analyse fichier hijackthis mawarebytesRésolu/Fermé

Question

Bonjour,
infecté par trojan.agent dans ma base de registre, détecté par mawarebytes, je n'arrive pas a m'en débarasser.
mawarebytes le détecte, et le supprime mais trojan revient sans cesse. De plus, j'ai fenetre avec caractère bizarre type chinois qui s'affiche au lancement de windows, juste avnt le message de bienvenue. ci joint les rapport mawarebytes et hijackthis réalisée ds cet ordre, qqun pour m'aider svp
merci

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1502
Windows 5.1.2600 Service Pack 2

16/12/2008 20:03:34
mbam-log-2008-12-16 (20-03-34).txt

Type de recherche: Examen complet (C:\|D:\|F:\|G:\|H:\|I:\|J:\|)
Eléments examinés: 142609
Temps écoulé: 44 minute(s), 37 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:05:30, on 16/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Norton AntiVirus
avapsvc.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\NORTON~1
avapw32.exe
C:\WINDOWS\system32undll32.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe
C:\WINDOWS\VPro620.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://adfarm.mediaplex.com/ad/ck/709-29563-11896-1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1
avapw32.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VPro620.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://86.206.44.98/WinWebPush.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C2724A6-3812-43E0-B8C5-FAF021AA2B16}: NameServer = 194.117.200.10,194.117.200.15
O20 - Winlogon Notify: xxyxuRLc - xxyxuRLc.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

jlpjlp · Answer

slt,


Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

jlpjlp · Answer

télécharge combofix (par sUBs) ici : 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

et enregistre le sur le bureau. 

déconnecte toi d'internet et ferme toutes tes applications. 

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware) 


double-clique sur combofix.exe et suis les instructions 

à la fin, il va produire un rapport C:\ComboFix.txt 

réactive ton parefeu, ton antivirus, la garde de ton antispyware 

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse. 

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi. 

Tu as un tutoriel complet ici : 

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix 

____________________________



Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau : 
http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

/!\ Déconnectes toi et fermes toutes applications en cours 

&#9679; Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files ) 
&#9679; Double clique sur l'icône Ad-removersituée sur ton bureau 
&#9679; Au menu principal choisi l'option "A" 
&#9679; Postes le rapport qui apparait à la fin . 

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log ) 

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) 

Note : 

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. 
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. 
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus. 

____________________________






a la fin il faudra:

mettre a jour internet explorer
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

mettre à jour adobe reader
https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html


mettre a jour java:
Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries. 
Décompresse le fichier sur ton bureau (clique droit > Extraire tout.) 
Double-clique sur le répertoire JavaRa obtenu. 
Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher) 
Clique sur Search For Updates. 
Sélectionne Update Using jucheck.exe puis clique sur Search. 
Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes. 
Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions. 
Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok. 
Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse. 
Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log 
(c:\JavaRa.log) 
Ferme l'application. 

si cela ne fonctionne pas 

https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80 

tu peux désinstaller les vieilles versions.

gag · Answer

super, merci pour ton aide tout a bien marché : le message bizarre que j'avais au début de windows a disparu, et lorsque j'ai relancé malwarebytes, le rapport n'indique plus de trace du trojan.agent. ci joint les rapports de combofix et ad remover pour que tu vérifies si tout est bien clean, encore merci.

ComboFix 08-12-15.08 - Compaq_Propriétaire 2008-12-16 22:30:15.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1022.593 [GMT 1:00]
Lancé depuis: c:\documents and settings\Compaq_Propriétaire\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\pack.epk
c:\windows\system32\test.ttt
c:\windows\system32\win32hlp.cnf
c:\windows\Tasks\vmjluzms.job
D:\Autorun.inf

[color=blue]Une copie infectée de c:\windows\system32\userinit.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\qoobox\Quarantine\C\\WINDOWS\system32\userinit.exe.vir[/COLOR]

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-16 au 2008-12-16 ))))))))))))))))))))))))))))))))))))
.

