WinupGro et Virus

Résolu
X_Cyr -  
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour,
J'ai chopé plusieurs virus :
- Backdoor.Graybird
- Dialer.stardial
- Adware.Begin2search
- Adware.ZenoSearch

Et un Bagle :
WinUpGro

Je sais que j'ai d'autres trojan mais je ne me souviens plus.

Le problème est que Norton a été bloqué et ne veut plus démarrer. J'ai lancé un "FindyKill" et un "CCleaner". Maintenant je me demande s'il reste des virus et comment je peux redémarrer Norton ? Si je dois le réinstaller il faut que mon Pc soit clean.
Merci par avance.
Configuration: Windows XP
Firefox 2.0.0.18

16 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    vire tes cracks

    puis

    Télécharge Combofix de sUBs : aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Aide à l’utilisation de combofix ici: http://bibou0007.forumpro.fr/tutos-f45/tutorial-combofix-t12­1.htm

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    _________________

    colle un rapport hijackthis
    https://www.01net.com/404/

    manuel :

    http://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.ht(...)

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."
    0
  2. X_Cyr
     
    Hum... En attendant j'ai fais un Malwarebytes' Anti-Malware
    J'ai eu ce rapport :
    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 4
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2db32fc3-67e2-5e28-6d4d-43001fcb7d5c} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2db32fc3-67e2-5e28-6d4d-43001fcb7d5c} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5d9ee94-e42b-f5d1-66fe-9b1b2f0d9e6b} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c5d9ee94-e42b-f5d1-66fe-9b1b2f0d9e6b} (Adware.BHO) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pwvrbksfnwmuew (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www2.iesearch.com/) Good: (https://www.google.com/?gws_rd=ssl -> Not selected for removal.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\wzhlskmfnllzmv.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\szfjmbqaughth.dll (Adware.BHO) -> Delete on reboot.
    Mais que puis-je faire encore ?
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    tu redémarre l'ordi pour finir la désinfection de malwarebyte et tu vire ce qui a été mis en quarantaine

    puis tu fais le message précédent
    0
    1. X_Cyr
       
      Bjr jlpjlp,

      Voici le rapport de comboFix. Je lance HijackThis apres.

      Lancé depuis: c:\documents and settings\Cyrille\Bureau\ComboFix.exe
      .

      ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-12 au 2008-12-12 ))))))))))))))))))))))))))))))))))))
      .

      2008-12-12 13:00 . 2008-12-12 13:11 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
      2008-12-12 13:00 . 2008-12-12 13:00 <REP> d-------- c:\documents and settings\Cyrille\Application Data\Malwarebytes
      2008-12-12 13:00 . 2008-12-12 13:00 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
      2008-12-12 13:00 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
      2008-12-12 13:00 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
      2008-12-12 12:28 . 2008-12-12 12:28 <REP> d-------- c:\program files\Trend Micro
      2008-12-12 12:01 . 2008-12-12 12:01 <REP> d--h----- c:\documents and settings\Cyrille\Application Data\drivers
      2008-12-12 11:54 . 2008-12-12 11:54 <REP> d-------- c:\program files\CCleaner
      2008-12-12 10:51 . 2008-12-12 10:55 <REP> d-------- c:\program files\Windows Live Safety Center
      2008-12-12 10:33 . 2008-12-12 11:34 <REP> d-------- c:\program files\FindyKill
      2008-12-12 09:28 . 2008-12-12 09:28 <REP> d-------- c:\documents and settings\NetworkService\Application Data\X10 Commander
      2008-12-12 09:27 . 2008-12-12 11:35 468,490 --a------ c:\windows\system32\perfh040.dat
      2008-12-12 09:27 . 2008-12-12 11:35 75,506 --a------ c:\windows\system32\perfc040.dat
      2008-12-11 18:17 . 2008-12-11 18:17 <REP> d--h----- c:\documents and settings\All Users\Application Data\{7DE2D9B5-C959-4D68-9E63-E73738EF6F02}
      2008-12-05 23:02 . 2008-12-05 23:40 <REP> d-------- c:\documents and settings\Cyrille\Application Data\Skype
      2008-12-05 23:01 . 2008-12-05 23:01 <REP> d-------- c:\program files\Skype
      2008-12-05 23:01 . 2008-12-05 23:01 <REP> d-------- c:\program files\Fichiers communs\Skype
      2008-12-04 11:08 . 2008-12-04 11:08 30 --a------ c:\windows\Iedit.INI
      2008-11-29 22:01 . 2008-11-29 22:30 <REP> d-------- c:\program files\uTorrent
      2008-11-29 22:01 . 2008-12-05 23:48 <REP> d-------- c:\documents and settings\Cyrille\Application Data\uTorrent
      2008-11-29 19:18 . 2008-11-29 19:18 268 --ah----- C:\sqmdata12.sqm
      2008-11-29 19:18 . 2008-11-29 19:18 244 --ah----- C:\sqmnoopt12.sqm
      2008-11-23 17:02 . 2008-11-23 17:06 <REP> d-------- c:\program files\ConTEXT
      2008-11-23 16:35 . 2008-11-23 16:35 <REP> d-------- C:\xampp
      2008-11-20 21:44 . 2008-11-20 21:44 42,320 --a------ c:\windows\system32\xfcodec.dll
      2008-11-19 19:23 . 2006-09-20 16:58 40,960 --a------ c:\windows\system32\psfind.dll
      2008-11-18 22:43 . 2008-12-02 14:22 <REP> d-------- c:\documents and settings\Cyrille\Application Data\dvdcss
      2008-11-17 16:59 . 2008-11-17 17:07 <REP> d-------- c:\program files\Celtx
      2008-11-15 15:45 . 2008-11-15 15:45 268 --ah----- C:\sqmdata11.sqm
      2008-11-15 15:45 . 2008-11-15 15:45 244 --ah----- C:\sqmnoopt11.sqm
      2008-11-13 10:42 . 2008-11-13 10:43 <REP> d-------- c:\documents and settings\Cyrille\Application Data\vlc
      2008-11-13 10:40 . 2008-11-13 10:40 <REP> d-------- c:\program files\VideoLAN
      2008-11-13 10:15 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
      2008-11-13 10:15 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-12-11 20:14 --------- d-----w c:\program files\eMule
      2008-12-11 17:18 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
      2008-12-11 17:17 --------- d-----w c:\program files\Iminent
      2008-12-10 14:13 --------- d-----w c:\documents and settings\Cyrille\Application Data\HPAppData
      2008-12-10 10:22 --------- d-----w c:\program files\CVitae
      2008-12-09 13:39 47,586 ----a-w c:\windows\system32\vyerrgqjrbgvvcn.exe
      2008-12-09 09:58 --------- d-----w c:\documents and settings\Cyrille\Application Data\Aim Style Heart
      2008-12-09 04:21 68,513 ----a-w c:\windows\system32\szfjmbqaughth.dll-uninst.exe
      2008-12-05 22:03 --------- d-----w c:\documents and settings\Cyrille\Application Data\skypePM
      2008-12-05 22:01 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
      2008-12-01 08:38 --------- d-----w c:\program files\Norton Internet Security
      2008-12-01 08:32 --------- d-s---w c:\program files\Xfire
      2008-11-30 15:54 --------- d-----w c:\documents and settings\Cyrille\Application Data\Xfire
      2008-11-27 08:07 --------- d-----w c:\program files\Google
      2008-11-19 18:19 --------- d--h--w c:\program files\InstallShield Installation Information
      2008-11-19 18:19 --------- d-----w c:\program files\THQ
      2008-10-26 09:57 --------- d-----w c:\documents and settings\Cyrille\Application Data\Wallpaper
      2008-10-26 09:30 --------- d-----w c:\program files\Wallpaper
      2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
      2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
      2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
      2008-10-17 00:48 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
      2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
      2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
      0
  4. X_Cyr
     
    Et... Voici la suite : pour Hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:05:14, on 12/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\xampp\xampp\apache\bin\apache.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\xampp\xampp\mysql\bin\mysqld-nt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Wallpaper\Wallpaper.exe
    C:\Program Files\Iminent\imbooster.exe
    C:\Program Files\FinePixViewerS\QuickDCF2.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Hercules\WiFi Station\WifiStation.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Cyrille\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Zapu\Zapu\wDivi.exe
    C:\Documents and Settings\Cyrille\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
    C:\xampp\xampp\apache\bin\apache.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Program Files\torrent_search\tbtorr.dll
    R3 - URLSearchHook: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
    R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
    R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
    R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing)
    O2 - BHO: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\APPS\BAE\BAE.dll
    O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O2 - BHO: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Program Files\torrent_search\tbtorr.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Program Files\torrent_search\tbtorr.dll
    O3 - Toolbar: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
    O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
    O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
    O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
    O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
    O4 - HKCU\..\Run: [IMBooster] C:\Program Files\Iminent\imbooster.exe /warmup
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Outil de notification Live Search.lnk = Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
    O4 - Startup: Zapu Acceleration Engine.lnk = C:\Program Files\Zapu\Zapu\wincm.exe
    O4 - Startup: Zapu.lnk = C:\Program Files\Zapu\Zapu\wDivi.exe
    O4 - Global Startup: Exif Launcher S.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: WiFi Station.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skyson
    O17 - HKLM\Software\..\Telephony: DomainName = skyson
    O17 - HKLM\System\CCS\Services\Tcpip\..\{16D59095-99F6-4D1A-8B88-880639D6A718}: NameServer = 80.118.192.100,80.118.196.36
    O17 - HKLM\System\CCS\Services\Tcpip\..\{90D4FA0B-9A0F-4183-BA5B-014247BB8022}: NameServer = 212.30.96.108,212.30.124.146
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AC5A431E-F610-4702-8195-53213055EABB}: NameServer = 212.30.96.108,212.30.124.146
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skyson
    O17 - HKLM\System\CS1\Services\Tcpip\..\{16D59095-99F6-4D1A-8B88-880639D6A718}: NameServer = 80.118.192.100,80.118.196.36
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = skyson
    O17 - HKLM\System\CS2\Services\Tcpip\..\{16D59095-99F6-4D1A-8B88-880639D6A718}: NameServer = 80.118.192.100,80.118.196.36
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = skyson
    O17 - HKLM\System\CS3\Services\Tcpip\..\{16D59095-99F6-4D1A-8B88-880639D6A718}: NameServer = 80.118.192.100,80.118.196.36
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\xampp\apache\bin\apache.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: mysql - Unknown owner - C:\xampp\xampp\mysql\bin\mysqld-nt.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    0
    1. X_Cyr
       
      Et pour Norton, quelqu'un peut-il me dire comment faire svp ?
      En faite, quand je clic dessus j'ai ce message :
      "C:\Program Files\Fichiers communs\Symantec Shared\Nmain.exe n'est pas une application Win32 valide."

      C'est du à un virus ou un truc comme ca ?
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    télécharge OTMoveIt
    http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
    (attention bien mettre :files)

    :files
    c:\windows\system32\vyerrgqjrbgvvcn.exe
    c:\documents and settings\Cyrille\Application Data\Aim Style Heart
    c:\windows\system32\szfjmbqaughth.dll-uninst.exe

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    __________________

    tu télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

    * Double-clique dessus pour lancer l'installation
    * Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
    * Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
    * Patiente jusqu'à la fin du scan
    * Poste le rapport généré (C:\lopR.txt)

    __________________

    Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
    http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

    /!\ Déconnectes toi et fermes toutes applications en cours

    ● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
    ● Double clique sur l'icône Ad-removersituée sur ton bureau
    ● Au menu principal choisi l'option "A"
    ● Postes le rapport qui apparait à la fin .

    ( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    Note :

    "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    _________________

    rq:

    pour norton il va falloir le virer par la suite et le remettre comme ceci:
    http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
    0
    1. X_Cyr
       
      Otmovedfiles :

      ========== FILES ==========
      c:\windows\system32\vyerrgqjrbgvvcn.exe moved successfully.
      c:\documents and settings\Cyrille\Application Data\Aim Style Heart moved successfully.
      c:\windows\system32\szfjmbqaughth.dll-uninst.exe moved successfully.

      OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12122008_211625
      0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok fais le reste
    0
    1. X_Cyr
       
      Voici :


      --------- Logfile of AD-Remover 1.0.7.5 by C_XX ---------

      # START at: 21:33:27 | Ven 12/12/2008 | Microsoft® Windows XP™ (v5.1.2600)
      # BOOT MODE: MSE

      # OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

      # PC: cyrillehome | USER: Cyrille ( Current user is an administrator)

      # DRIVE(S):
      - C:\ (File System: NTFS)

      # Internet Explorer v7.0.5730.13

      --------- [ RUNNING PROCESSES: 10 ] ---------

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\ntvdm.exe

      -----------------------------------


      +-----------------------| Boonty/Boonty Games Elements found :

      .

      +-----------------------| Eorezo Elements found :

      .

      +-----------------------| Everest Poker Elements found :

      .

      +-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

      .

      +-----------------------| Messenger Skinner Elements found :

      .

