8.1.0.32      1274231 Bytes  21/06/2008 08:11:01
AEHELP.DLL    : 8.1.0.15       115063 Bytes  17/06/2008 06:12:55
AEGEN.DLL     : 8.1.0.29       307573 Bytes  21/06/2008 08:10:45
AEEMU.DLL     : 8.1.0.6        430451 Bytes  17/06/2008 06:12:48
AECORE.DLL    : 8.1.0.31       168310 Bytes  17/06/2008 06:12:46
AVWINLL.DLL   : 1.0.0.7         14593 Bytes  23/01/2008 17:07:53
AVPREF.DLL    : 8.0.0.1         25857 Bytes  18/02/2008 10:37:50
AVREP.DLL     : 7.0.0.1        155688 Bytes  16/04/2007 13:26:47
AVREG.DLL     : 8.0.0.0         30977 Bytes  23/01/2008 17:07:49
AVARKT.DLL    : 1.0.0.23       307457 Bytes  12/02/2008 08:29:23
AVEVTLOG.DLL  : 8.0.0.11       114945 Bytes  28/02/2008 08:31:31
SQLITE3.DLL   : 3.3.17.1       339968 Bytes  22/01/2008 17:28:02
SMTPLIB.DLL   : 1.2.0.19        28929 Bytes  23/01/2008 17:08:39
NETNT.DLL     : 8.0.0.1          7937 Bytes  25/01/2008 12:05:10
RCIMAGE.DLL   : 8.0.0.35      2371841 Bytes  10/03/2008 14:37:25
RCTEXT.DLL    : 8.0.32.0        86273 Bytes  06/03/2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, 
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: dimanche 22 juin 2008  19:56

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
      [INFO]      No virus was found!
Master boot sector HD1
      [INFO]      No virus was found!
      [WARNING]   Le périphérique n'est pas prêt.
Master boot sector HD2
      [INFO]      No virus was found!
      [WARNING]   Le périphérique n'est pas prêt.
Master boot sector HD3
      [INFO]      No virus was found!
      [WARNING]   Le périphérique n'est pas prêt.
Master boot sector HD4
      [INFO]      No virus was found!
      [WARNING]   Le périphérique n'est pas prêt.
Master boot sector HD5
      [INFO]      No virus was found!
      [WARNING]   Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
      [INFO]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '47' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\Documents and Settings\Dédé\Incomplete\T-3545425-ma belle mere paricia.mpg
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '4891a14a.qua'!
C:\Documents and Settings\Dédé\Mes documents\LimeWire\Saved\helene grimaud.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '48caa263.qua'!
C:\Documents and Settings\Dédé\Mes documents\LimeWire\Saved	enkaichi 3 meteor.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '48cca274.qua'!
C:\Documents and Settings\Dédé\Mes documents\LimeWire\Saved\TOTALLY HIP TRACK.wma
      [DETECTION] Is the Trojan horse TR/Dldr.Age.3566386
      [NOTE]      The file was moved to '48b2a262.qua'!
C:\Documents and Settings\Dédé\Mes documents\LimeWire\Saved\wedontdance wearethedance smbd.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '48c2a27c.qua'!
C:\Documents and Settings\Dédé\Shared\au revoir sherifa luna.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '487ea37c.qua'!
C:\Documents and Settings\Dédé\Shared\il avait les mots sheriffa.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '487ea37e.qua'!
C:\Documents and Settings\Dédé\Shared\interlude sherifa luna.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '48d2a384.qua'!
C:\Documents and Settings\Dédé\Shared\mika happy ending.mpg
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '48c9a38e.qua'!
C:\Documents and Settingsemi\Bureau\dragon ball\dbz\budokai tenkaishi 3.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '48c2a447.qua'!
C:\Documents and Settingsemi\Bureau\dragon ball\dbz	enkaichi 3.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '48cca440.qua'!
C:\Documents and Settingsemi\Bureau\musiqueemi\dragon ball hantai.mpg
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '48bfa5e1.qua'!
C:\Documents and Settingsemi\Bureau\musiqueemi\le declic.mpg
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '487ea5ed.qua'!
C:\Documents and Settingsemi\Incomplete\Preview-T-3545425-tenkaichi 3.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '48c3a757.qua'!
C:\Documents and Settings\Thalie\Mes documents\dossier thalie\dossier thalie\mp3\bleending love leanna lewis.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '48c3b6c0.qua'!
C:\Documents and Settings\Thalie\Mes documents\dossier thalie\dossier thalie\mp3\in my arms kelly minogue.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '487eb6c8.qua'!
C:\Documents and Settings\Thalie\Mes documents\dossier thalie\dossier thalie\mp3\in my arms killy minogue.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '487eb6cd.qua'!
C:\Documents and Settings\Thalie\Mes documents\photos 18 06\album sherifa luna\interlude sherifa luna.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '48d2bd06.qua'!
C:\Documents and Settings\Thalie\Mes documents\photos 18 06\lorie\2lor en moi lorie.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '48cdbd0c.qua'!
C:\Documents and Settings\Thalie\Shared\bleending love leanna lewis.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '48c3d22a.qua'!
C:\Documents and Settings\Thalie\Shared\in my arms kelly minogue.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '487ed231.qua'!
C:\Documents and Settings\Thalie\Shared\in my arms killy minogue.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '487ed236.qua'!
C:\Documents and Settings\Thalie\Shared\whit love adaway.mp3
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
      [NOTE]      The file was moved to '48c7d237.qua'!


End of the scan: lundi 23 juin 2008  12:21
Used time: 16:25:01 min

The scan has been done completely.

  16920 Scanning directories
 404368 Files were scanned
     23 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
     23 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
 404345 Files not concerned
   4022 Archives were scanned
      6 Warnings
     23 Notes

sKe69 · Answer

Et bien dis moi , tu avais pas mal de mp3 infectés ...

1-Supprimes tout les objet infectieux qu'il peut avoir dans les zone de "quarantaine " de Malwarebytes et de AntiVir ...

2-refais un coup de CCleaner ( registre compris ) 

---> Fais moi un petit topo sur l'état de ton PC , y a t'il du mieux ?

Puis ensuite fais ce-ci pour contrôler :

3-Télécharge DiagHelp.zip sur ton bureau :

http://www.malekal.com/download/DiagHelp.zip

!! déconnectes toi et fermes toutes tes applications en cours !!  

Fais un clic droit sur le fichier et extraire tout .

--> Un nouveau dossier va être créé : "DiagHelp"  
Ouvres le et double-clic sur go.cmd et pas sur autre chose ! (le .cmd peut ne pas apparaître )
 
--> Une fenêtre va s'ouvrir, choisis l'option 1 
L'analyse va commencer, ce-ci peut durer quelques minutes, laisses faire et appuies sur une touche quand on te le demandera : 
une page IE va s'ouvrir , fermes la . 
Re-appuis sur une touche, le bloc-note s'ouvre : 
Sauvegardes ce rapport de façon à le retrouver et postes tout son contenu dans ta prochaine réponse ...

