Supprimer antivirus xp 2008

[xerel]

Bonjour,

j'ai choper cette saloperie de d'antivirus xp 2008, et j'aimeais que quelqu'un m'aide a trouver la démarche a suivre car j'ai déja lu plusieurs autres problèmes résolu mais j'ai l'impression que la démarche a suivre et les logiciel a utilisé sont différents selon les rapports analyser. Par quoi je doit commencer svp, un rapport de hijackthis ?

[Gof]

Bonjour xerel

 

Messages: 1

Bienvenue sur les forums de Zebulon.

 

Quelques liens pour t'aider à commencer :

• Comment participer à un forum
  
• retrouver ses messages et activer la notification par email
  

 

On va voir ensemble ce qui se passe sur ton PC ; comme tous les intervenants ici, nous aidons bénévolement en fonction de nos activités personnelles. On va essayer d'aller au plus vite, mais il faudra peut-être parfois être patient pour attendre une réponse, pas d'affolement

 

 

-----------

 

 

Dans un premier temps, exécute ceci je te prie.

 

Télécharge HijackThisV2 sur ton bureau.

• Double-clique sur HJTInstall.exe et suis les instructions d'installation.
  
• Tu trouveras un tutoriel pour l'installation et la génération d'un rapport ici
  
• Lance le, valide le message d'avertissement, puis clique sur Do a system scan and save a logfile.
  
• A la fin de l'analyse, le bloc-notes va s'ouvrir. Copie-colle tout son contenu ici à la suite.
  
• Poste le rapport généré sur le forum.
  

 

 

A bientôt.

[xerel]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:13, on 2008-08-22

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP_1\VBPTASK.EXE

C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\atwtusb.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\lexpps.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe

C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {CE000994-A58C-4441-8938-744CD72AB27F} - (no file)

O2 - BHO: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {4380F4A3-A0DA-4733-079D-E1AEA382EE4D} - C:\DOCUME~1\AURLIE~1\APPLIC~1\OOZEWA~1\TRUSTMAGS.exe (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll

O4 - HKLM\..\Run: [schedulingAgent] mstinit.exe /firstlogon

O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP_1\VBPTASK.EXE" VBStart

O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\Fenpowernet.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

O4 - HKLM\..\Run: [GhostSurf Reminder] "C:\Program Files\GhostSurf 2005\Privacy Control Center.exe" reminder

O4 - HKLM\..\Run: [wipe stop boob send] C:\Documents and Settings\All Users\Application Data\Window Free Wipe Stop\Bin Admin.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sMrhcgjaj0e75p] C:\Program Files\rhcgjaj0e75p\rhcgjaj0e75p.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSYYYYYYYYFR

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_6_2\Ghost (file missing)

O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_6_2\Ghost (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.unika.com

O16 - DPF: {00330010-0000-0000-0000-000020160010} - http://207.234.185.217/ABoxInst_int25.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} -

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...ion_3_0_2_0.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 10065 bytes

 

 

J'ai aussi éxécuter Combofix et le virus a l'air parti ( ce rapport a été fait après combofix) peut tu me dire si il est bien parti ou s'il en reste ?

[Gof]

J'ai aussi éxécuter Combofix et le virus a l'air parti ( ce rapport a été fait après combofix) peut tu me dire si il est bien parti ou s'il en reste ?

ComboFix peut être un outil dangereux s'il n'est pas utilisé correctement. Il ne faut pas utiliser des outils comme ça sans savoir de quoi ils sont capables. Qu'aurais tu fait s'il y avait eu un souci et que ton PC avait planté ?

 

Il y a des fichiers infectieux associés à AntivirusXP de présents encore, plus d'autres associés à une infection de type LOP. Au travail.

 

 

Relance un scan HijackThis

• Clique sur Do a system scan only et coche les lignes ci-dessous :
  

• O2 - BHO: (no name) - {4380F4A3-A0DA-4733-079D-E1AEA382EE4D} - C:\DOCUME~1\AURLIE~1\APPLIC~1\OOZEWA~1\TRUSTMAGS.exe (file missing)
  O4 - HKLM\..\Run: [wipe stop boob send] C:\Documents and Settings\All Users\Application Data\Window Free Wipe Stop\Bin Admin.exe
  O4 - HKLM\..\Run: [sMrhcgjaj0e75p] C:\Program Files\rhcgjaj0e75p\rhcgjaj0e75p.exe
  O8 - Extra context menu item: &Search -

http://bar.mywebsearch.com/menusearch.html?p=ZSYYYYYYYYFR
O14 - IERESET.INF: START_PAGE_URL=http://www.unika.com
O16 - DPF: {00330010-0000-0000-0000-000020160010} - http://207.234.185.217/ABoxInst_int25.exe

• Ferme toutes les fenêtres sauf HijackThis et Fix Checked.
  

 

 

Télécharge OTMoveIt2 par OldTimer.

• Enregistre ce fichier sur le Bureau.
  
• Fais un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil.
  
• Copie-colle la ligne de la zone "Code" ci-dessous dans dans la zone "Paste List of Files/Folders to Move"
  

  C:\Program Files\rhcgjaj0e75p

  
  

• Cliquer sur le bouton rouge Moveit!.
  
• Copie-colle tout ce qui se trouve dans la zone Results en réponse sur le forum.
  
• Fermer OTMoveIt2
  

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine est demandé, choisir Oui/Yes. Dans ce cas, après le redémarrage, ouvrir le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), cliquer sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuyer sur la touche Entrée, naviguer jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvrir le fichier .log le plus récent; ensuite faire un copier/coller du contenu de ce document en réponse sur le forum.

 

 

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

• Redémarre ton ordinateur
  
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
  
• Choisis ton compte.
  

Déroule la liste des instructions ci-dessous :

• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
  
• Appuie sur Y pour commencer le processus de nettoyage.
  
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  
• Appuie sur une touche pour redémarrer le PC.
  
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
  

 

télécharge Lop S&D de Angeldark et Eric71 sur ton bureau.

• Double-clique dessus pour lancer l'installation
  
• Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
  
• Séléctionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
  
• Patiente jusqu'à la fin du scan
  
• Poste le rapport généré ( C:\lopR.txt )
  ( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
  

 

A bientot.

[xerel]

ok voila tous les rapports

 

move it

 

File/Folder C:\Program Files\rhcgjaj0e75p not found.

 

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08222008_170537

 

SDFix

 

 

SDFix: Version 1.218

Run by Administrateur on 22/08/2008 at 17:33

 

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\WINDOWS\system32\24.tmp - Deleted

C:\WINDOWS\system32\2F.tmp - Deleted

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-22 17:49:42

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"

"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"

"C:\\Jeux\\Age of empire II\\empires2.exe"="C:\\Jeux\\Age of empire II\\empires2.exe:*:Disabled:Age of Empires II"

"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Disabled:GameSpy Arcade"

"C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe"="C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe:*:Disabled:Medal of Honor Allied Assault"

"C:\\Program Files\\EA GAMES\\MOHDA\\moh_Breakthrough.exe"="C:\\Program Files\\EA GAMES\\MOHDA\\moh_Breakthrough.exe:*:Disabled:Medal of Honor Allied Assault Breakthrough"

"C:\\Program Files\\EA GAMES\\MOHDA\\moh_spearhead.exe"="C:\\Program Files\\EA GAMES\\MOHDA\\moh_spearhead.exe:*:Disabled:Medal of Honor Allied Assault Spearhead"

"C:\\Program Files\\A4Proxy\\A4Proxy.exe"="C:\\Program Files\\A4Proxy\\A4Proxy.exe:*:Enabled:Anonymity 4 Proxy Application"

"C:\\Program Files\\GhostSurf 2005\\Proxy.exe"="C:\\Program Files\\GhostSurf 2005\\Proxy.exe:*:Disabled:GhostSurf proxy"

"C:\\Program Files\\Web Media Player\\webMedia0.61.1.exe"="C:\\Program Files\\Web Media Player\\webMedia0.61.1.exe:*:Enabled:webMedia0.61.1"

"C:\\Documents and Settings\\Aur‚lien\\Local Settings\\Temp\\Rar$EX06.125\\eMule0.47b\\emule.exe"="C:\\Documents and Settings\\Aur‚lien\\Local Settings\\Temp\\Rar$EX06.125\\eMule0.47b\\emule.exe:*:Enabled:eMule"

"C:\\Documents and Settings\\Aur‚lien\\Local Settings\\Temp\\Rar$EX05.359\\eMule0.47c\\emule.exe"="C:\\Documents and Settings\\Aur‚lien\\Local Settings\\Temp\\Rar$EX05.359\\eMule0.47c\\emule.exe:*:Enabled:eMule"

"C:\\Documents and Settings\\Aur‚lien\\Local Settings\\Temp\\Rar$EX04.672\\emule\\eMule.exe"="C:\\Documents and Settings\\Aur‚lien\\Local Settings\\Temp\\Rar$EX04.672\\emule\\eMule.exe:*:Enabled:eMule"

"C:\\Documents and Settings\\Aur‚lien\\Local Settings\\Temp\\Rar$EX11.703\\emule\\eMule.exe"="C:\\Documents and Settings\\Aur‚lien\\Local Settings\\Temp\\Rar$EX11.703\\emule\\eMule.exe:*:Enabled:eMule"

