Besoin d'aide : hijackthis d'un pc bien infecté

Bonjour,

Télécharge Lop S&D.exe sur ton Bureau.

Double-clique dessus pour lancer l'installation

Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau

Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)

Patiente jusqu'à la fin du scan

Poste le rapport généré (C:\lopR.txt)

(Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

Merci de m'aider ! Le rapport :


-----------------------------[ Lop S&D 2.1.0 ]---------------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Maison ] [ "C:\Program Files\Lop SD" ]
[ 22/01/2008 | 17:45:14,76 ] [ PC : SN300457510009 ]
[ MAJ : 22-01-2008 | 1:40 ]

-------------[ Listing des dossiers dans Application Data ]------------

[22/01/2008|10:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
[22/01/2008|10:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
[15/11/2005|21:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[07/03/2006|21:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[26/09/2003|07:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[30/09/2002|11:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[22/01/2008|16:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option
[22/01/2008|16:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[14/11/2005|19:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft(2)
[18/08/2007|19:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\idle wma bin ford
[22/01/2008|10:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
[10/10/2007|18:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[03/01/2006|21:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[25/03/2004|12:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[05/05/2005|18:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pixelStorm
[11/12/2006|11:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[06/10/2005|16:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[30/09/2002|13:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[21/07/2004|03:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[17/01/2008|12:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\STORE LESS JUGS SURF
[22/01/2008|10:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\This bash seek owns
[15/11/2005|21:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[30/06/2006|20:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[26/09/2003|07:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
[26/09/2003|07:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
[26/09/2003|06:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[30/09/2002|11:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[30/09/2002|12:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[26/09/2003|06:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust
[30/09/2002|11:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[26/09/2003|07:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real

[22/12/2004|11:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
[22/12/2004|11:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
[11/06/2007|12:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[25/12/2007|03:47] C:\DOCUME~1\Maison\APPLIC~1\.
[25/12/2007|03:47] C:\DOCUME~1\Maison\APPLIC~1\..
[15/11/2005|21:13] C:\DOCUME~1\Maison\APPLIC~1\Adobe
[24/12/2004|17:42] C:\DOCUME~1\Maison\APPLIC~1\Ahead
[15/04/2006|13:06] C:\DOCUME~1\Maison\APPLIC~1\Apple Computer
[06/03/2007|15:57] C:\DOCUME~1\Maison\APPLIC~1\BitDownload
[13/07/2004|16:18] C:\DOCUME~1\Maison\APPLIC~1\BPFTP
[06/11/2003|23:09] C:\DOCUME~1\Maison\APPLIC~1\CyberLink
[30/09/2002|11:55] C:\DOCUME~1\Maison\APPLIC~1\desktop.ini
[27/06/2007|14:40] C:\DOCUME~1\Maison\APPLIC~1\DesktopPlayer
[14/11/2005|19:46] C:\DOCUME~1\Maison\APPLIC~1\Dev-Cpp
[09/04/2007|11:48] C:\DOCUME~1\Maison\APPLIC~1\DVD Shrink
[28/07/2006|12:53] C:\DOCUME~1\Maison\APPLIC~1\Google
[22/01/2008|16:18] C:\DOCUME~1\Maison\APPLIC~1\Hamachi
[24/11/2003|18:25] C:\DOCUME~1\Maison\APPLIC~1\Help
[29/07/2006|09:12] C:\DOCUME~1\Maison\APPLIC~1\Identities
[26/09/2003|06:57] C:\DOCUME~1\Maison\APPLIC~1\InterTrust
[24/04/2005|20:31] C:\DOCUME~1\Maison\APPLIC~1\InterVideo
[11/01/2004|22:20] C:\DOCUME~1\Maison\APPLIC~1\Jasc
[11/11/2003|01:31] C:\DOCUME~1\Maison\APPLIC~1\Jasc Software Inc
[08/08/2004|16:24] C:\DOCUME~1\Maison\APPLIC~1\Macromedia
[10/12/2006|11:37] C:\DOCUME~1\Maison\APPLIC~1\MathWorks
[20/05/2007|20:08] C:\DOCUME~1\Maison\APPLIC~1\Microsoft
[01/11/2003|00:58] C:\DOCUME~1\Maison\APPLIC~1\Microsoft Web Folders
[20/02/2005|16:36] C:\DOCUME~1\Maison\APPLIC~1\Mozilla
[27/12/2004|12:17] C:\DOCUME~1\Maison\APPLIC~1\MSN6
[22/01/2008|16:38] C:\DOCUME~1\Maison\APPLIC~1\One Vga
[19/11/2006|18:34] C:\DOCUME~1\Maison\APPLIC~1\PPMate
[08/04/2007|17:09] C:\DOCUME~1\Maison\APPLIC~1\ppstream
[08/04/2004|13:01] C:\DOCUME~1\Maison\APPLIC~1\Real
[20/10/2007|22:59] C:\DOCUME~1\Maison\APPLIC~1\SecuROM
[06/01/2007|14:31] C:\DOCUME~1\Maison\APPLIC~1\SmartFTP
[23/10/2006|18:06] C:\DOCUME~1\Maison\APPLIC~1\Sports Interactive
[05/09/2004|16:19] C:\DOCUME~1\Maison\APPLIC~1\Sun
[18/11/2003|15:09] C:\DOCUME~1\Maison\APPLIC~1\Symantec
[11/08/2004|18:37] C:\DOCUME~1\Maison\APPLIC~1\Talkback
[23/09/2006|16:52] C:\DOCUME~1\Maison\APPLIC~1\Teleca
[22/01/2008|10:05] C:\DOCUME~1\Maison\APPLIC~1\U3
[20/10/2007|20:23] C:\DOCUME~1\Maison\APPLIC~1\uTorrent
[19/01/2004|18:03] C:\DOCUME~1\Maison\APPLIC~1\VERITAS
[27/12/2007|22:56] C:\DOCUME~1\Maison\APPLIC~1\Weflirt
[14/03/2006|09:03] C:\DOCUME~1\Maison\APPLIC~1\Yahoo!
[13/06/2005|23:21] C:\DOCUME~1\Maison\APPLIC~1\Yahoo! Messenger

[30/09/2002|12:09] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
[30/09/2002|12:09] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
[24/09/2006|02:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft


----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[22/01/2008 17:00][--ah-----] C:\WINDOWS\tasks\A33B600591851EB9.job [--264--]
[19/11/2003 23:01][--a------] C:\WINDOWS\tasks\HDReg.job [--192--]
[31/10/2003 21:43][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 3.job [--258--]
[22/01/2008 16:17][--ah-----] C:\WINDOWS\tasks\SA.DAT [--6--]
[30/08/2002 12:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini [--65--]

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[22/01/2008|17:45] C:\Program Files\Lop SD
[22/01/2008|17:44] C:\Program Files\..
[22/01/2008|17:44] C:\Program Files\.
[22/01/2008|16:46] C:\Program Files\Mozilla Firefox
[22/01/2008|16:20] C:\Program Files\Google
[22/01/2008|16:17] C:\Program Files\Internet Explorer
[22/01/2008|10:47] C:\Program Files\ZoneAlarm
[22/01/2008|10:18] C:\Program Files\eMule
[22/01/2008|10:14] C:\Program Files\Avast4
[22/01/2008|09:55] C:\Program Files\FlashGet
[22/01/2008|09:53] C:\Program Files\a-squared Free
[17/01/2008|17:43] C:\Program Files\lx_cats
[17/01/2008|17:15] C:\Program Files\Lexmark Toolbar
[17/01/2008|12:19] C:\Program Files\One Vga
[13/01/2008|04:33] C:\Program Files\IDoser v4
[04/01/2008|01:05] C:\Program Files\LaBoiteACouleurs
[08/12/2007|00:03] C:\Program Files\Hamachi
[06/12/2007|22:07] C:\Program Files\Steam
[30/10/2007|01:02] C:\Program Files\Outlook Express
[29/10/2007|18:41] C:\Program Files\WindowsUpdate
[28/10/2007|15:53] C:\Program Files\Fichiers communs
[20/10/2007|22:54] C:\Program Files\Sports Interactive
[20/10/2007|20:31] C:\Program Files\DAEMON Tools
[20/10/2007|14:38] C:\Program Files\uTorrent
[11/10/2007|20:52] C:\Program Files\SAMSUNG
[11/10/2007|20:52] C:\Program Files\InstallShield Installation Information
[10/10/2007|18:33] C:\Program Files\Messenger Plus! Live
[10/10/2007|18:33] C:\Program Files\Windows Live
[10/10/2007|18:33] C:\Program Files\MSN Messenger
[14/07/2007|01:55] C:\Program Files\mIRC
[29/06/2007|15:51] C:\Program Files\Common Files
[01/06/2007|07:59] C:\Program Files\Winamp
[08/04/2007|17:09] C:\Program Files\PPMate
[08/03/2007|23:26] C:\Program Files\BitDownload
[07/03/2007|17:55] C:\Program Files\WinRAR
[31/01/2007|14:39] C:\Program Files\Virtools
[20/01/2007|00:08] C:\Program Files\Viewpoint
[18/11/2006|13:57] C:\Program Files\Incomplete
[26/10/2006|14:40] C:\Program Files\a2 free
[26/05/2006|22:27] C:\Program Files\Java
[12/05/2006|17:57] C:\Program Files\WFLUtil
[25/04/2006|21:33] C:\Program Files\Windows Media Player
[07/03/2006|21:26] C:\Program Files\QuickTime
[14/11/2005|19:38] C:\Program Files\MSN
[13/06/2005|23:14] C:\Program Files\Yahoo!
[24/04/2005|20:29] C:\Program Files\Creative
[23/04/2005|16:53] C:\Program Files\7-Zip
[11/03/2005|19:18] C:\Program Files\adobe
[01/03/2005|18:01] C:\Program Files\Sega
[22/01/2005|21:42] C:\Program Files\Movie Maker
[22/01/2005|21:40] C:\Program Files\NetMeeting
[22/01/2005|21:39] C:\Program Files\Windows NT
[22/01/2005|12:31] C:\Program Files\ATI Technologies
[23/12/2004|18:15] C:\Program Files\Ahead
[22/11/2004|19:40] C:\Program Files\Infogrames
[13/11/2004|18:24] C:\Program Files\Zero G Registry
[19/09/2004|15:55] C:\Program Files\XviD
[19/09/2004|15:45] C:\Program Files\Satsuki Decoder Pack
[19/09/2004|15:40] C:\Program Files\GSpot
[31/08/2004|15:03] C:\Program Files\AWicons Lite
[14/08/2004|09:59] C:\Program Files\Uninstall Information
[02/08/2004|16:26] C:\Program Files\Temp
[30/07/2004|17:05] C:\Program Files\TryMedia
[21/07/2004|02:53] C:\Program Files\Spybot - Search & Destroy
[21/06/2004|12:50] C:\Program Files\EHMINSTALL
[06/01/2004|21:19] C:\Program Files\Jasc Software Inc
[15/11/2003|13:40] C:\Program Files\Agfa
[05/11/2003|16:58] C:\Program Files\directx
[01/11/2003|13:40] C:\Program Files\JavaSoft
[01/11/2003|00:58] C:\Program Files\Microsoft Office
[01/11/2003|00:58] C:\Program Files\microsoft frontpage
[26/09/2003|07:05] C:\Program Files\CyberLink
[26/09/2003|07:01] C:\Program Files\Microsoft Visual Studio
[26/09/2003|07:00] C:\Program Files\Real
[30/09/2002|12:05] C:\Program Files\xerox
[30/09/2002|12:00] C:\Program Files\Services en ligne
[30/09/2002|12:00] C:\Program Files\MSN Gaming Zone

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[22/01/2008|10:10] C:\Program Files\Fichiers communs\Symantec Shared
[30/10/2007|01:02] C:\Program Files\Fichiers communs\System
[28/10/2007|15:53] C:\Program Files\Fichiers communs\..
[28/10/2007|15:53] C:\Program Files\Fichiers communs\.
[27/06/2007|14:55] C:\Program Files\Fichiers communs\Microsoft Shared
[19/11/2006|18:33] C:\Program Files\Fichiers communs\Synacast
[23/10/2006|17:37] C:\Program Files\Fichiers communs\InstallShield
[23/09/2006|17:43] C:\Program Files\Fichiers communs\Teleca Shared
[06/10/2005|16:40] C:\Program Files\Fichiers communs\Logitech
[25/04/2005|10:55] C:\Program Files\Fichiers communs\InterVideo
[09/03/2005|17:28] C:\Program Files\Fichiers communs\Vbox
[09/03/2005|17:27] C:\Program Files\Fichiers communs\Adobe
[23/12/2004|18:15] C:\Program Files\Fichiers communs\Ahead
[05/09/2004|16:12] C:\Program Files\Fichiers communs\Java
[28/08/2004|17:03] C:\Program Files\Fichiers communs\NSV
[02/08/2004|16:17] C:\Program Files\Fichiers communs\TI Shared
[08/04/2004|00:48] C:\Program Files\Fichiers communs\xing shared
[08/04/2004|00:48] C:\Program Files\Fichiers communs\TVNavigTechnologies Shared
[26/09/2003|07:01] C:\Program Files\Fichiers communs\Designer
[26/09/2003|07:00] C:\Program Files\Fichiers communs\Real
[30/09/2002|12:02] C:\Program Files\Fichiers communs\Services
[30/09/2002|12:02] C:\Program Files\Fichiers communs\MSSoap
[30/09/2002|11:55] C:\Program Files\Fichiers communs\ODBC
[30/09/2002|11:55] C:\Program Files\Fichiers communs\SpeechEngines