isa24 · Answer

Alors pour ce qui est de l'état du PC comme je te l'ai dit au début ce n'est pas le mien mais je vois quand même une nette amélioration par rapport au jour ou je l'ai ramené chez moi ! Il va nettement plus vite et les actions comme fermer une session, redémarrer ou tout simplement démarrer vont nettement plus vite et ne plantent plus. Les analyses sont très longues mais je suppose que c'est normal. Voila le dernier rapport : DiagHelp version v1.4 - http://www.malekal.com excute le 23/06/2008 à 15:16:20,33 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->23/06/2008 15:16:19 C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->23/06/2008 15:16:17 C:\WINDOWS\prefetch\PBCHECKGAMES.EXE-0BF63BC3.pf -->23/06/2008 15:16:01 C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->23/06/2008 15:15:45 C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->23/06/2008 15:15:11 C:\WINDOWS\prefetch\AVWSC.EXE-347FCF75.pf -->23/06/2008 15:12:52 C:\WINDOWS\prefetch\BOONTY.EXE-31979621.pf -->23/06/2008 15:00:56 C:\WINDOWS\prefetch\BOONTYGAMES.0001-2079209C.pf -->23/06/2008 15:00:54 C:\WINDOWS\prefetch\~E5D141.TMP-03EECD97.pf -->23/06/2008 15:00:51 C:\WINDOWS\prefetch\CHKLICENCEOS.EXE-25190090.pf -->23/06/2008 15:00:51 C:\WINDOWS\System32\drivers\mbamcatchme.sys -->19/06/2008 17:48:04 C:\WINDOWS\System32\drivers\mbam.sys -->19/06/2008 17:47:58 C:\WINDOWS\System32\drivers\bthport.sys -->14/06/2008 19:59:52 C:\WINDOWS\System32\drivers\AnyDVD.sys -->12/06/2008 11:49:09 C:\WINDOWS\System32\drivers mcast.sys -->08/05/2008 14:28:49 C:\WINDOWS\System32\drivers\avipbb.sys -->04/03/2008 13:28:53 C:\WINDOWS\System32\drivers\GEARAspiWDM.sys -->29/01/2008 12:01:28 C:\WINDOWS\System32\wpa.dbl -->23/06/2008 13:07:08 C:\WINDOWS\System32\CONFIG.NT -->17/06/2008 08:02:01 C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log -->17/06/2008 07:30:16 C:\WINDOWS\System32 mp.txt -->16/06/2008 11:48:32 C:\WINDOWS\System32 mp.reg -->16/06/2008 11:48:32 C:\WINDOWS\System32\MRT.exe -->30/05/2008 01:35:11 C:\WINDOWS\System32\ShellMPD.dll -->15/05/2008 12:11:39 C:\WINDOWS\System32\quartz.dll -->07/05/2008 07:15:36 C:\WINDOWS\System32\mshtml.dll -->23/04/2008 22:16:42 C:\WINDOWS\System32\wininet.dll -->23/04/2008 06:16:40 C:\WINDOWS\System32\webcheck.dll -->23/04/2008 06:16:40 C:\WINDOWS\System32\urlmon.dll -->23/04/2008 06:16:40 C:\WINDOWS\System32\url.dll -->23/04/2008 06:16:40 C:\WINDOWS\System32\pngfilt.dll -->23/04/2008 06:16:40 C:\WINDOWS\System32\occache.dll -->23/04/2008 06:16:40 C:\WINDOWS\System32\mstime.dll -->23/04/2008 06:16:40 C:\WINDOWS\System32\msrating.dll -->23/04/2008 06:16:40 C:\WINDOWS\System32\mshtmled.dll -->23/04/2008 06:16:40 C:\WINDOWS\System32\msfeedsbs.dll -->23/04/2008 06:16:40 C:\WINDOWS\System32\msfeeds.dll -->23/04/2008 06:16:40 C:\WINDOWS\System32\jsproxy.dll -->23/04/2008 06:16:40 C:\WINDOWS\System32\inetcpl.cpl -->23/04/2008 06:16:40 C:\WINDOWS\System32\iertutil.dll -->23/04/2008 06:16:39 C:\WINDOWS\System32\iernonce.dll -->23/04/2008 06:16:39 C:\WINDOWS\System32\ieframe.dll -->23/04/2008 06:16:39 C:\WINDOWS\IM_PREM.lfa -->05/07/2025 10:37:10 C:\WINDOWS\setupapi.log -->23/06/2008 15:15:23 C:\WINDOWS\WindowsUpdate.log -->23/06/2008 14:10:13 C:\WINDOWS\wiadebug.log -->23/06/2008 13:05:21 C:\WINDOWS\wiaservc.log -->23/06/2008 13:05:18 C:\WINDOWS\bootstat.dat -->23/06/2008 13:05:04 C:\WINDOWS\SchedLgU.Txt -->22/06/2008 19:30:32 C:\WINDOWS\system.ini -->22/06/2008 16:11:20 C:\WINDOWS\NeroDigital.ini -->18/06/2008 18:38:13 C:\WINDOWS\WININIT.INI -->17/06/2008 22:52:04 C:\WINDOWS\popcinfo.dat -->29/05/2008 08:38:24 C:\WINDOWS\BMabeb7b5e.txt -->02/05/2008 18:11:01 C:\WINDOWS\EPISMF00.SWB -->28/04/2008 12:20:02 C:\WINDOWS\QTW.INI -->02/04/2008 11:48:57 C:\WINDOWS\Thumbs.db -->30/03/2008 17:16:39 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright (C) 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 592 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x44080000 0xd0000 7.00.6000.16674 C:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43e00000 0x45000 7.00.6000.16674 C:\WINDOWS\system32\iertutil.dll 0x10000000 0xe000 3.63.0004.0000 C:\WINDOWS\system32\MsgPlusLoader.dll 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x649b0000 0x97000 2.05.0001.1119 C:\Program Files\MSN Toolbar Suite\DB\02.05.0001.1119\fr-fr\deskbar.dll 0x014a0000 0x40000 2.05.0001.1119 C:\Program Files\MSN Toolbar Suite\DB\02.05.0001.1119\fr-fr\dbres.dll 0x64910000 0x94000 2.05.0001.1119 C:\Program Files\MSN Toolbar Suite\DB\02.05.0001.1119\fr-fr\wordwheel.dll 0x621f0000 0x1f000 1.00.2536.0000 C:\WINDOWS\system32\MAPI32.dll 0x01510000 0x83000 2.05.0001.1119 C:\Program Files\MSN Toolbar Suite\EXT\02.05.0001.1119\fr-fr\msnlExtRes.dll 0x63bf0000 0x84000 2.05.0000.1105 C:\Program Files\MSN Toolbar Suite\TEM\02.05.0000.1105\fr-fr\Tem.dll 0x44160000 0x127000 7.00.6000.16674 C:\WINDOWS\system32\urlmon.dll 0x63fc0000 0x7000 2.05.0001.1119 C:\Program Files\MSN Toolbar Suite\SL\02.05.0001.1119\fr-fr\msn_slps.dll 0x13420000 0x1a000 11.00.5721.5145 C:\PROGRA~1\WINDOW~2\wmpband.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x44360000 0x5cd000 7.00.6000.16674 C:\WINDOWS\system32\ieframe.dll 0x442b0000 0x3c000 7.00.6000.16674 C:\WINDOWS\system32\webcheck.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x00d70000 0x19000 1.00.0000.0003 C:\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll 0x03ad0000 0x173000 1.01.0000.0006 C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll 0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MFC71.DLL 0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCR71.dll 0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCP71.dll 0x03d50000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll 0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x03db0000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x02340000 0x8000 1.00.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll 0x028d0000 0x2c000 C:\Program Files\WinRAR arext.dll 0x023c0000 0x8000 1.00.0000.0001 C:\Program Files\MP3 Player Utilities 4.04\AMVConverter\AmvTransform.dll 0x04280000 0x13000 7.00.0000.0011 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll 0x042a0000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL 0x043b0000 0x1c000 1.01.0223.0000 C:\WINDOWS\system32\CmdLineExt.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x04410000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll 0x64130000 0x79000 2.05.0000.1105 C:\Program Files\MSN Toolbar Suite\HV\02.05.0000.1105\fr-fr\msnHiliteViewer.dll 0x01b70000 0x1d000 2.05.0000.1105 C:\Program Files\MSN Toolbar Suite\HV\02.05.0000.1105\fr-fr\hvres.dll 0x63fd0000 0x80000 2.05.0000.1105 C:\Program Files\MSN Toolbar Suite\PB\02.05.0000.1105\fr-fr\msnPopupBlocker.dll 0x04b70000 0x2f000 2.05.0000.1105 C:\Program Files\MSN Toolbar Suite\PB\02.05.0000.1105\fr-fr\pgres.dll 0x04d30000 0x185000 1.05.0000.0011 C:\PROGRA~1\SPYBOT~1\SDHelper.dll 0x43ff0000 0xa000 7.00.6000.16674 C:\WINDOWS\system32\jsproxy.dll 0x01b30000 0x13000 1.00.0000.0001 C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll 0x04610000 0x92000 2.05.0000.1105 C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll 0x046b0000 0x3d000 2.05.0000.1105 C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\mtbres.dll 0x05140000 0x54000 1.00.0000.0000 C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll 0x60980000 0x7000 3.01.4000.1823 C:\WINDOWS\system32\MSISIP.DLL 0x74e10000 0x10000 5.06.0000.8820 C:\WINDOWS\system32\wshext.dll 0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL 0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL 0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\system32\wshFR.DLL 0x05640000 0x3b000 8.05.1302.1018 C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC8~1.DLL ListDLLs v2.25 - DLL lister for Win9x/NT Copyright (C) 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 484 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x10000000 0xe000 3.63.0004.0000 C:\WINDOWS\system32\MsgPlusLoader.dll 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x00fb0000 0x1d000 6.14.0010.4155 C:\WINDOWS\system32\Ati2evxx.dll 0x012a0000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est A8D8-486D Répertoire de C:\WINDOWS\system32 05/08/2004 14:00 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 39 035 518 976 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est A8D8-486D Répertoire de C:\WINDOWS\Downloaded Program Files 16/06/2008 20:53 . 16/06/2008 20:53 .. 04/12/2006 16:19 65 desktop.ini 09/02/2005 17:54 1 271 erma.inf 11/07/2006 09:41 345 656 ewidoOnlineScan.dll 13/04/2007 02:14 382 344 GAME_UNO1.dll 17/01/2007 15:44 316 GAME_UNO1.INF 11/12/2006 16:44 367 LegitCheckControl.inf 29/05/2003 16:00 160 864 messengerstatsclient.dll 23/02/2007 00:41 304 544 MessengerStatsPAClient.dll 29/05/2003 16:00 84 064 minesweeper.dll 29/05/2003 16:00 77 408 msgrchkr.dll 30/06/2005 16:19 227 MsnMessengerSetupDownloader.inf 14/08/2005 01:26 113 664 MsnMessengerSetupDownloader.ocx 28/02/2007 14:21 142 248 SolitaireShowdown.dll 09/11/2006 15:36 5 019 swflash.inf 26/05/2005 04:19 291 wuweb.inf 15 fichier(s) 1 618 348 octets Total des fichiers listés : 15 fichier(s) 1 618 348 octets 2 Rép(s) 39 035 518 976 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail" "C:\Program Files\VideoLink Pro\Engine.exe"="C:\Program Files\VideoLink Pro\Engine.exe:*:Disabled:VideoLink Engine" "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer" "C:\Program Files\Infogrames\Combat\Combat.exe"="C:\Program Files\Infogrames\Combat\Combat.exe:*:Enabled:Combat" "C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe"="C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer" "C:\Program Files\EpieGames\Parawolffist\Parawolffist.exe"="C:\Program Files\EpieGames\Parawolffist\Parawolffist.exe:*:Enabled:CannonPlane" "C:\Program Files\GigaByte\VGA Utility Manager\G-vga.exe"="C:\Program Files\GigaByte\VGA Utility Manager\G-vga.exe:*:Enabled:Menu" "C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Export de la clef SharedTaskScheduler [SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "DisableRegistryTools"=dword:00000000 "HideLegacyLogonScripts"=dword:00000000 "HideLogoffScripts"=dword:00000000 "RunLogonScriptSync"=dword:00000001 "RunStartupScriptSync"=dword:00000000 "HideStartupScripts"=dword:00000000 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-23 15:17:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:000001f6 scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 160 - CDAC11BA.EXE 264 - alg.exe 408 - WindowsSearchIn 444 - csrss.exe 484 - winlogon.exe 528 - services.exe 540 - lsass.exe 592 - explorer.exe 696 - svchost.exe 1124 - BoontyGames.000 1200 - svchost.exe 1240 - svchost.exe 1284 - svchost.exe 1364 - svchost.exe 1392 - ati2evxx.exe 1740 - spoolsv.exe 1892 - avguard.exe 1960 - AppleMobileDevi 2012 - mDNSResponder.e 2100 - cmd.exe 2268 - E_FATI9BE.EXE 2320 - MsgPlus.exe 2352 - Boonty.exe 2424 - CamTray.exe 2560 - apdproxy.exe 2592 - CLI.exe 2644 - PicasaMediaDete 2660 - GoogleDesktop.e 2736 - CLI.exe 2884 - avgnt.exe 2916 - BoontyBox.exe 2940 - AnyDVDtray.exe 2976 - GoogleToolbarNo 2984 - msnmsgr.exe 3000 - ctfmon.exe 3204 - PBCheckGames.ex 3216 - CLI.exe 3296 - BTTray.exe 3340 - CalCheck.exe 3648 - WindowsSearch.e 3824 - BTSTAC~1.EXE 3940 - IMApp.exe Total number of processes = 43 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32 tkrnlpa.exe 806CE000 - \WINDOWS\system32\hal.dll F7ADB000 - \WINDOWS\system32\KDCOM.DLL F79EB000 - \WINDOWS\system32\BOOTVID.dll F74AB000 - ACPI.sys F7ADD000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS F749A000 - pci.sys F75DB000 - isapnp.sys F75EB000 - ohci1394.sys F75FB000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS F7BA3000 - pciide.sys F785B000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F760B000 - MountMgr.sys F747B000 - ftdisk.sys F7863000 - PartMgr.sys F761B000 - VolSnap.sys F7463000 - atapi.sys F762B000 - disk.sys F763B000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F7443000 - fltMgr.sys F7431000 - sr.sys F764B000 - PxHelp20.sys F741A000 - KSecDD.sys F738D000 - Ntfs.sys F7360000 - NDIS.sys F734C000 - sfvfs02.sys F786B000 - sfhlp02.sys F733A000 - sfdrv01.sys F731F000 - Mup.sys F77DB000 - \SystemRoot\system32\DRIVERS\intelppm.sys F621E000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys F620A000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F77EB000 - \SystemRoot\system32\DRIVERS\imapi.sys F61F3000 - \SystemRoot\System32\Drivers\AnyDVD.sys F7B29000 - \SystemRoot\System32\Drivers\ElbyDelay.sys F78A3000 - \SystemRoot\System32\Drivers\ElbyCDFL.sys F77FB000 - \SystemRoot\system32\DRIVERS\cdrom.sys F780B000 - \SystemRoot\system32\DRIVERS edbook.sys F61D0000 - \SystemRoot\system32\DRIVERS\ks.sys F72D7000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys F5F98000 - \SystemRoot\system32\drivers\ALCXWDM.SYS F5F74000 - \SystemRoot\system32\drivers\portcls.sys F781B000 - \SystemRoot\system32\drivers\drmk.sys F78AB000 - \SystemRoot\system32\DRIVERS\usbohci.sys F5F51000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F78B3000 - \SystemRoot\system32\DRIVERS\usbehci.sys F5F32000 - \SystemRoot\system32\DRIVERS\SiSGbeXP.sys F5EFE000 - \SystemRoot\system32\DRIVERS\HSFHWBS2.sys F5DFF000 - \SystemRoot\system32\DRIVERS\HSF_DP.sys F5D59000 - \SystemRoot\system32\DRIVERS\HSF_CNXT.sys F78BB000 - \SystemRoot\System32\Drivers\Modem.SYS F782B000 - \SystemRoot\system32\DRIVERS ic1394.sys F5D07000 - \SystemRoot\system32\DRIVERS\serial.sys F7A6B000 - \SystemRoot\system32\DRIVERS\serenum.sys F5CF3000 - \SystemRoot\system32\DRIVERS\parport.sys F783B000 - \SystemRoot\system32\DRIVERS\i8042prt.sys F78C3000 - \SystemRoot\system32\DRIVERS\mouclass.sys F78CB000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F5C26000 - \SystemRoot\system32\DRIVERS\btkrnl.sys F7C00000 - \SystemRoot\system32\DRIVERS\audstub.sys F784B000 - \SystemRoot\system32\DRIVERS asl2tp.sys F7A6F000 - \SystemRoot\system32\DRIVERS distapi.sys F5C0F000 - \SystemRoot\system32\DRIVERS diswan.sys F6E9B000 - \SystemRoot\system32\DRIVERS aspppoe.sys F6E8B000 - \SystemRoot\system32\DRIVERS aspptp.sys F78D3000 - \SystemRoot\system32\DRIVERS\TDI.SYS F5BFE000 - \SystemRoot\system32\DRIVERS\psched.sys F6E7B000 - \SystemRoot\system32\DRIVERS\msgpc.sys F78DB000 - \SystemRoot\system32\DRIVERS\ptilink.sys F78E3000 - \SystemRoot\system32\DRIVERS aspti.sys F6E6B000 - \SystemRoot\system32\DRIVERS ermdd.sys F7B2B000 - \SystemRoot\system32\DRIVERS\swenum.sys F5BA5000 - \SystemRoot\system32\DRIVERS\update.sys F7A77000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F6E5B000 - \SystemRoot\System32\Drivers\NDProxy.SYS F6E2B000 - \SystemRoot\system32\DRIVERS\usbhub.sys F7B2D000 - \SystemRoot\system32\DRIVERS\USBD.SYS F7B41000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F7C5B000 - \SystemRoot\System32\Drivers\Null.SYS F7B43000 - \SystemRoot\System32\Drivers\Beep.SYS F7903000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS F790B000 - \SystemRoot\System32\drivers\vga.sys F7B45000 - \SystemRoot\System32\Drivers\mnmdd.SYS F7B47000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F7913000 - \SystemRoot\System32\Drivers\Msfs.SYS F791B000 - \SystemRoot\System32\Drivers\Npfs.SYS F6429000 - \SystemRoot\system32\DRIVERS asacd.sys EDB52000 - \SystemRoot\system32\DRIVERS\ipsec.sys EDAFA000 - \SystemRoot\system32\DRIVERS cpip.sys EDAD2000 - \SystemRoot\system32\DRIVERS etbt.sys EDAB0000 - \SystemRoot\System32\drivers\afd.sys F6AD5000 - \SystemRoot\system32\DRIVERS etbios.sys F7923000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys EDA85000 - \SystemRoot\system32\DRIVERS dbss.sys ED9EE000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F6AC5000 - \SystemRoot\System32\Drivers\Fips.SYS ED9CD000 - \SystemRoot\system32\DRIVERS\ipnat.sys F7933000 - \SystemRoot\System32\Drivers\ElbyCDIO.sys ED9BA000 - \SystemRoot\system32\DRIVERS\avipbb.sys F7B4B000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys F6AA5000 - \SystemRoot\System32\Drivers\Cdfs.SYS F793B000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS ED97A000 - \SystemRoot\System32\Drivers\dump_atapi.sys F7B51000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F72F3000 - \SystemRoot\System32\drivers\Dxapi.sys F794B000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F7C4D000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\ati2dvag.dll BFA19000 - \SystemRoot\System32\ati2cqag.dll BFA66000 - \SystemRoot\System32\atikvmag.dll BFAB2000 - \SystemRoot\System32\ati3duag.dll BFD40000 - \SystemRoot\System32\ativvaxx.dll BFFA0000 - \SystemRoot\System32\ATMFD.DLL F777B000 - \SystemRoot\system32\DRIVERS\wanarp.sys F778B000 - \SystemRoot\system32\DRIVERS\arp1394.sys EB716000 - \SystemRoot\system32\DRIVERS disuio.sys EB406000 - \SystemRoot\system32\DRIVERS\mrxdav.sys F7AF9000 - \SystemRoot\System32\Drivers\ParVdm.SYS EB542000 - \SystemRoot\System32\Drivers\SENTINEL.SYS EB3E6000 - \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS EB212000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys EB30E000 - \SystemRoot\system32\DRIVERS\mdmxsdk.sys EB3A6000 - \SystemRoot\system32\DRIVERS\secdrv.sys EB170000 - \SystemRoot\system32\DRIVERS\srv.sys F6920000 - \SystemRoot\system32\drivers\wdmaud.sys EB63A000 - \SystemRoot\system32\drivers\sysaudio.sys F6547000 - \SystemRoot\System32\Drivers\HTTP.sys F7BEE000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 130 Liste des programmes installes 2001 TetRize version 1.31 5 Spots fr 7 Wonders fr Abundante AC3Filter (remove only) Ad-Aware SE Personal Adobe Acrobat 4.0 ME Adobe Bridge 1.0 Adobe Common File Installer Adobe Flash Player ActiveX Adobe Help Center 1.0 Adobe Photoshop CS Adobe Reader 8.1.2 - Français Adobe Stock Photos 1.0 Adobe Stock Photos 1.0 Adobe® Photoshop® Album Edition Découverte 3.0 Anglais Cm1-Cm2 AnyDVD Apple Mobile Device Support Apple Software Update Apprendre à jouer à Magic Arabian nights Archiveur WinRAR ArcSoft PhotoBase 3 ArcSoft PhotoImpression ArcSoft VideoImpression 1.6 Assistant de connexion Windows Live Astrobatics fr ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Control Panel ATI Display Driver ATI HydraVision Audacity 1.2.6 AutoUpdate Avanquest update Avira AntiVir Personal – Free Antivirus Barre d'outils MSN Search Bejeweled Bonjour BoontyBox CCleaner (remove only) CDDC-Mahjongg (Supprimer uniquement) CloneCD CloneDVD2 Combat (remove only) Correctif pour Windows Internet Explorer 7 (KB947864) Cradle of Persia fr Creative WebCam Center Creative WebCam Live! Pro Driver (1.01.01.1011) Dames 3D fr Digital Video Diner Dash - Flo on the Go fr Diner Dash 2 Deluxe Diner Dash fr Diner Dash fr DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player Dynasty Elemental EPSON CardMonitor EPSON Copy Utility 3 EPSON Logiciel imprimante EPSON PhotoQuicker3.5 EPSON PhotoStarter3.1 EPSON PRINT Image Framer Tool2.1 EPSON Scan EPSON Smart Panel EPSON Web-To-Page Escape from paradise fr ESCX3600 Guide de réf. ESCX3600 Guide des logiciels ffdshow (remove only) Fireworks Extravaganza fr Free Spider Gemsweeper fr GIGABYTE VGA Utility Manager Google Desktop Google Earth Google Toolbar for Firefox Google Toolbar for Internet Explorer Hammer Heads Harvest Mania To Go Incrediball IncrediMail Xe Installer Yahoo! Messenger iTunes J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 3 Java(TM) 6 Update 2 Java(TM) 6 Update 3 Java(TM) 6 Update 5 Jeune Styliste Jeune Styliste HC Fix K-Lite Codec Pack 3.3.0 Full Kit de Connexion Alice ADSL Lanceur du programme d'installation de Microsoft Works 2000 Language pack for Ad-Aware SE Lecteur Windows Media 11 LimeWire 4.16.6 Luxor - Amun Rising Luxor 2 Luxor 2 fr Luxor Amun Rising Deluxe Luxor Amun Rising fr LUXOR Amun Rising fr Luxor fr Macromedia Shockwave Player Malwarebytes' Anti-Malware Manuel d'utilisation de Creative WebCam Live! Pro (Français) Maxi Mots fr Media Player Classic fr Messenger Plus! 3 & Sponsor Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Money 2000 Standard Microsoft National Language Support Downlevel APIs Microsoft Office 2000 Professional Microsoft Office PowerPoint Viewer 2007 (French) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Works Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759) Motorola Phone Tools MP3 Player Utilities 3.68 MP3 Player Utilities 4.04 Mr Quizz et la malédiction du Manoir MSN MSN Pictures Displayer 4.5 MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) Nero Suite Nertz Solitaire fr Norton™ Security Scan Nostale Online FR (Remove) OpenOffice.org Installer 1.0 Pack Luxor et Amun Rising fr Parawolffist Pcsx2 0.9.2 Watermoose Peggle Deluxe 1.0 Picasa 2 Pirateville Deluxe Pixia 3.3b QuickTime QuickTime Alternative 1.44 Rainbow Ruffle fr Rainbow Web 2 fr Real Alternative 1.35 RealArcade RealPlayer SafeCast Shared Components Search Assistant Adssite Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) SoftV92 Data Fax Modem with SmartCP Spybot - Search & Destroy Storm Codec The Magician's Handbook Deluxe Time Breaker Tinos Fruit Stand Top 10 Solitaire fr Totally Spies, le blues du monstre Travelogue 360 - Paris fr Téléchargeur de Beach Life fr Téléchargeur de Ghost Recon Advance Warfighter fr Téléchargeur de Mers Du Sud fr Téléchargeur de Restaurant Empire fr Téléchargeur de Silverfall fr Téléchargeur de Singles 2 fr Téléchargeur de Soirées et Fêtes Organiseur fr Téléchargeur de Sonic Mega Collection Plus fr Téléchargeur de Space Colony fr Téléchargeur de War on Terror fr Téléchargeur de Worms 4 Mayhem fr Ulead COOL 360 1.0 Ulead Photo Express 4.0 SE Ulead VideoStudio 7 SE Basic VideoLAN VLC media player 0.8.5 VideoLink Pro WebFldrs XP WIDCOMM Bluetooth Software Windows Genuine Advantage Notifications (KB905474) Windows Internet Explorer 7 Windows Live installer Windows Live Messenger Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Wonderland - Secret Worlds XVID Codec Installation XviD Video Codec 04102002-1 (Koepi's build with EPSZ ME) Yahoo! Install Manager Yahoo! Toolbar Yahoo! Toolbar Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est A8D8-486D Répertoire de C:\Program Files 19/06/2008 16:16 . 19/06/2008 16:16 .. 29/11/2005 18:38 AC3Filter 21/02/2008 10:13 Adobe 29/08/2007 18:07 Ahead 21/11/2005 19:48 Alice 13/03/2007 18:31 Alwil Software 03/05/2008 14:59 Apple Software Update 26/12/2005 17:33 ArcSoft 07/02/2007 16:05 ATI Technologies 04/09/2007 09:11 Audacity 17/01/2008 16:42 Avanquest update 17/06/2008 08:09 Avira 05/01/2008 01:38 BFG 11/08/2007 10:38 Billy Blade and the Temple of Time 29/11/2007 19:20 BitComet 03/05/2008 15:04 Bonjour 10/11/2006 20:39 Boonty 16/05/2008 19:25 BoontyGames 19/10/2007 19:40 Camfrog 28/10/2006 18:16 CCleaner 05/01/2008 01:38 CDDC-MahJongg 04/11/2005 20:11 ComPlus Applications 05/11/2005 16:18 CONEXANT 16/06/2006 08:13 Creative 02/12/2005 14:30 Digital Video 24/03/2007 17:02 Disney Interactive 05/01/2008 01:38 DivX 30/07/2007 02:36 eChanblard 29/11/2007 19:54 Eidos Interactive 18/03/2006 11:36 Elaborate Bytes 29/11/2007 18:27 eMule 25/07/2007 15:02 2 591 956 eMulePlus-1.2b.Installer.exe 30/04/2008 12:29 Enigma Software Group 20/11/2006 16:03 EpieGames 21/04/2008 18:11 epson 05/01/2008 01:38 Eracha 22/02/2006 21:35 ffdshow 17/06/2008 07:48 Fichiers communs 02/05/2007 07:07 Free Spider 29/12/2006 16:45 GigaByte 10/08/2007 10:16 Google 29/05/2008 07:43 Incredijeux 07/02/2007 15:37 IncrediMail 12/11/2006 13:45 Infogrames 06/12/2005 19:11 InterActual 16/06/2008 19:28 Internet Explorer 03/05/2008 15:06 iPod 03/05/2008 15:06 iTunes 17/06/2008 07:30 Java 02/04/2008 11:47 Jeune Styliste 30/12/2007 12:17 KaraFun 03/08/2007 15:25 13 043 226 klcodec330f.exe 03/08/2007 15:27 K-Lite Codec Pack 28/10/2006 18:13 Lavasoft 29/02/2008 17:18 LimeWire 21/06/2008 12:51 Malwarebytes' Anti-Malware 05/01/2008 01:38 Media Player Classic 05/05/2008 10:00 Mes Jeux Installés 05/01/2008 01:38 Messenger 15/04/2006 12:03 MessengerPlus! 3 17/06/2008 18:00 Microsoft CAPICOM 2.1.0.2 21/11/2005 18:23 microsoft frontpage 24/11/2005 18:07 Microsoft Money 16/07/2007 21:53 Microsoft Office 05/01/2008 01:38 Microsoft Works 24/11/2005 18:03 Microsoft Works Suite 2000 29/11/2007 20:00 Mindscape 05/01/2008 01:38 Motorola Phone Tools 04/11/2005 20:12 Movie Maker 10/08/2007 10:29 Mozilla Firefox 05/01/2007 17:31 MP3 Player Utilities 4.04 16/07/2007 21:53 MSECache 22/11/2005 15:14 MSN 19/03/2006 16:33 MSN Games 04/11/2005 20:11 MSN Gaming Zone 15/05/2008 12:11 MSN Pictures Displayer 10/02/2006 11:29 MSN Toolbar Suite 18/11/2006 17:19 MSXML 4.0 04/11/2005 20:12 NetMeeting 06/12/2005 17:54 Norton AntiVirus 31/08/2007 15:00 Norton Security Scan 29/11/2007 19:26 Oberon Media 04/11/2005 20:11 Online Services 13/06/2007 06:26 Outlook Express 23/11/2007 20:01 Pcsx2 12/11/2006 14:52 PhotoFiltre 05/08/2007 18:06 Picasa2 05/01/2008 01:38 PopCap Games 07/02/2007 16:23 QuickTime 03/05/2008 15:03 QuickTime Alternative 03/03/2006 17:01 Real 05/01/2008 01:38 Real Alternative 10/12/2005 13:31 ReflexiveArcade 05/01/2007 17:53 Ringz Studio 03/03/2006 16:59 774 144 RngInterstitial.dll 01/10/2006 14:59 RoadRoll 15/01/2008 21:25 Seagrand 04/11/2005 20:13 Services en ligne 27/10/2006 18:06 Show 25/04/2007 07:01 Size Date Find 27/05/2006 17:37 Slickball 21/11/2005 18:32 SlySoft 04/03/2007 10:35 Smart Panel 21/04/2008 17:59 SPAMfighter 02/05/2008 18:23 Spybot - Search & Destroy 17/06/2008 07:30 Sun 30/04/2008 18:20 SUPERAntiSpyware 12/01/2008 13:54 Téléchargeur de Beach Life 08/10/2006 11:29 Téléchargeur de Ghost Recon Advance Warfighter 05/01/2008 01:38 Téléchargeur de Pacific Fighters 05/01/2008 01:38 Téléchargeur de Peter Jackson's King Kong 05/01/2008 01:38 Téléchargeur de Peter Jackson's King Kong - Gamer Edition 06/04/2008 20:02 Téléchargeur de Restaurant Empire 08/04/2008 16:07 Téléchargeur de Singles 2 12/01/2008 14:47 Téléchargeur de Soirées et Fêtes Organiseur 04/04/2008 10:14 Téléchargeur de Sonic Mega Collection Plus 12/01/2008 14:45 Téléchargeur de Space Colony 28/04/2006 18:24 TLC-Edusoft 15/02/2008 18:16 TLKGAMES 22/06/2008 19:20 Trend Micro 20/11/2006 16:17 Trymedia 11/07/2006 18:06 Ubisoft 02/12/2005 15:27 Ulead Systems 30/12/2007 11:41 vanBasco's Karaoke Player 24/07/2006 14:34 VideoLAN 05/01/2008 01:38 VideoLink Pro 13/09/2006 18:11 VTech 27/10/2006 16:57 WIDCOMM 09/02/2006 16:23 WildTangent 17/06/2008 07:49 Windows Live 05/01/2008 01:38 Windows Media Connect 2 29/04/2007 17:33 Windows Media Player 04/11/2005 20:11 Windows NT 02/11/2006 09:27 WinRAR 08/09/2006 19:36 Wizards of the Coast 04/11/2005 20:17 xerox 05/01/2008 01:38 XviD 03/12/2005 16:01 Yahoo! 24/05/2008 08:29 Zylom Games 3 fichier(s) 16 409 326 octets 137 Rép(s) 39 028 490 240 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est A8D8-486D Répertoire de C:\Program Files\fichiers communs 17/06/2008 07:48 . 17/06/2008 07:48 .. 21/02/2008 10:13 Adobe 18/02/2006 19:54 Adobe Systems Shared 17/11/2005 18:14 Ahead 03/05/2008 14:58 Apple 10/12/2005 17:18 BOONTY Shared 21/11/2005 18:25 Designer 22/11/2005 12:28 InstallShield 19/02/2007 16:37 Java 26/01/2006 18:01 Macrovision Shared 17/06/2008 07:49 Microsoft Shared 04/11/2005 20:12 MSSoap 29/11/2005 17:55 Nero 29/05/2008 07:43 Oberon Media 04/11/2005 21:06 ODBC 22/01/2008 16:25 Real 21/04/2008 18:12 Sandlot Shared 30/04/2008 08:16 Services 26/12/2005 17:24 Smith Micro Shared 04/11/2005 21:06 SpeechEngines 01/09/2007 07:38 Symantec Shared 13/06/2007 06:26 System 02/12/2005 15:22 Ulead Systems 22/01/2008 16:25 xing shared 0 fichier(s) 0 octets 25 Rép(s) 39 028 486 144 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est A8D8-486D Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 04/11/2005 20:21 . 04/11/2005 20:21 .. 18/05/2001 16:57 561 209 MSONSEXT.DLL 03/06/1999 13:09 122 937 MSOWS409.DLL 07/03/2001 08:00 127 033 MSOWS40c.DLL 18/03/1999 06:37 593 977 RAGENT.DLL 4 fichier(s) 1 405 156 octets 2 Rép(s) 39 028 486 144 octets libres c:\Documents and Settings\All Users\Application Data\Alawar Stargaze\Hyperballoid2\en\unins000.exe c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.2.9\iTunesSetupAdmin.exe c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\chocolatier\fr-FR\chocolatier.exe c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\dinerdash2\fr-FR\dinerdash2.exe c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\ZylomExtension\HardwareTest.exe c:\Documents and Settings\amelie\Bureau\PhotoFiltre\PhotoFiltre.exe c:\Documents and Settings\amelie\Bureau\PhotoFiltre\Uninst.exe c:\Documents and Settings\Dédé\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe c:\Documents and Settings\Dédé\Bureau\SlickballSetup.exe c:\Documents and Settings\Dédé\Mes documents\karafun_101b.exe c:\Documents and Settings\Dédé\Mes documents\vkaraoke.exe c:\Documents and Settings\Dédé\Mes documents\WoW-1.9.4-frFR-Installer\Installer.exe c:\Documents and Settings\Dédé\Mes documents\WoW-1.9.4-frFR-Installer\DirectX\dxsetup.exe c:\Documents and Settings emi\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe c:\Documents and Settings emi\Application Data\Microsoft\Installer\{0AA3AF26-2FA7-4719-9A97-664CD6D332F6}\ARPPRODUCTICON.exe c:\Documents and Settings emi\Application Data\Microsoft\Installer\{0AA3AF26-2FA7-4719-9A97-664CD6D332F6}\NewShortcut1_0AA3AF262FA747199A97664CD6D332F6.exe c:\Documents and Settings emi\Application Data\Microsoft\Installer\{0AA3AF26-2FA7-4719-9A97-664CD6D332F6}\NewShortcut3_0AA3AF262FA747199A97664CD6D332F6.exe c:\Documents and Settings emi\Application Data\Microsoft\Installer\{0AA3AF26-2FA7-4719-9A97-664CD6D332F6}\Uninstall_Learn_to_p_0AA3AF262FA747199A97664CD6D332F6.exe c:\Documents and Settings emi\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_16496df1.exe c:\Documents and Settings emi\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_18be6784.exe c:\Documents and Settings emi\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_294823.exe c:\Documents and Settings emi\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_2cd672ae.exe c:\Documents and Settings emi\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_4ae13d6c.exe c:\Documents and Settings emi\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_69525f90.exe c:\Documents and Settings emi\Bureau\Alcohol120_trial_1.9.6.5429.exe c:\Documents and Settings emi\Bureau\MsnSearchToolbarSetup_fr-fr.exe c:\Documents and Settings emi\Bureau\NosTale_FR_20080319.exe c:\Documents and Settings emi\Bureau\RPG_RT.exe c:\Documents and Settings emi\Bureau\Emulateur PSX\ePSXe.exe c:\Documents and Settings emi\Bureau\ffalpha_V2.0\Setup.exe c:\Documents and Settings emi\Bureau\Pc vs Mac\MACBLAST.EXE c:\Documents and Settings emi\Bureau\PSX2PSP 1.1\PSX2PSP.exe c:\Documents and Settings emi\Bureau\super smash bros melee\Emulateur PSX\ePSXe.exe c:\Documents and Settings emi\Mes documents\Mes images\jeux\VisualBoyAdvance.exe c:\Documents and Settings\Thalie\.limewire\.NetworkShare\LimeWireWin4.16.6.exe c:\Documents and Settings\Thalie\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe c:\Documents and Settings\Thalie\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\Thalie\Bureau\DiagHelp\diff.exe c:\Documents and Settings\Thalie\Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\Thalie\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Thalie\Bureau\DiagHelp\find2.exe c:\Documents and Settings\Thalie\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\Thalie\Bureau\DiagHelp\grep.exe c:\Documents and Settings\Thalie\Bureau\DiagHelp\gzip.exe c:\Documents and Settings\Thalie\Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\Thalie\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\Thalie\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Thalie\Bureau\DiagHelp\md5sums.exe c:\Documents and Settings\Thalie\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\Thalie\Bureau\DiagHelp\sigcheck.exe c:\Documents and Settings\Thalie\Bureau\DiagHelp\streams.exe c:\Documents and Settings\Thalie\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\Thalie\Bureau\DiagHelp ar.exe c:\Documents and Settings\Thalie\Bureau\jeux\yoda_soccer_070\yoda_soccer.exe c:\Documents and Settings\Thalie\Local Settings\Application Data\IM\Identities\{F679376D-350F-42BC-B430-BA2B0C5008BF}\Message Store\Attachments\Pamela-ATTN.exe c:\Documents and Settings\Thalie\Mes documents\Bejeweled 2 Deluxe [ found on PeerAnia.com].exe c:\Documents and Settings\Thalie\Mes documents\WinBej2.exe c:\Documents and Settings\Thalie\Mes documents\STAGE REMI\Tempo\Photoshop_CS2_F_TryOut\instmsia.exe c:\Documents and Settings\Thalie\Mes documents\STAGE REMI\Tempo\Photoshop_CS2_F_TryOut\instmsiw.exe c:\Documents and Settings\Thalie\Mes documents\STAGE REMI\Tempo\Photoshop_CS2_F_TryOut\setup.exe c:\Documents and Settings\valerie\Bureau\Install MPD.exe c:\Documents and Settings\valerie\Local Settings\Application Data\Google\Picasa2\update\LifescapeUpdater\setup.exe c:\Documents and Settings\All Users\Application Data\Alawar Stargaze\Hyperballoid2\en\bass.dll c:\Documents and Settings\All Users\Application Data\Alawar Stargaze\Hyperballoid2\en\FLEXnet Activation Service Installer.dll c:\Documents and Settings\All Users\Application Data\Alawar Stargaze\Hyperballoid2\en\game.dll c:\Documents and Settings\All Users\Application Data\Alawar Stargaze\Hyperballoid2\en\NxCooking.dll c:\Documents and Settings\All Users\Application Data\Alawar Stargaze\Hyperballoid2\en\NxPhysics.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aecore.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeemu.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aegen.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aehelp.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeheur.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeoffice.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aepack.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aerdl.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aescn.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aescript.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aevdf.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\USMT\iconlib.dll c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer pzylomgamesplayer.dll c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\MyZylomExtension\MyZylomExtension.dll c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\PlayfirstExtension\PlayfirstExtension.dll c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\ShangriLa2\fr-FR\fmod.dll c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\ShangriLa2\fr-FR\Shangrila2.dll c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\ZylomDeluxeInstaller\ZylomDeluxeInstaller.dll c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\ZylomExtension\ZylomExtension.dll c:\Documents and Settings\amelie\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\Dédé\Application Data\Identities\{00009BV5-V6E6-N99D-O8SF-9VRP3OLUMVIB}\xmlparse.dll c:\Documents and Settings\Dédé\Application Data\Identities\{00009BV5-V6E6-N99D-O8SF-9VRP3OLUMVJ0}\xmlparse.dll c:\Documents and Settings\Dédé\Application Data\Identities\{0004LVIV-J73B-KKMS-6OG1-5VTHJTSI0VVV}\xmlparse.dll c:\Documents and Settings\Dédé\Application Data\Identities\{000HQ7FF-AD7A-3FG3-USK1-22JKKIT3EVVD}\xmlparse.dll c:\Documents and Settings\Dédé\Application Data\Identities\{000HQ7FF-AD7A-3FG4-7162-239Q3NAHCVU8}\xmlparse.dll c:\Documents and Settings\Dédé\Application Data\Identities\{000HQ7FF-AD7A-3FG6-5I21-21UMR3484VVA}\xmlparse.dll c:\Documents and Settings\Dédé\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll c:\Documents and Settings emi\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\Thalie\Application Data\Identities\{00009BV5-V6E6-N99D-O8SF-9VRP3OLUMVK3}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{00013KEU-UKQE-K6V0-DNSL-22H2BN66GVVO}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG1-0C15-24GTSFND4VVA}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG1-UOH6-232NI3D9QVV1}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG2-BTPP-21HGNJ8AQVVQ}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG3-4A90-24BL1LF8IVVD}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG3-8AT4-258NF6K78VV2}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG3-M7KB-24AAHNHOQVVE}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG3-M7KB-24AAHNHOQVVM}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG3-NSEA-256L3V7L2VVM}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG3-RD83-23EFBBCPGVVC}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG3-VK8A-25GG67KOIVUJ}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG3-VK8A-25GG67KOIVV3}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG3-VK8A-25GG67KOIVVO}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG4-7162-239Q3NAHCVVC}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG4-JM9C-24JLMUCREVUJ}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVRV}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG4-OIBL-25SSVB6LMVV7}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG4-SA0C-22B8SP58AVV3}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG5-49D7-2630EVQ4IVVA}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG5-CHL5-24516UNKQ674}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG5-EF3Q-2491NM57EVVG}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG5-KO19-25DIJFDG6VUK}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG6-LH31-23G9CBQV6VSL}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG6-LH31-23G9CBQV6VUQ}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG6-NHPR-247TGT4QGVVN}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG6-OKQM-24KG7RVO4VUM}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG6-S7TH-22P2K55U4VUU}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG7-7R56-23RS4QKC0VUD}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG7-7R56-23RS4QKC0VV8}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG7-7R56-23RS4QKC0VVF}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG7-9568-243JELPN2VVD}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG7-9568-243JELPN2VVP}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Identities\{000HQ7FF-AD7A-3FG7-DNQC-2227NIQAQVVA}\xmlparse.dll c:\Documents and Settings\Thalie\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\valerie\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll ****** Fin du rapport DiagHelp

