jcarine

File: l3mpgnaa.exe Status: POSSIBLY INFECTED/MALWARE (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database) MD5 fe927ba6ff791a779ddd0508c513bb3e Packers detected: - Scanner results AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found STPAGE.Trojan (probable variant) F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing UNA Found nothing VirusBuster Found nothing VBA32 Found Adware.Sahat.1 (probable variant) File: smug93g7.dll Status: POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database) MD5 c4676802d7ffec43b5187ca01733d197 Packers detected: - Scanner results AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing UNA Found nothing VirusBuster Found nothing VBA32 Found Adware.Sahat.4 (probable variant)

Alors, il ne m'a rien détecté (no hidden items were found) chercher.cmd: C:\WINDOWS\System32\vsconfig.xml -->26/07/2006 16:33:01 C:\WINDOWS\System32\nvapps.xml -->26/07/2006 16:30:01 C:\WINDOWS\System32\zllictbl.dat -->26/07/2006 15:09:38 C:\WINDOWS\System32\rrstv.tmp -->24/07/2006 21:09:11 C:\WINDOWS\System32\imon1.dat -->21/07/2006 23:25:33 C:\WINDOWS\System32\mapisvc.inf -->21/07/2006 00:10:24 C:\WINDOWS\System32\imon.dll -->21/07/2006 00:04:00 C:\WINDOWS\System32\wpa.dbl -->20/07/2006 17:54:54 C:\WINDOWS\System32\vsutil_loc040c.dll -->09/07/2006 13:43:38 C:\WINDOWS\System32\vsdatant.sys -->09/07/2006 13:42:44 C:\WINDOWS\System32\zlcommdb.dll -->09/07/2006 13:42:14 C:\WINDOWS\System32\zlcomm.dll -->09/07/2006 13:42:14 C:\WINDOWS\System32\vsxml.dll -->09/07/2006 13:42:12 C:\WINDOWS\System32\vswmi.dll -->09/07/2006 13:42:12 C:\WINDOWS\System32\vsutil.dll -->09/07/2006 13:42:10 C:\WINDOWS\System32\vsregexp.dll -->09/07/2006 13:42:10 C:\WINDOWS\System32\vspubapi.dll -->09/07/2006 13:42:08 C:\WINDOWS\System32\vsmonapi.dll -->09/07/2006 13:42:08 C:\WINDOWS\System32\vsinit.dll -->09/07/2006 13:42:08 C:\WINDOWS\System32\vsdata.dll -->09/07/2006 13:42:06 C:\WINDOWS\System32\libeay32_0.9.6l.dll -->09/07/2006 13:41:58 C:\WINDOWS\System32\WRLogonNtf.dll -->07/07/2006 16:53:54 C:\WINDOWS\System32\CmdLineExt03.dll -->05/07/2006 13:48:53 C:\WINDOWS\System32\l3mpgnaa.exe -->28/06/2006 13:24:04 C:\WINDOWS\System32\smug93g7.dll -->28/06/2006 11:49:50 C:\WINDOWS\0.log -->26/07/2006 16:31:22 C:\WINDOWS\wiadebug.log -->26/07/2006 16:29:51 C:\WINDOWS\wiaservc.log -->26/07/2006 16:29:39 C:\WINDOWS\QTFont.qfn -->26/07/2006 16:28:10 C:\WINDOWS\ntbtlog.txt -->26/07/2006 16:16:51 C:\WINDOWS\WindowsUpdate.log -->25/07/2006 22:37:32 C:\WINDOWS\setupapi.log -->25/07/2006 22:37:31 C:\WINDOWS\win.ini -->25/07/2006 12:20:30 C:\WINDOWS\setupact.log -->23/07/2006 12:51:04 C:\WINDOWS\QTFont.for -->23/07/2006 12:08:09 C:\WINDOWS\dp2_log.txt -->23/07/2006 11:25:57 C:\WINDOWS\SchedLgU.Txt -->23/07/2006 00:21:27 C:\WINDOWS\system.ini -->17/07/2006 11:52:41 C:\WINDOWS\WRUninstall.dll -->07/07/2006 16:54:10 C:\WINDOWS\VPTNFILE.555 -->07/07/2006 06:08:04 Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 44D2-2E90 R‚pertoire de C:\Program Files 26/07/2006 15:06 <REP> . 26/07/2006 15:06 <REP> .. 16/03/2006 09:44 <REP> Adobe 17/02/2005 09:14 <REP> Ahead 03/08/2005 09:04 <REP> ArcPad 11/11/2005 12:19 <REP> Astraware 26/10/2005 22:08 <REP> Browser PS2 mouse 18/03/2005 16:11 <REP> Canon 07/07/2006 08:09 <REP> Common Files 21/07/2006 09:54 <REP> ESET 03/08/2005 21:04 <REP> ESRI 27/12/2005 14:02 <REP> Every Toolbar 1.1 06/04/2005 14:24 <REP> EZFace 29/03/2005 20:00 <REP> fdjeux 24/07/2006 21:09 <REP> Fichiers communs 23/03/2005 22:39 <REP> GameSpy Arcade 13/05/2006 08:02 <REP> Google 20/02/2005 15:42 <REP> Grisoft 23/03/2006 14:02 <REP> IKEA Home Planner Kitchen 27/04/2005 11:22 <REP> IncrediMail 04/03/2005 20:35 <REP> Internet Explorer 21/03/2005 15:03 <REP> Jasc Software Inc 07/12/2005 18:29 <REP> Java 10/07/2005 11:06 <REP> joystick networks 23/04/2005 18:26 <REP> JVTorrent 28/03/2005 17:52 <REP> LaserMedia 03/08/2005 20:54 <REP> Leica Geosystems 31/05/2006 17:37 <REP> Lexmark X1100 Series 04/10/2005 10:32 <REP> Livecom Plugins 28/01/2006 11:09 <REP> LiveUpdate 28/10/2005 13:32 <REP> Mega Bloc Notes 10/03/2005 09:33 <REP> Messenger 18/04/2006 11:51 <REP> MessengerPlus! 3 14/07/2006 16:14 <REP> Micro Application 16/02/2005 17:58 <REP> microsoft frontpage 10/09/2005 19:07 <REP> Microsoft GIF Animator 20/02/2005 16:31 <REP> Microsoft Office 17/02/2005 08:54 <REP> Microsoft Visual Studio 27/07/2005 19:48 <REP> MinitelADSL 28/01/2006 11:31 <REP> mobile PhoneTools 28/01/2006 11:32 <REP> Motorola Phone Tools 16/02/2005 17:52 <REP> Movie Maker 16/02/2005 17:50 <REP> MSN 11/05/2006 15:34 <REP> msn gaming zone 21/07/2006 08:47 <REP> MSN Messenger 26/10/2005 22:08 <REP> Multimedia keyboard utility 16/02/2005 17:52 <REP> NetMeeting 21/05/2005 10:10 <REP> Outlook Express 08/04/2005 07:21 <REP> PowerPoint Viewer 22/03/2005 17:43 <REP> QuickTime 07/11/2005 20:57 <REP> ReflexiveArcade 19/02/2005 19:27 <REP> SAGEM 18/03/2005 16:09 <REP> ScanSoft 16/03/2006 15:34 <REP> Siber Systems 23/03/2005 22:34 <REP> Smart Projects 22/07/2006 15:58 <REP> Spybot - Search & Destroy 20/03/2005 22:25 <REP> TLC-Edusoft 12/03/2005 20:56 <REP> VIRTUELSOFT 06/07/2006 20:39 <REP> Wanadoo 24/07/2006 21:16 <REP> Webroot 25/03/2005 12:43 <REP> WinAce 04/10/2005 18:04 <REP> Windows Media Player 16/02/2005 17:49 <REP> Windows NT 30/08/2005 08:47 <REP> Winkaa 1.0 17/02/2005 09:12 <REP> WinRAR 16/03/2005 12:03 <REP> WinZip 16/03/2005 12:03 2ÿ417ÿ824 winzip90.exe 16/02/2005 17:58 <REP> xerox 26/07/2006 15:06 <REP> Zone Labs 1 fichier(s) 2ÿ417ÿ824 octets 68 R‚p(s) 3ÿ516ÿ481ÿ536 octets libres Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 44D2-2E90 R‚pertoire de C:\Program Files\fichiers communs 24/07/2006 21:09 <REP> . 24/07/2006 21:09 <REP> .. 31/05/2005 17:32 <REP> ACD Systems 17/02/2005 10:06 <REP> Adobe 17/02/2005 09:14 <REP> Ahead 17/02/2005 08:54 <REP> Designer 03/08/2005 20:56 <REP> ESRI 10/03/2005 12:38 <REP> GTK 25/03/2005 11:24 <REP> InstallShield 07/12/2005 18:23 <REP> Java 01/05/2005 13:40 <REP> Macrovision Shared 22/06/2006 09:24 <REP> Microsoft Shared 16/02/2005 17:52 <REP> MSSoap 10/04/2006 11:26 <REP> Nokia 08/10/2005 14:36 <REP> Oberon Media 16/02/2005 17:38 <REP> ODBC 10/04/2006 11:26 <REP> PCSuite 18/03/2005 16:10 <REP> ScanSoft Shared 16/02/2005 17:52 <REP> Services 16/02/2005 17:38 <REP> SpeechEngines 17/02/2005 08:53 <REP> System 23/07/2006 19:00 <REP> WinFixer 2005 0 fichier(s) 0 octets 22 R‚p(s) 3ÿ516ÿ481ÿ536 octets libres Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 44D2-2E90 R‚pertoire de C:\Program Files\common files 07/07/2006 08:09 <REP> . 07/07/2006 08:09 <REP> .. 15/10/2005 17:26 <REP> Microsoft Shared 0 fichier(s) 0 octets 3 R‚p(s) 3ÿ516ÿ481ÿ536 octets libres Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 44D2-2E90 R‚pertoire de C:\ 21/07/2006 17:45 570ÿ750 Installer3.exe 20/07/2006 19:46 151ÿ112 mc-110-12-0000228.exe 22/07/2006 15:27 5ÿ037ÿ072 spybot-search-destroy_spybot_-_search_destroy_1.4_francais_10965.exe 21/07/2006 17:38 566ÿ800 warebundlenewer.exe 24/07/2006 21:08 126ÿ976 zip.exe 5 fichier(s) 6ÿ452ÿ710 octets 0 R‚p(s) 3ÿ516ÿ481ÿ536 octets libres c:\Documents and Settings\carine\.housecall\getMac.exe c:\Documents and Settings\carine\.housecall\patch.exe c:\Documents and Settings\carine\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdrUpd708_all_incr.exe c:\Documents and Settings\carine\Local Settings\Application Data\IM\Identities\{51982F9E-EC44-406F-9B97-5D36172E5D8C}\Message Store\Attachments\{26230C7C-12ED-40F8-A015-AE190E6E4793}\DRUKARZ.EXE c:\Documents and Settings\carine\Local Settings\Application Data\IM\Identities\{51982F9E-EC44-406F-9B97-5D36172E5D8C}\Message Store\Attachments\{7086AD15-92BC-472B-BF48-3C3AFE2FADA2}\DRUKARZ.EXE c:\Documents and Settings\carine\Local Settings\Application Data\IM\Identities\{51982F9E-EC44-406F-9B97-5D36172E5D8C}\Message Store\Attachments\{8756FE03-F171-4E43-AF47-11D09550C2F4}\DRUKARZ.EXE c:\Documents and Settings\carine\Local Settings\Application Data\IM\Identities\{51982F9E-EC44-406F-9B97-5D36172E5D8C}\Message Store\Attachments\{992B5215-E42C-4878-AFFA-5C9A3605C457}\DRUKARZ.EXE c:\Documents and Settings\carine\Menu D‚marrer\Programmes\ArxelTribe\Desinstalleur.exe c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{7326545B-05C8-4308-9697-EAA3F9552018}\_51306a3.exe c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{7326545B-05C8-4308-9697-EAA3F9552018}\_609a6e7a.exe c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{7326545B-05C8-4308-9697-EAA3F9552018}\_609d1876.exe c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{CCCAA826-D6DE-4FA9-AC5F-73966AA00028}\_124305e.exe c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{CCCAA826-D6DE-4FA9-AC5F-73966AA00028}\_12db153c.exe c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{CCCAA826-D6DE-4FA9-AC5F-73966AA00028}\_26e91eb.exe c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{CCCAA826-D6DE-4FA9-AC5F-73966AA00028}\_440d491c.exe c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{CCCAA826-D6DE-4FA9-AC5F-73966AA00028}\_7e87390c.exe c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{CCCAA826-D6DE-4FA9-AC5F-73966AA00028}\_bb32ea6.exe c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{CCCAA826-D6DE-4FA9-AC5F-73966AA00028}\_f3e99.exe c:\Documents and Settings\jj\Bureau\Acoustica-Mixcraft-Installer.exe c:\Documents and Settings\jj\Bureau\avenger.exe c:\Documents and Settings\jj\Bureau\blbeta.exe c:\Documents and Settings\jj\Bureau\ewido-setup_4.0.0.172a.exe c:\Documents and Settings\jj\Bureau\Fixwareout.exe c:\Documents and Settings\jj\Bureau\f-look2me.exe c:\Documents and Settings\jj\Bureau\HijackThis.exe c:\Documents and Settings\jj\Bureau\Install_Messenger.exe c:\Documents and Settings\jj\Bureau\Look2Me-Destroyer.exe c:\Documents and Settings\jj\Bureau\Ntrights.exe c:\Documents and Settings\jj\Bureau\setup.exe c:\Documents and Settings\jj\Bureau\ssfsetup4129_1879014100.exe c:\Documents and Settings\jj\Bureau\VundoFix.exe c:\Documents and Settings\jj\Bureau\WindowsXP-KB835935-SP2-FRA.exe c:\Documents and Settings\jj\Bureau\zlsSetup_65_731_000_fr.exe c:\Documents and Settings\jj\Bureau\chercher\LFiles.exe c:\Documents and Settings\jj\Bureau\Mes documents\patch_netsky.exe c:\Documents and Settings\jj\Bureau\Mes documents\jacek.jackiewicz\a2freesetup.exe c:\Documents and Settings\jj\Bureau\Mes documents\jacek.jackiewicz\dotnetfx.exe c:\Documents and Settings\jj\Bureau\Mes documents\jacek.jackiewicz\MDAC_TYP.EXE c:\Documents and Settings\jj\Local Settings\Temp\A~NSISu_.exe c:\Documents and Settings\jj\Local Settings\Temp\f-look2me.exe c:\Documents and Settings\jj\Local Settings\Temp\rtdrvmon.exe c:\Documents and Settings\jj\Local Settings\Temporary Internet Files\Content.IE5\6XV8DI0Y\ssfsetup4129_1879014100[1].exe c:\Documents and Settings\jj\Local Settings\Temporary Internet Files\Content.IE5\87CFMRO7\WindowsXP-KB835935-SP2-FRA[1].exe c:\Documents and Settings\jj\Local Settings\Temporary Internet Files\Content.IE5\CLIJGPAN\blbeta[1].exe c:\Documents and Settings\jj\Local Settings\Temporary Internet Files\Content.IE5\CLIJGPAN\WindowsXP-KB835935-SP2-FRA[1].exe c:\Documents and Settings\jj\Local Settings\Temporary Internet Files\Content.IE5\CLIJGPAN\zlsSetup_65_731_000_fr[1].exe c:\Documents and Settings\jj\Local Settings\Temporary Internet Files\Content.IE5\CP6Z8XMR\Look2Me-Destroyer[1].exe c:\Documents and Settings\jj\Local Settings\Temporary Internet Files\Content.IE5\OP49OB3D\ssfsetup4129_1879014100[1].exe c:\Documents and Settings\jj\Menu D‚marrer\Programmes\COKTEL\D‚sinstalleur Coktel.exe c:\Documents and Settings\jj\Mes documents\jacek.jackiewicz\airoboform.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\jj\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll Vérifications de quelques clefs Recherche de clefs EGDACCESS HKLM\SOFTWARE\Microsoft\Windows\explorer\SharedTaskScheduler N'empèche que tu as déjà dû m'aider à faire un sacré nettoyage car il ne rame presque plus en MODE NORMAL par contre, je n'ai plus accès à msn, et mon appareil photo n'est plus détécté par le pc....bizarre! c'est peut-être dû à tout ce que j'ai supprimé? FAUT QUE JE RETROUVE LE DRIVER POUR MON APPAREIL!