"C:\\Program Files\\eMuleplus\\eMule.exe"="C:\\Program Files\\eMuleplus\\eMule.exe:*:Enabled:eMule Plus"

"C:\\WINDOWS\\system32\\dxdiag.exe"="C:\\WINDOWS\\system32\\dxdiag.exe:*:Enabled:Outil de diagnostic Microsoft DirectX"

"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper"

"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"

"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"

"C:\\Program Files\\Warcraft III\\War3.exe"="C:\\Program Files\\Warcraft III\\War3.exe:*:Enabled:Warcraft III"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"

"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"

"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe:*:Enabled:Assistance … distance - Windows Messenger et voix"

"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

"C:\\Program Files\\Teamspeak2_RC2 serveur\\server_windows.exe"="C:\\Program Files\\Teamspeak2_RC2 serveur\\server_windows.exe:*:Enabled:Server"

"C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

"C:\\Program Files\\Steam\\steamapps\\unitedcolorofbeneton\\day of defeat source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\unitedcolorofbeneton\\day of defeat source\\hl2.exe:*:Enabled:hl2"

"C:\\Program Files\\Steam\\steamapps\\mick512\\day of defeat source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\mick512\\day of defeat source\\hl2.exe:*:Enabled:hl2"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

Remaining Files :

 

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"

Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"

Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

Sun 29 Jan 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Wed 31 Jan 2007 72 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti42.tmp"

Sat 2 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

 

Finished!

 

 

hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:54, on 2008-08-22

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP_1\VBPTASK.EXE

C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\atwtusb.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe

C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {CE000994-A58C-4441-8938-744CD72AB27F} - (no file)

O2 - BHO: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll

O4 - HKLM\..\Run: [schedulingAgent] mstinit.exe /firstlogon

O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP_1\VBPTASK.EXE" VBStart

O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\Fenpowernet.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

O4 - HKLM\..\Run: [GhostSurf Reminder] "C:\Program Files\GhostSurf 2005\Privacy Control Center.exe" reminder

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_6_2\Ghost (file missing)

O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_6_2\Ghost (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...ion_3_0_2_0.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 9387 bytes

 

LOP S&D

 

--------------------\\ Lop S&D 4.2.3-3 XP/Vista

 

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2

X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.00GHz )

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2

X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.00GHz )

)Phoenix - Award WorkstationBIOS v6.00PG

BOOT : Normal boot

 

"C:\Lop SD" ( MAJ : 21-08-2008|11:16 )

Option : [1] ( 2008-08-22|17:56 )

 

--------------------\\ Listing des dossiers dans APPLIC~1

 

[2004-09-06|16:40] C:\DOCUME~1\ADMINI~2\APPLIC~1\Adobe

[2004-09-06|15:57] C:\DOCUME~1\ADMINI~2\APPLIC~1\desktop.ini

[2004-09-06|15:23] C:\DOCUME~1\ADMINI~2\APPLIC~1\Identities

[2004-09-06|16:40] C:\DOCUME~1\ADMINI~2\APPLIC~1\InterTrust

[2004-09-06|15:31] C:\DOCUME~1\ADMINI~2\APPLIC~1\Microsoft

[2004-09-06|16:47] C:\DOCUME~1\ADMINI~2\APPLIC~1\Sonic

 

[2005-01-30|13:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

 

[2006-07-30|19:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\addr_file.html

[2008-03-29|20:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[2007-03-06|21:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems

[2006-12-19|23:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic

[2007-07-17|12:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Aureas85

[2007-06-30|14:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone

[2004-09-06|16:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink

[2004-09-06|15:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini

[2008-01-03|14:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

[2008-07-08|17:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com

[2008-08-22|11:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes

[2005-05-18|21:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!

[2006-02-24|17:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[2004-09-29|18:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6

[2008-07-04|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles

[2004-10-08|19:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime

[2004-09-06|15:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI

[2004-10-08|18:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBT

[2007-08-22|18:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype

[2008-03-29|01:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

[2008-02-22|18:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

[2006-07-24|23:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Window Free Wipe Stop

[2006-06-08|18:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[2007-11-10|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[2006-05-06|22:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

 

[2008-06-03|21:12] C:\DOCUME~1\antoine\APPLIC~1\Adobe

[2007-11-07|19:45] C:\DOCUME~1\antoine\APPLIC~1\AdobeUM

[2007-11-24|14:05] C:\DOCUME~1\antoine\APPLIC~1\BitTorrent

[2007-09-06|16:02] C:\DOCUME~1\antoine\APPLIC~1\Creative

[2004-09-06|15:57] C:\DOCUME~1\antoine\APPLIC~1\desktop.ini

[2007-09-20|17:06] C:\DOCUME~1\antoine\APPLIC~1\DivX

[2007-09-06|16:18] C:\DOCUME~1\antoine\APPLIC~1\Google

[2008-06-11|14:43] C:\DOCUME~1\antoine\APPLIC~1\Help

[2004-09-06|15:23] C:\DOCUME~1\antoine\APPLIC~1\Identities

[2004-09-06|16:40] C:\DOCUME~1\antoine\APPLIC~1\InterTrust

[2008-01-19|19:53] C:\DOCUME~1\antoine\APPLIC~1\Macromedia

[2008-04-04|18:22] C:\DOCUME~1\antoine\APPLIC~1\Microsoft

[2008-08-15|17:33] C:\DOCUME~1\antoine\APPLIC~1\MSN6

[2008-07-09|19:14] C:\DOCUME~1\antoine\APPLIC~1\Skype

[2004-09-06|16:47] C:\DOCUME~1\antoine\APPLIC~1\Sonic

[2008-06-06|14:33] C:\DOCUME~1\antoine\APPLIC~1\Sun

 

 

[2004-09-06|16:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe

[2004-09-06|15:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini

[2004-09-06|15:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities

[2004-09-06|16:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust

[2004-09-06|15:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[2004-09-06|16:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic

 

 

[2004-09-06|16:40] C:\DOCUME~1\INVIT~1\APPLIC~1\Adobe

[2004-09-06|15:57] C:\DOCUME~1\INVIT~1\APPLIC~1\desktop.ini

[2004-09-06|15:23] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities

[2004-09-06|16:40] C:\DOCUME~1\INVIT~1\APPLIC~1\InterTrust

[2005-05-21|19:09] C:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia

[2005-10-24|11:51] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft

[2004-09-06|16:47] C:\DOCUME~1\INVIT~1\APPLIC~1\Sonic

 

[2008-08-22|10:35] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe

[2007-02-23|15:05] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help

[2006-12-01|23:22] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

 

[2004-09-06|16:40] C:\DOCUME~1\MARIE-~1\APPLIC~1\Adobe

[2006-06-09|23:00] C:\DOCUME~1\MARIE-~1\APPLIC~1\AdobeUM

[2006-04-18|22:44] C:\DOCUME~1\MARIE-~1\APPLIC~1\Creative

[2004-09-06|15:57] C:\DOCUME~1\MARIE-~1\APPLIC~1\desktop.ini

[2006-07-28|22:45] C:\DOCUME~1\MARIE-~1\APPLIC~1\Google

[2005-08-24|21:13] C:\DOCUME~1\MARIE-~1\APPLIC~1\Help

[2004-09-06|15:23] C:\DOCUME~1\MARIE-~1\APPLIC~1\Identities

[2004-09-06|16:40] C:\DOCUME~1\MARIE-~1\APPLIC~1\InterTrust

[2006-04-01|20:01] C:\DOCUME~1\MARIE-~1\APPLIC~1\Macromedia

[2006-05-29|19:02] C:\DOCUME~1\MARIE-~1\APPLIC~1\Microsoft

[2005-05-26|22:07] C:\DOCUME~1\MARIE-~1\APPLIC~1\MSN6

[2004-09-06|16:47] C:\DOCUME~1\MARIE-~1\APPLIC~1\Sonic

[2005-06-25|00:34] C:\DOCUME~1\MARIE-~1\APPLIC~1\Sun

 

[2007-07-16|21:33] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

 