sKe69 · Answer

Les analyses sont très longues mais je suppose que c'est normal.  ---> tout à fait , c'est normale ^^


1- Il y a qlque chose qui me chagrine sur le rapport hijackthis , j'aimerai que l'on arrête le service concernant Boonty Games ( nid à spam et autres ) 
Voici une petite information sur Boonty games :

Leur politique : 

"Il se peut que nous partageons aussi des informations payantes avec des tiers 
qui fournissent des services payants et partage des données regroupées montrant le type 
et le nombre de jeux vidéos que vous téléchargez, votre âge, votre sexe, vos occupations, 
niveau d'éducation, localité géographique, données sur l'équipement de votre ordinateur, 
internet et intérêts pour les jeux vidéos, activités et entraînement des jeux édités. 
De plus, nous partageons les adresses email avec des tiers fournisseurs de compte mails 
qui nous assistent en envoyant nos mails a de nombreux clients en même temps..." 

Si tu n'y vois aucune objection , libre à toi ... on passe .

sinon pour supprimer ,fais ce qui suit : 

Désactivation de service : 
- Cliques sur Démarrer ---> Exécuter 
- Saisis : Services.msc puis OK 
- Choisis le mode "Etendu" (onglets inférieurs) 
- Grâce à la barre de défilement (à droite) recherches le service suivant: 

Code: 
" Boonty Games " 

- Quand le service est trouvé, pointes dessus, double-clique (bouton gauche). 
- Dans la fenêtre suivante qui apparaît, sous l'onglet Général cliques sur le bouton Arrêter, 
puis déroules le Type de Démarrage pour le modifier en "Désactivé" 
- Cliques sur "Appliquer" puis OK 

Tuto si besoin : https://www.zebulon.fr/dossiers/windows/31-services.html 

Ensuite rends toi su ton PC ici : "C:\Program Files\Common Files\BOONTY " <---supprimes ce dossier ( et tout son contenu ...) . 

2- Tu as MessengerPlus! 3 ( ici : C:\Program Files\MessengerPlus! 3\MsgPlus.exe )

--> il faudrai que tu le désinstalles puis le réinstaller en REFUSANT le sponsor ... Regardes cette astuce pour ce fair : 
http://www.commentcamarche.net/faq/sujet 2490 popups ouverture de fenetres internet publicitaires pop up#autres infections generant des fenetres publicitaires

Une fois ces deux point vu , undernier scan en ligne :

3- -Fais un scan antivirus en ligne, avec Internet Explorer et accepter l'ActiveX :
https://www.bitdefender.fr/ 
(pour le rapport ,qui est un doc IE , clik sur l'onglet "plus de détailles" : et à la fin du scan tu demandes à le sauvegarder sur ton bureau) 

--->fais un copier/coller et postes le rapport dans ta prochaine réponse ... 

Aide : En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE 
Dans la nouvelle fenêtre, clique sur j’accepte .
La fenêtre change encore, clique sur scanner .
Les signatures se chargent, etc.

