Fenetre publicitaires intempestives

Résolu
banditpachat Messages postés 54 Date d'inscription   Statut Membre Dernière intervention   -  
banditpachat Messages postés 54 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour,
j'ai un problème sur le pc de mon beau père et je profite du wk pour essayer de le résoudre , il a toujours et a tout moment des fenetres publicitaires intempestives qui s'affichent a l'ecran soit lui disant que son pc est infecte et qu'il doit télécharger un logiciel preci pour le nettoyer , soit des sites pornographiques ou des jeux en ligne. j'ai fait une analyse avec navilog et une avec hijackthis. ci joine je met les deux rapports des analyses et d'avance merci pour votre aide.

1: rapport de navilog

Search Navipromo version 3.6.0 commencé le ven. 04/07/2008 à 18:42:29,10

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "leguy"

Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***

InternetGameBox

*** Recherche dossiers dans "C:\WINDOWS" ***

*** Recherche dossiers dans "C:\Program Files" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\leguy\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\leguy\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\leguy\menudm~1\progra~1" ***

...\InternetGameBox trouvé !
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Fichier(s) caché(s) :

C:\Documents and Settings\leguy\Local Settings\Application Data\wyyamkwe.dat
C:\Documents and Settings\leguy\Local Settings\Application Data\wyyamkwe.exe
C:\Documents and Settings\leguy\Local Settings\Application Data\wyyamkwe_nav.dat
C:\Documents and Settings\leguy\Local Settings\Application Data\wyyamkwe_navps.dat

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\leguy\locals~1\applic~1" *

*** Recherche fichiers ***

C:\WINDOWS\system32\nvs2.inf trouvé !

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

* Dans "C:\Documents and Settings\leguy\locals~1\applic~1" :

dokheyy.dat trouvé !
dokheyy_nav.dat trouvé !
dokheyy_navps.dat trouvé !
wyyamkwe.dat trouvé !
wyyamkwe_nav.dat trouvé !
wyyamkwe_navps.dat trouvé !

3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\DMllmUvw.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\EegggMoq.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\iQBKlnpo.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\NXxENqss.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\OYJmTvut.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\TwENmnpo.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\uuwwvGgh.ini2 trouvé ! infection Vundo possible non traitée par cet outil !

*** Analyse terminée le ven. 04/07/2008 à 18:48:43,82 ***

2 rapport de hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:25, on 4/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\YourPrivacyGuard\mc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Hotbar\bin\10.2.217.0\OEAddOn.exe
C:\Program Files\Hotbar\bin\10.2.217.0\HotbarSA.exe
C:\Program Files\LibreSystem\ucookw.exe
C:\Program Files\Fichiers communs\LibreSystem\strpmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hotbar\bin\10.2.217.0\Weather.exe
C:\WINDOWS\system32\mobsync.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://1-technology.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] E:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\YourPrivacyGuard\mc.exe" dm=http://yourprivacyguard.com ad=http://yourprivacyguard.com sd=http://ilp.yourprivacyguard.com
O4 - HKLM\..\Run: [UGSCRFR] C:\Documents and Settings\leguy\Local Settings\Temporary Internet Files\Content.IE5\VPXRK0IJ\inst_fr[1].exe /s1 /setup
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [{4769dea0-1fe2-d8c9-61d4-f80f81ce7456}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{a7157c4c-f930-7658-5f00-28cd704b6d13}.dll" DllStart
O4 - HKLM\..\Run: [HotbarOE] C:\Program Files\Hotbar\bin\10.2.217.0\OEAddOn.exe
O4 - HKLM\..\Run: [HotbarSA] "C:\Program Files\Hotbar\bin\10.2.217.0\HotbarSA.exe"
O4 - HKLM\..\Run: [LibreSystem] C:\Program Files\LibreSystem\SysRep.exe
O4 - HKLM\..\Run: [cwriter] C:\Program Files\LibreSystem\ucookw.exe
O4 - HKLM\..\Run: [BMN] "C:\Program Files\Fichiers communs\LibreSystem\strpmon.exe" dm=http://ww25.libresystem.com/ ad=http://ww25.libresystem.com/ sd=http://ww25.repay.libresystem.com/
O4 - HKLM\..\Run: [a8dbab3f] rundll32.exe "C:\WINDOWS\system32\nxskyndw.dll",b
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Lyad] E:\\lyad_messenger.exe autostart
O4 - HKCU\..\Run: [Videos] "C:\Program Files\laughnetwork\update.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Hotbar\bin\10.2.217.0\Weather.exe" -auto
O4 - Startup: Bienvenue sur la ville virtuelle de angy21 !.url
O4 - Startup: Registration-PCTV.lnk = C:\Program Files\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://banditpachat.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: tjbkacij.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8071 bytes

encore et d'avance merci de votre aide .
Configuration: Windows XP
Firefox 3.0
internet explorer 7

14 réponses

  1. Max#01 Messages postés 393 Statut Membre 76
     
    Bonjour,

    Avant de poster un rapport hijackthis, merci de télécharger Spybot S&D a cette adresse:
    https://www.01net.com/

    pour vous aider, voici un tuto:
    https://forums.cnetfrance.fr

    Il existe aussi un logiciel nommé CCleaner qui vous permettra de supprimer tout fichier temporaire et cookies de votre ordinateur, parfois responsable des publicités ou autre:
    https://www.01net.com/

    Tuto pour vous aider:
    http://cofofides.heberg-forum.net/ftopic615_ccleaner-tutoriel-en-image.html

    Vous pourrez aussi installer AD-Aware qui supprimera les Trojan, cheval de troie, worms... très utile !!!
    https://www.01net.com/

    Tuto pour l'utiliser:
    http://www.malekal.com/tutorial_Ad-Aware2007.php

    Pour finir, faites évidement une analyse avec votre antivirus, si vous en avez un...

    Une fois avoir fais cela, vous pourrez poster votre rapport hijackthis...
    0
    1. banditpachat Messages postés 54 Date d'inscription   Statut Membre Dernière intervention   3
       
      voila apres nettoyage avec ccleaner , spyboot , ad aware et malwarebyte voici le rapport de hijackthis je n'ai pas encore fait l'etape 2 de navilog , encore merci pour votre aide .

      rapport hijackthis

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:32:24, on 4/07/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
      C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
      E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
      C:\WINDOWS\system32\hphmon05.exe
      C:\Program Files\Ahead\InCD\InCD.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Pinnacle\Shared

      Files\Programs\Scheduler\PCLEScheduler.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

      http://1-technology.com
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

      https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

      = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

      https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

      https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName

      = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up -

      {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

      Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

      - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: adssite - {49fff1da-bd7c-e530-07f6-2f26c5b02461} -

      C:\WINDOWS\system32\nsk10.dll
      O2 - BHO: Spybot-S&D IE Protection -

      {53707962-6F74-2D53-2644-206D7942484F} -

      C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

      C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live -

      {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers

      communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper -

      {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

      files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO -

      {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

      Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O2 - BHO: (no name) - {fc75ca82-d325-46be-92b2-a26d5fe4d574} -

      C:\WINDOWS\system32\temsqt.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

      c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no

      file)
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
      O4 - HKLM\..\Run: [HPHUPD05] E:\Program

      Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.

      exe
      O4 - HKLM\..\Run: [HP Component Manager] "C:\Program

      Files\HP\hpcoretech\hpcmpmgr.exe"
      O4 - HKLM\..\Run: [HP Software Update] "E:\Program

      Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
      O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

      Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [Synchronization Manager]

      %SystemRoot%\system32\mobsync.exe /logon
      O4 - HKLM\..\Run: [UGSCRFR] C:\Documents and Settings\leguy\Local

      Settings\Temporary Internet Files\Content.IE5\VPXRK0IJ\inst_fr[1].exe

      /s1 /setup
      O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI

      Technologies\ATI.ACE\Core-Static\CLIStart.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Lyad] E:\\lyad_messenger.exe autostart
      O4 - HKCU\..\Run: [swg] C:\Program

      Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search

      & Destroy\TeaTimer.exe
      O4 - HKCU\..\RunOnce: [SpybotDeletingB7582] command /c del

      "C:\Documents and Settings\leguy\Application

      Data\WeatherDPA\Weather\WeatherStartup.xml"
      O4 - HKCU\..\RunOnce: [SpybotDeletingD971] cmd /c del "C:\Documents and

      Settings\leguy\Application Data\WeatherDPA\Weather\WeatherStartup.xml"
      O4 - HKCU\..\RunOnce: [SpybotDeletingB6794] command /c del

      "C:\Documents and Settings\leguy\Application

      Data\WeatherDPA\Weather\WeatherDPA\Weather_XML\Version"
      O4 - HKCU\..\RunOnce: [SpybotDeletingD4379] cmd /c del "C:\Documents

      and Settings\leguy\Application

      Data\WeatherDPA\Weather\WeatherDPA\Weather_XML\Version"
      O4 - HKCU\..\RunOnce: [SpybotDeletingB5461] command /c del

      "C:\WINDOWS\system32\enxjepla.dll_old"
      O4 - HKCU\..\RunOnce: [SpybotDeletingD4514] cmd /c del

      "C:\WINDOWS\system32\enxjepla.dll_old"
      O4 - HKCU\..\RunOnce: [SpybotDeletingB9370] command /c del

      "C:\WINDOWS\system32\goulwwdb.dll_old"
      O4 - HKCU\..\RunOnce: [SpybotDeletingD2190] cmd /c del

      "C:\WINDOWS\system32\goulwwdb.dll_old"
      O4 - HKCU\..\RunOnce: [SpybotDeletingB4186] command /c del

      "C:\WINDOWS\system32\lkmyuxhe.dll_old"
      O4 - HKCU\..\RunOnce: [SpybotDeletingD5609] cmd /c del

      "C:\WINDOWS\system32\lkmyuxhe.dll_old"
      O4 - Startup: Bienvenue sur la ville virtuelle de angy21 !.url
      O4 - Startup: Registration-PCTV.lnk = C:\Program

      Files\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe
      O4 - Global Startup: Pinnacle Scheduler.lnk = ?
      O8 - Extra context menu item: E&xporter vers Microsoft Excel -

      res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

      C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) -

      {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

      Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Ajout Direct -

      {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

      Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer -

      {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

      Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

      C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

      (no file)
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

      C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

      {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

      C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

      C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

      {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

      Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

      C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger -

      {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

      Files\Messenger\msmsgs.exe
      O15 - Trusted Zone: http://asia.msi.com.tw
      O15 - Trusted Zone: http://global.msi.com.tw
      O15 - Trusted Zone: http://www.msi.com.tw
      O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo

      Upload Control) -

      http://banditpachat.spaces.live.com/PhotoUpload/MsnPUpld.cab
      O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) -

      http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

      Object) -

      http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O20 - AppInit_DLLs: tjbkacij.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft -

      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

      C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

      Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program

      Files\Ahead\InCD\InCDsrv.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      0
  2. gil le fantom Messages postés 2809 Statut Membre 25
     
    bonsoir

    pas de pare feu,ni d'antivirus ,donc trés infecté

    as tu fais l'option 2 sur navilog
    et poste le rapport

    poste le rapport de malwarebytes

    tu télécharge ComboFix :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    tuto https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    tu l'enregistre sur le bureau.

    Avant d'utiliser ComboFix :

    tu déconnecte internet et referme les fenêtres de tous les programmes en cours.

    tu désactive provisoirement la protection en temps réel de ton Antivirus et de tes Antispywares.

    sur ton bureau tu double-clic sur Combofix.exe.

    tu répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    Pendant la durée de cette étape,tu ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    tu réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    tu reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt .
    0
  3. banditpachat Messages postés 54 Date d'inscription   Statut Membre Dernière intervention   3
     
    oui c'est vrais gil mais c'est le pc de mon beau père et il est très obstiné lol , son fils lui a dit que ça ne servais a rien et depuis il ne veut pas en mettre mais je crois que je vais installer avast comme j'ai sur le mien je fait tout ce que tu m'a dit et je te reposte les log des que j'ai fini et encore d'avance merci
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. gil le fantom Messages postés 2809 Statut Membre 25
     
    tu fais ce que tu veut pour le choix d'un antivirus
    personnellement ,je te conseil antivir
    https://forum.malekal.com/viewtopic.php?f=45&t=11659

    l'importance d'un parefeu
    https://forum.malekal.com/viewtopic.php?f=45&t=7601
    0
    1. banditpachat Messages postés 54 Date d'inscription   Statut Membre Dernière intervention   3
       
      alors voila j'ai fini et je te reposte les deux log tel que tu me l'a demander


      1 analyse navilog après la méthode 2

      Clean Navipromo version 3.6.0 commencé le ven. 04/07/2008 à 23:11:14,57

      Outil exécuté depuis C:\Program Files\navilog1
      Session actuelle : "leguy"

      Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO


      Microsoft Windows XP [version 5.1.2600]
      Internet Explorer : 7.0.5730.11
      Système de fichiers : NTFS

      Mode suppression automatique
      avec prise en charge résultats Catchme et GNS


      Nettoyage exécuté au redémarrage de l'ordinateur

      *** Creation backups fichiers trouvés par Catchme ***

      Copie vers "C:\Program Files\navilog1\Backupnavi"

      Copie C:\Documents and Settings\leguy\Local Settings\Application Data\wyyamkwe.dat réalisée avec succès !
      Copie C:\Documents and Settings\leguy\Local Settings\Application Data\wyyamkwe.exe réalisée avec succès !
      Copie C:\Documents and Settings\leguy\Local Settings\Application Data\wyyamkwe_nav.dat réalisée avec succès !
      Copie C:\Documents and Settings\leguy\Local Settings\Application Data\wyyamkwe_navps.dat réalisée avec succès !

      *** Suppression des fichiers trouvés avec Catchme ***

      C:\Documents and Settings\leguy\Local Settings\Application Data\wyyamkwe.dat supprimé !
      C:\Documents and Settings\leguy\Local Settings\Application Data\wyyamkwe.exe supprimé !
      C:\Documents and Settings\leguy\Local Settings\Application Data\wyyamkwe_nav.dat supprimé !
      C:\Documents and Settings\leguy\Local Settings\Application Data\wyyamkwe_navps.dat supprimé !

      ** 2ème passage avec résultats Catchme **

      * Dans "C:\WINDOWS\system32" *


      C:\WINDOWS\prefetch\wyyamkwe*.pf trouvé !
      Copie C:\WINDOWS\prefetch\wyyamkwe*.pf réalisée avec succès !
      C:\WINDOWS\prefetch\wyyamkwe*.pf supprimé !