[2008-06-01|15:22] C:\DOCUME~1\Pascal\APPLIC~1\Adobe

[2005-06-24|22:43] C:\DOCUME~1\Pascal\APPLIC~1\AdobeDLM.log

[2008-06-11|23:38] C:\DOCUME~1\Pascal\APPLIC~1\AdobeUM

[2004-09-29|23:15] C:\DOCUME~1\Pascal\APPLIC~1\ArcSoft

[2008-04-02|07:35] C:\DOCUME~1\Pascal\APPLIC~1\CDRusersDB.v12

[2006-04-13|08:59] C:\DOCUME~1\Pascal\APPLIC~1\Creative

[2004-09-06|15:57] C:\DOCUME~1\Pascal\APPLIC~1\desktop.ini

[2007-11-30|19:53] C:\DOCUME~1\Pascal\APPLIC~1\DivX

[2005-06-24|22:43] C:\DOCUME~1\Pascal\APPLIC~1\dm.ini

[2006-07-28|21:46] C:\DOCUME~1\Pascal\APPLIC~1\Google

[2004-09-30|16:36] C:\DOCUME~1\Pascal\APPLIC~1\Help

[2004-09-06|15:23] C:\DOCUME~1\Pascal\APPLIC~1\Identities

[2004-09-06|16:40] C:\DOCUME~1\Pascal\APPLIC~1\InterTrust

[2005-05-09|20:15] C:\DOCUME~1\Pascal\APPLIC~1\Macromedia

[2008-08-22|11:27] C:\DOCUME~1\Pascal\APPLIC~1\Malwarebytes

[2008-02-16|17:53] C:\DOCUME~1\Pascal\APPLIC~1\Microsoft

[2007-11-15|21:37] C:\DOCUME~1\Pascal\APPLIC~1\Skype

[2004-09-06|16:47] C:\DOCUME~1\Pascal\APPLIC~1\Sonic

[2005-07-22|18:56] C:\DOCUME~1\Pascal\APPLIC~1\Sun

[2008-01-09|04:08] C:\DOCUME~1\Pascal\APPLIC~1\uTorrent

[2005-05-20|18:04] C:\DOCUME~1\Pascal\APPLIC~1\v3.0

[2008-01-09|08:01] C:\DOCUME~1\Pascal\APPLIC~1\VERITAS

 

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

 

[2008-08-22 17:00][--ah-----] C:\WINDOWS\tasks\AC672E779188A10F.job

[2003-04-24 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

[2008-08-22 17:45][--ah-----] C:\WINDOWS\tasks\SA.DAT

 

( AC672E779188A10F.job )=( c:\docume~1\aurlie~1\applic~1\gridgp~1\InsideBookHelp.exe )

--------------------\\ MsgPlus SPONSOR INSTALLED !

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin]

"DisplayName"="Messenger Plus! 3 & Sponsor"

"SponsorInstalled"=dword:00000000

 

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[2006-11-19|13:35] C:\Program Files\@Last Software

[2006-05-25|21:45] C:\Program Files\A4Proxy

[2008-03-12|20:48] C:\Program Files\AcidMods

[2005-07-26|09:25] C:\Program Files\Acoustica MP3 To Wave Converter PLUS

[2008-03-07|21:49] C:\Program Files\Adobe

[2005-10-15|15:51] C:\Program Files\Adverts

[2007-01-27|18:17] C:\Program Files\AliveMedia

[2007-12-14|23:12] C:\Program Files\ALO Power Audio Converter

[2006-12-25|11:38] C:\Program Files\Ambient Design

[2008-08-22|13:06] C:\Program Files\AntiVir PersonalEdition Classic

[2004-09-06|17:00] C:\Program Files\ArcSoft

[2008-05-31|12:42] C:\Program Files\AviSynth 2.5

[2007-02-07|14:33] C:\Program Files\Beneton Software

[2006-11-19|13:09] C:\Program Files\Blender Foundation

[2008-03-29|00:46] C:\Program Files\CCleaner

[2006-04-17|22:16] C:\Program Files\Common Files

[2004-09-06|15:02] C:\Program Files\ComPlus Applications

[2008-02-16|19:58] C:\Program Files\Creative

[2004-09-07|15:59] C:\Program Files\Cr‚ez votre site Web

[2008-02-20|14:12] C:\Program Files\Cucusoft

[2004-09-06|16:42] C:\Program Files\CyberLink

[2006-05-27|11:20] C:\Program Files\DIFX

[2006-10-07|13:06] C:\Program Files\directx

[2008-02-16|19:59] C:\Program Files\DivX

[2007-01-19|20:34] C:\Program Files\EA GAMES

[2007-07-30|21:47] C:\Program Files\EA SPORTS

[2008-08-21|17:07] C:\Program Files\eMule

[2008-02-17|15:23] C:\Program Files\eRightSoft

[2004-09-07|16:06] C:\Program Files\FenAffiche

[2008-08-22|14:41] C:\Program Files\Fichiers communs

[2005-07-18|13:09] C:\Program Files\FileSubmit

[2008-07-13|10:30] C:\Program Files\Free.fr

[2005-07-25|21:34] C:\Program Files\Fx Audio Conveter

[2006-05-25|22:04] C:\Program Files\Ghost Navigator2_6_2

[2008-01-03|17:55] C:\Program Files\Google

[2006-06-30|10:43] C:\Program Files\Grid Gpl

[2004-11-20|18:24] C:\Program Files\Heroes2

[2004-09-06|15:35] C:\Program Files\HighMAT CD Writing Wizard

[2008-04-21|20:29] C:\Program Files\IKEA HomePlanner

[2008-07-04|17:53] C:\Program Files\InstallShield Installation Information

[2004-09-06|16:13] C:\Program Files\Intel

[2005-07-10|15:10] C:\Program Files\InterActual

[2008-08-14|11:28] C:\Program Files\Internet Explorer

[2004-11-20|17:47] C:\Program Files\Interplay

[2006-11-29|19:19] C:\Program Files\iolo

[2008-03-07|22:09] C:\Program Files\Java

[2004-12-26|16:46] C:\Program Files\JoWood

[2008-07-04|20:04] C:\Program Files\K-Lite Codec Pack

[2008-03-29|00:41] C:\Program Files\Lavasoft

[2004-09-30|16:22] C:\Program Files\Lexmark 3100 Series

[2008-07-08|17:28] C:\Program Files\ma-config.com

[2008-08-22|14:31] C:\Program Files\Malwarebytes' Anti-Malware

[2004-11-10|17:52] C:\Program Files\Maxis

[2008-08-14|01:10] C:\Program Files\Messenger

[2008-06-29|11:29] C:\Program Files\Messenger Plus! Live

[2006-04-19|22:03] C:\Program Files\MessengerPlus! 3

[2005-01-24|20:14] C:\Program Files\Micro Application

[2004-10-02|18:57] C:\Program Files\microsoft frontpage

[2005-01-18|19:51] C:\Program Files\Microsoft Games

[2004-10-08|18:54] C:\Program Files\Microsoft Office

[2007-04-22|18:04] C:\Program Files\MIKSOFT

[2005-11-05|16:42] C:\Program Files\Montparnasse

[2008-02-16|19:58] C:\Program Files\Movie Maker

[2007-09-08|12:56] C:\Program Files\MP3 Player Utilities 3.57

[2005-05-11|18:17] C:\Program Files\MSN

[2004-09-06|15:02] C:\Program Files\MSN Gaming Zone

[2008-06-29|11:29] C:\Program Files\MSN Messenger

[2008-03-29|01:41] C:\Program Files\nCASE

[2008-01-04|19:34] C:\Program Files\NeoTrace Express

[2008-01-05|17:14] C:\Program Files\NeoTracePro

[2005-05-27|17:39] C:\Program Files\NetMeeting

[2008-07-04|15:48] C:\Program Files\No-IP

[2007-06-13|22:34] C:\Program Files\Outlook Express

[2005-03-30|14:35] C:\Program Files\PCFriendly

[2004-09-08|14:32] C:\Program Files\Phoenix Technologies Ltd

[2004-09-07|16:01] C:\Program Files\Pilotes

[2006-12-28|11:45] C:\Program Files\Planetwide Games

[2008-07-13|10:27] C:\Program Files\pspvideo9

[2004-10-08|19:43] C:\Program Files\QuickTime

[2005-07-22|00:10] C:\Program Files\Real

[2008-07-04|17:53] C:\Program Files\Realtek

[2008-08-22|13:46] C:\Program Files\RogueRemover FREE

[2008-03-07|21:42] C:\Program Files\Roni Music

[2007-06-30|14:54] C:\Program Files\Secured eMule

[2007-09-22|11:37] C:\Program Files\Secured_eMule

[2004-09-06|15:02] C:\Program Files\Services en ligne

[2008-02-16|19:58] C:\Program Files\SIMPLE45V

[2007-08-22|18:09] C:\Program Files\Skype

[2004-10-08|18:54] C:\Program Files\Snapshot Viewer

[2005-05-27|18:29] C:\Program Files\Sonic

[2008-03-29|00:50] C:\Program Files\Spybot - Search & Destroy

[2008-08-22|16:36] C:\Program Files\Steam

[2008-07-04|19:48] C:\Program Files\SystemRequirementsLab

[2008-05-14|19:35] C:\Program Files\Teamspeak2_RC2

[2008-08-22|11:10] C:\Program Files\Trend Micro

[2006-12-07|21:33] C:\Program Files\Uninstall Information

[2007-12-01|16:24] C:\Program Files\uTorrent

[2006-04-18|21:40] C:\Program Files\VeriSign

[2007-03-06|21:22] C:\Program Files\VSO

[2008-08-22|01:24] C:\Program Files\Warcraft III

[2006-07-29|02:19] C:\Program Files\Web Media Player

[2007-04-22|18:01] C:\Program Files\WinAVI Video Converter

[2004-09-06|15:35] C:\Program Files\Windows Journal Viewer

[2007-11-10|17:15] C:\Program Files\Windows Live

[2006-12-20|15:44] C:\Program Files\Windows Live Safety Center

[2008-02-16|19:58] C:\Program Files\Windows Media Connect 2

[2008-02-16|19:58] C:\Program Files\Windows Media Player

[2005-05-27|17:39] C:\Program Files\Windows NT

[2005-05-06|21:41] C:\Program Files\WindowsUpdate

[2005-10-07|23:03] C:\Program Files\WinRAR

[2008-03-07|21:42] C:\Program Files\WorldNet

[2004-09-06|15:24] C:\Program Files\xerox

[2008-02-18|17:48] C:\Program Files\Xilisoft

 