Ensuite , on finalysera ...  ;)

isa24 · Answer

Voila le rapport bit defender : 

BitDefender Online Scanner
  
  
 
Rapport d'analyse généré à: Mon, Jun 23, 2008 - 21:50:44
 
 
  
  
 
Voie d'analyse: C:\;D:\;E:\;G:\;H:\;I:\;J:\;
  
  
 
 
  
  
 
Statistiques
 
Temps
 04:46:16
 
Fichiers
 103241
 
Directoires
 17905
 
Secteurs de boot
 2
 
Archives
 1533
 
Paquets programmes
 8680
 
  
  
 
Résultats
 
Virus identifiés
 2
 
Fichiers infectés
 4
 
Fichiers suspects
 0
 
Avertissements
 0
 
Désinfectés
 0
 
Fichiers effacés
 0
 
  
  
 
Info sur les moteurs
 
Définition virus
 1262603
 
Version des moteurs
 AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
 
Analyse des plugins
 16
 
Archive des plugins
 42
 
Unpack des plugins
 7
 
E-mail plugins
 6
 
Système plugins
 5
 
  
  
 
Paramètres d'analyse
 
Première action
 Désinfecté
 
Seconde Action
 Supprimé
 
Heuristique
 Oui
 
Acceptez les avertissements
 Oui
 
Extensions analysées
 exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
 
Excludez les extensions
  
 
Analyse d'emails
 Oui
 
Analyse des Archives
 Oui
 
Analyser paquets programmes
 Oui
 
Analyse des fichiers
 Oui
 
Analyse de boot
 Oui
 
  
  
 
  Fichier analysé
  Statut
 
C:\Documents and Settings\Thalie\Local Settings\Application Data\IM\Identities\{F679376D-350F-42BC-B430-BA2B0C5008BF}\Message Store\Attachments\Pamela-ATTN.exe
 Infecté par: Joke.Cursor.A
 
C:\Documents and Settings\Thalie\Local Settings\Application Data\IM\Identities\{F679376D-350F-42BC-B430-BA2B0C5008BF}\Message Store\Attachments\Pamela-ATTN.exe
 Echec de la désinfection
 
C:\Documents and Settings\Thalie\Local Settings\Application Data\IM\Identities\{F679376D-350F-42BC-B430-BA2B0C5008BF}\Message Store\Attachments\Pamela-ATTN.exe
 Echec de la suppression
 
C:\Program Files\Oberon Media\Incrediball\SlgClientServicesRedists.exe
 Infecté par: Trojan.Generic.189697
 
C:\Program Files\Oberon Media\Incrediball\SlgClientServicesRedists.exe
 Echec de la désinfection
 
C:\Program Files\Oberon Media\Incrediball\SlgClientServicesRedists.exe
 Echec de la suppression
 
C:\System Volume Information\_restore{F8BA3C52-2657-4922-B82B-3595DA1AFD00}\RP17\A0007661.exe
 Infecté par: Joke.Cursor.A
 
C:\System Volume Information\_restore{F8BA3C52-2657-4922-B82B-3595DA1AFD00}\RP17\A0007661.exe
 Echec de la désinfection
 
C:\System Volume Information\_restore{F8BA3C52-2657-4922-B82B-3595DA1AFD00}\RP17\A0007661.exe
 Echec de la suppression
 
C:\System Volume Information\_restore{F8BA3C52-2657-4922-B82B-3595DA1AFD00}\RP17\A0007662.exe
 Infecté par: Trojan.Generic.189697
 
C:\System Volume Information\_restore{F8BA3C52-2657-4922-B82B-3595DA1AFD00}\RP17\A0007662.exe
 Echec de la désinfection
 
C:\System Volume Information\_restore{F8BA3C52-2657-4922-B82B-3595DA1AFD00}\RP17\A0007662.exe
 Echec de la suppression

sKe69 · Answer

Bien ... il restes des saltés ...

1-Avoir accès aux fichiers cachés. 
Menu Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage 
"Afficher les fichiers et dossiers cachés" ---> coché 
"Masquer les extensions des fichiers dont le type est connu" ---> décoché

2-Télécharges SDFix sur ton bureau :
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe. 

--->Double clique sur SDFix.exe et choisis "Install" .

Puis une fois l'instale faite ,redémarre en mode sans échec . 
Comment aller en Mode sans échec :
1) Redémarre ton ordi 
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" 
3) Tu verras un écran avec options de démarrage apparaître 
4) Choisis la première option : Sans Échec, et valide avec "Entrée" 
5) Choisis ton compte habituel, et non Administrateur (si besoin ... ) 

Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script. 
--->Tape Y pour lancer le script. 
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
presses une touche pour redémarrer quand il te le sera demandé . 

Le PC va mettre du temps avant de démarrer ( c'est normale ), après le chargement du Bureau presses une touche lorsque "Finished" s'affiche .

Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier C:\SDFix sous le nom "Report.txt".
Postes ce dernier dans ta prochaine réponse pour analyse ...

isa24 · Answer

Voila le rapport SDFix :

[b]SDFix: Version 1.196 [/b]
Run by Thalie on 24/06/2008 at 08:14

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]: 

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:
 


                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 12:54:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\VideoLink Pro\Engine.exe"="C:\Program Files\VideoLink Pro\Engine.exe:*:Disabled:VideoLink Engine"
"C:\Program Files\VideoLink Pro\SMListenEngine.exe"="C:\Program Files\VideoLink Pro\SMListenEngine.exe:*:Enabled:Tray Listening Engine"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Infogrames\Combat\Combat.exe"="C:\Program Files\Infogrames\Combat\Combat.exe:*:Enabled:Combat"
"C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe"="C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer"
"C:\Program Files\EpieGames\Parawolffist\Parawolffist.exe"="C:\Program Files\EpieGames\Parawolffist\Parawolffist.exe:*:Enabled:CannonPlane"
"C:\Program Files\GigaByte\VGA Utility Manager\G-vga.exe"="C:\Program Files\GigaByte\VGA Utility Manager\G-vga.exe:*:Enabled:Menu"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Sun 16 Sep 2007            24 ..SH. --- "C:\WINDOWS\S222913AB.tmp"
Sun  5 Aug 2007     5,388,088 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 28 Jan 2008     1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008     5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008     2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Mon 21 Nov 2005         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue  3 Jul 2007     2,383,872 ...H. --- "C:\Program Files\PopCap Games\Peggle Deluxe\popcapgame1.exe"
Sun 29 Apr 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Wed  7 May 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\71fa8e4b1f1c72b0e3a5d30a0a049f55\BITA.tmp"
Wed 18 Jun 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\74c894d34ade36c7c397472b8bec2c10\BIT3E.tmp"
Thu 10 Apr 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c57cd590c1f8d8f8f70d62332e13288c\BITB.tmp"
Fri  4 Apr 2008        14,499 ...HR --- "C:\Documents and Settings\D‚d‚\Application Data\SecuROM\UserData\securom_v7_01.bak"
Sat 16 Dec 2006     1,942,016 ...H. --- "C:\Documents and Settings\Thalie\Application Data\Microsoft\Word\~WRL0005.tmp"
Mon 21 Nov 2005         4,348 ...H. --- "C:\Documents and Settings\valerie\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Sat  9 Sep 2006            20 A..H. --- "C:\Documents and Settings\valerie\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Tue  1 Aug 2006           400 A.SH. --- "C:\Documents and Settings\valerie\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Mon 21 Nov 2005         4,348 A..H. --- "C:\Documents and Settings\Thalie\Mes documents\sauvegarde 2\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Sat 28 Oct 2006            20 A..H. --- "C:\Documents and Settings\Thalie\Mes documents\sauvegarde 2\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Tue  1 Aug 2006           400 A.SH. --- "C:\Documents and Settings\Thalie\Mes documents\sauvegarde 2\Ma musique\Sauvegarde de la licence\drmv2key.bak"

[b]Finished![/b]

sKe69 · Answer

rien de ce côté là ...

Fais ce-ci :

Télécharges GenProc  (de Jean-Chretien1 et Narco4) sur ton bureau (et pas ailleur !) :
http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip 

!!Déconnectes toi et fermes tes application en cours !!

Dézippes (extraire tout) le dossier : double-clique sur GenProc.bat et laisses faire...
Postes le contenu du rapport qui s'ouvre . 

Aide en images ici : http://www.alt-shift-return.org/Info/GenProc-HowTo.html 
IMPORTANT : postes le rapport et ne fait rien d'autre pour l'instant ( souvant il faut ajouter des consignes à la manipe indiquée pour que cela fonctionne parfaitement ) .

isa24 · Answer

voila le rapport :
Rapport GenProc 1.972 [1] effectué le 24/06/2008 à 16:58:07,26 - Windows XP  

Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.
 
# Etape 1/ Télécharge :  
  
- Lop S&D.exe (Eric 71 & Angeldark) https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2 sur ton bureau. 
 
- MSNFix.zip (!aur3n7) http://sosvirus.changelog.fr/MSNFix.zip et décompresse-le sur le Bureau. 
 
 
***** Copie la suite de la procédure dans un fichier texte et redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ (choisis ta session courante "Thalie") ***** 
 
 
# Etape 2/ 
 
Lance le fichier MSNFix.bat qui se trouve dans le dossier MSNfix, sur le bureau.
- Exécute l'option R.
- Si l'infection est détectée, exécute l'option N.
- Sauvegarde ce rapport sur ton bureau. 
 
# Etape 3/ 
 
Double-clique sur Lop S&D pour lancer l'installation, séléctionne la langue souhaitée, puis choisis l'Option 2 - Suppression - et patiente jusqu'à ce qu'il ait terminé. 
 
# Etape 4/ 
 
Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout. 
 
# Etape 5/ 

Redémarre normalement et poste, dans la même réponse : 
- Un nouveau rapport HijackThis, toutes fenêtres et applications fermées http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.exe ; 
- Le contenu du rapport MSNfix situé sur le Bureau ; 
- Le contenu du rapport C:\lopR.txt ; 


Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

sKe69 · Answer

bien , on va voir :

Télécharges Lop S&D :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

Double clik sur sur l'.exe que tu viens de télécharger pour lancer l'instale .

Une fois l'instalation faite, click droit sur le raccourci et choisis " exécuter entant qu' admin..." .  

Là,laisses toi guider: 
--->choisis l'option 1 (recherche) et valides.

(Tu ne fais pas l'option de nettoyage ( 2 ou 3) ).
 
Une fois le scan terminer ,le Bloc-Notes contenant le rapport va s'ouvrir.
Postes ce rapport dans ta prochaine réponse pour analyse .

Tuto : https://sites.google.com/site/eric71mespages/lop.sd.exe

isa24 · Answer

juste une chose : impossible d'executer en tant qu'administrateur, il me dit que l'accès est impossible, je l'ai donc effectué sur l'utilisateur courant qui est un compte administrateur j'espère que ca ira quand même.
Voilà le rapport obtenu :

-----------------------[  Lop S&D 4.2.1-8  XP/Vista  ]---------------------

   [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
   [ USER : Thalie ] [ "C:\Lop SD" ] [ Selection : 1 ]
   [ 24/06/2008 | 17:14:33,65 ] [ PC : SECR-5EE85B317A ]
   [ MAJ : 24-06-2008 | 11:00 ]
 
   -------------[ Listing des dossiers dans Application Data ]------------  

   [04/11/2005|21:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
   [04/11/2005|20:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

   [17/05/2008|14:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.zreglib
   [21/02/2008|10:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [18/02/2006|20:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
   [29/11/2005|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
   [25/03/2008|11:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Alawar Stargaze
   [02/01/2008|19:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Aliasworlds
   [03/05/2008|14:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
   [22/10/2006|19:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [17/06/2008|08:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
   [14/03/2008|10:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Awem
   [20/05/2006|14:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
   [27/05/2007|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
   [07/08/2006|08:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Chasing Dogs Studios
   [22/12/2007|13:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Christmasville
   [04/12/2006|16:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
   [07/12/2005|16:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
   [23/02/2008|15:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EA
   [02/01/2007|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Elaborate Bytes
   [08/04/2008|16:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Escape From Paradise
   [23/11/2007|14:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Friends Games
   [23/02/2008|11:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Gogii
   [18/09/2006|18:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
   [20/12/2007|19:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grey Alien Games
   [21/09/2007|19:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
   [21/06/2006|17:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
   [16/06/2008|12:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [23/06/2008|16:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
   [16/06/2008|10:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [10/02/2006|11:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN Search Toolbar
   [22/12/2007|14:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
   [06/04/2008|09:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\My Games
   [24/11/2007|12:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NeptunesAdve
   [04/12/2006|15:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1
View_Profiles
   [11/11/2007|12:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
   [28/05/2007|18:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
   [17/07/2007|11:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
   [16/05/2008|14:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecretsOfOlympus
   [10/11/2007|10:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
   [19/03/2007|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
   [23/06/2008|16:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
   [09/04/2008|08:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SugarGames
   [30/04/2008|13:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
   [06/12/2005|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
   [29/05/2008|08:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
   [13/04/2007|14:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TERMINAL Studio
   [14/04/2007|08:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Test bone comp inside
   [05/11/2006|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
   [22/11/2005|12:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
   [02/12/2005|15:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
   [06/07/2006|11:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [17/06/2008|07:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
   [03/12/2005|16:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
   [22/09/2006|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

   [23/01/2007|17:32] C:\DOCUME~1\amelie\APPLIC~1\Adobe
   [04/03/2006|14:16] C:\DOCUME~1\amelie\APPLIC~1\AdobeUM
   [03/08/2006|20:19] C:\DOCUME~1\amelie\APPLIC~1\Alawar
   [06/07/2006|17:15] C:\DOCUME~1\amelie\APPLIC~1\Apple Computer
   [31/12/2006|15:49] C:\DOCUME~1\amelie\APPLIC~1\ATI
   [18/02/2006|16:55] C:\DOCUME~1\amelie\APPLIC~1\Creative
   [04/11/2005|21:06] C:\DOCUME~1\amelie\APPLIC~1\desktop.ini
   [23/11/2007|19:33] C:\DOCUME~1\amelie\APPLIC~1\DivX
   [30/09/2006|19:15] C:\DOCUME~1\amelie\APPLIC~1\Google
   [29/08/2006|17:52] C:\DOCUME~1\amelie\APPLIC~1\Help
   [18/02/2006|16:55] C:\DOCUME~1\amelie\APPLIC~1\Identities
   [18/03/2006|12:18] C:\DOCUME~1\amelie\APPLIC~1\Macromedia
   [31/12/2006|16:12] C:\DOCUME~1\amelie\APPLIC~1\Media Player Classic
   [29/03/2007|17:35] C:\DOCUME~1\amelie\APPLIC~1\Microsoft
   [18/02/2006|16:56] C:\DOCUME~1\amelie\APPLIC~1\MSN Search Toolbar
   [10/03/2006|15:31] C:\DOCUME~1\amelie\APPLIC~1\PlayFirst
   [31/10/2006|16:25] C:\DOCUME~1\amelie\APPLIC~1\Real
   [18/02/2006|16:56] C:\DOCUME~1\amelie\APPLIC~1\SlySoft
   [30/04/2006|10:44] C:\DOCUME~1\amelie\APPLIC~1\Smart Panel
   [20/06/2007|22:09] C:\DOCUME~1\amelie\APPLIC~1\SPAMfighter
   [05/11/2007|18:41] C:\DOCUME~1\amelie\APPLIC~1\Sun

   [04/12/2006|16:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
   [04/11/2005|20:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

   [28/12/2006|18:21] C:\DOCUME~1\DDD570~1\APPLIC~1\.zreglib
   [18/03/2006|08:20] C:\DOCUME~1\DDD570~1\APPLIC~1\7Wonders
   [04/04/2008|16:32] C:\DOCUME~1\DDD570~1\APPLIC~1\Adobe
   [28/07/2007|15:46] C:\DOCUME~1\DDD570~1\APPLIC~1\AdobeUM
   [05/12/2005|10:55] C:\DOCUME~1\DDD570~1\APPLIC~1\Ahead
   [24/07/2007|22:36] C:\DOCUME~1\DDD570~1\APPLIC~1\Alawar
   [27/12/2005|10:58] C:\DOCUME~1\DDD570~1\APPLIC~1\Apple Computer
   [25/12/2005|09:39] C:\DOCUME~1\DDD570~1\APPLIC~1\ArcSoft
   [29/12/2006|16:42] C:\DOCUME~1\DDD570~1\APPLIC~1\ATI
   [11/11/2007|15:14] C:\DOCUME~1\DDD570~1\APPLIC~1\Big Fish Games
   [20/11/2006|21:36] C:\DOCUME~1\DDD570~1\APPLIC~1\Camfrog
   [12/07/2006|14:11] C:\DOCUME~1\DDD570~1\APPLIC~1\CamfrogBar
   [26/04/2007|15:16] C:\DOCUME~1\DDD570~1\APPLIC~1\Chicken Chase
   [30/12/2005|12:33] C:\DOCUME~1\DDD570~1\APPLIC~1\Creative
   [08/06/2007|15:40] C:\DOCUME~1\DDD570~1\APPLIC~1\CTXM
   [04/11/2005|21:06] C:\DOCUME~1\DDD570~1\APPLIC~1\desktop.ini
   [01/12/2007|19:00] C:\DOCUME~1\DDD570~1\APPLIC~1\DivX
   [15/01/2007|22:01] C:\DOCUME~1\DDD570~1\APPLIC~1\dvdcss
   [23/04/2006|16:56] C:\DOCUME~1\DDD570~1\APPLIC~1\Elaborate Bytes
   [30/03/2008|12:59] C:\DOCUME~1\DDD570~1\APPLIC~1\EPSON
   [11/11/2007|12:29] C:\DOCUME~1\DDD570~1\APPLIC~1\FlowPlay
   [01/07/2007|14:51] C:\DOCUME~1\DDD570~1\APPLIC~1\fltk.org
   [18/11/2007|10:42] C:\DOCUME~1\DDD570~1\APPLIC~1\ForgottenRiddles
   [30/11/2005|12:36] C:\DOCUME~1\DDD570~1\APPLIC~1\Free Spider TreeCardGames
   [10/02/2007|10:53] C:\DOCUME~1\DDD570~1\APPLIC~1\funkitron
   [25/11/2007|20:29] C:\DOCUME~1\DDD570~1\APPLIC~1\Gaijin Ent
   [23/02/2008|13:02] C:\DOCUME~1\DDD570~1\APPLIC~1\Gamelab
   [06/04/2008|09:59] C:\DOCUME~1\DDD570~1\APPLIC~1\gemsweeperextractedgfx
   [19/09/2006|16:01] C:\DOCUME~1\DDD570~1\APPLIC~1\Google
   [25/11/2005|17:10] C:\DOCUME~1\DDD570~1\APPLIC~1\Help
   [14/11/2007|20:00] C:\DOCUME~1\DDD570~1\APPLIC~1\Hulabee
   [06/11/2006|16:56] C:\DOCUME~1\DDD570~1\APPLIC~1\Identities
   [01/11/2007|19:31] C:\DOCUME~1\DDD570~1\APPLIC~1\Intenium
   [14/07/2007|16:15] C:\DOCUME~1\DDD570~1\APPLIC~1\iWin
   [02/01/2008|17:35] C:\DOCUME~1\DDD570~1\APPLIC~1\Jane s Hotel
   [21/11/2006|12:53] C:\DOCUME~1\DDD570~1\APPLIC~1\Lavasoft
   [21/04/2007|07:20] C:\DOCUME~1\DDD570~1\APPLIC~1\Leadertech
   [28/10/2007|12:15] C:\DOCUME~1\DDD570~1\APPLIC~1\Legends of pirates
   [28/05/2008|16:43] C:\DOCUME~1\DDD570~1\APPLIC~1\LimeWire
   [10/02/2006|23:38] C:\DOCUME~1\DDD570~1\APPLIC~1\Macromedia
   [30/04/2008|19:08] C:\DOCUME~1\DDD570~1\APPLIC~1\Malwarebytes
   [29/12/2006|17:53] C:\DOCUME~1\DDD570~1\APPLIC~1\Media Player Classic
   [28/06/2007|15:12] C:\DOCUME~1\DDD570~1\APPLIC~1\Microsoft
   [21/11/2005|18:23] C:\DOCUME~1\DDD570~1\APPLIC~1\Microsoft Web Folders
   [11/11/2007|12:16] C:\DOCUME~1\DDD570~1\APPLIC~1\Mind Control Software
   [07/06/2006|17:03] C:\DOCUME~1\DDD570~1\APPLIC~1\Mozilla
   [10/02/2006|18:04] C:\DOCUME~1\DDD570~1\APPLIC~1\MSN Search Toolbar
   [22/11/2005|18:40] C:\DOCUME~1\DDD570~1\APPLIC~1\MSNInstaller
   [14/07/2007|15:12] C:\DOCUME~1\DDD570~1\APPLIC~1\MysteryStudio
   [20/12/2007|18:13] C:\DOCUME~1\DDD570~1\APPLIC~1\PlayFirst
   [28/10/2007|20:13] C:\DOCUME~1\DDD570~1\APPLIC~1\Pogo Games
   [08/07/2007|17:16] C:\DOCUME~1\DDD570~1\APPLIC~1\PTV Game
   [09/12/2005|18:47] C:\DOCUME~1\DDD570~1\APPLIC~1\Real
   [08/11/2007|19:23] C:\DOCUME~1\DDD570~1\APPLIC~1\ScreenSeven
   [08/10/2006|11:29] C:\DOCUME~1\DDD570~1\APPLIC~1\SecuROM
   [29/12/2006|17:09] C:\DOCUME~1\DDD570~1\APPLIC~1\SlySoft
   [30/11/2005|09:34] C:\DOCUME~1\DDD570~1\APPLIC~1\Smart Panel
   [28/05/2007|20:24] C:\DOCUME~1\DDD570~1\APPLIC~1\SPAMfighter
   [26/11/2005|17:09] C:\DOCUME~1\DDD570~1\APPLIC~1\Sun
   [30/04/2008|18:20] C:\DOCUME~1\DDD570~1\APPLIC~1\SUPERAntiSpyware.com
   [01/11/2007|19:30] C:\DOCUME~1\DDD570~1\APPLIC~1\Super-Cow
   [25/11/2005|17:35] C:\DOCUME~1\DDD570~1\APPLIC~1\Symantec
   [07/12/2005|13:48] C:\DOCUME~1\DDD570~1\APPLIC~1\Template
   [02/12/2005|15:31] C:\DOCUME~1\DDD570~1\APPLIC~1\Ulead Systems
   [23/09/2006|14:30] C:\DOCUME~1\DDD570~1\APPLIC~1\UNBALANCE
   [24/07/2006|14:36] C:\DOCUME~1\DDD570~1\APPLIC~1\vlc
   [04/02/2006|19:22] C:\DOCUME~1\DDD570~1\APPLIC~1\Wildfire
   [25/11/2007|19:42] C:\DOCUME~1\DDD570~1\APPLIC~1\wklnhst.dat
   [06/11/2006|16:56] C:\DOCUME~1\DDD570~1\APPLIC~1\Zylom



