Maelysroma

Bonjour à tous, Depuis hier fin de journée, sans savoir exactement pourquoi, ma navigation internet est devenue beaucoup plus lente que d'habitude et par moment se bloquait je devais par exemple cliquer plusieurs fois sur ma page d'acceuil pour qu'elle s'affiche, j'ai bien essayé de faire une restauration système mais impossible au redémarrage, un message m'informait que la restauration n'avait pas fonctionnée et que je devais choisir un autre point de restauration, chose que j'ai faite à plusieurs reprises mais sans résultat, voilà pourquoi à présent j'ai besoin de votre aide et vous poste mon rapport HijackThis; un tout grand merci d'avance pour l'aide que vous pourrez m'apporter : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:55:46, on 8/11/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\RtHDVCpl.exe C:\Windows\PLFSetI.exe C:\Windows\system32\igfxsrvc.exe C:\Users\David\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Windows\system32\WgaTray.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5735 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5735 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5735 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe -- End of file - 7773 bytes

SUPER Un méga big MERCIIIIII pour ton aide Lien Rag Bonne soirée

Voilà voilà Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:56:15, on 27/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Browser MOUSE\mouse32a.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Belgacom\bin\sprtcmd.exe C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Windows Live Toolbar\msn_sl.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang FR O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1105\fr-fr\msntb.dll/search.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 7714 bytes Je ne sais pas ce que le rapport révèle, mais en tout cas tout semble rentrer dans l'ordre grâce à tes bons conseils

Voilà SDFix: Version 1.131 Run by David Ansion on dim. 27/01/2008 at 15:09 Microsoft Windows XP [version 5.1.2600] Running From: C:\DOCUME~1\DAVIDA~1\Bureau\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Default HomePage Value Restoring Default Desktop Components Value Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\DOCUME~1\DAVIDA~1\LOCALS~1\Temp\ac8zt2.dat - Deleted C:\WINDOWS\bxsnvqt.dll - Deleted C:\WINDOWS\egodktf.dll - Deleted C:\WINDOWS\fknxwqf.exe - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\explorer.exe No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-27 15:17:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\24\xe1\21] "DisplayName"="\x24f8\x22b\x24f8\x22b\1" "DeviceDesc"="\x24f8\x22b\x24f8\x22b\1" "ProviderName"="\xfed4\21\xee18\x7c91\xff44\21\b" "MFG"="\x558" "ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\xe114\21\x80\xc010\DriverFiles\.INF" "DeviceInstanceIds"=str(7):"c:\toolscd\display driver\sbdrv\smbus\smbusati.inf" scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client" "C:\\Program Files\\support.com\\bin\\tgcmd.exe"="C:\\Program Files\\support.com\\bin\\tgcmd.exe:*:Enabled:Support.com Scheduler and Command Dispatcher" "C:\\Program Files\\Anti-Leech\\ALIE_1.0.2.3\\alhlp.exe"="C:\\Program Files\\Anti-Leech\\ALIE_1.0.2.3\\alhlp.exe:*:Enabled:Anti-Leech plugin helper program" "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater" "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:OTI@Home User Interface" "C:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\nsl_host_process.exe"="C:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process " "C:\\Program Files\\TrackMania Original\\TmOriginal.exe"="C:\\Program Files\\TrackMania Original\\TmOriginal.exe:*:Enabled:TmOriginal" "C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe"="C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files: --------------- File Backups: - C:\DOCUME~1\DAVIDA~1\Bureau\SDFix\backups\backups.zip Files with Hidden Attributes: Tue 18 Jul 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Wed 24 Jan 2007 1,642 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti1E.tmp" Mon 23 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Sun 27 Jan 2008 0 A..H. --- "C:\Documents and Settings\David Ansion\Local Settings\Temp\BIT4F8.tmp" Sun 27 Jan 2008 0 A..H. --- "C:\Documents and Settings\David Ansion\Local Settings\Temp\BIT502.tmp" Sun 27 Jan 2008 0 A..H. --- "C:\Documents and Settings\David Ansion\Local Settings\Temp\BIT503.tmp" Sun 27 Jan 2008 0 A..H. --- "C:\Documents and Settings\David Ansion\Local Settings\Temp\BIT507.tmp" Sun 27 Jan 2008 0 A..H. --- "C:\Documents and Settings\David Ansion\Local Settings\Temp\BIT50A.tmp" Sun 27 Jan 2008 0 A..H. --- "C:\Documents and Settings\David Ansion\Local Settings\Temp\BIT50E.tmp" Sun 27 Jan 2008 0 A..H. --- "C:\Documents and Settings\David Ansion\Local Settings\Temp\BIT50F.tmp" Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\770ab2029a713ab32135544cfa9c6da0\BIT48C.tmp" Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT48B.tmp" Finished!

Merci pour la réponse Voici le rapport : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:00:15, on 27/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Browser MOUSE\mouse32a.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Belgacom\bin\sprtcmd.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: The egodktf - {00C1B214-1408-4F51-90AE-7EDAC2FAC36E} - C:\WINDOWS\egodktf.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang FR O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1105\fr-fr\msntb.dll/search.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O21 - SSODL: aslpmqk - {A9EB271E-9DB0-4F28-A628-826C1AF5079C} - C:\WINDOWS\aslpmqk.dll (file missing) O21 - SSODL: bxsnvqt - {472FAFC9-A090-42B2-8655-BA35A24D9973} - C:\WINDOWS\bxsnvqt.dll O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 7948 bytes

Bonjour, Dois-je poster également un nouveau rapport hijackthis ??

Merci pour l'aide Comme demandé voici le rapport: --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 16:08:05 26/01/2008 + Résultat de l'analyse: C:\Documents and Settings\David Ansion\Cookies\david_ansion@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\David Ansion\Cookies\david_ansion@adviva[1].txt -> TrackingCookie.Adviva : Nettoyé. C:\Documents and Settings\David Ansion\Cookies\david_ansion@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé. C:\Documents and Settings\David Ansion\Cookies\david_ansion@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé. C:\Documents and Settings\David Ansion\Cookies\david_ansion@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Documents and Settings\David Ansion\Cookies\david_ansion@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Documents and Settings\David Ansion\Cookies\david_ansion@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\David Ansion\Cookies\david_ansion@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé. Fin du rapport

et voici le second SmitFraudFix v2.274 Rapport fait à 1:24:43,67, sam. 26/01/2008 Executé à partir de C:\Documents and Settings\David Ansion\Mes documents\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\DOCUME~1\DAVIDA~1\Bureau\Error Cleaner.url supprimé C:\DOCUME~1\DAVIDA~1\Bureau\Privacy Protector.url supprimé C:\DOCUME~1\DAVIDA~1\Bureau\Spyware?Malware Protection.url supprimé C:\DOCUME~1\DAVIDA~1\Favoris\Error Cleaner.url supprimé C:\DOCUME~1\DAVIDA~1\Favoris\Privacy Protector.url supprimé C:\DOCUME~1\DAVIDA~1\Favoris\Spyware?Malware Protection.url supprimé »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix.exe by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{FC496D67-49AB-4D65-B307-5A513980E42E}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{FC496D67-49AB-4D65-B307-5A513980E42E}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{FC496D67-49AB-4D65-B307-5A513980E42E}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin

Bonsoir Lien Rag et merci pour la rapidité de réponse Voici le premier rapport: SmitFraudFix v2.274 Rapport fait à 23:45:55,65, ven. 25/01/2008 Executé à partir de C:\Documents and Settings\David Ansion\Mes documents\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Browser MOUSE\mouse32a.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Belgacom\bin\sprtcmd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\David Ansion »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\David Ansion\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DAVIDA~1\Favoris C:\DOCUME~1\DAVIDA~1\Favoris\Error Cleaner.url PRESENT ! C:\DOCUME~1\DAVIDA~1\Favoris\Privacy Protector.url PRESENT ! C:\DOCUME~1\DAVIDA~1\Favoris\Spyware?Malware Protection.url PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Bureau C:\DOCUME~1\DAVIDA~1\Bureau\Error Cleaner.url PRESENT ! C:\DOCUME~1\DAVIDA~1\Bureau\Privacy Protector.url PRESENT ! C:\DOCUME~1\DAVIDA~1\Bureau\Spyware?Malware Protection.url PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix.exe by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Atheros AR5005G Wireless Network Adapter - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{FC496D67-49AB-4D65-B307-5A513980E42E}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{FC496D67-49AB-4D65-B307-5A513980E42E}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin

Bonsoir à tous, Voilà cette fois c'est mon petit frère qui m'a confié son pc infecté pour un bon nettoyage car il voulait éviter le formatage Sachant qu'ici je trouverais des personnes compétentes qui pourront m'aider à réaliser cette tâche, j'ai effectué le pré-nettoyage comme indiqué et vous poste le premier rapport hijackthis. D'avance je vous remercie pour l'attention que vous porterez à mon post. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:39:58, on 25/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Browser MOUSE\mouse32a.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Belgacom\bin\sprtcmd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.skynet.be/search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: The egodktf - {00C1B214-1408-4F51-90AE-7EDAC2FAC36E} - C:\WINDOWS\egodktf.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang FR O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1105\fr-fr\msntb.dll/search.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O21 - SSODL: aslpmqk - {A9EB271E-9DB0-4F28-A628-826C1AF5079C} - C:\WINDOWS\aslpmqk.dll (file missing) O21 - SSODL: bxsnvqt - {472FAFC9-A090-42B2-8655-BA35A24D9973} - C:\WINDOWS\bxsnvqt.dll O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 8407 bytes

un dernier p'tit up ???

Bonsoir, Tout semble fonctionner correctement à présent, mais je me permets de faire ce petit "up" afin de savoir si je peux mettre "RESOLU" dans l'objet de mon sujet ou s'il reste quelques dernières manip à faire ?