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

 

[2008-03-07|21:50] C:\Program Files\Fichiers communs\Adobe

[2007-03-06|21:23] C:\Program Files\Fichiers communs\Adobe Systems Shared

[2004-10-08|18:51] C:\Program Files\Fichiers communs\Designer

[2006-01-13|00:35] C:\Program Files\Fichiers communs\ErrorSafe

[2004-09-29|21:07] C:\Program Files\Fichiers communs\GST

[2006-12-24|18:31] C:\Program Files\Fichiers communs\InstallShield

[2005-06-01|17:32] C:\Program Files\Fichiers communs\Java

[2007-01-13|18:26] C:\Program Files\Fichiers communs\Microsoft Shared

[2004-09-06|15:03] C:\Program Files\Fichiers communs\MSSoap

[2004-09-06|15:57] C:\Program Files\Fichiers communs\ODBC

[2005-07-22|10:52] C:\Program Files\Fichiers communs\Real

[2004-09-06|15:03] C:\Program Files\Fichiers communs\Services

[2007-08-22|18:09] C:\Program Files\Fichiers communs\Skype

[2004-09-06|15:57] C:\Program Files\Fichiers communs\SpeechEngines

[2007-03-16|22:14] C:\Program Files\Fichiers communs\SWF Studio

[2007-06-13|22:34] C:\Program Files\Fichiers communs\System

[2006-12-24|19:06] C:\Program Files\Fichiers communs\Teleca Shared

[2006-12-27|19:21] C:\Program Files\Fichiers communs\Vbox

[2007-11-10|17:14] C:\Program Files\Fichiers communs\WindowsLiveInstaller

[2008-04-21|20:27] C:\Program Files\Fichiers communs\Wise Installation Wizard

 

--------------------\\ Process

 

( 39 Processus )

 

... OK !

 

--------------------\\ Recherche avec S_Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

C:\Program Files\Grid Gpl

C:\Program Files\gridgp~1

C:\WINDOWS\system32\drivers\etc\hosts.msn

C:\Program Files\Adverts

C:\Program Files\Adverts\uninst.exe

C:\DOCUME~1\Pascal\Cookies\pascal@advertstream[2].txt

C:\WINDOWS\Tasks\AC672E779188A10F.job

 

--------------------\\ Verification du Registre

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

..... OK !

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts PROPRE

 

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-22 17:57:27

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Recherche d'autres infections

 

--------------------\\ ROGUES ..

 

C:\PROGRA~1\FICHIE~1\ErrorSafe

 

 

Aucune autre infection trouvée !

 

[F:317][D:6]-> C:\DOCUME~1\Pascal\LOCALS~1\Temp

[F:47][D:0]-> C:\DOCUME~1\Pascal\Cookies

[F:1533][D:9]-> C:\DOCUME~1\Pascal\LOCALS~1\TEMPOR~1\content.IE5

 

--------------------\\ Fin du rapport a 17:58:33

[Gof]

Re

 

Bien. Beaucoup de P2P sur le pc, tu n'as pas un surf très prudent.

 

Désinstalle Messenger Plus! 3 & Sponsor via le Panneau de configuration>Ajout/Suppression de programmes.

• Cela désinstalle le programme, mais n'efface pas tes paramètres personnels.
  
• Tu peux le réinstaller, mais en prenant bien soin de décocher l'installation du sponsor à l'installation de Messenger Plus!3
  

 

Relance Lop S&D

• Choisis cette fois ci l'Option 3
  
• Ne ferme pas la fenêtre lors de la suppression !
  
• Poste le rapport généré ( C:\lopR.txt )
  ( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
  

 

Il est possible qu'une infection de type Navirpomo soit présente, pour cela exécute l'outil suivant afin de s'en assurer :

• Télécharge

Navilog1 de Il-Mafioso et enregistre-le sur ton bureau.

• Ensuite double clique sur navilog1.exe pour lancer l'installation.
  
• Une fois l'installation terminée, le fix s'exécutera automatiquement.
  (Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
  
• Laisse-toi guider. Au menu principal, choisis 1 et valide.
  Patiente jusqu'au message : *** Analyse Termine le ..... ***
  
• Appuie sur une touche comme demandé, le bloc-notes va s'ouvrir.
  
• Copie-colle l'intégralité dans ta prochaine réponse. Referme le bloc-notes.
  Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
  

 

Enfin, puisque tu avais passé ComboFix par toi même, je souhaiterais que tu me postes son rapport que je vois ce qu'il a traité exactement.

• Il se trouve à cet emplacement : C:\ComboFix.txt
  

[xerel]

voila le rapport combofix :

 

ComboFix 08-08-21.02 - Pascal 2008-08-22 14:37:14.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.598 [GMT 2:00]

Endroit: C:\Documents and Settings\Pascal\Mes documents\ComboFix.exe

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\DOCUME~1\Pascal\LOCALS~1\Temp\tmp1.tmp

C:\Documents and Settings\All Users\Documents\Adobe PDF\Desktop_.ini

C:\Documents and Settings\All Users\Documents\Adobe PDF\Extras\Desktop_.ini

C:\Documents and Settings\All Users\Documents\Adobe PDF\Settings\Desktop_.ini

C:\Documents and Settings\All Users\Documents\EA Games\Desktop_.ini

C:\Documents and Settings\All Users\Documents\EA Games\Les Sims 2\Desktop_.ini

C:\Documents and Settings\All Users\Documents\Ma musique\Desktop_.ini

C:\Documents and Settings\All Users\Documents\Ma musique\chantillons de musique\Desktop_.ini

C:\Documents and Settings\All Users\Documents\Ma musique\My Playlists\Desktop_.ini

C:\Documents and Settings\All Users\Documents\Ma musique\Sample Playlists\000EB419\Desktop_.ini

C:\Documents and Settings\All Users\Documents\Ma musique\Sample Playlists\Desktop_.ini

C:\Documents and Settings\All Users\Documents\Ma musique\Sync Playlists\000A6B5B\Desktop_.ini

C:\Documents and Settings\All Users\Documents\Ma musique\Sync Playlists\Desktop_.ini

C:\Documents and Settings\All Users\Documents\Mes images\aniv helo + maman\Desktop_.ini

C:\Documents and Settings\All Users\Documents\Mes images\Desktop_.ini

C:\Documents and Settings\All Users\Documents\Mes images\chantillons d'images\Desktop_.ini

C:\Documents and Settings\All Users\Documents\Mes images\greg et coco\Desktop_.ini

C:\Documents and Settings\All Users\Documents\Mes images\mariage reynald\Desktop_.ini

C:\Documents and Settings\All Users\Documents\Mes images\noel 2006\Desktop_.ini

C:\Documents and Settings\All Users\Documents\Mes images\st michel\Desktop_.ini

C:\Documents and Settings\All Users\Documents\Mes images\st sylvestre 2006\Desktop_.ini

C:\Documents and Settings\All Users\Documents\Mes vid‚os\Desktop_.ini

C:\Documents and Settings\All Users\Documents\Microsoft\Desktop_.ini

C:\Documents and Settings\All Users\Documents\Microsoft\Media Index\Desktop_.ini

C:\Documents and Settings\All Users\Documents\musique St sylvestre\COMEDIES MUSICALES-FILMS\Desktop_.ini

C:\Documents and Settings\All Users\Documents\musique St sylvestre\Desktop_.ini

C:\Documents and Settings\All Users\Documents\musique St sylvestre\raggae,groupes bretons\Desktop_.ini

C:\Documents and Settings\All Users\Documents\musique St sylvestre\RAP RNB\Desktop_.ini

C:\Documents and Settings\All Users\Documents\musique St sylvestre\ROCK\Desktop_.ini

C:\Documents and Settings\All Users\Documents\musique St sylvestre\slows\Desktop_.ini

C:\Documents and Settings\All Users\Documents\musique St sylvestre\TECHNO DANCE\Desktop_.ini

C:\Documents and Settings\All Users\Documents\musique St sylvestre\variet‚ fran‡aise et internationale\Desktop_.ini

C:\Documents and Settings\All Users\Documents\musique St sylvestre\ZOUK ra‹\Desktop_.ini

C:\Documents and Settings\All Users\Documents\pamela\Desktop_.ini

C:\Documents and Settings\Marie-Claire\Cookies\marie-claire@tracker.affistats[1].txt

C:\Documents and Settings\Marie-Claire\Cookies\marie-claire@www.immostore[2].txt

C:\Documents and Settings\Pascal\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk

C:\Documents and Settings\Pascal\Application Data\rhcgjaj0e75p

C:\Documents and Settings\Pascal\Application Data\ShoppingReport

C:\Documents and Settings\Pascal\Application Data\ShoppingReport\cs\Config.xml

C:\Documents and Settings\Pascal\Application Data\ShoppingReport\cs\db\Aliases.dbs

C:\Documents and Settings\Pascal\Application Data\ShoppingReport\cs\db\Sites.dbs

C:\Documents and Settings\Pascal\Application Data\ShoppingReport\cs\dwld\WhiteList.xip

C:\Documents and Settings\Pascal\Application Data\ShoppingReport\cs\report\aggr_storage.xml

C:\Documents and Settings\Pascal\Application Data\ShoppingReport\cs\report\send_storage.xml

C:\Documents and Settings\Pascal\Application Data\ShoppingReport\cs\res1\WhiteList.dbs

C:\Documents and Settings\Pascal\Cookies\pascal@voila[1].txt

C:\Documents and Settings\Pascal\err.log

C:\Program Files\rhcgjaj0e75p

C:\WINDOWS\system32\blphcljaj0e75p.scr

C:\WINDOWS\system32\phcljaj0e75p.bmp

C:\WINDOWS\system32\pphcljaj0e75p.exe

C:\WINDOWS\system32\stera.log

C:\WINDOWS\system32\uninstall.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_FOPN

-------\Legacy_NNSERV

-------\Legacy_VSPF

-------\Legacy_VSPF_HK

-------\Service_NNServ

 

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-22 to 2008-08-22 ))))))))))))))))))))))))))))))))))))

.