      +-----------------------| Sweetim Elements found :

      "HKEY_CLASSES_ROOT\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}"
      "HKEY_CLASSES_ROOT\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}"
      "HKEY_CLASSES_ROOT\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}"
      "HKEY_CLASSES_ROOT\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}"
      "HKEY_CLASSES_ROOT\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}"
      "HKEY_CLASSES_ROOT\Installer\Features\5D72AF385B5242D47B69FD47F2805AFC"
      "HKEY_CLASSES_ROOT\Installer\Features\428C9AFC877ABE7409DCBBD48BC23F84"
      "HKEY_CLASSES_ROOT\Installer\Features\5D72AF385B5242D47B69FD47F2805AFC"
      "HKEY_CLASSES_ROOT\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
      "HKEY_CLASSES_ROOT\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
      "HKEY_CLASSES_ROOT\SWEETIE.IEToolbar"
      "HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1"
      "HKEY_CLASSES_ROOT\SWEETIE.SWEETIE"
      "HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3"
      "HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook"
      "HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1"
      "HKEY_CLASSES_ROOT\Toolbar3.SWEETIE"
      "HKEY_CLASSES_ROOT\Toolbar3.SWEETIE.1"
      "HKEY_CLASSES_ROOT\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}"
      "HKEY_CLASSES_ROOT\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}"
      "HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator"
      "HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator.1"
      "HKEY_CURRENT_USER\SOFTWARE\SweetIM"
      "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks" /v "{EEE6C35D-6118-11DC-9C72-001320C79847}"
      "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
      "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
      "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\428C9AFC877ABE7409DCBBD48BC23F84"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5D72AF385B5242D47B69FD47F2805AFC"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{EEE6C35B-6118-11DC-9C72-001320C79847}"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CFA9C824-A778-47EB-90CD-BB4DB82CF348}"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83FA27D5-25B5-4D24-B796-DF742F08A5CF}"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5D72AF385B5242D47B69FD47F2805AFC"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\428C9AFC877ABE7409DCBBD48BC23F84"
      "HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
      .
      [26/08/2008 19:26|d--------] C:\Program Files\SweetIM
      [26/08/2008 19:26|--a------] C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\searchplugins\sweetim.xml
      [26/08/2008 19:26|d--------] C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
      [27/08/2008 17:32|d--------] C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\SweetIMToolbarData
      [26/08/2008 19:26|d--------] C:\Documents and Settings\All Users\Application Data\SweetIM

      +-----------------------| ADDED SCAN :



      +---------- Scanning prefs.js ... ( # Mozilla User Preferences )

      ...\n9e00o1n.default\prefs.js :

      ~~~~ Mozilla FireFox version 2.0.0.18 ~~~~

      Start Page : "https://www.google.fr/?gws_rd=ssl"

      +----------+

      FOUND - user_pref("browser.search.defaulturl", "https://search.sweetim.com/search.asp?src=2&q=");
      FOUND - user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
      FOUND - user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
      FOUND - user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
      FOUND - user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
      FOUND - user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
      FOUND - user_pref("sweetim.toolbar.mode.debug", "false");
      FOUND - user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
      FOUND - user_pref("sweetim.toolbar.search.history.capacity", "10");
      FOUND - user_pref("sweetim.toolbar.simapp_id", "{C1A8DAC6-98BE-4301-BCD5-29354E23E244}");
      FOUND - user_pref("sweetim.toolbar.version", "1.0.0.3");

      +---------------------------------------------------------------------------+

      +--[HKEY_CURRENT_USER\..\Run]

      ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
      LDM REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      LogitechSoftwareUpdate REG_SZ "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
      updateMgr REG_SZ C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
      Picasa Media Detector REG_SZ C:\Program Files\Picasa2\PicasaMediaDetector.exe
      Wallpaper REG_SZ "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
      IMBooster REG_SZ C:\Program Files\Iminent\imbooster.exe /warmup

      +--[HKEY_LOCAL_MACHINE\..\Run]

      NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      ccApp REG_SZ "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
      nwiz REG_SZ nwiz.exe /install
      hpqSRMon REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
      QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
      Symantec PIF AlertEng REG_SZ "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

      +--[HKEY_USERS\.DEFAULT\..\Run]

      CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE

      +--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

      Start Page : hxxp://google.fr/

      +--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

      Start Page : hxxp://home.sweetim.com

      +---------------------------------------------------------------------------+

      - "C:\AD-report-12.12.2008.log" (14531 octets)

      [ END at: 21:33:39 | 12/12/2008 ] - [ Time elapsed: 11.5 seconds ]

      +---------------------------------------------------------------------------+
      +------------------------------- [ E.O.F - 163 lines ]
      +---------------------------------------------------------------------------+
      0
  8. X_Cyr
     
    La suite

    --------------------\\ Lop S&D 4.2.4-9c XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : Cyrille ( Administrator )
    BOOT : Normal boot
    Antivirus : Norton Internet Security 2006 2006 (Activated)
    Firewall : Norton Internet Security 2006 2006 (Activated)
    C:\ (Local Disk) - NTFS - Total:290 Go (Free:90 Go)
    D:\ (CD or DVD)
    F:\ (USB)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)

    "C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
    Option : [1] ( 12/12/2008|21:20 )

    --------------------\\ Listing des dossiers dans APPLIC~1

    [10/12/2006|14:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
    [10/12/2006|14:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
    [10/12/2006|14:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
    [10/12/2006|14:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
    [10/12/2006|14:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
    [10/12/2006|14:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver

    [11/12/2008|18:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{7DE2D9B5-C959-4D68-9E63-E73738EF6F02}
    [29/06/2008|14:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [04/08/2008|19:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\albumphoto
    [29/01/2008|16:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
    [11/08/2008|13:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone
    [25/05/2007|21:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
    [31/08/2008|00:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
    [16/01/2008|16:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [13/08/2008|12:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
    [13/08/2008|12:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
    [13/08/2008|12:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
    [13/08/2008|12:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HPSSUPPLY
    [28/08/2008|06:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Htm Support Bait Deaf
    [06/08/2008|17:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM
    [06/08/2008|17:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail
    [10/12/2006|14:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    [12/12/2008|13:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [20/08/2008|19:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [10/08/2008|13:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
    [04/09/2008|07:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
    [10/12/2006|14:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OD2
    [29/06/2008|13:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    [05/12/2008|23:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    [10/12/2006|14:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc
    [26/08/2008|19:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM
    [06/10/2008|07:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    [10/12/2006|14:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
    [10/12/2006|14:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    [13/08/2008|13:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WEBREG
    [24/07/2008|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [29/06/2008|12:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    [18/02/2007|15:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\X10 Settings
    [25/07/2008|11:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

    [08/08/2008|13:15] C:\DOCUME~1\Cyrille\APPLIC~1\Adobe
    [29/06/2008|14:50] C:\DOCUME~1\Cyrille\APPLIC~1\AdobeUM
    [30/03/2007|17:05] C:\DOCUME~1\Cyrille\APPLIC~1\Ahead
    [25/05/2007|21:38] C:\DOCUME~1\Cyrille\APPLIC~1\CyberLink
    [13/05/2008|18:25] C:\DOCUME~1\Cyrille\APPLIC~1\DivX
    [02/12/2008|14:22] C:\DOCUME~1\Cyrille\APPLIC~1\dvdcss
    [29/06/2008|13:29] C:\DOCUME~1\Cyrille\APPLIC~1\FotoWire
    [04/06/2008|15:53] C:\DOCUME~1\Cyrille\APPLIC~1\FUJIFILM
    [24/04/2008|13:33] C:\DOCUME~1\Cyrille\APPLIC~1\Greyfirst
    [04/09/2007|21:14] C:\DOCUME~1\Cyrille\APPLIC~1\Help
    [13/08/2008|19:30] C:\DOCUME~1\Cyrille\APPLIC~1\HP
    [10/12/2008|15:13] C:\DOCUME~1\Cyrille\APPLIC~1\HPAppData
    [10/12/2006|14:13] C:\DOCUME~1\Cyrille\APPLIC~1\Identities
    [26/08/2008|20:32] C:\DOCUME~1\Cyrille\APPLIC~1\Iminent
    [04/06/2008|15:49] C:\DOCUME~1\Cyrille\APPLIC~1\InstallShield
    [26/03/2007|21:46] C:\DOCUME~1\Cyrille\APPLIC~1\Leadertech
    [10/12/2006|14:13] C:\DOCUME~1\Cyrille\APPLIC~1\Macromedia
    [12/12/2008|13:00] C:\DOCUME~1\Cyrille\APPLIC~1\Malwarebytes
    [24/08/2008|16:07] C:\DOCUME~1\Cyrille\APPLIC~1\Microsoft
    [10/12/2006|14:13] C:\DOCUME~1\Cyrille\APPLIC~1\Mozilla
    [29/06/2008|19:50] C:\DOCUME~1\Cyrille\APPLIC~1\MSNInstaller
    [25/03/2007|11:16] C:\DOCUME~1\Cyrille\APPLIC~1\My Games
    [26/01/2007|17:27] C:\DOCUME~1\Cyrille\APPLIC~1\OD2
    [25/07/2008|09:40] C:\DOCUME~1\Cyrille\APPLIC~1\Real
    [05/12/2008|23:40] C:\DOCUME~1\Cyrille\APPLIC~1\Skype
    [05/12/2008|23:03] C:\DOCUME~1\Cyrille\APPLIC~1\skypePM
    [26/03/2007|21:46] C:\DOCUME~1\Cyrille\APPLIC~1\Sonic
    [26/03/2007|21:23] C:\DOCUME~1\Cyrille\APPLIC~1\Sun
    [31/08/2008|08:18] C:\DOCUME~1\Cyrille\APPLIC~1\Symantec
    [27/07/2007|19:56] C:\DOCUME~1\Cyrille\APPLIC~1\Ulead Systems
    [05/12/2008|23:48] C:\DOCUME~1\Cyrille\APPLIC~1\uTorrent
    [13/11/2008|10:43] C:\DOCUME~1\Cyrille\APPLIC~1\vlc
    [26/10/2008|10:57] C:\DOCUME~1\Cyrille\APPLIC~1\Wallpaper
    [30/11/2008|16:54] C:\DOCUME~1\Cyrille\APPLIC~1\Xfire
    [10/12/2006|14:13] C:\DOCUME~1\Cyrille\APPLIC~1\You've Got Pictures Screensaver

    [10/12/2006|14:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [10/12/2006|14:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
    [10/12/2006|14:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [10/12/2006|14:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Mozilla
    [10/12/2006|14:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
    [10/12/2006|14:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

    [14/05/2008|01:15] C:\DOCUME~1\LOCALS~1\APPLIC~1\DivX
    [10/12/2006|14:13] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [10/12/2006|14:14] C:\DOCUME~1\LOCALS~1\APPLIC~1\X10 Commander

    [10/12/2006|14:13] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
    [12/12/2008|09:28] C:\DOCUME~1\NETWOR~1\APPLIC~1\X10 Commander