Bonjour Oui, il s'agit d'avatars animés et de clin d'oeils pour msn messenger. Après avoir fait tout ce qui a été demandé dans ton message précédent, voici le rapport Blacklight: 08/13/06 14:47:53 [info]: BlackLight Engine 1.0.42 initialized 08/13/06 14:47:53 [info]: OS: 5.1 build 2600 (Service Pack 2) 08/13/06 14:47:54 [Note]: 7019 4 08/13/06 14:47:54 [Note]: 7005 0 08/13/06 14:47:58 [Note]: 7006 0 08/13/06 14:47:58 [Note]: 7011 3024 08/13/06 14:47:58 [Note]: 7026 0 08/13/06 14:47:58 [Note]: 7026 0 08/13/06 14:48:02 [Note]: FSRAW library version 1.7.1019 08/13/06 14:49:14 [Note]: 7007 0 .. et le rapport Panda: Incident Statut Analyse Outil indésirable:Application/WinAntispyware2006 No Désinfecté C:\WINDOWS\system32\drivers\uwasfsd.sys Outil indésirable:Application/Processor No Désinfecté C:\WINDOWS\system32\Process.exe Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Nath\Bureau\SmitfraudFix.zip[smitfraudFix/Process.exe] Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Nath\Bureau\Smitfraudfix\SmitfraudFix\Process.exe Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Nath\Cookies\nath@xiti[1].txt Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\Nath\Cookies\nath@tradedoubler[1].txt

Bonjour Eh oui toujours ces pubs, elles ne veulent pas me lâcher Voici le rapport: 08/06/06 08:29:35 [info]: BlackLight Engine 1.0.42 initialized 08/06/06 08:29:35 [info]: OS: 5.1 build 2600 (Service Pack 2) 08/06/06 08:29:35 [Note]: 7019 4 08/06/06 08:29:35 [Note]: 7005 0 08/06/06 08:29:39 [Note]: 7006 0 08/06/06 08:29:39 [Note]: 7011 1284 08/06/06 08:29:39 [Note]: 7026 0 08/06/06 08:29:40 [Note]: 7026 0 08/06/06 08:29:40 [Note]: 7024 3 08/06/06 08:29:40 [info]: Hidden process: C:\windows\system32\fivpny.exe 08/06/06 08:29:40 [Note]: FSRAW library version 1.7.1019 08/06/06 08:30:17 [info]: Hidden file: C:\windows\system32\fivpny.exe 08/06/06 08:30:17 [info]: Hidden file: c:\WINDOWS\SYSTEM32\FIVPNY.DAT 08/06/06 08:30:40 [info]: Hidden file: c:\WINDOWS\SYSTEM32\FIVPNY~1.DAT 08/06/06 08:30:40 [info]: Hidden file: c:\WINDOWS\SYSTEM32\FIVPNY~4.DAT 08/06/06 08:34:10 [Note]: 7007 0 Bizar, je ne comprends plus rien, il a retrouvé le fameux fichier FIVPNY.exe qu'il m'est impossible de trouver même après modifications des options d'affichage Encore un fichier qu'il m'est impossible à trouver et donc je n'ai pu l'éliminer

Bonjour Pour commencer, je n'ai pas pu analyser le fichier FIVPNY.EXE, il reste introuvable même après avoir suivi les instructions reprises dans ta citation Pour la suite, tu trouveras ci-dessous les deux rapports demandés: C:\WINDOWS\System32\wpa.dbl -->5/08/2006 12:53:18 C:\WINDOWS\System32\eRLog.ini -->5/08/2006 12:53:10 C:\WINDOWS\System32\nvs2.inf -->25/07/2006 18:59:24 C:\WINDOWS\System32\PerfStringBackup.INI -->12/07/2006 23:06:54 C:\WINDOWS\System32\perfh00C.dat -->12/07/2006 23:06:54 C:\WINDOWS\System32\perfc00C.dat -->12/07/2006 23:06:54 C:\WINDOWS\System32\perfh009.dat -->12/07/2006 23:06:54 C:\WINDOWS\System32\perfc009.dat -->12/07/2006 23:06:54 C:\WINDOWS\System32\MRT.exe -->7/07/2006 3:21:46 C:\WINDOWS\System32\WgaLogon.dll -->19/06/2006 16:20:42 C:\WINDOWS\System32\LegitCheckControl.dll -->19/06/2006 16:19:42 C:\WINDOWS\System32\WgaTray.exe -->19/06/2006 16:19:26 C:\WINDOWS\System32\avsda.dll -->17/06/2006 18:58:20 C:\WINDOWS\System32\jgpl400.dll -->1/06/2006 20:48:44 C:\WINDOWS\System32\jgdw400.dll -->1/06/2006 20:48:44 C:\WINDOWS\System32\shdocvw.dll -->29/05/2006 17:29:14 C:\WINDOWS\System32\mshtml.dll -->19/05/2006 17:09:50 C:\WINDOWS\System32\dnsapi.dll -->19/05/2006 15:23:36 C:\WINDOWS\System32\iphlpapi.dll -->19/05/2006 15:23:36 C:\WINDOWS\System32\dhcpcsvc.dll -->19/05/2006 15:23:36 C:\WINDOWS\System32\jscript.dll -->18/05/2006 7:31:22 C:\WINDOWS\System32\rasmans.dll -->14/05/2006 10:48:16 C:\WINDOWS\System32\xpsp3res.dll -->11/05/2006 10:57:36 C:\WINDOWS\System32\shlwapi.dll -->10/05/2006 7:24:40 C:\WINDOWS\System32\urlmon.dll -->10/05/2006 7:24:40 C:\WINDOWS\0.log -->5/08/2006 12:52:42 C:\WINDOWS\ModemLog_SoftV90 Data Fax Modem with SmartCP.txt -->5/08/2006 12:52:38 C:\WINDOWS\wiadebug.log -->5/08/2006 12:52:20 C:\WINDOWS\bootstat.dat -->5/08/2006 12:52:12 C:\WINDOWS\WindowsUpdate.log -->5/08/2006 9:29:48 C:\WINDOWS\SchedLgU.Txt -->5/08/2006 9:29:46 C:\WINDOWS\wiaservc.log -->5/08/2006 9:29:46 C:\WINDOWS\ntbtlog.txt -->4/08/2006 21:28:18 C:\WINDOWS\NeroDigital.ini -->4/08/2006 19:49:58 C:\WINDOWS\ComponentList.xml -->2/08/2006 9:56:24 C:\WINDOWS\setupact.log -->2/08/2006 8:55:38 C:\WINDOWS\setupapi.log -->31/07/2006 15:09:20 C:\WINDOWS\wmsetup.log -->29/07/2006 9:36:46 C:\WINDOWS\pack.epk -->25/07/2006 18:58:16 C:\WINDOWS\WgaNotify.log -->19/07/2006 6:26:56 Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 1B71-12F5 Répertoire de C:\WINDOWS\system32 05/08/2004 05:00 6.144 csrss.exe 1 fichier(s) 6.144 octets 0 Rép(s) 2.617.901.056 octets libres Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 1B71-12F5 Répertoire de C:\Program Files 15/10/2004 11:52 <REP> . 15/10/2004 11:52 <REP> .. 15/10/2004 11:52 <REP> Fichiers communs 15/10/2004 11:57 <REP> Windows NT 15/10/2004 11:57 <REP> MSN 15/10/2004 11:57 <REP> MSN Gaming Zone 15/10/2004 11:57 <REP> Messenger 15/10/2004 11:57 <REP> Windows Media Player 07/04/2006 07:07 <REP> Anti-Leech 15/10/2004 11:58 <REP> ComPlus Applications 15/10/2004 11:58 <REP> Internet Explorer 15/10/2004 11:58 <REP> Outlook Express 15/10/2004 11:58 <REP> NetMeeting 15/10/2004 11:58 <REP> Movie Maker 15/10/2004 11:59 <REP> Services en ligne 15/10/2004 12:01 <REP> microsoft frontpage 15/10/2004 12:01 <REP> xerox 06/07/2005 19:51 <REP> Intel 06/07/2005 19:58 <REP> Synaptics 06/07/2005 19:59 <REP> CONEXANT 15/07/2006 06:56 <REP> FLConline 06/07/2005 20:01 <REP> NewTech Infosystems 06/07/2005 20:03 <REP> Adobe 06/07/2005 20:03 <REP> CyberLink 06/07/2005 20:04 <REP> Acer Inc 25/12/2005 18:58 <REP> Arcade 25/12/2005 18:59 <REP> Launch Manager 25/12/2005 18:59 <REP> acer 25/12/2005 21:15 <REP> Microsoft Works 25/12/2005 21:15 <REP> Microsoft Office 25/07/2006 18:59 <REP> WebMediaPlayer 02/08/2006 10:52 <REP> hijackthis 25/12/2005 23:23 <REP> WinRAR 26/03/2006 15:01 <REP> AntiVir PersonalEdition Classic 25/12/2005 17:43 <REP> DVD Decrypter 25/12/2005 17:44 <REP> DVD Shrink 25/12/2005 17:52 <REP> Microsoft.NET 25/12/2005 18:16 <REP> Alcatel 25/12/2005 18:40 <REP> MSN Messenger 02/08/2006 22:18 <REP> CleanUp! 04/08/2006 18:32 <REP> Spyware Terminator 26/12/2005 18:44 <REP> Ahead 04/01/2006 11:40 <REP> support.com 16/01/2006 01:35 <REP> eMule 18/01/2006 22:19 <REP> PhotoFiltre 22/01/2006 17:57 <REP> HP 22/01/2006 18:16 <REP> Hewlett-Packard 31/01/2006 22:06 <REP> Logitech 31/01/2006 22:16 <REP> directx 02/02/2006 01:54 <REP> Jasc Software Inc 07/02/2006 00:24 <REP> Java 20/02/2006 05:19 <REP> K-Lite Codec Pack 21/02/2006 21:26 <REP> Azureus 25/02/2006 12:55 <REP> vso 0 fichier(s) 0 octets 54 Rép(s) 2.617.901.056 octets libres Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 1B71-12F5 Répertoire de C:\Program Files\fichiers communs 15/10/2004 11:52 <REP> . 15/10/2004 11:52 <REP> .. 15/10/2004 11:52 <REP> Microsoft Shared 15/10/2004 11:52 <REP> SpeechEngines 15/10/2004 11:52 <REP> ODBC 15/10/2004 11:58 <REP> System 15/10/2004 11:58 <REP> MSSoap 15/10/2004 11:58 <REP> Services 06/07/2005 19:50 <REP> InstallShield 06/07/2005 20:01 <REP> NewTech Infosystems 06/07/2005 20:02 <REP> muvee Technologies 25/12/2005 21:26 <REP> Symantec Shared 24/07/2006 00:52 <REP> HP 25/12/2005 17:51 <REP> DESIGNER 26/12/2005 18:44 <REP> Ahead 04/01/2006 14:52 <REP> Adobe 22/01/2006 18:15 <REP> Hewlett-Packard 31/01/2006 22:07 <REP> Logitech 31/01/2006 22:16 <REP> FotoWire 07/02/2006 00:23 <REP> Java 0 fichier(s) 0 octets 20 Rép(s) 2.617.901.056 octets libres c:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe c:\Documents and Settings\Nath\Local Settings\Temporary Internet Files\Content.IE5\U183SZ61\SystemDoctor2006FreeInstall_fr[1].exe c:\Documents and Settings\Nath\Menu Démarrer\Programmes\COKTEL\Désinstalleur Coktel.exe c:\Documents and Settings\Nath\Mes documents\SpywareTerminator.exe c:\Documents and Settings\Nath\Mes documents\Ma musique\cdex_151.exe c:\Documents and Settings\Nath\Mes documents\Mes émoticônes\clin004.exe c:\Documents and Settings\Nath\Mes documents\Mes émoticônes\clin037.exe c:\Documents and Settings\Nath\Mes documents\Mes émoticônes\new\emoadder.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\018.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\ALPluginIE-1.0.2.2-setup.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\Amsn-Pack-0.94.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\antivir_workstation_win7u_en_h.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\Azureus_2.4.0.0_Win32.setup.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\bluemountainripper.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\clinsangelxpamour004.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\clinsangelxpamour009.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\clinsangelxpamour016.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\clinsangelxpamour017.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\clinsangelxpamour031.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\Crack.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\eMule0.46c-Installer.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\klcodec270s.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\mcoviewer1.2.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\moodsangelxp273.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\moodsangelxp280.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\moodsangelxp320.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\moodsangelxp321.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\moodsangelxp326.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\pack4.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\pf-setup.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\vsoConvertXtoDVD2_setup.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\vsoDivxToDVD_setup.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\winkseditor.exe c:\Documents and Settings\Nath\Mes documents\EUD\ans305ev.exe c:\Documents and Settings\Nath\Mes documents\EUD\awiconslitesetup.exe c:\Documents and Settings\Nath\Mes documents\EUD\perfecticon.exe c:\Documents and Settings\Nath\Mes documents\EUD\RSGSetup1.0.42.exe c:\Documents and Settings\Nath\Mes documents\EUD\setup.exe c:\Documents and Settings\Nath\Mes documents\EUD\SetupSwishmax_FRA_Teaser.exe c:\Documents and Settings\Nath\Bureau\CleanUp452.exe c:\Documents and Settings\Nath\Bureau\RegCleaner.exe c:\Documents and Settings\Nath\Bureau\Smitfraudfix\SmitfraudFix\GenericRenosFix.exe c:\Documents and Settings\Nath\Bureau\Smitfraudfix\SmitfraudFix\Process.exe c:\Documents and Settings\Nath\Bureau\Smitfraudfix\SmitfraudFix\Reboot.exe c:\Documents and Settings\Nath\Bureau\Smitfraudfix\SmitfraudFix\restart.exe c:\Documents and Settings\Nath\Bureau\Smitfraudfix\SmitfraudFix\SrchSTS.exe c:\Documents and Settings\Nath\Bureau\Smitfraudfix\SmitfraudFix\swreg.exe c:\Documents and Settings\Nath\Bureau\Smitfraudfix\SmitfraudFix\swsc.exe c:\Documents and Settings\Nath\Bureau\chercher\LFiles.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Zylom\ZylomLoader\zylom\Zuma\Zuma.dll c:\Documents and Settings\Nath\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll Vérifications de quelques clefs Recherche de clefs EGDACCESS HKLM\SOFTWARE\Microsoft\Windows\explorer\SharedTaskScheduler Incident Statut Analyse Outil indésirable:application/winfixer2005 No Désinfecté c:\windows\downloaded program files\USDR6V_0001_D13M1007NetInstaller.exe Outil indésirable:Application/Processor No Désinfecté C:\WINDOWS\system32\Process.exe Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Nath\Bureau\SmitfraudFix.zip[smitfraudFix/Process.exe] Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Nath\Bureau\Smitfraudfix\SmitfraudFix\Process.exe Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Nath\Cookies\nath@atdmt[2].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Nath\Cookies\nath@xiti[1].txt Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\Nath\Cookies\nath@mediaplex[1].txt Spyware:Cookie/ErrorSafe No Désinfecté C:\Documents and Settings\Nath\Cookies\nath@www.errorsafe[1].txt Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\Nath\Cookies\nath@tradedoubler[2].txt Spyware:Cookie/ErrorSafe No Désinfecté C:\Documents and Settings\Nath\Cookies\nath@errorsafe[2].txt Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\Nath\Cookies\nath@adtech[2].txt Spyware:Cookie/Reliablestats No Désinfecté C:\Documents and Settings\Nath\Cookies\nath@stats1.reliablestats[2].txt Pour terminer, depuis ces dernières manip, je n'ai actuellement plus de fenêtres me demandant d'installer Winantispyware ... pourvu que ça dur EDIT: eh bien j'ai parlé trop vite, à ma connection suivante ces fenêtres de demande d'installations de Winantispyware réapparaissent