 

2008-08-22 14:02 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2008-08-22 14:02 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2008-08-22 14:02 . 2008-08-21 23:41 87,552 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe

2008-08-22 14:02 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe

2008-08-22 14:02 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe

2008-08-22 14:02 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe

2008-08-22 14:02 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe

2008-08-22 14:02 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe

2008-08-22 14:02 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-08-22 14:02 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2008-08-22 13:30 . 2008-08-22 13:46 <REP> d-------- C:\Program Files\RogueRemover FREE

2008-08-22 13:15 . 2004-09-07 15:53 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau

2008-08-22 13:15 . 2004-09-06 15:57 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression

2008-08-22 13:15 . 2004-09-06 15:01 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles

2008-08-22 13:15 . 2004-09-07 16:33 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents

2008-08-22 13:15 . 2004-04-08 15:05 <REP> d-------- C:\Documents and Settings\Administrateur\Menu D‚marrer

2008-08-22 13:15 . 2004-09-06 15:32 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris

2008-08-22 13:15 . 2004-09-22 17:07 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau

2008-08-22 13:15 . 2004-09-06 16:47 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sonic

2008-08-22 13:15 . 2004-09-06 16:40 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust

2008-08-22 13:15 . 2008-08-22 13:15 <REP> d-------- C:\Documents and Settings\Administrateur

2008-08-22 11:27 . 2008-08-22 11:27 <REP> d-------- C:\Documents and Settings\Pascal\Application Data\Malwarebytes

2008-08-22 11:26 . 2008-08-22 14:31 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-08-22 11:26 . 2008-08-22 11:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-08-22 11:26 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-08-22 11:26 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-08-22 11:10 . 2008-08-22 11:10 <REP> d-------- C:\Program Files\Trend Micro

2008-08-22 11:05 . 2008-08-22 11:05 0 --a------ C:\WINDOWS\system32\2F.tmp

2008-08-22 10:35 . 2008-08-22 10:35 0 --a------ C:\WINDOWS\system32\24.tmp

2008-08-15 23:29 . 2008-08-16 15:51 38 --a------ C:\WINDOWS\avisplitter.INI

2008-08-15 17:32 . 2008-08-15 17:33 <REP> d-------- C:\Documents and Settings\antoine\Application Data\MSN6

2008-08-14 14:42 . 2008-08-14 14:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-08-14 14:42 . 2008-08-14 14:42 1,409 --a------ C:\WINDOWS\QTFont.for

2008-08-13 21:23 . 2008-08-21 21:18 <REP> d-------- C:\Program Files\Steam

2008-08-13 13:23 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-21 23:24 --------- d-----w C:\Program Files\Warcraft III

2008-08-21 15:07 --------- d-----w C:\Program Files\eMule

2008-07-13 08:30 --------- d-----w C:\Program Files\Free.fr

2008-07-13 08:27 --------- d-----w C:\Program Files\pspvideo9

2008-07-09 17:14 --------- d-----w C:\Documents and Settings\antoine\Application Data\Skype

2008-07-08 15:28 --------- d-----w C:\Program Files\ma-config.com

2008-07-08 15:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com

2008-07-04 18:04 --------- d-----w C:\Program Files\K-Lite Codec Pack

2008-07-04 17:48 --------- d-----w C:\Program Files\SystemRequirementsLab

2008-07-04 15:53 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-07-04 15:53 --------- d-----w C:\Program Files\Realtek

2008-07-04 15:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles

2008-07-04 13:48 --------- d-----w C:\Program Files\No-IP

2008-06-29 09:29 --------- d-----w C:\Program Files\MSN Messenger

2008-06-29 09:29 --------- d-----w C:\Program Files\Messenger Plus! Live

 

voila le rapport hijackthis :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:01, on 2008-08-22

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP_1\VBPTASK.EXE

C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\atwtusb.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\lexpps.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {CE000994-A58C-4441-8938-744CD72AB27F} - (no file)

O2 - BHO: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {4380F4A3-A0DA-4733-079D-E1AEA382EE4D} - C:\DOCUME~1\AURLIE~1\APPLIC~1\OOZEWA~1\TRUSTMAGS.exe (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll

O4 - HKLM\..\Run: [schedulingAgent] mstinit.exe /firstlogon

O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP_1\VBPTASK.EXE" VBStart

O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\Fenpowernet.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

O4 - HKLM\..\Run: [GhostSurf Reminder] "C:\Program Files\GhostSurf 2005\Privacy Control Center.exe" reminder

O4 - HKLM\..\Run: [wipe stop boob send] C:\Documents and Settings\All Users\Application Data\Window Free Wipe Stop\Bin Admin.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sMrhcgjaj0e75p] C:\Program Files\rhcgjaj0e75p\rhcgjaj0e75p.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSYYYYYYYYFR

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_6_2\Ghost (file missing)

O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_6_2\Ghost (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.unika.com

O16 - DPF: {00330010-0000-0000-0000-000020160010} - http://207.234.185.217/ABoxInst_int25.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} -

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...ion_3_0_2_0.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 10101 bytes

 

Rapport LOP S&D

 

--------------------\\ Lop S&D 4.2.3-3 XP/Vista

 

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2

X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.00GHz )

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2

X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.00GHz )

)Phoenix - Award WorkstationBIOS v6.00PG

USER : Aurélien ( Administrator )

BOOT : Normal boot

 

"C:\Lop SD" ( MAJ : 21-08-2008|11:16 )

Option : [3] ( 2008-08-22|18:26 )

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

 

Supprime! - C:\WINDOWS\system32\drivers\etc\hosts.msn

Supprime! - C:\DOCUME~1\Pascal\Cookies\pascal@advertstream[2].txt

Supprime! - C:\WINDOWS\Tasks\AC672E779188A10F.job

Supprime! - C:\Program Files\Grid Gpl

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Listing des dossiers dans APPLIC~1

 

[2004-09-06|16:40] C:\DOCUME~1\ADMINI~2\APPLIC~1\Adobe

[2004-09-06|15:57] C:\DOCUME~1\ADMINI~2\APPLIC~1\desktop.ini

[2004-09-06|15:23] C:\DOCUME~1\ADMINI~2\APPLIC~1\Identities

[2004-09-06|16:40] C:\DOCUME~1\ADMINI~2\APPLIC~1\InterTrust

[2004-09-06|15:31] C:\DOCUME~1\ADMINI~2\APPLIC~1\Microsoft

[2004-09-06|16:47] C:\DOCUME~1\ADMINI~2\APPLIC~1\Sonic

 

[2005-01-30|13:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

 

[2006-07-30|19:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\addr_file.html

[2008-03-29|20:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[2007-03-06|21:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems

[2006-12-19|23:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic

[2007-07-17|12:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Aureas85

[2007-06-30|14:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone

[2004-09-06|16:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink

[2004-09-06|15:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini

[2008-01-03|14:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

[2008-07-08|17:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com

[2008-08-22|11:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes

[2006-02-24|17:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[2004-09-29|18:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6

[2008-07-04|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles

[2004-10-08|19:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime

[2004-09-06|15:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI

[2004-10-08|18:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBT

[2007-08-22|18:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype

[2008-03-29|01:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

[2008-02-22|18:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

[2006-07-24|23:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Window Free Wipe Stop

[2006-06-08|18:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[2007-11-10|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[2006-05-06|22:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

 

