ordi comtaminé Win32/PrcView application +++Résolu/Fermé

Question

Bonjour,

Ca fait plusieurs fois que je run NOD32 et il me trouve un paquet de spyware. 

J'ai regardé sur le sujet Win32/PrcView application et j'ai fait ce que jessydu54 à dit à la personne de faire downloader, updater et scanner avec a-squared ensuite j'ai downloader Spyware Terminator updater et scanner. Les deux en mode normal et sans échec. 

Dès que tout les scans sont fait et que j'ai le log je vais le poster.

Merci j'ai vraiment besoin d'aide avec ce problème.

Suky

geoffrey5 · Answer

Salut !!

Fais un rapport hijackthis pour que je puisse vérifier les infections de ton pc stp

&#x25B6; Télécharge  hijackthis à cette adresse, tout est expliqué pour bien l installer et pour savoir s'en servir :

https://www.androidworld.fr/


Comment copier/coller le rapport :


Quand tu as le rapport à l écran, tu fais ctrl A pour "sélectionner tout" puis ctrl C pour "copier".

ensuite tu viens sur le forum pour me répondre et tu fais ctrl V pour "coller" le rapport.

Une explication des raccourcis clavier sont illustrés sur mon site web à cette adresse :

https://www.androidworld.fr/

Suky · Answer

Voici le log de Hijackthis. Je devais terminé tout les scan avant de le coller merci de ton aide.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:51:35, on 2008-10-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Eset
od32kui.exe
C:\Program Files\Visual Networks\Visual IP 

InSight\Sympatico Consumer\IPMon32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.e

xe
C:\Program Files\Logitech\Desktop 

Messenger\8876480\Program\LogitechDesktopMessenge

r.exe
C:\Program 

Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program 

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifi

er.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile 

Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google 

Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Fichiers communs\Microsoft 

Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset
od32krn.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Analog 

Devices\SoundMAX\SMAgent.exe
C:\Program 

Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and 

Settings\Line.LINE-\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet 

Explorer\Main,Search Page = 

https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet 

Explorer\Main,Start Page = 

https://www.freetranslation.com/
R1 - HKLM\Software\Microsoft\Internet 

Explorer\Main,Default_Page_URL = 

https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet 

Explorer\Main,Default_Search_URL = 

https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet 

Explorer\Main,Search Page = 

https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet 

Explorer\Main,Start Page = 

https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet 

Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet 

Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet 

Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - 

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - 

C:\Program Files\Adobe\Acrobat 

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - 

{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - 

C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: SSVHelper Class - 

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - 

C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - 

{7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion 

Windows Live - 

{9030D464-4C02-4ABF-8ECC-5164760863C6} - 

C:\Program Files\Fichiers communs\Microsoft 

Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - 

{AA58ED58-01DD-4d91-8333-CF10577473F7} - 

C:\Program Files\Google\Google 

Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - 

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - 

C:\Program 

Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dl

l
O3 - Toolbar: &Google Toolbar - 

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - 

C:\Program Files\Google\Google 

Toolbar\GoogleToolbar.dll
O3 - Toolbar: Barre d'outils &Crawler - 

{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - 

C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE 

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program 

Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog 

Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PinnacleDriverCheck] 

C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE 

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program 

Files\Eset
od32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [KernelFaultCheck] 

%systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program 

Files\Visual Networks\Visual IP InSight\Sympatico 

Consumer\IPMon32.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] 

"C:\Program Files\Adobe\Photoshop Album Edition 

Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program 

Files\Fichiers communs\Apple\Mobile Device 

Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program 

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program 

Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM 

FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program 

Files\Spyware 

Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program 

Files\Adobe\Acrobat 

7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 

-reboot 1
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] 

C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.e

xe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] 

"C:\Program Files\Logitech\Video\ManifestEngine.exe" 

boot
O4 - HKCU\..\Run: [LDM] C:\Program 

Files\Logitech\Desktop 

Messenger\8876480\Program\LogitechDesktopMessenge

r.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program 

Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
O4 - HKCU\..\Run: [ctfmon.exe] 

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program 

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifi

er.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] 

C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE 

LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] 

C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE 

RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] 

C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] 

C:\WINDOWS\system32\CTFMON.EXE (User 'Default 

user')
O4 - Global Startup: Adobe Gamma Loader.lnk = 

C:\Program Files\Fichiers 

communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe 

Reader.lnk = C:\Program Files\Adobe\Acrobat 

7.0\Readereader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = 

C:\Program Files\Logitech\Desktop 

Messenger\8876480\Program\LogitechDesktopMessenge

r.exe
O8 - Extra context menu item: Crawler Search - 

tbr:iemenu
O9 - Extra button: (no name) - 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 

C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 

C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Run DAP - 

{669695BC-A811-4A9D-8CDF-BA8C795F261C} - 

C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Recherche - 

{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - 

{e2e2dd38-d088-4134-82b7-f2ba38496583} - 

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - 

{e2e2dd38-d088-4134-82b7-f2ba38496583} - 

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} 

(Checkers Class) - 

http://messenger.zone.msn.com/binary/msgrchkr.cab3

1267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} 

(MessengerStatsClient Class) - 

http://messenger.zone.msn.com/binary/MessengerStats

PAClient.cab31267.cab
O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} 

(Image Uploader Control) - 

http://cdnimg.piczo.com/images/uploader/piczo_fast_u

ploader.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - 
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} 

(Minesweeper Flags Class) - 

http://messenger.zone.msn.com/binary/MineSweeper.c

ab31267.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} 

(CTVUAxCtrl Object) - 

http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} 

(MySpace Uploader Control) - 

http://lads.myspace.com/upload/MySpaceUploader1006

.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} 

(MSN Photo Upload Tool) - 

http://suky7779.spaces.live.com//PhotoUpload/MsnPUp

ld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} 

(Facebook Photo Uploader 4 Control) - 

http://upload.facebook.com/controls/FacebookPhotoUpl

oader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} 

(WUWebControl Class) - 

http://www.update.microsoft.com/windowsupdate/v6/

V5Controls/en/x86/client/wuweb_site.cab?12079619857

81
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} 

(DivXBrowserPlugin Object) - 

http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} 

(Windows Live Photo Upload Control) - 

http://suky7779.spaces.live.com/PhotoUpload/MsnPUpl

d.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} 

(MessengerStatsClient Class) - 

http://messenger.zone.msn.com/binary/MessengerStats

Client.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} 

(Aurigma Image Uploader 3.5 Control) - 

http://filelodge.bolt.com/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} 

(MsnMessengerSetupDownloadControl Class) - 

http://messenger.msn.com/download/MsnMessengerSet

upDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} 

(ZoneIntro Class) - 

http://messenger.zone.msn.com/binary/ZIntro.cab3284

6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} 

(MSN Chat Control 4.5) - 

http://spcn.io/
O18 - Protocol: bwfile-8876480 - 

{9462A756-7B47-47BC-8C80-C34B9B80B32B} - 

C:\Program Files\Logitech\Desktop 

Messenger\8876480\Program\GAPlugProtocol-8876480.d

ll
O18 - Protocol: skype4com - 

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - 

C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - 

{4D25FB7A-8902-4291-960E-9ADA051CFBBF} - 

C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O21 - SSODL: AplWin - 

{63397320-E2E5-2180-D571-01E9F87169CF} - C:\Program 

Files\yjfcjyb\AplWin.dll (file missing)
O23 - Service: a-squared Anti-Malware Service 

(a2AntiMalware) - Emsi Software GmbH - C:\Program 

Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - 

C:\Program Files\Fichiers communs\Apple\Mobile 

Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple 

Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - 

C:\Program Files\Google\Common\Google 

Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - 

Macrovision Corporation - C:\Program Files\Fichiers 

communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - 

C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 

(libusbd) - https://sourceforge.net/p/libusb-win32/wiki/Home/ - 

C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: MSCSPTISRV - Sony Corporation - 

C:\Program Files\Fichiers communs\Sony 

Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - 

C:\Program Files\Eset
od32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - 

NVIDIA Corporation - 

C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - 

C:\Program Files\Fichiers communs\Sony 

Shared\AVLib\PACSPTISVR.exe
O23 - Service: SoundMAX Agent Service (SoundMAX 

Agent Service (default)) - Analog Devices, Inc. - 

C:\Program Files\Analog 

Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony 

Corporation - C:\Program Files\Fichiers communs\Sony 

Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield 

Service (sp_rssrv) - Crawler.com - C:\Program 

Files\Spyware Terminator\sp_rsser.exe

geoffrey5 · Answer

Salut !!

tu as des toolbars infectées...commence par faire ceci stp :

&#x25B6; Télécharge Toolbar-S&D (de Team IDN) sur ton Bureau

(c est le numéro 6 en bas de la page) :  
 

&#x25B6; Lance l'installation du programme en exécutant le fichier téléchargé. 
&#x25B6; Double-clique maintenant sur le raccourci de Toolbar-S&D. 
&#x25B6; Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée. 
&#x25B6; Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche. 
&#x25B6; Poste le rapport généré. (C:\TB.txt)

Suky · Answer

-----------\  ToolBar S&D 1.2.2   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
   X86-based PC ( Multiprocessor Free :               Intel(R) Pentium(R) 4 CPU 2.80GHz )
   BIOS : BIOS Date: 02/13/05 22:02:08 Ver: 08.00.10
   USER : Line ( Administrator )
   BOOT : Normal boot
   Antivirus : Eset NOD32 antivirus system 2.51 2.51 (Activated)
   A:\ (USB)
   C:\ (Local Disk) - NTFS - Total : 49 Go Free : 8 Go
   D:\ (CD or DVD)
   E:\ (CD or DVD)
   F:\ (Local Disk) - NTFS - Total : 137 Go Free : 82 Go

   "C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 )
   Option : [1] ( 2008-10-07| 9:53 )

   -----------\  Recherche de Fichiers / Dossiers ...

   C:\Program Files\AskSBar
   C:\Program Files\AskSBar\bar
   C:\Program Files\Crawler
   C:\Program Files\Crawler\Download
   C:\Program Files\Crawler\Toolbar
   C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1\Barre d'outils Crawler
   C:\DOCUME~1\LINE~1.LIN\Cookies\line@dnl.crawler[1].txt
   C:\WINDOWS\Fonts\acrsec.fon
   C:\WINDOWS\Fonts\acrsecB.fon
   C:\WINDOWS\Fonts\acrsecI.fon

   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
   "SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
   "Start Page"="https://www.freetranslation.com/"
   "Url"="http://www.microsoft.com/athome/community/rss.xml"
   "Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"
   "Url"="http://www.microsoft.com/atwork/community/rss.xml"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"


   --------------------\  Recherche d'autres infections

   C:\WINDOWS\Tasks\At1.job
   C:\WINDOWS\Tasks\At10.job
   C:\WINDOWS\Tasks\At11.job
   C:\WINDOWS\Tasks\At12.job
   C:\WINDOWS\Tasks\At13.job
   C:\WINDOWS\Tasks\At14.job
   C:\WINDOWS\Tasks\At15.job
   C:\WINDOWS\Tasks\At16.job
   C:\WINDOWS\Tasks\At17.job
   C:\WINDOWS\Tasks\At18.job
   C:\WINDOWS\Tasks\At19.job
   C:\WINDOWS\Tasks\At2.job
   C:\WINDOWS\Tasks\At20.job
   C:\WINDOWS\Tasks\At21.job
   C:\WINDOWS\Tasks\At22.job
   C:\WINDOWS\Tasks\At23.job
   C:\WINDOWS\Tasks\At24.job
   C:\WINDOWS\Tasks\At25.job
   C:\WINDOWS\Tasks\At26.job
   C:\WINDOWS\Tasks\At27.job
   C:\WINDOWS\Tasks\At28.job
   C:\WINDOWS\Tasks\At29.job
   C:\WINDOWS\Tasks\At3.job
   C:\WINDOWS\Tasks\At30.job
   C:\WINDOWS\Tasks\At31.job
   C:\WINDOWS\Tasks\At32.job
   C:\WINDOWS\Tasks\At33.job
   C:\WINDOWS\Tasks\At34.job
   C:\WINDOWS\Tasks\At35.job
   C:\WINDOWS\Tasks\At36.job
   C:\WINDOWS\Tasks\At37.job
   C:\WINDOWS\Tasks\At38.job
   C:\WINDOWS\Tasks\At39.job
   C:\WINDOWS\Tasks\At4.job
   C:\WINDOWS\Tasks\At40.job
   C:\WINDOWS\Tasks\At41.job
   C:\WINDOWS\Tasks\At42.job
   C:\WINDOWS\Tasks\At43.job
   C:\WINDOWS\Tasks\At44.job
   C:\WINDOWS\Tasks\At45.job
   C:\WINDOWS\Tasks\At46.job
   C:\WINDOWS\Tasks\At47.job
   C:\WINDOWS\Tasks\At48.job
   C:\WINDOWS\Tasks\At5.job
   C:\WINDOWS\Tasks\At6.job
   C:\WINDOWS\Tasks\At7.job
   C:\WINDOWS\Tasks\At8.job
   C:\WINDOWS\Tasks\At9.job




   1 - "C:\ToolBar SD\TB_1.txt" - 2008-10-07| 9:54 - Option : [1]

   -----------\  Fin du rapport a  9:54:52,32

geoffrey5 · Answer

ok maintenant fais ceci stp :

&#x25B6; Relance Toolbar-S&D en double-cliquant sur le raccourci.
&#x25B6; Tape sur "2" puis valide en appuyant sur "Entrée". 
 /!\ Ne ferme pas la fenêtre lors de la suppression ! 
&#x25B6; Un rapport sera généré, poste son contenu ici. 