   [29/08/2007|17:06] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
   [29/04/2007|17:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [05/04/2007|14:30] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
   [06/12/2005|13:13] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

   [08/11/2006|18:52] C:\DOCUME~1emi\APPLIC~1\.zreglib
   [21/09/2007|10:26] C:\DOCUME~1emi\APPLIC~1\Adobe
   [15/04/2006|19:45] C:\DOCUME~1emi\APPLIC~1\AdobeUM
   [28/05/2006|00:06] C:\DOCUME~1emi\APPLIC~1\Alawar
   [09/05/2006|20:34] C:\DOCUME~1emi\APPLIC~1\Apple Computer
   [09/07/2006|14:51] C:\DOCUME~1emi\APPLIC~1\ArcSoft
   [30/12/2006|13:30] C:\DOCUME~1emi\APPLIC~1\ATI
   [18/02/2006|17:21] C:\DOCUME~1emi\APPLIC~1\Creative
   [04/11/2005|21:06] C:\DOCUME~1emi\APPLIC~1\desktop.ini
   [06/06/2007|14:21] C:\DOCUME~1emi\APPLIC~1\DivX
   [01/08/2006|12:30] C:\DOCUME~1emi\APPLIC~1\Elaborate Bytes
   [04/09/2007|11:20] C:\DOCUME~1emi\APPLIC~1\fltk.org
   [04/09/2007|11:08] C:\DOCUME~1emi\APPLIC~1\Google
   [16/05/2006|20:45] C:\DOCUME~1emi\APPLIC~1\Help
   [18/02/2006|17:21] C:\DOCUME~1emi\APPLIC~1\Identities
   [10/01/2007|20:56] C:\DOCUME~1emi\APPLIC~1\Leadertech
   [29/05/2008|10:44] C:\DOCUME~1emi\APPLIC~1\LimeWire
   [17/09/2006|19:04] C:\DOCUME~1emi\APPLIC~1\Macromedia
   [04/01/2007|17:06] C:\DOCUME~1emi\APPLIC~1\Media Player Classic
   [19/07/2007|01:44] C:\DOCUME~1emi\APPLIC~1\Microsoft
   [18/02/2006|17:22] C:\DOCUME~1emi\APPLIC~1\MSN Search Toolbar
   [17/09/2006|19:13] C:\DOCUME~1emi\APPLIC~1\PlayFirst
   [25/01/2008|11:14] C:\DOCUME~1emi\APPLIC~1\Real
   [24/02/2006|20:03] C:\DOCUME~1emi\APPLIC~1\SlySoft
   [25/06/2006|19:52] C:\DOCUME~1emi\APPLIC~1\Smart Panel
   [06/06/2007|14:15] C:\DOCUME~1emi\APPLIC~1\SPAMfighter
   [01/08/2006|11:27] C:\DOCUME~1emi\APPLIC~1\vlc

   [02/01/2007|17:26] C:\DOCUME~1\Thalie\APPLIC~1\.zreglib
   [07/12/2005|00:25] C:\DOCUME~1\Thalie\APPLIC~1\123 Free Solitaire
   [21/04/2006|09:09] C:\DOCUME~1\Thalie\APPLIC~1\7Wonders
   [04/02/2008|12:57] C:\DOCUME~1\Thalie\APPLIC~1\Adobe
   [18/11/2006|17:02] C:\DOCUME~1\Thalie\APPLIC~1\AdobeDLM.log
   [26/06/2007|06:48] C:\DOCUME~1\Thalie\APPLIC~1\AdobeUM
   [01/08/2006|09:55] C:\DOCUME~1\Thalie\APPLIC~1\Ahead
   [27/05/2006|17:39] C:\DOCUME~1\Thalie\APPLIC~1\alawar
   [17/03/2006|19:09] C:\DOCUME~1\Thalie\APPLIC~1\Apple Computer
   [25/12/2005|21:14] C:\DOCUME~1\Thalie\APPLIC~1\ArcSoft
   [29/12/2006|22:45] C:\DOCUME~1\Thalie\APPLIC~1\ATI
   [19/03/2007|08:09] C:\DOCUME~1\Thalie\APPLIC~1\BitDownload
   [06/03/2007|13:53] C:\DOCUME~1\Thalie\APPLIC~1\Canvas Multi-Media
   [07/08/2006|08:53] C:\DOCUME~1\Thalie\APPLIC~1\Chasing Dogs Studios
   [30/12/2005|14:21] C:\DOCUME~1\Thalie\APPLIC~1\Creative
   [04/11/2005|21:06] C:\DOCUME~1\Thalie\APPLIC~1\desktop.ini
   [29/04/2007|17:28] C:\DOCUME~1\Thalie\APPLIC~1\DivX
   [13/10/2006|06:46] C:\DOCUME~1\Thalie\APPLIC~1\dm.ini
   [16/09/2007|18:59] C:\DOCUME~1\Thalie\APPLIC~1\dvdcss
   [06/02/2006|20:40] C:\DOCUME~1\Thalie\APPLIC~1\EA
   [24/11/2006|19:25] C:\DOCUME~1\Thalie\APPLIC~1\Elaborate Bytes
   [12/02/2008|14:25] C:\DOCUME~1\Thalie\APPLIC~1\Free Spider TreeCardGames
   [22/07/2007|11:28] C:\DOCUME~1\Thalie\APPLIC~1\Gaijin Ent
   [10/08/2007|10:24] C:\DOCUME~1\Thalie\APPLIC~1\Google
   [12/12/2005|14:26] C:\DOCUME~1\Thalie\APPLIC~1\Help
   [24/05/2008|08:30] C:\DOCUME~1\Thalie\APPLIC~1\Identities
   [27/05/2007|11:43] C:\DOCUME~1\Thalie\APPLIC~1\InstallShield
   [02/05/2007|12:40] C:\DOCUME~1\Thalie\APPLIC~1\iWin
   [28/10/2006|18:14] C:\DOCUME~1\Thalie\APPLIC~1\Lavasoft
   [10/01/2007|10:58] C:\DOCUME~1\Thalie\APPLIC~1\Leadertech
   [25/02/2006|19:28] C:\DOCUME~1\Thalie\APPLIC~1\Macromedia
   [21/06/2008|12:51] C:\DOCUME~1\Thalie\APPLIC~1\Malwarebytes
   [21/01/2007|13:32] C:\DOCUME~1\Thalie\APPLIC~1\Media Player Classic
   [29/12/2006|22:45] C:\DOCUME~1\Thalie\APPLIC~1\Microsoft
   [04/06/2006|08:58] C:\DOCUME~1\Thalie\APPLIC~1\Mozilla
   [10/02/2006|11:30] C:\DOCUME~1\Thalie\APPLIC~1\MSN Search Toolbar
   [24/05/2008|08:45] C:\DOCUME~1\Thalie\APPLIC~1\Pirateville
   [04/11/2007|12:17] C:\DOCUME~1\Thalie\APPLIC~1\PlayFirst
   [06/12/2005|22:19] C:\DOCUME~1\Thalie\APPLIC~1\Real
   [25/04/2007|07:02] C:\DOCUME~1\Thalie\APPLIC~1\Size Date Find
   [05/05/2007|18:06] C:\DOCUME~1\Thalie\APPLIC~1\SlySoft
   [03/12/2005|17:28] C:\DOCUME~1\Thalie\APPLIC~1\Smart Panel
   [31/05/2007|18:17] C:\DOCUME~1\Thalie\APPLIC~1\SPAMfighter
   [30/05/2007|15:21] C:\DOCUME~1\Thalie\APPLIC~1\Sun
   [10/08/2007|10:28] C:\DOCUME~1\Thalie\APPLIC~1\Talkback
   [05/12/2005|15:33] C:\DOCUME~1\Thalie\APPLIC~1\Template
   [11/02/2006|19:34] C:\DOCUME~1\Thalie\APPLIC~1\Ulead Systems
   [31/07/2006|11:34] C:\DOCUME~1\Thalie\APPLIC~1\vlc
   [21/04/2008|21:52] C:\DOCUME~1\Thalie\APPLIC~1\wklnhst.dat
   [24/05/2008|08:30] C:\DOCUME~1\Thalie\APPLIC~1\Zylom

   [26/11/2006|18:10] C:\DOCUME~1\valerie\APPLIC~1\.zreglib
   [28/02/2008|17:09] C:\DOCUME~1\valerie\APPLIC~1\Adobe
   [04/03/2006|20:48] C:\DOCUME~1\valerie\APPLIC~1\AdobeUM
   [04/08/2006|17:25] C:\DOCUME~1\valerie\APPLIC~1\Alawar
   [25/02/2006|20:01] C:\DOCUME~1\valerie\APPLIC~1\Apple Computer
   [29/12/2006|18:52] C:\DOCUME~1\valerie\APPLIC~1\ATI
   [18/02/2006|17:01] C:\DOCUME~1\valerie\APPLIC~1\Creative
   [04/11/2005|21:06] C:\DOCUME~1\valerie\APPLIC~1\desktop.ini
   [30/04/2007|19:45] C:\DOCUME~1\valerie\APPLIC~1\DivX
   [26/11/2006|18:10] C:\DOCUME~1\valerie\APPLIC~1\Elaborate Bytes
   [18/09/2006|17:48] C:\DOCUME~1\valerie\APPLIC~1\Google
   [18/02/2006|17:00] C:\DOCUME~1\valerie\APPLIC~1\Identities
   [10/01/2007|18:22] C:\DOCUME~1\valerie\APPLIC~1\Leadertech
   [02/06/2006|15:42] C:\DOCUME~1\valerie\APPLIC~1\Macromedia
   [30/04/2007|19:45] C:\DOCUME~1\valerie\APPLIC~1\Media Player Classic
   [29/12/2006|18:52] C:\DOCUME~1\valerie\APPLIC~1\Microsoft
   [15/05/2008|12:11] C:\DOCUME~1\valerie\APPLIC~1\MSN Pictures Displayer
   [18/02/2006|17:01] C:\DOCUME~1\valerie\APPLIC~1\MSN Search Toolbar
   [28/02/2006|19:34] C:\DOCUME~1\valerie\APPLIC~1\PlayFirst
   [04/03/2006|15:09] C:\DOCUME~1\valerie\APPLIC~1\Real
   [22/02/2006|14:50] C:\DOCUME~1\valerie\APPLIC~1\SlySoft
   [11/06/2007|18:07] C:\DOCUME~1\valerie\APPLIC~1\SPAMfighter
   [07/06/2006|11:38] C:\DOCUME~1\valerie\APPLIC~1\Ulead Systems
 
   ----------------[ Tâches planifiées dans C:\WINDOWS	asks ]---------------

   [16/05/2008 15:00][--a------] C:\WINDOWS	asks\Norton Security Scan.job
   [22/05/2008 22:51][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [24/06/2008 12:47][--ah-----] C:\WINDOWS	asks\SA.DAT
   [05/08/2004 14:00][-r-h-----] C:\WINDOWS	asks\desktop.ini
 
