Virus diver qui m'attaque

Ezeck -  
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour,
Voila, cela fait depuis un certain temps, mon ordinateurs m'affichent que j'ai un problème de sécurités. Je ne sais pas c'est quoi mais dès fois il fait des bruit bizarre, me lance des messages de activation de truc 2009. ect... Aparament il me dit que c'est un truc du genre spyware
Apparament je suis infecter par plus de 400 choses a la fois. Il me demande toutes les 5 min de m'abonner a un anti virus...
A un moment donnez j'ai vut qu'une analyse a trouver un virus du genre trajan.
S'il vous plait dite moi que faire je déprime, il m'envois des choses du genre menace de confidentialité je pannique. Dite moi un truc gratuit mais rapidemment je vous en supllie.....
Configuration: Windows XP
Internet Explorer 7.0

29 réponses

  • 1
  • 2
  1. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Salut,

    - Télécharge HijackThis V 2.02 (HijackThis Installer) :
    http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

    - Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

    - Clique sur Install ensuite sur I Accept

    - Clique sur Do a scan system and save log file

    - Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
    1
  2. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    - Télécharge et installe MalwareByte's Anti-Malware :
    http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

    - Mets-le à jour

    - Redémarre en mode sans échec (Recommandé) :
    https://blog.sosordi.net/

    - Choisis ta session habituelle

    - Fais un scan complet avec MalwareByte's Anti-Malware

    - Supprime tout ce que le logiciel trouve, enregistre le rapport

    - Redémarre en mode normal et poste le rapport ici

    Tutorial :
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    1
  3. Ezeck
     
    Désoler d'avoir postez deux fois je ne l'est pas fait exprès....
    0
  4. Ezeck
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 04:03:16, on 13/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\regsvr32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\DOCUME~1\ZCK~1\LOCALS~1\Temp\video1166.cfg.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\DOCUME~1\ZCK~1\LOCALS~1\Temp\b.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wpabaln.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: &Research - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - C:\WINDOWS\system32\winsrc.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: offersfortoday browser enhancer - {46162ddf-2604-b3b8-415b-62136103e4d5} - C:\WINDOWS\system32\gjqklupigrk.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [ksuhdokkkgtlpbdim] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\gjqklupigrk.dll"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\ZCK~1\LOCALS~1\Temp\video1166.cfg.exe
    O4 - HKCU\..\Run: [26529900329101700144784013765570] C:\Program Files\Antivirus 2009\av2009.exe
    O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\ieexplorer32.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=www.generation-nt.com
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Ezeck
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 04:03:16, on 13/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\regsvr32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\DOCUME~1\ZCK~1\LOCALS~1\Temp\video1166.cfg.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\DOCUME~1\ZCK~1\LOCALS~1\Temp\b.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wpabaln.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: &Research - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - C:\WINDOWS\system32\winsrc.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: offersfortoday browser enhancer - {46162ddf-2604-b3b8-415b-62136103e4d5} - C:\WINDOWS\system32\gjqklupigrk.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [ksuhdokkkgtlpbdim] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\gjqklupigrk.dll"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\ZCK~1\LOCALS~1\Temp\video1166.cfg.exe
    O4 - HKCU\..\Run: [26529900329101700144784013765570] C:\Program Files\Antivirus 2009\av2009.exe
    O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\ieexplorer32.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=www.generation-nt.com
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    0
  7. Ezeck
     
    Voila, je l'est fait mais j'ai l'impression qu'il ne ma pas tout suprimer. Il en as trouver 24 et OU 100 et quelques. Je les est tous suprimmer. Par la suite j'ai lancer Spyboot qui ma vaccinner tout a part des composants (genre cookies, plugin...) de firefox. Or, je n'est pas firefox. Je les télécharger, c'est vrai mais je les suprimmer par la suite via panneau de configuration. Comment se fait t'il qu'il en es t encore? J'ai lancer aussi avast qui m'en as suprimmer. A la fin, j'ai refait Hitachi ( ou un truc comme sa) et apparamment il m'en affichent encore beaucoup ( bien que je ne comprend rien a se qu'il y as marquer.) Je crois, que l'antivirus ne ma pas tout suprimer..