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches. 
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..." 
Tape explorer puis valide.


ensuite :


&#x25B6; Télécharge malwarebytes 
 
&#x25B6; Voici un tuto pour bien l installer et bien l utiliser : 

https://www.androidworld.fr/

aide toi bien du tuto pour supprimer correctement ce qu il aura trouvé
 

Après l analyse, redémarre le pc et poste le rapport !!

Et refais un nouveau rapport hijackthis stp

Suky · Answer

-----------\  ToolBar S&D 1.2.2   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
   X86-based PC ( Multiprocessor Free :               Intel(R) Pentium(R) 4 CPU 2.80GHz )
   BIOS : BIOS Date: 02/13/05 22:02:08 Ver: 08.00.10
   USER : Line ( Administrator )
   BOOT : Normal boot
   Antivirus : Eset NOD32 antivirus system 2.51 2.51 (Activated)
   A:\ (USB)
   C:\ (Local Disk) - NTFS - Total : 49 Go Free : 8 Go
   D:\ (CD or DVD)
   E:\ (CD or DVD)
   F:\ (Local Disk) - NTFS - Total : 137 Go Free : 82 Go

   "C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 )
   Option : [2] ( 2008-10-07|10:00 )

   -----------\ SUPPRESSION

   Supprime! - C:\Program Files\AskSBar\bar
   Supprime! - C:\Program Files\Crawler\Download
   Echec   ! - C:\Program Files\Crawler\Toolbar
   Supprime! - C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1\Barre d'outils Crawler
   Supprime! - C:\DOCUME~1\LINE~1.LIN\Cookies\line@dnl.crawler[1].txt
   Supprime! - C:\WINDOWS\Fonts\acrsec.fon
   Supprime! - C:\WINDOWS\Fonts\acrsecB.fon
   Supprime! - C:\WINDOWS\Fonts\acrsecI.fon
   Supprime! - C:\Program Files\AskSBar
   Supprime! - C:\Program Files\Crawler

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
   "SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
   "Start Page"="https://www.freetranslation.com/"
   "Url"="http://www.microsoft.com/athome/community/rss.xml"
   "Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"
   "Url"="http://www.microsoft.com/atwork/community/rss.xml"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Start Page"="https://www.msn.com/fr-fr/"


   --------------------\  Recherche d'autres infections

   C:\WINDOWS\Tasks\At1.job
   C:\WINDOWS\Tasks\At10.job
   C:\WINDOWS\Tasks\At11.job
   C:\WINDOWS\Tasks\At12.job
   C:\WINDOWS\Tasks\At13.job
   C:\WINDOWS\Tasks\At14.job
   C:\WINDOWS\Tasks\At15.job
   C:\WINDOWS\Tasks\At16.job
   C:\WINDOWS\Tasks\At17.job
   C:\WINDOWS\Tasks\At18.job
   C:\WINDOWS\Tasks\At19.job
   C:\WINDOWS\Tasks\At2.job
   C:\WINDOWS\Tasks\At20.job
   C:\WINDOWS\Tasks\At21.job
   C:\WINDOWS\Tasks\At22.job
   C:\WINDOWS\Tasks\At23.job
   C:\WINDOWS\Tasks\At24.job
   C:\WINDOWS\Tasks\At25.job
   C:\WINDOWS\Tasks\At26.job
   C:\WINDOWS\Tasks\At27.job
   C:\WINDOWS\Tasks\At28.job
   C:\WINDOWS\Tasks\At29.job
   C:\WINDOWS\Tasks\At3.job
   C:\WINDOWS\Tasks\At30.job
   C:\WINDOWS\Tasks\At31.job
   C:\WINDOWS\Tasks\At32.job
   C:\WINDOWS\Tasks\At33.job
   C:\WINDOWS\Tasks\At34.job
   C:\WINDOWS\Tasks\At35.job
   C:\WINDOWS\Tasks\At36.job
   C:\WINDOWS\Tasks\At37.job
   C:\WINDOWS\Tasks\At38.job
   C:\WINDOWS\Tasks\At39.job
   C:\WINDOWS\Tasks\At4.job
   C:\WINDOWS\Tasks\At40.job
   C:\WINDOWS\Tasks\At41.job
   C:\WINDOWS\Tasks\At42.job
   C:\WINDOWS\Tasks\At43.job
   C:\WINDOWS\Tasks\At44.job
   C:\WINDOWS\Tasks\At45.job
   C:\WINDOWS\Tasks\At46.job
   C:\WINDOWS\Tasks\At47.job
   C:\WINDOWS\Tasks\At48.job
   C:\WINDOWS\Tasks\At5.job
   C:\WINDOWS\Tasks\At6.job
   C:\WINDOWS\Tasks\At7.job
   C:\WINDOWS\Tasks\At8.job
   C:\WINDOWS\Tasks\At9.job




   1 - "C:\ToolBar SD\TB_1.txt" - 2008-10-07| 9:54 - Option : [1]
   2 - "C:\ToolBar SD\TB_2.txt" - 2008-10-07|10:01 - Option : [2]

   -----------\  Fin du rapport a 10:01:47,67

Suky · Answer

Malwarebytes' Anti-Malware 1.28
Database version: 1240
Windows 5.1.2600 Service Pack 2

2008-10-07 10:58:06
mbam-log-2008-10-07 (10-58-06).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 152214
Time elapsed: 39 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{63397320-E2E5-2180-D571-01E9F87169CF} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\aplwin (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\yjfcjyb\AplWin.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

geoffrey5 · Answer

ok maintenant refais un nouveau rapport hijackthis stp

Suky · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:33, on 2008-10-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Eset
od32kui.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset
od32krn.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Internet\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.freetranslation.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://suky7779.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://suky7779.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://spcn.io/
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - https://sourceforge.net/p/libusb-win32/wiki/Home/ - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset
od32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

geoffrey5 · Answer

relance hijackthis en cliquant sur scan only et coches ces lignes stp :

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k 
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe     
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll     
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime     
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe     

puis tu cliques sur fix checked.

ensuite :

&#x25B6; Télécharge JavaRa.zip
 
&#x25B6; Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)

&#x25B6; Double-clique sur le répertoire JavaRa obtenu.

&#x25B6; Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)

&#x25B6; Clique sur Search For Updates.

&#x25B6; Sélectionne Update Using jucheck.exe puis clique sur Search.

&#x25B6; Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.

&#x25B6; Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.

&#x25B6; Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.

&#x25B6; Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.

 * Note : le rapport se trouve aussi là : ( C:\JavaRa.log )

&#x25B6; Ferme l'application  

ensuite :

&#x25B6; Télécharger SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau. 

(c est le numéro 8 en bas de la page)

 
&#x25B6; Double cliquer sur SDFix.exe et choisir Install pour l'extraire dans un dossier dédié sur ton disque C:.
 
/!\ Démarre en mode sans échec : après le bip et avant le logo windows tapoter sur la touche F8 (ou F5): menu M.S.E.. 

&#x25B6; Choisir son compte, pas celui de l'Administrateur ou autre. 

Dérouler la liste des instructions ci-dessous :
 
• Ouvrir le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script. 
• Appuyer sur Y pour commencer le processus de nettoyage. 
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer. 
• Appuyer sur une touche pour redémarrer le PC. 
• Le système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers. 
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished. 
• Appuyer sur une touche pour finir l'exécution du script et charger les icônes du Bureau. 
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt. 
• Enfin, copier/coller le contenu du fichier Report.txt dans la prochaine réponse sur le forum

Suky · Answer

JavaRa.log

JavaRa 1.11 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Tue Oct 07 13:21:35 2008

Found and removed: C:\Program Files\Java\jre1.5.0_02Found and removed: C:\Program Files\Java\jre1.5.0_05Found and removed: C:\Program Files\Java\jre1.5.0_06Found and removed: C:\Program Files\Java\jre1.5.0_09Found and removed: C:\Program Files\Java\jre1.5.0_11Found and removed: C:\Program Files\Java\jre1.6.0_01Found and removed: C:\Windows\Installer\{3248F0A8-6813-11D6-A77B-00B0D0150010}Found and removed: C:\Windows\System32\jupdate-1.5.0_01-b08.logFound and removed: Software\JavaSoft\Java2D\1.5.0_01Found and removed: Software\JavaSoft\Java2D\1.5.0_02Found and removed: Software\JavaSoft\Java2D\1.5.0_05Found and removed: Software\JavaSoft\Java2D\1.5.0_06Found and removed: Software\JavaSoft\Java2D\1.5.0_09Found and removed: Software\JavaSoft\Java2D\1.5.0_11Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510002Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510005Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510009Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511001Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510002Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510005Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510009Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511001Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510002Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510005Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510009Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511001Found and removed: SOFTWARE\Classes\JavaPlugin.150_02Found and removed: SOFTWARE\Classes\JavaPlugin.150_05Found and removed: SOFTWARE\Classes\JavaPlugin.150_06Found and removed: SOFTWARE\Classes\JavaPlugin.150_09Found and removed: SOFTWARE\Classes\JavaPlugin.150_11Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_02Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_05Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_09Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_11Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_02Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_05Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_09Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510002Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510005Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510009Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511001Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510002Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510005Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510009Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511001Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150020}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150050}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150090}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150110}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001Found and removed: SOFTWARE\Classes\JavaPlugin.160_01Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_02Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_05Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_09Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_11Found and removed: Software\Classes\JavaPlugin.160_01Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.5.0_02\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.5.0_05\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.5.0_06\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.5.0_09\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.5.0_11\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_01\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_01\bin\Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01Found and removed: Software\JavaSoft\Java2D\1.6.0_01Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}------------------------------------Finished reporting.

Report.txt


[b]SDFix: Version 1.233 /b
Run by Line on 2008-10-07 at 13:47

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services /b:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files /b: 

No Trojan Files Found






Removing Temp Files

[b]ADS Check /b:
 


                                 [b]Final Check /b:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-07 13:52:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services /b:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\TorrenTopia\btdl\downloader.tt"="C:\Program Files\TorrenTopia\btdl\downloader.tt:*:Enabled:downloader"
"C:\Documents and Settings\Line.LINE-\Local Settings\Temp\~os1E.tmp\ossproxy.exe"="C:\Documents and Settings\Line.LINE-\Local Settings\Temp\~os1E.tmp\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\WINDOWS\system32\dnsloadtester.exe"="C:\WINDOWS\system32\dnsloadtester.exe:*:Enabled:DNSLoadTester"
"C:\Program Files\Kazaa\kazaa.exe"="C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa Media Desktop"
"C:\Program Files\Kazaa Lite K++\KazaaLite.kpp"="C:\Program Files\Kazaa Lite K++\KazaaLite.kpp:*:Enabled:KazaaLite"
"C:\Program Files\DAP\DAP.exe"="C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus"
"C:\Program Files\Kaaza Gold\Kazaa Gold\KazaaLite.kpp"="C:\Program Files\Kaaza Gold\Kazaa Gold\KazaaLite.kpp:*:Disabled:Kazaa Lite"
"C:\Program Files\iMesh\iMesh5\iMesh.exe"="C:\Program Files\iMesh\iMesh5\iMesh.exe:*:Enabled:iMesh 5"
"C:\WINDOWS\system32\P2P Networking\P2P Networking.exe"="C:\WINDOWS\system32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\ACE Mega CoDecS Pack\Media Player Classic\mplayerc.exe"="C:\Program Files\ACE Mega CoDecS Pack\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Morpheus\Morpheus.exe"="C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:M5Shell"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files /b:



[b]Files with Hidden Attributes /b:

Mon 25 Feb 2008            24 ..SH. --- "C:\WINDOWS\S56AA7DAF.tmp"
Sat  4 Jun 2005         4,704 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sun 26 Dec 2004         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 10 May 2005         4,348 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
Wed 20 Dec 2006             0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp"
Wed 17 Nov 2004        94,458 ...H. --- "C:\Program Files\Ahead\Nero PhotoShow\data\Nero PhotoShow Express.exe"
Mon 13 Nov 2006       319,456 A..H. --- "C:\Program Files\Fichiers communs\Motorola Shared\MotPCSDrivers\difxapi.dll"
Wed 15 Sep 2004         4,348 A..H. --- "C:\Documents and Settings\Line\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Tue  9 Nov 2004            20 A..H. --- "C:\Documents and Settings\Line\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Wed 15 Sep 2004           400 A.SH. --- "C:\Documents and Settings\Line\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Wed  4 Oct 2006     3,072,000 A..H. --- "C:\Documents and Settings\Line.LINE-\Application Data\U3	emp\Launchpad Removal.exe"
Tue 10 May 2005         4,348 ...H. --- "C:\Documents and Settings\Line.LINE-\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Sun 30 Oct 2005            20 A..H. --- "C:\Documents and Settings\Line.LINE-\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Mon 18 Jul 2005           400 A.SH. --- "C:\Documents and Settings\Line.LINE-\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"