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [12/12/2008 18:00][--a------] C:\WINDOWS\tasks\Configurer mon PC.job
    [12/12/2008 20:00][--a------] C:\WINDOWS\tasks\Norton AntiVirus - Effectuer une analyse complŠte du systŠme - Cyrille.job
    [12/12/2008 18:00][--a------] C:\WINDOWS\tasks\Extension de garantie.job
    [12/12/2008 18:00][--a------] C:\WINDOWS\tasks\Master CD_DVD Creator.job
    [26/01/2007 17:17][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 2.job
    [12/12/2008 20:23][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [10/08/2004 14:00][-rah-c---] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [06/07/2008|21:51] C:\Program Files\2K Games
    [27/06/2007|15:02] C:\Program Files\3DO
    [10/12/2006|14:13] C:\Program Files\Adobe
    [30/03/2007|18:31] C:\Program Files\Ahead
    [28/08/2008|06:12] C:\Program Files\Aim Style Heart
    [02/12/2007|14:43] C:\Program Files\ANNO 1503 GOLD
    [03/02/2008|17:40] C:\Program Files\Anuman Interactive
    [29/01/2008|16:51] C:\Program Files\AOL 9.0
    [10/12/2006|14:14] C:\Program Files\AOL Compagnon
    [09/09/2007|14:07] C:\Program Files\Aquatic Tycoon
    [30/01/2007|10:50] C:\Program Files\Atari
    [09/03/2007|11:49] C:\Program Files\Bethesda Softworks
    [11/08/2008|12:23] C:\Program Files\BitTorrent Fastest Tool
    [19/09/2008|20:22] C:\Program Files\Black Isle
    [16/10/2007|18:49] C:\Program Files\Browser Mouse
    [24/08/2008|16:27] C:\Program Files\BufferZone
    [12/12/2008|11:54] C:\Program Files\CCleaner
    [17/11/2008|17:07] C:\Program Files\Celtx
    [10/12/2006|14:13] C:\Program Files\Common Files
    [10/12/2006|14:13] C:\Program Files\ComPlus Applications
    [11/08/2008|12:22] C:\Program Files\Conduit
    [23/11/2008|17:06] C:\Program Files\ConTEXT
    [10/12/2008|11:22] C:\Program Files\CVitae
    [10/12/2006|14:13] C:\Program Files\CyberLink
    [16/02/2007|12:43] C:\Program Files\directx
    [18/08/2008|19:39] C:\Program Files\DivX
    [27/01/2008|15:11] C:\Program Files\Doom 3
    [29/10/2007|23:47] C:\Program Files\EasyPHP 2.0b1
    [11/12/2008|21:14] C:\Program Files\eMule
    [03/09/2007|13:09] C:\Program Files\EPSON
    [12/12/2008|13:56] C:\Program Files\Fichiers communs
    [12/12/2008|20:26] C:\Program Files\FindyKill
    [30/08/2008|23:51] C:\Program Files\FinePixViewerS
    [26/01/2007|17:45] C:\Program Files\Firaxis Games
    [03/01/2008|19:10] C:\Program Files\FireFly Studios
    [12/04/2007|21:14] C:\Program Files\Gabest
    [28/02/2008|13:28] C:\Program Files\glGo
    [27/11/2008|09:07] C:\Program Files\Google
    [12/08/2008|18:28] C:\Program Files\Hercules
    [13/08/2008|12:56] C:\Program Files\Hewlett-Packard
    [13/08/2008|12:58] C:\Program Files\HP
    [17/11/2007|12:00] C:\Program Files\IconColl
    [11/12/2008|18:17] C:\Program Files\Iminent
    [20/07/2007|13:43] C:\Program Files\Infogrames
    [04/11/2007|23:59] C:\Program Files\InstallShield
    [19/11/2008|19:19] C:\Program Files\InstallShield Installation Information
    [11/12/2008|18:13] C:\Program Files\Internet Explorer
    [10/12/2006|14:13] C:\Program Files\Java
    [25/06/2007|16:19] C:\Program Files\Jeu petit
    [14/03/2008|10:43] C:\Program Files\JoWooD
    [15/01/2008|14:04] C:\Program Files\Kyodai
    [10/12/2006|14:13] C:\Program Files\Learn2.com
    [29/06/2008|13:29] C:\Program Files\Logitech
    [12/12/2008|13:11] C:\Program Files\Malwarebytes' Anti-Malware
    [18/07/2008|20:20] C:\Program Files\Maxis
    [13/08/2008|20:04] C:\Program Files\Messenger
    [03/02/2008|17:46] C:\Program Files\Micro Application
    [16/02/2007|12:53] C:\Program Files\Microids
    [27/06/2007|16:48] C:\Program Files\Microprose
    [20/08/2008|19:28] C:\Program Files\Microsoft ActiveSync
    [29/06/2008|16:17] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [10/12/2006|14:13] C:\Program Files\microsoft frontpage
    [27/01/2008|08:30] C:\Program Files\Microsoft Games
    [20/08/2008|19:27] C:\Program Files\Microsoft Office
    [04/11/2007|23:53] C:\Program Files\Microsoft Visual Studio
    [30/06/2008|02:02] C:\Program Files\Microsoft Works
    [21/05/2007|17:00] C:\Program Files\Microsoft.NET
    [01/03/2007|18:56] C:\Program Files\Monte Cristo
    [11/08/2008|17:25] C:\Program Files\Movie Maker
    [12/12/2008|21:06] C:\Program Files\Mozilla Firefox
    [29/06/2008|19:49] C:\Program Files\MSN
    [10/12/2006|14:13] C:\Program Files\MSN Gaming Zone
    [27/01/2008|08:33] C:\Program Files\MSXML 4.0
    [24/08/2008|15:45] C:\Program Files\Multi_Media_France
    [11/08/2008|17:23] C:\Program Files\NetMeeting
    [01/12/2008|09:38] C:\Program Files\Norton Internet Security
    [10/08/2008|13:48] C:\Program Files\NOS
    [10/12/2006|14:15] C:\Program Files\Online Services
    [11/08/2008|17:23] C:\Program Files\Outlook Express
    [06/08/2008|11:38] C:\Program Files\Picasa2
    [09/09/2007|14:08] C:\Program Files\Prison Tycoon
    [04/11/2007|23:53] C:\Program Files\Publication Web
    [10/12/2006|14:15] C:\Program Files\QuickTime
    [10/12/2006|14:13] C:\Program Files\Real
    [10/12/2006|14:13] C:\Program Files\Realtek
    [19/09/2008|20:12] C:\Program Files\Resounding
    [21/01/2008|17:10] C:\Program Files\SDLL
    [11/08/2008|13:17] C:\Program Files\Secured eMule
    [24/08/2008|16:13] C:\Program Files\Secured IE
    [11/08/2008|13:18] C:\Program Files\Secured_eMule
    [24/08/2008|16:13] C:\Program Files\securedie
    [10/12/2006|14:15] C:\Program Files\Services en ligne
    [24/08/2008|16:14] C:\Program Files\Share_Accelerator_MM
    [27/02/2008|22:28] C:\Program Files\Sierra
    [16/07/2007|11:42] C:\Program Files\Sierra On-Line
    [05/12/2008|23:01] C:\Program Files\Skype
    [16/07/2007|16:29] C:\Program Files\Smart Projects
    [10/12/2006|14:13] C:\Program Files\SmartSound Software
    [10/12/2006|14:13] C:\Program Files\Sonic
    [08/04/2007|09:10] C:\Program Files\Strategy First
    [26/08/2008|19:26] C:\Program Files\SweetIM
    [19/08/2008|18:01] C:\Program Files\Symantec
    [16/07/2007|14:45] C:\Program Files\Team17
    [19/11/2008|19:19] C:\Program Files\THQ
    [11/08/2008|12:22] C:\Program Files\torrent_search
    [12/12/2008|12:28] C:\Program Files\Trend Micro
    [23/06/2008|20:03] C:\Program Files\Ubisoft
    [10/12/2006|14:13] C:\Program Files\Ulead Systems
    [10/12/2006|14:13] C:\Program Files\Uninstall Information
    [29/11/2008|22:30] C:\Program Files\uTorrent
    [13/11/2008|10:40] C:\Program Files\VideoLAN
    [10/12/2006|14:13] C:\Program Files\Viewpoint
    [06/10/2008|23:15] C:\Program Files\VirtualDubMOD
    [26/10/2008|10:30] C:\Program Files\Wallpaper
    [26/03/2007|22:33] C:\Program Files\WinASPI
    [29/06/2008|12:53] C:\Program Files\Windows Live
    [12/12/2008|10:55] C:\Program Files\Windows Live Safety Center
    [10/12/2006|14:13] C:\Program Files\Windows Media Components
    [23/07/2008|08:49] C:\Program Files\Windows Media Connect 2
    [31/08/2008|00:15] C:\Program Files\Windows Media Player
    [11/08/2008|17:23] C:\Program Files\Windows NT
    [10/12/2006|14:13] C:\Program Files\Windows Plus
    [10/12/2006|14:13] C:\Program Files\WindowsUpdate
    [30/03/2007|17:02] C:\Program Files\WinRAR
    [13/05/2007|19:48] C:\Program Files\WinZip
    [10/12/2006|14:16] C:\Program Files\X10 Hardware
    [10/12/2006|14:13] C:\Program Files\xerox
    [01/12/2008|09:32] C:\Program Files\Xfire
    [24/08/2008|16:14] C:\Program Files\Zapu

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [29/06/2008|14:47] C:\Program Files\Fichiers communs\Adobe
    [10/12/2006|14:14] C:\Program Files\Fichiers communs\AOL
    [10/12/2006|14:14] C:\Program Files\Fichiers communs\aolshare
    [04/11/2007|23:52] C:\Program Files\Fichiers communs\DESIGNER
    [29/06/2008|13:29] C:\Program Files\Fichiers communs\FotoWire
    [13/08/2008|12:56] C:\Program Files\Fichiers communs\Hewlett-Packard
    [13/08/2008|12:56] C:\Program Files\Fichiers communs\HP
    [10/12/2006|14:13] C:\Program Files\Fichiers communs\InstallShield
    [10/12/2006|14:13] C:\Program Files\Fichiers communs\Java
    [20/08/2008|19:28] C:\Program Files\Fichiers communs\L&H
    [29/06/2008|13:28] C:\Program Files\Fichiers communs\Logitech
    [20/08/2008|19:28] C:\Program Files\Fichiers communs\Microsoft Shared
    [10/12/2006|14:13] C:\Program Files\Fichiers communs\MSSoap
    [10/12/2006|14:13] C:\Program Files\Fichiers communs\Nullsoft
    [10/12/2006|14:13] C:\Program Files\Fichiers communs\ODBC
    [25/07/2008|05:55] C:\Program Files\Fichiers communs\Real
    [10/12/2006|14:14] C:\Program Files\Fichiers communs\Services
    [05/12/2008|23:01] C:\Program Files\Fichiers communs\Skype
    [10/12/2006|14:14] C:\Program Files\Fichiers communs\Sonic Shared
    [10/12/2006|14:13] C:\Program Files\Fichiers communs\SpeechEngines
    [10/12/2006|14:14] C:\Program Files\Fichiers communs\SureThing Shared
    [11/12/2008|18:18] C:\Program Files\Fichiers communs\Symantec Shared
    [11/08/2008|17:23] C:\Program Files\Fichiers communs\System
    [10/12/2006|14:13] C:\Program Files\Fichiers communs\TiVo Shared
    [10/12/2006|14:15] C:\Program Files\Fichiers communs\Ulead Systems
    [29/06/2008|12:52] C:\Program Files\Fichiers communs\WindowsLiveInstaller
    [25/07/2008|05:55] C:\Program Files\Fichiers communs\xing shared

    --------------------\\ Process

    ( 40 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Htm Support Bait Deaf
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Htm Support Bait Deaf\Draw Free.exe
    C:\Program Files\BitTorrent Fastest Tool
    C:\Program Files\BitTorrent Fastest Tool\3wPlayer-2.0.0.0-setup.exe
    C:\Program Files\BitTorrent Fastest Tool\BitP.exe
    C:\Program Files\BitTorrent Fastest Tool\DWbrk03_0308.exe
    C:\Program Files\BitTorrent Fastest Tool\INSTALL.LOG
    C:\Program Files\Multi_Media_France
    C:\Program Files\Multi_Media_France\INSTALL.LOG
    C:\Program Files\Multi_Media_France
    C:\Program Files\Multi_Media_France\INSTALL.LOG

    --------------------\\ Verification du Registre

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Love Iso Rdr]
    "DisplayName"="CiD Help"
    "UninstallString"="C:\\DOCUME~1\\Cyrille\\APPLIC~1\\AIMSTY~1\\Slow real.exe -uninstall"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-12 21:21:41
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 17

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    [F:5][D:1]-> C:\DOCUME~1\Cyrille\LOCALS~1\Temp
    [F:28][D:0]-> C:\DOCUME~1\Cyrille\Cookies
    [F:103][D:4]-> C:\DOCUME~1\Cyrille\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 12/12/2008|21:22 - Option : [1]

    --------------------\\ Fin du rapport a 21:22:32
    0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok je te laisse finir ici destrio5?

    _____________

    pour avancer ce que j'avais fais

    relance lop sd puis

    * Choisis cette fois ci l'Option 2 (Suppression)
    * Ne ferme pas la fenêtre lors de la suppression !
    * Poste le rapport généré (C:\lopR.txt)

    (Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

    ________________

    relance AD remover et choisir l'option B et cocher SWEETIM en mettant le chiffre correspondant a la ligne puis supprimer et coller le rapport

    ensuite pour la suite

    tu nous remets un rapport RSIT
    0
    1. X_Cyr
       
      Voici


      --------------------\\ Lop S&D 4.2.4-9c XP/Vista

      Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
      X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz )
      BIOS : Phoenix - AwardBIOS v6.00PG
      USER : Cyrille ( Administrator )
      BOOT : Normal boot
      Antivirus : Norton Internet Security 2006 2006 (Activated)
      Firewall : Norton Internet Security 2006 2006 (Activated)
      C:\ (Local Disk) - NTFS - Total:290 Go (Free:91 Go)
      D:\ (CD or DVD)
      F:\ (USB)
      G:\ (USB)
      H:\ (USB)
      I:\ (USB)

      "C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
      Option : [2] ( 12/12/2008|22:18 )


      \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

      Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Htm Support Bait Deaf\Draw Free.exe
      Supprime! - C:\Program Files\BitTorrent Fastest Tool\3wPlayer-2.0.0.0-setup.exe
      Supprime! - C:\Program Files\BitTorrent Fastest Tool\BitP.exe
      Supprime! - C:\Program Files\BitTorrent Fastest Tool\DWbrk03_0308.exe
      Supprime! - C:\Program Files\BitTorrent Fastest Tool\INSTALL.LOG
      Supprime! - C:\Program Files\Multi_Media_France\INSTALL.LOG
      Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Htm Support Bait Deaf
      Supprime! - C:\Program Files\BitTorrent Fastest Tool
      Supprime! - C:\Program Files\Multi_Media_France

      \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

      Supprime! - C:\Program Files\Viewpoint
      Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

      \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


      --------------------\\ Listing des dossiers dans APPLIC~1

      [10/12/2006|14:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
      [10/12/2006|14:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
      [10/12/2006|14:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
      [10/12/2006|14:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
      [10/12/2006|14:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
      [10/12/2006|14:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver

      [11/12/2008|18:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{7DE2D9B5-C959-4D68-9E63-E73738EF6F02}
      [29/06/2008|14:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
      [04/08/2008|19:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\albumphoto
      [29/01/2008|16:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
      [11/08/2008|13:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone
      [25/05/2007|21:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
      [31/08/2008|00:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
      [16/01/2008|16:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
      [13/08/2008|12:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
      [13/08/2008|12:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
      [13/08/2008|12:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
      [13/08/2008|12:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HPSSUPPLY
      [06/08/2008|17:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM
      [06/08/2008|17:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail
      [10/12/2006|14:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
      [12/12/2008|13:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
      [20/08/2008|19:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
      [10/08/2008|13:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
      [04/09/2008|07:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
      [10/12/2006|14:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OD2
      [29/06/2008|13:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
      [05/12/2008|23:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
      [10/12/2006|14:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc
      [26/08/2008|19:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM
      [06/10/2008|07:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
      [10/12/2006|14:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
      [13/08/2008|13:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WEBREG
      [24/07/2008|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
      [29/06/2008|12:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
      [18/02/2007|15:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\X10 Settings
      [25/07/2008|11:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

      [08/08/2008|13:15] C:\DOCUME~1\Cyrille\APPLIC~1\Adobe
      [29/06/2008|14:50] C:\DOCUME~1\Cyrille\APPLIC~1\AdobeUM
      [30/03/2007|17:05] C:\DOCUME~1\Cyrille\APPLIC~1\Ahead
      [25/05/2007|21:38] C:\DOCUME~1\Cyrille\APPLIC~1\CyberLink
      [13/05/2008|18:25] C:\DOCUME~1\Cyrille\APPLIC~1\DivX
      [02/12/2008|14:22] C:\DOCUME~1\Cyrille\APPLIC~1\dvdcss
      [29/06/2008|13:29] C:\DOCUME~1\Cyrille\APPLIC~1\FotoWire
      [04/06/2008|15:53] C:\DOCUME~1\Cyrille\APPLIC~1\FUJIFILM
      [24/04/2008|13:33] C:\DOCUME~1\Cyrille\APPLIC~1\Greyfirst
      [04/09/2007|21:14] C:\DOCUME~1\Cyrille\APPLIC~1\Help
      [13/08/2008|19:30] C:\DOCUME~1\Cyrille\APPLIC~1\HP
      [10/12/2008|15:13] C:\DOCUME~1\Cyrille\APPLIC~1\HPAppData
      [10/12/2006|14:13] C:\DOCUME~1\Cyrille\APPLIC~1\Identities
      [26/08/2008|20:32] C:\DOCUME~1\Cyrille\APPLIC~1\Iminent
      [04/06/2008|15:49] C:\DOCUME~1\Cyrille\APPLIC~1\InstallShield
      [26/03/2007|21:46] C:\DOCUME~1\Cyrille\APPLIC~1\Leadertech
      [10/12/2006|14:13] C:\DOCUME~1\Cyrille\APPLIC~1\Macromedia
      [12/12/2008|13:00] C:\DOCUME~1\Cyrille\APPLIC~1\Malwarebytes
      [24/08/2008|16:07] C:\DOCUME~1\Cyrille\APPLIC~1\Microsoft
      [10/12/2006|14:13] C:\DOCUME~1\Cyrille\APPLIC~1\Mozilla
      [29/06/2008|19:50] C:\DOCUME~1\Cyrille\APPLIC~1\MSNInstaller
      [25/03/2007|11:16] C:\DOCUME~1\Cyrille\APPLIC~1\My Games
      [26/01/2007|17:27] C:\DOCUME~1\Cyrille\APPLIC~1\OD2
      [25/07/2008|09:40] C:\DOCUME~1\Cyrille\APPLIC~1\Real
      [05/12/2008|23:40] C:\DOCUME~1\Cyrille\APPLIC~1\Skype
      [05/12/2008|23:03] C:\DOCUME~1\Cyrille\APPLIC~1\skypePM
      [26/03/2007|21:46] C:\DOCUME~1\Cyrille\APPLIC~1\Sonic
      [26/03/2007|21:23] C:\DOCUME~1\Cyrille\APPLIC~1\Sun
      [31/08/2008|08:18] C:\DOCUME~1\Cyrille\APPLIC~1\Symantec
      [27/07/2007|19:56] C:\DOCUME~1\Cyrille\APPLIC~1\Ulead Systems
      [05/12/2008|23:48] C:\DOCUME~1\Cyrille\APPLIC~1\uTorrent
      [13/11/2008|10:43] C:\DOCUME~1\Cyrille\APPLIC~1\vlc
      [26/10/2008|10:57] C:\DOCUME~1\Cyrille\APPLIC~1\Wallpaper
      [30/11/2008|16:54] C:\DOCUME~1\Cyrille\APPLIC~1\Xfire
      [10/12/2006|14:13] C:\DOCUME~1\Cyrille\APPLIC~1\You've Got Pictures Screensaver

      [10/12/2006|14:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
      [10/12/2006|14:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
      [10/12/2006|14:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
      [10/12/2006|14:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Mozilla
      [10/12/2006|14:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
      [10/12/2006|14:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

      [14/05/2008|01:15] C:\DOCUME~1\LOCALS~1\APPLIC~1\DivX
      [10/12/2006|14:13] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
      [10/12/2006|14:14] C:\DOCUME~1\LOCALS~1\APPLIC~1\X10 Commander

      [10/12/2006|14:13] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
      [12/12/2008|09:28] C:\DOCUME~1\NETWOR~1\APPLIC~1\X10 Commander

      --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

      [12/12/2008 18:00][--a------] C:\WINDOWS\tasks\Configurer mon PC.job
      [12/12/2008 20:00][--a------] C:\WINDOWS\tasks\Norton AntiVirus - Effectuer une analyse complète du système - Cyrille.job
      [12/12/2008 18:00][--a------] C:\WINDOWS\tasks\Extension de garantie.job
      [12/12/2008 18:00][--a------] C:\WINDOWS\tasks\Master CD_DVD Creator.job
      [26/01/2007 17:17][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 2.job
      [12/12/2008 22:10][--ah-----] C:\WINDOWS\tasks\SA.DAT
      [10/08/2004 14:00][-rah-c---] C:\WINDOWS\tasks\desktop.ini

      --------------------\\ Listing des dossiers dans C:\Program Files

      [06/07/2008|21:51] C:\Program Files\2K Games
      [27/06/2007|15:02] C:\Program Files\3DO
      [10/12/2006|14:13] C:\Program Files\Adobe
      [12/12/2008|21:33] C:\Program Files\Ad-remover
      [30/03/2007|18:31] C:\Program Files\Ahead
      [28/08/2008|06:12] C:\Program Files\Aim Style Heart
      [02/12/2007|14:43] C:\Program Files\ANNO 1503 GOLD
      [03/02/2008|17:40] C:\Program Files\Anuman Interactive
      [29/01/2008|16:51] C:\Program Files\AOL 9.0
      [10/12/2006|14:14] C:\Program Files\AOL Compagnon
      [09/09/2007|14:07] C:\Program Files\Aquatic Tycoon
      [30/01/2007|10:50] C:\Program Files\Atari
      [09/03/2007|11:49] C:\Program Files\Bethesda Softworks
      [19/09/2008|20:22] C:\Program Files\Black Isle
      [16/10/2007|18:49] C:\Program Files\Browser Mouse
      [24/08/2008|16:27] C:\Program Files\BufferZone
      [12/12/2008|11:54] C:\Program Files\CCleaner
      [17/11/2008|17:07] C:\Program Files\Celtx
      [10/12/2006|14:13] C:\Program Files\Common Files
      [10/12/2006|14:13] C:\Program Files\ComPlus Applications
      [11/08/2008|12:22] C:\Program Files\Conduit
      [23/11/2008|17:06] C:\Program Files\ConTEXT
      [10/12/2008|11:22] C:\Program Files\CVitae
      [10/12/2006|14:13] C:\Program Files\CyberLink
      [16/02/2007|12:43] C:\Program Files\directx
      [18/08/2008|19:39] C:\Program Files\DivX
      [27/01/2008|15:11] C:\Program Files\Doom 3
      [29/10/2007|23:47] C:\Program Files\EasyPHP 2.0b1
      [11/12/2008|21:14] C:\Program Files\eMule
      [03/09/2007|13:09] C:\Program Files\EPSON
      [12/12/2008|22:09] C:\Program Files\Fichiers communs
      [12/12/2008|20:26] C:\Program Files\FindyKill
      [30/08/2008|23:51] C:\Program Files\FinePixViewerS
      [26/01/2007|17:45] C:\Program Files\Firaxis Games
      [03/01/2008|19:10] C:\Program Files\FireFly Studios
      [12/04/2007|21:14] C:\Program Files\Gabest
      [28/02/2008|13:28] C:\Program Files\glGo
      [27/11/2008|09:07] C:\Program Files\Google
      [12/08/2008|18:28] C:\Program Files\Hercules
      [13/08/2008|12:56] C:\Program Files\Hewlett-Packard
      [13/08/2008|12:58] C:\Program Files\HP
      [17/11/2007|12:00] C:\Program Files\IconColl
      [11/12/2008|18:17] C:\Program Files\Iminent
      [20/07/2007|13:43] C:\Program Files\Infogrames
      [04/11/2007|23:59] C:\Program Files\InstallShield
      [19/11/2008|19:19] C:\Program Files\InstallShield Installation Information
      [11/12/2008|18:13] C:\Program Files\Internet Explorer
      [10/12/2006|14:13] C:\Program Files\Java
      [25/06/2007|16:19] C:\Program Files\Jeu petit
      [14/03/2008|10:43] C:\Program Files\JoWooD
      [15/01/2008|14:04] C:\Program Files\Kyodai
      [10/12/2006|14:13] C:\Program Files\Learn2.com
      [29/06/2008|13:29] C:\Program Files\Logitech
      [12/12/2008|13:11] C:\Program Files\Malwarebytes' Anti-Malware
      [18/07/2008|20:20] C:\Program Files\Maxis
      [13/08/2008|20:04] C:\Program Files\Messenger
      [03/02/2008|17:46] C:\Program Files\Micro Application
      [16/02/2007|12:53] C:\Program Files\Microids
      [27/06/2007|16:48] C:\Program Files\Microprose
      [20/08/2008|19:28] C:\Program Files\Microsoft ActiveSync
      [29/06/2008|16:17] C:\Program Files\Microsoft CAPICOM 2.1.0.2
      [10/12/2006|14:13] C:\Program Files\microsoft frontpage
      [27/01/2008|08:30] C:\Program Files\Microsoft Games
      [20/08/2008|19:27] C:\Program Files\Microsoft Office
      [04/11/2007|23:53] C:\Program Files\Microsoft Visual Studio
      [30/06/2008|02:02] C:\Program Files\Microsoft Works
      [21/05/2007|17:00] C:\Program Files\Microsoft.NET
      [01/03/2007|18:56] C:\Program Files\Monte Cristo
      [11/08/2008|17:25] C:\Program Files\Movie Maker
      [12/12/2008|22:13] C:\Program Files\Mozilla Firefox
      [29/06/2008|19:49] C:\Program Files\MSN
      [10/12/2006|14:13] C:\Program Files\MSN Gaming Zone
      [27/01/2008|08:33] C:\Program Files\MSXML 4.0
      [11/08/2008|17:23] C:\Program Files\NetMeeting
      [01/12/2008|09:38] C:\Program Files\Norton Internet Security
      [10/08/2008|13:48] C:\Program Files\NOS
      [10/12/2006|14:15] C:\Program Files\Online Services
      [11/08/2008|17:23] C:\Program Files\Outlook Express
      [06/08/2008|11:38] C:\Program Files\Picasa2
      [09/09/2007|14:08] C:\Program Files\Prison Tycoon
      [04/11/2007|23:53] C:\Program Files\Publication Web
      [10/12/2006|14:15] C:\Program Files\QuickTime
      [10/12/2006|14:13] C:\Program Files\Real
      [10/12/2006|14:13] C:\Program Files\Realtek
      [19/09/2008|20:12] C:\Program Files\Resounding
      [21/01/2008|17:10] C:\Program Files\SDLL
      [11/08/2008|13:17] C:\Program Files\Secured eMule
      [24/08/2008|16:13] C:\Program Files\Secured IE
      [11/08/2008|13:18] C:\Program Files\Secured_eMule
      [24/08/2008|16:13] C:\Program Files\securedie
      [10/12/2006|14:15] C:\Program Files\Services en ligne
      [24/08/2008|16:14] C:\Program Files\Share_Accelerator_MM
      [27/02/2008|22:28] C:\Program Files\Sierra
      [16/07/2007|11:42] C:\Program Files\Sierra On-Line
      [05/12/2008|23:01] C:\Program Files\Skype
      [16/07/2007|16:29] C:\Program Files\Smart Projects
      [10/12/2006|14:13] C:\Program Files\SmartSound Software
      [10/12/2006|14:13] C:\Program Files\Sonic
      [08/04/2007|09:10] C:\Program Files\Strategy First
      [26/08/2008|19:26] C:\Program Files\SweetIM
      [19/08/2008|18:01] C:\Program Files\Symantec
      [16/07/2007|14:45] C:\Program Files\Team17
      [19/11/2008|19:19] C:\Program Files\THQ
      [11/08/2008|12:22] C:\Program Files\torrent_search
      [12/12/2008|12:28] C:\Program Files\Trend Micro
      [23/06/2008|20:03] C:\Program Files\Ubisoft
      [10/12/2006|14:13] C:\Program Files\Ulead Systems
      [10/12/2006|14:13] C:\Program Files\Uninstall Information
      [29/11/2008|22:30] C:\Program Files\uTorrent
      [13/11/2008|10:40] C:\Program Files\VideoLAN
      [06/10/2008|23:15] C:\Program Files\VirtualDubMOD
      [26/10/2008|10:30] C:\Program Files\Wallpaper
      [26/03/2007|22:33] C:\Program Files\WinASPI
      [29/06/2008|12:53] C:\Program Files\Windows Live
      [12/12/2008|10:55] C:\Program Files\Windows Live Safety Center
      [10/12/2006|14:13] C:\Program Files\Windows Media Components
      [23/07/2008|08:49] C:\Program Files\Windows Media Connect 2
      [31/08/2008|00:15] C:\Program Files\Windows Media Player
      [11/08/2008|17:23] C:\Program Files\Windows NT
      [10/12/2006|14:13] C:\Program Files\Windows Plus
      [10/12/2006|14:13] C:\Program Files\WindowsUpdate
      [30/03/2007|17:02] C:\Program Files\WinRAR
      [13/05/2007|19:48] C:\Program Files\WinZip
      [10/12/2006|14:16] C:\Program Files\X10 Hardware
      [10/12/2006|14:13] C:\Program Files\xerox
      [01/12/2008|09:32] C:\Program Files\Xfire
      [24/08/2008|16:14] C:\Program Files\Zapu