    Et, en fait, je n'est plus internet. Je ne sais pas si c'est un de mes cables qui a dut être mal connecter ou pas (je n'est pas eu le temp de vérifier) ou si c'est le p.c. Si c'est le pc que faire? Je dit sa au cas ou ce n'est pas le cable, que je sache le faire se soir.....

    Quoi qu'il en soit je ne crois pas qu'il m'est tout suprimmer.
    0
  8. Ezeck
     
    Voila le rapport. Pour internet, c'étais mon cable^^
    Par contre il y en a deux. Je te poste les deux....
    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1262
    Windows 5.1.2600 Service Pack 3

    13/10/2008 18:11:07
    mbam-log-2008-10-13 (18-11-07).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|)
    Eléments examinés: 168252
    Temps écoulé: 40 minute(s), 15 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 41
    Valeur(s) du Registre infectée(s): 4
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 10
    Fichier(s) infecté(s): 83

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328} (Adware.Search Toolbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Adware.Search Toolbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46162ddf-2604-b3b8-415b-62136103e4d5} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{46162ddf-2604-b3b8-415b-62136103e4d5} (Adware.BHO) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\26529900329101700144784013765570 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IEUpdate (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSFox (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\Program Files\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
    C:\Program Files\VirusRemover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Menu Démarrer\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Application Data\VirusRemover2008 (Rogue.VirusRemover) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Application Data\VirusRemover2008\Logs (Rogue.VirusRemover) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Documents and Settings\stephen\Local Settings\Application Data\ekggq_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\stephen\Local Settings\Application Data\ekggq_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\stephen\Local Settings\Application Data\ekggq.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\stephen\Local Settings\Application Data\ekggq.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winsrc.dll (Adware.Search Toolbar) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{544A1765-0CE6-4A5E-8430-9543B0121939}\RP62\A0025622.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\Antivirus 2009\av2009.exe (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Menu Démarrer\Antivirus 2009\Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Menu Démarrer\Antivirus 2009\Uninstall Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Application Data\VirusRemover2008\Logs\scns.log (Rogue.VirusRemover) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ieexplorer32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ieupdates.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Local Settings\Temp\video1166.cfg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Bureau\Antivirus 2009.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Local Settings\Temp\get_file.php (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Local Settings\Temp\video1166.cfg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\gjqklupigrk.dll (Adware.BHO) -> Quarantined and deleted successfully.
    0
  9. Ezeck
     
    Voila le rapport. Pour internet, c'étais mon cable^^
    Par contre il y en a deux. Je te poste les deux....
    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1262
    Windows 5.1.2600 Service Pack 3

    13/10/2008 18:11:07
    mbam-log-2008-10-13 (18-11-07).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|)
    Eléments examinés: 168252
    Temps écoulé: 40 minute(s), 15 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 41
    Valeur(s) du Registre infectée(s): 4
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 10
    Fichier(s) infecté(s): 83

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328} (Adware.Search Toolbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Adware.Search Toolbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46162ddf-2604-b3b8-415b-62136103e4d5} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{46162ddf-2604-b3b8-415b-62136103e4d5} (Adware.BHO) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\26529900329101700144784013765570 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IEUpdate (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSFox (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\Program Files\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
    C:\Program Files\VirusRemover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Menu Démarrer\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Application Data\VirusRemover2008 (Rogue.VirusRemover) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Application Data\VirusRemover2008\Logs (Rogue.VirusRemover) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Documents and Settings\stephen\Local Settings\Application Data\ekggq_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\stephen\Local Settings\Application Data\ekggq_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\stephen\Local Settings\Application Data\ekggq.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\stephen\Local Settings\Application Data\ekggq.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winsrc.dll (Adware.Search Toolbar) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{544A1765-0CE6-4A5E-8430-9543B0121939}\RP62\A0025622.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\Antivirus 2009\av2009.exe (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Menu Démarrer\Antivirus 2009\Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Menu Démarrer\Antivirus 2009\Uninstall Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Application Data\VirusRemover2008\Logs\scns.log (Rogue.VirusRemover) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ieexplorer32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ieupdates.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Local Settings\Temp\video1166.cfg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Bureau\Antivirus 2009.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Local Settings\Temp\get_file.php (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Local Settings\Temp\video1166.cfg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\gjqklupigrk.dll (Adware.BHO) -> Quarantined and deleted successfully.
    0
  10. Ezeck
     