[b]Finished!/b

geoffrey5 · Answer

ok maintenant :

&#x25B6; Télécharger et enregistrer lopSD sur le Bureau 

(C est le numéro 4 en bas de la page)
 
&#x25B6; Double-clic Lop S&D
 
&#x25B6; Faire l'installation 

&#x25B6; Fermer toutes les applications 

&#x25B6; Le lancer par un double-clic sur le raccourci qui est sur le bureau 
Avec VISTA => clic-droit et => Exécuter en tant qu'administrateur
 
&#x25B6; Taper F pour français , puis presser entrée 

&#x25B6; Taper 1 

&#x25B6; Presser Entrée 

&#x25B6; Le PC va redémarrer 
Note= si l'antivirus annonce une infection dans TEMP , l'ignorer
 
&#x25B6; Attendre l'apparition du rapport 
&#x25B6; Copier le rapport et le coller dans la réponse 
le rapport se trouve aussi à C:\lopR

Suky · Answer

Salut Le pc a jamais redémarrer mais je copie le rapport


   --------------------\  Lop S&D 4.2.4-5   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
   X86-based PC ( Multiprocessor Free :               Intel(R) Pentium(R) 4 CPU 2.80GHz )
   BIOS : BIOS Date: 02/13/05 22:02:08 Ver: 08.00.10
   USER : Line ( Administrator )
   BOOT : Normal boot
   Antivirus : Eset NOD32 antivirus system 2.51 2.51 (Activated)
   A:\ (USB)
   C:\ (Local Disk) - NTFS - Total : 49 Go Free : 12 Go
   D:\ (CD or DVD)
   E:\ (CD or DVD)
   F:\ (Local Disk) - NTFS - Total : 137 Go Free : 82 Go

   "C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
   Option : [1] ( 2008-10-07|14:21 )
 
   --------------------\  Listing des dossiers dans APPLIC~1  

   [2005-04-23|23:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

   [2005-04-23|23:55] C:\DOCUME~1\ADMINI~1.LIN\APPLIC~1\Microsoft

   [2008-10-07|00:31] C:\DOCUME~1\ADMINI~2.LIN\APPLIC~1\Microsoft
   [2008-10-07|00:34] C:\DOCUME~1\ADMINI~2.LIN\APPLIC~1\Spyware Terminator

   [2004-12-17|15:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [2005-03-27|16:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
   [2005-04-12|21:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
   [2007-06-19|16:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [2004-12-20|21:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MotiveSysIDs
   [2005-02-13|12:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN Messenger 6.2.0205
   [2005-04-09|20:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime

   [2006-04-25|18:14] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Adobe
   [2005-04-26|17:23] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Ahead
   [2007-11-25|23:29] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple
   [2008-07-13|12:26] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple Computer
   [2008-10-07|00:17] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Bell
   [2007-11-26|17:58] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\BVRP Software
   [2008-09-25|08:01] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\DVD Shrink
   [2008-10-04|10:34] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Google
   [2008-10-06|21:18] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Google Updater
   [2006-11-30|14:56] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kodak
   [2006-01-10|21:07] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Macromedia
   [2008-10-07|10:13] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Malwarebytes
   [2006-05-31|15:54] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\McAfee
   [2006-05-31|15:58] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\McAfee.com
   [2006-05-27|14:52] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\McAfee.com Personal Firewall
   [2008-10-04|22:43] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft
   [2008-04-11|19:38] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Motive
   [2005-04-26|16:41] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\MotiveSysIDs
   [2005-09-16|09:30] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1
View_Profiles
   [2008-02-25|20:37] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Office Genuine Advantage
   [2008-10-07|11:09] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\PCPitstop
   [2005-09-16|09:13] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Pinnacle
   [2005-06-19|08:49] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\QuickTime
   [2007-03-21|19:10] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Skype
   [2008-02-25|18:56] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SlySoft
   [2005-09-16|09:11] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SmartSound Software Inc
   [2006-05-17|13:25] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Sony Corporation
   [2008-10-07|00:41] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spyware Terminator
   [2008-10-06|16:39] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TEMP
   [2006-06-07|15:50] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Trymedia
   [2008-10-03|23:55] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TVU Networks
   [2008-02-25|20:37] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Windows Genuine Advantage
   [2008-04-11|20:02] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\WLInstaller
   [2008-10-07|00:01] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\zidipqno

   [2004-12-17|13:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

   [2005-04-25|14:25] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\Microsoft

   [2005-01-26|16:11] C:\DOCUME~1\Line\APPLIC~1\Adobe
   [2004-12-17|15:05] C:\DOCUME~1\Line\APPLIC~1\AdobeUM
   [2004-12-21|14:47] C:\DOCUME~1\Line\APPLIC~1\Ahead
   [2005-04-09|20:30] C:\DOCUME~1\Line\APPLIC~1\Apple Computer
   [2005-04-23|15:09] C:\DOCUME~1\Line\APPLIC~1\BPFTP
   [2005-01-06|23:11] C:\DOCUME~1\Line\APPLIC~1\Help
   [2004-12-17|13:31] C:\DOCUME~1\Line\APPLIC~1\Identities
   [2005-04-11|14:24] C:\DOCUME~1\Line\APPLIC~1\Lavasoft
   [2005-01-04|16:38] C:\DOCUME~1\Line\APPLIC~1\Macromedia
   [2005-02-12|21:05] C:\DOCUME~1\Line\APPLIC~1\Microsoft
   [2004-12-20|21:38] C:\DOCUME~1\Line\APPLIC~1\Motive
   [2004-12-20|21:32] C:\DOCUME~1\Line\APPLIC~1\MSNInstaller
   [2004-12-29|10:25] C:\DOCUME~1\Line\APPLIC~1\Real
   [2005-03-27|21:31] C:\DOCUME~1\Line\APPLIC~1\Sun
   [2004-12-21|15:02] C:\DOCUME~1\Line\APPLIC~1\Webshots

   [2008-05-20|16:29] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Adobe
   [2006-04-25|18:14] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\AdobeAUM
   [2006-04-25|18:27] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\AdobeUM
   [2005-12-17|14:09] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Ahead
   [2007-11-25|23:30] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Apple Computer
   [2008-10-07|00:17] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Bell
   [2008-09-02|11:39] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\BitTorrent
   [2006-03-11|18:53] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\com.oxygenxml
   [2007-11-21|21:50] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\DivX
   [2006-07-17|16:32] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\FotoWire
   [2007-04-01|15:46] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Gizmoz
   [2006-09-15|15:05] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Google
   [2005-05-30|12:31] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Help
   [2005-04-25|14:30] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Identities
   [2007-11-26|17:56] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\InstallShield
   [2005-05-27|20:57] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Kazaa Lite
   [2006-11-08|16:19] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Lavasoft
   [2005-12-17|16:25] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Leadertech
   [2007-03-06|16:02] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Macromedia
   [2008-10-07|10:13] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Malwarebytes
   [2006-05-26|21:11] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\McAfee.com Personal Firewall
   [2007-05-23|18:13] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Microsoft
   [2006-11-22|06:49] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\MSNInstaller
   [2007-06-19|16:34] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\MySpace
   [2005-04-30|01:01] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Real
   [2005-09-05|07:41] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Simple Star
   [2006-05-26|21:08] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\SiteAdvisor
   [2008-09-12|11:00] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Skype
   [2005-09-05|07:48] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Snapfish
   [2006-05-17|13:35] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Sony Corporation
   [2008-10-07|00:07] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Spyware Terminator
   [2005-05-07|20:22] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Sun
   [2007-05-06|21:20] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\U3
   [2006-11-21|23:36] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\WholeSecurity
   [2007-04-01|15:30] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\WizzTones
   [2008-04-21|14:41] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Youdagames



   [2005-01-26|17:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [2006-05-26|21:11] C:\DOCUME~1\LOCALS~1.AUT\APPLIC~1\McAfee.com Personal Firewall
   [2005-04-25|14:25] C:\DOCUME~1\LOCALS~1.AUT\APPLIC~1\Microsoft

   [2004-12-17|13:25] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

   [2008-10-04|23:04] C:\DOCUME~1\NETWOR~1.AUT\APPLIC~1\Microsoft
 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [2008-10-06 23:00][--a------] C:\WINDOWS	asks\At48.job
   [2008-10-06 22:00][--a------] C:\WINDOWS	asks\At47.job
   [2008-10-05 19:00][--a------] C:\WINDOWS	asks\At44.job
   [2008-10-06 20:00][--a------] C:\WINDOWS	asks\At45.job
   [2008-10-06 21:00][--a------] C:\WINDOWS	asks\At46.job
   [2008-10-05 18:00][--a------] C:\WINDOWS	asks\At43.job
   [2008-10-05 17:00][--a------] C:\WINDOWS	asks\At42.job
   [2008-10-06 16:00][--a------] C:\WINDOWS	asks\At41.job
   [2008-10-06 15:00][--a------] C:\WINDOWS	asks\At40.job
   [2008-10-07 14:00][--a------] C:\WINDOWS	asks\At39.job
   [2008-10-07 13:00][--a------] C:\WINDOWS	asks\At38.job
   [2008-10-07 12:00][--a------] C:\WINDOWS	asks\At37.job
   [2008-10-07 11:00][--a------] C:\WINDOWS	asks\At36.job
   [2008-10-07 10:00][--a------] C:\WINDOWS	asks\At35.job
   [2008-10-07 09:00][--a------] C:\WINDOWS	asks\At34.job
   [2008-08-13 07:00][--a------] C:\WINDOWS	asks\At32.job
   [2008-09-25 08:00][--a------] C:\WINDOWS	asks\At33.job
   [2008-01-22 06:00][--a------] C:\WINDOWS	asks\At31.job
   [2007-08-07 10:38][--a------] C:\WINDOWS	asks\At30.job
   [2008-10-01 03:00][--a------] C:\WINDOWS	asks\At28.job
   [2008-08-06 04:00][--a------] C:\WINDOWS	asks\At29.job
   [2008-10-04 02:00][--a------] C:\WINDOWS	asks\At27.job
   [2008-10-04 01:00][--a------] C:\WINDOWS	asks\At26.job
   [2008-10-07 00:00][--a------] C:\WINDOWS	asks\At25.job
   [2008-10-06 23:00][--a------] C:\WINDOWS	asks\At24.job
   [2008-10-06 21:00][--a------] C:\WINDOWS	asks\At22.job
   [2008-10-06 22:00][--a------] C:\WINDOWS	asks\At23.job
   [2008-10-06 20:00][--a------] C:\WINDOWS	asks\At21.job
   [2008-10-05 18:00][--a------] C:\WINDOWS	asks\At19.job
   [2008-10-05 19:00][--a------] C:\WINDOWS	asks\At20.job
   [2008-10-05 17:00][--a------] C:\WINDOWS	asks\At18.job
   [2008-10-06 16:00][--a------] C:\WINDOWS	asks\At17.job
   [2008-10-06 15:00][--a------] C:\WINDOWS	asks\At16.job
   [2008-10-07 14:00][--a------] C:\WINDOWS	asks\At15.job
   [2008-10-07 12:00][--a------] C:\WINDOWS	asks\At13.job
   [2008-10-07 13:00][--a------] C:\WINDOWS	asks\At14.job
   [2008-10-07 11:00][--a------] C:\WINDOWS	asks\At12.job
   [2008-10-07 09:00][--a------] C:\WINDOWS	asks\At10.job
   [2008-09-25 08:00][--a------] C:\WINDOWS	asks\At9.job
   [2008-10-07 10:00][--a------] C:\WINDOWS	asks\At11.job
   [2008-08-13 07:00][--a------] C:\WINDOWS	asks\At8.job
   [2008-01-22 06:00][--a------] C:\WINDOWS	asks\At7.job
   [2007-08-07 05:00][--a------] C:\WINDOWS	asks\At6.job
   [2008-08-06 04:00][--a------] C:\WINDOWS	asks\At5.job
   [2008-10-01 03:00][--a------] C:\WINDOWS	asks\At4.job
   [2008-10-04 01:00][--a------] C:\WINDOWS	asks\At2.job
   [2008-10-04 02:00][--a------] C:\WINDOWS	asks\At3.job
   [2008-10-07 00:00][--a------] C:\WINDOWS	asks\At1.job
   [2008-10-07 13:58][--ah-----] C:\WINDOWS	asks\SA.DAT
   [2004-08-05 07:00][-r-h-----] C:\WINDOWS	asks\desktop.ini