Bonsoir, WawaSeb merci de l'attention portée à ma requête ainsi que pour ton aide. Charles Ingals, après avoir suivi tes dernières instructions , voici: Le rapport Spyterminator: Scan Progress (Full Scan) Start time: 4/08/2006 21:25:32 Processes Scanning PowerProfile : C:\WINDOWS\SYSTEM32\POWRPROF.DLL Shdocvw : C:\WINDOWS\SYSTEM32\SHDOCVW.DLL Startup Scanning Ctfmon : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ CTFMON.EXE Ctfmon : C:\WINDOWS\SYSTEM32\CTFMON.EXE MessengerService : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ MsnMsgr MessengerService : C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE LDM : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ LDM LDM : C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\LOGITECHDESKTOPMESSENGER.EXE IgfxTray : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ IgfxTray IgfxTray : C:\WINDOWS\SYSTEM32\IGFXTRAY.EXE HotKeysCmds : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ HotKeysCmds HotKeysCmds : C:\WINDOWS\SYSTEM32\HKCMD.EXE SoundMan : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ SoundMan SoundMan : C:\WINDOWS\SOUNDMAN.EXE SynTPLpr : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ SynTPLpr SynTPLpr : C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE SynTPLpr : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ SynTPEnh SynTPLpr : C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE EPM-DM : C:\ACER\EPM\EPM-DM.EXE ePowerManagement : C:\ACER\EPM\EPM.EXE MSIMED : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ IMJPMIG8.1 MSIMED : C:\WINDOWS\IME\IMJP8_1\IMJPMIG.EXE MSPY2002 : C:\WINDOWS\SYSTEM32\IME\PINTLGNT\IMSCINST.EXE PHIME2002A : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ PHIME2002ASync PHIME2002A : C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE PHIME2002A : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ PHIME2002A PCMService : C:\PROGRAM FILES\ARCADE\PCMSERVICE.EXE LaunchAp : C:\PROGRAM FILES\LAUNCH MANAGER\LAUNCHAP.EXE PowerKey : C:\PROGRAM FILES\LAUNCH MANAGER\POWERKEY.EXE LManager : C:\PROGRAM FILES\LAUNCH MANAGER\HOTKEYAPP.EXE CtrlVol : C:\PROGRAM FILES\LAUNCH MANAGER\CTRLVOL.EXE LMgrOSD : C:\PROGRAM FILES\LAUNCH MANAGER\OSDCTRL.EXE Wbutton : C:\PROGRAM FILES\LAUNCH MANAGER\WBUTTON.EXE eRecoveryService : C:\PROGRAM FILES\ACER\ERECOVERY\MONITOR.EXE NeroFilterCheck : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ NeroFilterCheck NeroFilterCheck : C:\WINDOWS\SYSTEM32\NEROCHECK.EXE tgcmd : C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE HPHUpd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ HP Software Update HPHUpd : C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE LogitechVideoRepair : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ LogitechVideoRepair LogitechVideoRepair : C:\PROGRAM FILES\LOGITECH\VIDEO\ISSTART.EXE LogitechVideoTray : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ LogitechVideoTray LogitechVideoTray : C:\PROGRAM FILES\LOGITECH\VIDEO\LOGITRAY.EXE SunJavaUpdateSched : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ SunJavaUpdateSched SunJavaUpdateSched : C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\JUSCHED.EXE avgnt : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ avgnt avgnt : C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\AVGNT.EXE fivpny : C:\WINDOWS\SYSTEM32\FIVPNY.EXE Spyware Terminator : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ SpywareTerminator Spyware Terminator : C:\PROGRAM FILES\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE Explorer : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ Shell Explorer : C:\WINDOWS\EXPLORER.EXE Toolbars Scanning Shdocvw : HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}\ Shdocvw : C:\WINDOWS\SYSTEM32\SHDOCVW.DLL Shdocvw : Explorer.EXE PID: 1448 Shdocvw : SpywareTerminator.exe PID: 1580 Shdocvw : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}\ Shdocvw : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}\ Browser Helper Objects Scanning AcroIEHelper : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ AcroIEHelper : C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL SSJava : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ SSJava : C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL IE Explorer Bars IE Extensions Services Scanning Protocol filters Scanning Protocol handlers Scanning WinSock2 Scanning Uninstallers Scanning C:\WINDOWS\ISUNINST.EXE C:\Program Files\AMSN\uninstall.exe C:\PROGRAM FILES\ANTI-LEECH\ALIE_1.0.2.3\IESETUP2.EXE C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\SETUP.EXE C:\PROGRAM FILES\AZUREUS\UNINSTALL.EXE C:\PROGRAM FILES\CLEANUP!\UNINSTALL.EXE C:\PROGRAM FILES\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_006A1025\HXFSETUP.EXE C:\PROGRAM FILES\DVD DECRYPTER\UNINSTALL.EXE C:\PROGRAM FILES\DVD SHRINK\UNINS000.EXE C:\PROGRAM FILES\EMULE\UNINSTALL.EXE C:\PROGRAM FILES\FLCONLINE\UNINS000.EXE C:\WINDOWS\UNINST32.EXE C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE C:\PROGRAM FILES\HP\DIGITAL IMAGING\DIGITALIMAGINGMONITOR\HPZSCR01.EXE HPHUpd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Imaging Device Functions\ C:\PROGRAM FILES\HP\DIGITAL IMAGING\ESUPPORT\HPZSCR01.EXE HPHUpd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Solution Center & Imaging Support Tools\ C:\Program Files\Fichiers communs\InstallShield\Driver\7\Intel 32\IDriver.exe C:\PROGRAM FILES\FICHIERS COMMUNS\INSTALLSHIELD\DRIVER\8\INTEL 32\IDRIVER.EXE C:\WINDOWS\$NTUNINSTALLKB873339$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB885250$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB885835$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB885836$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB886185$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB887472$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB887742$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB888113$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB888302$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB890046$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB890859$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB891781$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB893066$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB893756$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$MSI31UNINSTALL_KB893803V2$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB894391$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB896358$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB896422$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB896423$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB896424$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB896428$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB898461$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB899587$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB899591$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB900485$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB900725$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB901017$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB901190$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB901214$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB902400$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB904706$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB905414$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB905749$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB905915$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB908519$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB908531$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB910437$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB911280$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB911562$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB911564$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB911565$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB911567$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB911927$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB912812$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB912919$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB913446$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB913580$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB914388$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB914389$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB916281$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB916595$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB917159$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB917344$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB917734_WMP9$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB917953$\SPUNINST\SPUNINST.EXE C:\WINDOWS\$NTUNINSTALLKB918439$\SPUNINST\SPUNINST.EXE C:\PROGRAM FILES\K-LITE CODEC PACK\UNINS000.EXE C:\Program Files\Logitech\Print Service\UNWISE.EXE C:\PROGRAM FILES\AHEAD\NERO\UNINSTALL\UNNERO.EXE C:\WINDOWS\system32\SETUPAPI.DLL C:\PROGRAM FILES\PHOTOFILTRE\UNINST.EXE C:\PROGRAM FILES\FICHIERS COMMUNS\LOGITECH\QCDRV\BIN\SETUP.EXE C:\WINDOWS\INF\SWFLASH.INF C:\PROGRAM FILES\SPYWARE TERMINATOR\UNINS000.EXE C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNISDLL.DLL C:\PROGRAM FILES\WINRAR\UNINSTALL.EXE C:\WINDOWS\system32\MSIEXEC.EXE C:\Program Files\Fichiers communs\InstallShield\Engine\6\Intel 32\ctor.dll C:\Program Files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll C:\PROGRAM FILES\HP\DIGITAL IMAGING\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\SETUP\HPZSCR01.EXE HPHUpd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\ C:\WINDOWS\SYSTEM32\IALMREM.DLL C:\PROGRAM FILES\VSO\CONVERTXTODVD\UNINS000.EXE Start Menu Scanning Explorer : C:\Documents and Settings\Nath\Menu Démarrer\Programmes\Accessoires\Explorateur Windows.lnk SynchronizationManager : C:\Documents and Settings\Nath\Menu Démarrer\Programmes\Accessoires\Synchroniser.lnk HPHUpd : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk Explorer : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Accessoires\Communications\Connexions réseau.lnk Explorer : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Accessoires\Outils système\Tâches planifiées.lnk HPHUpd : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HP\HP Product Assistant.lnk HPHUpd : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HP\Mises à jour de logiciels HP.lnk HPHUpd : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HP\Centre de solutions HP.lnk HPHUpd : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HP\Visite guidée du logiciel HP.lnk HPHUpd : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HP\PSC All-In-One 1400 series\Désinstaller.lnk HPHUpd : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HP\PSC All-In-One 1400 series\Enregistrement du produit.lnk HPHUpd : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HP\HP Photosmart Essential\HP Photosmart Essential.lnk HPHUpd : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HP\HP Photosmart Essential.lnk HPHUpd : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Enregistrement OCR I.R.I.S..lnk Explorer : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Logitech\Mes photos Logitech.lnk Spyware Terminator : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Spyware Terminator\Spyware Terminator.lnk HPHUpd : C:\Documents and Settings\All Users\Menu Démarrer\Centre de solutions HP.lnk Desktop Scanning PrcRew : C:\Documents and Settings\Nath\Bureau\Smitfraudfix\SmitfraudFix\Process.exe Favorites Scanning Cookies Scanning Registry Scanning AcroIEHelper : HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ AcroIEHelper : C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL MSDXM : HKCR\CLSID\{8E718888-423F-11D2-876E-00A0C9082467}\ MSDXM : C:\WINDOWS\SYSTEM32\MSDXM.OCX SSJava : HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ SSJava : C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL Files Scanning Spyware Terminator : C:\Program Files\Spyware Terminator\Spywareterminatorshield.exe Spyware Terminator : C:\Program Files\Spyware Terminator\Spywareterminator.exe SoundMan : C:\WINDOWS\soundman.exe MessengerService : C:\Program Files\MSN Messenger\msnmsgr.exe MessengerService : C:\Program Files\Messenger\msmsgs.exe Ctfmon : C:\WINDOWS\system32\ctfmon.exe IgfxTray : C:\WINDOWS\system32\igfxtray.exe SynTPLpr : C:\Program Files\Synaptics\SynTP\SynTPLpr.exe SynTPLpr : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe HotKeysCmds : C:\WINDOWS\system32\hkcmd.exe NeroFilterCheck : C:\WINDOWS\system32\NeroCheck.exe MSConfig : C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe SynchronizationManager : C:\WINDOWS\system32\mobsync.exe NBJ : C:\Program Files\Ahead\Nero BackItUp\NBJ.exe MSDXM : C:\WINDOWS\system32\msdxm.ocx StillImageMonitor : C:\WINDOWS\system32\STIMON.EXE LogitechVideoTray : C:\Program Files\Logitech\Video\LogiTray.exe LogitechVideoRepair : C:\Program Files\Logitech\Video\ISStart.exe MSIMED : C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE MSIMED : C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE GrpConv : C:\WINDOWS\system32\grpconv.exe LDM : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe Wextract : C:\WINDOWS\system32\advpack.dll KernelFaultCheck : C:\WINDOWS\system32\dumprep.exe Explorer : C:\WINDOWS\explorer.exe PowerProfile : C:\WINDOWS\system32\powrprof.dll BluetoothControlPanel : C:\WINDOWS\system32\bthprops.cpl Shdocvw : C:\WINDOWS\system32\shdocvw.dll PHIME2002ASync : C:\WINDOWS\system32\dllcache\tintsetp.exe MSPY2002 : C:\WINDOWS\system32\dllcache\imscinst.exe PHIME2002A : C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE avgnt : C:\Program Files\ANTIVIR PERSONALEDITION CLASSIC\avgnt.exe Verclsid : C:\WINDOWS\system32\verclsid.exe Systray : C:\WINDOWS\system32\systray.exe Preparing DeepFile Scan DeepFiles Scanning Explorer : C:\WINDOWS\explorer.exe SoundMan : C:\WINDOWS\SOUNDMAN.EXE MSPY2002 : C:\WINDOWS\system32\dllcache\imscinst.exe PHIME2002ASync : C:\WINDOWS\system32\dllcache\tintsetp.exe PHIME2002A : C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE KernelFaultCheck : C:\WINDOWS\system32\dumprep.exe PowerProfile : C:\WINDOWS\system32\powrprof.dll Wextract : C:\WINDOWS\system32\advpack.dll BluetoothControlPanel : C:\WINDOWS\system32\bthprops.cpl GrpConv : C:\WINDOWS\system32\grpconv.exe SynchronizationManager : C:\WINDOWS\system32\mobsync.exe StillImageMonitor : C:\WINDOWS\system32\stimon.exe Ctfmon : C:\WINDOWS\system32\ctfmon.exe MSDXM : C:\WINDOWS\system32\msdxm.ocx IgfxTray : C:\WINDOWS\system32\igfxtray.exe HotKeysCmds : C:\WINDOWS\system32\hkcmd.exe Verclsid : C:\WINDOWS\system32\verclsid.exe Shdocvw : C:\WINDOWS\system32\shdocvw.dll PrcRew : C:\WINDOWS\system32\Process.exe NeroFilterCheck : C:\WINDOWS\system32\NeroCheck.exe MSIMED : C:\WINDOWS\ime\imjp8_1\imjpmig.exe MSIMED : C:\WINDOWS\ime\imkr6_1\imekrmig.exe MSConfig : C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe PrcRew : C:\Documents and Settings\Nath\Bureau\Smitfraudfix\SmitfraudFix\Process.exe MessengerService : C:\Program Files\Messenger\msmsgs.exe SynTPLpr : C:\Program Files\Synaptics\SynTP\SynTPLpr.exe SynTPLpr : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe AcroIEHelper : C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll avgnt : C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe MessengerService : C:\Program Files\MSN Messenger\msnmsgr.exe Spyware Terminator : C:\Program Files\Spyware Terminator\SpywareTerminator.exe Spyware Terminator : C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe NBJ : C:\Program Files\Ahead\Nero BackItUp\NBJ.exe HPHUpd : C:\Program Files\HP\Temp\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe HPHUpd : C:\Program Files\HP\Temp\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzmsi01.exe HPHUpd : C:\Program Files\HP\Temp\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzrcv01.exe HPHUpd : C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe HPHUpd : C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzmsi01.exe HPHUpd : C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzpsl01.exe HPHUpd : C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzdui01.exe HPHUpd : C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzcdl01.exe HPHUpd : C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpoapd01.exe HPHUpd : C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpznop01.exe HPHUpd : C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzgat01.exe HPHUpd : C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzwrp01.exe HPHUpd : C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\hpzsetup.exe HPHUpd : C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\util\aio\hpopdi05.exe HPHUpd : C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\util\aio\hpopin05.exe HPHUpd : C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\util\common\hpzghl12.exe HPHUpd : C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\util\common\hpzpin12.exe HPHUpd : C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\util\common\hpqisc09.exe HPHUpd : C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\common\drivers\com_os\hpzstw12.exe HPHUpd : C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\common\drivers\com_os\hpzcfg12.exe HPHUpd : C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\common\drivers\com_os\hpzeng12.exe HPHUpd : C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\common\drivers\com_os\hpzpre12.exe HPHUpd : C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\common\drivers\com_os\hpzstc12.exe HPHUpd : C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\common\drivers\com_os\hpztbu12.exe HPHUpd : C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\common\drivers\com_os\hpztbx12.exe HPHUpd : C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\hpzglu12.exe HPHUpd : C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup.exe HPHUpd : C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\hpzcdl01.