    Voila le rapport. Pour internet, c'étais mon cable^^
    Par contre il y en a deux. Je te poste les deux....
    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1262
    Windows 5.1.2600 Service Pack 3

    13/10/2008 18:11:07
    mbam-log-2008-10-13 (18-11-07).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|)
    Eléments examinés: 168252
    Temps écoulé: 40 minute(s), 15 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 41
    Valeur(s) du Registre infectée(s): 4
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 10
    Fichier(s) infecté(s): 83

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328} (Adware.Search Toolbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Adware.Search Toolbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46162ddf-2604-b3b8-415b-62136103e4d5} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{46162ddf-2604-b3b8-415b-62136103e4d5} (Adware.BHO) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\26529900329101700144784013765570 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IEUpdate (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSFox (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\Program Files\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
    C:\Program Files\VirusRemover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Menu Démarrer\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Application Data\VirusRemover2008 (Rogue.VirusRemover) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Application Data\VirusRemover2008\Logs (Rogue.VirusRemover) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Documents and Settings\stephen\Local Settings\Application Data\ekggq_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\stephen\Local Settings\Application Data\ekggq_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\stephen\Local Settings\Application Data\ekggq.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\stephen\Local Settings\Application Data\ekggq.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winsrc.dll (Adware.Search Toolbar) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{544A1765-0CE6-4A5E-8430-9543B0121939}\RP62\A0025622.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\Antivirus 2009\av2009.exe (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Menu Démarrer\Antivirus 2009\Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Menu Démarrer\Antivirus 2009\Uninstall Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Application Data\VirusRemover2008\Logs\scns.log (Rogue.VirusRemover) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ieexplorer32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ieupdates.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Local Settings\Temp\video1166.cfg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Bureau\Antivirus 2009.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Local Settings\Temp\get_file.php (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ézèck\Local Settings\Temp\video1166.cfg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\gjqklupigrk.dll (Adware.BHO) -> Quarantined and deleted successfully.
    0
  11. Ezeck
     
    Voici le deuxième. Je tien comme même a dir que certain autre analyse mon montrer qu'il y en as beaucoups plus...
    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1262
    Windows 5.1.2600 Service Pack 3

    13/10/2008 20:07:34
    mbam-log-2008-10-13 (20-07-34).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|)
    Eléments examinés: 160931
    Temps écoulé: 52 minute(s), 14 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  12. Ezeck
     
    Par acquis de conscience je t'envois le rapport d'Hitashi, le sacn d'analyse que je vien faire a l'instant. Je vous signale en plus que mon p.c commence a ramer un peu plus (par exemple pour le poste du message)
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:46:15, on 14/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [ksuhdokkkgtlpbdim] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\gjqklupigrk.dll"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=www.generation-nt.com
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    0
  13. Ezeck
     
    ComboFix 08-10-15.08 - ézèck 2008-10-16 17:05:35.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1101 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\ézèck\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé

    [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-16 au 2008-10-16 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-15 19:27 . 2008-08-14 15:23 2,191,232 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    2008-10-15 19:27 . 2008-08-14 15:23 2,147,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    2008-10-15 19:27 . 2008-08-14 15:23 2,068,096 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    2008-10-15 19:27 . 2008-08-14 15:23 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
    2008-10-15 19:27 . 2008-09-15 17:26 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
    2008-10-15 19:27 . 2008-09-08 12:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
    2008-10-13 18:17 . 2008-10-13 18:23 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-10-13 18:17 . 2008-10-14 08:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-10-13 17:44 . 2008-10-13 17:44 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
    2008-10-13 07:56 . 2008-10-13 07:56 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-13 07:56 . 2008-10-13 07:56 <REP> d-------- C:\Documents and Settings\ézèck\Application Data\Malwarebytes
    2008-10-13 07:56 . 2008-10-13 07:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-13 07:56 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-13 07:56 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-13 04:02 . 2008-10-13 04:02 <REP> d-------- C:\Program Files\Trend Micro
    2008-10-13 01:26 . 2008-10-13 02:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ngvozurw
    2008-10-13 01:25 . 2008-10-13 01:26 79,086 --a------ C:\WINDOWS\system32\wifcqlwdonbiap.exe
    2008-10-12 21:30 . 2003-11-03 17:15 1,902 --------- C:\WINDOWS\system32\SetupBD.din
    2008-10-10 19:12 . 2008-10-10 19:12 4,444 --a------ C:\WINDOWS\system32\pid.PNF
    2008-10-10 19:08 . 2008-10-10 19:08 <REP> d-------- C:\Program Files\AIDA32 - Enterprise System Information
    2008-10-10 19:04 . 2008-10-10 19:04 <REP> d-------- C:\WINDOWS\Sun
    2008-10-09 17:48 . 2008-10-09 18:10 <REP> d-------- C:\Program Files\Dofus
    2008-10-09 17:40 . 2008-10-14 08:45 902 --a------ C:\WINDOWS\Active Setup Log.BAK
    2008-10-08 18:47 . 2008-10-08 18:47 <REP> d-------- C:\Program Files\Sun
    2008-10-08 18:47 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-10-08 18:46 . 2008-10-08 18:47 <REP> d-------- C:\Program Files\Java
    2008-10-08 18:46 . 2008-10-08 18:46 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-10-08 14:59 . 2008-10-08 14:59 <REP> d-------- C:\Documents and Settings\Stock m\Application Data\Media Player Classic
    2008-10-08 14:59 . 2008-10-08 14:59 <REP> d-------- C:\Documents and Settings\Stock m\Application Data\DivX
    2008-10-04 13:27 . 2008-10-04 13:27 268 --ah----- C:\sqmdata07.sqm
    2008-10-04 13:27 . 2008-10-04 13:27 244 --ah----- C:\sqmnoopt07.sqm
    2008-10-03 18:46 . 2008-10-03 18:46 268 --ah----- C:\sqmdata06.sqm
    2008-10-03 18:46 . 2008-10-03 18:46 244 --ah----- C:\sqmnoopt06.sqm
    2008-10-03 01:48 . 2008-10-03 01:48 268 --ah----- C:\sqmdata05.sqm
    2008-10-03 01:48 . 2008-10-03 01:48 244 --ah----- C:\sqmnoopt05.sqm
    2008-10-03 01:13 . 2008-10-03 01:48 <REP> d-------- C:\Program Files\PhotoFiltre
    2008-10-02 08:53 . 2008-10-02 08:53 268 --ah----- C:\sqmdata04.sqm
    2008-10-02 08:53 . 2008-10-02 08:53 244 --ah----- C:\sqmnoopt04.sqm
    2008-10-01 21:03 . 2008-10-01 21:03 268 --ah----- C:\sqmdata03.sqm
    2008-10-01 21:03 . 2008-10-01 21:03 244 --ah----- C:\sqmnoopt03.sqm
    2008-09-22 12:47 . 2008-09-22 13:01 <REP> d-------- C:\Documents and Settings\stephen\Application Data\uTorrent
    2008-09-16 18:44 . 2008-09-16 18:44 268 --ah----- C:\sqmdata02.sqm
    2008-09-16 18:44 . 2008-09-16 18:44 244 --ah----- C:\sqmnoopt02.sqm
    2008-09-16 12:29 . 2008-09-16 12:29 268 --ah----- C:\sqmdata01.sqm
    2008-09-16 12:29 . 2008-09-16 12:29 244 --ah----- C:\sqmnoopt01.sqm