      --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

      [29/06/2008|14:47] C:\Program Files\Fichiers communs\Adobe
      [10/12/2006|14:14] C:\Program Files\Fichiers communs\AOL
      [10/12/2006|14:14] C:\Program Files\Fichiers communs\aolshare
      [04/11/2007|23:52] C:\Program Files\Fichiers communs\DESIGNER
      [29/06/2008|13:29] C:\Program Files\Fichiers communs\FotoWire
      [13/08/2008|12:56] C:\Program Files\Fichiers communs\Hewlett-Packard
      [13/08/2008|12:56] C:\Program Files\Fichiers communs\HP
      [10/12/2006|14:13] C:\Program Files\Fichiers communs\InstallShield
      [10/12/2006|14:13] C:\Program Files\Fichiers communs\Java
      [20/08/2008|19:28] C:\Program Files\Fichiers communs\L&H
      [29/06/2008|13:28] C:\Program Files\Fichiers communs\Logitech
      [20/08/2008|19:28] C:\Program Files\Fichiers communs\Microsoft Shared
      [10/12/2006|14:13] C:\Program Files\Fichiers communs\MSSoap
      [10/12/2006|14:13] C:\Program Files\Fichiers communs\Nullsoft
      [10/12/2006|14:13] C:\Program Files\Fichiers communs\ODBC
      [25/07/2008|05:55] C:\Program Files\Fichiers communs\Real
      [10/12/2006|14:14] C:\Program Files\Fichiers communs\Services
      [05/12/2008|23:01] C:\Program Files\Fichiers communs\Skype
      [10/12/2006|14:14] C:\Program Files\Fichiers communs\Sonic Shared
      [10/12/2006|14:13] C:\Program Files\Fichiers communs\SpeechEngines
      [10/12/2006|14:14] C:\Program Files\Fichiers communs\SureThing Shared
      [11/12/2008|18:18] C:\Program Files\Fichiers communs\Symantec Shared
      [11/08/2008|17:23] C:\Program Files\Fichiers communs\System
      [10/12/2006|14:13] C:\Program Files\Fichiers communs\TiVo Shared
      [10/12/2006|14:15] C:\Program Files\Fichiers communs\Ulead Systems
      [29/06/2008|12:52] C:\Program Files\Fichiers communs\WindowsLiveInstaller
      [25/07/2008|05:55] C:\Program Files\Fichiers communs\xing shared

      --------------------\\ Process

      ( 51 Processes )

      ... OK !

      --------------------\\ Recherche avec S_Lop

      Aucun fichier / dossier Lop trouvé !

      --------------------\\ Recherche de Fichiers / Dossiers Lop

      Aucun fichier / dossier Lop trouvé !

      --------------------\\ Verification du Registre

      ..... OK !

      --------------------\\ Verification du fichier Hosts

      Fichier Hosts PROPRE


      --------------------\\ Recherche de fichiers avec Catchme

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-12-12 22:19:12
      Windows 5.1.2600 Service Pack 3 NTFS
      scanning hidden processes ...
      scanning hidden files ...
      scan completed successfully
      hidden processes: 0
      hidden files: 17

      --------------------\\ Recherche d'autres infections


      Aucune autre infection trouvée !

      [F:3][D:1]-> C:\DOCUME~1\Cyrille\LOCALS~1\Temp
      [F:28][D:0]-> C:\DOCUME~1\Cyrille\Cookies
      [F:10][D:2]-> C:\DOCUME~1\Cyrille\LOCALS~1\TEMPOR~1\content.IE5

      1 - "C:\Lop SD\LopR_1.txt" - 12/12/2008|21:22 - Option : [1]
      2 - "C:\Lop SD\LopR_2.txt" - 12/12/2008|22:19 - Option : [2]

      --------------------\\ Fin du rapport a 22:19:59
      0
    2. X_Cyr
       
      Voici le rapport RSIT:

      Ce qui m'ettone c'est qu'il n'y a que le fichier log et pas info.

      Logfile of random's system information tool 1.04 (written by random/random)
      Run by Cyrille at 2008-12-12 22:29:52
      Microsoft Windows XP Professionnel Service Pack 3
      System drive C: has 93 GB (31%) free of 297 GB
      Total RAM: 1022 MB (52% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:29:56, on 12/12/2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16762)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      C:\Program Files\Picasa2\PicasaMediaDetector.exe
      C:\Program Files\Wallpaper\Wallpaper.exe
      C:\Program Files\Iminent\imbooster.exe
      C:\Program Files\FinePixViewerS\QuickDCF2.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Hercules\WiFi Station\WifiStation.exe
      C:\Documents and Settings\Cyrille\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
      C:\Program Files\Zapu\Zapu\wDivi.exe
      C:\Documents and Settings\Cyrille\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
      C:\xampp\xampp\apache\bin\apache.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\xampp\xampp\mysql\bin\mysqld-nt.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
      C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
      C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      C:\xampp\xampp\apache\bin\apache.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
      C:\WINDOWS\explorer.exe
      C:\Documents and Settings\Cyrille\Bureau\RSIT.exe
      C:\Program Files\Trend Micro\HijackThis\Cyrille.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
      R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
      R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
      O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
      O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing)
      O2 - BHO: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
      O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
      O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\APPS\BAE\BAE.dll
      O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
      O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
      O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
      O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
      O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
      O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
      O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
      O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
      O4 - HKCU\..\Run: [IMBooster] C:\Program Files\Iminent\imbooster.exe /warmup
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Outil de notification Live Search.lnk = Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
      O4 - Startup: Zapu Acceleration Engine.lnk = C:\Program Files\Zapu\Zapu\wincm.exe
      O4 - Startup: Zapu.lnk = C:\Program Files\Zapu\Zapu\wDivi.exe
      O4 - Global Startup: Exif Launcher S.lnk = ?
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O4 - Global Startup: WiFi Station.lnk = ?
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
      O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
      O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O14 - IERESET.INF: START_PAGE_URL=http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
      O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skyson
      O17 - HKLM\Software\..\Telephony: DomainName = skyson
      O17 - HKLM\System\CCS\Services\Tcpip\..\{16D59095-99F6-4D1A-8B88-880639D6A718}: NameServer = 80.118.192.100,80.118.196.36
      O17 - HKLM\System\CCS\Services\Tcpip\..\{90D4FA0B-9A0F-4183-BA5B-014247BB8022}: NameServer = 212.30.96.108,212.30.124.146
      O17 - HKLM\System\CCS\Services\Tcpip\..\{AC5A431E-F610-4702-8195-53213055EABB}: NameServer = 212.30.96.108,212.30.124.146
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skyson
      O17 - HKLM\System\CS1\Services\Tcpip\..\{16D59095-99F6-4D1A-8B88-880639D6A718}: NameServer = 80.118.192.100,80.118.196.36
      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = skyson
      O17 - HKLM\System\CS2\Services\Tcpip\..\{16D59095-99F6-4D1A-8B88-880639D6A718}: NameServer = 80.118.192.100,80.118.196.36
      O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = skyson
      O17 - HKLM\System\CS3\Services\Tcpip\..\{16D59095-99F6-4D1A-8B88-880639D6A718}: NameServer = 80.118.192.100,80.118.196.36
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\xampp\apache\bin\apache.exe
      O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
      O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
      O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
      O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: mysql - Unknown owner - C:\xampp\xampp\mysql\bin\mysqld-nt.exe
      O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
      O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
      O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      0
  10. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    jlpjlp, continue ;)
    0
  11. X_Cyr
     
    Voici pour ad remover :

    --------- Logfile of AD-Remover 1.0.7.5 by C_XX ---------

    *** Limited to ***

    Sweetim

    ******************

    # START at: 22:25:50 | Ven 12/12/2008 | Microsoft® Windows XP™ (v5.1.2600)
    # BOOT MODE: Normal

    # OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

    # PC: cyrillehome | USER: Cyrille ( Current user is an administrator)

    # DRIVE(S):
    - C:\ (File System: NTFS)

    # Internet Explorer v7.0.5730.13

    --------- [ RUNNING PROCESSES: 47 ] ---------

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Wallpaper\Wallpaper.exe
    C:\Program Files\Iminent\imbooster.exe
    C:\Program Files\FinePixViewerS\QuickDCF2.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Hercules\WiFi Station\WifiStation.exe
    C:\Documents and Settings\Cyrille\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
    C:\Program Files\Zapu\Zapu\wDivi.exe
    C:\Documents and Settings\Cyrille\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
    C:\xampp\xampp\apache\bin\apache.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\xampp\xampp\mysql\bin\mysqld-nt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\xampp\xampp\apache\bin\apache.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\ntvdm.exe

    -----------------------------------

    (!) ---- IE start pages reset

    +-----------------------| Sweetim Elements Deleted :

    "HKEY_CLASSES_ROOT\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}"
    "HKEY_CLASSES_ROOT\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}"
    "HKEY_CLASSES_ROOT\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}"
    "HKEY_CLASSES_ROOT\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}"
    "HKEY_CLASSES_ROOT\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}"
    "HKEY_CLASSES_ROOT\Installer\Features\5D72AF385B5242D47B69FD47F2805AFC"
    "HKEY_CLASSES_ROOT\Installer\Features\428C9AFC877ABE7409DCBBD48BC23F84"
    "HKEY_CLASSES_ROOT\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
    "HKEY_CLASSES_ROOT\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
    "HKEY_CLASSES_ROOT\SWEETIE.IEToolbar"
    "HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1"
    "HKEY_CLASSES_ROOT\SWEETIE.SWEETIE"
    "HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3"
    "HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook"
    "HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1"
    "HKEY_CLASSES_ROOT\Toolbar3.SWEETIE"
    "HKEY_CLASSES_ROOT\Toolbar3.SWEETIE.1"
    "HKEY_CLASSES_ROOT\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}"
    "HKEY_CLASSES_ROOT\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}"
    "HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator"
    "HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator.1"
    "HKEY_CURRENT_USER\SOFTWARE\SweetIM"
    "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks" /v "{EEE6C35D-6118-11DC-9C72-001320C79847}"
    "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
    "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
    "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\428C9AFC877ABE7409DCBBD48BC23F84"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5D72AF385B5242D47B69FD47F2805AFC"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{EEE6C35B-6118-11DC-9C72-001320C79847}"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CFA9C824-A778-47EB-90CD-BB4DB82CF348}"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83FA27D5-25B5-4D24-B796-DF742F08A5CF}"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5D72AF385B5242D47B69FD47F2805AFC"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\428C9AFC877ABE7409DCBBD48BC23F84"
    "HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
    .
    [26/08/2008 19:26|d--------] C:\Program Files\SweetIM
    [26/08/2008 19:26|--a------] C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\searchplugins\sweetim.xml
    [26/08/2008 19:26|d--------] C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
    [27/08/2008 17:32|d--------] C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\SweetIMToolbarData
    [26/08/2008 19:26|d--------] C:\Documents and Settings\All Users\Application Data\SweetIM

    (!) ---- Temp files deleted.
    (!) ---- Recycle bin emptied in all drives.