   --------------------\  Listing des dossiers dans C:\Program Files

   [2005-10-08|19:45] C:\Program Files\ACE Mega CoDecS Pack
   [2006-04-25|18:11] C:\Program Files\Adobe
   [2005-09-05|07:39] C:\Program Files\Ahead
   [2004-12-17|14:13] C:\Program Files\Analog Devices
   [2008-07-13|12:25] C:\Program Files\Apple Software Update
   [2005-03-27|16:32] C:\Program Files\Application X
   [2008-10-06|20:38] C:\Program Files\a-squared Anti-Malware
   [2008-08-03|22:27] C:\Program Files\Avanquest update
   [2008-04-21|14:36] C:\Program Files\BitTorrent
   [2006-03-22|18:34] C:\Program Files\BMP
   [2008-07-13|12:27] C:\Program Files\Bonjour
   [2006-05-31|16:01] C:\Program Files\BPFTP
   [2005-10-30|22:10] C:\Program Files\Canon
   [2007-05-19|20:02] C:\Program Files\CCleaner
   [2008-08-03|22:28] C:\Program Files\Common Files
   [2005-03-27|16:33] C:\Program Files\CyberLink
   [2008-10-07|00:01] C:\Program Files\DAP
   [2008-07-17|12:32] C:\Program Files\DemonicSoftware
   [2007-07-02|17:05] C:\Program Files\DivX
   [2006-03-22|18:33] C:\Program Files\DOC
   [2004-12-17|16:04] C:\Program Files\DVD Shrink
   [2004-12-17|15:51] C:\Program Files\Elaborate Bytes
   [2008-02-09|20:13] C:\Program Files\ESET
   [2008-10-07|11:38] C:\Program Files\Fichiers communs
   [2006-03-22|18:34] C:\Program Files\Filtre
   [2007-04-02|15:26] C:\Program Files\Gizmoz Talking Headz
   [2008-10-07|11:41] C:\Program Files\Google
   [2007-05-19|20:05] C:\Program Files\Grisoft
   [2005-05-01|11:49] C:\Program Files\HighMAT CD Writing Wizard
   [2008-10-07|00:21] C:\Program Files\InstallShield Installation Information
   [2004-12-17|14:06] C:\Program Files\Intel
   [2004-12-17|14:10] C:\Program Files\Intel Desktop Board
   [2005-09-16|08:46] C:\Program Files\Intel Desktop Board Audio Driver
   [2008-02-25|21:16] C:\Program Files\Internet Explorer
   [2005-12-22|10:24] C:\Program Files\Ipswitch
   [2008-10-07|13:21] C:\Program Files\Java
   [2007-06-13|19:59] C:\Program Files\Kodak
   [2008-09-28|23:57] C:\Program Files\LibUSB-Win32-0.1.10.1
   [2006-07-17|16:32] C:\Program Files\Logitech
   [2008-10-07|10:13] C:\Program Files\Malwarebytes' Anti-Malware
   [2005-04-30|00:43] C:\Program Files\M‚t‚oM‚dia
   [2004-12-17|13:26] C:\Program Files\microsoft frontpage
   [2004-12-17|13:46] C:\Program Files\Microsoft Office
   [2004-12-17|13:45] C:\Program Files\Microsoft Visual Studio
   [2004-12-17|14:01] C:\Program Files\Microsoft Works
   [2004-12-17|13:46] C:\Program Files\Microsoft.NET
   [2008-08-03|22:29] C:\Program Files\Motorola
   [2008-08-03|22:29] C:\Program Files\Motorola Phone Tools
   [2004-12-17|13:23] C:\Program Files\Movie Maker
   [2005-10-08|20:00] C:\Program Files\Mozilla
   [2006-11-22|06:49] C:\Program Files\MSN
   [2004-12-17|13:21] C:\Program Files\MSN Gaming Zone
   [2008-04-11|20:10] C:\Program Files\MSN Messenger
   [2008-10-06|20:17] C:\Program Files\Navilog1
   [2004-12-17|13:23] C:\Program Files\NetMeeting
   [2004-12-17|13:22] C:\Program Files\Online Services
   [2005-04-25|15:02] C:\Program Files\Outlook Express
   [2005-08-13|21:29] C:\Program Files\PCFriendly
   [2005-09-16|09:04] C:\Program Files\Pinnacle
   [2008-09-28|22:15] C:\Program Files\Plato Video To iPod PSP 3GP
   [2004-12-20|21:59] C:\Program Files\Plus!
   [2005-05-30|12:53] C:\Program Files\PowerQuest
   [2008-07-14|00:31] C:\Program Files\QuickTime
   [2005-04-30|00:57] C:\Program Files\Real
   [2006-03-22|18:35] C:\Program Files\SDK
   [2006-05-26|21:04] C:\Program Files\SearchRelevant
   [2006-03-25|11:19] C:\Program Files\Selteco
   [2007-10-19|15:03] C:\Program Files\Services en ligne
   [2007-03-21|19:10] C:\Program Files\Skype
   [2008-02-25|18:55] C:\Program Files\SlySoft
   [2005-09-16|09:11] C:\Program Files\SmartSound Software
   [2006-03-22|18:34] C:\Program Files\SnapIn
   [2007-06-09|17:05] C:\Program Files\Sony
   [2006-05-17|13:26] C:\Program Files\Sony Corporation
   [2008-10-07|08:26] C:\Program Files\Spyware Terminator
   [2008-10-07|13:21] C:\Program Files\Sun
   [2005-04-26|16:43] C:\Program Files\Tap'Touche
   [2005-04-25|15:27] C:\Program Files\Tweak-XP
   [2007-02-22|16:38] C:\Program Files\Ubisoft
   [2008-02-25|21:17] C:\Program Files\Uninstall Information
   [2004-12-20|21:38] C:\Program Files\Visual Networks
   [2004-12-21|15:02] C:\Program Files\Webshots
   [2008-10-06|21:27] C:\Program Files\WinClamAVShield
   [2008-04-11|20:10] C:\Program Files\Windows Live
   [2006-12-07|16:42] C:\Program Files\Windows Media Connect 2
   [2006-12-07|16:42] C:\Program Files\Windows Media Player
   [2004-12-17|13:21] C:\Program Files\Windows NT
   [2006-05-26|20:13] C:\Program Files\WindowsUpdate
   [2004-12-17|16:07] C:\Program Files\WinRAR
   [2005-05-30|12:31] C:\Program Files\WinZip
   [2004-12-17|13:26] C:\Program Files\xerox
   [2006-04-16|23:40] C:\Program Files\Xilisoft
   [2006-03-22|16:12] C:\Program Files\Yahoo!
   [2007-06-09|17:06] C:\Program Files\Yahoo! Games
   [2008-10-07|04:43] C:\Program Files\yjfcjyb
   [2005-03-27|16:34] C:\Program Files\Zero G Registry

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [2006-04-25|18:12] C:\Program Files\Fichiers communs\Adobe
   [2005-06-05|21:37] C:\Program Files\Fichiers communs\Ahead
   [2004-12-17|13:45] C:\Program Files\Fichiers communs\DESIGNER
   [2006-07-17|16:32] C:\Program Files\Fichiers communs\FotoWire
   [2005-05-30|12:05] C:\Program Files\Fichiers communs\InstallShield
   [2005-03-27|16:36] C:\Program Files\Fichiers communs\Java
   [2007-06-13|19:57] C:\Program Files\Fichiers communs\Kodak
   [2006-07-17|15:43] C:\Program Files\Fichiers communs\Logitech
   [2008-04-11|20:12] C:\Program Files\Fichiers communs\Microsoft Shared
   [2004-12-20|21:38] C:\Program Files\Fichiers communs\Motive
   [2007-12-26|18:20] C:\Program Files\Fichiers communs\Motorola Shared
   [2004-12-17|13:23] C:\Program Files\Fichiers communs\MSSoap
   [2006-08-09|12:32] C:\Program Files\Fichiers communs\NSV
   [2005-04-26|20:25] C:\Program Files\Fichiers communs\ODBC
   [2006-04-30|21:09] C:\Program Files\Fichiers communs\Real
   [2004-12-17|13:23] C:\Program Files\Fichiers communs\Services
   [2007-03-21|19:10] C:\Program Files\Fichiers communs\Skype
   [2006-05-17|13:26] C:\Program Files\Fichiers communs\Sony Shared
   [2004-12-17|08:14] C:\Program Files\Fichiers communs\SpeechEngines
   [2005-04-25|15:02] C:\Program Files\Fichiers communs\System
   [2005-11-24|19:13] C:\Program Files\Fichiers communs\Vbox
   [2008-04-11|20:09] C:\Program Files\Fichiers communs\WindowsLiveInstaller
   [2004-12-17|15:13] C:\Program Files\Fichiers communs\Wise Installation Wizard
   [2006-04-30|21:10] C:\Program Files\Fichiers communs\xing shared
   [2006-04-23|15:23] C:\Program Files\Fichiers communs\Xuisoft

   --------------------\  Process

   ( 41 Processes )

   IEXPLORE.EXE ~ [PID:1036]

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   C:\DOCUME~1\LINE~1.LIN\Cookies\line@advertising[2].txt
   C:\DOCUME~1\LINE~1.LIN\Cookies\line@advertising[3].txt
   C:\DOCUME~1\LINE~1.LIN\Cookies\line@adopt.euroclick[2].txt
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-10-07 14:22:20
   Windows 5.1.2600 Service Pack 2 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 201
 
   --------------------\  Recherche d'autres infections

   C:\WINDOWS\Tasks\At1.job
   C:\WINDOWS\Tasks\At10.job
   C:\WINDOWS\Tasks\At11.job
   C:\WINDOWS\Tasks\At12.job
   C:\WINDOWS\Tasks\At13.job
   C:\WINDOWS\Tasks\At14.job
   C:\WINDOWS\Tasks\At15.job
   C:\WINDOWS\Tasks\At16.job
   C:\WINDOWS\Tasks\At17.job
   C:\WINDOWS\Tasks\At18.job
   C:\WINDOWS\Tasks\At19.job
   C:\WINDOWS\Tasks\At2.job
   C:\WINDOWS\Tasks\At20.job
   C:\WINDOWS\Tasks\At21.job
   C:\WINDOWS\Tasks\At22.job
   C:\WINDOWS\Tasks\At23.job
   C:\WINDOWS\Tasks\At24.job
   C:\WINDOWS\Tasks\At25.job
   C:\WINDOWS\Tasks\At26.job
   C:\WINDOWS\Tasks\At27.job
   C:\WINDOWS\Tasks\At28.job
   C:\WINDOWS\Tasks\At29.job
   C:\WINDOWS\Tasks\At3.job
   C:\WINDOWS\Tasks\At30.job
   C:\WINDOWS\Tasks\At31.job
   C:\WINDOWS\Tasks\At32.job
   C:\WINDOWS\Tasks\At33.job
   C:\WINDOWS\Tasks\At34.job
   C:\WINDOWS\Tasks\At35.job
   C:\WINDOWS\Tasks\At36.job
   C:\WINDOWS\Tasks\At37.job
   C:\WINDOWS\Tasks\At38.job
   C:\WINDOWS\Tasks\At39.job
   C:\WINDOWS\Tasks\At4.job
   C:\WINDOWS\Tasks\At40.job
   C:\WINDOWS\Tasks\At41.job
   C:\WINDOWS\Tasks\At42.job
   C:\WINDOWS\Tasks\At43.job
   C:\WINDOWS\Tasks\At44.job
   C:\WINDOWS\Tasks\At45.job
   C:\WINDOWS\Tasks\At46.job
   C:\WINDOWS\Tasks\At47.job
   C:\WINDOWS\Tasks\At48.job
   C:\WINDOWS\Tasks\At5.job
   C:\WINDOWS\Tasks\At6.job
   C:\WINDOWS\Tasks\At7.job
   C:\WINDOWS\Tasks\At8.job
   C:\WINDOWS\Tasks\At9.job



   [F:3][D:12]-> C:\DOCUME~1\LINE~1.LIN\LOCALS~1\Temp
   [F:77][D:0]-> C:\DOCUME~1\LINE~1.LIN\Cookies
   [F:335][D:4]-> C:\DOCUME~1\LINE~1.LIN\LOCALS~1\TEMPOR~1\content.IE5

   1 - "C:\Lop SD\LopR_1.txt" - 2008-10-07|14:23 - Option : [1]

   --------------------\  Fin du rapport a 14:23:26

geoffrey5 · Answer

ok maintenant :

&#x25B6; Relance Lop S&D

&#x25B6; Choisis cette fois-ci l'option 2 (Suppression)

&#x25B6; Ne ferme pas la fenêtre lors de la suppression !