----------------------[ Recherche avec S_Lop ]---------------------

C:\DOCUME~1\NETWOR~1\APPLIC~1\ONEVGA~1

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option
C:\DOCUME~1\ALLUSE~1\APPLIC~1\STORE LESS JUGS SURF
C:\DOCUME~1\ALLUSE~1\APPLIC~1\STORE LESS JUGS SURF\Way Amok.exe
C:\DOCUME~1\Maison\APPLIC~1\Bitdownload
C:\DOCUME~1\Maison\APPLIC~1\Bitdownload\Data
C:\Program Files\Bitdownload
C:\Program Files\Bitdownload\BitDownload.TRC
C:\Program Files\Bitdownload\ZM
C:\WINDOWS\Tasks\A33B600591851EB9.job

----------------------[ Verification du Registre ]----------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\uninstall\hope spam 01]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\Maison\\APPLIC~1\\ONEVGA~1\\once show.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Style flag"="C:\\DOCUME~1\\Maison\\APPLIC~1\\ONEVGA~1\\once show.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jugs Surf Inter Media"="C:\\Documents and Settings\\All Users\\Application Data\\STORE LESS JUGS SURF\\Way Amok.exe"

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts MODIFIE

127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-22 17:48:05
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwEnumerateKey, ZwEnumerateValueKey, ZwQueryDirectoryFile, ZwQuerySystemInformation
scanning hidden files ...
C:\WINDOWS\System32\jcjtvbhuo.dat 6933 bytes
C:\WINDOWS\System32\jcjtvbhuo.exe 297472 bytes executable
C:\WINDOWS\System32\jcjtvbhuo_nav.dat 362173 bytes
C:\WINDOWS\System32\jcjtvbhuo_navps.dat 4402 bytes
scan completed successfully
hidden files: 4

--------------------[ Recherche d'autres infections ]---------------------

C:\WINDOWS\system32\nvs2.inf
! EGDACCESS !

C:\WINDOWS\system32\ihkmp.bak1
C:\WINDOWS\system32\ihkmp.bak2
C:\WINDOWS\system32\ihkmp.ini2
! VUNDO Possible !


/!\ [Fich:19][Doss:11] C:\DOCUME~1\Maison\LOCALS~1\Temp
/!\ [Fich:3111][Doss:4] C:\DOCUME~1\Maison\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 17:50:35,26 ]----------------------

Re,

Relance Lop S&D

Choisis cette fois ci l'Option 2 (Suppression)

Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré (C:\lopR.txt)

(Si le Bureau ne réapparît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

Re, voilà :


-----------------------------[ Lop S&D 2.1.0 ]---------------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Maison ] [ "C:\Program Files\Lop SD" ]
[ 22/01/2008 | 18:04:47,26 ] [ PC : SN300457510009 ]
[ MAJ : 22-01-2008 | 1:40 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

Echec ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\STORE LESS JUGS SURF\Way Amok.exe
Echec ! - C:\DOCUME~1\Maison\APPLIC~1\Bitdownload\Data
Supprimé! - C:\Program Files\Bitdownload\BitDownload.TRC
Echec ! - C:\Program Files\Bitdownload\ZM
Supprimé! - C:\WINDOWS\Tasks\A33B600591851EB9.job
Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option
Echec ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\STORE LESS JUGS SURF
Supprimé! - C:\DOCUME~1\Maison\APPLIC~1\Bitdownload
Supprimé! - C:\Program Files\Bitdownload
Supprimé! - C:\Program Files\ONEVGA~1
Restauré! - Fichier Hosts

\\\\\\\\\\\\\\\\\\\\\\\\\\\ DEUXIEME PASSAGE ///////////////////////////

Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\STORE LESS JUGS SURF\Way Amok.exe
Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\STORE LESS JUGS SURF

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


-------------[ Listing des dossiers dans Application Data ]------------

[22/01/2008|18:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
[22/01/2008|18:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
[15/11/2005|21:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[07/03/2006|21:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[26/09/2003|07:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[30/09/2002|11:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[22/01/2008|16:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[14/11/2005|19:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft(2)
[18/08/2007|19:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\idle wma bin ford
[22/01/2008|10:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
[10/10/2007|18:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[03/01/2006|21:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[25/03/2004|12:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[05/05/2005|18:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pixelStorm
[11/12/2006|11:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[06/10/2005|16:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[30/09/2002|13:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[21/07/2004|03:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[22/01/2008|10:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\This bash seek owns
[15/11/2005|21:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[30/06/2006|20:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[26/09/2003|07:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
[26/09/2003|07:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
[26/09/2003|06:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[30/09/2002|11:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[30/09/2002|12:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[26/09/2003|06:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust
[30/09/2002|11:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[26/09/2003|07:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real

[22/12/2004|11:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
[22/12/2004|11:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
[11/06/2007|12:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[22/01/2008|18:05] C:\DOCUME~1\Maison\APPLIC~1\.
[22/01/2008|18:05] C:\DOCUME~1\Maison\APPLIC~1\..
[15/11/2005|21:13] C:\DOCUME~1\Maison\APPLIC~1\Adobe
[24/12/2004|17:42] C:\DOCUME~1\Maison\APPLIC~1\Ahead
[15/04/2006|13:06] C:\DOCUME~1\Maison\APPLIC~1\Apple Computer
[13/07/2004|16:18] C:\DOCUME~1\Maison\APPLIC~1\BPFTP
[06/11/2003|23:09] C:\DOCUME~1\Maison\APPLIC~1\CyberLink
[30/09/2002|11:55] C:\DOCUME~1\Maison\APPLIC~1\desktop.ini
[27/06/2007|14:40] C:\DOCUME~1\Maison\APPLIC~1\DesktopPlayer
[14/11/2005|19:46] C:\DOCUME~1\Maison\APPLIC~1\Dev-Cpp
[09/04/2007|11:48] C:\DOCUME~1\Maison\APPLIC~1\DVD Shrink
[28/07/2006|12:53] C:\DOCUME~1\Maison\APPLIC~1\Google
[22/01/2008|16:18] C:\DOCUME~1\Maison\APPLIC~1\Hamachi
[24/11/2003|18:25] C:\DOCUME~1\Maison\APPLIC~1\Help
[29/07/2006|09:12] C:\DOCUME~1\Maison\APPLIC~1\Identities
[26/09/2003|06:57] C:\DOCUME~1\Maison\APPLIC~1\InterTrust
[24/04/2005|20:31] C:\DOCUME~1\Maison\APPLIC~1\InterVideo
[11/01/2004|22:20] C:\DOCUME~1\Maison\APPLIC~1\Jasc
[11/11/2003|01:31] C:\DOCUME~1\Maison\APPLIC~1\Jasc Software Inc
[08/08/2004|16:24] C:\DOCUME~1\Maison\APPLIC~1\Macromedia
[10/12/2006|11:37] C:\DOCUME~1\Maison\APPLIC~1\MathWorks
[20/05/2007|20:08] C:\DOCUME~1\Maison\APPLIC~1\Microsoft
[01/11/2003|00:58] C:\DOCUME~1\Maison\APPLIC~1\Microsoft Web Folders
[20/02/2005|16:36] C:\DOCUME~1\Maison\APPLIC~1\Mozilla
[27/12/2004|12:17] C:\DOCUME~1\Maison\APPLIC~1\MSN6
[22/01/2008|16:38] C:\DOCUME~1\Maison\APPLIC~1\One Vga
[19/11/2006|18:34] C:\DOCUME~1\Maison\APPLIC~1\PPMate
[08/04/2007|17:09] C:\DOCUME~1\Maison\APPLIC~1\ppstream
[08/04/2004|13:01] C:\DOCUME~1\Maison\APPLIC~1\Real
[20/10/2007|22:59] C:\DOCUME~1\Maison\APPLIC~1\SecuROM
[06/01/2007|14:31] C:\DOCUME~1\Maison\APPLIC~1\SmartFTP
[23/10/2006|18:06] C:\DOCUME~1\Maison\APPLIC~1\Sports Interactive
[05/09/2004|16:19] C:\DOCUME~1\Maison\APPLIC~1\Sun
[18/11/2003|15:09] C:\DOCUME~1\Maison\APPLIC~1\Symantec
[11/08/2004|18:37] C:\DOCUME~1\Maison\APPLIC~1\Talkback
[23/09/2006|16:52] C:\DOCUME~1\Maison\APPLIC~1\Teleca
[22/01/2008|10:05] C:\DOCUME~1\Maison\APPLIC~1\U3
[20/10/2007|20:23] C:\DOCUME~1\Maison\APPLIC~1\uTorrent
[19/01/2004|18:03] C:\DOCUME~1\Maison\APPLIC~1\VERITAS
[27/12/2007|22:56] C:\DOCUME~1\Maison\APPLIC~1\Weflirt
[14/03/2006|09:03] C:\DOCUME~1\Maison\APPLIC~1\Yahoo!
[13/06/2005|23:21] C:\DOCUME~1\Maison\APPLIC~1\Yahoo! Messenger

[30/09/2002|12:09] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
[30/09/2002|12:09] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
[24/09/2006|02:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft


----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[19/11/2003 23:01][--a------] C:\WINDOWS\tasks\HDReg.job [--192--]
[31/10/2003 21:43][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 3.job [--258--]
[22/01/2008 16:17][--ah-----] C:\WINDOWS\tasks\SA.DAT [--6--]
[30/08/2002 12:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini [--65--]