Bon, j'ai déjà réussi à arriver jusque là en mode normal, c déjà pas mal Je suis connectée via le câble, donc connection automatique à moins que je retire le modem..... Bon, je vais boire mon kfé, ça dure lgt le scan en temps normal?

Le f-secure est important? Car j'ai un message qui me dit qu'il ne peut pas être utilisé en MODE SANS ECHEC, donc je dois le faire en mode normal.....et là, je risque d'en avoir pour la journée

nouveau log: Logfile of HijackThis v1.99.1 Scan saved at 16:17:57, on 26/07/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\jj\Bureau\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [FLMBROWSEMOUSE] C:\Program Files\Browser PS2 mouse\mouse32a.exe O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Multimedia keyboard utility\1.3\MMKEYBD.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] G:\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\PROGRA~1\COPERN~1\COPERN~1.EXE" /tray O4 - HKCU\..\Run: [Livecom] "C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\..\Launcher\Exe\SilentLauncher.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "G:\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [PcSync] G:\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: BitTorrent.lnk = G:\bittorrent.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZS O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Télécharger en utilisant Download &Express - C:\Program Files\Download Express\Add_Url.htm O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - g:\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - g:\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - g:\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/ O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\temp\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - G:\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - G:\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

zone alarm est installé, je fais le reste....

je te jure, je vais peter un plomb!!!!! j'ai téléchargé le pack2, et maintenant j'ai une fenêtre qui s'ouvre et me dit " c\documents and settings\jj\bureau\WindowsXP-KB835935-SP2-FRA.exe N4EST PAS UNE APPLICATION win32 valide"

en mode normal, ça rame bcp trop et mon antivirus n'arrête pas d'ouvrir une fenêtre en me disant que j'ai un virus et qu'il ne peit pas effacer le fichier infecté (tjs système32/vstrr.dll, je crois)

J'ai beau redémarrer mon pc, niet niet, le programme Look2Me-Destroyer ne se lance pas.... Je suis tjs en MODE SANS ECHEC car en mode normal, je ne peux rien faire.....Tu crois que ça joue? jE crois que tu vas finir pas me dire de tout formater......AÎE

ça ne marche pas

Bon je n'arrive pas à lancer F-SECURE, je ne suis pas super douée en anglais, mais ça à l'air d'être dû à un virus, une fois de plus, voici leur message: F-Secure could not acquire necessary privileges (SeDebugPrivilege). -Your computer settings may prevent acquiring these privileges. -A malicious program might have disable these privileges.