[2008-06-03|21:12] C:\DOCUME~1\antoine\APPLIC~1\Adobe

[2007-11-07|19:45] C:\DOCUME~1\antoine\APPLIC~1\AdobeUM

[2007-11-24|14:05] C:\DOCUME~1\antoine\APPLIC~1\BitTorrent

[2007-09-06|16:02] C:\DOCUME~1\antoine\APPLIC~1\Creative

[2004-09-06|15:57] C:\DOCUME~1\antoine\APPLIC~1\desktop.ini

[2007-09-20|17:06] C:\DOCUME~1\antoine\APPLIC~1\DivX

[2007-09-06|16:18] C:\DOCUME~1\antoine\APPLIC~1\Google

[2008-06-11|14:43] C:\DOCUME~1\antoine\APPLIC~1\Help

[2004-09-06|15:23] C:\DOCUME~1\antoine\APPLIC~1\Identities

[2004-09-06|16:40] C:\DOCUME~1\antoine\APPLIC~1\InterTrust

[2008-01-19|19:53] C:\DOCUME~1\antoine\APPLIC~1\Macromedia

[2008-04-04|18:22] C:\DOCUME~1\antoine\APPLIC~1\Microsoft

[2008-08-15|17:33] C:\DOCUME~1\antoine\APPLIC~1\MSN6

[2008-07-09|19:14] C:\DOCUME~1\antoine\APPLIC~1\Skype

[2004-09-06|16:47] C:\DOCUME~1\antoine\APPLIC~1\Sonic

[2008-06-06|14:33] C:\DOCUME~1\antoine\APPLIC~1\Sun

 

[2008-06-01|19:30] C:\DOCUME~1\AURLIE~1\APPLIC~1\Adobe

[2004-10-01|19:47] C:\DOCUME~1\AURLIE~1\APPLIC~1\AdobeUM

[2006-12-25|13:17] C:\DOCUME~1\AURLIE~1\APPLIC~1\Ambient Design

[2005-07-25|12:54] C:\DOCUME~1\AURLIE~1\APPLIC~1\ArcSoft

[2005-10-23|20:50] C:\DOCUME~1\AURLIE~1\APPLIC~1\Atari

[2007-09-07|22:27] C:\DOCUME~1\AURLIE~1\APPLIC~1\Azureus

[2007-12-01|15:45] C:\DOCUME~1\AURLIE~1\APPLIC~1\BitTorrent

[2008-04-06|16:59] C:\DOCUME~1\AURLIE~1\APPLIC~1\CDRusersDB.v12

[2007-01-01|17:15] C:\DOCUME~1\AURLIE~1\APPLIC~1\CopyToDvd

[2006-04-11|20:16] C:\DOCUME~1\AURLIE~1\APPLIC~1\Creative

[2004-09-06|15:57] C:\DOCUME~1\AURLIE~1\APPLIC~1\desktop.ini

[2007-07-31|10:08] C:\DOCUME~1\AURLIE~1\APPLIC~1\DivX

[2007-03-06|21:21] C:\DOCUME~1\AURLIE~1\APPLIC~1\ezpinst.exe

[2005-11-26|15:23] C:\DOCUME~1\AURLIE~1\APPLIC~1\fltk.org

[2006-07-28|22:54] C:\DOCUME~1\AURLIE~1\APPLIC~1\Google

[2007-05-24|17:43] C:\DOCUME~1\AURLIE~1\APPLIC~1\Grid Gpl

[2004-11-19|21:00] C:\DOCUME~1\AURLIE~1\APPLIC~1\Help

[2006-05-06|22:39] C:\DOCUME~1\AURLIE~1\APPLIC~1\Identities

[2008-07-04|17:53] C:\DOCUME~1\AURLIE~1\APPLIC~1\InstallShield

[2004-09-06|16:40] C:\DOCUME~1\AURLIE~1\APPLIC~1\InterTrust

[2008-03-29|00:42] C:\DOCUME~1\AURLIE~1\APPLIC~1\Lavasoft

[2006-03-18|17:15] C:\DOCUME~1\AURLIE~1\APPLIC~1\Macromedia

[2008-08-22|18:06] C:\DOCUME~1\AURLIE~1\APPLIC~1\Malwarebytes

[2008-08-15|19:36] C:\DOCUME~1\AURLIE~1\APPLIC~1\Microsoft

[2005-05-11|18:17] C:\DOCUME~1\AURLIE~1\APPLIC~1\MSN6

[2006-11-25|01:26] C:\DOCUME~1\AURLIE~1\APPLIC~1\Ooze Wait Send

[2007-12-07|23:12] C:\DOCUME~1\AURLIE~1\APPLIC~1\Opera

[2007-03-06|21:21] C:\DOCUME~1\AURLIE~1\APPLIC~1\pcouffin.cat

[2007-03-06|21:21] C:\DOCUME~1\AURLIE~1\APPLIC~1\pcouffin.inf

[2007-03-06|21:21] C:\DOCUME~1\AURLIE~1\APPLIC~1\pcouffin.log

[2007-03-06|21:21] C:\DOCUME~1\AURLIE~1\APPLIC~1\pcouffin.sys

[2005-07-22|10:40] C:\DOCUME~1\AURLIE~1\APPLIC~1\Real

[2005-09-02|11:52] C:\DOCUME~1\AURLIE~1\APPLIC~1\Shareaza

[2008-04-12|00:13] C:\DOCUME~1\AURLIE~1\APPLIC~1\Skype

[2004-09-06|16:47] C:\DOCUME~1\AURLIE~1\APPLIC~1\Sonic

[2005-06-01|17:36] C:\DOCUME~1\AURLIE~1\APPLIC~1\Sun

[2008-06-15|17:34] C:\DOCUME~1\AURLIE~1\APPLIC~1\teamspeak2

[2006-12-24|18:38] C:\DOCUME~1\AURLIE~1\APPLIC~1\Teleca

[2006-05-25|22:11] C:\DOCUME~1\AURLIE~1\APPLIC~1\Tenebril

[2008-08-22|18:26] C:\DOCUME~1\AURLIE~1\APPLIC~1\uTorrent

[2007-02-23|14:47] C:\DOCUME~1\AURLIE~1\APPLIC~1\VERITAS

[2007-03-06|21:21] C:\DOCUME~1\AURLIE~1\APPLIC~1\Vso

[2006-11-19|02:04] C:\DOCUME~1\AURLIE~1\APPLIC~1\Wings3D

[2006-05-06|22:39] C:\DOCUME~1\AURLIE~1\APPLIC~1\Zylom

 

[2004-09-06|16:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe

[2004-09-06|15:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini

[2004-09-06|15:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities

[2004-09-06|16:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust

[2004-09-06|15:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[2004-09-06|16:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic

 

 

[2004-09-06|16:40] C:\DOCUME~1\INVIT~1\APPLIC~1\Adobe

[2004-09-06|15:57] C:\DOCUME~1\INVIT~1\APPLIC~1\desktop.ini

[2004-09-06|15:23] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities

[2004-09-06|16:40] C:\DOCUME~1\INVIT~1\APPLIC~1\InterTrust

[2005-05-21|19:09] C:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia

[2005-10-24|11:51] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft

[2004-09-06|16:47] C:\DOCUME~1\INVIT~1\APPLIC~1\Sonic

 

[2008-08-22|10:35] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe

[2007-02-23|15:05] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help

[2006-12-01|23:22] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

 

[2004-09-06|16:40] C:\DOCUME~1\MARIE-~1\APPLIC~1\Adobe

[2006-06-09|23:00] C:\DOCUME~1\MARIE-~1\APPLIC~1\AdobeUM

[2006-04-18|22:44] C:\DOCUME~1\MARIE-~1\APPLIC~1\Creative

[2004-09-06|15:57] C:\DOCUME~1\MARIE-~1\APPLIC~1\desktop.ini

[2006-07-28|22:45] C:\DOCUME~1\MARIE-~1\APPLIC~1\Google

[2005-08-24|21:13] C:\DOCUME~1\MARIE-~1\APPLIC~1\Help

[2004-09-06|15:23] C:\DOCUME~1\MARIE-~1\APPLIC~1\Identities

[2004-09-06|16:40] C:\DOCUME~1\MARIE-~1\APPLIC~1\InterTrust

[2006-04-01|20:01] C:\DOCUME~1\MARIE-~1\APPLIC~1\Macromedia

[2006-05-29|19:02] C:\DOCUME~1\MARIE-~1\APPLIC~1\Microsoft

[2005-05-26|22:07] C:\DOCUME~1\MARIE-~1\APPLIC~1\MSN6

[2004-09-06|16:47] C:\DOCUME~1\MARIE-~1\APPLIC~1\Sonic

[2005-06-25|00:34] C:\DOCUME~1\MARIE-~1\APPLIC~1\Sun

 

[2007-07-16|21:33] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

 