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hpqisc09.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hposvc08.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hpostl08.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hpqtax08.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hposid01.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hpqpprop.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hpospd08.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hpqvwr08.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hpsjrreg.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hpqvpswp.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hpqprntw.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hpqaol08.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hpqclpbd.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\DestTest.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hpqacdse.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hpqcsaha.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hpqdstcp.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hpqirs08.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hpqptc08.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\svtf.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hpqudc08.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hpqEmlsz.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\ppcue.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\HPXMLPDF.exe HPHUpd : C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe HPHUpd : C:\Program Files\HP\Digital Imaging\Help\cuetour\START.exe HPHUpd : C:\Program Files\HP\Digital Imaging\Help\player\FlashPla.exe HPHUpd : C:\Program Files\HP\Digital Imaging\Help\player\fscommand\buffer_swf.exe HPHUpd : C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbUpdate.exe HPHUpd : C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe HPHUpd : C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbui.exe HPHUpd : C:\Program Files\HP\Digital Imaging\esupport\hpzscr01.exe HPHUpd : C:\Program Files\HP\Digital Imaging\esupport\hpzmsi01.exe HPHUpd : C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe HPHUpd : C:\Program Files\HP\Digital Imaging\Unload\HpqDIAS.exe HPHUpd : C:\Program Files\HP\Digital Imaging\Unload\HpqApkil.exe HPHUpd : C:\Program Files\HP\Digital Imaging\Unload\HpqPSmon.exe HPHUpd : C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe HPHUpd : C:\Program Files\HP\Digital Imaging\Unload\HpqUnApl.exe HPHUpd : C:\Program Files\HP\Digital Imaging\Unload\HpqUnSet.exe HPHUpd : C:\Program Files\HP\Digital Imaging\DocProc\DocProc.exe HPHUpd : C:\Program Files\HP\Digital Imaging\DocProc\dpe_ocr.exe HPHUpd : C:\Program Files\HP\Digital Imaging\DocProc\regipe.exe HPHUpd : C:\Program Files\HP\Digital Imaging\digitalimagingmonitor\hpzscr01.exe HPHUpd : C:\Program Files\HP\Digital Imaging\digitalimagingmonitor\hpzmsi01.exe HPHUpd : C:\Program Files\HP\HP Software Update\hpwuSchd2.exe HPHUpd : C:\Program Files\HP\HP Software Update\HPWUCli.exe HPHUpd : C:\Program Files\HP\HP Software Update\SelfUpdate.exe HPHUpd : C:\Program Files\HP\Photosmart Essential\HP_IZE.exe LDM : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe LogitechVideoTray : C:\Program Files\Logitech\Video\LogiTray.exe LogitechVideoRepair : C:\Program Files\Logitech\Video\ISStart.exe SunJavaUpdateSched : C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe SSJava : C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll Done Scan Summary: Total Scanning Time : 4401,77 s Objects Scanned : 49.637 Objects Identified : 186 Objects Ignored : 0 Critical Objects : 0 Et le rapport hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 23:10:35, on 4/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\acer\epm\epm-dm.exe C:\Program Files\Arcade\PCMService.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Launch Manager\PowerKey.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSDCtrl.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Program Files\Acer\eRecovery\Monitor.exe C:\Program Files\Support.com\bin\tgcmd.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\LVComS.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe" O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135577985734 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O18 - Protocol: bwz0s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Bonjour Charles et WawaSeb, A propos de Amsn, il s'agissait bien du logiciel de messagerie instantanée alternatif à MSN Messenger; heureusement je ne m'en servais plus depuis quelques temps Voici les différents rapports comme demandé plus haut: Le Startuplist: StartupList report, 3/08/2006, 9:30:26 StartupList version: 1.52.2 Started from : C:\Program Files\hijackthis\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\acer\epm\epm-dm.exe C:\Program Files\Arcade\PCMService.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\PowerKey.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSDCtrl.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Program Files\Acer\eRecovery\Monitor.exe C:\Program Files\Support.com\bin\tgcmd.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\LVComS.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\hijackthis\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Nath\Menu Démarrer\Programmes\Démarrage] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage] HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run IgfxTray = C:\WINDOWS\system32\igfxtray.exe HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe SoundMan = SOUNDMAN.EXE SynTPLpr = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe EPM-DM = c:\acer\epm\epm-dm.exe ePowerManagement = C:\Acer\ePM\ePM.exe boot IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 MSPY2002 = C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName PCMService = "C:\Program Files\Arcade\PCMService.exe" LaunchAp = "C:\Program Files\Launch Manager\LaunchAp.exe" PowerKey = "C:\Program Files\Launch Manager\PowerKey.exe" LManager = "C:\Program Files\Launch Manager\HotkeyApp.exe" CtrlVol = "C:\Program Files\Launch Manager\CtrlVol.exe" LMgrOSD = "C:\Program Files\Launch Manager\OSDCtrl.exe" Wbutton = "C:\Program Files\Launch Manager\Wbutton.exe" eRecoveryService = C:\Program Files\Acer\eRecovery\Monitor.exe NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe tgcmd = "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe LogitechVideoRepair = C:\Program Files\Logitech\Video\ISStart.exe LogitechVideoTray = C:\Program Files\Logitech\Video\LogiTray.exe SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe avgnt = "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background LDM = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] *No values found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce [setup] *No values found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce [setup] *No values found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\system32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{8b15971b-5355-4c82-8c07-7e181ea07608}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *No subkeys found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Regedit.exe has no CompanyName property! It is either missing or named something else. - Regedit.exe has no OriginalFilename property! It is either missing or named something else. - Regedit.exe has no FileDescription property! It is either missing or named something else. Registry check failed! -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -------------------------------------------------- Enumerating Task Scheduler jobs: Low Battery Alarm Program.job -------------------------------------------------- Enumerating Download Program Files: [MUWebControl Class] InProcServer32 = C:\WINDOWS\system32\muweb.dll CODEBASE = http://update.microsoft.com/microsoftupdat...b?1135577985734 [Java Plug-in] InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}] InProcServer32 = C:\WINDOWS\system32\macromed\download\Download.dll CODEBASE = http://fpdownload.macromedia.com/get/shock...h/ultrashim.cab [MsnMessengerSetupDownloadControl Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx CODEBASE = http://messenger.msn.com/download/MsnMesse...pDownloader.cab [Java Plug-in] InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [Java Plug-in 1.5.0_06] InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll Protocol #16: C:\WINDOWS\system32\mswsock.dll Protocol #17: C:\WINDOWS\system32\mswsock.dll Protocol #18: C:\WINDOWS\system32\mswsock.dll Protocol #19: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services abp480n5: system32\DRIVERS\ABP480N5.SYS (system) Pilote ACPI Microsoft: system32\DRIVERS\ACPI.sys (system) Pilote de contrôleur intégré Microsoft: system32\DRIVERS\ACPIEC.sys (system) adpu160m: system32\DRIVERS\adpu160m.sys (system) Suppresseur d'écho acoustique (Noyau Microsoft): system32\drivers\aec.sys (manual start) AFD: \SystemRoot\System32\drivers\afd.sys (system) Filtre de bus AGP Intel: system32\DRIVERS\agp440.sys (system) Filtre de bus AGP Compaq: system32\DRIVERS\agpCPQ.sys (system) Aha154x: system32\DRIVERS\aha154x.sys (system) aic78u2: system32\DRIVERS\aic78u2.sys (system) aic78xx: system32\DRIVERS\aic78xx.sys (system) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN): system32\DRIVERS\alcan5wn.sys (manual start) SpeedTouch ADSL Modem ATM Transport: system32\DRIVERS\alcaudsl.sys (manual start) Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start) Avertissement: %SystemRoot%\system32\svchost.exe -k LocalService (disabled) Service de la passerelle de la couche Application: %SystemRoot%\System32\alg.exe (manual start) AliIde: system32\DRIVERS\aliide.sys (system) Filtre de bus AGP ALI: system32\DRIVERS\alim1541.sys (system) Pilote de filtre du bus AMD AGP: system32\DRIVERS\amdagp.sys (system) amsint: system32\DRIVERS\amsint.sys (system) Notebook Manager Service: C:\Acer\eManager\anbmServ.exe (autostart) AntiVir Scheduler: C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (autostart) AntiVir PersonalEdition Classic Service: C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (autostart) Gestion d'applications: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Atheros Wireless Network Adapter Service: system32\DRIVERS\ar5211.sys (manual start) Protocole client ARP 1394: system32\DRIVERS\arp1394.sys (manual start) asc: system32\DRIVERS\asc.sys (system) asc3350p: system32\DRIVERS\asc3350p.sys (system) asc3550: system32\DRIVERS\asc3550.sys (system) Pilote de média asynchrone RAS: system32\DRIVERS\asyncmac.sys (manual start) Contrôleur de disque dur IDE/ESDI standard: system32\DRIVERS\atapi.sys (system) Protocole client ATM ARP: system32\DRIVERS\atmarpc.sys (manual start) Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote audio Stub: system32\DRIVERS\audstub.sys (manual start) avgntdd: SYSTEM32\DRIVERS\avgntdd.sys (system) avgntmgr: SYSTEM32\drivers\avgntmgr.sys (system) Service de transfert intelligent en arrière-plan: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Explorateur d'ordinateur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) cbidf: system32\DRIVERS\cbidf2k.sys (system) Décodeur sous-titre fermé: system32\DRIVERS\CCDECODE.sys (manual start) cd20xrnt: system32\DRIVERS\cd20xrnt.sys (system) Pilote de CD-ROM: system32\DRIVERS\cdrom.sys (system) Service d'indexation: %SystemRoot%\system32\cisvc.exe (manual start) Gestionnaire de l'Album: %SystemRoot%\system32\clipsrv.exe (disabled) Pilote pour Batterie à méthode de contrôle ACPI Microsoft: system32\DRIVERS\CmBatt.sys (manual start) CmdIde: system32\DRIVERS\cmdide.sys (system) Pilote de batterie composite Microsoft: system32\DRIVERS\compbatt.sys (system) Application système COM+: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Cpqarray: system32\DRIVERS\cpqarray.sys (system) Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) dac2w2k: system32\DRIVERS\dac2w2k.sys (system) dac960nt: system32\DRIVERS\dac960nt.sys (system) Lanceur de processus serveur DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) Client DHCP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de disque: system32\DRIVERS\disk.sys (system) Service d'administration du Gestionnaire de disque logique: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) dmio: System32\drivers\dmio.sys (disabled) dmload: System32\drivers\dmload.sys (disabled) Gestionnaire de disque logique: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Synthétiseur DLS du noyau Microsoft: system32\drivers\DMusic.sys (manual start) Client DNS: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart) dpti2o: system32\DRIVERS\dpti2o.sys (system) Filtre de décodeur DRM (Noyau Microsoft): system32\drivers\drmkaud.sys (manual start) Acer EPM Power Scheme Driver: \??\C:\WINDOWS\system32\drivers\epm-psd.sys (autostart) Acer EPM System Hardware Driver: \??\C:\WINDOWS\system32\drivers\epm-shd.sys (autostart) Service de rapport d'erreurs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Journal des événements: %SystemRoot%\system32\services.exe (autostart) Système d'événements de COM+: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start) Compatibilité avec le Changement rapide d'utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Fax: %systemroot%\system32\fxssvc.exe (autostart) Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet: system32\DRIVERS\fetnd5.sys (manual start) FltMgr: system32\DRIVERS\fltMgr.sys (system) Pilote du Gestionnaire de volume: system32\DRIVERS\ftdisk.sys (system) Filtre AGP version 3.0 générique Microsoft pour plates-formes à base de processeur K8: system32\DRIVERS\gagp30kx.sys (system) Classificateur de paquets générique: system32\DRIVERS\msgpc.sys (manual start) Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Accès du périphérique d'interface utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Pilote de classe HID Microsoft: system32\DRIVERS\hidusb.sys (manual start) hpn: system32\DRIVERS\hpn.sys (system) IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start) Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start) USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start) HSFHWICH: system32\DRIVERS\HSFHWICH.sys (manual start) HSF_DP: system32\DRIVERS\HSF_DP.sys (manual start) HTTP: System32\Drivers\HTTP.sys (manual start) HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start) i2omp: system32\DRIVERS\i2omp.sys (system) Pilote pour clavier i8042 et souris sur port PS/2: system32\DRIVERS\i8042prt.sys (system) ialm: system32\DRIVERS\ialmnt5.sys (manual start) Pilote de filtre de gravure CD: system32\DRIVERS\imapi.sys (system) Service COM de gravage de CD IMAPI: C:\WINDOWS\system32\imapi.exe (manual start) ini910u: system32\DRIVERS\ini910u.sys (system) int15.sys: \??