Logfile of HijackThis v1.99.1 Scan saved at 08:32:37, on 25/07/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\jj\Bureau\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5B2746BA-8308-46F6-B968-4D57A633994E} - C:\WINDOWS\System32\vtsrr.dll (file missing) O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file) O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (file missing) O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [FLMBROWSEMOUSE] C:\Program Files\Browser PS2 mouse\mouse32a.exe O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Multimedia keyboard utility\1.3\MMKEYBD.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] G:\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [fdlnrbfm] C:\dijyulsq.bat O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\PROGRA~1\COPERN~1\COPERN~1.EXE" /tray O4 - HKCU\..\Run: [Livecom] "C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\..\Launcher\Exe\SilentLauncher.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "g:\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [PcSync] G:\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: BitTorrent.lnk = G:\bittorrent.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZS O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Télécharger en utilisant Download &Express - C:\Program Files\Download Express\Add_Url.htm O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - g:\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - g:\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - g:\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/ O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\norszht.dll (file missing) O20 - Winlogon Notify: awtqnkh - awtqnkh.dll (file missing) O20 - Winlogon Notify: cbxustt - cbxustt.dll (file missing) O20 - Winlogon Notify: policies - C:\WINDOWS\ O20 - Winlogon Notify: Reliability - C:\WINDOWS\ O20 - Winlogon Notify: Run - C:\WINDOWS\system32\norszht.dll (file missing) O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\mv8ql9l51.dll (file missing) O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\nyrsde.dll (file missing) O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\h82o0if3e82.dll (file missing) O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\h82o0if3e82.dll (file missing) O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\nyrsde.dll (file missing) O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\norszht.dll (file missing) O20 - Winlogon Notify: URL - C:\WINDOWS\system32\mmrmsg.dll (file missing) O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\mv8ql9l51.dll (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\temp\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - G:\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - G:\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe O23 - Service: Windows Process Viewer (The Windows Process Viewer) - Unknown owner - C:\WINDOWS\winlogon.exe (file missing) O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe avenger.txt ogfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\fskbvmnc ******************* Script file located at: \??\C:\Program Files\duopgxsx.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\keyboard1.dat deleted successfully. File C:\WINDOWS\System32\rrstv.ini deleted successfully. File C:\WINDOWS\System32\mcrh.tmp deleted successfully. File C:\WINDOWS\System32\kdjuyjfw.exe deleted successfully. File C:\WINDOWS\System32\l3mpgnaa.ini deleted successfully. File C:\WINDOWS\System32\oc5gpg9o.html deleted successfully. File C:\WINDOWS\System32\95a48h6d.dat deleted successfully. File C:\WINDOWS\System32\5s6b1usn.dat deleted successfully. File C:\WINDOWS\System32\5j9meqgi.dat deleted successfully. File C:\WINDOWS\System32\awtqnkh.dll deleted successfully. File C:\WINDOWS\System32\__delete_on_reboot__c_b_x_u_s_t_t_._d_l_l_ deleted successfully. File C:\WINDOWS\System32\vtsrr.dll deleted successfully. File C:\WINDOWS\System32\TFTP3960 deleted successfully. File C:\WINDOWS\System32\i deleted successfully. File C:\WINDOWS\System32\TFTP3216 deleted successfully. File C:\WINDOWS\System32\TFTP2428 deleted successfully. File C:\WINDOWS\System32\TFTP1848 deleted successfully. File C:\WINDOWS\System32\TFTP3220 deleted successfully. Folder C:\Program Files\ErrorSafe deleted successfully. Folder C:\Program Files\FunWebProducts deleted successfully. Folder C:\Program Files\InetGet2 deleted successfully. Folder C:\Program Files\HbTools deleted successfully. Folder C:\Program Files\WinAntiSpyware 2006 Scanner deleted successfully. Folder C:\Program Files\fichiers communs\ErrorSafe deleted successfully. Folder C:\Program Files\fichiers communs\WhenU deleted successfully. Folder C:\Program Files\fichiers communs\{44D22E90-0513-1036-0524-020320030021} deleted successfully. Folder C:\Program Files\fichiers communs\WinFixer 2005 not found! Deletion of folder C:\Program Files\fichiers communs\WinFixer 2005 failed! Could not process line: C:\Program Files\fichiers communs\WinFixer 2005 Status: 0xc0000034 Folder C:\Program Files\fichiers communs\WinSoftware deleted successfully. Folder C:\Program Files\common files\misc001 deleted successfully. Folder C:\Program Files\common files\simtest deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtsrr deleted successfully. Completed script processing. ******************* Finished! Terminate.