   ---------------[ Listing des dossiers dans C:\Program Files ]--------------
 
   [29/11/2005|18:38] C:\Program Files\AC3Filter
   [21/02/2008|10:13] C:\Program Files\Adobe
   [29/08/2007|18:07] C:\Program Files\Ahead
   [21/11/2005|19:48] C:\Program Files\Alice
   [13/03/2007|18:31] C:\Program Files\Alwil Software
   [03/05/2008|14:59] C:\Program Files\Apple Software Update
   [26/12/2005|17:33] C:\Program Files\ArcSoft
   [07/02/2007|16:05] C:\Program Files\ATI Technologies
   [04/09/2007|09:11] C:\Program Files\Audacity
   [17/01/2008|16:42] C:\Program Files\Avanquest update
   [17/06/2008|08:09] C:\Program Files\Avira
   [05/01/2008|01:38] C:\Program Files\BFG
   [11/08/2007|10:38] C:\Program Files\Billy Blade and the Temple of Time
   [29/11/2007|19:20] C:\Program Files\BitComet
   [03/05/2008|15:04] C:\Program Files\Bonjour
   [23/06/2008|15:56] C:\Program Files\Boonty
   [16/05/2008|19:25] C:\Program Files\BoontyGames
   [19/10/2007|19:40] C:\Program Files\Camfrog
   [28/10/2006|18:16] C:\Program Files\CCleaner
   [05/01/2008|01:38] C:\Program Files\CDDC-MahJongg
   [04/11/2005|20:11] C:\Program Files\ComPlus Applications
   [05/11/2005|16:18] C:\Program Files\CONEXANT
   [16/06/2006|08:13] C:\Program Files\Creative
   [02/12/2005|14:30] C:\Program Files\Digital Video
   [24/03/2007|17:02] C:\Program Files\Disney Interactive
   [05/01/2008|01:38] C:\Program Files\DivX
   [30/07/2007|02:36] C:\Program Files\eChanblard
   [29/11/2007|19:54] C:\Program Files\Eidos Interactive
   [18/03/2006|11:36] C:\Program Files\Elaborate Bytes
   [29/11/2007|18:27] C:\Program Files\eMule
   [25/07/2007|15:02] C:\Program Files\eMulePlus-1.2b.Installer.exe
   [30/04/2008|12:29] C:\Program Files\Enigma Software Group
   [20/11/2006|16:03] C:\Program Files\EpieGames
   [21/04/2008|18:11] C:\Program Files\epson
   [05/01/2008|01:38] C:\Program Files\Eracha
   [22/02/2006|21:35] C:\Program Files\ffdshow
   [17/06/2008|07:48] C:\Program Files\Fichiers communs
   [02/05/2007|07:07] C:\Program Files\Free Spider
   [29/12/2006|16:45] C:\Program Files\GigaByte
   [10/08/2007|10:16] C:\Program Files\Google
   [29/05/2008|07:43] C:\Program Files\Incredijeux
   [07/02/2007|15:37] C:\Program Files\IncrediMail
   [12/11/2006|13:45] C:\Program Files\Infogrames
   [21/04/2008|18:11] C:\Program Files\InstallShield Installation Information
   [06/12/2005|19:11] C:\Program Files\InterActual
   [16/06/2008|19:28] C:\Program Files\Internet Explorer
   [03/05/2008|15:06] C:\Program Files\iPod
   [03/05/2008|15:06] C:\Program Files\iTunes
   [17/06/2008|07:30] C:\Program Files\Java
   [02/04/2008|11:47] C:\Program Files\Jeune Styliste
   [30/12/2007|12:17] C:\Program Files\KaraFun
   [03/08/2007|15:25] C:\Program Files\klcodec330f.exe
   [03/08/2007|15:27] C:\Program Files\K-Lite Codec Pack
   [28/10/2006|18:13] C:\Program Files\Lavasoft
   [29/02/2008|17:18] C:\Program Files\LimeWire
   [21/06/2008|12:51] C:\Program Files\Malwarebytes' Anti-Malware
   [05/01/2008|01:38] C:\Program Files\Media Player Classic
   [05/05/2008|10:00] C:\Program Files\Mes Jeux Install‚s
   [05/01/2008|01:38] C:\Program Files\Messenger
   [23/06/2008|16:33] C:\Program Files\Messenger Plus! Live
   [17/06/2008|18:00] C:\Program Files\Microsoft CAPICOM 2.1.0.2
   [21/11/2005|18:23] C:\Program Files\microsoft frontpage
   [24/11/2005|18:07] C:\Program Files\Microsoft Money
   [16/07/2007|21:53] C:\Program Files\Microsoft Office
   [05/01/2008|01:38] C:\Program Files\Microsoft Works
   [24/11/2005|18:03] C:\Program Files\Microsoft Works Suite 2000
   [29/11/2007|20:00] C:\Program Files\Mindscape
   [05/01/2008|01:38] C:\Program Files\Motorola Phone Tools
   [04/11/2005|20:12] C:\Program Files\Movie Maker
   [10/08/2007|10:29] C:\Program Files\Mozilla Firefox
   [05/01/2007|17:31] C:\Program Files\MP3 Player Utilities 4.04
   [16/07/2007|21:53] C:\Program Files\MSECache
   [22/11/2005|15:14] C:\Program Files\MSN
   [19/03/2006|16:33] C:\Program Files\MSN Games
   [04/11/2005|20:11] C:\Program Files\MSN Gaming Zone
   [15/05/2008|12:11] C:\Program Files\MSN Pictures Displayer
   [10/02/2006|11:29] C:\Program Files\MSN Toolbar Suite
   [18/11/2006|17:19] C:\Program Files\MSXML 4.0
   [04/11/2005|20:12] C:\Program Files\NetMeeting
   [06/12/2005|17:54] C:\Program Files\Norton AntiVirus
   [31/08/2007|15:00] C:\Program Files\Norton Security Scan
   [29/11/2007|19:26] C:\Program Files\Oberon Media
   [04/11/2005|20:11] C:\Program Files\Online Services
   [13/06/2007|06:26] C:\Program Files\Outlook Express
   [23/11/2007|20:01] C:\Program Files\Pcsx2
   [12/11/2006|14:52] C:\Program Files\PhotoFiltre
   [05/08/2007|18:06] C:\Program Files\Picasa2
   [05/01/2008|01:38] C:\Program Files\PopCap Games
   [07/02/2007|16:23] C:\Program Files\QuickTime
   [03/05/2008|15:03] C:\Program Files\QuickTime Alternative
   [03/03/2006|17:01] C:\Program Files\Real
   [05/01/2008|01:38] C:\Program Files\Real Alternative
   [10/12/2005|13:31] C:\Program Files\ReflexiveArcade
   [05/01/2007|17:53] C:\Program Files\Ringz Studio
   [03/03/2006|16:59] C:\Program Files\RngInterstitial.dll
   [01/10/2006|14:59] C:\Program Files\RoadRoll
   [15/01/2008|21:25] C:\Program Files\Seagrand
   [04/11/2005|20:13] C:\Program Files\Services en ligne
   [27/10/2006|18:06] C:\Program Files\Show
   [25/04/2007|07:01] C:\Program Files\Size Date Find
   [27/05/2006|17:37] C:\Program Files\Slickball
   [21/11/2005|18:32] C:\Program Files\SlySoft
   [04/03/2007|10:35] C:\Program Files\Smart Panel
   [21/04/2008|17:59] C:\Program Files\SPAMfighter
   [23/06/2008|16:47] C:\Program Files\Spybot - Search & Destroy
   [17/06/2008|07:30] C:\Program Files\Sun
   [30/04/2008|18:20] C:\Program Files\SUPERAntiSpyware
   [12/01/2008|13:54] C:\Program Files\T‚l‚chargeur de Beach Life
   [08/10/2006|11:29] C:\Program Files\T‚l‚chargeur de Ghost Recon Advance Warfighter
   [05/01/2008|01:38] C:\Program Files\T‚l‚chargeur de Pacific Fighters
   [05/01/2008|01:38] C:\Program Files\T‚l‚chargeur de Peter Jackson's King Kong
   [05/01/2008|01:38] C:\Program Files\T‚l‚chargeur de Peter Jackson's King Kong - Gamer Edition
   [06/04/2008|20:02] C:\Program Files\T‚l‚chargeur de Restaurant Empire
   [08/04/2008|16:07] C:\Program Files\T‚l‚chargeur de Singles 2
   [12/01/2008|14:47] C:\Program Files\T‚l‚chargeur de Soir‚es et Fˆtes Organiseur
   [04/04/2008|10:14] C:\Program Files\T‚l‚chargeur de Sonic Mega Collection Plus
   [12/01/2008|14:45] C:\Program Files\T‚l‚chargeur de Space Colony
   [28/04/2006|18:24] C:\Program Files\TLC-Edusoft
   [15/02/2008|18:16] C:\Program Files\TLKGAMES
   [22/06/2008|19:20] C:\Program Files\Trend Micro
   [20/11/2006|16:17] C:\Program Files\Trymedia
   [11/07/2006|18:06] C:\Program Files\Ubisoft
   [02/12/2005|15:27] C:\Program Files\Ulead Systems
   [04/11/2005|20:20] C:\Program Files\Uninstall Information
   [30/12/2007|11:41] C:\Program Files\vanBasco's Karaoke Player
   [24/07/2006|14:34] C:\Program Files\VideoLAN
   [05/01/2008|01:38] C:\Program Files\VideoLink Pro
   [13/09/2006|18:11] C:\Program Files\VTech
   [27/10/2006|16:57] C:\Program Files\WIDCOMM
   [09/02/2006|16:23] C:\Program Files\WildTangent
   [17/06/2008|07:49] C:\Program Files\Windows Live
   [05/01/2008|01:38] C:\Program Files\Windows Media Connect 2
   [29/04/2007|17:33] C:\Program Files\Windows Media Player
   [04/11/2005|20:11] C:\Program Files\Windows NT
   [04/11/2005|20:13] C:\Program Files\WindowsUpdate
   [02/11/2006|09:27] C:\Program Files\WinRAR
   [08/09/2006|19:36] C:\Program Files\Wizards of the Coast
   [04/11/2005|20:17] C:\Program Files\xerox
   [05/01/2008|01:38] C:\Program Files\XviD
   [03/12/2005|16:01] C:\Program Files\Yahoo!
   [24/05/2008|08:29] C:\Program Files\Zylom Games
  
   ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
   
   [21/02/2008|10:13] C:\Program Files\Fichiers communs\Adobe
   [18/02/2006|19:54] C:\Program Files\Fichiers communs\Adobe Systems Shared
   [17/11/2005|18:14] C:\Program Files\Fichiers communs\Ahead
   [03/05/2008|14:58] C:\Program Files\Fichiers communs\Apple
   [10/12/2005|17:18] C:\Program Files\Fichiers communs\BOONTY Shared
   [21/11/2005|18:25] C:\Program Files\Fichiers communs\Designer
   [22/11/2005|12:28] C:\Program Files\Fichiers communs\InstallShield
   [19/02/2007|16:37] C:\Program Files\Fichiers communs\Java
   [26/01/2006|18:01] C:\Program Files\Fichiers communs\Macrovision Shared
   [17/06/2008|07:49] C:\Program Files\Fichiers communs\Microsoft Shared
   [04/11/2005|20:12] C:\Program Files\Fichiers communs\MSSoap
   [29/11/2005|17:55] C:\Program Files\Fichiers communs\Nero
   [29/05/2008|07:43] C:\Program Files\Fichiers communs\Oberon Media
   [04/11/2005|21:06] C:\Program Files\Fichiers communs\ODBC
   [22/01/2008|16:25] C:\Program Files\Fichiers communs\Real
   [21/04/2008|18:12] C:\Program Files\Fichiers communs\Sandlot Shared
   [30/04/2008|08:16] C:\Program Files\Fichiers communs\Services
   [26/12/2005|17:24] C:\Program Files\Fichiers communs\Smith Micro Shared
   [04/11/2005|21:06] C:\Program Files\Fichiers communs\SpeechEngines
   [01/09/2007|07:38] C:\Program Files\Fichiers communs\Symantec Shared
   [13/06/2007|06:26] C:\Program Files\Fichiers communs\System
   [02/12/2005|15:22] C:\Program Files\Fichiers communs\Ulead Systems
   [17/06/2008|07:48] C:\Program Files\Fichiers communs\WindowsLiveInstaller
   [22/01/2008|16:25] C:\Program Files\Fichiers communs\xing shared

   ---------------------------[ Process ]--------------------------

   ... 53

   ... OK !

   ----------------------[ Recherche avec S_Lop ]---------------------

   Aucun fichier / dossier Lop trouvé ! 
 
   -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

   C:\DOCUME~1\Thalie\APPLIC~1\Bitdownload
   C:\DOCUME~1\Thalie\APPLIC~1\Bitdownload\Data
   C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Bitdownload
 
   ----------------------[ Verification du Registre ]----------------------
 
   ..... OK !

   --------------------[ Verification du fichier Hosts ]---------------------

   Fichier Hosts PROPRE


   ----------------[ Recherche de fichiers avec Catchme ]-----------------
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-06-24 17:17:20
   Windows 5.1.2600 Service Pack 2 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 0
 
   --------------------[ Recherche d'autres infections ]---------------------

   => C:\Documents and Settings\Thalie\Local Settings\Application Data\IM\Animation\firecracker.ima


   [F:10][D:3]-> C:\DOCUME~1\Thalie\LOCALS~1\Temp
   [F:18][D:0]-> C:\DOCUME~1\Thalie\Cookies
   [F:270][D:5]-> C:\DOCUME~1\Thalie\LOCALS~1\TEMPOR~1\content.IE5

   --------------------[ Fin du rapport a 17:19:16,92  ]----------------------

sKe69 · Answer

relances Lop S&D .

Là,laisses toi guider: 
--->choisis l'option 3 (recherche) et valides.
 
Une fois le scan terminer ,le Bloc-Notes contenant le rapport va s'ouvrir.
Postes ce nouveau rapport dans ta prochaine réponse pour analyse .

isa24 · Answer

voila le nouveau rapport :

   -----------------------[  Lop S&D 4.2.1-8  XP/Vista  ]---------------------

   [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
   [ USER : Thalie ] [ "C:\Lop SD" ] [ Selection : 3 ]
   [ 24/06/2008 | 17:55:24,57 ] [ PC : SECR-5EE85B317A ]
   [ MAJ : 24-06-2008 | 11:00 ]


   \\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

   Echec   ! - C:\DOCUME~1\Thalie\APPLIC~1\Bitdownload\Data
   Supprime! - C:\DOCUME~1\Thalie\APPLIC~1\Bitdownload
   Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Bitdownload
 
   //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\ 

 
   -------------[ Listing des dossiers dans APPLIC~1 ]------------  

   [04/11/2005|21:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
   [04/11/2005|20:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

   [17/05/2008|14:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.zreglib
   [21/02/2008|10:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [18/02/2006|20:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
   [29/11/2005|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
   [25/03/2008|11:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Alawar Stargaze
   [02/01/2008|19:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Aliasworlds
   [03/05/2008|14:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
   [22/10/2006|19:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [17/06/2008|08:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
   [14/03/2008|10:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Awem
   [20/05/2006|14:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
   [27/05/2007|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
   [07/08/2006|08:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Chasing Dogs Studios
   [22/12/2007|13:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Christmasville
   [04/12/2006|16:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
   [07/12/2005|16:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
   [23/02/2008|15:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EA
   [02/01/2007|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Elaborate Bytes
   [08/04/2008|16:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Escape From Paradise
   [23/11/2007|14:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Friends Games
   [23/02/2008|11:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Gogii
   [18/09/2006|18:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
   [20/12/2007|19:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grey Alien Games
   [21/09/2007|19:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
   [21/06/2006|17:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
   [16/06/2008|12:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [23/06/2008|16:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
   [16/06/2008|10:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [10/02/2006|11:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN Search Toolbar
   [22/12/2007|14:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
   [06/04/2008|09:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\My Games
   [24/11/2007|12:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NeptunesAdve
   [04/12/2006|15:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1
View_Profiles
   [11/11/2007|12:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
   [28/05/2007|18:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
   [17/07/2007|11:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
   [16/05/2008|14:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecretsOfOlympus
   [10/11/2007|10:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
   [19/03/2007|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
   [23/06/2008|16:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
   [09/04/2008|08:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SugarGames
   [30/04/2008|13:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
   [06/12/2005|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
   [29/05/2008|08:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
   [13/04/2007|14:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TERMINAL Studio
   [14/04/2007|08:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Test bone comp inside
   [05/11/2006|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
   [22/11/2005|12:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
   [02/12/2005|15:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
   [06/07/2006|11:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [17/06/2008|07:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
   [03/12/2005|16:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
   [22/09/2006|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

   [23/01/2007|17:32] C:\DOCUME~1\amelie\APPLIC~1\Adobe
   [04/03/2006|14:16] C:\DOCUME~1\amelie\APPLIC~1\AdobeUM
   [03/08/2006|20:19] C:\DOCUME~1\amelie\APPLIC~1\Alawar
   [06/07/2006|17:15] C:\DOCUME~1\amelie\APPLIC~1\Apple Computer
   [31/12/2006|15:49] C:\DOCUME~1\amelie\APPLIC~1\ATI
   [18/02/2006|16:55] C:\DOCUME~1\amelie\APPLIC~1\Creative
   [04/11/2005|21:06] C:\DOCUME~1\amelie\APPLIC~1\desktop.ini
   [23/11/2007|19:33] C:\DOCUME~1\amelie\APPLIC~1\DivX
   [30/09/2006|19:15] C:\DOCUME~1\amelie\APPLIC~1\Google
   [29/08/2006|17:52] C:\DOCUME~1\amelie\APPLIC~1\Help
   [18/02/2006|16:55] C:\DOCUME~1\amelie\APPLIC~1\Identities
   [18/03/2006|12:18] C:\DOCUME~1\amelie\APPLIC~1\Macromedia
   [31/12/2006|16:12] C:\DOCUME~1\amelie\APPLIC~1\Media Player Classic
   [29/03/2007|17:35] C:\DOCUME~1\amelie\APPLIC~1\Microsoft
   [18/02/2006|16:56] C:\DOCUME~1\amelie\APPLIC~1\MSN Search Toolbar
   [10/03/2006|15:31] C:\DOCUME~1\amelie\APPLIC~1\PlayFirst
   [31/10/2006|16:25] C:\DOCUME~1\amelie\APPLIC~1\Real
   [18/02/2006|16:56] C:\DOCUME~1\amelie\APPLIC~1\SlySoft
   [30/04/2006|10:44] C:\DOCUME~1\amelie\APPLIC~1\Smart Panel
   [20/06/2007|22:09] C:\DOCUME~1\amelie\APPLIC~1\SPAMfighter
   [05/11/2007|18:41] C:\DOCUME~1\amelie\APPLIC~1\Sun

   [04/12/2006|16:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
   [04/11/2005|20:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

   [28/12/2006|18:21] C:\DOCUME~1\DDD570~1\APPLIC~1\.zreglib
   [18/03/2006|08:20] C:\DOCUME~1\DDD570~1\APPLIC~1\7Wonders
   [04/04/2008|16:32] C:\DOCUME~1\DDD570~1\APPLIC~1\Adobe
   [28/07/2007|15:46] C:\DOCUME~1\DDD570~1\APPLIC~1\AdobeUM
   [05/12/2005|10:55] C:\DOCUME~1\DDD570~1\APPLIC~1\Ahead
   [24/07/2007|22:36] C:\DOCUME~1\DDD570~1\APPLIC~1\Alawar
   [27/12/2005|10:58] C:\DOCUME~1\DDD570~1\APPLIC~1\Apple Computer
   [25/12/2005|09:39] C:\DOCUME~1\DDD570~1\APPLIC~1\ArcSoft
   [29/12/2006|16:42] C:\DOCUME~1\DDD570~1\APPLIC~1\ATI
   [11/11/2007|15:14] C:\DOCUME~1\DDD570~1\APPLIC~1\Big Fish Games
   [20/11/2006|21:36] C:\DOCUME~1\DDD570~1\APPLIC~1\Camfrog
   [12/07/2006|14:11] C:\DOCUME~1\DDD570~1\APPLIC~1\CamfrogBar
   [26/04/2007|15:16] C:\DOCUME~1\DDD570~1\APPLIC~1\Chicken Chase
   [30/12/2005|12:33] C:\DOCUME~1\DDD570~1\APPLIC~1\Creative
   [08/06/2007|15:40] C:\DOCUME~1\DDD570~1\APPLIC~1\CTXM
   [04/11/2005|21:06] C:\DOCUME~1\DDD570~1\APPLIC~1\desktop.ini
   [01/12/2007|19:00] C:\DOCUME~1\DDD570~1\APPLIC~1\DivX
   [15/01/2007|22:01] C:\DOCUME~1\DDD570~1\APPLIC~1\dvdcss
   [23/04/2006|16:56] C:\DOCUME~1\DDD570~1\APPLIC~1\Elaborate Bytes
   [30/03/2008|12:59] C:\DOCUME~1\DDD570~1\APPLIC~1\EPSON
   [11/11/2007|12:29] C:\DOCUME~1\DDD570~1\APPLIC~1\FlowPlay
   [01/07/2007|14:51] C:\DOCUME~1\DDD570~1\APPLIC~1\fltk.org
   [18/11/2007|10:42] C:\DOCUME~1\DDD570~1\APPLIC~1\ForgottenRiddles
   [30/11/2005|12:36] C:\DOCUME~1\DDD570~1\APPLIC~1\Free Spider TreeCardGames
   [10/02/2007|10:53] C:\DOCUME~1\DDD570~1\APPLIC~1\funkitron
   [25/11/2007|20:29] C:\DOCUME~1\DDD570~1\APPLIC~1\Gaijin Ent
   [23/02/2008|13:02] C:\DOCUME~1\DDD570~1\APPLIC~1\Gamelab
   [06/04/2008|09:59] C:\DOCUME~1\DDD570~1\APPLIC~1\gemsweeperextractedgfx
   [19/09/2006|16:01] C:\DOCUME~1\DDD570~1\APPLIC~1\Google
   [25/11/2005|17:10] C:\DOCUME~1\DDD570~1\APPLIC~1\Help
   [14/11/2007|20:00] C:\DOCUME~1\DDD570~1\APPLIC~1\Hulabee
   [06/11/2006|16:56] C:\DOCUME~1\DDD570~1\APPLIC~1\Identities
   [01/11/2007|19:31] C:\DOCUME~1\DDD570~1\APPLIC~1\Intenium
   [14/07/2007|16:15] C:\DOCUME~1\DDD570~1\APPLIC~1\iWin
   [02/01/2008|17:35] C:\DOCUME~1\DDD570~1\APPLIC~1\Jane s Hotel
   [21/11/2006|12:53] C:\DOCUME~1\DDD570~1\APPLIC~1\Lavasoft
   [21/04/2007|07:20] C:\DOCUME~1\DDD570~1\APPLIC~1\Leadertech
   [28/10/2007|12:15] C:\DOCUME~1\DDD570~1\APPLIC~1\Legends of pirates
   [28/05/2008|16:43] C:\DOCUME~1\DDD570~1\APPLIC~1\LimeWire
   [10/02/2006|23:38] C:\DOCUME~1\DDD570~1\APPLIC~1\Macromedia
   [30/04/2008|19:08] C:\DOCUME~1\DDD570~1\APPLIC~1\Malwarebytes
   [29/12/2006|17:53] C:\DOCUME~1\DDD570~1\APPLIC~1\Media Player Classic
   [28/06/2007|15:12] C:\DOCUME~1\DDD570~1\APPLIC~1\Microsoft
   [21/11/2005|18:23] C:\DOCUME~1\DDD570~1\APPLIC~1\Microsoft Web Folders
   [11/11/2007|12:16] C:\DOCUME~1\DDD570~1\APPLIC~1\Mind Control Software
   [07/06/2006|17:03] C:\DOCUME~1\DDD570~1\APPLIC~1\Mozilla
   [10/02/2006|18:04] C:\DOCUME~1\DDD570~1\APPLIC~1\MSN Search Toolbar
   [22/11/2005|18:40] C:\DOCUME~1\DDD570~1\APPLIC~1\MSNInstaller
   [14/07/2007|15:12] C:\DOCUME~1\DDD570~1\APPLIC~1\MysteryStudio
   [20/12/2007|18:13] C:\DOCUME~1\DDD570~1\APPLIC~1\PlayFirst
   [28/10/2007|20:13] C:\DOCUME~1\DDD570~1\APPLIC~1\Pogo Games
   [08/07/2007|17:16] C:\DOCUME~1\DDD570~1\APPLIC~1\PTV Game
   [09/12/2005|18:47] C:\DOCUME~1\DDD570~1\APPLIC~1\Real
   [08/11/2007|19:23] C:\DOCUME~1\DDD570~1\APPLIC~1\ScreenSeven
   [08/10/2006|11:29] C:\DOCUME~1\DDD570~1\APPLIC~1\SecuROM
   [29/12/2006|17:09] C:\DOCUME~1\DDD570~1\APPLIC~1\SlySoft
   [30/11/2005|09:34] C:\DOCUME~1\DDD570~1\APPLIC~1\Smart Panel
   [28/05/2007|20:24] C:\DOCUME~1\DDD570~1\APPLIC~1\SPAMfighter
   [26/11/2005|17:09] C:\DOCUME~1\DDD570~1\APPLIC~1\Sun
   [30/04/2008|18:20] C:\DOCUME~1\DDD570~1\APPLIC~1\SUPERAntiSpyware.com
   [01/11/2007|19:30] C:\DOCUME~1\DDD570~1\APPLIC~1\Super-Cow
   [25/11/2005|17:35] C:\DOCUME~1\DDD570~1\APPLIC~1\Symantec
   [07/12/2005|13:48] C:\DOCUME~1\DDD570~1\APPLIC~1\Template
   [02/12/2005|15:31] C:\DOCUME~1\DDD570~1\APPLIC~1\Ulead Systems
   [23/09/2006|14:30] C:\DOCUME~1\DDD570~1\APPLIC~1\UNBALANCE
   [24/07/2006|14:36] C:\DOCUME~1\DDD570~1\APPLIC~1\vlc
   [04/02/2006|19:22] C:\DOCUME~1\DDD570~1\APPLIC~1\Wildfire
   [25/11/2007|19:42] C:\DOCUME~1\DDD570~1\APPLIC~1\wklnhst.dat
   [06/11/2006|16:56] C:\DOCUME~1\DDD570~1\APPLIC~1\Zylom