&#x25B6; Poste le rapport généré (C:\lopR.txt)

* (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)


ensuite :


&#x25B6; Télécharge Combofix de sUBs 

(c est le numéro 5 en bas de la page)

&#x25B6; et enregistre le sur le Bureau. 

  
&#x25B6; désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware) 


Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
 

ensuite envois le rapport stp

Suky · Answer

Deuxième LoG


   --------------------\  Lop S&D 4.2.4-5   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
   X86-based PC ( Multiprocessor Free :               Intel(R) Pentium(R) 4 CPU 2.80GHz )
   BIOS : BIOS Date: 02/13/05 22:02:08 Ver: 08.00.10
   USER : Line ( Administrator )
   BOOT : Normal boot
   Antivirus : Eset NOD32 antivirus system 2.51 2.51 (Activated)
   A:\ (USB)
   C:\ (Local Disk) - NTFS - Total : 49 Go Free : 12 Go
   D:\ (CD or DVD)
   E:\ (CD or DVD)
   F:\ (Local Disk) - NTFS - Total : 137 Go Free : 82 Go

   "C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
   Option : [2] ( 2008-10-07|14:41 )


   \\\\\\\\\\\\\\\ SUPPRESSION

   Supprime! - C:\DOCUME~1\LINE~1.LIN\Cookies\line@advertising[2].txt
   Supprime! - C:\DOCUME~1\LINE~1.LIN\Cookies\line@advertising[3].txt
   Supprime! - C:\DOCUME~1\LINE~1.LIN\Cookies\line@adopt.euroclick[2].txt
   -
   [ Fichier Hosts ] .. Restaure!
 
   \\\\\\\\\\\\\\\ 

 
   --------------------\  Listing des dossiers dans APPLIC~1  

   [2005-04-23|23:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

   [2005-04-23|23:55] C:\DOCUME~1\ADMINI~1.LIN\APPLIC~1\Microsoft

   [2008-10-07|00:31] C:\DOCUME~1\ADMINI~2.LIN\APPLIC~1\Microsoft
   [2008-10-07|00:34] C:\DOCUME~1\ADMINI~2.LIN\APPLIC~1\Spyware Terminator

   [2004-12-17|15:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [2005-03-27|16:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
   [2005-04-12|21:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
   [2007-06-19|16:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [2004-12-20|21:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MotiveSysIDs
   [2005-02-13|12:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN Messenger 6.2.0205
   [2005-04-09|20:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime

   [2006-04-25|18:14] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Adobe
   [2005-04-26|17:23] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Ahead
   [2007-11-25|23:29] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple
   [2008-07-13|12:26] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple Computer
   [2008-10-07|00:17] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Bell
   [2007-11-26|17:58] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\BVRP Software
   [2008-09-25|08:01] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\DVD Shrink
   [2008-10-04|10:34] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Google
   [2008-10-06|21:18] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Google Updater
   [2006-11-30|14:56] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kodak
   [2006-01-10|21:07] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Macromedia
   [2008-10-07|10:13] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Malwarebytes
   [2006-05-31|15:54] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\McAfee
   [2006-05-31|15:58] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\McAfee.com
   [2006-05-27|14:52] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\McAfee.com Personal Firewall
   [2008-10-04|22:43] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft
   [2008-04-11|19:38] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Motive
   [2005-04-26|16:41] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\MotiveSysIDs
   [2005-09-16|09:30] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1
View_Profiles
   [2008-02-25|20:37] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Office Genuine Advantage
   [2008-10-07|11:09] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\PCPitstop
   [2005-09-16|09:13] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Pinnacle
   [2005-06-19|08:49] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\QuickTime
   [2007-03-21|19:10] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Skype
   [2008-02-25|18:56] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SlySoft
   [2005-09-16|09:11] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SmartSound Software Inc
   [2006-05-17|13:25] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Sony Corporation
   [2008-10-07|00:41] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spyware Terminator
   [2008-10-06|16:39] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TEMP
   [2006-06-07|15:50] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Trymedia
   [2008-10-03|23:55] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TVU Networks
   [2008-02-25|20:37] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Windows Genuine Advantage
   [2008-04-11|20:02] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\WLInstaller
   [2008-10-07|00:01] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\zidipqno

   [2004-12-17|13:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

   [2005-04-25|14:25] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\Microsoft

   [2005-01-26|16:11] C:\DOCUME~1\Line\APPLIC~1\Adobe
   [2004-12-17|15:05] C:\DOCUME~1\Line\APPLIC~1\AdobeUM
   [2004-12-21|14:47] C:\DOCUME~1\Line\APPLIC~1\Ahead
   [2005-04-09|20:30] C:\DOCUME~1\Line\APPLIC~1\Apple Computer
   [2005-04-23|15:09] C:\DOCUME~1\Line\APPLIC~1\BPFTP
   [2005-01-06|23:11] C:\DOCUME~1\Line\APPLIC~1\Help
   [2004-12-17|13:31] C:\DOCUME~1\Line\APPLIC~1\Identities
   [2005-04-11|14:24] C:\DOCUME~1\Line\APPLIC~1\Lavasoft
   [2005-01-04|16:38] C:\DOCUME~1\Line\APPLIC~1\Macromedia
   [2005-02-12|21:05] C:\DOCUME~1\Line\APPLIC~1\Microsoft
   [2004-12-20|21:38] C:\DOCUME~1\Line\APPLIC~1\Motive
   [2004-12-20|21:32] C:\DOCUME~1\Line\APPLIC~1\MSNInstaller
   [2004-12-29|10:25] C:\DOCUME~1\Line\APPLIC~1\Real
   [2005-03-27|21:31] C:\DOCUME~1\Line\APPLIC~1\Sun
   [2004-12-21|15:02] C:\DOCUME~1\Line\APPLIC~1\Webshots

   [2008-05-20|16:29] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Adobe
   [2006-04-25|18:14] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\AdobeAUM
   [2006-04-25|18:27] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\AdobeUM
   [2005-12-17|14:09] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Ahead
   [2007-11-25|23:30] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Apple Computer
   [2008-10-07|00:17] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Bell
   [2008-09-02|11:39] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\BitTorrent
   [2006-03-11|18:53] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\com.oxygenxml
   [2007-11-21|21:50] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\DivX
   [2006-07-17|16:32] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\FotoWire
   [2007-04-01|15:46] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Gizmoz
   [2006-09-15|15:05] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Google
   [2005-05-30|12:31] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Help
   [2005-04-25|14:30] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Identities
   [2007-11-26|17:56] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\InstallShield
   [2005-05-27|20:57] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Kazaa Lite
   [2006-11-08|16:19] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Lavasoft
   [2005-12-17|16:25] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Leadertech
   [2007-03-06|16:02] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Macromedia
   [2008-10-07|10:13] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Malwarebytes
   [2006-05-26|21:11] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\McAfee.com Personal Firewall
   [2007-05-23|18:13] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Microsoft
   [2006-11-22|06:49] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\MSNInstaller
   [2007-06-19|16:34] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\MySpace
   [2005-04-30|01:01] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Real
   [2005-09-05|07:41] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Simple Star
   [2006-05-26|21:08] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\SiteAdvisor
   [2008-09-12|11:00] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Skype
   [2005-09-05|07:48] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Snapfish
   [2006-05-17|13:35] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Sony Corporation
   [2008-10-07|00:07] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Spyware Terminator
   [2005-05-07|20:22] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Sun
   [2007-05-06|21:20] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\U3
   [2006-11-21|23:36] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\WholeSecurity
   [2007-04-01|15:30] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\WizzTones
   [2008-04-21|14:41] C:\DOCUME~1\LINE~1.LIN\APPLIC~1\Youdagames



   [2005-01-26|17:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [2006-05-26|21:11] C:\DOCUME~1\LOCALS~1.AUT\APPLIC~1\McAfee.com Personal Firewall
   [2005-04-25|14:25] C:\DOCUME~1\LOCALS~1.AUT\APPLIC~1\Microsoft

   [2004-12-17|13:25] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

   [2008-10-04|23:04] C:\DOCUME~1\NETWOR~1.AUT\APPLIC~1\Microsoft
 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [2008-10-06 23:00][--a------] C:\WINDOWS	asks\At48.job
   [2008-10-06 22:00][--a------] C:\WINDOWS	asks\At47.job
   [2008-10-05 19:00][--a------] C:\WINDOWS	asks\At44.job
   [2008-10-06 20:00][--a------] C:\WINDOWS	asks\At45.job
   [2008-10-06 21:00][--a------] C:\WINDOWS	asks\At46.job
   [2008-10-05 18:00][--a------] C:\WINDOWS	asks\At43.job
   [2008-10-05 17:00][--a------] C:\WINDOWS	asks\At42.job
   [2008-10-06 16:00][--a------] C:\WINDOWS	asks\At41.job
   [2008-10-06 15:00][--a------] C:\WINDOWS	asks\At40.job
   [2008-10-07 14:00][--a------] C:\WINDOWS	asks\At39.job
   [2008-10-07 13:00][--a------] C:\WINDOWS	asks\At38.job
   [2008-10-07 12:00][--a------] C:\WINDOWS	asks\At37.job
   [2008-10-07 11:00][--a------] C:\WINDOWS	asks\At36.job
   [2008-10-07 10:00][--a------] C:\WINDOWS	asks\At35.job
   [2008-10-07 09:00][--a------] C:\WINDOWS	asks\At34.job
   [2008-08-13 07:00][--a------] C:\WINDOWS	asks\At32.job
   [2008-09-25 08:00][--a------] C:\WINDOWS	asks\At33.job
   [2008-01-22 06:00][--a------] C:\WINDOWS	asks\At31.job
   [2007-08-07 10:38][--a------] C:\WINDOWS	asks\At30.job
   [2008-10-01 03:00][--a------] C:\WINDOWS	asks\At28.job
   [2008-08-06 04:00][--a------] C:\WINDOWS	asks\At29.job
   [2008-10-04 02:00][--a------] C:\WINDOWS	asks\At27.job
   [2008-10-04 01:00][--a------] C:\WINDOWS	asks\At26.job
   [2008-10-07 00:00][--a------] C:\WINDOWS	asks\At25.job
   [2008-10-06 23:00][--a------] C:\WINDOWS	asks\At24.job
   [2008-10-06 21:00][--a------] C:\WINDOWS	asks\At22.job
   [2008-10-06 22:00][--a------] C:\WINDOWS	asks\At23.job
   [2008-10-06 20:00][--a------] C:\WINDOWS	asks\At21.job
   [2008-10-05 18:00][--a------] C:\WINDOWS	asks\At19.job
   [2008-10-05 19:00][--a------] C:\WINDOWS	asks\At20.job
   [2008-10-05 17:00][--a------] C:\WINDOWS	asks\At18.job
   [2008-10-06 16:00][--a------] C:\WINDOWS	asks\At17.job
   [2008-10-06 15:00][--a------] C:\WINDOWS	asks\At16.job
   [2008-10-07 14:00][--a------] C:\WINDOWS	asks\At15.job
   [2008-10-07 12:00][--a------] C:\WINDOWS	asks\At13.job
   [2008-10-07 13:00][--a------] C:\WINDOWS	asks\At14.job
   [2008-10-07 11:00][--a------] C:\WINDOWS	asks\At12.job
   [2008-10-07 09:00][--a------] C:\WINDOWS	asks\At10.job
   [2008-09-25 08:00][--a------] C:\WINDOWS	asks\At9.job
   [2008-10-07 10:00][--a------] C:\WINDOWS	asks\At11.job
   [2008-08-13 07:00][--a------] C:\WINDOWS	asks\At8.job
   [2008-01-22 06:00][--a------] C:\WINDOWS	asks\At7.job
   [2007-08-07 05:00][--a------] C:\WINDOWS	asks\At6.job
   [2008-08-06 04:00][--a------] C:\WINDOWS	asks\At5.job
   [2008-10-01 03:00][--a------] C:\WINDOWS	asks\At4.job
   [2008-10-04 01:00][--a------] C:\WINDOWS	asks\At2.job
   [2008-10-04 02:00][--a------] C:\WINDOWS	asks\At3.job
   [2008-10-07 00:00][--a------] C:\WINDOWS	asks\At1.job
   [2008-10-07 13:58][--ah-----] C:\WINDOWS	asks\SA.DAT
   [2004-08-05 07:00][-r-h-----] C:\WINDOWS	asks\desktop.ini