Voici le rapport Spy Sweeter 08:27: Removal process completed. Elapsed time 01:04:48 07:26: edonkey 2000 0.53 (pro) + crack + edonkey bot lite.16abril2004.por.hulhio is in use. It will be removed on reboot. 07:26: potentially rootkit-masked files is in use. It will be removed on reboot. 07:26: Quarantining All Traces: potentially rootkit-masked files 07:26: Quarantining All Traces: sdbot 07:26: Quarantining All Traces: icondroppers 07:26: Quarantining All Traces: sexfiles dialers 07:26: Quarantining All Traces: sicro dialer 07:26: Quarantining All Traces: shopathomeselect 07:26: Quarantining All Traces: zedo cookie 07:26: Quarantining All Traces: myaffiliateprogram.com cookie 07:26: Quarantining All Traces: burstnet cookie 07:26: Quarantining All Traces: weborama cookie 07:26: Quarantining All Traces: overture cookie 07:26: Quarantining All Traces: mediaplex cookie 07:26: Quarantining All Traces: webtrends cookie 07:26: Quarantining All Traces: bluestreak cookie 07:25: Quarantining All Traces: atlas dmt cookie 07:25: Quarantining All Traces: adtech cookie 07:25: Quarantining All Traces: yieldmanager cookie 07:25: Quarantining All Traces: 2o7.net cookie 07:25: Quarantining All Traces: xiti cookie 07:25: Quarantining All Traces: winantiviruspro cookie 07:25: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST549.tmp". Reason: Le fichier spécifié est introuvable 07:25: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable 07:25: Quarantining All Traces: ist powerscan 07:25: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST52D.tmp". Reason: Le fichier spécifié est introuvable 07:25: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable 07:25: Quarantining All Traces: ist software 07:25: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST512.tmp". Reason: Le fichier spécifié est introuvable 07:25: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable 07:25: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST501.tmp". Reason: Le fichier spécifié est introuvable 07:25: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable 07:25: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST4F1.tmp". Reason: Le fichier spécifié est introuvable 07:25: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable 07:25: Quarantining All Traces: ist sidefind 07:25: Quarantining All Traces: errorsafe 07:25: Quarantining All Traces: dollarrevenue 07:25: Quarantining All Traces: winantispyware 2005 07:25: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST387.tmp". Reason: Le fichier spécifié est introuvable 07:24: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable 07:24: Quarantining All Traces: mirar webband 07:24: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST34D.tmp". Reason: Le fichier spécifié est introuvable 07:24: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable 07:24: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST33D.tmp". Reason: Le fichier spécifié est introuvable 07:24: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable 07:24: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST32D.tmp". Reason: Le fichier spécifié est introuvable 07:24: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable 07:24: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST31D.tmp". Reason: Le fichier spécifié est introuvable 07:24: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable 07:24: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST30D.tmp". Reason: Le fichier spécifié est introuvable 07:24: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable 07:24: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST2FD.tmp". Reason: Le fichier spécifié est introuvable 07:24: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable 07:24: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST2ED.tmp". Reason: Le fichier spécifié est introuvable 07:24: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable 07:24: Quarantining All Traces: findthewebsiteyouneed hijack 07:24: Quarantining All Traces: fu rootkit components 07:24: Quarantining All Traces: elitemediagroup-mediamotor 07:24: Quarantining All Traces: opistat 07:24: Quarantining All Traces: netratings 07:23: Quarantining All Traces: ist istbar 07:23: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST1A3.tmp". Reason: Le fichier spécifié est introuvable 07:23: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable 07:23: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST191.tmp". Reason: Le fichier spécifié est introuvable 07:23: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable 07:23: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST17F.tmp". Reason: Le fichier spécifié est introuvable 07:23: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable 07:23: Quarantining All Traces: internetoptimizer 07:23: Quarantining All Traces: virtumonde 07:23: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SSTF7.tmp". Reason: Le fichier spécifié est introuvable 07:23: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable 07:23: Quarantining All Traces: ist yoursitebar 07:22: Quarantining All Traces: look2me 07:22: Removal process initiated 23:41: Traces Found: 103 23:41: Full Sweep has completed. Elapsed time 02:02:30 23:41: File Sweep Complete, Elapsed Time: 01:56:07 Accès refusé 23:40: Warning: Unable to sweep compressed file: System Error. Code: 5. Espace insuffisant pour traiter cette commande 23:37: Warning: Unable to sweep compressed file: System Error. Code: 8. 23:34: Warning: Stream read error 23:22: Warning: Stream read error Espace insuffisant pour traiter cette commande 23:03: Warning: Unable to sweep compressed file: System Error. Code: 8. Espace insuffisant pour traiter cette commande 23:01: Warning: Unable to sweep compressed file: System Error. Code: 8. 22:22: edonkey 2000 0.53 (pro) + crack + edonkey bot lite.16abril2004.por.hulhio (ID = 0) 22:22: Found System Monitor: potentially rootkit-masked files 22:00: Warning: Failed to access drive E: 21:58: adiras.ini (ID = 74768) 21:58: Found Trojan Horse: sdbot 21:57: dating.lnk (ID = 75396) 21:53: uwasfsd.sys (ID = 242115) 21:53: myurlsagain.exe (ID = 62593) 21:53: Found Adware: icondroppers 21:49: dating.lnk (ID = 75396) 21:49: Found Adware: sexfiles dialers 21:48: switchagreement.txt (ID = 76024) 21:48: Found Adware: sicro dialer 21:47: unstall.exe (ID = 74180) 21:45: sahimages (14 subtraces) (ID = 2147486967) 21:45: Found Adware: shopathomeselect 21:45: Starting File Sweep 21:45: Warning: Failed to access drive A: 21:45: Cookie Sweep Complete, Elapsed Time: 00:00:03 21:45: jj@zedo[1].txt (ID = 3762) 21:45: Found Spy Cookie: zedo cookie 21:45: jj@xiti[1].txt (ID = 3717) 21:45: jj@www.myaffiliateprogram[1].txt (ID = 3032) 21:45: Found Spy Cookie: myaffiliateprogram.com cookie 21:45: jj@www.burstnet[1].txt (ID = 2337) 21:45: Found Spy Cookie: burstnet cookie 21:45: jj@weborama[2].txt (ID = 3658) 21:45: Found Spy Cookie: weborama cookie 21:45: jj@overture[2].txt (ID = 3105) 21:45: Found Spy Cookie: overture cookie 21:45: jj@msnportal.112.2o7[1].txt (ID = 1958) 21:45: jj@mediaplex[1].txt (ID = 6442) 21:45: Found Spy Cookie: mediaplex cookie 21:45: jj@m.webtrends[2].txt (ID = 3669) 21:45: Found Spy Cookie: webtrends cookie 21:45: jj@bluestreak[2].txt (ID = 2314) 21:45: Found Spy Cookie: bluestreak cookie 21:45: jj@atdmt[2].txt (ID = 2253) 21:45: Found Spy Cookie: atlas dmt cookie 21:45: jj@adtech[2].txt (ID = 2155) 21:45: Found Spy Cookie: adtech cookie 21:45: jj@ad.yieldmanager[2].txt (ID = 3751) 21:45: Found Spy Cookie: yieldmanager cookie 21:45: jj@2o7[2].txt (ID = 1957) 21:45: Found Spy Cookie: 2o7.net cookie 21:45: carine@xiti[1].txt (ID = 3717) 21:45: Found Spy Cookie: xiti cookie 21:45: carine@www.winantiviruspro[2].txt (ID = 3690) 21:45: Found Spy Cookie: winantiviruspro cookie 21:45: Starting Cookie Sweep 21:44: Registry Sweep Complete, Elapsed Time:00:01:52 21:44: HKU\S-1-5-21-436374069-1677128483-854245398-1003\software\errorsafe\ (ID = 1142600) 21:44: HKU\S-1-5-21-436374069-1677128483-854245398-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (ID = 135102) 21:44: HKU\WRSS_Profile_S-1-5-21-436374069-1677128483-854245398-1006\software\microsoft\internet explorer\main\ || default_search_url (ID = 790269) 21:44: HKU\WRSS_Profile_S-1-5-21-436374069-1677128483-854245398-1006\software\microsoft\internet explorer\main\ || search bar (ID = 790268) 21:44: HKU\WRSS_Profile_S-1-5-21-436374069-1677128483-854245398-1006\software\microsoft\windows\currentversion\policies\ameopt\ (ID = 654042) 21:44: HKU\WRSS_Profile_S-1-5-21-436374069-1677128483-854245398-1006\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437) 21:44: HKU\WRSS_Profile_S-1-5-21-436374069-1677128483-854245398-1006\software\microsoft\internet explorer\toolbar\webbrowser\ || {86227d9c-0efe-4f8a-aa55-30386a3f5686} (ID = 147853) 21:44: HKU\WRSS_Profile_S-1-5-21-436374069-1677128483-854245398-1006\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778) 21:44: HKU\WRSS_Profile_S-1-5-21-436374069-1677128483-854245398-1006\software\microsoft\internet explorer\explorer bars\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (ID = 141777) 21:44: HKU\WRSS_Profile_S-1-5-21-436374069-1677128483-854245398-1006\software\powerscan\ (ID = 136823) 21:44: Found Adware: ist powerscan 21:44: HKU\WRSS_Profile_S-1-5-21-436374069-1677128483-854245398-1006\software\microsoft\internet explorer\toolbar\webbrowser\ || {9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (ID = 135102) 21:44: HKU\WRSS_Profile_S-1-5-21-436374069-1677128483-854245398-1006\software\ist\ (ID = 129108) 21:44: Found Adware: ist software 21:44: HKU\WRSS_Profile_S-1-5-21-436374069-1677128483-854245398-1006\software\policies\avenue media\ (ID = 128928) 21:44: HKU\WRSS_Profile_S-1-5-21-436374069-1677128483-854245398-1006\software\avenue media\ (ID = 128887) 21:44: HKU\WRSS_Profile_S-1-5-21-436374069-1677128483-854245398-1006\software\microsoft\internet explorer\main\ || start page (ID = 125239) 21:44: HKU\WRSS_Profile_S-1-5-21-436374069-1677128483-854245398-1006\software\microsoft\internet explorer\main\ || search page (ID = 125238) 21:44: HKU\WRSS_Profile_S-1-5-21-436374069-1677128483-854245398-1006\software\microsoft\internet explorer\main\ || search bar (ID = 125237) 21:44: HKU\WRSS_Profile_S-1-5-21-436374069-1677128483-854245398-1006\software\microsoft\internet explorer\main\ || default_search_url (ID = 125236) 21:44: HKU\WRSS_Profile_S-1-5-21-436374069-1677128483-854245398-500\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778) 21:44: Found Adware: ist sidefind 21:44: HKLM\software\classes\typelib\{68bc55e9-4d3e-4c89-89ac-7559763c98b8}\ (ID = 1143002) 21:44: HKLM\software\classes\clsid\{5284ac2a-ef00-4750-9b82-b5b907d26536}\ (ID = 1142885) 21:44: HKLM\software\classes\esspcheck.esspcheck.1\clsid\ (ID = 1142774) 21:44: HKLM\software\classes\esspcheck.esspcheck.1\ (ID = 1142772) 21:44: HKLM\software\classes\esspcheck.esspcheck\curver\ (ID = 1142770) 21:44: HKLM\software\classes\esspcheck.esspcheck\clsid\ (ID = 1142768) 21:44: HKLM\software\classes\esspcheck.esspcheck\ (ID = 1142766) 21:44: HKLM\software\errorsafe\ (ID = 1142628) 21:44: HKCR\typelib\{68bc55e9-4d3e-4c89-89ac-7559763c98b8}\ (ID = 1142540) 21:44: HKCR\clsid\{5284ac2a-ef00-4750-9b82-b5b907d26536}\ (ID = 1142423) 21:44: HKCR\esspcheck.esspcheck\ (ID = 1142304) 21:44: Found Adware: errorsafe 21:44: HKLM\software\microsoft\drsmartload2\ (ID = 1134137) 21:44: Found Adware: dollarrevenue 21:44: HKLM\software\classes\typelib\{25bae2a9-df54-4927-af6f-9963146d11d8}\ (ID = 1129243) 21:44: HKCR\typelib\{25bae2a9-df54-4927-af6f-9963146d11d8}\ (ID = 1128851) 21:44: Found Adware: winantispyware 2005 21:44: HKLM\software\classes\mirar_dummy_ats.mirar_dummy_ats1.1\clsid\ (ID = 1055293) 21:44: HKLM\software\classes\mirar_dummy_ats.mirar_dummy_ats1.1\ (ID = 1055291) 21:44: HKCR\mirar_dummy_ats.mirar_dummy_ats1.1\clsid\ (ID = 1055250) 21:44: HKCR\mirar_dummy_ats.mirar_dummy_ats1.1\ (ID = 1055248) 21:44: Found Adware: mirar webband 21:44: HKLM\software\classes\clsid\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658}\ (ID = 920458) 21:44: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\shellscrap\ (ID = 775866) 21:44: HKCR\clsid\{dc341f1b-ec77-47be-8f58-96e83861cc5a}\ (ID = 713029) 21:44: HKU\.default\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555438) 21:44: Found Adware: findthewebsiteyouneed hijack 21:44: HKCR\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\ (ID = 147861) 21:44: HKLM\software\yoursitebar\ (ID = 147860) 21:44: HKLM\software\classes\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\ (ID = 147842) 21:44: HKCR\clsid\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658}\ (ID = 147829) 21:44: HKLM\system\currentcontrolset\services\msdirectx\ (ID = 144200) 21:44: Found Trojan Horse: fu rootkit components 21:44: HKLM\software\mm\ (ID = 140211) 21:44: Found Adware: elitemediagroup-mediamotor 21:44: HKLM\software\opistat\ (ID = 136464) 21:44: Found Adware: opistat 21:43: HKCR\typelib\{e5c91897-eab2-4f5f-9ce2-666be612aa1a}\ (ID = 135929) 21:43: HKLM\software\classes\typelib\{e5c91897-eab2-4f5f-9ce2-666be612aa1a}\ (ID = 135925) 21:43: HKLM\software\classes\clsid\{f8c374fa-c45b-4268-af84-f74088fd2d0a}\ (ID = 135922) 21:43: HKCR\clsid\{f8c374fa-c45b-4268-af84-f74088fd2d0a}\ (ID = 135918) 21:43: Found Adware: netratings 21:43: HKCR\typelib\{e9a5b71c-093b-4f34-af07-34fca89ba0df}\ (ID = 129193) 21:43: HKCR\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\ (ID = 129190) 21:43: HKLM\software\classes\typelib\{e9a5b71c-093b-4f34-af07-34fca89ba0df}\ (ID = 129107) 21:43: HKLM\software\classes\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\ (ID = 129103) 21:43: HKLM\software\classes\interface\{0e704ba4-c517-4be7-a1cd-c3ffda1e1ffe}\ (ID = 129085) 21:43: HKLM\software\classes\clsid\{dc341f1b-ec77-47be-8f58-96e83861cc5a}\ (ID = 129083) 21:43: HKCR\interface\{0e704ba4-c517-4be7-a1cd-c3ffda1e1ffe}\ (ID = 129062) 21:43: Found Adware: ist istbar 21:43: HKLM\software\microsoft\windows\currentversion\uninstall\wsem update\ (ID = 128927) 21:43: Found Adware: internetoptimizer 21:43: Starting Registry Sweep 21:43: Memory Sweep Complete, Elapsed Time: 00:04:01 21:39: Starting Memory Sweep 21:39: HKCR\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\inprocserver32\ (ID = 1375012) 21:39: Found Adware: virtumonde 21:39: HKCR\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\1.0\0\win32\ (ID = 1187896) 21:38: Found Adware: ist yoursitebar 21:38: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\policies\ || dllname (ID = 1139663) 21:38: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\reliability\ || dllname (ID = 1139659) 21:38: Found Adware: look2me 21:38: Sweep initiated using definitions version 691 21:38: Spy Sweeper 5.0.5.1286 started 21:38: | Start of Session, lundi 24 juillet 2006 | ******** 21:38: | End of Session, lundi 24 juillet 2006 | 21:35: Program Version 5.0.5.1286 Using Spyware Definitions 691 21:34: Spy Sweeper 5.0.5.1286 started 21:34: | Start of Session, lundi 24 juillet 2006 | ********