   [29/08/2007|17:06] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
   [29/04/2007|17:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [05/04/2007|14:30] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
   [06/12/2005|13:13] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

   [08/11/2006|18:52] C:\DOCUME~1emi\APPLIC~1\.zreglib
   [21/09/2007|10:26] C:\DOCUME~1emi\APPLIC~1\Adobe
   [15/04/2006|19:45] C:\DOCUME~1emi\APPLIC~1\AdobeUM
   [28/05/2006|00:06] C:\DOCUME~1emi\APPLIC~1\Alawar
   [09/05/2006|20:34] C:\DOCUME~1emi\APPLIC~1\Apple Computer
   [09/07/2006|14:51] C:\DOCUME~1emi\APPLIC~1\ArcSoft
   [30/12/2006|13:30] C:\DOCUME~1emi\APPLIC~1\ATI
   [18/02/2006|17:21] C:\DOCUME~1emi\APPLIC~1\Creative
   [04/11/2005|21:06] C:\DOCUME~1emi\APPLIC~1\desktop.ini
   [06/06/2007|14:21] C:\DOCUME~1emi\APPLIC~1\DivX
   [01/08/2006|12:30] C:\DOCUME~1emi\APPLIC~1\Elaborate Bytes
   [04/09/2007|11:20] C:\DOCUME~1emi\APPLIC~1\fltk.org
   [04/09/2007|11:08] C:\DOCUME~1emi\APPLIC~1\Google
   [16/05/2006|20:45] C:\DOCUME~1emi\APPLIC~1\Help
   [18/02/2006|17:21] C:\DOCUME~1emi\APPLIC~1\Identities
   [10/01/2007|20:56] C:\DOCUME~1emi\APPLIC~1\Leadertech
   [29/05/2008|10:44] C:\DOCUME~1emi\APPLIC~1\LimeWire
   [17/09/2006|19:04] C:\DOCUME~1emi\APPLIC~1\Macromedia
   [04/01/2007|17:06] C:\DOCUME~1emi\APPLIC~1\Media Player Classic
   [19/07/2007|01:44] C:\DOCUME~1emi\APPLIC~1\Microsoft
   [18/02/2006|17:22] C:\DOCUME~1emi\APPLIC~1\MSN Search Toolbar
   [17/09/2006|19:13] C:\DOCUME~1emi\APPLIC~1\PlayFirst
   [25/01/2008|11:14] C:\DOCUME~1emi\APPLIC~1\Real
   [24/02/2006|20:03] C:\DOCUME~1emi\APPLIC~1\SlySoft
   [25/06/2006|19:52] C:\DOCUME~1emi\APPLIC~1\Smart Panel
   [06/06/2007|14:15] C:\DOCUME~1emi\APPLIC~1\SPAMfighter
   [01/08/2006|11:27] C:\DOCUME~1emi\APPLIC~1\vlc

   [02/01/2007|17:26] C:\DOCUME~1\Thalie\APPLIC~1\.zreglib
   [07/12/2005|00:25] C:\DOCUME~1\Thalie\APPLIC~1\123 Free Solitaire
   [21/04/2006|09:09] C:\DOCUME~1\Thalie\APPLIC~1\7Wonders
   [04/02/2008|12:57] C:\DOCUME~1\Thalie\APPLIC~1\Adobe
   [18/11/2006|17:02] C:\DOCUME~1\Thalie\APPLIC~1\AdobeDLM.log
   [26/06/2007|06:48] C:\DOCUME~1\Thalie\APPLIC~1\AdobeUM
   [01/08/2006|09:55] C:\DOCUME~1\Thalie\APPLIC~1\Ahead
   [27/05/2006|17:39] C:\DOCUME~1\Thalie\APPLIC~1\alawar
   [17/03/2006|19:09] C:\DOCUME~1\Thalie\APPLIC~1\Apple Computer
   [25/12/2005|21:14] C:\DOCUME~1\Thalie\APPLIC~1\ArcSoft
   [29/12/2006|22:45] C:\DOCUME~1\Thalie\APPLIC~1\ATI
   [06/03/2007|13:53] C:\DOCUME~1\Thalie\APPLIC~1\Canvas Multi-Media
   [07/08/2006|08:53] C:\DOCUME~1\Thalie\APPLIC~1\Chasing Dogs Studios
   [30/12/2005|14:21] C:\DOCUME~1\Thalie\APPLIC~1\Creative
   [04/11/2005|21:06] C:\DOCUME~1\Thalie\APPLIC~1\desktop.ini
   [29/04/2007|17:28] C:\DOCUME~1\Thalie\APPLIC~1\DivX
   [13/10/2006|06:46] C:\DOCUME~1\Thalie\APPLIC~1\dm.ini
   [16/09/2007|18:59] C:\DOCUME~1\Thalie\APPLIC~1\dvdcss
   [06/02/2006|20:40] C:\DOCUME~1\Thalie\APPLIC~1\EA
   [24/11/2006|19:25] C:\DOCUME~1\Thalie\APPLIC~1\Elaborate Bytes
   [12/02/2008|14:25] C:\DOCUME~1\Thalie\APPLIC~1\Free Spider TreeCardGames
   [22/07/2007|11:28] C:\DOCUME~1\Thalie\APPLIC~1\Gaijin Ent
   [10/08/2007|10:24] C:\DOCUME~1\Thalie\APPLIC~1\Google
   [12/12/2005|14:26] C:\DOCUME~1\Thalie\APPLIC~1\Help
   [24/05/2008|08:30] C:\DOCUME~1\Thalie\APPLIC~1\Identities
   [27/05/2007|11:43] C:\DOCUME~1\Thalie\APPLIC~1\InstallShield
   [02/05/2007|12:40] C:\DOCUME~1\Thalie\APPLIC~1\iWin
   [28/10/2006|18:14] C:\DOCUME~1\Thalie\APPLIC~1\Lavasoft
   [10/01/2007|10:58] C:\DOCUME~1\Thalie\APPLIC~1\Leadertech
   [25/02/2006|19:28] C:\DOCUME~1\Thalie\APPLIC~1\Macromedia
   [21/06/2008|12:51] C:\DOCUME~1\Thalie\APPLIC~1\Malwarebytes
   [21/01/2007|13:32] C:\DOCUME~1\Thalie\APPLIC~1\Media Player Classic
   [29/12/2006|22:45] C:\DOCUME~1\Thalie\APPLIC~1\Microsoft
   [04/06/2006|08:58] C:\DOCUME~1\Thalie\APPLIC~1\Mozilla
   [10/02/2006|11:30] C:\DOCUME~1\Thalie\APPLIC~1\MSN Search Toolbar
   [24/05/2008|08:45] C:\DOCUME~1\Thalie\APPLIC~1\Pirateville
   [04/11/2007|12:17] C:\DOCUME~1\Thalie\APPLIC~1\PlayFirst
   [06/12/2005|22:19] C:\DOCUME~1\Thalie\APPLIC~1\Real
   [25/04/2007|07:02] C:\DOCUME~1\Thalie\APPLIC~1\Size Date Find
   [05/05/2007|18:06] C:\DOCUME~1\Thalie\APPLIC~1\SlySoft
   [03/12/2005|17:28] C:\DOCUME~1\Thalie\APPLIC~1\Smart Panel
   [31/05/2007|18:17] C:\DOCUME~1\Thalie\APPLIC~1\SPAMfighter
   [30/05/2007|15:21] C:\DOCUME~1\Thalie\APPLIC~1\Sun
   [10/08/2007|10:28] C:\DOCUME~1\Thalie\APPLIC~1\Talkback
   [05/12/2005|15:33] C:\DOCUME~1\Thalie\APPLIC~1\Template
   [11/02/2006|19:34] C:\DOCUME~1\Thalie\APPLIC~1\Ulead Systems
   [31/07/2006|11:34] C:\DOCUME~1\Thalie\APPLIC~1\vlc
   [21/04/2008|21:52] C:\DOCUME~1\Thalie\APPLIC~1\wklnhst.dat
   [24/05/2008|08:30] C:\DOCUME~1\Thalie\APPLIC~1\Zylom

   [26/11/2006|18:10] C:\DOCUME~1\valerie\APPLIC~1\.zreglib
   [28/02/2008|17:09] C:\DOCUME~1\valerie\APPLIC~1\Adobe
   [04/03/2006|20:48] C:\DOCUME~1\valerie\APPLIC~1\AdobeUM
   [04/08/2006|17:25] C:\DOCUME~1\valerie\APPLIC~1\Alawar
   [25/02/2006|20:01] C:\DOCUME~1\valerie\APPLIC~1\Apple Computer
   [29/12/2006|18:52] C:\DOCUME~1\valerie\APPLIC~1\ATI
   [18/02/2006|17:01] C:\DOCUME~1\valerie\APPLIC~1\Creative
   [04/11/2005|21:06] C:\DOCUME~1\valerie\APPLIC~1\desktop.ini
   [30/04/2007|19:45] C:\DOCUME~1\valerie\APPLIC~1\DivX
   [26/11/2006|18:10] C:\DOCUME~1\valerie\APPLIC~1\Elaborate Bytes
   [18/09/2006|17:48] C:\DOCUME~1\valerie\APPLIC~1\Google
   [18/02/2006|17:00] C:\DOCUME~1\valerie\APPLIC~1\Identities
   [10/01/2007|18:22] C:\DOCUME~1\valerie\APPLIC~1\Leadertech
   [02/06/2006|15:42] C:\DOCUME~1\valerie\APPLIC~1\Macromedia
   [30/04/2007|19:45] C:\DOCUME~1\valerie\APPLIC~1\Media Player Classic
   [29/12/2006|18:52] C:\DOCUME~1\valerie\APPLIC~1\Microsoft
   [15/05/2008|12:11] C:\DOCUME~1\valerie\APPLIC~1\MSN Pictures Displayer
   [18/02/2006|17:01] C:\DOCUME~1\valerie\APPLIC~1\MSN Search Toolbar
   [28/02/2006|19:34] C:\DOCUME~1\valerie\APPLIC~1\PlayFirst
   [04/03/2006|15:09] C:\DOCUME~1\valerie\APPLIC~1\Real
   [22/02/2006|14:50] C:\DOCUME~1\valerie\APPLIC~1\SlySoft
   [11/06/2007|18:07] C:\DOCUME~1\valerie\APPLIC~1\SPAMfighter
   [07/06/2006|11:38] C:\DOCUME~1\valerie\APPLIC~1\Ulead Systems
 
   ----------------[ Tâches planifiées dans C:\WINDOWS	asks ]---------------

   [16/05/2008 15:00][--a------] C:\WINDOWS	asks\Norton Security Scan.job
   [22/05/2008 22:51][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [24/06/2008 12:47][--ah-----] C:\WINDOWS	asks\SA.DAT
   [05/08/2004 14:00][-r-h-----] C:\WINDOWS	asks\desktop.ini
 