      * Dans "C:\Documents and Settings\leguy\locals~1\applic~1" *


      *** Suppression avec sauvegardes résultats GenericNaviSearch ***

      * Suppression dans "C:\WINDOWS\System32" *


      * Suppression dans "C:\Documents and Settings\leguy\locals~1\applic~1" *



      *** Suppression dossiers dans "C:\WINDOWS" ***


      *** Suppression dossiers dans "C:\Program Files" ***


      *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


      *** Suppression dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***


      *** Suppression dossiers dans "C:\Documents and Settings\leguy\applic~1" ***


      *** Suppression dossiers dans "C:\Documents and Settings\leguy\locals~1\applic~1" ***


      *** Suppression dossiers dans "C:\Documents and Settings\leguy\menudm~1\progra~1" ***

      ...\InternetGamebox ...suppression...
      ...\InternetGamebox supprimé !



      *** Suppression fichiers ***


      *** Suppression fichiers temporaires ***

      Nettoyage contenu C:\WINDOWS\Temp effectué !
      Nettoyage contenu C:\Documents and Settings\leguy\locals~1\Temp effectué !

      *** Traitement Recherche complémentaire ***
      (Recherche fichiers spécifiques)

      1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

      2)Recherche, création sauvegardes et suppression Heuristique :


      * Dans "C:\WINDOWS\system32" *


      * Dans "C:\Documents and Settings\leguy\locals~1\applic~1" *

      dokheyy.dat trouvé !
      Copie dokheyy.dat réalisée avec succès !
      dokheyy.dat supprimé !

      dokheyy_nav.dat trouvé !
      Copie dokheyy_nav.dat réalisée avec succès !
      dokheyy_nav.dat supprimé !

      dokheyy_navps.dat trouvé !
      Copie dokheyy_navps.dat réalisée avec succès !
      dokheyy_navps.dat supprimé !


      *** Sauvegarde du Registre vers dossier Safebackup ***

      sauvegarde du Registre réalisée avec succès !

      *** Nettoyage Registre ***

      Nettoyage Registre Ok


      *** Certificats ***

      Certificat Egroup supprimé !
      Certificat Electronic-Group supprimé !
      Certificat OOO-Favorit supprimé !
      Certificat Sunny-Day-Design-Ltdt absent !

      *** Nettoyage terminé le ven. 04/07/2008 à 23:17:56,10 ***


      2 rapport comdofix



      ComboFix 08-07-04.1 - leguy 2008-07-04 23:35:36.1 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1120 [GMT 2:00]
      Endroit: C:\Documents and Settings\leguy\Bureau\ComboFix.exe
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\All Users\Application Data\HotbarSA
      C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA.dat
      C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_kyf.dat
      C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAAbout.mht
      C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAau.dat
      C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAEula.mht
      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hotbar
      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hotbar\About Hotbar.lnk
      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hotbar\Hotbar Customer Support Center.lnk
      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hotbar\Reset Cursor.lnk
      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hotbar\Uninstall Hotbar.lnk
      C:\Documents and Settings\leguy\Application Data\Hotbar
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\1.sdf
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\1384133.sdf
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\2248162.sdf
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\227890.sdf
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\3251993.sdf
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\3442551.sdf
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\3783087.sdf
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\3893245.sdf
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\499863.sdf
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\600583.sdf
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\886762.sdf
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\domains.txt
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000037503
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000066777
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000068397
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\10587
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1085
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\118207
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\11891
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\12457
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\12658
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13546
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13562
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1491
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\17040
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\198406
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20570
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\23923
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25803
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26030
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26664
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27414
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27503
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27505
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29135
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29547
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\30438
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32171
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34123
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34237
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\39228
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\40712
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41364
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4142
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41588
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\427075
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\43120
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\43979
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44228
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44293
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44458
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4500
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\52335
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\54473
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\561509
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\585345
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\592018
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\59234
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\59926
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6292
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64703
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\649401
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6558
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\65770
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\66836
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\67220
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\68040
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\73585
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\738022
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\738380
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\74398
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\744775
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\745571
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\7521
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753250
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753300
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753335
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753340
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\79257
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\80689
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\82292
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\83216
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\8732
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\91843
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\93899
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\94230
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\97524
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\97741
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat\36da.dat
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\ads.cdf
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\avatar.res
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\btntrans.idx
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\btntrans1.dat
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\business_promo.htm
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\buttondir.txt
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\components.cdf
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\cursors.res
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_1000.res
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_2000.res
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_3000.res
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bar.res
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar1.res
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_logos.res
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_other.res
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_weather.res
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\default.cdf
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_511745-514279.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz1.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz10.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz11.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz12.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz13.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz14.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz15.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz16.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz17.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz18.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz19.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz2.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz20.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz3.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz4.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz5.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz6.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz7.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz8.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz9.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_categorize.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_comparison.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_explorer-Mails.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_explorer-people.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_favorites.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Games.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hide.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hotbarcom.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hotmail.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hsskin.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_jemster.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_jemsterie.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_jemsteruk.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_jobsearch.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Mails.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_new.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_premium.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_reun.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_ringtones.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_SearchBoxTrapper.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchfor.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchgo.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_weather.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_yellowpages.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\editblbuttons.res
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\email-def-511724-548964.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\email-def-511724-9595.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\email-t1-bg.res
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\gamesmenu.cdf
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\gamesMenu.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\hb_ie_menu.res
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium-hotbar-premium.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium.cdf
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar_promo.htm
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\icons2.res
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\ie_games_icon.res
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\ie_video.res
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords.idx
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords1.dat
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\layout.cdf
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\linkpathlegal.txt
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\more.res
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\new_games.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\progress.res
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\s_icons_buttons.res
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\sales_buttons.res
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\sdfmodifier.xml
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\t2_bg.res
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\theweb.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\top7.cdf
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\Top7_theweb.mnu
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\tsd_bg.res
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\1\weathericon.res
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ads.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\avatar.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\BtnTrans.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\BtnTrans1.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\business_promo.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\buttondir.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\cursors.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_1000.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_2000.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_3000.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bar.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_logos.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_other.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_weather.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\default.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\editblbuttons.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\email-t1-bg.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\gamesmenu.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hb_ie_menu.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar-premium.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar_promo.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\icons2.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ie_games_icon.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ie_video.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords1.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\layout.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\linkpathlegal.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\more.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\progress.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\s_icons_buttons.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\sales_buttons.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.txt
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\sdfmodifier.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\t2_bg.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\top7.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\tsd_bg.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\weathericon.xip
      C:\Documents and Settings\leguy\Application Data\Hotbar_Icons
      C:\Documents and Settings\leguy\Application Data\Hotbar_Icons\Registryrepair.ico
      C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll
      C:\WINDOWS\BMabe898a3.txt
      C:\WINDOWS\system32\ahajsxfw.dll
      C:\WINDOWS\system32\atclhc.dll
      C:\WINDOWS\system32\auvtldoy.ini
      C:\WINDOWS\system32\ckikkeht.ini
      C:\WINDOWS\system32\dcgautct.ini
      C:\WINDOWS\system32\DMllmUvw.ini
      C:\WINDOWS\system32\DMllmUvw.ini2
      C:\WINDOWS\system32\dxqyjljf.ini
      C:\WINDOWS\system32\enmmnqmc.ini
      C:\WINDOWS\system32\eslbeqxk.dll
      C:\WINDOWS\system32\fehfgvwg.dll
      C:\WINDOWS\system32\fnhxeasc.ini
      C:\WINDOWS\system32\fwfsbktj.dll
      C:\WINDOWS\system32\gnpnlnri.dll
      C:\WINDOWS\system32\gzmrt.dll
      C:\WINDOWS\system32\hobanpkt.ini
      C:\WINDOWS\system32\hqesngbi.ini
      C:\WINDOWS\system32\hxhbhnlv.dll
      C:\WINDOWS\system32\iecnnubd.ini
      C:\WINDOWS\system32\ixumeqnm.dll
      C:\WINDOWS\system32\jgckaknv.ini
      C:\WINDOWS\system32\kfriygco.dll
      C:\WINDOWS\system32\kniobfgj.dll
      C:\WINDOWS\system32\kysutnjh.dll
      C:\WINDOWS\system32\lqmkverm.dll
      C:\WINDOWS\system32\mcrh.tmp
      C:\WINDOWS\system32\mikdqimy.ini
      C:\WINDOWS\system32\nhwnuqdp.ini
      C:\WINDOWS\system32\nsk10.dll
      C:\WINDOWS\system32\nuvoddlk.dll
      C:\WINDOWS\system32\oanytflw.ini
      C:\WINDOWS\system32\ogcvarop.ini
      C:\WINDOWS\system32\OqYcdccf.ini
      C:\WINDOWS\system32\qngedekv.dll
      C:\WINDOWS\system32\sdaqpfrq.dll
      C:\WINDOWS\system32\temsqt.dll
      C:\WINDOWS\system32\tjbkacij.dll
      C:\WINDOWS\system32\tpfqqnhn.dll
      C:\WINDOWS\system32\tqixjmao.ini
      C:\WINDOWS\system32\womgdwxf.dll
      E:\Autorun.inf