Ok m'sieur j'attends tes instructions et.....merci

rapport chercher.zip : C:\WINDOWS\System32\rrstv.ini -->24/07/2006 14:53:11 C:\WINDOWS\System32\mcrh.tmp -->24/07/2006 08:23:07 C:\WINDOWS\System32\kdjuyjfw.exe -->24/07/2006 03:54:48 C:\WINDOWS\System32\nvapps.xml -->23/07/2006 23:45:14 C:\WINDOWS\System32\l3mpgnaa.ini -->23/07/2006 12:01:36 C:\WINDOWS\System32\oc5gpg9o.html -->23/07/2006 11:24:44 C:\WINDOWS\System32\imon1.dat -->21/07/2006 23:25:33 C:\WINDOWS\System32\mapisvc.inf -->21/07/2006 00:10:24 C:\WINDOWS\System32\imon.dll -->21/07/2006 00:04:00 C:\WINDOWS\System32\95a48h6d.dat -->20/07/2006 21:34:43 C:\WINDOWS\System32\5s6b1usn.dat -->20/07/2006 21:25:59 C:\WINDOWS\System32\5j9meqgi.dat -->20/07/2006 21:25:39 C:\WINDOWS\System32\awtqnkh.dll -->20/07/2006 20:46:04 C:\WINDOWS\System32\wpa.dbl -->20/07/2006 17:54:54 C:\WINDOWS\System32\__delete_on_reboot__c_b_x_u_s_t_t_._d_l_l_ -->16/07/2006 11:26:38 C:\WINDOWS\System32\vtsrr.dll -->15/07/2006 08:11:54 C:\WINDOWS\System32\TFTP3960 -->06/07/2006 20:23:07 C:\WINDOWS\System32\i -->06/07/2006 19:58:37 C:\WINDOWS\System32\TFTP3216 -->06/07/2006 19:40:14 C:\WINDOWS\System32\TFTP2428 -->06/07/2006 19:18:13 C:\WINDOWS\System32\TFTP1848 -->06/07/2006 19:15:20 C:\WINDOWS\System32\TFTP3220 -->06/07/2006 19:11:41 C:\WINDOWS\System32\CmdLineExt03.dll -->05/07/2006 13:48:53 C:\WINDOWS\System32\l3mpgnaa.exe -->28/06/2006 13:24:04 C:\WINDOWS\System32\smug93g7.dll -->28/06/2006 11:49:50 C:\WINDOWS\0.log -->24/07/2006 14:44:54 C:\WINDOWS\ntbtlog.txt -->24/07/2006 14:44:47 C:\WINDOWS\setupapi.log -->24/07/2006 09:14:13 C:\WINDOWS\WindowsUpdate.log -->24/07/2006 07:47:47 C:\WINDOWS\QTFont.qfn -->23/07/2006 23:43:28 C:\WINDOWS\wiadebug.log -->23/07/2006 23:42:28 C:\WINDOWS\wiaservc.log -->23/07/2006 23:42:03 C:\WINDOWS\setupact.log -->23/07/2006 12:51:04 C:\WINDOWS\QTFont.for -->23/07/2006 12:08:09 C:\WINDOWS\dp2_log.txt -->23/07/2006 11:25:57 C:\WINDOWS\SchedLgU.Txt -->23/07/2006 00:21:27 C:\WINDOWS\win.ini -->17/07/2006 15:40:06 C:\WINDOWS\system.ini -->17/07/2006 11:52:41 C:\WINDOWS\keyboard1.dat -->07/07/2006 06:43:54 C:\WINDOWS\VPTNFILE.555 -->07/07/2006 06:08:04 Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 44D2-2E90 R‚pertoire de C:\Program Files 23/07/2006 19:00 <REP> . 23/07/2006 19:00 <REP> .. 16/03/2006 09:44 <REP> Adobe 17/02/2005 09:14 <REP> Ahead 03/08/2005 09:04 <REP> ArcPad 11/11/2005 12:19 <REP> Astraware 26/10/2005 22:08 <REP> Browser PS2 mouse 18/03/2005 16:11 <REP> Canon 07/07/2006 08:09 <REP> Common Files 19/01/2006 18:37 <REP> ErrorSafe 21/07/2006 09:54 <REP> ESET 03/08/2005 21:04 <REP> ESRI 27/12/2005 14:02 <REP> Every Toolbar 1.1 23/07/2006 14:45 <REP> ewido anti-spyware 4.0 06/04/2005 14:24 <REP> EZFace 29/03/2005 20:00 <REP> fdjeux 06/07/2006 20:00 <REP> Fichiers communs 29/11/2005 16:06 <REP> FunWebProducts 23/03/2005 22:39 <REP> GameSpy Arcade 13/05/2006 08:02 <REP> Google 20/02/2005 15:42 <REP> Grisoft 02/07/2005 22:14 <REP> HbTools 23/03/2006 14:02 <REP> IKEA Home Planner Kitchen 27/04/2005 11:22 <REP> IncrediMail 20/07/2006 22:22 <REP> InetGet2 04/03/2005 20:35 <REP> Internet Explorer 21/03/2005 15:03 <REP> Jasc Software Inc 07/12/2005 18:29 <REP> Java 10/07/2005 11:06 <REP> joystick networks 23/04/2005 18:26 <REP> JVTorrent 28/03/2005 17:52 <REP> LaserMedia 03/08/2005 20:54 <REP> Leica Geosystems 31/05/2006 17:37 <REP> Lexmark X1100 Series 04/10/2005 10:32 <REP> Livecom Plugins 28/01/2006 11:09 <REP> LiveUpdate 28/10/2005 13:32 <REP> Mega Bloc Notes 10/03/2005 09:33 <REP> Messenger 18/04/2006 11:51 <REP> MessengerPlus! 3 14/07/2006 16:14 <REP> Micro Application 16/02/2005 17:58 <REP> microsoft frontpage 10/09/2005 19:07 <REP> Microsoft GIF Animator 20/02/2005 16:31 <REP> Microsoft Office 17/02/2005 08:54 <REP> Microsoft Visual Studio 27/07/2005 19:48 <REP> MinitelADSL 28/01/2006 11:31 <REP> mobile PhoneTools 28/01/2006 11:32 <REP> Motorola Phone Tools 16/02/2005 17:52 <REP> Movie Maker 16/02/2005 17:50 <REP> MSN 11/05/2006 15:34 <REP> msn gaming zone 21/07/2006 08:47 <REP> MSN Messenger 26/10/2005 22:08 <REP> Multimedia keyboard utility 16/02/2005 17:52 <REP> NetMeeting 21/05/2005 10:10 <REP> Outlook Express 08/04/2005 07:21 <REP> PowerPoint Viewer 22/03/2005 17:43 <REP> QuickTime 07/11/2005 20:57 <REP> ReflexiveArcade 19/02/2005 19:27 <REP> SAGEM 18/03/2005 16:09 <REP> ScanSoft 16/03/2006 15:34 <REP> Siber Systems 23/03/2005 22:34 <REP> Smart Projects 22/07/2006 15:58 <REP> Spybot - Search & Destroy 20/03/2005 22:25 <REP> TLC-Edusoft 12/03/2005 20:56 <REP> VIRTUELSOFT 06/07/2006 20:39 <REP> Wanadoo 25/03/2005 12:43 <REP> WinAce 20/06/2006 06:30 <REP> WinAntiSpyware 2006 Scanner 04/10/2005 18:04 <REP> Windows Media Player 16/02/2005 17:49 <REP> Windows NT 30/08/2005 08:47 <REP> Winkaa 1.0 17/02/2005 09:12 <REP> WinRAR 16/03/2005 12:03 <REP> WinZip 16/03/2005 12:03 2ÿ417ÿ824 winzip90.exe 16/02/2005 17:58 <REP> xerox 1 fichier(s) 2ÿ417ÿ824 octets 72 R‚p(s) 3ÿ821ÿ150ÿ208 octets libres Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 44D2-2E90 R‚pertoire de C:\Program Files\fichiers communs 06/07/2006 20:00 <REP> . 06/07/2006 20:00 <REP> .. 31/05/2005 17:32 <REP> ACD Systems 17/02/2005 10:06 <REP> Adobe 17/02/2005 09:14 <REP> Ahead 17/02/2005 08:54 <REP> Designer 21/07/2006 18:53 <REP> ErrorSafe 03/08/2005 20:56 <REP> ESRI 10/03/2005 12:38 <REP> GTK 25/03/2005 11:24 <REP> InstallShield 07/12/2005 18:23 <REP> Java 01/05/2005 13:40 <REP> Macrovision Shared 22/06/2006 09:24 <REP> Microsoft Shared 16/02/2005 17:52 <REP> MSSoap 10/04/2006 11:26 <REP> Nokia 08/10/2005 14:36 <REP> Oberon Media 16/02/2005 17:38 <REP> ODBC 10/04/2006 11:26 <REP> PCSuite 18/03/2005 16:10 <REP> ScanSoft Shared 16/02/2005 17:52 <REP> Services 16/02/2005 17:38 <REP> SpeechEngines 17/02/2005 08:53 <REP> System 23/12/2005 18:38 <REP> WhenU 23/07/2006 19:00 <REP> WinFixer 2005 23/07/2006 19:00 <REP> WinSoftware 23/07/2006 18:59 <REP> {44D22E90-0513-1036-0524-020320030021} 0 fichier(s) 0 octets 26 R‚p(s) 3ÿ821ÿ150ÿ208 octets libres Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 44D2-2E90 R‚pertoire de C:\Program Files\common files 07/07/2006 08:09 <REP> . 07/07/2006 08:09 <REP> .. 15/10/2005 17:26 <REP> Microsoft Shared 06/07/2006 20:02 <REP> misc001 06/07/2006 20:02 <REP> simtest 0 fichier(s) 0 octets 5 R‚p(s) 3ÿ821ÿ150ÿ208 octets libres Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 44D2-2E90 R‚pertoire de C:\ 21/07/2006 17:45 570ÿ750 Installer3.exe 20/07/2006 19:46 151ÿ112 mc-110-12-0000228.exe 22/07/2006 15:27 5ÿ037ÿ072 spybot-search-destroy_spybot_-_search_destroy_1.4_francais_10965.exe 21/07/2006 17:38 566ÿ800 warebundlenewer.exe 4 fichier(s) 6ÿ325ÿ734 octets 0 R‚p(s) 3ÿ821ÿ150ÿ208 octets libres c:\Documents and Settings\carine\.housecall\getMac.exe c:\Documents and Settings\carine\.housecall\patch.exe c:\Documents and Settings\carine\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdrUpd708_all_incr.exe c:\Documents and Settings\carine\Local Settings\Application Data\IM\Identities\{51982F9E-EC44-406F-9B97-5D36172E5D8C}\Message Store\Attachments\{26230C7C-12ED-40F8-A015-AE190E6E4793}\DRUKARZ.EXE c:\Documents and Settings\carine\Local Settings\Application Data\IM\Identities\{51982F9E-EC44-406F-9B97-5D36172E5D8C}\Message Store\Attachments\{7086AD15-92BC-472B-BF48-3C3AFE2FADA2}\DRUKARZ.EXE c:\Documents and Settings\carine\Local Settings\Application Data\IM\Identities\{51982F9E-EC44-406F-9B97-5D36172E5D8C}\Message Store\Attachments\{8756FE03-F171-4E43-AF47-11D09550C2F4}\DRUKARZ.EXE c:\Documents and Settings\carine\Local Settings\Application Data\IM\Identities\{51982F9E-EC44-406F-9B97-5D36172E5D8C}\Message Store\Attachments\{992B5215-E42C-4878-AFFA-5C9A3605C457}\DRUKARZ.EXE c:\Documents and Settings\carine\Menu D‚marrer\Programmes\ArxelTribe\Desinstalleur.exe c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{7326545B-05C8-4308-9697-EAA3F9552018}\_51306a3.exe c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{7326545B-05C8-4308-9697-EAA3F9552018}\_609a6e7a.exe c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{7326545B-05C8-4308-9697-EAA3F9552018}\_609d1876.exe c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{CCCAA826-D6DE-4FA9-AC5F-73966AA00028}\_124305e.exe c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{CCCAA826-D6DE-4FA9-AC5F-73966AA00028}\_12db153c.exe c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{CCCAA826-D6DE-4FA9-AC5F-73966AA00028}\_26e91eb.exe c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{CCCAA826-D6DE-4FA9-AC5F-73966AA00028}\_440d491c.exe c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{CCCAA826-D6DE-4FA9-AC5F-73966AA00028}\_7e87390c.exe c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{CCCAA826-D6DE-4FA9-AC5F-73966AA00028}\_bb32ea6.exe c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{CCCAA826-D6DE-4FA9-AC5F-73966AA00028}\_f3e99.exe c:\Documents and Settings\jj\Bureau\Acoustica-Mixcraft-Installer.exe c:\Documents and Settings\jj\Bureau\ewido-setup_4.0.0.172a.exe c:\Documents and Settings\jj\Bureau\Fixwareout.exe c:\Documents and Settings\jj\Bureau\HijackThis.exe c:\Documents and Settings\jj\Bureau\setup.exe c:\Documents and Settings\jj\Bureau\VundoFix.exe c:\Documents and Settings\jj\Bureau\chercher\LFiles.exe c:\Documents and Settings\jj\Bureau\Mes documents\patch_netsky.exe c:\Documents and Settings\jj\Bureau\Mes documents\jacek.jackiewicz\a2freesetup.exe c:\Documents and Settings\jj\Bureau\Mes documents\jacek.jackiewicz\dotnetfx.exe c:\Documents and Settings\jj\Bureau\Mes documents\jacek.jackiewicz\MDAC_TYP.EXE c:\Documents and Settings\jj\Local Settings\Temp\rtdrvmon.exe c:\Documents and Settings\jj\Menu D‚marrer\Programmes\COKTEL\D‚sinstalleur Coktel.exe c:\Documents and Settings\jj\Mes documents\jacek.jackiewicz\airoboform.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\jj\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll Vérifications de quelques clefs Recherche de clefs EGDACCESS HKLM\SOFTWARE\Microsoft\Windows\explorer\SharedTaskScheduler