2008-12-16 21:49 . 2008-12-16 21:50 <REP> d-------- C:\rsit
2008-12-16 18:24 . 2008-12-16 18:25 <REP> d-------- c:\windows\ERUNT
2008-12-16 18:15 . 2008-12-16 18:56 <REP> d-------- C:\SDFix
2008-12-15 22:18 . 2008-12-15 22:18 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\Application Data\Grisoft
2008-12-15 22:18 . 2008-12-15 22:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Grisoft
2008-12-15 20:59 . 2007-05-30 13:10 10,872 --a------ c:\windows\system32\drivers\AvgAsCln.sys
2008-12-15 19:51 . 2008-12-15 20:55 <REP> d-------- c:\windows\BDOSCAN8
2008-12-15 19:13 . 2008-12-15 19:13 <REP> d-------- c:\program files\Trend Micro
2008-12-15 18:08 . 2008-12-15 19:08 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-14 17:30 . 2008-10-16 11:23 3,088,384 --a------ c:\windows\system32\SET602.tmp
2008-12-14 17:30 . 2008-10-16 11:23 3,088,384 --a------ c:\windows\system32\SET5C7.tmp
2008-12-14 17:30 . 2008-10-16 11:23 1,024,512 --a------ c:\windows\system32\SET60A.tmp
2008-12-14 17:30 . 2008-10-16 11:23 1,024,512 --a------ c:\windows\system32\SET5CF.tmp
2008-12-14 17:30 . 2008-10-16 11:23 671,744 --a------ c:\windows\system32\SET5FA.tmp
2008-12-14 17:30 . 2008-10-16 11:23 671,744 --a------ c:\windows\system32\SET5BF.tmp
2008-12-14 17:30 . 2008-10-16 11:23 474,624 --a------ c:\windows\system32\SET5FC.tmp
2008-12-14 17:30 . 2008-10-16 11:23 474,624 --a------ c:\windows\system32\SET5C1.tmp
2008-12-14 17:30 . 2008-10-16 11:23 449,024 --a------ c:\windows\system32\SET5C6.tmp
2008-12-14 17:29 . 2008-10-16 11:23 1,499,648 --a------ c:\windows\system32\SET5FD.tmp
2008-12-14 17:29 . 2008-10-16 11:23 1,499,648 --a------ c:\windows\system32\SET5C2.tmp
2008-12-14 17:29 . 2008-10-16 11:23 621,056 --a------ c:\windows\system32\SET5FB.tmp
2008-12-14 17:29 . 2008-10-16 11:23 621,056 --a------ c:\windows\system32\SET5C0.tmp
2008-12-14 17:29 . 2008-10-16 11:23 251,904 --a------ c:\windows\system32\SET605.tmp
2008-12-14 17:29 . 2008-10-16 11:23 251,904 --a------ c:\windows\system32\SET5CA.tmp
2008-12-14 15:38 . 2008-12-14 15:38 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-14 15:38 . 2008-12-14 15:38 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\Application Data\Malwarebytes
2008-12-14 15:38 . 2008-12-14 15:38 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-14 15:38 . 2008-12-03 19:54 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-14 15:38 . 2008-12-03 19:54 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-14 15:36 . 2008-12-14 18:39 <REP> d-------- c:\program files\Yahoo!
2008-12-14 15:35 . 2008-12-14 15:36 <REP> d-------- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-16 21:31 25,088 ----a-w c:\windows\system32\userinit.exe
2008-12-16 21:31 25,088 ----a-w c:\windows\system32\dllcache\userinit.exe
2008-12-14 21:28 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-14 21:26 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-14 21:19 --------- d-----w c:\program files\Lavasoft
2008-12-14 19:44 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-14 14:29 --------- d-----w c:\program files\Neuf
2008-12-14 14:28 --------- d-----w c:\program files\crocpopup+
2008-12-14 11:10 --------- d-----w c:\program files\eMule
2008-12-14 11:05 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\Canon
2008-11-01 09:30 --------- d-----w c:\program files\Winamp
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:17 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:17 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2007-12-27 09:27 724 ----a-w c:\documents and settings\Compaq_Propriétaire\Application Data\wklnhst.dat
2006-10-11 08:04 61,036 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 48,742 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 29,313 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 41,082 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 166,510 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2006-05-27 12:22 22 --sha-w c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"SweetIM"="c:\program files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 73840]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-05 155648]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-14 7323648]
"NAV Agent"="c:\progra~1\NORTON~1\navapw32.exe" [2001-08-21 74832]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-03 61440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"nwiz"="nwiz.exe" [2005-12-14 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\TEMP\\CI_HITACHI\\MAJ_Hitachi.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\system32\\mcoinstall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 SPC620;Philips SPC620NC PC Camera;c:\windows\system32\drivers\SPC620.sys [2007-12-31 484864]
R3 SPC620m;Philips SPC620NC PC Cameram;c:\windows\system32\drivers\SPC620m.sys [2007-12-31 7680]
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;c:\windows\system32\DRIVERS\usb8023.sys [2004-08-05 12672]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contenu du dossier 'Tâches planifiées'