      .
      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-04 to 2008-07-04 ))))))))))))))))))))))))))))))))))))
      .

      2008-07-04 23:31 . 2008-07-04 23:31 <REP> d-------- C:\Program Files\Alwil Software
      2008-07-04 21:12 . 2008-07-04 21:12 <REP> d-------- C:\Program Files\Yahoo!
      2008-07-04 21:12 . 2008-07-04 21:12 <REP> d-------- C:\Program Files\CCleaner
      2008-07-04 21:06 . 2008-07-04 21:06 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-07-04 21:06 . 2008-07-04 21:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-07-04 19:20 . 2008-07-04 19:20 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-07-04 19:20 . 2008-07-04 19:20 <REP> d-------- C:\Documents and Settings\leguy\Application Data\Malwarebytes
      2008-07-04 19:20 . 2008-07-04 19:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-07-04 19:20 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
      2008-07-04 19:20 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-07-04 18:43 . 2008-07-04 18:43 <REP> d-------- C:\Program Files\Trend Micro
      2008-07-04 18:39 . 2008-07-04 18:39 69,120 --a------ C:\WINDOWS\system32\ckwsqeow.dll
      2008-07-04 18:38 . 2008-07-04 23:17 <REP> d-------- C:\Program Files\Navilog1
      2008-06-18 20:18 . 2008-06-18 20:18 101,712 --------- C:\WINDOWS\system32\ltkvwoam.dll_old
      2008-06-18 20:16 . 2008-06-18 20:16 268 --ah----- C:\sqmdata04.sqm
      2008-06-18 20:16 . 2008-06-18 20:16 244 --ah----- C:\sqmnoopt04.sqm
      2008-06-18 20:16 . 2008-06-18 20:16 136 --ah----- C:\sqmnoopt05.sqm
      2008-06-18 20:16 . 2008-06-18 20:16 136 --ah----- C:\sqmdata06.sqm
      2008-06-18 20:16 . 2008-06-18 20:16 136 --ah----- C:\sqmdata05.sqm
      2008-06-12 17:18 . 2008-06-12 17:18 311 --a------ C:\WINDOWS\system32\netwbix32.dll
      2008-06-12 11:15 . 2008-06-12 11:15 101,616 --------- C:\WINDOWS\system32\gayhavwm.dll_old
      2008-06-12 11:07 . 2008-06-12 11:07 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
      2008-06-12 11:07 . 2008-06-12 11:07 <REP> dr------- C:\Documents and Settings\All Users\Application Data\libresystem
      2008-06-12 11:07 . 2004-10-07 14:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
      2008-06-12 11:05 . 2008-06-12 11:46 263,192 --a------ C:\Documents and Settings\leguy\Application Data\setup_fr[1].exe
      2008-06-09 09:02 . 2008-06-09 10:40 347 --ahs---- C:\WINDOWS\system32\KQAaaGgh.ini
      2008-06-05 07:01 . 2008-06-10 09:07 347 --ahs---- C:\WINDOWS\system32\YxbaKkkj.ini

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-07-04 20:11 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
      2008-06-25 09:41 --------- d-----w C:\Documents and Settings\leguy\Application Data\LimeWire
      2008-06-25 09:30 --------- d-----w C:\Program Files\LimeWire
      2008-06-13 06:05 488 ----a-w C:\Program Files\Raccourci vers LibreSystem.lnk
      2008-06-03 12:50 --------- d-----w C:\Program Files\Notepad++
      2008-05-21 11:13 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
      2008-05-21 11:13 --------- d-----w C:\Documents and Settings\leguy\Application Data\DAEMON Tools
      2008-05-20 09:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-05-20 09:40 --------- d-----w C:\Program Files\Monte Cristo
      2008-05-20 09:36 --------- d-----w C:\Program Files\Setup Files
      2008-05-20 09:17 --------- d-----w C:\Program Files\MSI
      2008-05-14 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
      2008-05-13 12:34 --------- d-----w C:\Documents and Settings\leguy\Application Data\Ahead
      2008-05-13 12:12 --------- d-----w C:\Documents and Settings\leguy\Application Data\Image Zone Express
      2007-12-21 15:18 259,616 -c--a-w C:\Documents and Settings\leguy\Application Data\installer_en[1].exe
      2007-12-04 07:00 198,680 -c--a-w C:\Documents and Settings\leguy\Application Data\installer_fr[1].exe
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-07 11:41 68856]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2006-01-07 06:26 176128]
      "HPHUPD05"="E:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2006-01-07 06:26 49152]
      "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
      "HP Software Update"="E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 15:41 49152]
      "HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2006-01-07 06:26 491520]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
      "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-03-24 12:41 1294446]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
      "SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
      "RTHDCPL"="RTHDCPL.EXE" [2007-01-30 12:54 16116224 C:\WINDOWS\RTHDCPL.exe]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=tjbkacij.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "VIDC.PIM1"= PCLEPIM1.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusDisableNotify"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\Azureus\\Azureus.exe"=
      "C:\\Program Files\\LimeWire\\LimeWire.exe"=
      "G:\\eMule\\eMule.exe"=
      "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "C:\\Program Files\\Pinnacle\\Pinnacle PCTV\\TeleText\\WebServer.exe"=

      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
      R3 CCCP106;CIF USB Camera (2110A);C:\WINDOWS\system32\DRIVERS\cccp106.sys [2003-04-28 08:08]
      R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 20:52]
      R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
      R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ee5d9b6-2727-11dd-8bf7-0006f40cd4d4}]
      \Shell\AutoRun\command - H:\autorun.exe

