Ordinateur infecté... mais virus inconnu [Résolu]
Forum Sécurité - Virus : Ordinateur infecté... mais virus inconnu [Résolu]
Re,
Voici le rapport Vundo :
VundoFix V6.3.2
Checking Java version...
Sun Java not detected
Scan started at 15:15:55 27/01/2007
Listing files found while scanning....
C:\WINDOWS\system32\awtqpnk.dll
C:\WINDOWS\system32\awtstrq.dll
C:\WINDOWS\system32\cbxvwww.dll
C:\WINDOWS\system32\ddcccbx.dll
C:\WINDOWS\system32\drcpsapi.dll
C:\WINDOWS\system32\fccawxu.dll
C:\WINDOWS\system32\gchbpbav.dll
C:\WINDOWS\system32\jkkiigg.dll
C:\WINDOWS\System32\mvgcmgew.dll
C:\WINDOWS\system32\pmnonom.dll
C:\WINDOWS\system32\qomjhfd.dll
C:\WINDOWS\system32\qomljgg.dll
C:\WINDOWS\System32\qqstv.bak1
C:\WINDOWS\System32\qqstv.bak2
C:\WINDOWS\System32\qqstv.ini
C:\WINDOWS\system32\rqrpnki.dll
C:\WINDOWS\system32\vabpbhcg.ini
C:\WINDOWS\System32\vtsqq.dll
C:\WINDOWS\system32\xxyaxus.dll
C:\WINDOWS\system32\yayyvvu.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\awtqpnk.dll
C:\WINDOWS\system32\awtqpnk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\awtstrq.dll
C:\WINDOWS\system32\awtstrq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbxvwww.dll
C:\WINDOWS\system32\cbxvwww.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcccbx.dll
C:\WINDOWS\system32\ddcccbx.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fccawxu.dll
C:\WINDOWS\system32\fccawxu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gchbpbav.dll
C:\WINDOWS\system32\gchbpbav.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkiigg.dll
C:\WINDOWS\system32\jkkiigg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnonom.dll
C:\WINDOWS\system32\pmnonom.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qomjhfd.dll
C:\WINDOWS\system32\qomjhfd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qomljgg.dll
C:\WINDOWS\system32\qomljgg.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\qqstv.bak1
C:\WINDOWS\System32\qqstv.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\System32\qqstv.bak2
C:\WINDOWS\System32\qqstv.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\System32\qqstv.ini
C:\WINDOWS\System32\qqstv.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\rqrpnki.dll
C:\WINDOWS\system32\rqrpnki.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vabpbhcg.ini
C:\WINDOWS\system32\vabpbhcg.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\xxyaxus.dll
C:\WINDOWS\system32\xxyaxus.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yayyvvu.dll
C:\WINDOWS\system32\yayyvvu.dll Has been deleted!
Performing Repairs to the registry.
Done!
**********************************************
Voici le rapport ComboFix
"Alexandre Dias" - 07-01-27 15:41:51 Service Pack 1
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Alexandre Dias\Bureau"
[color=red] ERROR !!! /wow section not completed[/color]
((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))
REGISTRY ENTRIES REMOVED:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\clsid\{142fdc13-da7b-4e5a-93a6-1f21fbc2c104}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\clsid\{142fdc13-da7b-4e5a-93a6-1f21fbc2c104}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{142fdc13-da7b-4e5a-93a6-1f21fbc2c104}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{142fdc13-da7b-4e5a-93a6-1f21fbc2c104}\InprocServer32]
@="C:\\WINDOWS\\system32\\lecdll.dll"
"ThreadingModel"="Apartment"Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\clsid\{ae301a0d-8244-49ea-b19b-ab3862bc5364}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\clsid\{ae301a0d-8244-49ea-b19b-ab3862bc5364}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{ae301a0d-8244-49ea-b19b-ab3862bc5364}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{ae301a0d-8244-49ea-b19b-ab3862bc5364}\InprocServer32]
@="C:\\WINDOWS\\system32\\btowseui.dll"
"ThreadingModel"="Apartment"Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\clsid\{6938f21c-5c87-47b6-a8d2-9dfebf5a381c}]
@=""
[HKEY_CLASSES_ROOT\clsid\{6938f21c-5c87-47b6-a8d2-9dfebf5a381c}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{6938f21c-5c87-47b6-a8d2-9dfebf5a381c}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{6938f21c-5c87-47b6-a8d2-9dfebf5a381c}\InprocServer32]