\C:\Program Files\Acer\eRecovery\int15.sys (autostart) IntelIde: system32\DRIVERS\intelide.sys (system) Pilote de processeur Intel: system32\DRIVERS\intelppm.sys (system) Pilote du pare-feu Windows IPv6: system32\DRIVERS\Ip6Fw.sys (manual start) Pilote de filtre de trafic IP: system32\DRIVERS\ipfltdrv.sys (manual start) Pilote de tunnelage IP dans IP: system32\DRIVERS\ipinip.sys (manual start) Traducteur d'adresses réseau IP: system32\DRIVERS\ipnat.sys (manual start) Pilote IPSEC: system32\DRIVERS\ipsec.sys (system) Service énumérateur IR: system32\DRIVERS\irenum.sys (manual start) Pilote de bus Plug-and-Play ISA/EISA: system32\DRIVERS\isapnp.sys (system) Pilote de la classe Clavier: system32\DRIVERS\kbdclass.sys (system) Mélangeur audio Wave de noyau Microsoft: system32\drivers\kmixer.sys (manual start) Serveur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Station de travail: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Assistance TCP/IP NetBIOS: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) mdmxsdk: system32\DRIVERS\mdmxsdk.sys (autostart) Affichage des messages: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) Partage de Bureau à distance NetMeeting: C:\WINDOWS\system32\mnmsrvc.exe (manual start) Pilote de la classe Souris: system32\DRIVERS\mouclass.sys (system) Pilote HID de souris: system32\DRIVERS\mouhid.sys (manual start) mraid35x: system32\DRIVERS\mraid35x.sys (system) Redirecteur client WebDav: system32\DRIVERS\mrxdav.sys (manual start) MRXSMB: system32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start) Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start) Proxy de service de répartition Microsoft: system32\drivers\MSKSSRV.sys (manual start) Proxy d'horloge de répartition Microsoft: system32\drivers\MSPCLOCK.sys (manual start) Proxy de gestion de qualité de répartition Microsoft: system32\drivers\MSPQM.sys (manual start) Pilote BIOS de gestion de systèmes Microsoft: system32\DRIVERS\mssmbios.sys (manual start) Convertisseur en T/site-à-site de répartition Microsoft: system32\drivers\MSTEE.sys (manual start) Codec NABTS/FEC VBI: system32\DRIVERS\NABTSFEC.sys (manual start) Connection TV/vidéo Microsoft: system32\DRIVERS\NdisIP.sys (manual start) Pilote TAPI NDIS d'accès distant: system32\DRIVERS\ndistapi.sys (manual start) NDIS mode utilisateur E/S Protocole: system32\DRIVERS\ndisuio.sys (manual start) Pilote réseau étendu NDIS d'accès distant: system32\DRIVERS\ndiswan.sys (manual start) Interface NetBIOS: system32\DRIVERS\netbios.sys (system) NetBIOS sur TCP/IP: system32\DRIVERS\netbt.sys (system) DDE réseau: %SystemRoot%\system32\netdde.exe (disabled) DSDM DDE réseau: %SystemRoot%\system32\netdde.exe (disabled) Ouverture de session réseau: %SystemRoot%\system32\lsass.exe (manual start) Connexions réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote réseau 1394: system32\DRIVERS\nic1394.sys (manual start) NLA (Network Location Awareness): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Pilote de périphérique infrarouge NSC: system32\DRIVERS\nscirda.sys (manual start) Upper Class Filter Driver: system32\DRIVERS\NTIDrvr.sys (manual start) Fournisseur de la prise en charge de sécurité LM NT: %SystemRoot%\system32\lsass.exe (manual start) Stockage amovible: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Pilote de filtre de trafic IPX: system32\DRIVERS\nwlnkflt.sys (manual start) Pilote de transfert de trafic IPX: system32\DRIVERS\nwlnkfwd.sys (manual start) Contrôleur hôte Texas Instruments IEEE 1394 compatible OHCI (Open Host Controller Interface): system32\DRIVERS\ohci1394.sys (system) osaio: \??\C:\WINDOWS\system32\drivers\osaio.sys (autostart) osanbm: \??\C:\WINDOWS\system32\drivers\osanbm.sys (autostart) Office Source Engine: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE" (manual start) Pilote de port parallèle: system32\DRIVERS\parport.sys (manual start) Pilote de bus PCI: system32\DRIVERS\pci.sys (system) PCIIde: system32\DRIVERS\pciide.sys (system) Pcmcia: system32\DRIVERS\pcmcia.sys (system) Low level access layer for CD devices: System32\Drivers\Pcouffin.sys (manual start) perc2: system32\DRIVERS\perc2.sys (system) perc2hib: system32\DRIVERS\perc2hib.sys (system) Padus ASPI Shell: system32\drivers\pfc.sys (manual start) Logitech QuickCam Express(PID_0920): system32\DRIVERS\LV532AV.SYS (manual start) Plug-and-Play: %SystemRoot%\system32\services.exe (autostart) Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (autostart) Services IPSEC: %SystemRoot%\system32\lsass.exe (autostart) POWERKEY: \??\C:\Program Files\Launch Manager\POWERKEY.sys (manual start) Miniport réseau étendu (PPTP): system32\DRIVERS\raspptp.sys (manual start) Pilote processeur: system32\DRIVERS\processr.sys (system) Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart) Planificateur de paquets QoS: system32\DRIVERS\psched.sys (manual start) Pilote de liaison parallèle directe: system32\DRIVERS\ptilink.sys (manual start) ql1080: system32\DRIVERS\ql1080.sys (system) Ql10wnt: system32\DRIVERS\ql10wnt.sys (system) ql12160: system32\DRIVERS\ql12160.sys (system) ql1240: system32\DRIVERS\ql1240.sys (system) ql1280: system32\DRIVERS\ql1280.sys (system) Pilote de connexion automatique d'accès distant: system32\DRIVERS\rasacd.sys (system) Gestionnaire de connexion automatique d'accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Miniport réseau étendu (IrDA): system32\DRIVERS\rasirda.sys (manual start) Miniport réseau étendu (L2TP): system32\DRIVERS\rasl2tp.sys (manual start) Gestionnaire de connexions d'accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Pilote PPPOE d'accès à distance: system32\DRIVERS\raspppoe.sys (manual start) Parallèle direct: system32\DRIVERS\raspti.sys (manual start) Rdbss: system32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Pilote de redirecteur de périphérique Terminal Server: system32\DRIVERS\rdpdr.sys (manual start) Gestionnaire de session d'aide sur le Bureau à distance: C:\WINDOWS\system32\sessmgr.exe (manual start) Pilote de filtre de lecture digitale de CD audio: system32\DRIVERS\redbook.sys (system) Routage et accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) Localisateur d'appels de procédure distante (RPC): %SystemRoot%\system32\locator.exe (manual start) Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start) Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver: system32\DRIVERS\Rtlnicxp.sys (manual start) Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart) Carte à puce: %SystemRoot%\System32\SCardSvr.exe (manual start) Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: system32\DRIVERS\secdrv.sys (manual start) Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pare-feu Windows / Partage de connexion Internet: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Filtre de bus AGP SIS: system32\DRIVERS\sisagp.sys (system) Détrameur décalage BDA: system32\DRIVERS\SLIP.sys (manual start) Sparrow: system32\DRIVERS\sparrow.sys (system) Splitter audio du noyau Microsoft: system32\drivers\splitter.sys (manual start) Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart) Dual Camera: System32\Drivers\Capt905c.sys (manual start) Pilote de filtre de restauration système: system32\DRIVERS\sr.sys (system) Service de restauration système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Srv: system32\DRIVERS\srv.sys (manual start) Service de découvertes SSDP: %SystemRoot%\system32\svchost.exe -k LocalService (manual start) Acquisition d'image Windows (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart) BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start) Pilote de bus logiciel: system32\DRIVERS\swenum.sys (manual start) Synthétiseur de table de sons GC noyau Microsoft: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{ECDE7233-FB90-483B-BECC-D60256BB2265} (manual start) symc810: system32\DRIVERS\symc810.sys (system) symc8xx: system32\DRIVERS\symc8xx.sys (system) sym_hi: system32\DRIVERS\sym_hi.sys (system) sym_u3: system32\DRIVERS\sym_u3.sys (system) Synaptics TouchPad Driver: system32\DRIVERS\SynTP.sys (manual start) Périphérique audio système du noyau Microsoft: system32\drivers\sysaudio.sys (manual start) Journaux et alertes de performance: %SystemRoot%\system32\smlogsvc.exe (manual start) Téléphonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote du protocole TCP/IP: system32\DRIVERS\tcpip.sys (system) Pilote de périphérique terminal: system32\DRIVERS\termdd.sys (system) Services Terminal Server: %SystemRoot%\System32\svchost -k DComLaunch (manual start) Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) TosIde: system32\DRIVERS\toside.sys (system) Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) ultra: system32\DRIVERS\ultra.sys (system) Pilote de mise à jour microcode: system32\DRIVERS\update.sys (manual start) Hôte de périphérique universel Plug-and-Play: %SystemRoot%\system32\svchost.exe -k LocalService (manual start) Onduleur: %SystemRoot%\System32\ups.exe (manual start) Pilote parent générique USB Microsoft: system32\DRIVERS\usbccgp.sys (manual start) Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0: system32\DRIVERS\usbehci.sys (manual start) Concentrateur USB2: system32\DRIVERS\usbhub.sys (manual start) Classe d'imprimantes USB Microsoft: system32\DRIVERS\usbprint.sys (manual start) Pilote de scanneur USB: system32\DRIVERS\usbscan.sys (manual start) Pilote de stockage de masse USB: system32\DRIVERS\USBSTOR.SYS (manual start) Pilote miniport de contrôleur hôte universel USB Microsoft: system32\DRIVERS\usbuhci.sys (manual start) VgaSave: \SystemRoot\System32\drivers\vga.sys (system) Filtre de bus AGP VIA: system32\DRIVERS\viaagp.sys (system) ViaIde: system32\DRIVERS\viaide.sys (system) Cliché instantané de volume: %SystemRoot%\System32\vssvc.exe (manual start) Horloge Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote ARP IP d'accès distant: system32\DRIVERS\wanarp.sys (manual start) Wbutton: \SystemRoot\system32\drivers\Wbutton.sys (system) Pilote WINMM de compatibilité audio WDM Microsoft: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) winachsf: system32\DRIVERS\HSF_CNXT.sys (manual start) Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Service de numéro de série du lecteur multimédia portable: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Interface de gestion Microsoft Windows pour ACPI: system32\DRIVERS\wmiacpi.sys (system) Carte de performance WMI: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start) Centre de sécurité: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Codec Teletext standard: system32\DRIVERS\WSTCODEC.SYS (manual start) Mises à jour automatiques: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Service d'approvisionnement réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *No values found* -------------------------------------------------- End of report, 39.123 bytes Report generated in 0,125 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only L'uninstall list: Acer eManager for Notebook Acer ePowerManagement Acer GridVista Adobe Reader 6.0 - Français AMSN-Pack (remove only) Anti-Leech Plugin for Internet Explorer Arcade 3.0 Archiveur WinRAR Avira AntiVir PersonalEdition Classic Azureus Belgacom Genius CleanUp! ConvertXtoDVD 2.0.4 Correctif Windows XP - KB873339 Correctif Windows XP - KB885250 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB886185 Correctif Windows XP - KB887472 Correctif Windows XP - KB887742 Correctif Windows XP - KB888113 Correctif Windows XP - KB888302 Correctif Windows XP - KB890859 Correctif Windows XP - KB891781 DVD Decrypter (Remove Only) DVD Shrink 3.2 eMule Fotolabo Club Online Prints 1.0.2 GdiplusUpgrade HijackThis 1.99.1 HP Imaging Device Functions 5.3 HP Photosmart Essential HP PSC & OfficeJet 5.3.B HP Software Update HP Solution Center & Imaging Support Tools 5.3 Intel® Graphics Media Accelerator Driver for Mobile J2SE Runtime Environment 5.0 Update 6 Jasc Animation Shop 3 K-Lite Codec Pack 2.70 Standard Launch Manager V1.0.8.8 Logitech Desktop Messenger Logitech Print Service Logitech QuickCam Macromedia Flash Player 8 Microsoft Office Professional Edition 2003 Microsoft Works Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565) Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734) Mise à jour de sécurité pour Windows XP (KB890046) Mise à jour de sécurité pour Windows XP (KB893066) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896422) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896424) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901190) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB905915) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB908531) Mise à jour de sécurité pour Windows XP (KB911280) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911567) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912812) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913446) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB916281) Mise à jour de sécurité pour Windows XP (KB917159) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918439) Mise à jour pour Windows XP (KB894391) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB916595) MSN Messenger 7.5 Nero 6 Ultra Edition NTI Backup NOW! 4 NTI CD & DVD-Maker Gold PhotoFiltre PowerProducer Programme de gestion Camera de Logitech® Realtek AC'97 Audio Search Assistant SoftV90 Data Fax Modem with SmartCP Synaptics Pointing Device Driver Windows Installer 3.1 (KB893803) Le Silent Runners: "Silent Runners.vbs", revision 46, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS] "LDM" = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" ["Logitech"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"] "HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"] "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."] "SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."] "EPM-DM" = "c:\acer\epm\epm-dm.exe" ["Acer Inc"] "ePowerManagement" = "C:\Acer\ePM\ePM.exe boot" ["Acer Value Labs, Taiwan"] "IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS] "MSPY2002" = "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC" [null data] "PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS] "PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS] "PCMService" = ""C:\Program Files\Arcade\PCMService.exe"" ["CyberLink Corp."] "LaunchAp" = ""C:\Program Files\Launch Manager\LaunchAp.exe"" [empty string] "PowerKey" = ""C:\Program Files\Launch Manager\PowerKey.exe"" [empty string] "LManager" = ""C:\Program Files\Launch Manager\HotkeyApp.exe"" ["Wistron"] "CtrlVol" = ""C:\Program Files\Launch Manager\CtrlVol.exe"" ["Wistron"] "LMgrOSD" = ""C:\Program Files\Launch Manager\OSDCtrl.exe"" [empty string] "Wbutton" = ""C:\Program Files\Launch Manager\Wbutton.exe"" [empty string] "eRecoveryService" = "C:\Program Files\Acer\eRecovery\Monitor.exe" ["acer Inc."] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "tgcmd" = ""C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor " ["SupportSoft, Inc."] "HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."] "LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe" ["Logitech Inc."] "LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech Inc."] "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."] "avgnt" = ""C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"] "(Default)" = """ = (data in unrecognized format!)" [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration" -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."] "{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0}" = "EPM-PO Shell Extension" -> {HKLM...CLSID} = "EPM-PO Shell Extensions" \InProcServer32\(Default) = "epm-po.dll" ["Acer Labs USA"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {HKLM...CLSID} = "Shell Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures" -> {HKLM...CLSID} = "My Logitech Pictures" \InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."] "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"] INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel

Bonsoir et merci pour l'accueil WawaSeb, Après avoir fait tout ce que tu m'as demandé voici le rapport de Smitfraudfix: SmitFraudFix v2.79 Rapport fait à 22:16:56,67, mer. 02/08/2006 Executé à partir de C:\Documents and Settings\Nath\Bureau\Smitfraudfix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Nath\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\NATH\FAVORIS »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Et le rapport hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 22:30:43, on 2/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Acer\eManager\anbmServ.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\acer\epm\epm-dm.exe C:\Program Files\Arcade\PCMService.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\PowerKey.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSDCtrl.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Program Files\Acer\eRecovery\Monitor.exe C:\Program Files\Support.com\bin\tgcmd.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\LVComS.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe" O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135577985734 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O18 - Protocol: bwz0s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe Mes problèmes de fenêtres internet explorer qui s'ouvrent sans cesse me demandant d'installer gratuitement WinAntispyware 2005 persistent

Bonjour à tous, Rencontrant quelques problèmes d'apparitions de publicité et de messages m'indiquant que mon pc est infecté et qu'il me suggère sans cesse de télécharger tel ou tel programme, j'ai effectué la pré-désinfection comme indiqué dans le post plus haut et fais appel à votre aide à présent pour l'analyse de mon rapport hijackthis .... un tout grand merci d'avance Logfile of HijackThis v1.99.1 Scan saved at 10:55:10, on 2/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\acer\epm\epm-dm.exe C:\Program Files\Arcade\PCMService.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\PowerKey.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSDCtrl.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Program Files\Acer\eRecovery\Monitor.exe C:\Program Files\Support.com\bin\tgcmd.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\LVComS.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe" O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [saap] c:\program files\180search assistant\180sa\saap.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Startup: AMSN.lnk = C:\Program Files\AMSN\amsn.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135577985734 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O18 - Protocol: bw+0 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: offline-8876480 - {2D33D109-9408-44BD-9D88-CAAF182EFD40} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Bonjour Charles et Bonne Annnée à toi également J'ai été un peu longue à répondre en ce dénut d'année, mais voici enfin le résultat du scan de chez Panda: Incident Statut Analyse Adware:adware/ncase No Désinfecté C:\TEMP\salmau.dat Spyware:spyware/adclicker No Désinfecté C:\WINDOWS\usta32.ini Adware:adware/mediatickets No Désinfecté Registre Windows Spyware:Cookie/MetriWeb No Désinfecté C:\Documents and Settings\Administrateur\Cookies\administrateur@metriweb[1].txt Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Administrateur\Cookies\administrateur@weborama[2].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Administrateur\Cookies\administrateur@xiti[1].txt Spyware:Cookie/MetriWeb No Désinfecté C:\Documents and Settings\Administrateur\Cookies\administrateur@metriweb[1].txt Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Administrateur\Cookies\administrateur@weborama[2].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Administrateur\Cookies\administrateur@xiti[1].txt Dialer:Dialer.OK No Désinfecté C:\WINDOWS\Downloaded Program Files\mm21.INF Spyware:Cookie/Outster No Désinfecté C:\WINDOWS\system32\config\systemprofile\Cookies\system@outster[2].txt Adware:Adware/PurityScan No Désinfecté C:\WINDOWS\system32\l?ass.exe