      *Newly Created Service* - AAVMKER4
      *Newly Created Service* - ASWFSBLK
      *Newly Created Service* - ASWMON2
      *Newly Created Service* - ASWRDR
      *Newly Created Service* - ASWSP
      *Newly Created Service* - ASWTDI
      *Newly Created Service* - ASWUPDSV
      *Newly Created Service* - AVAST!_ANTIVIRUS
      *Newly Created Service* - AVAST!_MAIL_SCANNER
      *Newly Created Service* - AVAST!_WEB_SCANNER

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
      msiexec /fums {A75BF1D0-C7C3-CB55-EE17-3225387FD154} /qb
      .
      Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
      "2008-07-04 19:17:08 C:\WINDOWS\Tasks\HP Usg Daily.job"
      - E:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
      .
      - - - - ORPHANS REMOVED - - - -

      BHO-{49fff1da-bd7c-e530-07f6-2f26c5b02461} - C:\WINDOWS\system32\nsk10.dll
      BHO-{fc75ca82-d325-46be-92b2-a26d5fe4d574} - C:\WINDOWS\system32\temsqt.dll
      Toolbar-{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
      HKCU-Run-StartCCC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
      HKCU-Run-Lyad - E:\\lyad_messenger.exe
      HKLM-Run-UGSCRFR - C:\Documents and Settings\leguy\Local Settings\Temporary Internet Files\Content.IE5\VPXRK0IJ\inst_fr[1].exe


      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-07-04 23:39:58
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...


      C:\DOCUME~1\leguy\LOCALS~1\Temp\Button_CheckedOver.bmp

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 1

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\WINDOWS\system32\ati2evxx.exe
      C:\Program Files\Ahead\InCD\incdsrv.exe
      C:\WINDOWS\system32\ati2evxx.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
      C:\WINDOWS\system32\verclsid.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-07-04 23:44:53 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-07-04 21:44:49

      Pre-Run: 20,289,097,728 octets libres
      Post-Run: 20,180,025,344 octets libres

      436 --- E O F --- 2008-05-28 06:08:27


      pour l'instant j'ai installer avast mais je vais regarder celui que tu me propose car je ne connais pas et encore merci de ton aide ..
      0
  6. banditpachat Messages postés 54 Date d'inscription   Statut Membre Dernière intervention   3
     
    salut gil apres lecture du tuto que tu m'a envoyer j'ai quand meme opte pour une instalation de antivir :) pour peut'etre t'aider je te poste le log de l'analyse que je vient de faire .

    analyse antivir

    Avira AntiVir Personal
    Report file date: samedi 5 juillet 2008 00:15

    Scanning for 1378724 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: AMD3200

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 22:13:40
    ANTIVIR2.VDF : 7.0.5.51 273408 Bytes 04/07/2008 22:13:42
    ANTIVIR3.VDF : 7.0.5.52 2048 Bytes 04/07/2008 22:13:42
    Engineversion : 8.1.0.64
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.46 283002 Bytes 04/07/2008 22:13:54
    AESCN.DLL : 8.1.0.22 119157 Bytes 04/07/2008 22:13:53
    AERDL.DLL : 8.1.0.20 418165 Bytes 04/07/2008 22:13:52
    AEPACK.DLL : 8.1.1.6 364918 Bytes 04/07/2008 22:13:51
    AEOFFICE.DLL : 8.1.0.20 192891 Bytes 04/07/2008 22:13:50
    AEHEUR.DLL : 8.1.0.35 1298806 Bytes 04/07/2008 22:13:49
    AEHELP.DLL : 8.1.0.15 115063 Bytes 04/07/2008 22:13:47
    AEGEN.DLL : 8.1.0.29 307573 Bytes 04/07/2008 22:13:46
    AEEMU.DLL : 8.1.0.6 430451 Bytes 04/07/2008 22:13:45
    AECORE.DLL : 8.1.0.32 168311 Bytes 04/07/2008 22:13:44
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, E:, F:, G:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: samedi 5 juillet 2008 00:15