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-15 21:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-10-12 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
    2008-09-22 19:39 --------- d-----w C:\Program Files\Windows Live
    2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
    2008-09-01 18:27 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-09-01 18:23 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
    2008-09-01 18:19 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-09-01 18:17 --------- d-----w C:\Documents and Settings\ézèck\Application Data\ATI
    2008-09-01 18:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-09-01 18:08 --------- d-----w C:\Program Files\AVG
    2008-08-31 11:42 --------- d-----w C:\Documents and Settings\stephen\Application Data\Canneverbe_Limited
    2008-08-31 11:13 --------- d-----w C:\Documents and Settings\stephen\Application Data\Media Player Classic
    2008-08-31 11:13 --------- d-----w C:\Documents and Settings\stephen\Application Data\DivX
    2008-08-31 09:04 --------- d-----w C:\Documents and Settings\stephen\Application Data\ATI
    2008-08-26 08:11 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-08-14 13:23 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
    2008-08-14 13:23 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 59392]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-06-06 394856]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
    R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-10-03 2799488]
    R3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 468768]

    *Newly Created Service* - PROCEXP90
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-Run-ksuhdokkkgtlpbdim - C:\WINDOWS\system32\gjqklupigrk.dll

    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\ézèck\Application Data\Mozilla\Firefox\Profiles\1qv3q10z.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.fr/
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-16 17:12:21
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-10-16 17:13:50
    ComboFix-quarantined-files.txt 2008-10-16 15:13:47

    Avant-CF: 222 113 517 568 octets libres
    Après-CF: 224,556,773,376 octets libres

    148 --- E O F --- 2008-10-15 21:53:23
    0
  14. Ezeck
     
    ComboFix 08-10-15.08 - ézèck 2008-10-16 17:05:35.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1101 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\ézèck\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé

    [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-16 au 2008-10-16 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-15 19:27 . 2008-08-14 15:23 2,191,232 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    2008-10-15 19:27 . 2008-08-14 15:23 2,147,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    2008-10-15 19:27 . 2008-08-14 15:23 2,068,096 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    2008-10-15 19:27 . 2008-08-14 15:23 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
    2008-10-15 19:27 . 2008-09-15 17:26 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
    2008-10-15 19:27 . 2008-09-08 12:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
    2008-10-13 18:17 . 2008-10-13 18:23 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-10-13 18:17 . 2008-10-14 08:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-10-13 17:44 . 2008-10-13 17:44 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
    2008-10-13 07:56 . 2008-10-13 07:56 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-13 07:56 . 2008-10-13 07:56 <REP> d-------- C:\Documents and Settings\ézèck\Application Data\Malwarebytes
    2008-10-13 07:56 . 2008-10-13 07:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-13 07:56 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-13 07:56 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-13 04:02 . 2008-10-13 04:02 <REP> d-------- C:\Program Files\Trend Micro
    2008-10-13 01:26 . 2008-10-13 02:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ngvozurw
    2008-10-13 01:25 . 2008-10-13 01:26 79,086 --a------ C:\WINDOWS\system32\wifcqlwdonbiap.exe
    2008-10-12 21:30 . 2003-11-03 17:15 1,902 --------- C:\WINDOWS\system32\SetupBD.din
    2008-10-10 19:12 . 2008-10-10 19:12 4,444 --a------ C:\WINDOWS\system32\pid.PNF
    2008-10-10 19:08 . 2008-10-10 19:08 <REP> d-------- C:\Program Files\AIDA32 - Enterprise System Information
    2008-10-10 19:04 . 2008-10-10 19:04 <REP> d-------- C:\WINDOWS\Sun
    2008-10-09 17:48 . 2008-10-09 18:10 <REP> d-------- C:\Program Files\Dofus
    2008-10-09 17:40 . 2008-10-14 08:45 902 --a------ C:\WINDOWS\Active Setup Log.BAK
    2008-10-08 18:47 . 2008-10-08 18:47 <REP> d-------- C:\Program Files\Sun
    2008-10-08 18:47 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-10-08 18:46 . 2008-10-08 18:47 <REP> d-------- C:\Program Files\Java
    2008-10-08 18:46 . 2008-10-08 18:46 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-10-08 14:59 . 2008-10-08 14:59 <REP> d-------- C:\Documents and Settings\Stock m\Application Data\Media Player Classic
    2008-10-08 14:59 . 2008-10-08 14:59 <REP> d-------- C:\Documents and Settings\Stock m\Application Data\DivX
    2008-10-04 13:27 . 2008-10-04 13:27 268 --ah----- C:\sqmdata07.sqm
    2008-10-04 13:27 . 2008-10-04 13:27 244 --ah----- C:\sqmnoopt07.sqm
    2008-10-03 18:46 . 2008-10-03 18:46 268 --ah----- C:\sqmdata06.sqm
    2008-10-03 18:46 . 2008-10-03 18:46 244 --ah----- C:\sqmnoopt06.sqm
    2008-10-03 01:48 . 2008-10-03 01:48 268 --ah----- C:\sqmdata05.sqm
    2008-10-03 01:48 . 2008-10-03 01:48 244 --ah----- C:\sqmnoopt05.sqm
    2008-10-03 01:13 . 2008-10-03 01:48 <REP> d-------- C:\Program Files\PhotoFiltre
    2008-10-02 08:53 . 2008-10-02 08:53 268 --ah----- C:\sqmdata04.sqm
    2008-10-02 08:53 . 2008-10-02 08:53 244 --ah----- C:\sqmnoopt04.sqm
    2008-10-01 21:03 . 2008-10-01 21:03 268 --ah----- C:\sqmdata03.sqm
    2008-10-01 21:03 . 2008-10-01 21:03 244 --ah----- C:\sqmnoopt03.sqm
    2008-09-22 12:47 . 2008-09-22 13:01 <REP> d-------- C:\Documents and Settings\stephen\Application Data\uTorrent
    2008-09-16 18:44 . 2008-09-16 18:44 268 --ah----- C:\sqmdata02.sqm
    2008-09-16 18:44 . 2008-09-16 18:44 244 --ah----- C:\sqmnoopt02.sqm
    2008-09-16 12:29 . 2008-09-16 12:29 268 --ah----- C:\sqmdata01.sqm
    2008-09-16 12:29 . 2008-09-16 12:29 244 --ah----- C:\sqmnoopt01.sqm

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-15 21:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-10-12 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
    2008-09-22 19:39 --------- d-----w C:\Program Files\Windows Live
    2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
    2008-09-01 18:27 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-09-01 18:23 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
    2008-09-01 18:19 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-09-01 18:17 --------- d-----w C:\Documents and Settings\ézèck\Application Data\ATI
    2008-09-01 18:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-09-01 18:08 --------- d-----w C:\Program Files\AVG
    2008-08-31 11:42 --------- d-----w C:\Documents and Settings\stephen\Application Data\Canneverbe_Limited
    2008-08-31 11:13 --------- d-----w C:\Documents and Settings\stephen\Application Data\Media Player Classic
    2008-08-31 11:13 --------- d-----w C:\Documents and Settings\stephen\Application Data\DivX
    2008-08-31 09:04 --------- d-----w C:\Documents and Settings\stephen\Application Data\ATI
    2008-08-26 08:11 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-08-14 13:23 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
    2008-08-14 13:23 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 59392]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-06-06 394856]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
    R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-10-03 2799488]
    R3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 468768]

    *Newly Created Service* - PROCEXP90
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-Run-ksuhdokkkgtlpbdim - C:\WINDOWS\system32\gjqklupigrk.dll

    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\ézèck\Application Data\Mozilla\Firefox\Profiles\1qv3q10z.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.fr/
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-16 17:12:21
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-10-16 17:13:50
    ComboFix-quarantined-files.txt 2008-10-16 15:13:47