2008-12-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

1981-07-23 c:\windows\Tasks\Norton AntiVirus - Analyser mon ordinateur.job
- c:\progra~1\NORTON~1\NAVW32.exe [2001-08-21 09:29]

2006-07-28 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-08-24 18:22]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-StandardInstall - (no file)
HKLM-Run-PCDrProfiler - (no file)
HKLM-Run-NWEReboot - (no file)
Notify-xxyxuRLc - xxyxuRLc.dll

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.club-internet.fr
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://redirect.hp.com/svs/rdr?TYPE=3&tp=ebay&pf=desktop&locale=fr_fr&bd=all&c=q106
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {0C2724A6-3812-43E0-B8C5-FAF021AA2B16} = 194.117.200.10,194.117.200.15

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\CONFLICT.1\telechargement-photoweb.ocx
O16 -: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB}
hxxp://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
c:\windows\Downloaded Program Files\CONFLICT.1\telechargement-photoweb.inf

c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\ImageUploader5.ocx
O16 -: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
hxxp://www.photoweb.fr/telechargement/telechargement-photoweb.cab
c:\windows\Downloaded Program Files\ImageUploader5.inf

c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\telechargement-photoweb.ocx
O16 -: {68C1822F-F5C7-4404-A73F-03C10E0E94DA}
hxxp://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
c:\windows\Downloaded Program Files\telechargement-photoweb.inf

c:\windows\Downloaded Program Files\WinWeb.dll - O16 -: {7876E4A5-78B7-4020-B08F-C960A1ED54C9}
hxxp://86.206.44.98/WinWebPush.cab
FF - ProfilePath - c:\documents and settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\gsw4mjo5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-16 22:33:32
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

c:\windows\TEMP\TMP00000008CA8F893658EBA639 524288 bytes

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Norton AntiVirus\Navapsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Fichiers communs\Symantec Shared\Security Center\symwsc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\VPro620.exe
c:\program files\Club-Internet\Dr Club Internet\bin\mpbtn.exe
c:\program files\Club-Internet\Lanceur\lanceur.exe
c:\program files\Fichiers communs\Symantec Shared\Security Center\SymSCUI.exe
.
**************************************************************************
.
Heure de fin: 2008-12-16 22:41:18 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-16 21:41:15

Avant-CF: 171 290 513 408 octets libres
Après-CF: 171,349,884,928 octets libres

224 --- E O F --- 2008-12-14 18:59:56

--------- Logfile of AD-Remover 1.0.7.7 by C_XX ---------

# START at: 22:45:07 | Mar 16/12/2008 | Microsoft® Windows XP™ (v5.1.2600)
# BOOT MODE: Normal

# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

# PC: NOM-EB85C523610 | USER: Compaq_Propri‚taire ( Current user is an administrator)

# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)
- F:\ (File System: FAT32)
- G:\ (File System: FAT32)
- H:\ (File System: FAT32)
- I:\ (File System: FAT32)
- J:\ (File System: FAT32)

# Internet Explorer v6.0.2900.2180

--------- [ RUNNING PROCESSES: 40 ] ---------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\VPro620.exe
C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ntvdm.exe

-----------------------------------

+-----------------------| Boonty/Boonty Games Elements found :

"HKEY_LOCAL_MACHINE\Software\Boonty"
.
[04/05/2006 18:49|d--------] C:\PROGRA~1\BOONTY~1
[04/05/2006 10:26|--a------] C:\PROGRA~1\BOONTY~1\BUBBLE~1.EXE
[04/05/2006 10:35|d--------] C:\PROGRA~1\BOONTY~1\COMPON~1
[04/05/2006 10:35|--a------] C:\PROGRA~1\BOONTY~1\PACMAN~1.EXE
[27/10/2004 15:53|--a------] C:\PROGRA~1\BOONTY~1\COMPON~1\bureau.url
[27/10/2003 13:07|--a------] C:\PROGRA~1\BOONTY~1\COMPON~1\Joystick.ico
[27/10/2004 15:53|--a------] C:\PROGRA~1\BOONTY~1\COMPON~1\start.url

+-----------------------| Eorezo Elements found :

.

+-----------------------| Everest Poker Elements found :

.

+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

.

+-----------------------| Messenger Skinner Elements found :

.