   --------------------\  Listing des dossiers dans C:\Program Files

   [2005-10-08|19:45] C:\Program Files\ACE Mega CoDecS Pack
   [2006-04-25|18:11] C:\Program Files\Adobe
   [2005-09-05|07:39] C:\Program Files\Ahead
   [2004-12-17|14:13] C:\Program Files\Analog Devices
   [2008-07-13|12:25] C:\Program Files\Apple Software Update
   [2005-03-27|16:32] C:\Program Files\Application X
   [2008-10-06|20:38] C:\Program Files\a-squared Anti-Malware
   [2008-08-03|22:27] C:\Program Files\Avanquest update
   [2008-04-21|14:36] C:\Program Files\BitTorrent
   [2006-03-22|18:34] C:\Program Files\BMP
   [2008-07-13|12:27] C:\Program Files\Bonjour
   [2006-05-31|16:01] C:\Program Files\BPFTP
   [2005-10-30|22:10] C:\Program Files\Canon
   [2007-05-19|20:02] C:\Program Files\CCleaner
   [2008-08-03|22:28] C:\Program Files\Common Files
   [2005-03-27|16:33] C:\Program Files\CyberLink
   [2008-10-07|00:01] C:\Program Files\DAP
   [2008-07-17|12:32] C:\Program Files\DemonicSoftware
   [2007-07-02|17:05] C:\Program Files\DivX
   [2006-03-22|18:33] C:\Program Files\DOC
   [2004-12-17|16:04] C:\Program Files\DVD Shrink
   [2004-12-17|15:51] C:\Program Files\Elaborate Bytes
   [2008-02-09|20:13] C:\Program Files\ESET
   [2008-10-07|11:38] C:\Program Files\Fichiers communs
   [2006-03-22|18:34] C:\Program Files\Filtre
   [2007-04-02|15:26] C:\Program Files\Gizmoz Talking Headz
   [2008-10-07|11:41] C:\Program Files\Google
   [2007-05-19|20:05] C:\Program Files\Grisoft
   [2005-05-01|11:49] C:\Program Files\HighMAT CD Writing Wizard
   [2008-10-07|00:21] C:\Program Files\InstallShield Installation Information
   [2004-12-17|14:06] C:\Program Files\Intel
   [2004-12-17|14:10] C:\Program Files\Intel Desktop Board
   [2005-09-16|08:46] C:\Program Files\Intel Desktop Board Audio Driver
   [2008-02-25|21:16] C:\Program Files\Internet Explorer
   [2005-12-22|10:24] C:\Program Files\Ipswitch
   [2008-10-07|13:21] C:\Program Files\Java
   [2007-06-13|19:59] C:\Program Files\Kodak
   [2008-09-28|23:57] C:\Program Files\LibUSB-Win32-0.1.10.1
   [2006-07-17|16:32] C:\Program Files\Logitech
   [2008-10-07|10:13] C:\Program Files\Malwarebytes' Anti-Malware
   [2005-04-30|00:43] C:\Program Files\M‚t‚oM‚dia
   [2004-12-17|13:26] C:\Program Files\microsoft frontpage
   [2004-12-17|13:46] C:\Program Files\Microsoft Office
   [2004-12-17|13:45] C:\Program Files\Microsoft Visual Studio
   [2004-12-17|14:01] C:\Program Files\Microsoft Works
   [2004-12-17|13:46] C:\Program Files\Microsoft.NET
   [2008-08-03|22:29] C:\Program Files\Motorola
   [2008-08-03|22:29] C:\Program Files\Motorola Phone Tools
   [2004-12-17|13:23] C:\Program Files\Movie Maker
   [2005-10-08|20:00] C:\Program Files\Mozilla
   [2006-11-22|06:49] C:\Program Files\MSN
   [2004-12-17|13:21] C:\Program Files\MSN Gaming Zone
   [2008-04-11|20:10] C:\Program Files\MSN Messenger
   [2008-10-06|20:17] C:\Program Files\Navilog1
   [2004-12-17|13:23] C:\Program Files\NetMeeting
   [2004-12-17|13:22] C:\Program Files\Online Services
   [2005-04-25|15:02] C:\Program Files\Outlook Express
   [2005-08-13|21:29] C:\Program Files\PCFriendly
   [2005-09-16|09:04] C:\Program Files\Pinnacle
   [2008-09-28|22:15] C:\Program Files\Plato Video To iPod PSP 3GP
   [2004-12-20|21:59] C:\Program Files\Plus!
   [2005-05-30|12:53] C:\Program Files\PowerQuest
   [2008-07-14|00:31] C:\Program Files\QuickTime
   [2005-04-30|00:57] C:\Program Files\Real
   [2006-03-22|18:35] C:\Program Files\SDK
   [2006-05-26|21:04] C:\Program Files\SearchRelevant
   [2006-03-25|11:19] C:\Program Files\Selteco
   [2007-10-19|15:03] C:\Program Files\Services en ligne
   [2007-03-21|19:10] C:\Program Files\Skype
   [2008-02-25|18:55] C:\Program Files\SlySoft
   [2005-09-16|09:11] C:\Program Files\SmartSound Software
   [2006-03-22|18:34] C:\Program Files\SnapIn
   [2007-06-09|17:05] C:\Program Files\Sony
   [2006-05-17|13:26] C:\Program Files\Sony Corporation
   [2008-10-07|08:26] C:\Program Files\Spyware Terminator
   [2008-10-07|13:21] C:\Program Files\Sun
   [2005-04-26|16:43] C:\Program Files\Tap'Touche
   [2005-04-25|15:27] C:\Program Files\Tweak-XP
   [2007-02-22|16:38] C:\Program Files\Ubisoft
   [2008-02-25|21:17] C:\Program Files\Uninstall Information
   [2004-12-20|21:38] C:\Program Files\Visual Networks
   [2004-12-21|15:02] C:\Program Files\Webshots
   [2008-10-06|21:27] C:\Program Files\WinClamAVShield
   [2008-04-11|20:10] C:\Program Files\Windows Live
   [2006-12-07|16:42] C:\Program Files\Windows Media Connect 2
   [2006-12-07|16:42] C:\Program Files\Windows Media Player
   [2004-12-17|13:21] C:\Program Files\Windows NT
   [2006-05-26|20:13] C:\Program Files\WindowsUpdate
   [2004-12-17|16:07] C:\Program Files\WinRAR
   [2005-05-30|12:31] C:\Program Files\WinZip
   [2004-12-17|13:26] C:\Program Files\xerox
   [2006-04-16|23:40] C:\Program Files\Xilisoft
   [2006-03-22|16:12] C:\Program Files\Yahoo!
   [2007-06-09|17:06] C:\Program Files\Yahoo! Games
   [2008-10-07|04:43] C:\Program Files\yjfcjyb
   [2005-03-27|16:34] C:\Program Files\Zero G Registry

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [2006-04-25|18:12] C:\Program Files\Fichiers communs\Adobe
   [2005-06-05|21:37] C:\Program Files\Fichiers communs\Ahead
   [2004-12-17|13:45] C:\Program Files\Fichiers communs\DESIGNER
   [2006-07-17|16:32] C:\Program Files\Fichiers communs\FotoWire
   [2005-05-30|12:05] C:\Program Files\Fichiers communs\InstallShield
   [2005-03-27|16:36] C:\Program Files\Fichiers communs\Java
   [2007-06-13|19:57] C:\Program Files\Fichiers communs\Kodak
   [2006-07-17|15:43] C:\Program Files\Fichiers communs\Logitech
   [2008-04-11|20:12] C:\Program Files\Fichiers communs\Microsoft Shared
   [2004-12-20|21:38] C:\Program Files\Fichiers communs\Motive
   [2007-12-26|18:20] C:\Program Files\Fichiers communs\Motorola Shared
   [2004-12-17|13:23] C:\Program Files\Fichiers communs\MSSoap
   [2006-08-09|12:32] C:\Program Files\Fichiers communs\NSV
   [2005-04-26|20:25] C:\Program Files\Fichiers communs\ODBC
   [2006-04-30|21:09] C:\Program Files\Fichiers communs\Real
   [2004-12-17|13:23] C:\Program Files\Fichiers communs\Services
   [2007-03-21|19:10] C:\Program Files\Fichiers communs\Skype
   [2006-05-17|13:26] C:\Program Files\Fichiers communs\Sony Shared
   [2004-12-17|08:14] C:\Program Files\Fichiers communs\SpeechEngines
   [2005-04-25|15:02] C:\Program Files\Fichiers communs\System
   [2005-11-24|19:13] C:\Program Files\Fichiers communs\Vbox
   [2008-04-11|20:09] C:\Program Files\Fichiers communs\WindowsLiveInstaller
   [2004-12-17|15:13] C:\Program Files\Fichiers communs\Wise Installation Wizard
   [2006-04-30|21:10] C:\Program Files\Fichiers communs\xing shared
   [2006-04-23|15:23] C:\Program Files\Fichiers communs\Xuisoft

   --------------------\  Process

   ( 40 Processes )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-10-07 14:42:24
   Windows 5.1.2600 Service Pack 2 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 201
 
   --------------------\  Recherche d'autres infections

   C:\WINDOWS\Tasks\At1.job
   C:\WINDOWS\Tasks\At10.job
   C:\WINDOWS\Tasks\At11.job
   C:\WINDOWS\Tasks\At12.job
   C:\WINDOWS\Tasks\At13.job
   C:\WINDOWS\Tasks\At14.job
   C:\WINDOWS\Tasks\At15.job
   C:\WINDOWS\Tasks\At16.job
   C:\WINDOWS\Tasks\At17.job
   C:\WINDOWS\Tasks\At18.job
   C:\WINDOWS\Tasks\At19.job
   C:\WINDOWS\Tasks\At2.job
   C:\WINDOWS\Tasks\At20.job
   C:\WINDOWS\Tasks\At21.job
   C:\WINDOWS\Tasks\At22.job
   C:\WINDOWS\Tasks\At23.job
   C:\WINDOWS\Tasks\At24.job
   C:\WINDOWS\Tasks\At25.job
   C:\WINDOWS\Tasks\At26.job
   C:\WINDOWS\Tasks\At27.job
   C:\WINDOWS\Tasks\At28.job
   C:\WINDOWS\Tasks\At29.job
   C:\WINDOWS\Tasks\At3.job
   C:\WINDOWS\Tasks\At30.job
   C:\WINDOWS\Tasks\At31.job
   C:\WINDOWS\Tasks\At32.job
   C:\WINDOWS\Tasks\At33.job
   C:\WINDOWS\Tasks\At34.job
   C:\WINDOWS\Tasks\At35.job
   C:\WINDOWS\Tasks\At36.job
   C:\WINDOWS\Tasks\At37.job
   C:\WINDOWS\Tasks\At38.job
   C:\WINDOWS\Tasks\At39.job
   C:\WINDOWS\Tasks\At4.job
   C:\WINDOWS\Tasks\At40.job
   C:\WINDOWS\Tasks\At41.job
   C:\WINDOWS\Tasks\At42.job
   C:\WINDOWS\Tasks\At43.job
   C:\WINDOWS\Tasks\At44.job
   C:\WINDOWS\Tasks\At45.job
   C:\WINDOWS\Tasks\At46.job
   C:\WINDOWS\Tasks\At47.job
   C:\WINDOWS\Tasks\At48.job
   C:\WINDOWS\Tasks\At5.job
   C:\WINDOWS\Tasks\At6.job
   C:\WINDOWS\Tasks\At7.job
   C:\WINDOWS\Tasks\At8.job
   C:\WINDOWS\Tasks\At9.job



   [F:7][D:12]-> C:\DOCUME~1\LINE~1.LIN\LOCALS~1\Temp
   [F:75][D:0]-> C:\DOCUME~1\LINE~1.LIN\Cookies
   [F:397][D:4]-> C:\DOCUME~1\LINE~1.LIN\LOCALS~1\TEMPOR~1\content.IE5

   1 - "C:\Lop SD\LopR_1.txt" - 2008-10-07|14:23 - Option : [1]
   2 - "C:\Lop SD\LopR_2.txt" - 2008-10-07|14:43 - Option : [2]

   --------------------\  Fin du rapport a 14:43:17

Suky · Answer

Combo

ComboFix 08-10-07.01 - Line 2008-10-07 14:52:34.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.201 [GMT -5:00]
Lancé depuis: C:\Documents and Settings\Line.LINE-\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
* Resident AV is active

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\msettings.ini

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-07 au 2008-10-07 ))))))))))))))))))))))))))))))))))))
.