Ok, donc voilà, pendant que vundofix travaille, le rapport fixwareout: Fixwareout ver 1.003 Last edited 07/1/2006 Post this report in the forums please Reg Entries that were deleted ... Microsoft ® Windows Script Host Version 5.6 Random Runs removed from HKLM ... PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. Example ipsec6.exe is legitimate »»»»» Search by size and names... »»»»» Misc files »»»»» Checking for older varients covered by the Rem3 tool »»»»» Search five digit cs, dm and jb files This WILL/CAN also list Legit Files, Submit them at Virustotal Other suspects Directory of C:\WINDOWS\system32

Comment je reconnais un crack? Ca je n'y connais rien

ENFIN, VOILà LE SCAN HIJACKTHIS: Logfile of HijackThis v1.99.1 Scan saved at 06:41:25, on 24/07/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\jj\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (file missing) O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [FLMBROWSEMOUSE] C:\Program Files\Browser PS2 mouse\mouse32a.exe O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Multimedia keyboard utility\1.3\MMKEYBD.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] G:\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\PROGRA~1\COPERN~1\COPERN~1.EXE" /tray O4 - HKCU\..\Run: [Livecom] "C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\..\Launcher\Exe\SilentLauncher.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "G:\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [PcSync] G:\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: BitTorrent.lnk = G:\bittorrent.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZS O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Télécharger en utilisant Download &Express - C:\Program Files\Download Express\Add_Url.htm O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - g:\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - g:\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - g:\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/ O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/inst...leanerstart.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (ÌìÏÂËÑË÷) - http://iebar.t2t2.com/iebar.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125047201679 O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www3.photoweb.fr/telechargement/Photoweb_uploader.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125047150094 O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/alien.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} (Upload Class) - http://photos.wanadoo.fr/al/presentation/p...ivex/Ephoto.cab O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://click.mirarsearch.com/FIX/WinATS.cab O16 - DPF: {A9FD89D6-C839-11D3-B0FE-0050044B8FE9} (OBInstallRunner Control) - http://www.opinionbar.com/download/resourc...tallCabinet.CAB O16 - DPF: {B3231E01-D1EA-4BF1-B872-CF21619704F3} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/144000s/...ANEL_EUROPE.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.girafoto.fr/XUpload.ocx O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\temp\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - G:\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - G:\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe O23 - Service: Windows Process Viewer (The Windows Process Viewer) - Unknown owner - C:\WINDOWS\winlogon.exe (file missing) O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