    +-----------------------| ADDED SCAN :

    +---------- Scanning prefs.js ... ( # Mozilla User Preferences )

    ...\n9e00o1n.default\prefs.js :

    ~~~~ Mozilla FireFox version 2.0.0.18 ~~~~

    Start Page : "https://www.google.fr/?gws_rd=ssl"

    +----------+

    REMOVED - user_pref("browser.search.defaulturl", "https://search.sweetim.com/search.asp?src=2&q=");
    REMOVED - user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
    REMOVED - user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
    REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
    REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
    REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
    REMOVED - user_pref("sweetim.toolbar.mode.debug", "false");
    REMOVED - user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
    REMOVED - user_pref("sweetim.toolbar.search.history.capacity", "10");
    REMOVED - user_pref("sweetim.toolbar.simapp_id", "{C1A8DAC6-98BE-4301-BCD5-29354E23E244}");
    REMOVED - user_pref("sweetim.toolbar.version", "1.0.0.3");

    +---------------------------------------------------------------------------+

    +--[HKEY_CURRENT_USER\..\Run]

    ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
    LDM REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    LogitechSoftwareUpdate REG_SZ "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    updateMgr REG_SZ C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
    Picasa Media Detector REG_SZ C:\Program Files\Picasa2\PicasaMediaDetector.exe
    Wallpaper REG_SZ "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
    IMBooster REG_SZ C:\Program Files\Iminent\imbooster.exe /warmup

    +--[HKEY_LOCAL_MACHINE\..\Run]

    NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    ccApp REG_SZ "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    nwiz REG_SZ nwiz.exe /install
    hpqSRMon REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
    Symantec PIF AlertEng REG_SZ "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

    +--[HKEY_USERS\.DEFAULT\..\Run]

    CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE

    +--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

    Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

    +--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

    Start Page : hxxp://fr.msn.com/

    +---------------------------------------------------------------------------+

    - "C:\AD-report-12.12.2008.log" (15986 octets)

    [ END at: 22:26:41 | 12/12/2008 ] - [ Time elapsed: 51.5 seconds ]

    +---------------------------------------------------------------------------+
    +------------------------------- [ E.O.F - 195 lines ]
    +---------------------------------------------------------------------------+
    0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    comme tu veux destrio5

    ________________

    colle le rapport d'un scan en ligne
    avec un des suivants:

    Panda en ligne :
    http://pandasoftware.fr

    Kaspersky en ligne
    https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    0
    1. X_Cyr
       
      Aie, mamamia. Sa s' arrête jamais ? Et en plus c'était un scan rapide....

      ;***********************************************************************************************************************************************************************************
      ANALYSIS: 2008-12-12 23:08:42
      PROTECTIONS: 1
      MALWARE: 10
      SUSPECTS: 0
      ;***********************************************************************************************************************************************************************************
      PROTECTIONS
      Description Version Active Updated
      ;===================================================================================================================================================================================
      Norton Internet Security 2006 2006 Yes Yes
      ;===================================================================================================================================================================================
      MALWARE
      Id Description Type Active Severity Disinfectable Disinfected Location
      ;===================================================================================================================================================================================
      00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Cookies\cyrille@doubleclick[2].txt
      00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.doubleclick.net/]
      00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Cookies\cyrille@atdmt[2].txt
      00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.atdmt.com/]
      00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Cookies\cyrille@tradedoubler[2].txt
      00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.mediaplex.com/]
      00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.xiti.com/]
      00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Cookies\cyrille@ad.yieldmanager[1].txt
      00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.apmebf.com/]
      00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Cookies\cyrille@weborama[1].txt
      00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.smartadserver.com/]
      00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.smartadserver.com/]
      00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.smartadserver.com/]
      00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.smartadserver.com/]
      03548697 Trj/Clicker.ALY Virus/Trojan No 1 No No C:\WINDOWS\system32\g37.exe[■%%\²ºÇ]
      ;===================================================================================================================================================================================
      SUSPECTS
      Sent Location 6
      ;===================================================================================================================================================================================
      ;===================================================================================================================================================================================
      VULNERABILITIES
      Id Severity Description 6
      ;===================================================================================================================================================================================
      ;===================================================================================================================================================================================
      0
    2. X_Cyr
       
      ;***********************************************************************************************************************************************************************************
      
      ANALYSIS: 2008-12-12 23:08:42
      PROTECTIONS: 1
      MALWARE: 10
      SUSPECTS: 0
      ;***********************************************************************************************************************************************************************************
      PROTECTIONS
      Description Version Active Updated
      ;===================================================================================================================================================================================
      Norton Internet Security 2006 2006 Yes Yes
      ;===================================================================================================================================================================================
      MALWARE
      Id Description Type Active Severity Disinfectable Disinfected Location
      ;===================================================================================================================================================================================
      00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Cookies\cyrille@doubleclick[2].txt
      00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.doubleclick.net/]
      00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Cookies\cyrille@atdmt[2].txt
      00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.atdmt.com/]
      00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Cookies\cyrille@tradedoubler[2].txt
      00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.mediaplex.com/]
      00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.xiti.com/]
      00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Cookies\cyrille@ad.yieldmanager[1].txt
      00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.apmebf.com/]
      00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Cookies\cyrille@weborama[1].txt
      00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.smartadserver.com/]
      00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.smartadserver.com/]
      00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.smartadserver.com/]
      00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.smartadserver.com/]
      03548697 Trj/Clicker.ALY Virus/Trojan No 1 No No C:\WINDOWS\system32\g37.exe[■%%\²ºÇ]
      ;===================================================================================================================================================================================
      SUSPECTS
      Sent Location 6
      ;===================================================================================================================================================================================
      ;===================================================================================================================================================================================
      VULNERABILITIES
      Id Severity Description 6
      ;===================================================================================================================================================================================
      ;===================================================================================================================================================================================
      C'est mieux comme ca.
      Y parait que Norton est encore en route. Panda la détecté.
      0
    3. x_cyr
       
      suite à un CCleaner voila le dernier fichier :

      ;***********************************************************************************************************************************************************************************
      ANALYSIS: 2008-12-13 00:02:31
      PROTECTIONS: 1
      MALWARE: 1
      SUSPECTS: 0
      ;***********************************************************************************************************************************************************************************
      PROTECTIONS
      Description                                  Version                       Active    Updated
      ;===================================================================================================================================================================================
      Norton Internet Security 2006                2006                          Yes       Yes
      ;===================================================================================================================================================================================
      MALWARE
      Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
      ;===================================================================================================================================================================================
      03548697  Trj/Clicker.ALY                    Virus/Trojan        No        1         No             No           C:\WINDOWS\system32\g37.exe[&#9632;%%\²ºÇ]
      ;===================================================================================================================================================================================
      SUSPECTS
      Sent      Location                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |
      ;===================================================================================================================================================================================
      ;===================================================================================================================================================================================
      VULNERABILITIES
      Id        Severity   Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
      ;===================================================================================================================================================================================
      ;===================================================================================================================================================================================
      
      0
    4. x_cyr
       
      Non mais la j'y crois pas. J'ai rien fait à part me connecter à ce site et voila le résultat apres une deuxieme analyse :
      -------------------------------------------------------------------------------
       KASPERSKY ON-LINE SCANNER REPORT
       Saturday, December 13, 2008 4:45:05 PM
       Système d'exploitation : Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
       Kaspersky On-line Scanner version : 5.0.84.2
       Dernière mise à jour de la base antivirus Kaspersky : 13/12/2008
       Enregistrements dans la base antivirus Kaspersky : 1306711
      -------------------------------------------------------------------------------
      
      Paramètres d'analyse:
      	Analyser avec la base antivirus suivante: standard
      	Analyser les archives: vrai
      	Analyser les bases de messagerie: vrai
      
      Cible de l'analyse - Poste de travail:
      	C:\
      	D:\
      	F:\
      	G:\
      	H:\
      	I:\
      
      Statistiques de l'analyse:
      	Total d'objets analysés: 161229
      	Nombre de virus trouvés: 6
      	Nombre d'objets infectés: 9 / 0
      	Nombre d'objets suspects: 0
      	Durée de l'analyse: 02:41:26
      
      Nom de l'objet infecté / Nom du virus / Dernière action
      
      C:\Documents and Settings\Cyrille\Bureau\OTMoveIt3.exe	Infecté : Backdoor.Win32.SubSeven.asu	ignoré
      C:\Lop SD\Backup-Lop\DOCUME~1\ALLUSE~1\APPLIC~1\Htm Support Bait Deaf\Draw Free.exe	Infecté : Trojan.Win32.Obfuscated.gen	ignoré
      C:\Lop SD\Backup-Lop\Program Files\BitTorrent Fastest Tool\DWbrk03_0308.exe	Infecté : Trojan-Downloader.Win32.Agent.afyh	ignoré
      C:\Program Files\eMule\Incoming\The Elder Scrolls Iv Oblivion Crack (Test Ok)..rar/Setup+Patch.exe	Infecté : Trojan-Dropper.Win32.Agent.aang	ignoré
      C:\Program Files\eMule\Incoming\The Elder Scrolls Iv Oblivion Crack (Test Ok)..rar	CAB: infecté - 1	ignoré
      C:\Qoobox\Quarantine\C\APPS\SMP\SMPSYS.EXE.vir	Infecté : Trojan-Downloader.Win32.Bagle.ahi	ignoré
      C:\WINDOWS\system32\g37.exe/stream/data0002	Infecté : Trojan-Clicker.Win32.Agent.buj	ignoré
      C:\WINDOWS\system32\g37.exe/stream	Infecté : Trojan-Clicker.Win32.Agent.buj	ignoré
      C:\WINDOWS\system32\g37.exe	NSIS: infecté - 2	ignoré
      
      
      Analyse terminée.
      


      J'ai deux autres PC qui vont sur internet. Et y a pas d'anti virus et ils n'ont pas de virus qui saoul.
      Je dois faire quoi maintenant ?
      Merci pour l'aide.
      0
  13. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok les 3 premiers c'est rien!!!! le premier c'est otmovit qui est un faux positif! les deux suivant ont été mis en quarantaine par lop sd!!!

    C:\Documents and Settings\Cyrille\Bureau\OTMoveIt3.exe
    C:\Lop SD\Backup-Lop\DOCUME~1\ALLUSE~1\APPLIC~1\Htm Support Bait Deaf\Draw Free.exe
    C:\Lop SD\Backup-Lop\Program Files\BitTorrent Fastest Tool\DWbrk03_0308.exe

    vire ce qui est dans le dossier backup lop en allant dans psote de travail puis
    C:\Lop SD\Backup-Lop
    ________________

    ces deux là sont des cracks que tu tlécharge avec emule alors vire les deux fichiers et arrete de télécharger n'importe quoi!!!

    C:\Program Files\eMule\Incoming\The Elder Scrolls Iv Oblivion Crack (Test Ok)..rar/Setup+Patch.exe
    C:\Program Files\eMule\Incoming\The Elder Scrolls Iv Oblivion Crack (Test Ok)..rar

    _______________

    vire ce qui est dans le dossier quarantine en allant dans poste de travail puis

    C:\Qoobox\Quarantine\C\APPS\SMP\SMPSYS.EXE.vir

    _____________

    télécharge OTMoveIt
    http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
    (attention bien mettre :files)

    :files
    C:\WINDOWS\system32\g37.exe/stream/data0002
    C:\WINDOWS\system32\g37.exe/stream
    C:\WINDOWS\system32\g37.exe
    C:\Program Files\Aim Style Heart

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    ________________________

    ensuite

    Télécharge ToolsCleaner sur ton bureau.
    --> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.
    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    __________________________

    désactive la restauration système pour purger les virus qui seraient dedans (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)
    puis redémarre ton ordi puis réactive la
    _________________________

    réinstalle norton et dis si il marche

    remets un rapport RSIt et dis si encore des soucis
    0
    1. x_cyr
       
      Oui, pour Oblivion, je l'avais fait.

      Pour OtMoveIt j'ai un message d'erreur et pas de rapport :

      Invalid Time Flag! [data0002]
      Must be numerical

      Sinon, j'ai déjà réussi à réinstaller Norton et il fonctionne. (à 1ere vue)

      Reste plus qu'a installer ToolsCleaner.

      Mais pour E-mule je crois avoir compris la leçon.
      0
    2. x_cyr
       
      le rapport tools cleaner :

      [ Rapport ToolsCleaner version 2.2.7 (par A.Rothstein & dj QUIOU) ]
      
      -->- Recherche: 
      
      C:\lopR.txt: trouvé !
      C:\FindyKill.txt: trouvé !
      C:\Combofix: trouvé !
      C:\Lop SD: trouvé !
      C:\Qoobox: trouvé !
      C:\_OtMoveIt: trouvé !
      C:\Rsit: trouvé !
      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
      C:\Documents and Settings\Cyrille\Bureau\HijackThis.lnk: trouvé !
      C:\Documents and Settings\Cyrille\Bureau\LopSD.exe: trouvé !
      C:\Documents and Settings\Cyrille\Bureau\ComboFix.exe: trouvé !
      C:\Documents and Settings\Cyrille\Bureau\OTMoveIt3.exe: trouvé !
      C:\Documents and Settings\Cyrille\Bureau\Rsit.exe: trouvé !
      C:\Documents and Settings\Cyrille\Menu Démarrer\Programmes\FindyKill: trouvé !
      C:\Program Files\FindyKill: trouvé !
      C:\Program Files\Ad-remover\TOOLS\NIRCMD.exe: trouvé !
      C:\Program Files\Trend Micro\HijackThis: trouvé !
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
      C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
      C:\WINDOWS\NIRCMD.exe: trouvé !
      
      ---------------------------------
      -->- Suppression: 
      
      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
      C:\Documents and Settings\Cyrille\Bureau\HijackThis.lnk: supprimé !
      C:\Documents and Settings\Cyrille\Bureau\LopSD.exe: supprimé !
      C:\Documents and Settings\Cyrille\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
      C:\lopR.txt: supprimé !
      C:\FindyKill.txt: supprimé !
      C:\Documents and Settings\Cyrille\Bureau\OTMoveIt3.exe: supprimé !
      C:\Documents and Settings\Cyrille\Bureau\Rsit.exe: supprimé !
      C:\Program Files\Ad-remover\TOOLS\NIRCMD.exe: supprimé !
      C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
      C:\WINDOWS\NIRCMD.exe: supprimé !
      C:\Combofix: supprimé !
      C:\Lop SD: supprimé !
      C:\Qoobox: supprimé !
      C:\_OtMoveIt: supprimé !
      C:\Rsit: supprimé !
      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
      C:\Documents and Settings\Cyrille\Menu Démarrer\Programmes\FindyKill: supprimé !
      C:\Program Files\FindyKill: supprimé !
      C:\Program Files\Trend Micro\HijackThis: supprimé !
      