Bonjour Charles, J'ai eu beau répéter l'opération plusieurs fois et cette ligne n'apparaît pas dans la colonne de droite du regedit. Sinon voici le rapport hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 07:09:33, on 30/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\AVPersonal\AVSched32.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\LVComS.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{18CE279F-7958-4DDF-8335-1104937B32C6}: NameServer = 195.238.2.22 195.238.2.21 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe Encore un tout tout grand merci pour ta patience et de l'aide apportée

Et voici donc le rapport du scan de kaspersky: ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Thursday, December 29, 2005 21:06:25 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 29/12/2005 Kaspersky Anti-Virus database records: 168232 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ Scan Statistics: Total number of scanned objects: 35424 Number of viruses found: 1 Number of infected objects: 1 Number of suspicious objects: 0 Duration of the scan process: 2507 sec Infected Object Name - Virus Name C:\WINDOWS\system32\lѕass.exe Infected: not-a-virus:AdWare.Win32.PurityScan.ag Scan process completed.

Bonsoir Charles, En effet, je n'ai bien qu'un seul lѕass.exe , et c'est bien celui avec un L et non pas un I Voici déjà le rapport RegSearch : REGEDIT4 ; Registry Search by Bobbi Flekman ; Version: 1.0.2.1 ; Results at 29/12/2005 19:41:33 for strings: ; 'tick dent.exe ' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log... Je m'en vais faire le scan de Kaspersky à présent. A plus tard

Bonjour Charles, Voici les 3 rapports demandés: Service Service load: 0% 100% File: lsass.exe Status: OK MD5 259af82a0932eea4f316f92db94707b6 Packers detected: - Scanner results AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing UNA Found nothing VBA32 Found nothing ___________________________________________________________________________ This is a report processed by VirusTotal on 12/29/2005 at 07:27:15 (CET) after scanning the file "lsass.exe" file. Antivirus Version Update Result AntiVir 6.33.0.70 12.28.2005 no virus found Avast 4.6.695.0 12.28.2005 no virus found AVG 718 12.29.2005 no virus found Avira 6.33.0.70 12.28.2005 no virus found BitDefender 7.2 12.29.2005 no virus found CAT-QuickHeal 8.00 12.28.2005 no virus found ClamAV devel-20051108 12.29.2005 no virus found DrWeb 4.33 12.28.2005 no virus found eTrust-Iris 7.1.194.0 12.29.2005 no virus found eTrust-Vet 12.4.1.0 12.29.2005 no virus found Ewido 3.5 12.29.2005 no virus found Fortinet 2.54.0.0 12.29.2005 no virus found F-Prot 3.16c 12.29.2005 no virus found Ikarus 0.2.59.0 12.28.2005 no virus found Kaspersky 4.0.2.24 12.29.2005 no virus found McAfee 4661 12.28.2005 no virus found NOD32v2 1.1343 12.28.2005 no virus found Norman 5.70.10 12.28.2005 no virus found Panda 8.02.00 12.28.2005 no virus found Sophos 4.01.0 12.29.2005 no virus found Symantec 8.0 12.29.2005 no virus found TheHacker 5.9.1.064 12.28.2005 no virus found UNA 1.83 12.28.2005 no virus found VBA32 3.10.5 12.28.2005 no virus found _______________________________________________________________________________________ Logfile of HijackThis v1.99.1 Scan saved at 07:34:20, on 29/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\AVPersonal\AVSched32.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\LVComS.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {9A804D46-9E19-8EFE-81A3-45B5F1316CF7} - (no file) O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TrustMailPoke2] C:\Documents and Settings\All Users\Application Data\Rdr Third Trust Mail\tick dent.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe ____________________________________________________________________________________ Merci pour tout ce temps consacré à m'aider à résoudre ce problème. Bonne journée