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[22/01/2008|18:05] C:\Program Files\Lop SD
[22/01/2008|18:05] C:\Program Files\..
[22/01/2008|18:05] C:\Program Files\.
[22/01/2008|16:46] C:\Program Files\Mozilla Firefox
[22/01/2008|16:20] C:\Program Files\Google
[22/01/2008|16:17] C:\Program Files\Internet Explorer
[22/01/2008|10:47] C:\Program Files\ZoneAlarm
[22/01/2008|10:18] C:\Program Files\eMule
[22/01/2008|10:14] C:\Program Files\Avast4
[22/01/2008|09:55] C:\Program Files\FlashGet
[22/01/2008|09:53] C:\Program Files\a-squared Free
[17/01/2008|17:43] C:\Program Files\lx_cats
[17/01/2008|17:15] C:\Program Files\Lexmark Toolbar
[13/01/2008|04:33] C:\Program Files\IDoser v4
[04/01/2008|01:05] C:\Program Files\LaBoiteACouleurs
[08/12/2007|00:03] C:\Program Files\Hamachi
[06/12/2007|22:07] C:\Program Files\Steam
[30/10/2007|01:02] C:\Program Files\Outlook Express
[29/10/2007|18:41] C:\Program Files\WindowsUpdate
[28/10/2007|15:53] C:\Program Files\Fichiers communs
[20/10/2007|22:54] C:\Program Files\Sports Interactive
[20/10/2007|20:31] C:\Program Files\DAEMON Tools
[20/10/2007|14:38] C:\Program Files\uTorrent
[11/10/2007|20:52] C:\Program Files\SAMSUNG
[11/10/2007|20:52] C:\Program Files\InstallShield Installation Information
[10/10/2007|18:33] C:\Program Files\Messenger Plus! Live
[10/10/2007|18:33] C:\Program Files\Windows Live
[10/10/2007|18:33] C:\Program Files\MSN Messenger
[14/07/2007|01:55] C:\Program Files\mIRC
[29/06/2007|15:51] C:\Program Files\Common Files
[01/06/2007|07:59] C:\Program Files\Winamp
[08/04/2007|17:09] C:\Program Files\PPMate
[07/03/2007|17:55] C:\Program Files\WinRAR
[31/01/2007|14:39] C:\Program Files\Virtools
[20/01/2007|00:08] C:\Program Files\Viewpoint
[18/11/2006|13:57] C:\Program Files\Incomplete
[26/10/2006|14:40] C:\Program Files\a2 free
[26/05/2006|22:27] C:\Program Files\Java
[12/05/2006|17:57] C:\Program Files\WFLUtil
[25/04/2006|21:33] C:\Program Files\Windows Media Player
[07/03/2006|21:26] C:\Program Files\QuickTime
[14/11/2005|19:38] C:\Program Files\MSN
[13/06/2005|23:14] C:\Program Files\Yahoo!
[24/04/2005|20:29] C:\Program Files\Creative
[23/04/2005|16:53] C:\Program Files\7-Zip
[11/03/2005|19:18] C:\Program Files\adobe
[01/03/2005|18:01] C:\Program Files\Sega
[22/01/2005|21:42] C:\Program Files\Movie Maker
[22/01/2005|21:40] C:\Program Files\NetMeeting
[22/01/2005|21:39] C:\Program Files\Windows NT
[22/01/2005|12:31] C:\Program Files\ATI Technologies
[23/12/2004|18:15] C:\Program Files\Ahead
[22/11/2004|19:40] C:\Program Files\Infogrames
[13/11/2004|18:24] C:\Program Files\Zero G Registry
[19/09/2004|15:55] C:\Program Files\XviD
[19/09/2004|15:45] C:\Program Files\Satsuki Decoder Pack
[19/09/2004|15:40] C:\Program Files\GSpot
[31/08/2004|15:03] C:\Program Files\AWicons Lite
[14/08/2004|09:59] C:\Program Files\Uninstall Information
[02/08/2004|16:26] C:\Program Files\Temp
[30/07/2004|17:05] C:\Program Files\TryMedia
[21/07/2004|02:53] C:\Program Files\Spybot - Search & Destroy
[21/06/2004|12:50] C:\Program Files\EHMINSTALL
[06/01/2004|21:19] C:\Program Files\Jasc Software Inc
[15/11/2003|13:40] C:\Program Files\Agfa
[05/11/2003|16:58] C:\Program Files\directx
[01/11/2003|13:40] C:\Program Files\JavaSoft
[01/11/2003|00:58] C:\Program Files\Microsoft Office
[01/11/2003|00:58] C:\Program Files\microsoft frontpage
[26/09/2003|07:05] C:\Program Files\CyberLink
[26/09/2003|07:01] C:\Program Files\Microsoft Visual Studio
[26/09/2003|07:00] C:\Program Files\Real
[30/09/2002|12:05] C:\Program Files\xerox
[30/09/2002|12:00] C:\Program Files\Services en ligne
[30/09/2002|12:00] C:\Program Files\MSN Gaming Zone

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[22/01/2008|10:10] C:\Program Files\Fichiers communs\Symantec Shared
[30/10/2007|01:02] C:\Program Files\Fichiers communs\System
[28/10/2007|15:53] C:\Program Files\Fichiers communs\..
[28/10/2007|15:53] C:\Program Files\Fichiers communs\.
[27/06/2007|14:55] C:\Program Files\Fichiers communs\Microsoft Shared
[19/11/2006|18:33] C:\Program Files\Fichiers communs\Synacast
[23/10/2006|17:37] C:\Program Files\Fichiers communs\InstallShield
[23/09/2006|17:43] C:\Program Files\Fichiers communs\Teleca Shared
[06/10/2005|16:40] C:\Program Files\Fichiers communs\Logitech
[25/04/2005|10:55] C:\Program Files\Fichiers communs\InterVideo
[09/03/2005|17:28] C:\Program Files\Fichiers communs\Vbox
[09/03/2005|17:27] C:\Program Files\Fichiers communs\Adobe
[23/12/2004|18:15] C:\Program Files\Fichiers communs\Ahead
[05/09/2004|16:12] C:\Program Files\Fichiers communs\Java
[28/08/2004|17:03] C:\Program Files\Fichiers communs\NSV
[02/08/2004|16:17] C:\Program Files\Fichiers communs\TI Shared
[08/04/2004|00:48] C:\Program Files\Fichiers communs\xing shared
[08/04/2004|00:48] C:\Program Files\Fichiers communs\TVNavigTechnologies Shared
[26/09/2003|07:01] C:\Program Files\Fichiers communs\Designer
[26/09/2003|07:00] C:\Program Files\Fichiers communs\Real
[30/09/2002|12:02] C:\Program Files\Fichiers communs\Services
[30/09/2002|12:02] C:\Program Files\Fichiers communs\MSSoap
[30/09/2002|11:55] C:\Program Files\Fichiers communs\ODBC
[30/09/2002|11:55] C:\Program Files\Fichiers communs\SpeechEngines

----------------------[ Recherche avec S_Lop ]---------------------

C:\DOCUME~1\NETWOR~1\APPLIC~1\ONEVGA~1

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

C:\DOCUME~1\Maison\Bureau\cjb2400FR.exe
C:\DOCUME~1\Maison\Bureau\Counter-Strike Source.lnk
C:\WINDOWS\Prefetch\CATCHME.EXE-1D32D86E.pf
C:\WINDOWS\Prefetch\CCPWDSVC.EXE-080478F2.pf
C:\WINDOWS\Prefetch\CCPXYSVC.EXE-16B575A0.pf
C:\WINDOWS\Prefetch\CHKUPD.EXE-33FD45BA.pf
C:\WINDOWS\Prefetch\CMD.EXE-034B0549.pf
C:\DOCUME~1\Maison\Cookies\maison@estat[1].txt
C:\DOCUME~1\Maison\Cookies\maison@idregie[2].txt
C:\DOCUME~1\Maison\Cookies\maison@hitbox[2].txt
C:\DOCUME~1\Maison\Cookies\maison@www.zonealarm[1].txt
C:\DOCUME~1\Maison\Cookies\maison@atdmt[2].txt
C:\DOCUME~1\Maison\Cookies\maison@i2as.idregie[1].txt
C:\DOCUME~1\Maison\Cookies\maison@spartoo[1].txt
C:\DOCUME~1\Maison\Cookies\maison@tomsguide[1].txt
C:\DOCUME~1\Maison\Cookies\maison@serving-sys[2].txt
C:\DOCUME~1\Maison\Cookies\maison@www.adserver5[1].txt
C:\DOCUME~1\Maison\Cookies\maison@iapref.orange[1].txt
C:\DOCUME~1\Maison\Cookies\maison@www.mediatis[2].txt
C:\DOCUME~1\Maison\Cookies\maison@1062308990[2].txt
C:\DOCUME~1\Maison\Cookies\maison@720430a3-e5e5-49c0-80e7-7b1062ad69b2.statcamp[2].txt
C:\DOCUME~1\Maison\Cookies\maison@abonnement.aliceadsl[1].txt
C:\DOCUME~1\Maison\Cookies\maison@adopt.euroclick[1].txt
C:\DOCUME~1\Maison\Cookies\maison@adtech[1].txt
C:\DOCUME~1\Maison\Cookies\maison@aliceadsl[1].txt
C:\DOCUME~1\Maison\Cookies\maison@alicebox[1].txt
C:\DOCUME~1\Maison\Cookies\maison@banner.cotedazurpalace[2].txt
C:\DOCUME~1\Maison\Cookies\maison@bestofmicro[1].txt
C:\DOCUME~1\Maison\Cookies\maison@cassava[1].txt
C:\DOCUME~1\Maison\Cookies\maison@cdiscount[1].txt
C:\DOCUME~1\Maison\Cookies\maison@cotedazurpalace[1].txt
C:\DOCUME~1\Maison\Cookies\maison@cybermonitor[1].txt
C:\DOCUME~1\Maison\Cookies\maison@doubleclick[1].txt
C:\DOCUME~1\Maison\Cookies\maison@ehg-telecomitalia.hitbox[1].txt
C:\DOCUME~1\Maison\Cookies\maison@em.pc-on-internet[2].txt
C:\DOCUME~1\Maison\Cookies\maison@emjcd[2].txt
C:\DOCUME~1\Maison\Cookies\maison@fastclick[2].txt
C:\DOCUME~1\Maison\Cookies\maison@fp.pc-on-internet[2].txt
C:\DOCUME~1\Maison\Cookies\maison@hijackthis[1].txt
C:\DOCUME~1\Maison\Cookies\maison@partners-finances[1].txt
C:\DOCUME~1\Maison\Cookies\maison@presence-pc.fr.intellitxt[1].txt
C:\DOCUME~1\Maison\Cookies\maison@presence-pc[2].txt
C:\DOCUME~1\Maison\Cookies\maison@pubs.rueducommerce[1].txt
C:\DOCUME~1\Maison\Cookies\maison@reactivpub[1].txt
C:\DOCUME~1\Maison\Cookies\maison@redcatsusa[1].txt
C:\DOCUME~1\Maison\Cookies\maison@roxypalace[1].txt
C:\DOCUME~1\Maison\Cookies\maison@rueducommerce[2].txt
C:\DOCUME~1\Maison\Cookies\maison@sc.intellitxt[1].txt
C:\DOCUME~1\Maison\Cookies\maison@track.effiliation[1].txt
C:\DOCUME~1\Maison\Cookies\maison@tracker.affistats[2].txt
C:\DOCUME~1\Maison\Cookies\maison@www.bestofmicro[2].txt
C:\DOCUME~1\Maison\Cookies\maison@www.boutiquepros.bouyguestelecom[1].txt
C:\DOCUME~1\Maison\Cookies\maison@www.buycentral[2].txt
C:\DOCUME~1\Maison\Cookies\maison@www.casinobellini[1].txt
C:\DOCUME~1\Maison\Cookies\maison@www.casinotropez[1].txt
C:\DOCUME~1\Maison\Cookies\maison@www.france-credit[1].txt
C:\DOCUME~1\Maison\Cookies\maison@www.partners-finances[1].txt
C:\DOCUME~1\Maison\Cookies\maison@www.presence-pc[2].txt
C:\DOCUME~1\Maison\Cookies\maison@www.priceminister[2].txt
C:\DOCUME~1\Maison\Cookies\maison@www.roxypalace[1].txt
C:\DOCUME~1\Maison\Cookies\maison@www.utarget.co[1].txt

----------------------[ Verification du Registre ]----------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\uninstall\hope spam 01]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\Maison\\APPLIC~1\\ONEVGA~1\\once show.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"ACTIVBOARD"="c:\\apps\\ABoard\\ABoard.exe"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"jcjtvbhuo"="c:\\windows\\system32\\jcjtvbhuo.exe jcjtvbhuo"
"avast!"="C:\\PROGRA~1\\Avast4\\ashDisp.exe"
"ZoneAlarm Client"="\"C:\\Program Files\\ZoneAlarm\\zlclient.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE


----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-22 18:09:21
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwEnumerateKey, ZwEnumerateValueKey, ZwQueryDirectoryFile, ZwQuerySystemInformation
scanning hidden files ...
C:\WINDOWS\System32\jcjtvbhuo.dat 6933 bytes
C:\WINDOWS\System32\jcjtvbhuo.exe 297472 bytes executable
C:\WINDOWS\System32\jcjtvbhuo_nav.dat 362173 bytes
C:\WINDOWS\System32\jcjtvbhuo_navps.dat 4402 bytes
scan completed successfully
hidden files: 4

--------------------[ Recherche d'autres infections ]---------------------

C:\WINDOWS\system32\nvs2.inf
! EGDACCESS !

C:\WINDOWS\system32\ihkmp.bak1
C:\WINDOWS\system32\ihkmp.bak2
C:\WINDOWS\system32\ihkmp.ini2
! VUNDO Possible !


/!\ [Fich:19][Doss:11] C:\DOCUME~1\Maison\LOCALS~1\Temp
/!\ [Fich:3223][Doss:4] C:\DOCUME~1\Maison\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 18:10:21,10 ]----------------------

Re,

Télécharge Navilog1.exe (IL-MAFIOSO)
Enregistre-le sur ton Bureau.
Lance l'installation en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
[#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse

NOTE : Le rapport se trouve également ici : C:\fixnavi.txt

Re (et encore merci   ) :

Search Navipromo version 3.4.2 commencé le 22/01/2008 à 18:18:01,23

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 21.01.2008 à 14h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




*** Recherche dossiers dans "C:\Documents and Settings\Maison\application data" ***



*** Recherche dossiers dans "C:\Documents and Settings\Maison\local settings\application data" ***



*** Recherche dossiers dans "C:\Documents and Settings\Maison\MENUDM~1\PROGRA~1" ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUD?~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Fichier(s) caché(s) :

C:\WINDOWS\system32\jcjtvbhuo.dat
C:\WINDOWS\system32\jcjtvbhuo.exe
C:\WINDOWS\system32\jcjtvbhuo_nav.dat
C:\WINDOWS\system32\jcjtvbhuo_navps.dat



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\Maison\local settings\application data" *



*** Recherche fichiers ***


C:\WINDOWS\system32\nvs2.inf trouvé !