[2008-06-01|15:22] C:\DOCUME~1\Pascal\APPLIC~1\Adobe

[2005-06-24|22:43] C:\DOCUME~1\Pascal\APPLIC~1\AdobeDLM.log

[2008-06-11|23:38] C:\DOCUME~1\Pascal\APPLIC~1\AdobeUM

[2004-09-29|23:15] C:\DOCUME~1\Pascal\APPLIC~1\ArcSoft

[2008-04-02|07:35] C:\DOCUME~1\Pascal\APPLIC~1\CDRusersDB.v12

[2006-04-13|08:59] C:\DOCUME~1\Pascal\APPLIC~1\Creative

[2004-09-06|15:57] C:\DOCUME~1\Pascal\APPLIC~1\desktop.ini

[2007-11-30|19:53] C:\DOCUME~1\Pascal\APPLIC~1\DivX

[2005-06-24|22:43] C:\DOCUME~1\Pascal\APPLIC~1\dm.ini

[2006-07-28|21:46] C:\DOCUME~1\Pascal\APPLIC~1\Google

[2004-09-30|16:36] C:\DOCUME~1\Pascal\APPLIC~1\Help

[2004-09-06|15:23] C:\DOCUME~1\Pascal\APPLIC~1\Identities

[2004-09-06|16:40] C:\DOCUME~1\Pascal\APPLIC~1\InterTrust

[2005-05-09|20:15] C:\DOCUME~1\Pascal\APPLIC~1\Macromedia

[2008-08-22|11:27] C:\DOCUME~1\Pascal\APPLIC~1\Malwarebytes

[2008-02-16|17:53] C:\DOCUME~1\Pascal\APPLIC~1\Microsoft

[2007-11-15|21:37] C:\DOCUME~1\Pascal\APPLIC~1\Skype

[2004-09-06|16:47] C:\DOCUME~1\Pascal\APPLIC~1\Sonic

[2005-07-22|18:56] C:\DOCUME~1\Pascal\APPLIC~1\Sun

[2008-01-09|04:08] C:\DOCUME~1\Pascal\APPLIC~1\uTorrent

[2005-05-20|18:04] C:\DOCUME~1\Pascal\APPLIC~1\v3.0

[2008-01-09|08:01] C:\DOCUME~1\Pascal\APPLIC~1\VERITAS

 

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

 

[2003-04-24 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

[2008-08-22 17:45][--ah-----] C:\WINDOWS\tasks\SA.DAT

--------------------\\ MsgPlus SPONSOR INSTALLED !

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin]

"SponsorInstalled"=dword:00000000

 

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[2006-11-19|13:35] C:\Program Files\@Last Software

[2006-05-25|21:45] C:\Program Files\A4Proxy

[2008-03-12|20:48] C:\Program Files\AcidMods

[2005-07-26|09:25] C:\Program Files\Acoustica MP3 To Wave Converter PLUS

[2008-03-07|21:49] C:\Program Files\Adobe

[2007-01-27|18:17] C:\Program Files\AliveMedia

[2007-12-14|23:12] C:\Program Files\ALO Power Audio Converter

[2006-12-25|11:38] C:\Program Files\Ambient Design

[2008-08-22|13:06] C:\Program Files\AntiVir PersonalEdition Classic

[2004-09-06|17:00] C:\Program Files\ArcSoft

[2008-05-31|12:42] C:\Program Files\AviSynth 2.5

[2007-02-07|14:33] C:\Program Files\Beneton Software

[2006-11-19|13:09] C:\Program Files\Blender Foundation

[2008-03-29|00:46] C:\Program Files\CCleaner

[2006-04-17|22:16] C:\Program Files\Common Files

[2004-09-06|15:02] C:\Program Files\ComPlus Applications

[2008-02-16|19:58] C:\Program Files\Creative

[2004-09-07|15:59] C:\Program Files\Cr‚ez votre site Web

[2008-02-20|14:12] C:\Program Files\Cucusoft

[2004-09-06|16:42] C:\Program Files\CyberLink

[2006-05-27|11:20] C:\Program Files\DIFX

[2006-10-07|13:06] C:\Program Files\directx

[2008-02-16|19:59] C:\Program Files\DivX

[2007-01-19|20:34] C:\Program Files\EA GAMES

[2007-07-30|21:47] C:\Program Files\EA SPORTS

[2008-08-22|18:07] C:\Program Files\eMule

[2008-02-17|15:23] C:\Program Files\eRightSoft

[2004-09-07|16:06] C:\Program Files\FenAffiche

[2008-08-22|14:41] C:\Program Files\Fichiers communs

[2005-07-18|13:09] C:\Program Files\FileSubmit

[2008-07-13|10:30] C:\Program Files\Free.fr

[2005-07-25|21:34] C:\Program Files\Fx Audio Conveter

[2006-05-25|22:04] C:\Program Files\Ghost Navigator2_6_2

[2008-01-03|17:55] C:\Program Files\Google

[2004-11-20|18:24] C:\Program Files\Heroes2

[2004-09-06|15:35] C:\Program Files\HighMAT CD Writing Wizard

[2008-04-21|20:29] C:\Program Files\IKEA HomePlanner

[2008-07-04|17:53] C:\Program Files\InstallShield Installation Information

[2004-09-06|16:13] C:\Program Files\Intel

[2005-07-10|15:10] C:\Program Files\InterActual

[2008-08-14|11:28] C:\Program Files\Internet Explorer

[2004-11-20|17:47] C:\Program Files\Interplay

[2006-11-29|19:19] C:\Program Files\iolo

[2008-03-07|22:09] C:\Program Files\Java

[2004-12-26|16:46] C:\Program Files\JoWood

[2008-07-04|20:04] C:\Program Files\K-Lite Codec Pack

[2008-03-29|00:41] C:\Program Files\Lavasoft

[2004-09-30|16:22] C:\Program Files\Lexmark 3100 Series

[2008-07-08|17:28] C:\Program Files\ma-config.com

[2004-11-10|17:52] C:\Program Files\Maxis

[2008-08-14|01:10] C:\Program Files\Messenger

[2008-08-22|18:25] C:\Program Files\Messenger Plus! Live

[2006-04-19|22:03] C:\Program Files\MessengerPlus! 3

[2005-01-24|20:14] C:\Program Files\Micro Application

[2004-10-02|18:57] C:\Program Files\microsoft frontpage

[2005-01-18|19:51] C:\Program Files\Microsoft Games

[2004-10-08|18:54] C:\Program Files\Microsoft Office

[2007-04-22|18:04] C:\Program Files\MIKSOFT

[2005-11-05|16:42] C:\Program Files\Montparnasse

[2008-02-16|19:58] C:\Program Files\Movie Maker

[2007-09-08|12:56] C:\Program Files\MP3 Player Utilities 3.57

[2005-05-11|18:17] C:\Program Files\MSN

[2004-09-06|15:02] C:\Program Files\MSN Gaming Zone

[2008-06-29|11:29] C:\Program Files\MSN Messenger

[2008-03-29|01:41] C:\Program Files\nCASE

[2008-01-04|19:34] C:\Program Files\NeoTrace Express

[2008-01-05|17:14] C:\Program Files\NeoTracePro

[2005-05-27|17:39] C:\Program Files\NetMeeting

[2008-07-04|15:48] C:\Program Files\No-IP

[2007-06-13|22:34] C:\Program Files\Outlook Express

[2005-03-30|14:35] C:\Program Files\PCFriendly

[2004-09-08|14:32] C:\Program Files\Phoenix Technologies Ltd

[2004-09-07|16:01] C:\Program Files\Pilotes

[2006-12-28|11:45] C:\Program Files\Planetwide Games

[2008-07-13|10:27] C:\Program Files\pspvideo9

[2004-10-08|19:43] C:\Program Files\QuickTime

[2005-07-22|00:10] C:\Program Files\Real

[2008-07-04|17:53] C:\Program Files\Realtek

[2008-08-22|18:06] C:\Program Files\RogueRemover FREE

[2008-03-07|21:42] C:\Program Files\Roni Music

[2007-06-30|14:54] C:\Program Files\Secured eMule

[2007-09-22|11:37] C:\Program Files\Secured_eMule

[2004-09-06|15:02] C:\Program Files\Services en ligne

[2008-02-16|19:58] C:\Program Files\SIMPLE45V

[2007-08-22|18:09] C:\Program Files\Skype

[2004-10-08|18:54] C:\Program Files\Snapshot Viewer

[2005-05-27|18:29] C:\Program Files\Sonic

[2008-03-29|00:50] C:\Program Files\Spybot - Search & Destroy

[2008-08-22|16:36] C:\Program Files\Steam

[2008-07-04|19:48] C:\Program Files\SystemRequirementsLab

[2008-05-14|19:35] C:\Program Files\Teamspeak2_RC2

[2008-08-22|11:10] C:\Program Files\Trend Micro

[2006-12-07|21:33] C:\Program Files\Uninstall Information

[2007-12-01|16:24] C:\Program Files\uTorrent

[2006-04-18|21:40] C:\Program Files\VeriSign

[2007-03-06|21:22] C:\Program Files\VSO

[2008-08-22|01:24] C:\Program Files\Warcraft III

[2006-07-29|02:19] C:\Program Files\Web Media Player

[2007-04-22|18:01] C:\Program Files\WinAVI Video Converter

[2004-09-06|15:35] C:\Program Files\Windows Journal Viewer

[2007-11-10|17:15] C:\Program Files\Windows Live

[2006-12-20|15:44] C:\Program Files\Windows Live Safety Center

[2008-02-16|19:58] C:\Program Files\Windows Media Connect 2

[2008-02-16|19:58] C:\Program Files\Windows Media Player

[2005-05-27|17:39] C:\Program Files\Windows NT

[2005-05-06|21:41] C:\Program Files\WindowsUpdate

[2005-10-07|23:03] C:\Program Files\WinRAR

[2008-03-07|21:42] C:\Program Files\WorldNet

[2004-09-06|15:24] C:\Program Files\xerox

[2008-02-18|17:48] C:\Program Files\Xilisoft

 

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

 