    Avant-CF: 222 113 517 568 octets libres
    Après-CF: 224,556,773,376 octets libres

    148 --- E O F --- 2008-10-15 21:53:23
    0
  15. Ezeck
     
    excuse de poster plusieur fois, a chaque fois je fais pas exprès, c'est l'ordinateur qui rame....
    0
  16. Ezeck
     
    ComboFix 08-10-15.08 - ézèck 2008-10-16 17:45:25.2 - NTFSx86 MINIMAL
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1284 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\ézèck\Bureau\ComboFix.exe
    Commutateurs utilisés :: C:\Documents and Settings\ézèck\Bureau\CFScript.txt

    [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]

    FILE ::
    C:\WINDOWS\system32\wifcqlwdonbiap.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\ngvozurw
    C:\WINDOWS\system32\wifcqlwdonbiap.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-16 au 2008-10-16 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-15 19:27 . 2008-08-14 15:23 2,191,232 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    2008-10-15 19:27 . 2008-08-14 15:23 2,147,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    2008-10-15 19:27 . 2008-08-14 15:23 2,068,096 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    2008-10-15 19:27 . 2008-08-14 15:23 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
    2008-10-15 19:27 . 2008-09-15 17:26 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
    2008-10-15 19:27 . 2008-09-08 12:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
    2008-10-13 18:17 . 2008-10-13 18:23 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-10-13 18:17 . 2008-10-14 08:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-10-13 17:44 . 2008-10-13 17:44 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
    2008-10-13 07:56 . 2008-10-13 07:56 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-13 07:56 . 2008-10-13 07:56 <REP> d-------- C:\Documents and Settings\ézèck\Application Data\Malwarebytes
    2008-10-13 07:56 . 2008-10-13 07:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-13 07:56 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-13 07:56 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-13 04:02 . 2008-10-13 04:02 <REP> d-------- C:\Program Files\Trend Micro
    2008-10-12 21:30 . 2003-11-03 17:15 1,902 --------- C:\WINDOWS\system32\SetupBD.din
    2008-10-10 19:12 . 2008-10-10 19:12 4,444 --a------ C:\WINDOWS\system32\pid.PNF
    2008-10-10 19:08 . 2008-10-10 19:08 <REP> d-------- C:\Program Files\AIDA32 - Enterprise System Information
    2008-10-10 19:04 . 2008-10-10 19:04 <REP> d-------- C:\WINDOWS\Sun
    2008-10-09 17:48 . 2008-10-09 18:10 <REP> d-------- C:\Program Files\Dofus
    2008-10-09 17:40 . 2008-10-14 08:45 902 --a------ C:\WINDOWS\Active Setup Log.BAK
    2008-10-08 18:47 . 2008-10-08 18:47 <REP> d-------- C:\Program Files\Sun
    2008-10-08 18:47 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-10-08 18:46 . 2008-10-08 18:47 <REP> d-------- C:\Program Files\Java
    2008-10-08 18:46 . 2008-10-08 18:46 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-10-08 14:59 . 2008-10-08 14:59 <REP> d-------- C:\Documents and Settings\Stock m\Application Data\Media Player Classic
    2008-10-08 14:59 . 2008-10-08 14:59 <REP> d-------- C:\Documents and Settings\Stock m\Application Data\DivX
    2008-10-04 13:27 . 2008-10-04 13:27 268 --ah----- C:\sqmdata07.sqm
    2008-10-04 13:27 . 2008-10-04 13:27 244 --ah----- C:\sqmnoopt07.sqm
    2008-10-03 18:46 . 2008-10-03 18:46 268 --ah----- C:\sqmdata06.sqm
    2008-10-03 18:46 . 2008-10-03 18:46 244 --ah----- C:\sqmnoopt06.sqm
    2008-10-03 01:48 . 2008-10-03 01:48 268 --ah----- C:\sqmdata05.sqm
    2008-10-03 01:48 . 2008-10-03 01:48 244 --ah----- C:\sqmnoopt05.sqm
    2008-10-03 01:13 . 2008-10-03 01:48 <REP> d-------- C:\Program Files\PhotoFiltre
    2008-10-02 08:53 . 2008-10-02 08:53 268 --ah----- C:\sqmdata04.sqm
    2008-10-02 08:53 . 2008-10-02 08:53 244 --ah----- C:\sqmnoopt04.sqm
    2008-10-01 21:03 . 2008-10-01 21:03 268 --ah----- C:\sqmdata03.sqm
    2008-10-01 21:03 . 2008-10-01 21:03 244 --ah----- C:\sqmnoopt03.sqm
    2008-09-22 12:47 . 2008-09-22 13:01 <REP> d-------- C:\Documents and Settings\stephen\Application Data\uTorrent
    2008-09-16 18:44 . 2008-09-16 18:44 268 --ah----- C:\sqmdata02.sqm
    2008-09-16 18:44 . 2008-09-16 18:44 244 --ah----- C:\sqmnoopt02.sqm
    2008-09-16 12:29 . 2008-09-16 12:29 268 --ah----- C:\sqmdata01.sqm
    2008-09-16 12:29 . 2008-09-16 12:29 244 --ah----- C:\sqmnoopt01.sqm