*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :

jcjtvbhuo.dat trouvé !
aibyauwu.exe trouvé !
akfonjug.exe trouvé !
bekfgocd.exe trouvé !
ducpbsbo.exe trouvé !
egaswejv.exe trouvé !
ehjyuhmp.exe trouvé !
epxxnqbs.exe trouvé !
euoptiio.exe trouvé !
gbvwgpnk.exe trouvé !
gwbeashg.exe trouvé !
hfscsoya.exe trouvé !
hjfthtge.exe trouvé !
ifnbockd.exe trouvé !
ihaipoqb.exe trouvé !
jxkkjoqy.exe trouvé !
kljgxfxp.exe trouvé !
kvioigne.exe trouvé !
lpyiynan.exe trouvé !
mcedooit.exe trouvé !
mklihnbb.exe trouvé !
mokwoogg.exe trouvé !
muyldqho.exe trouvé !
mxfegaxf.exe trouvé !
nhwudrtd.exe trouvé !
nxcxxrtw.exe trouvé !
okvnredy.exe trouvé !
pagscdlv.exe trouvé !
pqmjdabq.exe trouvé !
qngfcnnh.exe trouvé !
qtuooohy.exe trouvé !
rjswjpsh.exe trouvé !
rpygshdc.exe trouvé !
rxwykoyl.exe trouvé !
samoshkc.exe trouvé !
skxymoai.exe trouvé !
smtkcpfh.exe trouvé !
tcikvhwq.exe trouvé !
tftjefox.exe trouvé !
tqfjxrco.exe trouvé !
tqnjnfsv.exe trouvé !
tvtewpvt.exe trouvé !
upngjkph.exe trouvé !
wbxlmbms.exe trouvé !
wqvbnbuo.exe trouvé !
wudrdgcb.exe trouvé !
xljxsoqf.exe trouvé !
xwovcgir.exe trouvé !
ycyctffn.exe trouvé !

* Dans "C:\Documents and Settings\Maison\local settings\application data" :


3)Recherche Certificats :

Certificat Egroup trouvé !

4)Recherche fichiers connus :

C:\WINDOWS\system32\ihkmp.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\ihkmp.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\ihkmp.bak2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 22/01/2008 à 18:27:29,89 ***

Re,

Double clique sur le raccourci de Navilog1 présent sur ton Bureau.
Suis les instructions. Choisis ensuite l'option 2 puis valide.
Laisse toi guider et réponds aux questions éventuelles.

L'utilitaire va t'informer qu'il va redémarrer l'ordinateur.
[#ff0000]**Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts**[/#f]
Appuie maintenant sur une touche, comme demandé.
(si ton PC ne redémarre pas automatiquement, fais-le manuellement)

Patiente jusqu'à l'apparition de ce message :
"*** Nettoyage Termine le ..... ***"

Le Bloc-notes va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver.
Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

Poste le rapport sauvegardé auparavant (C:\cleannavi.txt)
Ainsi qu'un nouveau rapport Hijackthis.

Voilà les rapports :

Clean Navipromo version 3.4.2 commencé le 22/01/2008 à 18:38:56,34

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 21.01.2008 à 14h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Mode suppression automatique


*** Creation backups fichiers trouvés par Catchme ***

Copie vers "C:\Program Files\navilog1\Backupnavi"

Copie C:\WINDOWS\system32\jcjtvbhuo.dat réalisée avec succès !
Copie C:\WINDOWS\system32\jcjtvbhuo.exe réalisée avec succès !
Copie C:\WINDOWS\system32\jcjtvbhuo_nav.dat réalisée avec succès !
Copie C:\WINDOWS\system32\jcjtvbhuo_navps.dat réalisée avec succès !

*** Suppression des fichiers trouvés avec Catchme ***

C:\WINDOWS\system32\jcjtvbhuo.dat supprimé !
C:\WINDOWS\system32\jcjtvbhuo.exe supprimé !
C:\WINDOWS\system32\jcjtvbhuo_nav.dat supprimé !
C:\WINDOWS\system32\jcjtvbhuo_navps.dat supprimé !

** 2ème passage avec résultats Catchme **

* Dans C:\WINDOWS\system32 *


C:\WINDOWS\prefetch\jcjtvbhuo*.pf trouvé !
Copie C:\WINDOWS\prefetch\jcjtvbhuo*.pf réalisée avec succès !
C:\WINDOWS\prefetch\jcjtvbhuo*.pf supprimé !

* Dans "C:\Documents and Settings\Maison\local settings\application data" *


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans C:\WINDOWS\System32 *


* Suppression dans "C:\Documents and Settings\Maison\local settings\application data" *



*** Suppression dossiers dans C:\WINDOWS ***


*** Suppression dossiers dans C:\Program Files ***


*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***


*** Suppression dossiers dans "C:\Documents and Settings\Maison\application data" ***


*** Suppression dossiers dans "C:\Documents and Settings\Maison\local settings\application data" ***


*** Suppression dossiers dans "C:\Documents and Settings\Maison\MENUDM~1\PROGRA~1" ***


*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUD?~1\PROGRA~1 ***



*** Suppression fichiers ***

C:\WINDOWS\system32\nvs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Maison\local settings\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans C:\WINDOWS\system32 *

aibyauwu.exe trouvé !
Copie aibyauwu.exe réalisée avec succès !
aibyauwu.exe supprimé !

akfonjug.exe trouvé !
Copie akfonjug.exe réalisée avec succès !
akfonjug.exe supprimé !

bekfgocd.exe trouvé !
Copie bekfgocd.exe réalisée avec succès !
bekfgocd.exe supprimé !

ducpbsbo.exe trouvé !
Copie ducpbsbo.exe réalisée avec succès !
ducpbsbo.exe supprimé !

egaswejv.exe trouvé !
Copie egaswejv.exe réalisée avec succès !
egaswejv.exe supprimé !

ehjyuhmp.exe trouvé !
Copie ehjyuhmp.exe réalisée avec succès !
ehjyuhmp.exe supprimé !

epxxnqbs.exe trouvé !
Copie epxxnqbs.exe réalisée avec succès !
epxxnqbs.exe supprimé !

euoptiio.exe trouvé !
Copie euoptiio.exe réalisée avec succès !
euoptiio.exe supprimé !

gbvwgpnk.exe trouvé !
Copie gbvwgpnk.exe réalisée avec succès !
gbvwgpnk.exe supprimé !

gwbeashg.exe trouvé !
Copie gwbeashg.exe réalisée avec succès !
gwbeashg.exe supprimé !

hfscsoya.exe trouvé !
Copie hfscsoya.exe réalisée avec succès !
hfscsoya.exe supprimé !

hjfthtge.exe trouvé !
Copie hjfthtge.exe réalisée avec succès !
hjfthtge.exe supprimé !

ifnbockd.exe trouvé !
Copie ifnbockd.exe réalisée avec succès !
ifnbockd.exe supprimé !

ihaipoqb.exe trouvé !
Copie ihaipoqb.exe réalisée avec succès !
ihaipoqb.exe supprimé !

jxkkjoqy.exe trouvé !
Copie jxkkjoqy.exe réalisée avec succès !
jxkkjoqy.exe supprimé !

kljgxfxp.exe trouvé !
Copie kljgxfxp.exe réalisée avec succès !
kljgxfxp.exe supprimé !

kvioigne.exe trouvé !
Copie kvioigne.exe réalisée avec succès !
kvioigne.exe supprimé !

lpyiynan.exe trouvé !
Copie lpyiynan.exe réalisée avec succès !
lpyiynan.exe supprimé !

mcedooit.exe trouvé !
Copie mcedooit.exe réalisée avec succès !
mcedooit.exe supprimé !

mklihnbb.exe trouvé !
Copie mklihnbb.exe réalisée avec succès !
mklihnbb.exe supprimé !

mokwoogg.exe trouvé !
Copie mokwoogg.exe réalisée avec succès !
mokwoogg.exe supprimé !

muyldqho.exe trouvé !
Copie muyldqho.exe réalisée avec succès !
muyldqho.exe supprimé !

mxfegaxf.exe trouvé !
Copie mxfegaxf.exe réalisée avec succès !
mxfegaxf.exe supprimé !

nhwudrtd.exe trouvé !
Copie nhwudrtd.exe réalisée avec succès !
nhwudrtd.exe supprimé !

nxcxxrtw.exe trouvé !
Copie nxcxxrtw.exe réalisée avec succès !
nxcxxrtw.exe supprimé !

okvnredy.exe trouvé !
Copie okvnredy.exe réalisée avec succès !
okvnredy.exe supprimé !

pagscdlv.exe trouvé !
Copie pagscdlv.exe réalisée avec succès !
pagscdlv.exe supprimé !

pqmjdabq.exe trouvé !
Copie pqmjdabq.exe réalisée avec succès !
pqmjdabq.exe supprimé !

qngfcnnh.exe trouvé !
Copie qngfcnnh.exe réalisée avec succès !
qngfcnnh.exe supprimé !

qtuooohy.exe trouvé !
Copie qtuooohy.exe réalisée avec succès !
qtuooohy.exe supprimé !

rjswjpsh.exe trouvé !
Copie rjswjpsh.exe réalisée avec succès !
rjswjpsh.exe supprimé !

rpygshdc.exe trouvé !
Copie rpygshdc.exe réalisée avec succès !
rpygshdc.exe supprimé !

rxwykoyl.exe trouvé !
Copie rxwykoyl.exe réalisée avec succès !
rxwykoyl.exe supprimé !

samoshkc.exe trouvé !
Copie samoshkc.exe réalisée avec succès !
samoshkc.exe supprimé !

skxymoai.exe trouvé !
Copie skxymoai.exe réalisée avec succès !
skxymoai.exe supprimé !

smtkcpfh.exe trouvé !
Copie smtkcpfh.exe réalisée avec succès !
smtkcpfh.exe supprimé !

tcikvhwq.exe trouvé !
Copie tcikvhwq.exe réalisée avec succès !
tcikvhwq.exe supprimé !

tftjefox.exe trouvé !
Copie tftjefox.exe réalisée avec succès !
tftjefox.exe supprimé !

tqfjxrco.exe trouvé !
Copie tqfjxrco.exe réalisée avec succès !
tqfjxrco.exe supprimé !

tqnjnfsv.exe trouvé !
Copie tqnjnfsv.exe réalisée avec succès !
tqnjnfsv.exe supprimé !

tvtewpvt.exe trouvé !
Copie tvtewpvt.exe réalisée avec succès !
tvtewpvt.exe supprimé !

upngjkph.exe trouvé !
Copie upngjkph.exe réalisée avec succès !
upngjkph.exe supprimé !

wbxlmbms.exe trouvé !
Copie wbxlmbms.exe réalisée avec succès !
wbxlmbms.exe supprimé !

wqvbnbuo.exe trouvé !
Copie wqvbnbuo.exe réalisée avec succès !
wqvbnbuo.exe supprimé !

wudrdgcb.exe trouvé !
Copie wudrdgcb.exe réalisée avec succès !
wudrdgcb.exe supprimé !

xljxsoqf.exe trouvé !
Copie xljxsoqf.exe réalisée avec succès !
xljxsoqf.exe supprimé !

xwovcgir.exe trouvé !
Copie xwovcgir.exe réalisée avec succès !
xwovcgir.exe supprimé !

ycyctffn.exe trouvé !
Copie ycyctffn.exe réalisée avec succès !
ycyctffn.exe supprimé !