Le rapport Kapersky, pas génial du tout : ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Monday, July 24, 2006 6:32:00 AM Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 24/07/2006 Kaspersky Anti-Virus database records: 196888 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ Scan Statistics: Total number of scanned objects: 95597 Number of viruses found: 14 Number of infected objects: 38 / 0 Number of suspicious objects: 10 Duration of the scan process: 06:20:43 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\jj\Cookies\index.dat Object is locked skipped C:\Documents and Settings\jj\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\jj\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\jj\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\jj\Local Settings\Historique\History.IE5\MSHist012006072420060725\index.dat Object is locked skipped C:\Documents and Settings\jj\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\jj\NTUSER.DAT Object is locked skipped C:\Documents and Settings\jj\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3ETRADC6\dfndrac_6[2].exe Infected: Trojan-Clicker.Win32.VB.nh skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PYLQ174M\Mendoza1[1].exe/data0004 Infected: Trojan-Downloader.MSIL.Agent.a skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PYLQ174M\Mendoza1[1].exe/data0010 Infected: Trojan.Win32.Zapchast.bl skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PYLQ174M\Mendoza1[1].exe/data0011/data0006 Infected: Trojan-Dropper.Win32.VB.mz skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PYLQ174M\Mendoza1[1].exe/data0011 Infected: Trojan-Dropper.Win32.VB.mz skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PYLQ174M\Mendoza1[1].exe NSIS: infected - 4 skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\ESET\infected\2LCYCCAA.NQF Infected: Trojan-Downloader.Win32.Adload.cu skipped C:\Program Files\ESET\infected\3YA4BJDA.NQF Infected: Trojan-Downloader.Win32.Adload.cu skipped C:\Program Files\ESET\infected\5IVY41AA.NQF/data.rar/drxvp.exe Suspicious: Packed.Win32.CryptExe skipped C:\Program Files\ESET\infected\5IVY41AA.NQF/data.rar Suspicious: Packed.Win32.CryptExe skipped C:\Program Files\ESET\infected\5IVY41AA.NQF RarSFX: suspicious - 2 skipped C:\Program Files\ESET\infected\5IVY41AA.NQF PE-Crypt.XorPE: suspicious - 2 skipped C:\Program Files\ESET\infected\BRZ0DCBA.NQF Infected: Trojan-Downloader.Win32.Adload.db skipped C:\Program Files\ESET\infected\GKNKGWDA.NQF Infected: Trojan-Downloader.Win32.Adload.db skipped C:\Program Files\ESET\infected\HW0DK0DA.NQF Infected: Trojan-Downloader.Win32.Adload.cu skipped C:\Program Files\ESET\infected\QLJ154BA.NQF Infected: Trojan-Clicker.Win32.VB.nh skipped C:\Program Files\ESET\infected\RRNXZLCA.NQF Infected: Trojan-Downloader.Win32.Adload.db skipped C:\Program Files\ESET\infected\SPDJ22AA.NQF Infected: Trojan-Downloader.Win32.Adload.cy skipped C:\Program Files\ESET\infected\YEBZSTDA.NQF Infected: Trojan-Clicker.Win32.VB.nh skipped C:\Program Files\ESET\infected\YIQCGTDA.NQF Infected: Trojan-Clicker.Win32.VB.nh skipped C:\VundoFix Backups\DP.sys Infected: Trojan.Win32.Agent.ny skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\drivers\sptd1005.sys Object is locked skipped C:\WINDOWS\system32\i Infected: Trojan-Downloader.BAT.Ftp.ab skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Deutsch\trembler.exe/trembler.exe Infected: not-virus:BadJoke.Win32.Trembler skipped G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Deutsch\trembler.exe RAR: infected - 1 skipped G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\English\trembler.exe/trembler.exe Infected: not-virus:BadJoke.Win32.Trembler skipped G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\English\trembler.exe RAR: infected - 1 skipped G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Español\trembler.exe/trembler.exe Infected: not-virus:BadJoke.Win32.Trembler skipped G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Español\trembler.exe RAR: infected - 1 skipped G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Français\trembler.exe/trembler.exe Infected: not-virus:BadJoke.Win32.Trembler skipped G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Français\trembler.exe RAR: infected - 1 skipped G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Italiano\trembler.exe/trembler.exe Infected: not-virus:BadJoke.Win32.Trembler skipped G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Italiano\trembler.exe RAR: infected - 1 skipped G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Nederlands\trembler.exe/trembler.exe Infected: not-virus:BadJoke.Win32.Trembler skipped G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Nederlands\trembler.exe RAR: infected - 1 skipped G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Portugeses\Photos clara morgane, irina voronina, titia\trembler.exe/trembler.exe Infected: not-virus:BadJoke.Win32.Trembler skipped G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Portugeses\Photos clara morgane, irina voronina, titia\trembler.exe RAR: infected - 1 skipped G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Portugeses\trembler.exe/trembler.exe Infected: not-virus:BadJoke.Win32.Trembler skipped G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Portugeses\trembler.exe RAR: infected - 1 skipped G:\eDonkey2000\incoming\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar/Moto Razr Complete/Games/NFL 2005 [v3 Razr]/NFL 2005 v3.jar/sheet_btackle.png Suspicious: Exploit.Win32.MS05-009 skipped G:\eDonkey2000\incoming\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar/Moto Razr Complete/Games/NFL 2005 [v3 Razr]/NFL 2005 v3.jar/sheet_ftackle.png Suspicious: Exploit.Win32.MS05-009 skipped G:\eDonkey2000\incoming\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar/Moto Razr Complete/Games/NFL 2005 [v3 Razr]/NFL 2005 v3.jar/sheet_lockup.png Suspicious: Exploit.Win32.MS05-009 skipped G:\eDonkey2000\incoming\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar/Moto Razr Complete/Games/NFL 2005 [v3 Razr]/NFL 2005 v3.jar/sheet_run.png Suspicious: Exploit.Win32.MS05-009 skipped G:\eDonkey2000\incoming\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar/Moto Razr Complete/Games/NFL 2005 [v3 Razr]/NFL 2005 v3.jar Suspicious: Exploit.Win32.MS05-009 skipped G:\eDonkey2000\incoming\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar RAR: suspicious - 5 skipped G:\eDonkey2000\incoming\[France PC].Playboy the Mansion cracked.rar/setup.exe/username.exe Infected: Trojan-Downloader.Win32.Small.ya skipped G:\eDonkey2000\incoming\[France PC].Playboy the Mansion cracked.rar/setup.exe/wudupdate.exe Infected: Trojan-Downloader.Win32.IstBar.gen skipped G:\eDonkey2000\incoming\[France PC].Playboy the Mansion cracked.rar/setup.exe Infected: Trojan-Downloader.Win32.IstBar.gen skipped G:\eDonkey2000\incoming\[France PC].Playboy the Mansion cracked.rar RAR: infected - 3 skipped Scan process completed. Par contre, je ne sais pas comment les supprimer, Kapersky ne m'en donne pas la possibilité?

jE METS Déjà les 2 rapports que j'ai: VUNDOFIX VundoFix V5.1.5 Checking Java version... Java version is 1.5.0.6 Scan started at 19:22:55 23/07/2006 Listing files found while scanning.... C:\windows\system32\awtqnkh.dll C:\windows\system32\vtsrr.dll C:\windows\system32\rrstv.ini C:\windows\system32\rrstv.bak1 C:\windows\system32\rrstv.bak2 C:\windows\system32\rrstv.ini2 C:\windows\system32\rrstv.tmp C:\WINDOWS\system32\Drivers\DP.sys Beginning removal... The process smss.exe could not be stopped Vundofix may not be able to delete some files that were found. The process winlogon.exe could not be stopped Vundofix may not be able to delete some files that were found. The process explorer.exe was successfully stopped The process iexplore.exe was successfully stopped The process rundll32.exe was successfully stopped Attempting to delete C:\windows\system32\awtqnkh.dll C:\windows\system32\awtqnkh.dll Could not be deleted. Attempting to delete C:\windows\system32\vtsrr.dll C:\windows\system32\vtsrr.dll Could not be deleted. Attempting to delete C:\windows\system32\rrstv.ini C:\windows\system32\rrstv.ini Has been deleted! Attempting to delete C:\windows\system32\rrstv.bak1 C:\windows\system32\rrstv.bak1 Has been deleted! Attempting to delete C:\windows\system32\rrstv.bak2 C:\windows\system32\rrstv.bak2 Has been deleted! Attempting to delete C:\windows\system32\rrstv.ini2 C:\windows\system32\rrstv.ini2 Has been deleted! Attempting to delete C:\windows\system32\rrstv.tmp C:\windows\system32\rrstv.tmp Has been deleted! Attempting to delete C:\WINDOWS\system32\Drivers\DP.sys C:\WINDOWS\system32\Drivers\DP.sys Has been deleted! Performing Repairs to the registry. Done! POUR CLEAN c'est bizarre, je n'ai que ça: cript clean par Malekal_morte - http://www.malekal.com *** SUPPRESSION DES FICHIERS *** Suppressions de trojans/vers sur...

L'avatar, il est proposé sur le site Bon, là je viens juste de lancer Kapersky, désolée, j'ai du monde qui est venu à l'improviste Bon, je vais me coucher, j'espère que je n'aurai pas eu trop de virus encore de détecter, j'ai relancer le pc en Mode sans echec, car en normal, il continuait à ramer, et mon anti-virus n'arrêteait pas de me dire que j'avais encore le virus sur system32\vtsrr.dll ....... Bonne nuit, à demain

Il scanne encore pour le moment....(ça fait déjà 1heure!)