2008-10-07 14:19 . 2008-10-07 14:43 <REP> d-------- C:\Lop SD
2008-10-07 14:13 . 2008-10-07 14:13 <REP> d-------- C:\WINDOWS\LastGood
2008-10-07 14:13 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-10-07 14:13 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-10-07 14:13 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-10-07 13:44 . 2008-10-07 13:44 <REP> d-------- C:\WINDOWS\ERUNT
2008-10-07 13:22 . 2008-10-07 14:02 <REP> d-------- C:\SDFix
2008-10-07 13:21 . 2008-10-07 13:21 <REP> d-------- C:\Program Files\Sun
2008-10-07 11:09 . 2008-10-07 11:09 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PCPitstop
2008-10-07 10:13 . 2008-10-07 10:13 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-07 10:13 . 2008-10-07 10:13 <REP> d-------- C:\Documents and Settings\Line.LINE-\Application Data\Malwarebytes
2008-10-07 10:13 . 2008-10-07 10:13 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-10-07 10:13 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-07 10:13 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-07 09:54 . 2008-10-07 10:01 4,166 --a------ C:\Documents and Settings\Orph.egd
2008-10-07 09:53 . 2008-10-07 10:01 <REP> d-------- C:\ToolBar SD
2008-10-07 00:26 . 2008-10-07 00:34 <REP> d-------- C:\Documents and Settings\Administrateur.LINE-\Application Data\Spyware Terminator
2008-10-07 00:25 . 2005-04-25 10:14 <REP> d--h----- C:\Documents and Settings\Administrateur.LINE-\Voisinage réseau
2008-10-07 00:25 . 2005-04-25 10:14 <REP> d--h----- C:\Documents and Settings\Administrateur.LINE-\Voisinage d'impression
2008-10-07 00:25 . 2005-04-25 14:21 <REP> d--h----- C:\Documents and Settings\Administrateur.LINE-\Modèles
2008-10-07 00:25 . 2005-04-25 10:14 <REP> d-------- C:\Documents and Settings\Administrateur.LINE-\Mes documents
2008-10-07 00:25 . 2005-04-25 10:14 <REP> dr------- C:\Documents and Settings\Administrateur.LINE-\Menu Démarrer
2008-10-07 00:25 . 2005-04-25 10:14 <REP> d-------- C:\Documents and Settings\Administrateur.LINE-\Favoris
2008-10-07 00:25 . 2005-04-25 10:14 <REP> d-------- C:\Documents and Settings\Administrateur.LINE-\Bureau
2008-10-07 00:25 . 2008-10-07 00:25 <REP> d-------- C:\Documents and Settings\Administrateur.LINE-
2008-10-06 20:47 . 2008-10-06 21:27 <REP> d-------- C:\Program Files\WinClamAVShield
2008-10-06 20:39 . 2008-10-07 08:26 <REP> d-------- C:\Program Files\Spyware Terminator
2008-10-06 20:39 . 2008-10-07 00:07 <REP> d-------- C:\Documents and Settings\Line.LINE-\Application Data\Spyware Terminator
2008-10-06 20:39 . 2008-10-07 00:41 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spyware Terminator
2008-10-06 20:39 . 2008-10-06 20:40 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-10-06 20:32 . 2008-10-06 20:38 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-10-06 20:05 . 2008-10-06 20:05 <REP> dr------- C:\Documents and Settings\LocalService.AUTORITE NT\Mes documents
2008-10-06 19:46 . 2008-10-07 00:17 <REP> d-------- C:\Documents and Settings\Line.LINE-\Application Data\Bell
2008-10-06 19:45 . 2008-10-07 00:17 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Bell
2008-10-06 19:44 . 2008-10-06 19:44 <REP> d-------- C:\Documents and Settings\LINE~1\LOCALS~1
2008-10-06 19:44 . 2008-10-06 19:44 <REP> d-------- C:\Documents and Settings\LINE~1
2008-10-04 00:06 . 2008-10-07 04:43 <REP> d-------- C:\Program Files\yjfcjyb
2008-10-04 00:06 . 2008-10-07 00:01 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\zidipqno
2008-10-03 23:55 . 2008-10-03 23:55 <REP> d-------- C:\Documents and Settings\Line.LINE-\LocalLow
2008-10-03 23:55 . 2008-10-03 23:55 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\TVU Networks
2008-09-28 23:57 . 2008-09-28 23:57 <REP> d-------- C:\Program Files\LibUSB-Win32-0.1.10.1
2008-09-28 23:57 . 2005-03-09 20:50 46,592 --a------ C:\WINDOWS\system32\libusb0.dll
2008-09-28 23:57 . 2005-03-09 20:50 33,792 --a------ C:\WINDOWS\system32\drivers\libusb0.sys
2008-09-28 23:57 . 2005-03-09 20:50 19,456 --a------ C:\WINDOWS\system32\libusbd-9x.exe
2008-09-28 23:57 . 2005-03-09 20:50 18,944 --a------ C:\WINDOWS\system32\libusbd-nt.exe
2008-09-28 22:15 . 2008-09-28 22:15 <REP> d-------- C:\Program Files\Plato Video To iPod PSP 3GP

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-07 18:21 --------- d-----w C:\Program Files\Java
2008-10-07 16:41 --------- d-----w C:\Program Files\Google
2008-10-07 05:21 --------- d-----w C:\Program Files\InstallShield Installation Information
2008-10-07 05:01 --------- d-----w C:\Program Files\DAP
2008-10-07 02:18 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2008-10-07 01:17 --------- d-----w C:\Program Files\Navilog1
2008-10-06 21:39 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-10-06 21:29 910 ----a-w C:\Program Files\INSTALL.LOG
2008-09-25 13:01 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink
2008-09-12 16:00 --------- d-----w C:\Documents and Settings\Line.LINE-\Application Data\Skype
2008-09-02 16:39 --------- d-----w C:\Documents and Settings\Line.LINE-\Application Data\BitTorrent
2008-08-11 03:36 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-08-11 03:36 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-08-11 03:36 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-11-26 22:56 92,064 ----a-w C:\Documents and Settings\Line.LINE-\mqdmmdm.sys
2007-11-26 22:56 9,232 ----a-w C:\Documents and Settings\Line.LINE-\mqdmmdfl.sys
2007-11-26 22:56 79,328 ----a-w C:\Documents and Settings\Line.LINE-\mqdmserd.sys
2007-11-26 22:56 66,656 ----a-w C:\Documents and Settings\Line.LINE-\mqdmbus.sys
2007-11-26 22:56 6,208 ----a-w C:\Documents and Settings\Line.LINE-\mqdmcmnt.sys
2007-11-26 22:56 5,936 ----a-w C:\Documents and Settings\Line.LINE-\mqdmwhnt.sys
2007-11-26 22:56 4,048 ----a-w C:\Documents and Settings\Line.LINE-\mqdmcr.sys
2007-11-26 22:56 25,600 ----a-w C:\Documents and Settings\Line.LINE-\usbsermptxp.sys
2007-11-26 22:56 22,768 ----a-w C:\Documents and Settings\Line.LINE-\usbsermpt.sys
2006-03-22 23:44 1,619 ----a-w C:\Program Files\Acomba.ini
2006-03-22 23:36 10,130 ----a-w C:\Program Files\PDefAcom.ini
2006-03-22 23:36 0 ----a-w C:\Program Files\PrntAcom.ini
2005-08-16 15:46 14,282,119 ----a-w C:\Program Files\ACO_PCDB.MAJ
2005-08-16 15:41 28,067,328 ----a-w C:\Program Files\Acomba.exe
2005-08-16 15:38 2,247,944 ----a-w C:\Program Files\Acomba09.lng
2005-08-16 15:37 2,377,506 ----a-w C:\Program Files\Acomba0c.lng
2005-08-16 14:23 95,232 ----a-w C:\Program Files\RegAcoX.dll
2005-07-15 21:20 1,967,104 ----a-w C:\Program Files\CRALib.dll
2005-07-15 17:48 295,936 ----a-w C:\Program Files\SX_127.dll
2005-07-15 17:48 295,936 ----a-w C:\Program Files\SX_125.dll
2005-07-15 17:48 295,936 ----a-w C:\Program Files\SX_124.dll
2005-07-15 17:48 295,936 ----a-w C:\Program Files\SX_122.dll
2005-07-15 17:48 295,936 ----a-w C:\Program Files\SX_121.dll
2005-07-15 17:48 295,936 ----a-w C:\Program Files\SX_118.dll
2005-07-06 20:44 892,416 ----a-w C:\Program Files\AcoHlp09.fts
2005-07-06 20:44 8,156,181 ----a-w C:\Program Files\ACOHLP09.HLP
2005-07-06 20:26 35,471 ----a-w C:\Program Files\AcoHlp09.cnt
2005-07-06 19:50 12,138,827 ----a-w C:\Program Files\Acomba.hlp
2005-07-06 19:50 1,446,400 ----a-w C:\Program Files\Acomba.fts
2005-07-06 19:16 52,286 ----a-w C:\Program Files\Acomba.cnt
2005-07-04 18:15 1,277,440 ----a-w C:\Program Files\RCScan.dll
2005-06-02 17:33 951,808 ----a-w C:\Program Files\WRINFO.exe
2005-05-11 19:45 1,125,888 ----a-w C:\Program Files\Ofxlib32.dll
2005-04-28 16:19 2,293,141 ----a-w C:\Program Files\AX_APR.dll
2005-03-23 22:45 1,465,856 ----a-w C:\Program Files\TFELib.dll
2005-02-25 20:53 612,352 ----a-w C:\Program Files\PrintRG.exe
2005-02-25 20:51 807,424 ----a-w C:\Program Files\MRQLib.dll
2005-01-06 15:43 452,540 ----a-w C:\Program Files\r1.fmf
2004-12-16 17:50 180,301 ----a-w C:\Program Files\t4.fmf
2004-11-26 18:28 406,016 ----a-w C:\Program Files\WordPubPost.dll
2004-06-01 18:27 377,584 ----a-w C:\Program Files\TFETrans.EXE
2004-05-14 14:11 5,257 ----a-w C:\Program Files\Constr09.prw
2004-05-14 14:07 7,173 ----a-w C:\Program Files\Constr0C.prw
2004-05-05 20:46 8,195 ----a-w C:\Program Files\Tabagi0C.prw
2004-05-05 20:17 6,863 ----a-w C:\Program Files\Associ0C.prw
2003-10-08 20:03 38,592 ----a-w C:\Program Files\GIFI0C.prw
2003-10-08 20:01 34,707 ----a-w C:\Program Files\GIFI09.prw
2000-12-21 17:35 568,832 ----a-w C:\Program Files\FL_Ds.dll
2000-12-21 17:34 549,376 ----a-w C:\Program Files\FL_User.dll
2000-11-01 00:39 151,552 ----a-w C:\Program Files\ssleay32.dll
2000-11-01 00:25 692,224 ----a-w C:\Program Files\libeay32.dll
2000-10-27 17:30 103,403 ----a-w C:\Program Files\F1Def-Fr.edb
2000-07-21 20:10 102,256 ----a-w C:\Program Files\F1Def-En.edb
2000-06-05 20:13 52,190 ----a-w C:\Program Files\CPE_09.prw
2000-06-05 20:10 44,265 ----a-w C:\Program Files\CPE_0C.prw
2000-05-30 13:47 718,848 ----a-w C:\Program Files\FL_Serv.dll
2000-05-26 20:14 1,000,448 ----a-w C:\Program Files\FS_User.dll
2000-05-26 19:39 711,168 ----a-w C:\Program Files\FC_User.dll
2000-04-26 23:57 422,912 ----a-w C:\Program Files\FL_Comm.dll
2000-04-26 20:18 545,792 ----a-w C:\Program Files\FS_Ping.dll
2000-04-25 18:47 594,432 ----a-w C:\Program Files\FL_Utils.dll
2000-04-25 18:37 46,080 ----a-w C:\Program Files\FL_Frame.dll
1999-04-07 20:11 1,702 ----a-w C:\Program Files\Can_09.ftw
1999-03-10 16:42 5,986 ----a-w C:\Program Files\Assura0C.prw
1999-03-03 21:36 4,849 ----a-w C:\Program Files\Veteri0C.prw
1999-03-03 21:36 3,825 ----a-w C:\Program Files\Voyage0C.prw
1999-03-03 21:12 6,759 ----a-w C:\Program Files\Statio0C.prw
1999-03-03 21:10 5,135 ----a-w C:\Program Files\Quille0C.prw
1999-03-03 21:09 6,016 ----a-w C:\Program Files\Pharma0C.prw
1999-03-03 21:05 7,438 ----a-w C:\Program Files\Garage0C.prw
1999-03-03 21:01 4,965 ----a-w C:\Program Files\Coiffu0C.prw
1999-03-03 20:59 5,371 ----a-w C:\Program Files\Acupun0C.prw
1999-03-03 20:59 5,216 ----a-w C:\Program Files\AgentI0C.prw
1999-03-03 20:54 4,729 ----a-w C:\Program Files\Veteri09.prw
1999-03-03 20:53 3,681 ----a-w C:\Program Files\Travel09.prw
1999-03-03 20:52 3,799 ----a-w C:\Program Files\Teachi09.prw
1999-03-03 20:52 3,683 ----a-w C:\Program Files\Transp09.prw
1999-03-03 20:51 5,226 ----a-w C:\Program Files\Restau09.prw
1999-03-03 20:49 4,667 ----a-w C:\Program Files\Manufa09.prw
1999-03-03 20:48 4,359 ----a-w C:\Program Files\Insura09.prw
2005-06-05 03:28 4,704 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 307200]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-08 67128]
"WeatherEye"="C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe" [2008-05-30 4501912]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-08-02 7110656]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 406016]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-08-02 86016]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-05-31 917504]
"IPInSightMonitor 01"="C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe" [2002-04-20 102400]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"a-squared"="C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" [2008-10-04 2776720]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-10-06 1783808]
"nwiz"="nwiz.exe" [2005-08-02 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-01-26 110592]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax
"VIDC.MJPG"= Pvmjpg21.dll
"vidc.3ivx"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv0"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv1"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv2"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3ivd"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\ACE Mega CoDecS Pack\\Media Player Classic\\mplayerc.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 MemAlloc;MemAlloc;C:\WINDOWS\system32\DRIVERS\memalloc.sys [2002-08-26 5543]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-10-06 141312]
R3 BENDER;Pinnacle DV/AV Capture;C:\WINDOWS\system32\drivers\bender.sys [2003-09-25 180480]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 33792]
S1 LStone;Pinnacle Systems Studio AV/DV Overlay;C:\WINDOWS\system32\DRIVERS\lstone2k.sys [2002-12-10 256113]
S2 LF30FS;LF30FS;C:\Program Files\Everstrike Software\Lock Folder XP 3.5\LF30XP.sys [ ]
S3 cdrmkaun;cdrmkaun;C:\DOCUME~1\LINE~1.LIN\LOCALS~1\Temp\cdrmkaun.sys [ ]