      Fichiers temporaires nettoyés !
      Corbeille vidée!
      0
    3. x_cyr
       
      Le rapport Rsit :

      Logfile of random's system information tool 1.04 (written by random/random)
      Run by Cyrille at 2008-12-13 23:32:57
      Microsoft Windows XP Professionnel Service Pack 3
      System drive C: has 93 GB (31%) free of 297 GB
      Total RAM: 1022 MB (63% free)
      
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:33:30, on 13/12/2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16762)
      Boot mode: Normal
      
      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
      C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
      C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\xampp\xampp\apache\bin\apache.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\xampp\xampp\mysql\bin\mysqld-nt.exe
      C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
      C:\xampp\xampp\apache\bin\apache.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
      C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
      C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      C:\Program Files\Picasa2\PicasaMediaDetector.exe
      C:\Program Files\Iminent\imbooster.exe
      C:\Program Files\FinePixViewerS\QuickDCF2.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Hercules\WiFi Station\WifiStation.exe
      C:\Documents and Settings\Cyrille\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
      C:\Program Files\Zapu\Zapu\wDivi.exe
      C:\Documents and Settings\Cyrille\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\WINDOWS\system32\LVComsX.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Documents and Settings\Cyrille\Bureau\RSIT.exe
      C:\Program Files\trend micro\Cyrille.exe
      
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
      R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
      R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
      O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
      O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing)
      O2 - BHO: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
      O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
      O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\APPS\BAE\BAE.dll
      O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
      O3 - Toolbar: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
      O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
      O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
      O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
      O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
      O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
      O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
      O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
      O4 - HKCU\..\Run: [IMBooster] C:\Program Files\Iminent\imbooster.exe /warmup
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Outil de notification Live Search.lnk = Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
      O4 - Startup: Zapu Acceleration Engine.lnk = C:\Program Files\Zapu\Zapu\wincm.exe
      O4 - Startup: Zapu.lnk = C:\Program Files\Zapu\Zapu\wDivi.exe
      O4 - Global Startup: Exif Launcher S.lnk = ?
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O4 - Global Startup: WiFi Station.lnk = ?
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
      O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
      O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O14 - IERESET.INF: START_PAGE_URL=http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
      O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skyson
      O17 - HKLM\Software\..\Telephony: DomainName = skyson
      O17 - HKLM\System\CCS\Services\Tcpip\..\{16D59095-99F6-4D1A-8B88-880639D6A718}: NameServer = 80.118.192.100,80.118.196.36
      O17 - HKLM\System\CCS\Services\Tcpip\..\{90D4FA0B-9A0F-4183-BA5B-014247BB8022}: NameServer = 212.30.96.108,212.30.124.146
      O17 - HKLM\System\CCS\Services\Tcpip\..\{AC5A431E-F610-4702-8195-53213055EABB}: NameServer = 212.30.96.108,212.30.124.146
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skyson
      O17 - HKLM\System\CS1\Services\Tcpip\..\{16D59095-99F6-4D1A-8B88-880639D6A718}: NameServer = 80.118.192.100,80.118.196.36
      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = skyson
      O17 - HKLM\System\CS2\Services\Tcpip\..\{16D59095-99F6-4D1A-8B88-880639D6A718}: NameServer = 80.118.192.100,80.118.196.36
      O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = skyson
      O17 - HKLM\System\CS3\Services\Tcpip\..\{16D59095-99F6-4D1A-8B88-880639D6A718}: NameServer = 80.118.192.100,80.118.196.36
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\xampp\apache\bin\apache.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
      O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
      O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: mysql - Unknown owner - C:\xampp\xampp\mysql\bin\mysqld-nt.exe
      O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
      O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
      O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
      O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      
      --
      End of file - 13976 bytes
      
      ======Scheduled tasks folder======
      
      C:\WINDOWS\tasks\Configurer mon PC.job
      C:\WINDOWS\tasks\Extension de garantie.job
      C:\WINDOWS\tasks\Master CD_DVD Creator.job
      C:\WINDOWS\tasks\Norton AntiVirus - Effectuer une analyse complète du système - Cyrille.job
      C:\WINDOWS\tasks\Rappel d'enregistrement 2.job
      
      ======Registry dump======
      
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
      HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]
      
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
      HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]
      
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
      Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
      
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E896FCA-D07E-45FE-901F-6A26FCF59C02}]
      Iminent.SearchTheWeb.HelperObject - C:\WINDOWS\system32\mscoree.dll [2007-04-13 271360]
      
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]
      Secured_eMule toolbar - C:\Program Files\Secured_eMule\tbSecu.dll [2007-05-27 1326104]
      
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
      RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-07-25 308856]
      
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4596013b-6c31-408b-a266-deae5c086dc2}]
      Share Accelerator MM Toolbar - C:\Program Files\Share_Accelerator_MM\tbShar.dll [2007-12-10 1510424]
      
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
      
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}]
      CNisExtBho Class - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll [2005-10-22 94336]
      
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}]
      CNavExtBho Class - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2007-06-07 140912]
      
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
      CBrowserHelperObject Object - C:\APPS\BAE\BAE.dll [2006-06-23 98304]
      
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cd36797a-70f3-4acd-8825-623d3b896881}]
      securedie Toolbar - C:\Program Files\securedie\tbsecu.dll [2007-09-06 1453080]
      
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - Secured_eMule toolbar - C:\Program Files\Secured_eMule\tbSecu.dll [2007-05-27 1326104]
      {cd36797a-70f3-4acd-8825-623d3b896881} - securedie Toolbar - C:\Program Files\securedie\tbsecu.dll [2007-09-06 1453080]
      {4596013b-6c31-408b-a266-deae5c086dc2} - Share Accelerator MM Toolbar - C:\Program Files\Share_Accelerator_MM\tbShar.dll [2007-12-10 1510424]
      {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - Norton Internet Security 2006 - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll [2005-10-22 94336]
      {C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2007-06-07 140912]
      
      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
      "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-04-27 7573504]
      "nwiz"=nwiz.exe /install []
      "hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
      "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-11-09 98304]
      "ccApp"=C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [2005-09-16 52848]
      "URLLSTCK.exe"=C:\Program Files\Norton Internet Security\UrlLstCk.exe [2007-02-01 23168]
      
      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
      "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [2008-06-29 20480]
      "LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]
      "updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
      "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-26 443968]
      "Wallpaper"=C:\Program Files\Wallpaper\Wallpaper.exe [2007-08-21 233472]
      "IMBooster"=C:\Program Files\Iminent\imbooster.exe [2008-11-26 415232]
      
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "AOL ACS"=2
      
      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
      Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe
      HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      WiFi Station.lnk - C:\Program Files\Hercules\WiFi Station\WifiStation.exe
      
      C:\Documents and Settings\Cyrille\Menu Démarrer\Programmes\Démarrage
      Outil de notification Live Search.lnk - C:\Documents and Settings\Cyrille\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
      Zapu Acceleration Engine.lnk - C:\Program Files\Zapu\Zapu\wincm.exe
      Zapu.lnk - C:\Program Files\Zapu\Zapu\wDivi.exe
      
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
      UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128]
      WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
      
      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
      "dontdisplaylastusername"=0
      "legalnoticecaption"=
      "legalnoticetext"=
      "shutdownwithoutlogon"=1
      "undockwithoutlogon"=1
      "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
      "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
      
      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
      "NoDriveTypeAutoRun"=323
      "NoDrives"=0
      "NoDriveAutoRun"=67108863
      
      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
      "NoDrives"=
      "NoDriveAutoRun"=
      "NoDriveTypeAutoRun"=
      
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
      "%ProgramFiles%\AOL 9.0\aol.exe"="%ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL"
      "%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe"="%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
      "%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe"="%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:PANDORA"
      "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
      "C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
      "C:\Program Files\Microprose\Risk II\RiskII.exe"="C:\Program Files\Microprose\Risk II\RiskII.exe:*:Enabled:Risk II"
      "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
      "C:\Program Files\Microsoft Visual Studio\COMMON\Tools\VS-Ent98\Vanalyzr\VARPC.EXE"="C:\Program Files\Microsoft Visual Studio\COMMON\Tools\VS-Ent98\Vanalyzr\VARPC.EXE:*:Enabled:Microsoft (R) Visual Studio VSA RPC Event Creator"
      "C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
      "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
      "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
      "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
      "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
      "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger"
      "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
      "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
      "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
      "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
      "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
      "C:\Program Files\Zapu\Zapu\wDivi.exe"="C:\Program Files\Zapu\Zapu\wDivi.exe:*:Enabled:Zapu Control"
      "C:\Documents and Settings\Cyrille\Local Settings\Temp\WZSE0.TMP\SymNRT.exe"="C:\Documents and Settings\Cyrille\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool"
      
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
      "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
      "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
      "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
      "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
      "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
      "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
      "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
      
      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb2f0708-4cf7-11dd-b45d-001b2faed07a}]
      shell\AutoRun\command - E:\memorybar.exe
      
      
      ======List of files/folders created in the last 1 months======
      
      2008-12-13 23:32:57 ----D---- C:\rsit
      2008-12-13 23:19:25 ----A---- C:\TCleaner.txt
      2008-12-13 23:19:10 ----D---- C:\WINDOWS\Temp
      2008-12-13 21:03:32 ----D---- C:\Documents and Settings\Cyrille\Application Data\Symantec
      2008-12-13 20:36:45 ----D---- C:\Program Files\Norton Internet Security
      2008-12-13 20:35:51 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
      2008-12-13 20:35:22 ----D---- C:\Program Files\Symantec
      2008-12-13 20:35:17 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
      2008-12-13 17:37:30 ----A---- C:\WINDOWS\ntbtlog.txt
      2008-12-13 13:32:10 ----D---- C:\WINDOWS\system32\Kaspersky Lab
      2008-12-12 23:02:30 ----D---- C:\Program Files\Panda Security
      2008-12-12 22:26:37 ----SHD---- C:\RECYCLER
      2008-12-12 21:32:51 ----D---- C:\Program Files\Ad-remover
      2008-12-12 13:39:14 ----A---- C:\WINDOWS\SWREG.exe
      2008-12-12 13:39:13 ----A---- C:\WINDOWS\zip.exe
      2008-12-12 13:39:13 ----A---- C:\WINDOWS\VFIND.exe
      2008-12-12 13:39:13 ----A---- C:\WINDOWS\SWXCACLS.exe
      2008-12-12 13:39:13 ----A---- C:\WINDOWS\SWSC.exe
      2008-12-12 13:39:13 ----A---- C:\WINDOWS\sed.exe
      2008-12-12 13:39:13 ----A---- C:\WINDOWS\grep.exe
      2008-12-12 13:39:13 ----A---- C:\WINDOWS\fdsv.exe
      2008-12-12 13:39:11 ----D---- C:\WINDOWS\ERDNT
      2008-12-12 13:00:28 ----D---- C:\Documents and Settings\Cyrille\Application Data\Malwarebytes
      2008-12-12 13:00:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
      2008-12-12 13:00:23 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-12-12 12:28:50 ----D---- C:\Program Files\Trend Micro
      2008-12-12 11:54:45 ----D---- C:\Program Files\CCleaner
      2008-12-12 10:51:38 ----D---- C:\Program Files\Windows Live Safety Center
      2008-12-11 18:17:05 ----HD---- C:\Documents and Settings\All Users\Application Data\{7DE2D9B5-C959-4D68-9E63-E73738EF6F02}
      2008-12-11 18:06:53 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
      2008-12-11 18:01:49 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
      2008-12-11 18:01:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
      2008-12-11 18:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
      2008-12-10 23:16:09 ----A---- C:\debug.txt
      2008-12-05 23:02:03 ----D---- C:\Documents and Settings\Cyrille\Application Data\Skype
      2008-12-05 23:01:36 ----D---- C:\Program Files\Skype
      2008-12-05 23:01:35 ----D---- C:\Program Files\Fichiers communs\Skype
      2008-12-04 11:08:59 ----A---- C:\WINDOWS\Iedit.INI
      2008-11-29 22:01:44 ----D---- C:\Program Files\uTorrent
      2008-11-29 22:01:39 ----D---- C:\Documents and Settings\Cyrille\Application Data\uTorrent
      2008-11-23 17:02:33 ----D---- C:\Program Files\ConTEXT
      2008-11-23 16:35:26 ----D---- C:\xampp
      2008-11-20 21:44:26 ----A---- C:\WINDOWS\system32\xfcodec.dll
      2008-11-19 19:23:43 ----A---- C:\WINDOWS\system32\psfind.dll
      2008-11-18 22:43:17 ----D---- C:\Documents and Settings\Cyrille\Application Data\dvdcss
      2008-11-17 16:59:58 ----D---- C:\Program Files\Celtx
      