Donc, voici le rapport d'ewido ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 19:03:25 23/07/2006 + Scan result: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KRJ6JUR8\AppWrap[2].exe -> Adware.AdURL : Cleaned with backup (quarantined). C:\WINDOWS\Downloaded Program Files\barhelp22.0.dll -> Adware.Iebar : Cleaned with backup (quarantined). C:\WINDOWS\Downloaded Program Files\iebar22.0.dll -> Adware.Iebar : Cleaned with backup (quarantined). C:\Program Files\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined). C:\Program Files\Internet Optimizer\update -> Adware.InternetOptimizer : Cleaned with backup (quarantined). HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined). HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined). HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Adware.InternetOptimizer : Cleaned with backup (quarantined). HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 -> Adware.InternetOptimizer : Cleaned with backup (quarantined). HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE -> Adware.InternetOptimizer : Cleaned with backup (quarantined). HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 -> Adware.InternetOptimizer : Cleaned with backup (quarantined). HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 -> Adware.InternetOptimizer : Cleaned with backup (quarantined). HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 -> Adware.InternetOptimizer : Cleaned with backup (quarantined). HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined). HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Cleaned with backup (quarantined). HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined). HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined). HKU\S-1-5-21-436374069-1677128483-854245398-1003\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag -> Adware.ISTBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag.1 -> Adware.ISTBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag\CLSID -> Adware.ISTBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag\CurVer -> Adware.ISTBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\ISTsvc -> Adware.ISTBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\ISTsvc\history -> Adware.ISTBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc -> Adware.ISTBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\YourSiteBar -> Adware.ISTBar : Error during cleaning. HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Adware.ISTBar : Error during cleaning. HKLM\SOFTWARE\YourSiteBar\Historysearch -> Adware.ISTBar : Error during cleaning. HKU\S-1-5-21-436374069-1677128483-854245398-1003\Software\IST -> Adware.ISTBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\media-motor -> Adware.MediaMotor : Cleaned with backup (quarantined). HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Adware.MoneyTree : Cleaned with backup (quarantined). C:\Program Files\SideFind -> Adware.SideFind : Cleaned with backup (quarantined). C:\Program Files\SideFind\sfexd001 -> Adware.SideFind : Cleaned with backup (quarantined). C:\Program Files\SideFind\update -> Adware.SideFind : Cleaned with backup (quarantined). C:\Documents and Settings\jj\Local Settings\Temp\uninstall.exe -> Adware.SurfAcc : Cleaned with backup (quarantined). C:\WINDOWS\system32\awtqnkh.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\WINDOWS\system32\awtusrs.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\WINDOWS\system32\cbxustt.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\WINDOWS\system32\config\pnky.exe -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\WINDOWS\system32\fccyyxv.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\WINDOWS\system32\gebcdaw.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\WINDOWS\system32\iifdeca.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\WINDOWS\system32\jkkjijj.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\WINDOWS\system32\opnlljk.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\WINDOWS\system32\opnonnk.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\WINDOWS\system32\opppmkh.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\WINDOWS\system32\tuvuvtt.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\WINDOWS\system32\vtsrr.V00dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\WINDOWS\system32\vtsrr.V01dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\WINDOWS\system32\vtsrr.V02dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\WINDOWS\system32\vtsrr.Vdll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\WINDOWS\system32\vtsrr.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\Program Files\Fichiers communs\WinFixer 2005\FCrXML.dll -> Adware.Winfixer : Cleaned with backup (quarantined). C:\Program Files\Fichiers communs\WinSoftware\PCheck.dll -> Adware.Winfixer : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\YSBactivex.Installer -> Adware.YourSiteBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\YSBactivex.Installer\CLSID -> Adware.YourSiteBar : Cleaned with backup (quarantined). C:\WINDOWS\system32\medo.dl -> Backdoor.Flood : Cleaned with backup (quarantined). C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\JU2B8JR3\dfndrd_4[1].exe -> Downloader.Adload.cu : Cleaned with backup (quarantined). C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9YIQN067\file[1].exe/drxvp.exe -> Downloader.Adload.cw : Cleaned with backup (quarantined). C:\WINDOWS\system32\config\drxvp.exe -> Downloader.Adload.cw : Cleaned with backup (quarantined). C:\files.exe/drxvp.exe -> Downloader.Adload.cw : Cleaned with backup (quarantined). C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PYLQ174M\loader[1].exe -> Downloader.Adload.de : Cleaned with backup (quarantined). C:\Documents and Settings\jj\ysbinstall_1000489_3.exe -> Downloader.INService.ja : Cleaned with backup (quarantined). G:\a\Edonkey 2000 0.53 (Pro) + Crack + Edonkey Bot Lite.16Abril2004.por.Hulhio.Pootz\adremover.dll -> Downloader.Small : Cleaned with backup (quarantined). G:\eDonkey2000\Plugins\adremover.dll -> Downloader.Small : Cleaned with backup (quarantined). G:\eDonkey2000\Plugins\httpprotocol.dll -> Downloader.Small : Cleaned with backup (quarantined). G:\eDonkey2000\edonkey-overnet.v0.53.Registration.Crack-BetaMaster.rar/adremover.dll -> Downloader.Small : Cleaned with backup (quarantined). G:\eDonkey2000\incoming\Edonkey 2000 0.53 (Pro) + Crack + Edonkey Bot Lite + Donkey Look Up 0.3 + Edonkey Crawler.16Abril2004.por.Hulhio.Pootz.zip/Edonkey 2000 0.53 (Pro) + Crack + Edonkey Bot Lite.16Abril2004.por.Hulhio.Pootz/adremover.dll -> Downloader.Small : Cleaned with backup (quarantined). G:\eDonkey2000\incoming\Edonkey 2000 0.53 (Pro) + Crack + Edonkey Bot Lite + Donkey Look Up 0.3 + Edonkey Crawler.16Abril2004.por.Hulhio.Pootz\Edonkey 2000 0.53 (Pro) + Crack + Edonkey Bot Lite.16Abril2004.por.Hulhio.Pootz\adremover.dll -> Downloader.Small : Cleaned with backup (quarantined). G:\eDonkey2000\incoming\edonkey.v0.53.Incl.Registration.Crack-BetaMaster.rar/edonkey-overnet.v0.53.Registration.Crack-BetaMaster.rar/adremover.dll -> Downloader.Small : Cleaned with backup (quarantined). C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PYLQ174M\kybrdac_6[1].exe -> Downloader.VB.ada : Cleaned with backup (quarantined). C:\WINDOWS\system32\setup_71736.exe -> Dropper.Paradrop.a : Cleaned with backup (quarantined). G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Deutsch\trembler.exe/trembler.exe -> Not-A-Virus.BadJoke.Win32.Trembler : Ignored. G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\English\trembler.exe/trembler.exe -> Not-A-Virus.BadJoke.Win32.Trembler : Ignored. G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Español\trembler.exe/trembler.exe -> Not-A-Virus.BadJoke.Win32.Trembler : Ignored. G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Français\trembler.exe/trembler.exe -> Not-A-Virus.BadJoke.Win32.Trembler : Ignored. G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Italiano\trembler.exe/trembler.exe -> Not-A-Virus.BadJoke.Win32.Trembler : Ignored. G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Nederlands\trembler.exe/trembler.exe -> Not-A-Virus.BadJoke.Win32.Trembler : Ignored. G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Portugeses\Photos clara morgane, irina voronina, titia\trembler.exe/trembler.exe -> Not-A-Virus.BadJoke.Win32.Trembler : Ignored. G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Portugeses\trembler.exe/trembler.exe -> Not-A-Virus.BadJoke.Win32.Trembler : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.10\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.10\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.11\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.11\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.12\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.12\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.13\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.13\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.14\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.14\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.15\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.15\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.16\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.16\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.17\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.17\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.18\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.19\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.20\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.21\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.22\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.23\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.24\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.25\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.26\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.27\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored. C:\WINDOWS\Downloaded Program Files\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.e : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.10\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.11\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.12\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.13\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.14\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.15\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.16\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.17\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.18\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.19\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.20\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.21\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.22\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.23\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.24\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.25\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.26\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored. C:\WINDOWS\Downloaded Program Files\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored. C:\WINDOWS\ABox.exe -> Not-A-Virus.PornTool.Win32.ABox.a : Ignored. C:\WINDOWS\system32\drivers\df_kmd.sys -> Rootkit.Agent.af : Cleaned with backup (quarantined). C:\Documents and Settings\carine\Cookies\carine@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned. C:\Documents and Settings\carine\Cookies\carine@adtech[2].txt -> TrackingCookie.Adtech : Cleaned. C:\Documents and Settings\jj\Cookies\jj@adtech[2].txt -> TrackingCookie.Adtech : Cleaned. C:\Documents and Settings\carine\Cookies\carine@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\jj\Cookies\jj@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\carine\Cookies\carine@bfast[2].txt -> TrackingCookie.Bfast : Cleaned. C:\Documents and Settings\jj\Cookies\jj@bfast[1].txt -> TrackingCookie.Bfast : Cleaned. C:\Documents and Settings\carine\Cookies\carine@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned. C:\Documents and Settings\jj\Cookies\jj@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned. C:\Documents and Settings\carine\Cookies\carine@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned. C:\Documents and Settings\jj\Cookies\jj@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned. C:\Documents and Settings\carine\Cookies\carine@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\jj\Cookies\jj@estat[2].txt -> TrackingCookie.Estat : Cleaned. C:\Documents and Settings\jj\Cookies\jj@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned. C:\Documents and Settings\carine\Cookies\carine@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\jj\Cookies\jj@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\carine\Cookies\carine@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned. C:\Documents and Settings\jj\Cookies\jj@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned. C:\Documents and Settings\jj\Cookies\jj@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned. C:\Documents and Settings\carine\Cookies\carine@weborama[2].txt -> TrackingCookie.Weborama : Cleaned. C:\Documents and Settings\jj\Cookies\jj@weborama[2].txt -> TrackingCookie.Weborama : Cleaned. C:\WINDOWS\system32\atfsvukh.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\system32\eeprcdte.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\system32\tdifuonh.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\system32\wkqyfwwk.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\system32\xyktfwcb.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\Downloaded Program Files\UDC6_0001_D10M2905NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup (quarantined). C:\WINDOWS\system32\gt.x -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\ksat.bat -> Trojan.Small : Cleaned with backup (quarantined). C:\Program Files\Fichiers communs\{44D22E90-0513-1036-0524-020320030021}\Update.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined). C:\WINDOWS\system32\fgrrr.exe/dlcl.edp -> Worm.Randon : Cleaned with backup (quarantined). ::Report end

Oups, désolée, j'ai quitté mon pc le temps du scan qui a duré duré.... Oui, je suis en mode sans echec avec prise reseau Je m'occupe du reste, c partit...

Quelle rapidité! Merci . En ce moment, je scanne avec Ewido (j'en suis au 1/4) et il m'a déjà trouvé 56 fichiers infectés :S Pour l'instant, je n'ai pas pu désinstaller MyWebSearch car le fichier est introuvable (je crois que j'avais dû l'effacer un jour, sans passer par "configuration/désinstallation") Je n'ai pas, non plus, ces 2 fichiers: C:\Documents and Settings\Jonathan\Mes documents\??pPatch\ C:\WINDOWS\YMANTE~1\ Mais à part ça, tout roule pour le moment