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'PCLEScheduler.exe' - '1' Module(s) have been scanned
    Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'InCD.exe' - '1' Module(s) have been scanned
    Scan process 'hphmon05.exe' - '1' Module(s) have been scanned
    Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
    Scan process 'hpcmpmgr.exe' - '1' Module(s) have been scanned
    Scan process 'hpztsb09.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'incdsrv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    37 processes with 37 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'E:\'
    [INFO] No virus was found!
    Boot sector 'F:\'
    [INFO] No virus was found!
    Boot sector 'G:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '29' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Program Files\Navilog1\Backupnavi\wyyamkwe.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was moved to '48e7a59a.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\gnpnlnri.dll.vir
    [DETECTION] Is the Trojan horse TR/Proxy.Agent.anu
    [NOTE] The file was moved to '48dea5e9.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\ixumeqnm.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '48e3a5f8.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\kniobfgj.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '48d7a5f2.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\nsk10.dll.vir
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    [NOTE] The file was moved to '48d9a5fb.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\tpfqqnhn.dll.vir
    [DETECTION] Is the Trojan horse TR/Proxy.Agent.anu
    [NOTE] The file was moved to '48d4a601.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP201\A0048448.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
    [NOTE] The file was moved to '489ea5d1.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP211\A0052887.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
    [NOTE] The file was moved to '489ea5e1.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP220\A0054674.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was moved to '489ea609.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP222\A0054762.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was moved to '489ea60e.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP223\A0054786.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was moved to '489ea60f.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP224\A0054815.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was moved to '489ea610.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP224\A0054816.dll
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    [NOTE] The file was moved to '4d86e811.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP225\A0054824.dll
    [DETECTION] Is the Trojan horse TR/BHO.bvt
    [NOTE] The file was moved to '489ea611.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP226\A0054837.dll
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    [NOTE] The file was moved to '489ea613.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP227\A0054843.dll
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    [NOTE] The file was moved to '489ea614.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP227\A0054892.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was moved to '489ea616.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP227\A0054928.dll
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    [NOTE] The file was moved to '489ea617.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP228\A0054949.dll
    [DETECTION] Is the Trojan horse TR/BHO.bwl
    [NOTE] The file was moved to '489ea618.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP230\A0055056.dll
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    [NOTE] The file was moved to '489ea620.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP230\A0055064.dll
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    [NOTE] The file was moved to '4d86e821.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP237\A0056444.dll
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    [NOTE] The file was moved to '489ea631.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP238\A0056460.dll
    [DETECTION] Is the Trojan horse TR/BHO.CCH.1
    [NOTE] The file was moved to '489ea632.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP239\A0056477.dll
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    [NOTE] The file was moved to '489ea633.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP240\A0056568.dll
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    [NOTE] The file was moved to '489ea637.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP241\A0056585.dll
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    [NOTE] The file was moved to '489ea638.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP242\A0056614.dll
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    [NOTE] The file was moved to '489ea639.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP242\A0056619.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '489ea63a.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP243\A0056729.dll
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    [NOTE] The file was moved to '489ea640.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP243\A0056741.dll
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    [NOTE] The file was moved to '4d86e841.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP244\A0056745.dll
    [DETECTION] Is the Trojan horse TR/Vundo.ERN
    [NOTE] The file was moved to '489ea642.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP244\A0056778.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '489ea643.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP244\A0056787.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was moved to '489ea644.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP244\A0056788.dll
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    [NOTE] The file was moved to '4d86e845.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP245\A0056792.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '489ea646.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP245\A0056810.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '4d86e847.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP245\A0056811.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '489ea647.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP245\A0056812.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '4d86e848.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP245\A0056828.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '489ea648.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP245\A0056837.dll
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    [NOTE] The file was moved to '489ea649.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP246\A0057828.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '489ea66d.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP246\A0057829.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '4d86e86e.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP246\A0057830.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '489ea66e.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP248\A0058892.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '489ea672.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP248\A0060010.dll
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    [NOTE] The file was moved to '489ea67b.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP248\A0060031.dll
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    [NOTE] The file was moved to '489ea67d.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP248\A0060033.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '4d86e87e.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP248\A0060055.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '489ea67e.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP248\A0060063.dll
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    [NOTE] The file was moved to '489ea680.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP248\A0060065.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '4d86e881.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP248\A0060073.dll
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    [NOTE] The file was moved to '489ea681.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP249\A0061065.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '489ea684.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063139.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '489ea68b.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063147.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '489ea68c.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063158.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '4d86e88d.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063160.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '489ea68e.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063166.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '489ea68d.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063168.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '4d86e88e.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063170.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '4d86e88f.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063172.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '489ea690.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063174.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '4d86e891.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063176.dll
    [DETECTION] Is the Trojan horse TR/Killav.28714
    [NOTE] The file was moved to '489ea68f.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063178.dll
    [DETECTION] Is the Trojan horse TR/Killav.28714
    [NOTE] The file was moved to '4d86e890.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063180.dll
    [DETECTION] Is the Trojan horse TR/Killav.28714
    [NOTE] The file was moved to '489ea691.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063182.dll
    [DETECTION] Is the Trojan horse TR/Killav.28714
    [NOTE] The file was moved to '489ea692.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063184.dll
    [DETECTION] Is the Trojan horse TR/Killav.28714
    [NOTE] The file was moved to '4d86e893.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063186.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '489ea694.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063188.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '4d86e892.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063193.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '489ea693.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063194.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '4d86e894.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063196.exe
    [DETECTION] Is the Trojan horse TR/Killav.28714
    [NOTE] The file was moved to '4d86e895.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063197.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '489ea696.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063198.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '4d86e897.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063199.dll
    [DETECTION] Is the Trojan horse TR/Drop.Softomat.AN
    [NOTE] The file was moved to '489ea695.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063200.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '4d86e896.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063201.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '489ea698.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063202.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '4d86e899.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063203.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '489ea69a.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063204.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '489ea697.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063205.exe
    [DETECTION] Is the Trojan horse TR/Drop.Softomat.AN
    [NOTE] The file was moved to '4d86e898.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063206.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '489ea699.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063207.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '4d86e89b.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063210.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '489ea69c.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063211.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '4d86e89d.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063212.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '4d86e89a.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063213.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '489ea69b.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063214.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '489ea69e.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063215.dll
    [DETECTION] Is the Trojan horse TR/Killav.28714
    [NOTE] The file was moved to '4d86e89f.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063216.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '489ea6a0.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063217.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '4d86e89c.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063219.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '489ea69d.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063220.exe
    [DETECTION] Is the Trojan horse TR/Drop.Softomat.AN
    [NOTE] The file was moved to '4d86e89e.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063221.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '4d86e8a1.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063222.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '489ea69f.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063223.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '4d86e8a0.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063224.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '489ea6a1.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063226.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '4d86e8a2.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063227.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '489ea6a2.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063228.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '4d86e8a3.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063229.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '489ea6a4.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063231.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '489ea6a3.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063233.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '4d86e8a4.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063234.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '4d86e8a5.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063235.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '489ea6a6.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063236.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '4d86e8a7.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063245.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '489ea6a5.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063246.dll
    [DETECTION] Is the Trojan horse TR/Drop.Softomat.AN
    [NOTE] The file was moved to '4d86e8a6.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063247.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '489ea6a7.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063248.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '489ea6a8.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063250.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '4d86e8a9.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063308.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '489ea6aa.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063309.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '4d86e8a8.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063310.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '489ea6a9.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063311.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '4d86e8aa.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063314.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '4d86e8ab.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063316.dll
    [DETECTION] Is the Trojan horse TR/Agent.rwi
    [NOTE] The file was moved to '489ea6ac.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063317.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '489ea6ab.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063318.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '4d86e8ac.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063319.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '489ea6ad.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063320.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '4d86e8ae.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063323.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '4d86e8ad.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063325.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '489ea6ae.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063326.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '489ea6af.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063327.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '4d86e8b0.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063328.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '489ea6b1.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063329.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '4d86e8af.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063332.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '489ea6b0.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063333.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '4d86e8b1.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063334.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '4d86e8b2.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP254\A0063377.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was moved to '489ea6b3.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP255\A0063396.dll
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    [NOTE] The file was moved to '4d86e8b4.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP255\A0063402.dll
    [DETECTION] Is the Trojan horse TR/Proxy.Agent.anu
    [NOTE] The file was moved to '489ea6b5.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP255\A0063404.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '4d86e8b6.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP255\A0063406.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '489ea6b2.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP255\A0063414.dll
    [DETECTION] Is the Trojan horse TR/Proxy.Agent.anu
    [NOTE] The file was moved to '4d86e8b3.qua'!
    C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP256\A0064589.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was moved to '489ea6b8.qua'!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'E:\' <78G 1>
    E:\jeux zilom\Zylom Jewel Quest Deluxe.Incl.patch-HARPOON.zip
    [0] Archive type: ZIP
    --> JewelQuest.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
    [NOTE] The file was moved to '48daa9e3.qua'!
    Begin scan in 'F:\' <80G 2>
    F:\InternetGameBox\InternetGameBox.exe
    [DETECTION] Is the Trojan horse TR/Dldr.NaviPro.A
    [NOTE] The file was moved to '48e2aa06.qua'!
    F:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP256\A0064590.exe
    [DETECTION] Is the Trojan horse TR/Dldr.NaviPro.A
    [NOTE] The file was moved to '489eaa40.qua'!
    Begin scan in 'G:\' <80G 3>
    G:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP251\A0062139.exe
    [0] Archive type: RAR SFX (self extracting)
    --> peerbox_p2p_affiliate_rar.exe
    [DETECTION] Is the Trojan horse TR/Clicker.HB
    --> peerbox_p2p_affiliate_exe.exe
    [DETECTION] Is the Trojan horse TR/Clicker.HB
    --> peerbox_p2p_affiliate_zip.exe
    [DETECTION] Is the Trojan horse TR/Clicker.HB
    [NOTE] The file was moved to '489eac32.qua'!

    End of the scan: samedi 5 juillet 2008 01:02
    Used time: 47:21 min

    The scan has been done completely.