Bonsoir Charles, Oui le dossier Application Data est bien visible, j'avais bien fait tout ce qui était décrit, mais rien n'y fait, que ce soit en mode normal ou en mode sans échec, il n'apparaît pas. J'aurais bien fait un PrintScreen pour le prouver Oui je l'avais bien fait et je viens encore de le refaire, mais les ficiers non pas l'air de vouloir disparaître. Comme quoi ce que l'on voudrait voir ne se montre pas et ceux que l'on ne voudrait plus ne s'en vont pas Pareil que pour Rdr Third Trust Mail, il n'apparaît pas Rapport du scan de kaspersky : ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Wednesday, December 28, 2005 22:33:13 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 28/12/2005 Kaspersky Anti-Virus database records: 168079 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ Scan Statistics: Total number of scanned objects: 40343 Number of viruses found: 19 Number of infected objects: 269 Number of suspicious objects: 0 Duration of the scan process: 3523 sec Infected Object Name - Virus Name C:\Documents and Settings\Administrateur\Local Settings\Temp\1597c6.exe Infected: Trojan-Downloader.Win32.Swizzor.di C:\Documents and Settings\Administrateur\Local Settings\Temp\16acd92.exe Infected: Trojan-Downloader.Win32.Swizzor.di C:\Documents and Settings\Administrateur\Local Settings\Temp\16c9fe.exe Infected: Trojan-Downloader.Win32.Swizzor.di C:\Documents and Settings\Administrateur\Local Settings\Temp\283764.exe Infected: Trojan-Downloader.Win32.Swizzor.di C:\Documents and Settings\Administrateur\Local Settings\Temp\5c95a5.exe Infected: Trojan-Downloader.Win32.Swizzor.di C:\Documents and Settings\Administrateur\Local Settings\Temp\5de600.exe Infected: Trojan-Downloader.Win32.Swizzor.di C:\Documents and Settings\Administrateur\Local Settings\Temp\cde828.exe Infected: Trojan-Downloader.Win32.Swizzor.di C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP239\A0064698.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP240\A0064726.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP240\A0064754.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP267\A0087774.exe Infected: Trojan-Downloader.Win32.Swizzor.bo C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP267\A0091807.exe Infected: Trojan-Downloader.Win32.Swizzor.de C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP267\A0091808.exe Infected: Trojan-Downloader.Win32.Swizzor.du C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092279.exe Infected: Backdoor.Win32.Rbot.fo C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092280.exe Infected: Backdoor.Win32.IrcContact.30 C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092281.exe Infected: Backdoor.Win32.Rbot.pb C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092282.exe Infected: Backdoor.Win32.IrcContact.30 C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092283.exe Infected: Backdoor.Win32.IrcContact.30 C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092288.dll Infected: Trojan-Downloader.Win32.Swizzor.bo C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092289.dll Infected: Trojan-Downloader.Win32.Swizzor.bo C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092290.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092291.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092292.exe Infected: Trojan-Downloader.Win32.Swizzor.di C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092293.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092294.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092295.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092296.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092297.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092298.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092299.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092300.exe Infected: Trojan-Downloader.Win32.Swizzor.di C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092301.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092302.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092303.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092304.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092305.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092306.exe Infected: not-a-virus:AdWare.Win32.Lop.o C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092307.exe Infected: Trojan-Downloader.Win32.Swizzor.dj C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092308.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092309.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092310.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092311.exe Infected: Trojan-Downloader.Win32.Swizzor.dj C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092312.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092313.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092314.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092315.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092316.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092317.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092318.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092319.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092320.exe Infected: Trojan-Downloader.Win32.Swizzor.dj C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092321.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092322.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092323.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092324.exe Infected: Trojan-Downloader.Win32.Swizzor.dj C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092325.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092326.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092327.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092328.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092329.exe Infected: Trojan-Downloader.Win32.Swizzor.di C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092330.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092331.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092332.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092333.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092334.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092335.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092336.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092337.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092338.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092339.exe Infected: Trojan-Downloader.Win32.Swizzor.di C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092340.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092341.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092342.exe Infected: Trojan-Downloader.Win32.Swizzor.dv C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092343.exe Infected: Trojan-Downloader.Win32.Swizzor.di C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092344.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092345.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092346.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092347.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092348.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092349.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092350.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092351.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092352.exe Infected: Trojan-Downloader.Win32.Swizzor.dr C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092353.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092354.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092355.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092356.exe Infected: Trojan-Downloader.Win32.Swizzor.di C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092357.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092358.exe Infected: Trojan-Downloader.Win32.Swizzor.di C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092359.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092360.exe Infected: Trojan-Downloader.Win32.Swizzor.dr C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092361.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092362.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092363.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092364.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092365.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092366.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092367.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092368.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092369.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092370.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092371.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092372.exe Infected: Trojan-Downloader.Win32.Swizzor.dj C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092373.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092374.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092375.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092376.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092377.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092378.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092379.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092380.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092381.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092382.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092383.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092384.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092385.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092386.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092387.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092388.exe Infected: Trojan-Downloader.Win32.Swizzor.dr C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092389.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092390.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092391.exe Infected: Trojan-Downloader.Win32.Swizzor.di C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092392.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092393.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092394.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092395.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092396.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092397.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092398.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092399.exe Infected: Trojan-Downloader.Win32.Swizzor.dr C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092400.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092401.exe Infected: Trojan-Downloader.Win32.Swizzor.dr C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092402.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092403.exe Infected: Trojan-Downloader.Win32.Swizzor.de C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092404.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092405.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092406.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092407.exe Infected: Trojan-Downloader.Win32.Swizzor.dj C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092408.exe Infected: Trojan-Downloader.Win32.Swizzor.di C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092409.exe Infected: Trojan-Downloader.Win32.Swizzor.dv C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092410.exe Infected: Trojan-Downloader.Win32.Swizzor.dr C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092411.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092412.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092413.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092414.exe Infected: Trojan-Downloader.Win32.Swizzor.ca C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092415.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092416.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092417.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092418.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092419.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092420.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092421.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092422.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092423.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092424.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092425.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092426.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092427.exe Infected: Trojan-Downloader.Win32.Swizzor.di C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092428.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092429.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092430.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092431.exe Infected: Trojan-Downloader.Win32.Swizzor.dr C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092432.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092433.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092434.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092435.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092436.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092437.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092438.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092439.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092440.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092441.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092442.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092443.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092444.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092445.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092446.exe Infected: Trojan-Downloader.Win32.Swizzor.du C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092447.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092448.exe Infected: Trojan-Downloader.Win32.Swizzor.dr C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092449.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092450.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092451.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092452.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092453.exe Infected: Trojan-Downloader.Win32.Swizzor.di C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092454.exe Infected: Trojan-Downloader.Win32.Swizzor.dr C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092455.exe Infected: Trojan-Downloader.Win32.Swizzor.di C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092456.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092457.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092458.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092459.exe Infected: Trojan-Downloader.Win32.Swizzor.dr C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092460.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092461.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092462.exe Infected: Trojan-Downloader.Win32.Swizzor.cb C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092463.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092464.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092465.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092466.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092467.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092468.exe Infected: Trojan-Downloader.Win32.Swizzor.dr C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092469.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092470.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092471.exe Infected: Trojan-Downloader.Win32.Swizzor.dr C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092472.exe Infected: Trojan-Downloader.Win32.Swizzor.dr C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092473.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092474.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092475.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092476.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092477.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092478.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092479.exe Infected: Trojan-Downloader.Win32.Swizzor.dr C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092480.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092481.exe Infected: Trojan-Downloader.Win32.Swizzor.di C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092482.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092483.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092484.exe Infected: Trojan-Downloader.Win32.Swizzor.ca C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092485.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092486.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092487.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092488.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092489.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092490.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092491.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092492.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092493.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092494.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092495.exe Infected: Trojan-Downloader.Win32.Swizzor.di C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092496.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092497.exe Infected: Trojan-Downloader.Win32.Swizzor.dv C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092498.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092499.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092500.exe Infected: Trojan-Downloader.Win32.Swizzor.di C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092501.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092502.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092503.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092504.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092505.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092506.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092507.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092508.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092509.exe Infected: Trojan-Downloader.Win32.Swizzor.dr C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092510.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092511.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092512.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092513.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092514.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092515.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092516.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092517.exe Infected: Trojan-Downloader.Win32.Swizzor.dj C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092518.exe Infected: Trojan-Downloader.Win32.Swizzor.dj C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092519.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092520.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092521.exe Infected: Trojan-Downloader.Win32.Swizzor.dj C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092522.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092523.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092524.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092525.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092526.exe Infected: Trojan-Downloader.Win32.Swizzor.dh C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092527.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092528.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092529.exe Infected: Trojan-Downloader.Win32.Swizzor.dr C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092530.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092531.exe Infected: Trojan-Downloader.Win32.Swizzor.di C:\System Volume Information\_restore{8667E436-2522-4680-B840-C03F318D99E6}\RP268\A0092532.exe Infected: not-a-virus:AdWare.Win32.Lop.ag C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AHOL2LEH\ticket[1].htm Infected: Trojan-Clicker.JS.Linker.j C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CTA7UV0N\MediaTicketsInstaller[1].cab/MediaTicketsInstaller.ocx Infected: not-a-virus:AdWare.Win32.MediaTickets.f C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CTA7UV0N\MediaTicketsInstaller[1].cab Infected: not-a-virus:AdWare.Win32.MediaTickets.f C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CTA7UV0N\ticket[1].htm Infected: Trojan-Clicker.JS.Linker.j C:\WINDOWS\system32\lѕass.exe Infected: not-a-virus:AdWare.Win32.PurityScan.ag C:\WINDOWS\system32\o Infected: Trojan-Downloader.BAT.Ftp.ab