[2008-03-07|21:50] C:\Program Files\Fichiers communs\Adobe

[2007-03-06|21:23] C:\Program Files\Fichiers communs\Adobe Systems Shared

[2004-10-08|18:51] C:\Program Files\Fichiers communs\Designer

[2006-01-13|00:35] C:\Program Files\Fichiers communs\ErrorSafe

[2004-09-29|21:07] C:\Program Files\Fichiers communs\GST

[2006-12-24|18:31] C:\Program Files\Fichiers communs\InstallShield

[2005-06-01|17:32] C:\Program Files\Fichiers communs\Java

[2007-01-13|18:26] C:\Program Files\Fichiers communs\Microsoft Shared

[2004-09-06|15:03] C:\Program Files\Fichiers communs\MSSoap

[2004-09-06|15:57] C:\Program Files\Fichiers communs\ODBC

[2005-07-22|10:52] C:\Program Files\Fichiers communs\Real

[2004-09-06|15:03] C:\Program Files\Fichiers communs\Services

[2007-08-22|18:09] C:\Program Files\Fichiers communs\Skype

[2004-09-06|15:57] C:\Program Files\Fichiers communs\SpeechEngines

[2007-03-16|22:14] C:\Program Files\Fichiers communs\SWF Studio

[2007-06-13|22:34] C:\Program Files\Fichiers communs\System

[2006-12-24|19:06] C:\Program Files\Fichiers communs\Teleca Shared

[2006-12-27|19:21] C:\Program Files\Fichiers communs\Vbox

[2007-11-10|17:14] C:\Program Files\Fichiers communs\WindowsLiveInstaller

[2008-04-21|20:27] C:\Program Files\Fichiers communs\Wise Installation Wizard

 

--------------------\\ Process

 

( 41 Processus )

 

... OK !

 

--------------------\\ Recherche avec S_Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

C:\DOCUME~1\AURLIE~1\APPLIC~1\Grid Gpl

C:\DOCUME~1\AURLIE~1\APPLIC~1\gridgp~1

C:\DOCUME~1\AURLIE~1\Cookies\aurélien@advertstream[2].txt

C:\DOCUME~1\AURLIE~1\Cookies\aurélien@advertstream[3].txt

C:\DOCUME~1\AURLIE~1\Cookies\aurélien@adultfriendfinder[2].txt

C:\DOCUME~1\AURLIE~1\Cookies\aurélien@adopt.euroclick[2].txt

C:\DOCUME~1\AURLIE~1\Cookies\aurélien@partygaming.122.2o7[1].txt

C:\DOCUME~1\AURLIE~1\Cookies\aurélien@partypoker[1].txt

C:\DOCUME~1\AURLIE~1\Cookies\aurélien@2xmoinscher[2].txt

C:\DOCUME~1\AURLIE~1\Cookies\aurélien@www.2xmoinscher[2].txt

 

--------------------\\ Verification du Registre

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BAIT SLOW"="C:\\DOCUME~1\\AURLIE~1\\APPLIC~1\\GRIDGP~1\\interaxisstyle.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts PROPRE

 

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-22 18:27:59

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 15

 

--------------------\\ Recherche d'autres infections

 

--------------------\\ ROGUES ..

 

C:\PROGRA~1\FICHIE~1\ErrorSafe

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\AURLIE~1\Application Data\uTorrent\ADOBE.ILLUSTRATOR.CS3 (with CRACK).torrent

C:\DOCUME~1\AURLIE~1\Application Data\uTorrent\Adobe_Illustrator_CS3_Full_Version_with_Crack.torrent

C:\DOCUME~1\AURLIE~1\Application Data\uTorrent\Xilisoft.PSP.Video.Converter.v2.1.55.1205b.WinALL.Incl.Keygen-ViRiLiTY.torrent

C:\DOCUME~1\AURLIE~1\Mes documents\mes fichiers\photoshop\Crack et Keygen

C:\DOCUME~1\AURLIE~1\Mes documents\mes fichiers\photoshop\Crack et Keygen\Crack Activation Photoshop CS2 Fr.exe

 

 

[F:326][D:22]-> C:\DOCUME~1\AURLIE~1\LOCALS~1\Temp

[F:598][D:0]-> C:\DOCUME~1\AURLIE~1\Cookies

[F:2592][D:39]-> C:\DOCUME~1\AURLIE~1\LOCALS~1\TEMPOR~1\content.IE5

 

--------------------\\ Fin du rapport a 18:30:10

 

 

le rapport navilog :

Search Navipromo version 3.6.5 commencé le 2008-08-22 à 18:39:41.14

 

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!

!!! Postez ce rapport sur le forum pour le faire analyser !!!

!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

 

Outil exécuté depuis C:\Program Files\navilog1

Session actuelle : "Aurélien"

 

Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO

 

 

Microsoft Windows XP [version 5.1.2600]

Internet Explorer : 7.0.5730.11

Système de fichiers : NTFS

 

Recherche executé en mode normal

 

*** Recherche Programmes installés ***

 

 

*** Recherche dossiers dans "C:\WINDOWS" ***

 

 

*** Recherche dossiers dans "C:\Program Files" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\menudm~1\progra~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\menudm~1" ***

 

 

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\AURLIE~1\applic~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~2\applic~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\antoine\applic~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\applic~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\MARIE-~1\applic~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\Pascal\applic~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\AURLIE~1\locals~1\applic~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~2\locals~1\applic~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\antoine\locals~1\applic~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\MARIE-~1\locals~1\applic~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\Pascal\locals~1\applic~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\AURLIE~1\menudm~1\progra~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~2\menudm~1\progra~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\antoine\menudm~1\progra~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\menudm~1\progra~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\MARIE-~1\menudm~1\progra~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\Pascal\menudm~1\progra~1" ***

 

 

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***

pour + d'infos : http://www.gmer.net

 

 

 

*** Recherche avec GenericNaviSearch ***

!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!

!!! A vérifier impérativement avant toute suppression manuelle !!!

 

* Recherche dans "C:\WINDOWS\system32" *

 

* Recherche dans "C:\DOCUME~1\AURLIE~1\locals~1\applic~1" *

 

* Recherche dans "C:\DOCUME~1\ADMINI~2\locals~1\applic~1" *

 

* Recherche dans "C:\DOCUME~1\antoine\locals~1\applic~1" *

 

* Recherche dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" *

 

* Recherche dans "C:\DOCUME~1\MARIE-~1\locals~1\applic~1" *

 

* Recherche dans "C:\DOCUME~1\Pascal\locals~1\applic~1" *

 

 

 

*** Recherche fichiers ***

 

 

 

*** Recherche clés spécifiques dans le Registre ***

 

 

*** Module de Recherche complémentaire ***

(Recherche fichiers spécifiques)

 

1)Recherche nouveaux fichiers Instant Access :

 

 

2)Recherche Heuristique :

 

* Dans "C:\WINDOWS\system32" :

 

 

* Dans "C:\DOCUME~1\AURLIE~1\locals~1\applic~1" :

 

 

* Dans "C:\DOCUME~1\ADMINI~2\locals~1\applic~1" :

 

 

* Dans "C:\DOCUME~1\antoine\locals~1\applic~1" :

 

 

* Dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" :

 

 

* Dans "C:\DOCUME~1\MARIE-~1\locals~1\applic~1" :

 

 

* Dans "C:\DOCUME~1\Pascal\locals~1\applic~1" :

 

 

3)Recherche Certificats :

 

Certificat Egroup absent !

Certificat Electronic-Group absent !

Certificat Montorgueil absent !

Certificat OOO-Favorit absent !

Certificat Sunny-Day-Design-Ltd absent !

 

4)Recherche fichiers connus :

 

 

 

*** Analyse terminée le 2008-08-22 à 18:54:28.48 ***

[Gof]

Tu t'es trompé dans le rapport HijackThis, tu m'as posté un ancien (on le voit à l'heure).

 

Refais en un.

[xerel]

ok dsl, et merci de m'aider

 

voila le rapport :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:07, on 2008-08-22

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP_1\VBPTASK.EXE

C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\atwtusb.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\lexpps.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe

C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\eMule\emule.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {4380F4A3-A0DA-4733-079D-E1AEA382EE4D} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll

O4 - HKLM\..\Run: [schedulingAgent] mstinit.exe /firstlogon

O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP_1\VBPTASK.EXE" VBStart

O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\Fenpowernet.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

O4 - HKLM\..\Run: [GhostSurf Reminder] "C:\Program Files\GhostSurf 2005\Privacy Control Center.exe" reminder

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\AURLIE~1\LOCALS~1\Temp\MsgPlusUninst.bat"

O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\AURLIE~1\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup

O4 - HKCU\..\Run: [bAIT SLOW] C:\DOCUME~1\AURLIE~1\APPLIC~1\GRIDGP~1\interaxisstyle.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_6_2\Ghost (file missing)

O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_6_2\Ghost (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {00330010-0000-0000-0000-000020160010} -

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} -

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...ion_3_0_2_0.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O24 - Desktop Component 0: (no name) - http://www.google.fr/intl/fr_fr/images/logo.gif

 

--

End of file - 10150 bytes

[Gof]

Tu ne sembles pas avoir désactivé le Teatimer.

Tu ne sembles pas avoir désinstallé MSN+.

 

Pourquoi ne l'as tu pas fait ?