* Dans "C:\Documents and Settings\Maison\local settings\application data" *


*** Sauvegarde du Registre vers dossier Backupnavi ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !

*** Nettoyage terminé le 22/01/2008 à 18:43:22,95 ***


____________________________________________________________


Logfile of HijackThis v1.99.1
Scan saved at 18:46:30, on 22/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\notepad.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\apps\ABoard\AOSD.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\iifdayw.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {91B4FD8D-1AC4-4B6F-BB27-1A5E83ABD881} - C:\WINDOWS\system32\pmkhi.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: http://www.neopets.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.downloa...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\..\{446AC8AB-A3AD-48FA-98D9-552A983B3BA0}: NameServer = 212.27.39.1,212.27.39.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: iifdayw - iifdayw.dll (file missing)
O20 - Winlogon Notify: pmkhi - C:\WINDOWS\system32\pmkhi.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - Unknown owner - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique sur combofix.exe afin de le lancer.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

ComboFix 08-01-23.1 - Maison 2008-01-22 19:11:49.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.683 [GMT 1:00]
Endroit: C:\Documents and Settings\Maison\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Maison\ravmonlog
C:\Program Files\internet explorer\iekey.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\asktgbgw.dll
C:\WINDOWS\system32\awtuvvu.dll
C:\WINDOWS\system32\bfdafgoi.ini
C:\WINDOWS\system32\bgrtqcpd.dll
C:\WINDOWS\system32\bodicpaq.dll
C:\WINDOWS\system32\bugvnoan.dll
C:\WINDOWS\system32\dpcqtrgb.ini
C:\WINDOWS\system32\echkvust.dll
C:\WINDOWS\system32\gktgepbm.dll
C:\WINDOWS\system32\gkvgvkrw.dll
C:\WINDOWS\system32\hqpgcjop.ini
C:\WINDOWS\system32\ihkmp.bak1
C:\WINDOWS\system32\ihkmp.bak2
C:\WINDOWS\system32\ihkmp.ini
C:\WINDOWS\system32\ihkmp.ini2
C:\WINDOWS\system32\iogfadfb.dll
C:\WINDOWS\system32\isjxefxf.dll
C:\WINDOWS\system32\jtqxpyfw.dll
C:\WINDOWS\system32\kjtdjeup.ini
C:\WINDOWS\system32\lpyvkbnq.ini
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\mbpegtkg.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mqpipplq.dll
C:\WINDOWS\system32\msmwctiw.dll
C:\WINDOWS\system32\neledrvo.dll
C:\WINDOWS\system32\nhqnwlys.dll
C:\WINDOWS\system32\ogfuptyy.dll
C:\WINDOWS\system32\oxsawyav.ini
C:\WINDOWS\system32\patgqwjx.dll
C:\WINDOWS\system32\pojcgpqh.dll
C:\WINDOWS\system32\puejdtjk.dll
C:\WINDOWS\system32\qlppipqm.ini
C:\WINDOWS\system32\qnbkvypl.dll
C:\WINDOWS\system32\smniobtt.ini
C:\WINDOWS\system32\svskmthd.dll
C:\WINDOWS\system32\tsuvkhce.ini
C:\WINDOWS\system32\ttboinms.dll
C:\WINDOWS\system32\tuvsspm.dll
C:\WINDOWS\system32\ueblvobl.dll
C:\WINDOWS\system32\vaywasxo.dll
C:\WINDOWS\system32\wfypxqtj.ini
C:\WINDOWS\system32\wgbgtksa.ini
C:\WINDOWS\system32\wxxyatmj.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
.

2008-01-22 19:11 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-22 18:16 . 2008-01-22 18:43 <REP> d-------- C:\Program Files\Navilog1
2008-01-22 17:44 . 2008-01-22 18:10 <REP> d-------- C:\Program Files\Lop SD
2008-01-22 16:22 . 2008-01-22 16:46 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-01-22 16:02 . 2008-01-22 16:04 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-01-22 16:02 . 2008-01-22 16:04 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-01-22 15:53 . 2007-10-11 00:49 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-22 15:53 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-22 15:53 . 2007-07-01 04:36 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-22 15:53 . 2007-10-11 00:49 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-22 15:53 . 2007-10-11 00:49 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-22 15:53 . 2007-10-11 00:49 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-22 15:53 . 2007-10-11 00:49 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-22 15:53 . 2007-10-11 00:49 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-22 15:53 . 2007-10-10 11:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-22 15:52 . 2006-11-07 21:03 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2008-01-22 13:52 . 2008-01-22 17:35 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-01-22 10:49 . 2008-01-23 19:16 845,856 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-22 10:49 . 2008-01-22 18:40 10,484 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-22 10:46 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-01-22 10:46 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-01-22 10:46 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-01-22 10:46 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-01-22 10:46 . 2008-01-22 12:39 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-22 10:45 . 2008-01-22 10:47 <REP> d-------- C:\Program Files\ZoneAlarm
2008-01-22 10:44 . 2008-01-22 18:44 <REP> d-------- C:\WINDOWS\Internet Logs
2008-01-22 10:14 . 2008-01-22 10:14 <REP> d-------- C:\Program Files\Avast4
2008-01-22 10:14 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-22 10:14 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-22 10:14 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-22 10:14 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-22 10:14 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-22 10:14 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-22 10:14 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-22 09:53 . 2008-01-22 09:53 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-01-17 17:14 . 2008-01-17 17:43 <REP> d-------- C:\Program Files\lx_cats
2008-01-17 17:13 . 2008-01-17 17:15 <REP> d-------- C:\Program Files\Lexmark Toolbar
2008-01-17 17:13 . 2001-08-23 17:47 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-01-17 17:13 . 2001-08-23 17:47 87,040 --a------ C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-01-17 17:12 . 2008-01-17 17:12 <REP> d-------- C:\Lexmark
2008-01-17 16:59 . 2004-08-04 07:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-17 16:59 . 2004-08-04 07:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-13 02:34 . 2008-01-13 04:33 <REP> d-------- C:\Program Files\IDoser v4
2007-12-29 00:14 . 2008-01-04 01:05 <REP> d-------- C:\Program Files\LaBoiteACouleurs

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-22 17:41 --------- d-----w C:\Program Files\Google
2008-01-22 09:18 --------- d-----w C:\Program Files\eMule
2008-01-22 09:12 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-01-22 09:10 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-22 08:55 --------- d-----w C:\Program Files\FlashGet
2008-01-22 08:53 --------- d-----w C:\Program Files\a-squared Free
2007-12-13 18:27 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-12-07 23:03 --------- d-----w C:\Program Files\Hamachi
2007-12-06 21:07 --------- d-----w C:\Program Files\Steam
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2003-11-18 14:10 32 --sha-w C:\WINDOWS\{7CBDFD9D-97F9-4439-BF0A-87F277DA57C1}.dat
2004-08-11 15:20 10,022 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2003-11-18 14:10 32 --sha-w C:\WINDOWS\system32\{7E7E32CC-CD5B-4FAA-BEE1-BD7D6D3A51A4}.dat
.

<pre>

----a-w           360,448 2002-03-05 22:13:52  C:\roms_ms\Dega_V1.09_win_Fr\Dega 1.09 Fr .exe

</pre>

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91B4FD8D-1AC4-4B6F-BB27-1A5E83ABD881}]
C:\WINDOWS\system32\pmkhi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24 167368]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-22 16:19 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 21:10 339968]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31 24576]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2003-09-26 07:00 151597]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-07 21:26 155648]
"avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"ZoneAlarm Client"="C:\Program Files\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

C:\Documents and Settings\Maison\Menu D%u201Amarrer\Programmes\D%u201Amarrage\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2007-10-31 00:52:41 622880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdayw]
iifdayw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhi]
C:\WINDOWS\system32\pmkhi.dll

R1 NPPTNT;NPPTNT;C:\WINDOWS\System32\npptNT.sys [2003-07-22 07:14]
R1 SSHDRV76;SSHDRV76;C:\WINDOWS\System32\drivers\SSHDRV76.sys [2004-08-06 20:31]
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2002-06-07 11:38]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 22:38]
R3 STAC97NA;SigmaTel 3D Environmental Audio;C:\WINDOWS\system32\drivers\stac97na.sys [2002-09-20 17:42]
R3 STAC97NH;STAC97NH;C:\WINDOWS\system32\drivers\stac97nh.sys [2002-09-20 17:43]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]
S2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe []
S3 ewdmaudn;ewdmaudn;C:\DOCUME~1\Maison\LOCALS~1\Temp\ewdmaudn.sys []
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 11:35]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 15:49]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 15:50]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 15:50]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 15:50]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 15:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2003-11-19 22:01:03 C:\WINDOWS\Tasks\HDReg.job"
- c:\Apps\HDReg\HDRegRem.exe
"2003-10-31 20:43:20 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 19:17:49
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-01-23 19:18:55
ComboFix-quarantined-files.txt 2008-01-23 18:18:39
.
2008-01-22 16:35:31 --- E O F ---

Reposte un rapport Hijackthis.

Oki voilà :

Logfile of HijackThis v1.99.1
Scan saved at 19:27:44, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\apps\ABoard\AOSD.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {91B4FD8D-1AC4-4B6F-BB27-1A5E83ABD881} - C:\WINDOWS\system32\pmkhi.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: http://www.neopets.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.downloa...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\..\{446AC8AB-A3AD-48FA-98D9-552A983B3BA0}: NameServer = 212.27.39.1,212.27.39.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: iifdayw - iifdayw.dll (file missing)
O20 - Winlogon Notify: pmkhi - C:\WINDOWS\system32\pmkhi.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - Unknown owner - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Re,

[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

ComboFix 08-01-23.1 - Maison 2008-01-23 19:52:40.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.632 [GMT 1:00]
Endroit: C:\Documents and Settings\Maison\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Maison\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

FILE
C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\pmkhi.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\imsins.BAK

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
.

2008-01-23 19:25 . 2008-01-23 19:25 <REP> d-------- C:\WINDOWS\LastGood
2008-01-22 19:11 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-22 18:16 . 2008-01-22 18:43 <REP> d-------- C:\Program Files\Navilog1
2008-01-22 17:44 . 2008-01-22 18:10 <REP> d-------- C:\Program Files\Lop SD
2008-01-22 16:22 . 2008-01-22 16:46 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-01-22 16:02 . 2008-01-22 16:04 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-01-22 16:02 . 2008-01-22 16:04 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-01-22 15:53 . 2007-10-11 00:49 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-22 15:53 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-22 15:53 . 2007-07-01 04:36 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-22 15:53 . 2007-10-11 00:49 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-22 15:53 . 2007-10-11 00:49 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-22 15:53 . 2007-10-11 00:49 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-22 15:53 . 2007-10-11 00:49 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-22 15:53 . 2007-10-11 00:49 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-22 15:53 . 2007-10-10 11:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-22 15:52 . 2006-11-07 21:03 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2008-01-22 10:49 . 2008-01-23 19:54 895,008 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-22 10:49 . 2008-01-22 18:40 10,484 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-22 10:46 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-01-22 10:46 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-01-22 10:46 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-01-22 10:46 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-01-22 10:46 . 2008-01-22 12:39 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-22 10:45 . 2008-01-22 10:47 <REP> d-------- C:\Program Files\ZoneAlarm
2008-01-22 10:44 . 2008-01-22 18:44 <REP> d-------- C:\WINDOWS\Internet Logs
2008-01-22 10:14 . 2008-01-22 10:14 <REP> d-------- C:\Program Files\Avast4
2008-01-22 10:14 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-22 10:14 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-22 10:14 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-22 10:14 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-22 10:14 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-22 10:14 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-22 10:14 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-22 09:53 . 2008-01-22 09:53 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-01-17 17:14 . 2008-01-17 17:43 <REP> d-------- C:\Program Files\lx_cats
2008-01-17 17:13 . 2008-01-17 17:15 <REP> d-------- C:\Program Files\Lexmark Toolbar
2008-01-17 17:13 . 2001-08-23 17:47 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-01-17 17:13 . 2001-08-23 17:47 87,040 --a------ C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-01-17 17:12 . 2008-01-17 17:12 <REP> d-------- C:\Lexmark
2008-01-17 16:59 . 2004-08-04 07:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-17 16:59 . 2004-08-04 07:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-13 02:34 . 2008-01-13 04:33 <REP> d-------- C:\Program Files\IDoser v4
2007-12-29 00:14 . 2008-01-04 01:05 <REP> d-------- C:\Program Files\LaBoiteACouleurs

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-22 17:41 --------- d-----w C:\Program Files\Google
2008-01-22 09:18 --------- d-----w C:\Program Files\eMule
2008-01-22 09:12 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-01-22 09:10 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-22 08:55 --------- d-----w C:\Program Files\FlashGet
2008-01-22 08:53 --------- d-----w C:\Program Files\a-squared Free
2007-12-13 18:27 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-12-13 18:27 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-12-07 23:03 --------- d-----w C:\Program Files\Hamachi
2007-12-06 21:07 --------- d-----w C:\Program Files\Steam
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28 728,576 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-31 03:53 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2003-11-18 14:10 32 --sha-w C:\WINDOWS\{7CBDFD9D-97F9-4439-BF0A-87F277DA57C1}.dat
2004-08-11 15:20 10,022 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2003-11-18 14:10 32 --sha-w C:\WINDOWS\system32\{7E7E32CC-CD5B-4FAA-BEE1-BD7D6D3A51A4}.dat
.