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-15 21:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-10-12 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
    2008-09-22 19:39 --------- d-----w C:\Program Files\Windows Live
    2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
    2008-09-01 18:27 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-09-01 18:23 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
    2008-09-01 18:19 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-09-01 18:17 --------- d-----w C:\Documents and Settings\ézèck\Application Data\ATI
    2008-09-01 18:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-09-01 18:08 --------- d-----w C:\Program Files\AVG
    2008-08-31 11:42 --------- d-----w C:\Documents and Settings\stephen\Application Data\Canneverbe_Limited
    2008-08-31 11:13 --------- d-----w C:\Documents and Settings\stephen\Application Data\Media Player Classic
    2008-08-31 11:13 --------- d-----w C:\Documents and Settings\stephen\Application Data\DivX
    2008-08-31 09:04 --------- d-----w C:\Documents and Settings\stephen\Application Data\ATI
    2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    .

    ((((((((((((((((((((((((((((( snapshot@2008-10-16_17.13.24,32 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-10-16 15:49:07 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_6c0.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 59392]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-06-06 394856]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
    R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-10-03 2799488]
    R3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 468768]
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-16 17:50:55
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\ehome\ehRecvr.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\WINDOWS\ehome\ehmsas.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\WINDOWS\system32\wpabaln.exe
    C:\WINDOWS\system32\verclsid.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-16 17:55:00 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-10-16 15:54:56
    ComboFix2.txt 2008-10-16 15:13:51

    Avant-CF: 224 581 464 064 octets libres
    Après-CF: 224,583,159,808 octets libres

    155 --- E O F --- 2008-10-15 21:53:23
    0
  17. Ezeck
     
    [b]SDFix: Version 1.236 [/b]
    Run by ‚zŠck on 16/10/2008 at 21:00

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    [b]Checking Services [/b]:

    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    No Trojan Files Found

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-16 21:05:16
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [b]Remaining Files [/b]:

    [b]Files with Hidden Attributes [/b]:

    Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
    Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
    Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    Thu 7 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\be077a0a5c65554c0fa221a5c8a0529b\BIT3.tmp"

    [b]Finished![/b]
    0
  18. Ezeck
     
    Ouai sa peut aller. Il y a toujours un petit peu de ram mais c'est beaucoup moin qu'avant. Voir il a presque sa rame d'avant.
    Pourquoi il n'a plus de virus?
    0
  19. Ezeck
     
    Sa me fait erreur, il ne veut pas le télécharger. Coment on accepte les controle activx?
    0
  20. Ezeck
     
    Désoler du retard mais j'tais partit en mission importante je n'est pas put venu sur l'ordi. Je t'envois le rapport dès demain, en fin d'après-midi.
    0
  21. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Ok mais je t'ai demandé le rapport de MBAM.
    -1
  • 1
  • 2