+-----------------------| Sweetim Elements found :

"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Upgradecodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks" /v "{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Macrogaming"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
.
[23/07/2007 18:27|d--------] C:\PROGRA~1\MACROG~1
[23/07/2007 18:27|d--------] C:\PROGRA~1\MACROG~1\SweetIM
[14/12/2008 21:04|d--------] C:\PROGRA~1\MACROG~1\SWEETI~1
[23/07/2007 18:27|d--------] C:\PROGRA~1\MACROG~1\SweetIM\conf
[23/07/2007 18:27|d--------] C:\PROGRA~1\MACROG~1\SweetIM\data
[20/12/2006 16:00|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\default.xml
[23/07/2007 18:27|d--------] C:\PROGRA~1\MACROG~1\SweetIM\logs
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGADAP~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGARCH~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\mgcommon.dll
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGCOMM~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\mgconfig.dll
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGFLAS~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGHOOK~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGIEPL~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\mglogger.dll
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGMEDI~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGMSNA~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGMSNM~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGSWEE~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGUPDA~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGXML_~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGYAHO~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGYAHO~2.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\SweetIM.exe
[23/07/2007 18:27|d--------] C:\PROGRA~1\MACROG~1\SweetIM\update
[02/07/2006 16:59|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\conf\adapter.xml
[14/09/2008 21:05|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\conf\AUTOUP~1.XML
[05/11/2006 17:49|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\conf\logger.xml
[02/07/2006 16:59|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\conf\messages.xml
[03/12/2006 15:59|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\conf\sweetim.xml
[20/12/2006 15:58|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\conf\SWEETI~1.XML
[29/11/2008 22:56|d--------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users
[29/11/2008 22:56|d--------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\BEAURE~1.FR
[04/08/2007 15:19|d--------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\FIFIPU~1.FR
[23/07/2007 18:27|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\MAIN_U~1.XML
[29/11/2008 22:56|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\BEAURE~1.FR\EMOTIC~1.XML
[29/11/2008 22:56|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\BEAURE~1.FR\USER_C~1.XML
[17/08/2007 20:11|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\FIFIPU~1.FR\EMOTIC~1.XML
[17/08/2007 20:11|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\FIFIPU~1.FR\LASTUS~2.XML
[04/08/2007 15:19|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\FIFIPU~1.FR\LASTUS~3.XML
[04/08/2007 13:45|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\FIFIPU~1.FR\LASTUS~1.XML
[23/07/2007 18:35|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\FIFIPU~1.FR\USER_C~1.XML
[23/09/2007 12:44|d--------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100AC.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100AD.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100B4.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100B6.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100BA.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100BE.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100C0.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100C6.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100C8.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100CC.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100CD.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100D0.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100D1.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100D2.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100D5.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100DE.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100E7.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100FA.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100FD.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100FE.dat
[29/01/2006 14:44|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010104.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010105.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010106.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010107.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001010A.dat
[26/01/2006 21:51|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010118.dat
[19/01/2006 17:33|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010119.dat
[06/04/2006 19:56|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010817.dat
[23/04/2006 20:38|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010819.dat
[23/04/2006 20:38|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001081A.dat
[07/06/2006 22:36|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001083F.dat
[07/06/2006 23:02|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010847.dat
[27/06/2006 20:32|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001084C.dat
[31/07/2006 19:25|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001084D.dat
[23/08/2006 18:57|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010857.dat
[23/08/2006 18:57|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010859.dat
[24/08/2006 09:57|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001085D.dat
[13/09/2006 18:22|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010861.dat
[12/10/2006 11:02|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010866.dat
[12/10/2006 11:02|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010868.dat
[12/10/2006 11:02|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010869.dat
[15/11/2006 12:13|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010871.dat
[10/01/2007 10:27|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001088C.dat
[01/03/2007 15:52|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001088F.dat
[21/03/2007 19:27|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010891.dat
[21/03/2007 19:27|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010893.dat
[11/04/2007 17:21|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010896.dat
[29/04/2007 15:36|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010899.dat
[13/05/2007 20:13|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001089A.dat
[13/05/2007 20:13|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001089B.dat
[13/05/2007 20:13|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001089D.dat
[27/06/2007 12:08|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000108A5.dat
[27/06/2007 12:08|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000108A6.dat
[15/07/2007 10:46|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000108A7.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0002005A.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00020069.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0002006B.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0002006E.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00020071.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00020072.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00020073.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00020076.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0002007D.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00020098.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0002009E.dat
[19/01/2006 17:33|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000200C0.dat
[31/07/2006 19:25|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00020114.dat
[12/10/2006 11:02|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0002012B.dat
[21/03/2007 19:27|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0002014B.dat
[27/05/2007 09:47|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0002015C.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00030007.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0003001F.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00040024.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00040029.dat
[08/05/2006 11:41|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0004004D.dat
[31/07/2006 19:25|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00040063.dat
[23/08/2006 18:57|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0004006B.dat
[10/01/2007 10:27|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000400A3.dat
[21/03/2007 19:27|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000400A9.dat
[27/06/2007 12:08|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000400BB.dat
[03/12/2006 19:10|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00050001.dat
[03/12/2006 19:10|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00050002.dat
[09/09/2007 13:35|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00050004.dat
[11/07/2007 12:20|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00050005.dat
[12/10/2006 11:02|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0006007D.dat
[13/05/2007 20:13|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000600B6.dat
[11/07/2007 12:19|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\01050002.dat
[23/09/2007 12:44|--a------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\CACHE_~1.DAT
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\affid.dat
[12/10/2006 15:50|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\basis.xml
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\BOOKMA~1.BMP
[23/07/2007 18:27|d--------] C:\PROGRA~1\MACROG~1\SWEETI~1\Cache
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\EMAIL_~1.BMP
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\GAMES_~1.BMP
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\GREETI~1.BMP
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\MOBILE~1.BMP
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\MUSIC_~1.BMP
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\NEWS_2~1.BMP
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\SHOPIN~1.BMP
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\SMILEY~1.BMP
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\SMILEY~2.BMP
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\SWEETI~1.BMP
[05/11/2006 15:46|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.crc
[27/12/2006 14:35|--a------] C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.xml
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\version.txt
[04/01/2008 17:20|--a------] C:\PROGRA~1\MACROG~1\SWEETI~1\Cache\CD2005~1.XML
[16/12/2008 22:35|--a------] C:\WINDOWS\Prefetch\SWEETI~1.PF