((((((((((((((((((((((((((((( snapshot@2008-01-23_19.18.15,64 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-22 18:11:23 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-23 18:52:12 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-22 18:11:23 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-23 18:52:12 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-22 18:11:23 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-23 18:52:12 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-22 18:11:23 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-23 18:52:12 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-22 18:11:24 13,926,400 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-23 18:52:13 13,926,400 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-22 18:11:24 118,784 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-23 18:52:13 118,784 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24 167368]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-22 16:19 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 21:10 339968]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31 24576]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2003-09-26 07:00 151597]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-07 21:26 155648]
"avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"ZoneAlarm Client"="C:\Program Files\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

C:\Documents and Settings\Maison\Menu D‚marrer\Programmes\D‚marrage\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2007-10-31 00:52:41 622880]

R1 NPPTNT;NPPTNT;C:\WINDOWS\System32\npptNT.sys [2003-07-22 07:14]
R1 SSHDRV76;SSHDRV76;C:\WINDOWS\System32\drivers\SSHDRV76.sys [2004-08-06 20:31]
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2002-06-07 11:38]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 22:38]
R3 STAC97NA;SigmaTel 3D Environmental Audio;C:\WINDOWS\system32\drivers\stac97na.sys [2002-09-20 17:42]
R3 STAC97NH;STAC97NH;C:\WINDOWS\system32\drivers\stac97nh.sys [2002-09-20 17:43]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]
S2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe []
S3 ewdmaudn;ewdmaudn;C:\DOCUME~1\Maison\LOCALS~1\Temp\ewdmaudn.sys []
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 11:35]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 15:49]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 15:50]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 15:50]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 15:50]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 15:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2003-11-19 22:01:03 C:\WINDOWS\Tasks\HDReg.job"
- c:\Apps\HDReg\HDRegRem.exe
"2003-10-31 20:43:20 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 19:54:53
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-01-23 19:55:52
ComboFix-quarantined-files.txt 2008-01-23 18:55:43
ComboFix2.txt 2008-01-23 18:18:55
.
2008-01-22 16:35:31 --- E O F ---


_________________________________________________


Logfile of HijackThis v1.99.1
Scan saved at 19:57:10, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\apps\ABoard\AOSD.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: http://www.neopets.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.downloa...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\..\{446AC8AB-A3AD-48FA-98D9-552A983B3BA0}: NameServer = 212.27.39.1,212.27.39.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - Unknown owner - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Refais un scan LopS&D option 1  

Désolée repas ! Voilà :


-----------------------------[ Lop S&D 2.1.0 ]---------------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Maison ] [ "C:\Program Files\Lop SD" ]
[ 23/01/2008 | 20:13:19,26 ] [ PC : SN300457510009 ]
[ MAJ : 22-01-2008 | 1:40 ]

-------------[ Listing des dossiers dans Application Data ]------------

[22/01/2008|18:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
[22/01/2008|18:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
[15/11/2005|21:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[07/03/2006|21:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[26/09/2003|07:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[30/09/2002|11:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[22/01/2008|16:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[14/11/2005|19:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft(2)
[18/08/2007|19:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\idle wma bin ford
[22/01/2008|10:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
[10/10/2007|18:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[03/01/2006|21:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[25/03/2004|12:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[05/05/2005|18:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pixelStorm
[11/12/2006|11:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[06/10/2005|16:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[30/09/2002|13:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[21/07/2004|03:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[22/01/2008|10:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\This bash seek owns
[15/11/2005|21:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[30/06/2006|20:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[26/09/2003|07:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
[26/09/2003|07:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
[26/09/2003|06:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[30/09/2002|11:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[30/09/2002|12:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[26/09/2003|06:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust
[30/09/2002|11:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[26/09/2003|07:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real

[22/12/2004|11:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
[22/12/2004|11:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
[11/06/2007|12:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[22/01/2008|18:05] C:\DOCUME~1\Maison\APPLIC~1\.
[22/01/2008|18:05] C:\DOCUME~1\Maison\APPLIC~1\..
[15/11/2005|21:13] C:\DOCUME~1\Maison\APPLIC~1\Adobe
[24/12/2004|17:42] C:\DOCUME~1\Maison\APPLIC~1\Ahead
[15/04/2006|13:06] C:\DOCUME~1\Maison\APPLIC~1\Apple Computer
[13/07/2004|16:18] C:\DOCUME~1\Maison\APPLIC~1\BPFTP
[06/11/2003|23:09] C:\DOCUME~1\Maison\APPLIC~1\CyberLink
[30/09/2002|11:55] C:\DOCUME~1\Maison\APPLIC~1\desktop.ini
[27/06/2007|14:40] C:\DOCUME~1\Maison\APPLIC~1\DesktopPlayer
[14/11/2005|19:46] C:\DOCUME~1\Maison\APPLIC~1\Dev-Cpp
[09/04/2007|11:48] C:\DOCUME~1\Maison\APPLIC~1\DVD Shrink
[28/07/2006|12:53] C:\DOCUME~1\Maison\APPLIC~1\Google
[22/01/2008|18:43] C:\DOCUME~1\Maison\APPLIC~1\Hamachi
[24/11/2003|18:25] C:\DOCUME~1\Maison\APPLIC~1\Help
[29/07/2006|09:12] C:\DOCUME~1\Maison\APPLIC~1\Identities
[26/09/2003|06:57] C:\DOCUME~1\Maison\APPLIC~1\InterTrust
[24/04/2005|20:31] C:\DOCUME~1\Maison\APPLIC~1\InterVideo
[11/01/2004|22:20] C:\DOCUME~1\Maison\APPLIC~1\Jasc
[11/11/2003|01:31] C:\DOCUME~1\Maison\APPLIC~1\Jasc Software Inc
[08/08/2004|16:24] C:\DOCUME~1\Maison\APPLIC~1\Macromedia
[10/12/2006|11:37] C:\DOCUME~1\Maison\APPLIC~1\MathWorks
[20/05/2007|20:08] C:\DOCUME~1\Maison\APPLIC~1\Microsoft
[01/11/2003|00:58] C:\DOCUME~1\Maison\APPLIC~1\Microsoft Web Folders
[20/02/2005|16:36] C:\DOCUME~1\Maison\APPLIC~1\Mozilla
[27/12/2004|12:17] C:\DOCUME~1\Maison\APPLIC~1\MSN6
[22/01/2008|16:38] C:\DOCUME~1\Maison\APPLIC~1\One Vga
[19/11/2006|18:34] C:\DOCUME~1\Maison\APPLIC~1\PPMate
[08/04/2007|17:09] C:\DOCUME~1\Maison\APPLIC~1\ppstream
[08/04/2004|13:01] C:\DOCUME~1\Maison\APPLIC~1\Real
[20/10/2007|22:59] C:\DOCUME~1\Maison\APPLIC~1\SecuROM
[06/01/2007|14:31] C:\DOCUME~1\Maison\APPLIC~1\SmartFTP
[23/10/2006|18:06] C:\DOCUME~1\Maison\APPLIC~1\Sports Interactive
[05/09/2004|16:19] C:\DOCUME~1\Maison\APPLIC~1\Sun
[18/11/2003|15:09] C:\DOCUME~1\Maison\APPLIC~1\Symantec
[11/08/2004|18:37] C:\DOCUME~1\Maison\APPLIC~1\Talkback
[23/09/2006|16:52] C:\DOCUME~1\Maison\APPLIC~1\Teleca
[22/01/2008|10:05] C:\DOCUME~1\Maison\APPLIC~1\U3
[20/10/2007|20:23] C:\DOCUME~1\Maison\APPLIC~1\uTorrent
[19/01/2004|18:03] C:\DOCUME~1\Maison\APPLIC~1\VERITAS
[27/12/2007|22:56] C:\DOCUME~1\Maison\APPLIC~1\Weflirt
[14/03/2006|09:03] C:\DOCUME~1\Maison\APPLIC~1\Yahoo!
[13/06/2005|23:21] C:\DOCUME~1\Maison\APPLIC~1\Yahoo! Messenger

[30/09/2002|12:09] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
[30/09/2002|12:09] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
[24/09/2006|02:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft


----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[19/11/2003 23:01][--a------] C:\WINDOWS\tasks\HDReg.job [--192--]
[31/10/2003 21:43][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 3.job [--258--]
[22/01/2008 18:42][--ah-----] C:\WINDOWS\tasks\SA.DAT [--6--]
[30/08/2002 12:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini [--65--]

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[23/01/2008|20:13] C:\Program Files\Lop SD
[23/01/2008|19:17] C:\Program Files\Internet Explorer
[22/01/2008|19:01] C:\Program Files\Mozilla Firefox
[22/01/2008|18:43] C:\Program Files\Navilog1
[22/01/2008|18:41] C:\Program Files\Google
[22/01/2008|18:16] C:\Program Files\..
[22/01/2008|18:16] C:\Program Files\.
[22/01/2008|10:47] C:\Program Files\ZoneAlarm
[22/01/2008|10:18] C:\Program Files\eMule
[22/01/2008|10:14] C:\Program Files\Avast4
[22/01/2008|09:55] C:\Program Files\FlashGet
[22/01/2008|09:53] C:\Program Files\a-squared Free
[17/01/2008|17:43] C:\Program Files\lx_cats
[17/01/2008|17:15] C:\Program Files\Lexmark Toolbar
[13/01/2008|04:33] C:\Program Files\IDoser v4
[04/01/2008|01:05] C:\Program Files\LaBoiteACouleurs
[08/12/2007|00:03] C:\Program Files\Hamachi
[06/12/2007|22:07] C:\Program Files\Steam
[30/10/2007|01:02] C:\Program Files\Outlook Express
[29/10/2007|18:41] C:\Program Files\WindowsUpdate
[28/10/2007|15:53] C:\Program Files\Fichiers communs
[20/10/2007|22:54] C:\Program Files\Sports Interactive
[20/10/2007|20:31] C:\Program Files\DAEMON Tools
[20/10/2007|14:38] C:\Program Files\uTorrent
[11/10/2007|20:52] C:\Program Files\SAMSUNG
[11/10/2007|20:52] C:\Program Files\InstallShield Installation Information
[10/10/2007|18:33] C:\Program Files\Messenger Plus! Live
[10/10/2007|18:33] C:\Program Files\Windows Live
[10/10/2007|18:33] C:\Program Files\MSN Messenger
[14/07/2007|01:55] C:\Program Files\mIRC
[29/06/2007|15:51] C:\Program Files\Common Files
[01/06/2007|07:59] C:\Program Files\Winamp
[08/04/2007|17:09] C:\Program Files\PPMate
[07/03/2007|17:55] C:\Program Files\WinRAR
[31/01/2007|14:39] C:\Program Files\Virtools
[20/01/2007|00:08] C:\Program Files\Viewpoint
[18/11/2006|13:57] C:\Program Files\Incomplete
[26/10/2006|14:40] C:\Program Files\a2 free
[26/05/2006|22:27] C:\Program Files\Java
[12/05/2006|17:57] C:\Program Files\WFLUtil
[25/04/2006|21:33] C:\Program Files\Windows Media Player
[07/03/2006|21:26] C:\Program Files\QuickTime
[14/11/2005|19:38] C:\Program Files\MSN
[13/06/2005|23:14] C:\Program Files\Yahoo!
[24/04/2005|20:29] C:\Program Files\Creative
[23/04/2005|16:53] C:\Program Files\7-Zip
[11/03/2005|19:18] C:\Program Files\adobe
[01/03/2005|18:01] C:\Program Files\Sega
[22/01/2005|21:42] C:\Program Files\Movie Maker
[22/01/2005|21:40] C:\Program Files\NetMeeting
[22/01/2005|21:39] C:\Program Files\Windows NT
[22/01/2005|12:31] C:\Program Files\ATI Technologies
[23/12/2004|18:15] C:\Program Files\Ahead
[22/11/2004|19:40] C:\Program Files\Infogrames
[13/11/2004|18:24] C:\Program Files\Zero G Registry
[19/09/2004|15:55] C:\Program Files\XviD
[19/09/2004|15:45] C:\Program Files\Satsuki Decoder Pack
[19/09/2004|15:40] C:\Program Files\GSpot
[31/08/2004|15:03] C:\Program Files\AWicons Lite
[14/08/2004|09:59] C:\Program Files\Uninstall Information
[02/08/2004|16:26] C:\Program Files\Temp
[30/07/2004|17:05] C:\Program Files\TryMedia
[21/07/2004|02:53] C:\Program Files\Spybot - Search & Destroy
[21/06/2004|12:50] C:\Program Files\EHMINSTALL
[06/01/2004|21:19] C:\Program Files\Jasc Software Inc
[15/11/2003|13:40] C:\Program Files\Agfa
[05/11/2003|16:58] C:\Program Files\directx
[01/11/2003|13:40] C:\Program Files\JavaSoft
[01/11/2003|00:58] C:\Program Files\Microsoft Office
[01/11/2003|00:58] C:\Program Files\microsoft frontpage
[26/09/2003|07:05] C:\Program Files\CyberLink
[26/09/2003|07:01] C:\Program Files\Microsoft Visual Studio
[26/09/2003|07:00] C:\Program Files\Real
[30/09/2002|12:05] C:\Program Files\xerox
[30/09/2002|12:00] C:\Program Files\Services en ligne
[30/09/2002|12:00] C:\Program Files\MSN Gaming Zone