    5724 Scanning directories
    210512 Files were scanned
    142 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    140 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    210370 Files not concerned
    1728 Archives were scanned
    3 Warnings
    140 Notes
    0
  7. gil le fantom Messages postés 2809 Statut Membre 25
     
    bonjour

    supprime ce fichier
    C:\Program Files\Navilog1\Backupnavi\

    installe ccleaner
    http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner
    tu fais nettoyer et tu corrige les erreurs

    tu vide ta quarantaine de ton antivirus

    tu purge la restauration
    https://www.informatruc.com

    pour vérifier si tout va bien

    tu me refais un combofix ,un scan antivir

    et en dernier tu me met un nouveau hijackthis stp

    a plus tard
    0
    1. banditpachat Messages postés 54 Date d'inscription   Statut Membre Dernière intervention   3
       
      OK je fait ça de suite encore merci gil
      0
  8. banditpachat Messages postés 54 Date d'inscription   Statut Membre Dernière intervention   3
     
    voici déjà le rapport de combofix ,antivir est occupe a faire son analyse

    ComboFix 08-07-04.1 - leguy 2008-07-05 15:56:08.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1001 [GMT 2:00]
    Endroit: C:\Documents and Settings\leguy\Bureau\nettoyage pc\ComboFix.exe

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\netwbix32.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-06-05 to 2008-07-05 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-05 00:11 . 2008-07-05 00:11 <REP> d-------- C:\Program Files\Avira
    2008-07-05 00:11 . 2008-07-05 00:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-07-04 23:31 . 2008-07-04 23:31 <REP> d-------- C:\Program Files\Alwil Software
    2008-07-04 21:12 . 2008-07-04 21:12 <REP> d-------- C:\Program Files\Yahoo!
    2008-07-04 21:12 . 2008-07-05 15:48 <REP> d-------- C:\Program Files\CCleaner
    2008-07-04 21:06 . 2008-07-04 21:06 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-07-04 21:06 . 2008-07-05 15:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-07-04 19:20 . 2008-07-04 19:20 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-04 19:20 . 2008-07-04 19:20 <REP> d-------- C:\Documents and Settings\leguy\Application Data\Malwarebytes
    2008-07-04 19:20 . 2008-07-04 19:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-04 19:20 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-07-04 19:20 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-07-04 18:43 . 2008-07-04 18:43 <REP> d-------- C:\Program Files\Trend Micro
    2008-07-04 18:39 . 2008-07-04 18:39 69,120 --a------ C:\WINDOWS\system32\ckwsqeow.dll
    2008-07-04 18:38 . 2008-07-05 15:45 <REP> d-------- C:\Program Files\Navilog1
    2008-06-18 20:18 . 2008-06-18 20:18 101,712 --------- C:\WINDOWS\system32\ltkvwoam.dll_old
    2008-06-18 20:16 . 2008-06-18 20:16 268 --ah----- C:\sqmdata04.sqm
    2008-06-18 20:16 . 2008-06-18 20:16 244 --ah----- C:\sqmnoopt04.sqm
    2008-06-18 20:16 . 2008-06-18 20:16 136 --ah----- C:\sqmnoopt05.sqm
    2008-06-18 20:16 . 2008-06-18 20:16 136 --ah----- C:\sqmdata06.sqm
    2008-06-18 20:16 . 2008-06-18 20:16 136 --ah----- C:\sqmdata05.sqm
    2008-06-12 11:15 . 2008-06-12 11:15 101,616 --------- C:\WINDOWS\system32\gayhavwm.dll_old
    2008-06-12 11:07 . 2008-06-12 11:07 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
    2008-06-12 11:07 . 2008-06-12 11:07 <REP> dr------- C:\Documents and Settings\All Users\Application Data\libresystem
    2008-06-12 11:07 . 2004-10-07 14:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
    2008-06-12 11:05 . 2008-06-12 11:46 263,192 --a------ C:\Documents and Settings\leguy\Application Data\setup_fr[1].exe
    2008-06-09 09:02 . 2008-06-09 10:40 347 --ahs---- C:\WINDOWS\system32\KQAaaGgh.ini
    2008-06-05 07:01 . 2008-06-10 09:07 347 --ahs---- C:\WINDOWS\system32\YxbaKkkj.ini

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-04 20:11 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-06-25 09:41 --------- d-----w C:\Documents and Settings\leguy\Application Data\LimeWire
    2008-06-25 09:30 --------- d-----w C:\Program Files\LimeWire
    2008-06-13 06:05 488 ----a-w C:\Program Files\Raccourci vers LibreSystem.lnk
    2008-06-03 12:50 --------- d-----w C:\Program Files\Notepad++
    2008-05-21 11:13 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-05-21 11:13 --------- d-----w C:\Documents and Settings\leguy\Application Data\DAEMON Tools
    2008-05-20 09:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-20 09:40 --------- d-----w C:\Program Files\Monte Cristo
    2008-05-20 09:36 --------- d-----w C:\Program Files\Setup Files
    2008-05-20 09:17 --------- d-----w C:\Program Files\MSI
    2008-05-14 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-05-13 12:34 --------- d-----w C:\Documents and Settings\leguy\Application Data\Ahead
    2008-05-13 12:12 --------- d-----w C:\Documents and Settings\leguy\Application Data\Image Zone Express
    2008-04-13 09:21 17,920 ----a-w C:\WINDOWS\system32\Ntaccess.sys
    2007-12-21 15:18 259,616 -c--a-w C:\Documents and Settings\leguy\Application Data\installer_en[1].exe
    2007-12-04 07:00 198,680 -c--a-w C:\Documents and Settings\leguy\Application Data\installer_fr[1].exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-07-04_23.44.34.70 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-07-04 21:38:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-07-05 08:58:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
    + 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
    + 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    + 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-07 11:41 68856]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2006-01-07 06:26 176128]
    "HPHUPD05"="E:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2006-01-07 06:26 49152]
    "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
    "HP Software Update"="E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 15:41 49152]
    "HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2006-01-07 06:26 491520]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-03-24 12:41 1294446]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
    "SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2007-01-30 12:54 16116224 C:\WINDOWS\RTHDCPL.exe]

    C:\Documents and Settings\leguy\Menu D‚marrer\Programmes\D‚marrage\
    Bienvenue sur la ville virtuelle de angy21 !.url [2008-07-04 14:33:02 178]
    Registration-PCTV.lnk - C:\Program Files\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe [2008-03-07 16:46:12 245760]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Pinnacle Scheduler.lnk - C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2008-03-07 16:45:34 237568]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=tjbkacij.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.PIM1"= PCLEPIM1.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "G:\\eMule\\eMule.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Pinnacle\\Pinnacle PCTV\\TeleText\\WebServer.exe"=

    R3 CCCP106;CIF USB Camera (2110A);C:\WINDOWS\system32\DRIVERS\cccp106.sys [2003-04-28 08:08]
    R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 20:52]
    R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ee5d9b6-2727-11dd-8bf7-0006f40cd4d4}]
    \Shell\AutoRun\command - H:\autorun.exe

    *Newly Created Service* - CATCHME
    *Newly Created Service* - SSMDRV

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
    msiexec /fums {A75BF1D0-C7C3-CB55-EE17-3225387FD154} /qb
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-07-05 11:17:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
    - E:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{49fff1da-bd7c-e530-07f6-2f26c5b02461} - (no file)
    BHO-{fc75ca82-d325-46be-92b2-a26d5fe4d574} - (no file)
    Toolbar-{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-05 15:57:56
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-05 16:00:13
    ComboFix-quarantined-files.txt 2008-07-05 13:59:57
    ComboFix2.txt 2008-07-04 21:44:54