      ======List of files/folders modified in the last 1 months======
      
      2008-12-13 23:33:06 ----D---- C:\Program Files\Fichiers communs\Symantec Shared
      2008-12-13 23:30:42 ----D---- C:\Program Files\Mozilla Firefox
      2008-12-13 23:19:10 ----AD---- C:\WINDOWS
      2008-12-13 23:18:25 ----RD---- C:\Program Files
      2008-12-13 21:32:25 ----D---- C:\WINDOWS\Tasks
      2008-12-13 21:32:09 ----D---- C:\WINDOWS\Registration
      2008-12-13 21:32:02 ----D---- C:\WINDOWS\system32\CatRoot2
      2008-12-13 21:31:20 ----HD---- C:\Config.Msi
      2008-12-13 21:30:11 ----A---- C:\WINDOWS\SchedLgU.Txt
      2008-12-13 21:17:05 ----SHD---- C:\WINDOWS\Installer
      2008-12-13 21:16:27 ----D---- C:\Program Files\Fichiers communs
      2008-12-13 21:16:23 ----D---- C:\WINDOWS\system32\drivers
      2008-12-13 21:16:23 ----D---- C:\WINDOWS\system32
      2008-12-13 21:01:08 ----SHD---- C:\DRIVERS
      2008-12-13 13:32:10 ----D---- C:\WINDOWS\inf
      2008-12-13 13:32:10 ----D---- C:\WINDOWS\Downloaded Program Files
      2008-12-12 23:13:05 ----SHD---- C:\System Volume Information
      2008-12-12 23:13:05 ----D---- C:\WINDOWS\system32\Restore
      2008-12-12 23:03:59 ----D---- C:\WINDOWS\Prefetch
      2008-12-12 22:10:08 ----A---- C:\WINDOWS\system.ini
      2008-12-12 22:09:00 ----D---- C:\WINDOWS\AppPatch
      2008-12-12 20:18:00 ----D---- C:\Autre
      2008-12-12 13:42:49 ----D---- C:\WINDOWS\system32\config
      2008-12-12 11:56:03 ----D---- C:\WINDOWS\Minidump
      2008-12-12 11:56:03 ----AD---- C:\WINDOWS\Debug
      2008-12-12 11:35:24 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
      2008-12-12 10:40:45 ----ASH---- C:\BOOT.INI
      2008-12-12 09:10:26 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
      2008-12-11 21:14:22 ----D---- C:\Program Files\eMule
      2008-12-11 18:17:44 ----D---- C:\Program Files\Iminent
      2008-12-11 18:17:28 ----RSD---- C:\WINDOWS\assembly
      2008-12-11 18:13:28 ----D---- C:\Program Files\Internet Explorer
      2008-12-11 18:04:56 ----RSHD---- C:\WINDOWS\system32\dllcache
      2008-12-11 18:04:45 ----D---- C:\WINDOWS\ie7updates
      2008-12-11 18:04:37 ----HD---- C:\WINDOWS\$hf_mig$
      2008-12-10 15:13:30 ----D---- C:\Documents and Settings\Cyrille\Application Data\HPAppData
      2008-12-10 11:22:46 ----D---- C:\Program Files\CVitae
      2008-12-10 00:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
      2008-12-05 23:03:52 ----D---- C:\Documents and Settings\Cyrille\Application Data\skypePM
      2008-12-05 23:01:38 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
      2008-12-01 09:32:18 ----SD---- C:\Program Files\Xfire
      2008-11-30 16:54:54 ----D---- C:\Documents and Settings\Cyrille\Application Data\Xfire
      2008-11-29 19:31:24 ----AC---- C:\WINDOWS\mdm.ini
      2008-11-27 09:08:02 ----D---- C:\APPS
      2008-11-27 09:07:52 ----D---- C:\Program Files\Google
      2008-11-27 09:07:18 ----D---- C:\Photos
      2008-11-19 19:23:52 ----D---- C:\WINDOWS\system32\DirectX
      2008-11-19 19:19:57 ----D---- C:\Program Files\THQ
      2008-11-19 19:19:52 ----HD---- C:\Program Files\InstallShield Installation Information
      2008-11-14 16:28:15 ----D---- C:\WINDOWS\Help
      
      ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
      
      R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-12-03 13566]
      R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys []
      R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
      R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
      R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-05-13 79488]
      R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS []
      R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys []
      R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-10-01 189320]
      R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-08-12 21419]
      R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
      R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
      R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-10 63232]
      R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-10 55936]
      R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
      R3 3xHybrid;ASUSTek SAA713x PCI Card; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-28 882688]
      R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
      R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
      R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-06-12 43008]
      R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
      R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
      R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-05-16 4275712]
      R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
      R3 NAVENG;NAVENG; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20081213.002\NAVENG.Sys []
      R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20081213.002\NavEx15.Sys []
      R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
      R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-04-27 3663040]
      R3 RT61;802.11g Wireless Driver RT61; C:\WINDOWS\system32\DRIVERS\RT61.sys [2006-12-01 395648]
      R3 SAVRT;SAVRT; \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS []
      R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-10-01 12680]
      R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
      R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-10-01 98184]
      R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-10-01 31624]
      R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20081210.002\symidsco.sys []
      R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-10-01 28040]
      R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-10-01 23944]
      R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
      R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
      R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
      R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
      R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
      R3 X10Hid;X10 Hid Device; C:\WINDOWS\System32\Drivers\x10hid.sys [2005-11-28 7040]
      R3 XUIF;X10 USB Wireless Transceiver; C:\WINDOWS\System32\Drivers\x10ufx2.sys [2005-05-19 17792]
      S3 Bridge;Pont MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
      S3 BridgeMP;Miniport de pont MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
      S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
      S3 gsplittm;gsplittm; \??\C:\DOCUME~1\Cyrille\LOCALS~1\Temp\gsplittm.sys []
      S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
      S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
      S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
      S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-01-31 22016]
      S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
      S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
      S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
      S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
      S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
      S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2005-01-31 211712]
      S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
      S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
      S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
      S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
      S3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
      S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
      S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
      S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service; C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-09-26 362944]
      S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
      S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
      S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73600]
      
      ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
      
      R2 Apache2.2;Apache2.2; C:\xampp\xampp\apache\bin\apache.exe [2008-06-14 17408]
      R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe [2005-09-16 192112]
      R2 ccProxy;Symantec Network Proxy; C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe [2005-09-16 202352]
      R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe [2005-09-16 169584]
      R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
      R2 ehSched;Service de planification Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 103424]
      R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
      R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
      R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
      R2 mysql;mysql; C:\xampp\xampp\mysql\bin\mysqld-nt.exe [2008-08-04 5779456]
      R2 navapsvc;Service Norton AntiVirus Auto-Protect; C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe [2007-05-28 139888]
      R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
      R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-04-27 143426]
      R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 100032]
      R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
      R2 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe [2007-10-01 214408]
      R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-09-15 1160800]
      R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-12-13 1251720]
      R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
      R2 USBDeviceService;USBDeviceService; C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe [2005-10-20 90112]
      R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
      R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
      R3 NSCService;Norton Protection Center Service; C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE [2006-12-15 750720]
      S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
      S3 ccISPwdSvc;Symantec Internet Security Password Validation; C:\Program Files\Norton Internet Security\ccPwdSvc.exe [2007-02-20 72328]
      S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
      S3 comHost;COM Host; C:\Program Files\Norton Internet Security\comHost.exe [2007-02-01 45696]
      S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-06-26 31592]
      S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
      S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-08-03 2119360]
      S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
      S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
      S3 SAVScan;Symantec AVScan; C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe [2005-08-26 198368]
      S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
      S3 Visual Studio Analyzer RPC bridge;Visual Studio Analyzer RPC bridge; C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [1998-06-06 34036]
      S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
      S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
      S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
      S4 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe [2004-04-08 1135728]
      
      -----------------EOF-----------------
      


      J'ai relancé Norton et il a détecté d'autres virus. J'en ai viré un mais il reste toujours le G37.exe
      Voici le rapport ;
      Résultats d'analyse :
      --------------------------------------------------------------------------------
      Heure de début d'analyse13/12/2008 21:52:28

      Durée de l'analyse : 77 minutes 45 secondes


      Eléments analysés: 638607
      Sections de registre: 11445
      Aucune action effectuée: 483
      Fichiers: 625892
      Echec de la suppression: 2
      Détecté: 1
      Aucune action effectuée: 76
      Processus: 49
      Aucune action requise: 2
      Fichiers batch: 9
      Fichiers INI: 5
      Services: 1006
      Programmes au démarrage: 20
      Type COM: 89
      HOSTS: 90
      Fournisseurs de services multicouches: 2
      Menaces corrigées: 1
      Détails
      SecurityRisk.Cmdow : Exclu
      Analyse manuelle
      Catégorie de risque : Risque de sécurité
      Impact global du risque : Faible
      Performances : Faible
      Confidentialité : Faible
      Suppression : Faible
      Furtivité : Faible
      Cliquez pour plus d'informations sur ce risque : SecurityRisk.Cmdow
      Action effectuée : Exclu
      Description : Zones affectées :
      1 fichiers :
      C:\Program Files\Ad-remover\TOOLS\cmdow.exe - Exclu


      Menaces restantes: 2
      Détails
      Dialer.Stardial : Echec de la suppression
      Analyse manuelle
      Catégorie de risque : Numéroteur
      Impact global du risque : Elevé
      Performances : Elevé
      Confidentialité : Elevé
      Suppression : Elevé
      Furtivité : Elevé
      Cliquez pour plus d'informations sur ce risque : Dialer.Stardial
      Action effectuée : Echec de la suppression
      Description : Zones affectées :
      1 fichiers :
      Railroad Tycoon 3.exe dans Railroad Tycoon III + crack no cd\Railroad Tycoon 3.crack nocd keygen.zip dans C:\Program Files\eMule\Incoming\Jeux cycy\Railroad Tycoon III + crack no cd.rar - Echec de la suppression


      Adware.Begin2search : Echec de la suppression
      Analyse manuelle
      Catégorie de risque : Logiciel publicitaire
      Impact global du risque : Elevé
      Performances : Elevé
      Confidentialité : Moyen
      Suppression : Elevé
      Furtivité : Elevé
      Cliquez pour plus d'informations sur ce risque : Adware.Begin2search
      Action effectuée : Echec de la suppression
      Description : Zones affectées :
      1 fichiers :
      C:\WINDOWS\system32\g37.exe - Echec de la suppression

      9 clés de registre :
      HKEY_USERS\S-1-5-21-3961666731-3408890296-1442537433-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000} - Aucune action effectuée
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Search Bar - Aucune action effectuée
      HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar - Aucune action effectuée
      HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar - Aucune action effectuée
      HKEY_USERS\S-1-5-21-3961666731-3408890296-1442537433-500\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar - Aucune action effectuée
      HKEY_USERS\S-1-5-21-3961666731-3408890296-1442537433-1005\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar - Aucune action effectuée
      HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar - Aucune action effectuée
      HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\Search Page - Aucune action effectuée
      HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\Search Page - Aucune action effectuée


      Voila, voila... Il en reste plus qu'un et Norton Fonctionne. Je suis heureux.
      0
  14. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    vire les barres de recherche :
    securedie Toolbar
    Share Accelerator MM Toolbar

    via ton panneau de configuration

    _________________

    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - Startup: Zapu Acceleration Engine.lnk = C:\Program Files\Zapu\Zapu\wincm.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    ____________________

    mettre à jour adobe reader
    https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html

    _________________
    mets a jour java:
    Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries.
    Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)
    Double-clique sur le répertoire JavaRa obtenu.
    Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
    Clique sur Search For Updates.
    Sélectionne Update Using jucheck.exe puis clique sur Search.
    Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.
    Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.
    Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
    Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.
    Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log
    (c:\JavaRa.log)
    Ferme l'application.

    si cela ne fonctionne pas

    https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80

    tu peux désinstaller les vieilles versions.

    __________________

    télécharges et installes :

    kill box
    https://www.bleepingcomputer.com/download/linux/

    aide kill box
    http://perso.wanadoo.fr/jesses/Docs/Logiciels/KillBox.htm

    - Redémarre en mode sans échec, si tu sais pas comment on fait lis ceci

    - Double-clic sur fix.reg

    Ouvres killbox
    - Sélectionne "delete on reboot"
    - Clique sur le dossier jaune à droite et sélectionne le fichier : C:\WINDOWS\system32\g37.exe
    - Clique sur la croix rouge et et blanche
    - Répond yes et laisse redémarrer ton pc.
    N'hésite pas à consulter l'Aide killbox

    Vérifie que le fichier C:\WINDOWS\system32\g37.exe n'est plus présent.

    __________________________

    verifie avec norton en mode sans echec aussi qu'il ne reste rien

    ___________________________

    encore des soucis???
    0
  15. gbgbgb
     
    bonjour,

    j'ai été infecté par winupgro, j'ai passé toute la journée à lire des forums et essayer plein de trucs, mais la je suis bloqué.

    Je n'arrive pas à lancer ComboFix ("combofix.exe n'est pas une application valide"..) meme en mode sans echec
    les seuls que j'ai pu faire fonctionner sont elibagla, malwarebytes, et hijack this

    Est ce que vous auriez une idée pour que je puisse lancer combofix?
    merci beaucoup
    0