   ---------------[ Listing des dossiers dans C:\Program Files ]--------------
 
   [29/11/2005|18:38] C:\Program Files\AC3Filter
   [21/02/2008|10:13] C:\Program Files\Adobe
   [29/08/2007|18:07] C:\Program Files\Ahead
   [21/11/2005|19:48] C:\Program Files\Alice
   [13/03/2007|18:31] C:\Program Files\Alwil Software
   [03/05/2008|14:59] C:\Program Files\Apple Software Update
   [26/12/2005|17:33] C:\Program Files\ArcSoft
   [07/02/2007|16:05] C:\Program Files\ATI Technologies
   [04/09/2007|09:11] C:\Program Files\Audacity
   [17/01/2008|16:42] C:\Program Files\Avanquest update
   [17/06/2008|08:09] C:\Program Files\Avira
   [05/01/2008|01:38] C:\Program Files\BFG
   [11/08/2007|10:38] C:\Program Files\Billy Blade and the Temple of Time
   [29/11/2007|19:20] C:\Program Files\BitComet
   [03/05/2008|15:04] C:\Program Files\Bonjour
   [23/06/2008|15:56] C:\Program Files\Boonty
   [16/05/2008|19:25] C:\Program Files\BoontyGames
   [19/10/2007|19:40] C:\Program Files\Camfrog
   [28/10/2006|18:16] C:\Program Files\CCleaner
   [05/01/2008|01:38] C:\Program Files\CDDC-MahJongg
   [04/11/2005|20:11] C:\Program Files\ComPlus Applications
   [05/11/2005|16:18] C:\Program Files\CONEXANT
   [16/06/2006|08:13] C:\Program Files\Creative
   [02/12/2005|14:30] C:\Program Files\Digital Video
   [24/03/2007|17:02] C:\Program Files\Disney Interactive
   [05/01/2008|01:38] C:\Program Files\DivX
   [30/07/2007|02:36] C:\Program Files\eChanblard
   [29/11/2007|19:54] C:\Program Files\Eidos Interactive
   [18/03/2006|11:36] C:\Program Files\Elaborate Bytes
   [29/11/2007|18:27] C:\Program Files\eMule
   [25/07/2007|15:02] C:\Program Files\eMulePlus-1.2b.Installer.exe
   [30/04/2008|12:29] C:\Program Files\Enigma Software Group
   [20/11/2006|16:03] C:\Program Files\EpieGames
   [21/04/2008|18:11] C:\Program Files\epson
   [05/01/2008|01:38] C:\Program Files\Eracha
   [22/02/2006|21:35] C:\Program Files\ffdshow
   [17/06/2008|07:48] C:\Program Files\Fichiers communs
   [02/05/2007|07:07] C:\Program Files\Free Spider
   [29/12/2006|16:45] C:\Program Files\GigaByte
   [10/08/2007|10:16] C:\Program Files\Google
   [29/05/2008|07:43] C:\Program Files\Incredijeux
   [07/02/2007|15:37] C:\Program Files\IncrediMail
   [12/11/2006|13:45] C:\Program Files\Infogrames
   [21/04/2008|18:11] C:\Program Files\InstallShield Installation Information
   [06/12/2005|19:11] C:\Program Files\InterActual
   [16/06/2008|19:28] C:\Program Files\Internet Explorer
   [03/05/2008|15:06] C:\Program Files\iPod
   [03/05/2008|15:06] C:\Program Files\iTunes
   [17/06/2008|07:30] C:\Program Files\Java
   [02/04/2008|11:47] C:\Program Files\Jeune Styliste
   [30/12/2007|12:17] C:\Program Files\KaraFun
   [03/08/2007|15:25] C:\Program Files\klcodec330f.exe
   [03/08/2007|15:27] C:\Program Files\K-Lite Codec Pack
   [28/10/2006|18:13] C:\Program Files\Lavasoft
   [29/02/2008|17:18] C:\Program Files\LimeWire
   [21/06/2008|12:51] C:\Program Files\Malwarebytes' Anti-Malware
   [05/01/2008|01:38] C:\Program Files\Media Player Classic
   [05/05/2008|10:00] C:\Program Files\Mes Jeux Install‚s
   [05/01/2008|01:38] C:\Program Files\Messenger
   [23/06/2008|16:33] C:\Program Files\Messenger Plus! Live
   [17/06/2008|18:00] C:\Program Files\Microsoft CAPICOM 2.1.0.2
   [21/11/2005|18:23] C:\Program Files\microsoft frontpage
   [24/11/2005|18:07] C:\Program Files\Microsoft Money
   [16/07/2007|21:53] C:\Program Files\Microsoft Office
   [05/01/2008|01:38] C:\Program Files\Microsoft Works
   [24/11/2005|18:03] C:\Program Files\Microsoft Works Suite 2000
   [29/11/2007|20:00] C:\Program Files\Mindscape
   [05/01/2008|01:38] C:\Program Files\Motorola Phone Tools
   [04/11/2005|20:12] C:\Program Files\Movie Maker
   [10/08/2007|10:29] C:\Program Files\Mozilla Firefox
   [05/01/2007|17:31] C:\Program Files\MP3 Player Utilities 4.04
   [16/07/2007|21:53] C:\Program Files\MSECache
   [22/11/2005|15:14] C:\Program Files\MSN
   [19/03/2006|16:33] C:\Program Files\MSN Games
   [04/11/2005|20:11] C:\Program Files\MSN Gaming Zone
   [15/05/2008|12:11] C:\Program Files\MSN Pictures Displayer
   [10/02/2006|11:29] C:\Program Files\MSN Toolbar Suite
   [18/11/2006|17:19] C:\Program Files\MSXML 4.0
   [04/11/2005|20:12] C:\Program Files\NetMeeting
   [06/12/2005|17:54] C:\Program Files\Norton AntiVirus
   [31/08/2007|15:00] C:\Program Files\Norton Security Scan
   [29/11/2007|19:26] C:\Program Files\Oberon Media
   [04/11/2005|20:11] C:\Program Files\Online Services
   [13/06/2007|06:26] C:\Program Files\Outlook Express
   [23/11/2007|20:01] C:\Program Files\Pcsx2
   [12/11/2006|14:52] C:\Program Files\PhotoFiltre
   [05/08/2007|18:06] C:\Program Files\Picasa2
   [05/01/2008|01:38] C:\Program Files\PopCap Games
   [07/02/2007|16:23] C:\Program Files\QuickTime
   [03/05/2008|15:03] C:\Program Files\QuickTime Alternative
   [03/03/2006|17:01] C:\Program Files\Real
   [05/01/2008|01:38] C:\Program Files\Real Alternative
   [10/12/2005|13:31] C:\Program Files\ReflexiveArcade
   [05/01/2007|17:53] C:\Program Files\Ringz Studio
   [03/03/2006|16:59] C:\Program Files\RngInterstitial.dll
   [01/10/2006|14:59] C:\Program Files\RoadRoll
   [15/01/2008|21:25] C:\Program Files\Seagrand
   [04/11/2005|20:13] C:\Program Files\Services en ligne
   [27/10/2006|18:06] C:\Program Files\Show
   [25/04/2007|07:01] C:\Program Files\Size Date Find
   [27/05/2006|17:37] C:\Program Files\Slickball
   [21/11/2005|18:32] C:\Program Files\SlySoft
   [04/03/2007|10:35] C:\Program Files\Smart Panel
   [21/04/2008|17:59] C:\Program Files\SPAMfighter
   [23/06/2008|16:47] C:\Program Files\Spybot - Search & Destroy
   [17/06/2008|07:30] C:\Program Files\Sun
   [30/04/2008|18:20] C:\Program Files\SUPERAntiSpyware
   [12/01/2008|13:54] C:\Program Files\T‚l‚chargeur de Beach Life
   [08/10/2006|11:29] C:\Program Files\T‚l‚chargeur de Ghost Recon Advance Warfighter
   [05/01/2008|01:38] C:\Program Files\T‚l‚chargeur de Pacific Fighters
   [05/01/2008|01:38] C:\Program Files\T‚l‚chargeur de Peter Jackson's King Kong
   [05/01/2008|01:38] C:\Program Files\T‚l‚chargeur de Peter Jackson's King Kong - Gamer Edition
   [06/04/2008|20:02] C:\Program Files\T‚l‚chargeur de Restaurant Empire
   [08/04/2008|16:07] C:\Program Files\T‚l‚chargeur de Singles 2
   [12/01/2008|14:47] C:\Program Files\T‚l‚chargeur de Soir‚es et Fˆtes Organiseur
   [04/04/2008|10:14] C:\Program Files\T‚l‚chargeur de Sonic Mega Collection Plus
   [12/01/2008|14:45] C:\Program Files\T‚l‚chargeur de Space Colony
   [28/04/2006|18:24] C:\Program Files\TLC-Edusoft
   [15/02/2008|18:16] C:\Program Files\TLKGAMES
   [22/06/2008|19:20] C:\Program Files\Trend Micro
   [20/11/2006|16:17] C:\Program Files\Trymedia
   [11/07/2006|18:06] C:\Program Files\Ubisoft
   [02/12/2005|15:27] C:\Program Files\Ulead Systems
   [04/11/2005|20:20] C:\Program Files\Uninstall Information
   [30/12/2007|11:41] C:\Program Files\vanBasco's Karaoke Player
   [24/07/2006|14:34] C:\Program Files\VideoLAN
   [05/01/2008|01:38] C:\Program Files\VideoLink Pro
   [13/09/2006|18:11] C:\Program Files\VTech
   [27/10/2006|16:57] C:\Program Files\WIDCOMM
   [09/02/2006|16:23] C:\Program Files\WildTangent
   [17/06/2008|07:49] C:\Program Files\Windows Live
   [05/01/2008|01:38] C:\Program Files\Windows Media Connect 2
   [29/04/2007|17:33] C:\Program Files\Windows Media Player
   [04/11/2005|20:11] C:\Program Files\Windows NT
   [04/11/2005|20:13] C:\Program Files\WindowsUpdate
   [02/11/2006|09:27] C:\Program Files\WinRAR
   [08/09/2006|19:36] C:\Program Files\Wizards of the Coast
   [04/11/2005|20:17] C:\Program Files\xerox
   [05/01/2008|01:38] C:\Program Files\XviD
   [03/12/2005|16:01] C:\Program Files\Yahoo!
   [24/05/2008|08:29] C:\Program Files\Zylom Games
  
   ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
   
   [21/02/2008|10:13] C:\Program Files\Fichiers communs\Adobe
   [18/02/2006|19:54] C:\Program Files\Fichiers communs\Adobe Systems Shared
   [17/11/2005|18:14] C:\Program Files\Fichiers communs\Ahead
   [03/05/2008|14:58] C:\Program Files\Fichiers communs\Apple
   [10/12/2005|17:18] C:\Program Files\Fichiers communs\BOONTY Shared
   [21/11/2005|18:25] C:\Program Files\Fichiers communs\Designer
   [22/11/2005|12:28] C:\Program Files\Fichiers communs\InstallShield
   [19/02/2007|16:37] C:\Program Files\Fichiers communs\Java
   [26/01/2006|18:01] C:\Program Files\Fichiers communs\Macrovision Shared
   [17/06/2008|07:49] C:\Program Files\Fichiers communs\Microsoft Shared
   [04/11/2005|20:12] C:\Program Files\Fichiers communs\MSSoap
   [29/11/2005|17:55] C:\Program Files\Fichiers communs\Nero
   [29/05/2008|07:43] C:\Program Files\Fichiers communs\Oberon Media
   [04/11/2005|21:06] C:\Program Files\Fichiers communs\ODBC
   [22/01/2008|16:25] C:\Program Files\Fichiers communs\Real
   [21/04/2008|18:12] C:\Program Files\Fichiers communs\Sandlot Shared
   [30/04/2008|08:16] C:\Program Files\Fichiers communs\Services
   [26/12/2005|17:24] C:\Program Files\Fichiers communs\Smith Micro Shared
   [04/11/2005|21:06] C:\Program Files\Fichiers communs\SpeechEngines
   [01/09/2007|07:38] C:\Program Files\Fichiers communs\Symantec Shared
   [13/06/2007|06:26] C:\Program Files\Fichiers communs\System
   [02/12/2005|15:22] C:\Program Files\Fichiers communs\Ulead Systems
   [17/06/2008|07:48] C:\Program Files\Fichiers communs\WindowsLiveInstaller
   [22/01/2008|16:25] C:\Program Files\Fichiers communs\xing shared

   ---------------------------[ Process ]--------------------------

   ... 54

   ... OK !

   ----------------------[ Recherche avec S_Lop ]---------------------

   Aucun fichier / dossier Lop trouvé ! 
 
   -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

   Aucun fichier / dossier Lop trouvé ! 
 
   ----------------------[ Verification du Registre ]----------------------
 
   ..... OK !

   --------------------[ Verification du fichier Hosts ]---------------------

   Fichier Hosts PROPRE


   ----------------[ Recherche de fichiers avec Catchme ]-----------------
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-06-24 17:58:10
   Windows 5.1.2600 Service Pack 2 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 0
 
   --------------------[ Recherche d'autres infections ]---------------------

   => C:\Documents and Settings\Thalie\Local Settings\Application Data\IM\Animation\firecracker.ima


   [F:8][D:3]-> C:\DOCUME~1\Thalie\LOCALS~1\Temp
   [F:18][D:0]-> C:\DOCUME~1\Thalie\Cookies
   [F:277][D:5]-> C:\DOCUME~1\Thalie\LOCALS~1\TEMPOR~1\content.IE5

   --------------------[ Fin du rapport a 17:59:01,40  ]----------------------

sKe69 · Answer

Bien , voilà la suite donc :

1- refais un coup de CCleaner ( registre compris ) 

2-Télécharges MSNFix.zip (de !aur3n7) : 
http://sosvirus.changelog.fr/MSNFix.zip 
---> décompresses-le sur le Bureau ( = extraire tout ). 

Impératif : Démarrer en mode sans echec : 
Comment aller en Mode sans échec 
1) Redémarres ton ordi 
2) Tapotes la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" 
3) Tu verras un écran avec options de démarrage apparaître 
4) Choisis la première option : Sans Échec, et valide avec "Entrée" 
5) Choisis ton compte habituel, et non Administrateur (si besoin ... ) 
(attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreur ...) 

Lances le fichier MSNFix.bat qui se trouve dans le dossier MSNfix, sur le bureau. 
- Exécute l'option R (recherche). 
- Si l'infection est détectée, exécute l'option N (nettoyage) . 
---> Une fois finit, sauvegardes ce rapport sur ton bureau .

Redémarres ton PC ( = retour au mode normal ), 
et postes moi ce rapport dans ta prochaine réponse pour analyse ...

isa24 · Answer

voila le rapport après recherche et nettoyage :

MSNFix 1.726  
 
C:\Documents and Settings\Thalie\Bureau\MSNFix 
Fix exécuté le 24/06/2008 - 18:15:40,48 By Thalie 
mode sans échec           
    
************************ Recherche les fichiers présents      
    
... C:\WINDOWS\system32	mp.txt 
 
************************ Recherche les dossiers présents       
 
Aucun dossier trouvé 
 
 
 
 
************************ Suppression des fichiers       
    
.. OK ... C:\WINDOWS\system32	mp.txt  
 
 
 
************************ Nettoyage du registre 
 
 
 
Les fichiers encore présents seront supprimés au prochain redémarrage 
 
 
Aucun Fichier trouvé 
 
 
 
************************ Fichiers suspects 
 
Aucun Fichier trouvé 
 
  
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 24062008_18261643.zip
 
************************ HKLM\...\Winlogon\Userinit 
 
Userinit = C:\WINDOWS\system32\userinit.exe, 

Important : http://msnfix.changelog.fr/index.php/2008/05/18/32-alerte


------------------------------------------------------------------------  
Auteur : !aur3n7                     Contact: https://www.ionos.fr/     
------------------------------------------------------------------------   
 
---------------------------------------------   END   ---------------------------------------------

sKe69 · Answer

Ok maintenant , fais ce-ci :

1-Re-Télécharges ToolsCleaner (de A.Rothstein) sur ton Bureau. 
http://pc-system.fr/

Lances le . 
*Cliques sur Recherche et laisses le scan se terminer (cela peut être long). 
*Cliques sur Suppression pour finaliser. 
*Tu peux, si tu le souhaites, te servir des Options facultatives 
*Click sur "quitter" pour générer un rapport :
---> Postes le (TCleaner.txt), il se trouve à la racine de ton disque dur (C:\). 

Note : Ce petit soft va te nettoyer tout les trucs dont on c'est servi pour la désinfection ( tu n'en as plus besion ! ) . 
Supprimes tout les outils , dossiers ou rapports consernant la désinfection que Toolsclaener2 n'a pas supprimé . 

Puis enfin supprimes Toolscleaner2 ... 

2-Restauration système 
*Désactives ta restauration :
Cliques droit sur poste de travail/propriétés/Restauration système/coche la case désactiver la restauration, appliquer, OK 
--->Redémarres ton PC 
*Réactives ta restauration :
Cliques droit sur poste de travail/propriétés/Restauration système/décoche la case désactiver la restauration, appliquer, OK 
--->Redémarres ton PC

3--Fais un scan antivirus en ligne, avec Internet Explorer et accepter l'ActiveX :
https://www.bitdefender.fr/ 
(pour le rapport ,qui est un doc IE , clik sur l'onglet "plus de détailles" : et à la fin du scan tu demandes à le sauvegarder sur ton bureau) 

--->fais un copier/coller et postes le rapport dans ta prochaine réponse ... 

Aide : En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE 
Dans la nouvelle fenêtre, clique sur j’accepte .
La fenêtre change encore, clique sur scanner .
Les signatures se chargent, etc.

isa24 · Answer

Le rapport toolscleaner :

-->- Recherche: 

C:\SDFIX: trouvé !
C:\Lop SD: trouvé !
C:\Documents and Settings\Thalie\Bureau\Lop S&D.lnk: trouvé !
C:\Documents and Settings\Thalie\Bureau\LopSD.exe: trouvé !
C:\Documents and Settings\Thalie\Bureau\Msnfix.zip: trouvé !
C:\Documents and Settings\Thalie\Bureau\GenProc.zip: trouvé !
C:\Documents and Settings\Thalie\Bureau\MsnFix: trouvé !
C:\Documents and Settings\Thalie\Bureau\GenProc: trouvé !
C:\Documents and Settings\Thalie\Menu Démarrer\Programmes\Lop S&D: trouvé !
C:\Lop SD\Lop S&D.lnk: trouvé !

---------------------------------
-->- Suppression: 

C:\Documents and Settings\Thalie\Bureau\Lop S&D.lnk: supprimé !
C:\Documents and Settings\Thalie\Bureau\LopSD.exe: supprimé !
C:\Documents and Settings\Thalie\Bureau\Msnfix.zip: supprimé !
C:\Documents and Settings\Thalie\Bureau\GenProc.zip: supprimé !
C:\Lop SD\Lop S&D.lnk: supprimé !
C:\SDFIX: supprimé !
C:\Lop SD: supprimé !
C:\Documents and Settings\Thalie\Bureau\MsnFix: supprimé !
C:\Documents and Settings\Thalie\Bureau\GenProc: supprimé !
C:\Documents and Settings\Thalie\Menu Démarrer\Programmes\Lop S&D: supprimé !

et le rapport bitdefender qui apparement n'a rien trouvé !!!

BitDefender Online Scanner
  
  
 
Rapport d'analyse généré à: Wed, Jun 25, 2008 - 01:28:53
 
 
  
  
 
Voie d'analyse: C:\;D:\;E:\;G:\;H:\;I:\;J:\;
  
  
 
 
  
  
 
Statistiques
 
Temps
 02:15:57
 
Fichiers
 90412
 
Directoires
 17842
 
Secteurs de boot
 2
 
Archives
 1397
 
Paquets programmes
 7940
 
  
  
 
Résultats
 
Virus identifiés
 0
 
Fichiers infectés
 0
 
Fichiers suspects
 0
 
Avertissements
 0
 
Désinfectés
 0
 
Fichiers effacés
 0
 
  
  
 
Info sur les moteurs
 
Définition virus
 1263152
 
Version des moteurs
 AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
 
Analyse des plugins
 16
 
Archive des plugins
 42
 
Unpack des plugins
 7
 
E-mail plugins
 6
 
Système plugins
 5
 
  
  
 
Paramètres d'analyse
 
Première action
 Désinfecté
 
Seconde Action
 Supprimé
 
Heuristique
 Oui
 
Acceptez les avertissements
 Oui
 
Extensions analysées
 exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
 
Excludez les extensions
  
 
Analyse d'emails
 Oui
 
Analyse des Archives
 Oui
 
Analyser paquets programmes
 Oui
 
Analyse des fichiers
 Oui
 
Analyse de boot
 Oui
 
  
  
 
  Fichier analysé
  Statut
 
Aucun virus trouvé.

sKe69 · Answer

Tout semble nickel  =)

Prb résolu donc ? 

Dès que tu peux ( le plus rapidement possible ) fais ce-ci : 

** Un petit checkup qui est nécessaire au vu de l'infection qu'il y a eu **

-Nettoyage et Défragmentation de tes Disques 
*Nettoyage : 
Clic droit sur "poste de travail" ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Général" 
Cliques sur le bouton "nettoyage de disque", OK 
tu le fais pour chacun de tes disques 

*Vérifications des erreurs : 
Clic droit sur "poste de travail" ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Outil" 
"Vérifier maintenant", une boîte s'ouvre, cocher les cases : 
-réparer automatiquement les erreurs... 
-rechercher et tenter une récupération... 
--->Démarrer, ok 
Note : s'il te dis de redémarrer ton Pc pour le faire , tu redémarres et tu laisses faire, cela prend un peu de temps c'est normal 
tu le fais pour chacun de tes disques 

ensuite toujours dans le même onglet tu choisis : 
*Défragmentation : 
"défragmenter maintenant", OK 
une boîte s'ouvre, tu sélectionnes le disque à défragmenter, et tu cliques sur "analyser", puis après l'analyse, "défragmenter" . OK 
tu le fais pour chacun de tes disques 

Voili , voilà ...

Bonne continuation à toi  ;)

A+

???????? · Answer

Il y a aussi un scan avec Window Lve OneCare(le scanner est vraiment excellent)télécharge la version d'évaluation,fais un scan,met-le à jour(je ne te dis pas d'activer la protection permanente),et fais un bon scan,qui sait,il y aura peut être des chevals de Troie que tu n'as pas remarqué,le scan prend 2ans et c'est normal,il a détecté 2Cheval de Troie dangeureux wue BitDefender,Malwarebytes et Avira Antivir qui ne l'ont pas détcté^^

Virus cafard & Cie

32 réponses

Votre réponse

Discussions similaires

Newsletters