    Pre-Run: 21,316,243,456 octets libres
    Post-Run: 21,303,513,088 octets libres

    146 --- E O F --- 2008-05-28 06:08:27
    0
  9. banditpachat Messages postés 54 Date d'inscription   Statut Membre Dernière intervention   3
     
    voici le rapport de antivir

    Avira AntiVir Personal
    Report file date: samedi 5 juillet 2008 16:01

    Scanning for 1378724 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: AMD3200

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 22:13:40
    ANTIVIR2.VDF : 7.0.5.51 273408 Bytes 04/07/2008 22:13:42
    ANTIVIR3.VDF : 7.0.5.52 2048 Bytes 04/07/2008 22:13:42
    Engineversion : 8.1.0.64
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.46 283002 Bytes 04/07/2008 22:13:54
    AESCN.DLL : 8.1.0.22 119157 Bytes 04/07/2008 22:13:53
    AERDL.DLL : 8.1.0.20 418165 Bytes 04/07/2008 22:13:52
    AEPACK.DLL : 8.1.1.6 364918 Bytes 04/07/2008 22:13:51
    AEOFFICE.DLL : 8.1.0.20 192891 Bytes 04/07/2008 22:13:50
    AEHEUR.DLL : 8.1.0.35 1298806 Bytes 04/07/2008 22:13:49
    AEHELP.DLL : 8.1.0.15 115063 Bytes 04/07/2008 22:13:47
    AEGEN.DLL : 8.1.0.29 307573 Bytes 04/07/2008 22:13:46
    AEEMU.DLL : 8.1.0.6 430451 Bytes 04/07/2008 22:13:45
    AECORE.DLL : 8.1.0.32 168311 Bytes 04/07/2008 22:13:44
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, E:, F:, G:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: samedi 5 juillet 2008 16:01

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'InCD.exe' - '1' Module(s) have been scanned
    Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
    Scan process 'hpcmpmgr.exe' - '1' Module(s) have been scanned
    Scan process 'hpztsb09.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'incdsrv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    34 processes with 34 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'E:\'
    [INFO] No virus was found!
    Boot sector 'F:\'
    [INFO] No virus was found!
    Boot sector 'G:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '29' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'E:\' <78G 1>
    Begin scan in 'F:\' <80G 2>
    Begin scan in 'G:\' <80G 3>

    End of the scan: samedi 5 juillet 2008 16:36
    Used time: 34:59 min

    The scan has been done completely.

    5516 Scanning directories
    204157 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    204157 Files not concerned
    1714 Archives were scanned
    3 Warnings
    0 Notes
    0
  10. banditpachat Messages postés 54 Date d'inscription   Statut Membre Dernière intervention   3
     
    et voici le rapport de hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:41:28, on 5/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://1-technology.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {49fff1da-bd7c-e530-07f6-2f26c5b02461} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {fc75ca82-d325-46be-92b2-a26d5fe4d574} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HPHUPD05] E:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Bienvenue sur la ville virtuelle de angy21 !.url
    O4 - Startup: Registration-PCTV.lnk = C:\Program Files\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe
    O4 - Global Startup: Pinnacle Scheduler.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://asia.msi.com.tw
    O15 - Trusted Zone: http://global.msi.com.tw
    O15 - Trusted Zone: http://www.msi.com.tw
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://banditpachat.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - AppInit_DLLs: tjbkacij.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    0
  11. gil le fantom Messages postés 2809 Statut Membre 25
     
    relance hijackthis
    selectionne do a system scan only
    et coches les lignes suivantes:

    O2 - BHO: (no name) - {49fff1da-bd7c-e530-07f6-2f26c5b02461} - (no file)
    O2 - BHO: (no name) - {fc75ca82-d325-46be-92b2-a26d5fe4d574} - (no file)
    O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O20 - AppInit_DLLs: tjbkacij.dll

    puis clic sur le bouton "Fix Checked"
    puis tu me repost un rapport hijackthis.
    0
    1. banditpachat Messages postés 54 Date d'inscription   Statut Membre Dernière intervention   3
       
      voici le rapport que tu m'a demander après les rectifications


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:26:03, on 5/07/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
      C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
      E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Ahead\InCD\InCD.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://1-technology.com
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
      O4 - HKLM\..\Run: [HPHUPD05] E:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
      O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
      O4 - HKLM\..\Run: [HP Software Update] "E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
      O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
      O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - Startup: Bienvenue sur la ville virtuelle de angy21 !.url
      O4 - Startup: Registration-PCTV.lnk = C:\Program Files\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe
      O4 - Global Startup: Pinnacle Scheduler.lnk = ?
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O15 - Trusted Zone: http://asia.msi.com.tw
      O15 - Trusted Zone: http://global.msi.com.tw
      O15 - Trusted Zone: http://www.msi.com.tw
      O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://banditpachat.spaces.live.com/PhotoUpload/MsnPUpld.cab
      O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      0
  12. gil le fantom Messages postés 2809 Statut Membre 25
     
    eh bien, c'est terminé

    il reste à supprimer les outils de désinfection
    tu Télécharge ToolsCleaner de A.Roshtein sur ton Bureau.(sur un des 2 liens)
    http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe
    http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
    · Clique sur Recherche et laisse le scan se terminer.
    · Clique, sur Suppression pour finaliser.
    · Tu peux, si tu le souhaites, te servir des Options facultatives.
    · Clique sur Quitter, pour que le rapport puisse se créer.
    · Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).

    bonne soirée et bon dimanche

    a+
    0
  13. banditpachat Messages postés 54 Date d'inscription   Statut Membre Dernière intervention   3
     
    voila c fait

    -->- Recherche:

    C:\Qoobox: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
    C:\Documents and Settings\leguy\Bureau\nettoyage pc\HijackThis.lnk: trouvé !
    C:\Documents and Settings\leguy\Bureau\nettoyage pc\Navilog1.exe: trouvé !
    C:\Documents and Settings\leguy\Bureau\nettoyage pc\Navilog1.lnk: trouvé !
    C:\Documents and Settings\leguy\Bureau\nettoyage pc\ComboFix.exe: trouvé !
    C:\Program Files\Navilog1: trouvé !
    C:\Program Files\Navilog1\Navilog1.bat: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
    C:\Documents and Settings\leguy\Bureau\nettoyage pc\HijackThis.lnk: supprimé !
    C:\Documents and Settings\leguy\Bureau\nettoyage pc\Navilog1.exe: supprimé !
    C:\Documents and Settings\leguy\Bureau\nettoyage pc\Navilog1.lnk: supprimé !
    C:\Documents and Settings\leguy\Bureau\nettoyage pc\ComboFix.exe: supprimé !
    C:\Program Files\Navilog1\Navilog1.bat: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Qoobox: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
    C:\Program Files\Navilog1: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !

    Corbeille vidée!
    Fichiers temporaires nettoyés !
    bon week end et bon dimanche a toi aussi et encore et toujour un tres grand je dirais meme un enorme merci pour le temps que tu a passer a m'aider et a me guider pour tout ces processus de nettoyage merci beaucoup.
    0
  14. gil le fantom Messages postés 2809 Statut Membre 25
     
    juste une derniére chose,je pense que tu l'as fait.
    en complément d'antivir, installe malware byte's anti malware qui est excélent.

    a+
    0
    1. banditpachat Messages postés 54 Date d'inscription   Statut Membre Dernière intervention   3
       
      oui c'est fait et encore merci
      0