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[22/01/2008|10:10] C:\Program Files\Fichiers communs\Symantec Shared
[30/10/2007|01:02] C:\Program Files\Fichiers communs\System
[28/10/2007|15:53] C:\Program Files\Fichiers communs\..
[28/10/2007|15:53] C:\Program Files\Fichiers communs\.
[27/06/2007|14:55] C:\Program Files\Fichiers communs\Microsoft Shared
[19/11/2006|18:33] C:\Program Files\Fichiers communs\Synacast
[23/10/2006|17:37] C:\Program Files\Fichiers communs\InstallShield
[23/09/2006|17:43] C:\Program Files\Fichiers communs\Teleca Shared
[06/10/2005|16:40] C:\Program Files\Fichiers communs\Logitech
[25/04/2005|10:55] C:\Program Files\Fichiers communs\InterVideo
[09/03/2005|17:28] C:\Program Files\Fichiers communs\Vbox
[09/03/2005|17:27] C:\Program Files\Fichiers communs\Adobe
[23/12/2004|18:15] C:\Program Files\Fichiers communs\Ahead
[05/09/2004|16:12] C:\Program Files\Fichiers communs\Java
[28/08/2004|17:03] C:\Program Files\Fichiers communs\NSV
[02/08/2004|16:17] C:\Program Files\Fichiers communs\TI Shared
[08/04/2004|00:48] C:\Program Files\Fichiers communs\xing shared
[08/04/2004|00:48] C:\Program Files\Fichiers communs\TVNavigTechnologies Shared
[26/09/2003|07:01] C:\Program Files\Fichiers communs\Designer
[26/09/2003|07:00] C:\Program Files\Fichiers communs\Real
[30/09/2002|12:02] C:\Program Files\Fichiers communs\Services
[30/09/2002|12:02] C:\Program Files\Fichiers communs\MSSoap
[30/09/2002|11:55] C:\Program Files\Fichiers communs\ODBC
[30/09/2002|11:55] C:\Program Files\Fichiers communs\SpeechEngines

----------------------[ Recherche avec S_Lop ]---------------------

C:\DOCUME~1\NETWOR~1\APPLIC~1\ONEVGA~1

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

C:\DOCUME~1\Maison\Bureau\cjb2400FR.exe
C:\DOCUME~1\Maison\Bureau\ComboFix.exe
C:\DOCUME~1\Maison\Bureau\Counter-Strike Source.lnk
C:\WINDOWS\Prefetch\CATCHME.EXE-0A01C709.pf
C:\WINDOWS\Prefetch\CATCHME.EXE-1D32D86E.pf
C:\WINDOWS\Prefetch\CCPWDSVC.EXE-080478F2.pf
C:\WINDOWS\Prefetch\CCPXYSVC.EXE-16B575A0.pf
C:\WINDOWS\Prefetch\CHKNTFS.EXE-30FE9626.pf
C:\WINDOWS\Prefetch\CHKUPD.EXE-33FD45BA.pf
C:\WINDOWS\Prefetch\CMD.EXE-034B0549.pf
C:\WINDOWS\Prefetch\COMBOFIX.EXE-0F476C85.pf
C:\WINDOWS\Prefetch\CSCRIPT.EXE-0A13A05C.pf
C:\DOCUME~1\Maison\Cookies\maison@estat[1].txt
C:\DOCUME~1\Maison\Cookies\maison@idregie[2].txt
C:\DOCUME~1\Maison\Cookies\maison@hitbox[2].txt
C:\DOCUME~1\Maison\Cookies\maison@www.zonealarm[1].txt
C:\DOCUME~1\Maison\Cookies\maison@atdmt[2].txt
C:\DOCUME~1\Maison\Cookies\maison@i2as.idregie[1].txt
C:\DOCUME~1\Maison\Cookies\maison@spartoo[1].txt
C:\DOCUME~1\Maison\Cookies\maison@tomsguide[1].txt
C:\DOCUME~1\Maison\Cookies\maison@serving-sys[1].txt
C:\DOCUME~1\Maison\Cookies\maison@www.adserver5[1].txt
C:\DOCUME~1\Maison\Cookies\maison@iapref.orange[1].txt
C:\DOCUME~1\Maison\Cookies\maison@www.mediatis[2].txt
C:\DOCUME~1\Maison\Cookies\maison@1062308990[2].txt
C:\DOCUME~1\Maison\Cookies\maison@720430a3-e5e5-49c0-80e7-7b1062ad69b2.statcamp[2].txt
C:\DOCUME~1\Maison\Cookies\maison@abonnement.aliceadsl[1].txt
C:\DOCUME~1\Maison\Cookies\maison@adopt.euroclick[2].txt
C:\DOCUME~1\Maison\Cookies\maison@adtech[1].txt
C:\DOCUME~1\Maison\Cookies\maison@aliceadsl[1].txt
C:\DOCUME~1\Maison\Cookies\maison@alicebox[1].txt
C:\DOCUME~1\Maison\Cookies\maison@banner.cotedazurpalace[2].txt
C:\DOCUME~1\Maison\Cookies\maison@bestofmicro[1].txt
C:\DOCUME~1\Maison\Cookies\maison@cassava[1].txt
C:\DOCUME~1\Maison\Cookies\maison@cdiscount[1].txt
C:\DOCUME~1\Maison\Cookies\maison@cotedazurpalace[1].txt
C:\DOCUME~1\Maison\Cookies\maison@cybermonitor[1].txt
C:\DOCUME~1\Maison\Cookies\maison@doubleclick[1].txt
C:\DOCUME~1\Maison\Cookies\maison@ehg-telecomitalia.hitbox[1].txt
C:\DOCUME~1\Maison\Cookies\maison@em.pc-on-internet[2].txt
C:\DOCUME~1\Maison\Cookies\maison@emjcd[2].txt
C:\DOCUME~1\Maison\Cookies\maison@fastclick[2].txt
C:\DOCUME~1\Maison\Cookies\maison@fp.pc-on-internet[2].txt
C:\DOCUME~1\Maison\Cookies\maison@hijackthis[1].txt
C:\DOCUME~1\Maison\Cookies\maison@partners-finances[1].txt
C:\DOCUME~1\Maison\Cookies\maison@presence-pc.fr.intellitxt[1].txt
C:\DOCUME~1\Maison\Cookies\maison@presence-pc[2].txt
C:\DOCUME~1\Maison\Cookies\maison@pubs.rueducommerce[1].txt
C:\DOCUME~1\Maison\Cookies\maison@reactivpub[1].txt
C:\DOCUME~1\Maison\Cookies\maison@redcatsusa[1].txt
C:\DOCUME~1\Maison\Cookies\maison@roxypalace[1].txt
C:\DOCUME~1\Maison\Cookies\maison@rueducommerce[2].txt
C:\DOCUME~1\Maison\Cookies\maison@sc.intellitxt[1].txt
C:\DOCUME~1\Maison\Cookies\maison@track.effiliation[1].txt
C:\DOCUME~1\Maison\Cookies\maison@tracker.affistats[2].txt
C:\DOCUME~1\Maison\Cookies\maison@www.bestofmicro[2].txt
C:\DOCUME~1\Maison\Cookies\maison@www.boutiquepros.bouyguestelecom[1].txt
C:\DOCUME~1\Maison\Cookies\maison@www.buycentral[2].txt
C:\DOCUME~1\Maison\Cookies\maison@www.casinobellini[1].txt
C:\DOCUME~1\Maison\Cookies\maison@www.casinotropez[1].txt
C:\DOCUME~1\Maison\Cookies\maison@www.france-credit[1].txt
C:\DOCUME~1\Maison\Cookies\maison@www.partners-finances[1].txt
C:\DOCUME~1\Maison\Cookies\maison@www.presence-pc[2].txt
C:\DOCUME~1\Maison\Cookies\maison@www.priceminister[2].txt
C:\DOCUME~1\Maison\Cookies\maison@www.roxypalace[1].txt
C:\DOCUME~1\Maison\Cookies\maison@www.utarget.co[1].txt

----------------------[ Verification du Registre ]----------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\uninstall\hope spam 01]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\Maison\\APPLIC~1\\ONEVGA~1\\once show.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"ACTIVBOARD"="c:\\apps\\ABoard\\ABoard.exe"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"avast!"="C:\\PROGRA~1\\Avast4\\ashDisp.exe"
"ZoneAlarm Client"="\"C:\\Program Files\\ZoneAlarm\\zlclient.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE


----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 20:15:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

Aucune autre infection trouvée !

/!\ [Fich:3][Doss:0] C:\DOCUME~1\Maison\LOCALS~1\Temp
/!\ [Fich:632][Doss:4] C:\DOCUME~1\Maison\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 20:16:12,87 ]----------------------

Re,

Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne tous les emplacements dans le cadre ci-dessous :


---> Clique-droit puis Copier (ou Ctrl+C)

Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur [#ff0000]MoveIt![/#f]

[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]

Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

->Informations sur le logiciel<-

C:\DOCUME~1\ALLUSE~1\APPLIC~1\idle wma bin ford moved successfully.
C:\DOCUME~1\Maison\APPLIC~1\ONEVGA~1 moved successfully.

Created on 01/23/2008 20:48:27

Reposte un rapport Hijackthis.

Logfile of HijackThis v1.99.1
Scan saved at 21:01:10, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\apps\ABoard\AOSD.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: http://www.neopets.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.downloa...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\..\{446AC8AB-A3AD-48FA-98D9-552A983B3BA0}: NameServer = 212.27.39.1,212.27.39.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - Unknown owner - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

On va terminer  

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic

C'est long, à peine à 10% là... Bref je continue ça demain, je t'enverrai le rapport demain soir. Merci beaucoup en tout cas pour ton aide  

Ok  

Re ! Et bah ce fut laborieux, mais j'ai réussi...


AntiVir PersonalEdition Classic
Report file date: 2008-01-24 22:36

Scanning for 1065753 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Maison
Computer name: SN300457510009

Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 20:43:17
ANTIVIR2.VDF : 7.0.2.0 948736 Bytes 2008-01-15 20:43:17
ANTIVIR3.VDF : 7.0.2.36 347648 Bytes 2008-01-23 20:48:26
AVEWIN32.DLL : 7.6.0.48 3080704 Bytes 2008-01-24 20:48:26
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-01-24 20:48:26
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Use file extension list
File extensions..................: -RAR,-ZIP,
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2008-01-24 22:36

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'ViewMgr.exe' - '1' Module(s) have been scanned
Scan process 'AOSD.EXE' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'ABOARD.EXE' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ViewpointService.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
36 processes with 36 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '40' files ).


Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Navilog1\Backupnavi\aibyauwu.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47fb157a.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\akfonjug.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47ff158c.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\bekfgocd.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '48041586.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\ducpbsbo.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] A backup was created as '47fc1596.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\egaswejv.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47fa1589.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\ehjyuhmp.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '4803158a.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\epxxnqbs.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] A backup was created as '48111592.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\euoptiio.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] A backup was created as '48081597.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\gbvwgpnk.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '480f1585.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\gwbeashg.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47fb159a.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\hfscsoya.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '480c1589.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\hjfthtge.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47ff158e.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\ifnbockd.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '4807158a.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\ihaipoqb.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47fa158c.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\jxkkjoqy.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '4804159d.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\kljgxfxp.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '48031591.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\kvioigne.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '4802159b.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\lpyiynan.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] A backup was created as '48121595.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\mcedooit.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47fe1589.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\mklihnbb.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '48051591.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\mokwoogg.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] A backup was created as '48041595.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\muyldqho.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] A backup was created as '4812159c.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\mxfegaxf.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] A backup was created as '47ff159f.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\nhwudrtd.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] A backup was created as '4810158f.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\nxcxxrtw.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47fc159f.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\okvnredy.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '480f1593.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\pagscdlv.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] A backup was created as '48001589.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\pqmjdabq.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '48061599.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\qngfcnnh.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '48001596.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\qtuooohy.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '480e159d.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\rjswjpsh.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '480c1593.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\rpygshdc.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '48121599.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\rxwykoyl.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '481015a2.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\samoshkc.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '4806158b.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\skxymoai.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '48111595.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\smtkcpfh.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '480d1597.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\tcikvhwq.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '4802158e.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\tftjefox.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '480d1591.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\tqfjxrco.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47ff159c.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\tqnjnfsv.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '4807159d.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\tvtewpvt.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '480d15a2.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\upngjkph.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '4807159c.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\wbxlmbms.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '4811158e.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\wqvbnbuo.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '480f159e.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\wudrdgcb.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47fd15a2.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\xljxsoqf.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '48031599.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\xwovcgir.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '480815a5.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\Backupnavi\ycyctffn.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '48121591.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Satsuki Decoder Pack\wmv\WMVPostpross.exe
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[INFO] A backup was created as '47ef15d1.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1439\A0325570.dll
[DETECTION] Is the Trojan horse TR/BHO.afe
[INFO] A backup was created as '47cc1f7b.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1439\A0325575.dll
[DETECTION] Is the Trojan horse TR/Vundo.DMY
[INFO] A backup was created as '47cc1f7c.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1440\A0325665.exe
[DETECTION] Is the Trojan horse TR/Agent.aoy.1
[INFO] A backup was created as '47cc1f81.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1440\A0325666.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] A backup was created as '46a23b6a.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1440\A0325667.dll
[DETECTION] Is the Trojan horse TR/Juan.H.2
[INFO] A backup was created as '47cc1f83.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1440\A0325668.exe
[DETECTION] Contains detection pattern of the worm WORM/RJUMP.D
[INFO] A backup was created as '47cc1f82.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1445\A0325929.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] A backup was created as '47cc1f9d.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1445\A0325930.exe
[DETECTION] Is the Trojan horse TR/Obfusgen.A.5437
[INFO] A backup was created as '47cc1fa4.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0325987.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1fac.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0325988.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1fad.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0325989.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b46.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0325990.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] A backup was created as '47cc1faf.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0325991.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1fae.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0325992.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b47.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0325993.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] A backup was created as '47cc1fa0.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0325994.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] A backup was created as '46a23b49.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0325995.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b58.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0325996.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1fb1.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0325997.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b5a.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0325998.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1fb3.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0325999.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1fb0.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326000.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b59.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326001.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1fb2.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326002.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b5c.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326003.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1fb5.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326004.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] A backup was created as '46a23b5e.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326005.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1fb7.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326006.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b5b.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326007.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] A backup was created as '47cc1fb4.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326008.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] A backup was created as '46a23b5d.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326009.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] A backup was created as '46a23b50.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326010.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] A backup was created as '47cc1fb9.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326011.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b52.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326012.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1fbb.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326013.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] A backup was created as '47cc1fb6.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326014.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b5f.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326015.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1f88.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326016.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b61.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326017.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b54.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326018.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1fbd.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326019.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b56.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326020.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1fbf.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326021.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1f8a.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326022.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b63.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326023.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1f8c.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326024.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b65.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326025.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b28.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326026.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1fc1.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326027.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b2a.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326028.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1fb8.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326029.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b51.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326030.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1fba.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326031.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b53.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326032.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1fc3.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326033.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b2c.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1446\A0326034.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1fc5.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1447\A0326045.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] A backup was created as '46a23b2e.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1447\A0326046.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] A backup was created as '47cc1fc7.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1447\A0326047.dll
[DETECTION] Is the Trojan horse TR/Vundo.Dmp.37
[INFO] A backup was created as '46a23b20.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1447\A0326048.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] A backup was created as '47cc1fc9.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1447\A0326049.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] A backup was created as '47cc1fbc.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1447\A0326050.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] A backup was created as '46a23b55.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1447\A0326051.dll
[DETECTION] Is the Trojan horse TR/Vundo.Dmp.39
[INFO] A backup was created as '47cc1fbe.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1447\A0326052.dll
[DETECTION] Is the Trojan horse TR/JuanSearch.C
[INFO] A backup was created as '46a23b22.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1447\A0326053.dll
[DETECTION] Is the Trojan horse TR/Vundo.Dmp.46
[INFO] A backup was created as '47cc1fcb.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1447\A0326054.dll
[DETECTION] Is the Trojan horse TR/JuanSearch.C.1
[INFO] A backup was created as '46a23b24.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1447\A0326055.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] A backup was created as '47cc1fcd.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1447\A0326056.dll
[DETECTION] Is the Trojan horse TR/Vundo.DMP
[INFO] A backup was created as '46a23b57.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1447\A0326057.dll
[DETECTION] Is the Trojan horse TR/JuanSearch.C
[INFO] A backup was created as '47cc1f8e.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1447\A0326058.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] A backup was created as '46a23b67.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1447\A0326059.dll
[DETECTION] Is the Trojan horse TR/JuanSearch.C.1
[INFO] A backup was created as '47cc1f80.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1447\A0326060.dll
[DETECTION] Is the Trojan horse TR/JuanSearch.C.1
[INFO] A backup was created as '46a23b26.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1447\A0326061.dll
[DETECTION] Is the Trojan horse TR/JuanSearch.B
[INFO] A backup was created as '47cc1fcf.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1447\A0326062.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] A backup was created as '46a23b38.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1447\A0326063.dll
[DETECTION] Is the Trojan horse TR/Vundo.Dmp.24
[INFO] A backup was created as '47cc1fd1.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1447\A0326064.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] A backup was created as '47cc1fc0.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1447\A0326065.dll
[DETECTION] Is the Trojan horse TR/JuanSearch.C
[INFO] A backup was created as '46a23b29.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1447\A0326066.dll
[DETECTION] Is the Trojan horse TR/Vundo.Dmp.45
[INFO] A backup was created as '47cc1fc2.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1447\A0326067.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] A backup was created as '46a23b2b.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1447\A0326068.dll
[DETECTION] Is the Trojan horse TR/JuanSearch.C
[INFO] A backup was created as '46a23b3a.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1447\A0326069.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] A backup was created as '47cc1fd3.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1447\A0326070.dll
[DETECTION] Is the Trojan horse TR/BHO.BD.24
[INFO] A backup was created as '46a23b3c.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1450\A0326277.exe
[DETECTION] Contains detection pattern of the dropper DR/FraudTool.SpywareSecure.A
[INFO] A backup was created as '47cc1fd5.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326806.exe
[DETECTION] Contains detection pattern of the dropper DR/FraudTool.SpywareSecure.A
[INFO] A backup was created as '47cc1fdf.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326810.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1fe0.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326811.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b09.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326812.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1fe2.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326813.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] A backup was created as '47cc1fe1.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326814.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b0a.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326815.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1fe3.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326816.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] A backup was created as '46a23b0c.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326817.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] A backup was created as '46a23b0b.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326818.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1fe4.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326819.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b0d.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326820.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1fe6.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326821.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1fe5.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326822.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b0e.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326823.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1fe7.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326824.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b00.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326825.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b0f.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326826.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1ff8.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326827.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] A backup was created as '46a23b11.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326828.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1ffa.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326829.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1fe9.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326830.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] A backup was created as '46a23b02.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326831.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] A backup was created as '47cc1feb.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326832.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] A backup was created as '46a23b04.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326833.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] A backup was created as '46a23b13.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326834.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1ffc.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326835.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b15.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326836.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] A backup was created as '47cc1ffe.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326837.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1fed.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326838.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b06.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326839.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23c18.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326840.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1fef.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326841.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1fe8.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326842.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b01.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326843.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1fea.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326844.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b03.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326845.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b18.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326846.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1ff1.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326847.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b1a.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326848.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1ff3.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326849.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1fec.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326850.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b05.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326851.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1fee.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326852.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b07.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326853.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b1c.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326854.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1ff5.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326855.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b1e.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326856.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '47cc1ff7.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326857.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] A backup was created as '46a23b17.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1452\A0326858.exe
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[INFO] A backup was created as '47cc1ff0.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\eqkqxjej.exe
[DETECTION] Is the Trojan horse TR/Agent.aoy.1
[INFO] A backup was created as '48042732.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\heermoie.exe
[DETECTION] Is the Trojan horse TR/Agent.aoy.1
[INFO] A backup was created as '47fe2729.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\icjeafwp.exe
[DETECTION] Is the Trojan horse TR/Agent.aoy.1
[INFO] A backup was created as '48032729.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\jimcuych.exe
[DETECTION] Is the Trojan horse TR/Agent.aoy.1
[INFO] A backup was created as '48062733.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\kfvsykju.exe
[DETECTION] Is the Trojan horse TR/Agent.aoy.1
[INFO] A backup was created as '480f2732.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\lmrucbir.exe
[DETECTION] Is the Trojan horse TR/Agent.aoy.1
[INFO] A backup was created as '480b273b.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\mfjjjwlh.exe
[DETECTION] Is the Trojan horse TR/Agent.anr.1
[INFO] A backup was created as '48032737.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\nexooyty.exe
[DETECTION] Is the Trojan horse TR/Agent.aoy.1
[INFO] A backup was created as '4811273f.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\nnkflbvm.exe
[DETECTION] Is the Trojan horse TR/Agent.aoy.1
[INFO] A backup was created as '48042749.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\oqfkself.exe
[DETECTION] Is the Trojan horse TR/Agent.aoy.1
[INFO] A backup was created as '47ff274f.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\tdistlgj.exe
[DETECTION] Is the Trojan horse TR/Agent.aoy.1
[INFO] A backup was created as '48022752.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\uqettwtt.exe
[DETECTION] Is the Trojan horse TR/Agent.aoy.1
[INFO] A backup was created as '47fe2761.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\vswusdhr.exe
[DETECTION] Is the Trojan horse TR/Agent.aoy.1
[INFO] A backup was created as '48102766.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\xthlcohi.exe
[DETECTION] Is the Trojan horse TR/Agent.aoy.1
[INFO] A backup was created as '4801276e.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\ActiveScan\imscan.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[INFO] A backup was created as '480c2769.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: 2008-01-25 01:03
Used time: 2:27:05 min

The scan has been done completely.

7992 Scanning directories
227802 Files were scanned
197 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
197 files were deleted
0 files were repaired
197 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
227605 Files not concerned
7393 Archives were scanned
3 Warnings
1 Notes

Reposte un rapport Hijackthis  

Logfile of HijackThis v1.99.1
Scan saved at 22:24, on 2008-01-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Sports Interactive\Football Manager 2007\fm.exe
C:\DOCUME~1\Maison\LOCALS~1\Temp\~e5.0001
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {91B4FD8D-1AC4-4B6F-BB27-1A5E83ABD881} - C:\WINDOWS\system32\pmkhi.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: http://www.neopets.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.downloa...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\..\{446AC8AB-A3AD-48FA-98D9-552A983B3BA0}: NameServer = 212.27.39.1,212.27.39.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: iifdayw - iifdayw.dll (file missing)
O20 - Winlogon Notify: pmkhi - C:\WINDOWS\system32\pmkhi.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - Unknown owner - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Re,

Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES

Re, c'est fait  

Reposte un rapport Hijackthis  

Logfile of HijackThis v1.99.1
Scan saved at 20:23, on 2008-01-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Sports Interactive\Football Manager 2007\fm.exe
C:\DOCUME~1\Maison\LOCALS~1\Temp\~e5.0001
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.downloa...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\..\{446AC8AB-A3AD-48FA-98D9-552A983B3BA0}: NameServer = 212.27.39.1,212.27.39.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - Unknown owner - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Mieux ?  

Oui, plus de pubs en tout cas, merci  

Des questions ?  

Nop, maintenant je vais apprendre ton dossier par coeur   Mais merci pour tout et de ta patience surtout  

De rien, bonne lecture  

bonjour je poste ici car mon pc semble infecté depuis que j'ai reçu par msn le virus "tu es nue" avant j'utilisais avast, ccleaner, zone alarm pare feu free,ad-aware 2007,avg anti-spyware,a-squarred free,spybot est ce une tros grosse protection car aucune de mes protections ne m'a protégé car modification fichier système,plus de restauration système,publicité
merci d'avance si quelq'un peut m'aider

On ne squatte pas les sujets de désinfection  

bonjour angeldark se topic ma bien aide a suprimé une partie des infection sur l ordi a mon collègue, malgré ca, parmis un de tes logiciel fais declancher nod32 sur un fichier dll ce nomant IHXUQKXF460003.DLL cheval de troie, je m apercoie tjr une liaison sur zone alarm du fichier PURE REF.exe du dossier initial STORE LESS JUGS SURF dans aplication data, une activiter de tentative conection de la part du site C2 MEDIA bloquer par PEERGARDIAN, mon ami été infecter par LOP SD et BUILD PING WEB... peut etre par autre chose encore... dis moi quand c est que tu seras dispo si possible pour que je puisse te metre en direct l état du pc de mon collégue encore merci pour toute reponce.

Merci de créer ton propre sujet.