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'

2008-10-07 C:\WINDOWS\Tasks\At1.job
- C:\WINDOWS\system32\54K7vYLf.exe []

2008-10-07 C:\WINDOWS\Tasks\At10.job
- C:\WINDOWS\system32\54K7vYLf.exe []

2008-10-07 C:\WINDOWS\Tasks\At11.job
- C:\WINDOWS\system32\54K7vYLf.exe []

2008-10-07 C:\WINDOWS\Tasks\At12.job
- C:\WINDOWS\system32\54K7vYLf.exe []

2008-10-07 C:\WINDOWS\Tasks\At13.job
- C:\WINDOWS\system32\54K7vYLf.exe []

2008-10-07 C:\WINDOWS\Tasks\At14.job
- C:\WINDOWS\system32\54K7vYLf.exe []

2008-10-07 C:\WINDOWS\Tasks\At15.job
- C:\WINDOWS\system32\54K7vYLf.exe []

2008-10-06 C:\WINDOWS\Tasks\At16.job
- C:\WINDOWS\system32\54K7vYLf.exe []

2008-10-06 C:\WINDOWS\Tasks\At17.job
- C:\WINDOWS\system32\54K7vYLf.exe []

2008-10-05 C:\WINDOWS\Tasks\At18.job
- C:\WINDOWS\system32\54K7vYLf.exe []

2008-10-05 C:\WINDOWS\Tasks\At19.job
- C:\WINDOWS\system32\54K7vYLf.exe []

2008-10-04 C:\WINDOWS\Tasks\At2.job
- C:\WINDOWS\system32\54K7vYLf.exe []

2008-10-06 C:\WINDOWS\Tasks\At20.job
- C:\WINDOWS\system32\54K7vYLf.exe []

2008-10-07 C:\WINDOWS\Tasks\At21.job
- C:\WINDOWS\system32\54K7vYLf.exe []

2008-10-07 C:\WINDOWS\Tasks\At22.job
- C:\WINDOWS\system32\54K7vYLf.exe []

2008-10-07 C:\WINDOWS\Tasks\At23.job
- C:\WINDOWS\system32\54K7vYLf.exe []

2008-10-07 C:\WINDOWS\Tasks\At24.job
- C:\WINDOWS\system32\54K7vYLf.exe []

2008-10-07 C:\WINDOWS\Tasks\At25.job
- C:\WINDOWS\system32\winmds.exe []

2008-10-04 C:\WINDOWS\Tasks\At26.job
- C:\WINDOWS\system32\winmds.exe []

2008-10-04 C:\WINDOWS\Tasks\At27.job
- C:\WINDOWS\system32\winmds.exe []

2008-10-01 C:\WINDOWS\Tasks\At28.job
- C:\WINDOWS\system32\winmds.exe []

2008-08-06 C:\WINDOWS\Tasks\At29.job
- C:\WINDOWS\system32\winmds.exe []

2008-10-04 C:\WINDOWS\Tasks\At3.job
- C:\WINDOWS\system32\54K7vYLf.exe []

2007-08-07 C:\WINDOWS\Tasks\At30.job
- C:\WINDOWS\system32\winmds.exe []

2008-01-22 C:\WINDOWS\Tasks\At31.job
- C:\WINDOWS\system32\winmds.exe []

2008-08-13 C:\WINDOWS\Tasks\At32.job
- C:\WINDOWS\system32\winmds.exe []

2008-09-25 C:\WINDOWS\Tasks\At33.job
- C:\WINDOWS\system32\winmds.exe []

2008-10-07 C:\WINDOWS\Tasks\At34.job
- C:\WINDOWS\system32\winmds.exe []

2008-10-07 C:\WINDOWS\Tasks\At35.job
- C:\WINDOWS\system32\winmds.exe []

2008-10-07 C:\WINDOWS\Tasks\At36.job
- C:\WINDOWS\system32\winmds.exe []

2008-10-07 C:\WINDOWS\Tasks\At37.job
- C:\WINDOWS\system32\winmds.exe []

2008-10-07 C:\WINDOWS\Tasks\At38.job
- C:\WINDOWS\system32\winmds.exe []

2008-10-07 C:\WINDOWS\Tasks\At39.job
- C:\WINDOWS\system32\winmds.exe []

2008-10-01 C:\WINDOWS\Tasks\At4.job
- C:\WINDOWS\system32\54K7vYLf.exe []

2008-10-06 C:\WINDOWS\Tasks\At40.job
- C:\WINDOWS\system32\winmds.exe []

2008-10-06 C:\WINDOWS\Tasks\At41.job
- C:\WINDOWS\system32\winmds.exe []

2008-10-05 C:\WINDOWS\Tasks\At42.job
- C:\WINDOWS\system32\winmds.exe []

2008-10-05 C:\WINDOWS\Tasks\At43.job
- C:\WINDOWS\system32\winmds.exe []

2008-10-06 C:\WINDOWS\Tasks\At44.job
- C:\WINDOWS\system32\winmds.exe []

2008-10-07 C:\WINDOWS\Tasks\At45.job
- C:\WINDOWS\system32\winmds.exe []

2008-10-07 C:\WINDOWS\Tasks\At46.job
- C:\WINDOWS\system32\winmds.exe []

2008-10-07 C:\WINDOWS\Tasks\At47.job
- C:\WINDOWS\system32\winmds.exe []

2008-10-07 C:\WINDOWS\Tasks\At48.job
- C:\WINDOWS\system32\winmds.exe []

2008-08-06 C:\WINDOWS\Tasks\At5.job
- C:\WINDOWS\system32\54K7vYLf.exe []

2007-08-07 C:\WINDOWS\Tasks\At6.job
- C:\WINDOWS\system32\54K7vYLf.exe []

2008-01-22 C:\WINDOWS\Tasks\At7.job
- C:\WINDOWS\system32\54K7vYLf.exe []

2008-08-13 C:\WINDOWS\Tasks\At8.job
- C:\WINDOWS\system32\54K7vYLf.exe []

2008-09-25 C:\WINDOWS\Tasks\At9.job
- C:\WINDOWS\system32\54K7vYLf.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-PC Pitstop Optimize Reminder - C:\Program Files\PCPitstop\Optimize2\Reminder.exe
HKLM-Run-StandardInstall - (no file)
Notify-WgaLogon - (no file)

.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKCU-Main,Start Page = hxxp://www.freetranslation.com/
R0 -: HKLM-Main,Window Title =
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: Crawler Search - tbr:iemenu
O18 -: Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - %~$path:i
O18 -: Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - %~$path:i

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {17D667BA-5675-4AAB-9221-08B9379384D4} - hxxp://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
C:\WINDOWS\Downloaded Program Files\piczo_fast_uploader.inf
C:\WINDOWS\system32\unicows.dll
C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-07 14:54:25
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

**************************************************************************
.
Heure de fin: 2008-10-07 14:56:42
ComboFix-quarantined-files.txt 2008-10-07 19:55:39

Avant-CF: 12 974 174 208 octets libres
Après-CF: 12,972,408,832 octets libres

361

geoffrey5 · Answer

ok...est ce que tu as encore des problemes ??

Suky · Answer

non pas depuis un bon bout.

Merci de ton aide

geoffrey5 · Answer

ok tu peux faire ceci pour terminer stp :

Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :  

&#x25B6; Télécharge Toolscleaner sur ton Bureau : 

(c est le numéro 15 en bas de la page) 

&#x25B6; Double-clique sur ToolsCleaner2.exe et laisse le travailler 
&#x25B6; Clique sur Recherche et laisse le scan se terminer. 
&#x25B6; Clique sur Suppression pour finaliser. 
&#x25B6; Tu peux, si tu le souhaites, te servir des Options facultatives. 
&#x25B6; Clique sur Quitter, pour que le rapport puisse se créer. 
&#x25B6; Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse




Désactive et réactive la Restauration du système :


Le fait de faire cette manipulation va supprimer tous les virus qui auraient pu se loger dans les
points de restauration que tu avais créé auparavant.. Il est donc recommandé de la faire : 

 
1 Dans la barre des tâches de Windows, clique sur Démarrer.
 
2 Clique avec le bouton droit de la souris sur Poste de travail puis clique sur Propriétés.
 
3 Dans l'onglet Restauration du système, coche "Désactiver la Restauration du système"

4 Clique sur Appliquer.
  
5 Ensuite décoche "Désactiver la restauration du systeme"

6 clique sur appliquer puis ok

7 vas créer un point de restauration en cliquant sur démarrer => tous les programmes => accessoires =>

outils systeme => restauration du systeme => créer un point de restauration => tu mets un nom

(exemple : après désinfection sur CCM) puis tu valides.

Voici un tutoriel en cas de problèmes.(c'est mon site web)

Suky · Answer

[ Rapport ToolsCleaner version 2.2.3 (par A.Rothstein & dj QUIOU) ]

-->- Recherche: 

C:\Combofix.txt: trouvé !
C:\fixnavi.txt: trouvé !
C:\rapport_clean.txt: trouvé !
C:\lopR.txt: trouvé !
C:\TB.txt: trouvé !
C:\SDFIX: trouvé !
C:\FixWareOut: trouvé !
C:\Lop SD: trouvé !
C:\Qoobox: trouvé !
C:\Toolbar SD: trouvé !
C:\Documents and Settings\All Users.WINDOWS\Documents\Mes images\Photos Kodak\SdFix.exe: trouvé !
C:\Documents and Settings\All Users.WINDOWS\Documents\Mes images\Photos Kodak\ToolBarSD.exe: trouvé !
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Internet\HijackThis.exe: trouvé !
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Internet\hijackthis.log: trouvé !
C:\Documents and Settings\Line.LINE-\Bureau\LopSD.exe: trouvé !
C:\Documents and Settings\Line.LINE-\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Line.LINE-\Bureau\lopR.txt: trouvé !
C:\Documents and Settings\Line.LINE-\Menu Démarrer\Programmes\Internet\Navilog1: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !

---------------------------------
-->- Suppression: 

C:\Documents and Settings\All Users.WINDOWS\Documents\Mes images\Photos Kodak\SdFix.exe: supprimé !
C:\Documents and Settings\All Users.WINDOWS\Documents\Mes images\Photos Kodak\ToolBarSD.exe: supprimé !
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Internet\HijackThis.exe: supprimé !
C:\Documents and Settings\Line.LINE-\Bureau\LopSD.exe: supprimé !
C:\Documents and Settings\Line.LINE-\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Combofix.txt: supprimé !
C:\fixnavi.txt: supprimé !
C:\rapport_clean.txt: supprimé !
C:\lopR.txt: supprimé !
C:\TB.txt: supprimé !
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Internet\hijackthis.log: supprimé !
C:\Documents and Settings\Line.LINE-\Bureau\lopR.txt: supprimé !
C:\SDFIX: supprimé !
C:\FixWareOut: supprimé !
C:\Lop SD: supprimé !
C:\Qoobox: supprimé !
C:\Toolbar SD: supprimé !
C:\Documents and Settings\Line.LINE-\Menu Démarrer\Programmes\Internet\Navilog1: supprimé !
C:\Program Files\Navilog1: supprimé !

geoffrey5 · Answer

C est ok  ;-)

tu peux aussi supprimer combofix qui est sur ton bureau

Suky · Answer

Merci beaucoup pour ton aide

Bye

Utilisateur anonyme · Answer

et pense à mettre a jour ton antivirus en version 3 (gratuit) :
https://www.eset.com/

Ordi comtaminé Win32/PrcView application +++

23 réponses

Discussions similaires

Newsletters