+-----------------------| ADDED SCAN :

+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

...\gsw4mjo5.default\prefs.js :

~~~~ Mozilla FireFox version 2.0 ~~~~

Start Page : "https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f"

+----------+

+---------------------------------------------------------------------------+

+--[HKEY_CURRENT_USER\..\Run]

msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
SweetIM REG_SZ C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
updateMgr REG_SZ "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

+--[HKEY_LOCAL_MACHINE\..\Run]

Recguard REG_SZ C:\WINDOWS\SMINST\RECGUARD.EXE
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
PS2 REG_SZ C:\WINDOWS\system32\ps2.exe
nwiz REG_SZ nwiz.exe /installquiet /keeploaded /nodetect
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NAV Agent REG_SZ C:\PROGRA~1\NORTON~1\navapw32.exe
KBD REG_SZ C:\HP\KBD\KBD.EXE
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
hpsysdrv REG_SZ c:\windows\system\hpsysdrv.exe
HP Software Update REG_SZ C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
BJCFD REG_SZ C:\Program Files\BroadJump\Client Foundation\CFD.exe
RemoteControl REG_SZ "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
LanguageShortcut REG_SZ "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
!AVG Anti-Spyware REG_SZ "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

+--[HKEY_USERS\.DEFAULT\..\Run]

DWQueuedReporting REG_SZ "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://www.club-internet.fr

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

+---------------------------------------------------------------------------+

- "C:\AD-report-Scan-16.12.2008.log" (~22076 bytes)

# END at: 22:45:52 | 16/12/2008 - Time elapsed: 44.8 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 298 lines ]
+---------------------------------------------------------------------------+

jlpjlp · Answer

relance ad remover, choisi l'option B et tape les chiffre de Sweetim et boonty  et supprime les et colle le rapport
et un nouvel hijakhcits

jlpjlp · Answer

mets a jour windows avec le sp3 et mets a jour internet explorer avec la version 7
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html





encore des problèmes?

jlpjlp · Answer

pour virer ce qui a été utilisé


Télécharge ToolsCleaner sur ton bureau. 
-->  http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ... 
# Clique sur Suppression pour finaliser. 
# Tu peux, si tu le souhaites, te servir des Options facultatives. 
# Clique sur Quitter pour obtenir le rapport. 
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

Analyse fichier hijackthis mawarebytes

6 réponses

Discussions similaires

Newsletters