@="C:\\WINDOWS\\system32\\ayicap32.dll"
"ThreadingModel"="Apartment"Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\clsid\{5f2bb81e-2bf8-4223-ac3e-612516a50311}]
@=""
[HKEY_CLASSES_ROOT\clsid\{5f2bb81e-2bf8-4223-ac3e-612516a50311}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{5f2bb81e-2bf8-4223-ac3e-612516a50311}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{5f2bb81e-2bf8-4223-ac3e-612516a50311}\InprocServer32]
@="C:\\WINDOWS\\system32\\iyv6mon.dll"
"ThreadingModel"="Apartment"Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\clsid\{d3596afc-983d-4f09-90f6-5d3f9f25d41d}]
@=""
[HKEY_CLASSES_ROOT\clsid\{d3596afc-983d-4f09-90f6-5d3f9f25d41d}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{d3596afc-983d-4f09-90f6-5d3f9f25d41d}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{d3596afc-983d-4f09-90f6-5d3f9f25d41d}\InprocServer32]
"ThreadingModel"="Apartment"Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\clsid\{3b45a530-6fe9-43d5-8546-ce5091300b9d}]
@=""
[HKEY_CLASSES_ROOT\clsid\{3b45a530-6fe9-43d5-8546-ce5091300b9d}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{3b45a530-6fe9-43d5-8546-ce5091300b9d}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{3b45a530-6fe9-43d5-8546-ce5091300b9d}\InprocServer32]
"ThreadingModel"="Apartment"Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\clsid\{5be6cde0-433a-4504-a110-aa5e86d06bbd}]
@=""
[HKEY_CLASSES_ROOT\clsid\{5be6cde0-433a-4504-a110-aa5e86d06bbd}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{5be6cde0-433a-4504-a110-aa5e86d06bbd}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{5be6cde0-433a-4504-a110-aa5e86d06bbd}\InprocServer32]
"ThreadingModel"="Apartment"Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\clsid\{851a2473-3236-45f1-81a0-322205927621}]
@=""
[HKEY_CLASSES_ROOT\clsid\{851a2473-3236-45f1-81a0-322205927621}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{851a2473-3236-45f1-81a0-322205927621}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{851a2473-3236-45f1-81a0-322205927621}\InprocServer32]
@="C:\\WINDOWS\\system32\\drcpsapi.dll"
"ThreadingModel"="Apartment"
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Granting SeDebugPrivilege to Administrateurs ... successful
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\ASKS~1
C:\qoobox\purity\Program Files\ASKS~1\?icrosoft.NET
((((((((((((((((((((((((((((((( Files Created from 2006-12-27 to 2007-01-27 ))))))))))))))))))))))))))))))))))
2007-01-27 15:15 <REP> d----c--- C:\VundoFix Backups
2007-01-27 15:05 <REP> d-------- C:\Program Files\Sunbelt Software
2007-01-27 15:00 42,692 --a------ C:\WINDOWS\system32\kernelex6.exe
2007-01-23 18:27 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-23 17:42 94,208 -r-hs---- C:\WINDOWS\system32\zvlaau.exe
2007-01-23 17:42 390 --a--c--- C:\chemical.exe
2007-01-23 17:42 3,281 --a------ C:\WINDOWS\system32\autosys.exe
2007-01-23 17:41 94,208 -ra------ C:\WINDOWS\system32\msinnt.exe
2007-01-20 18:56 0 --a------ C:\WINDOWS\system32\setup_55302.exe
2007-01-20 18:51 0 --a--c--- C:\raxkkvo.exe
2007-01-20 18:48 0 --a--c--- C:\amwapy.exe
2007-01-20 18:48 0 --a--c--- C:\aklrkeh.exe
2007-01-19 13:01 6,143 --a------ C:\WINDOWS\system32\3963185065.dll
2007-01-19 12:52 49,152 --a--c--- C:\elljoi.exe
2007-01-19 12:52 1,024 --a--c--- C:\ypcqmug.exe
2007-01-19 12:51 30,720 --a------ C:\WINDOWS\system32\ctpmon.exe
2007-01-14 14:20 <REP> d-------- C:\DOCUME~1\Kevin\Application Data\SearchToolbarCorp
2007-01-14 14:11 45,568 --a--c--- C:\mfye.exe
2007-01-13 23:02 <REP> d-------- C:\DOCUME~1\Kevin\Application Data\AdobeUM
2007-01-13 22:58 23,552 --a--c--- C:\giicqk.exe
2007-01-13 22:58 1,024 --a--c--- C:\jswaao.exe
2007-01-13 18:12 1,024 --a--c--- C:\eimh.exe
2007-01-13 17:21 <REP> d-------- C:\Program Files\SymNetDrv
2007-01-13 17:10 34,578 --a------ C:\WINDOWS\system32\drivers\NPDRIVER.SYS
2007-01-13 16:59 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-01-13 16:59 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-01-13 16:59 <REP> d-------- C:\Program Files\Norton AntiVirus
2007-01-13 16:58 <REP> d-------- C:\Program Files\Symantec
2007-01-10 18:09 44,032 --a--c--- C:\loder.exe
2007-01-10 15:09 1,024 --a--c--- C:\wrncp.exe
2007-01-09 16:45 42,692 --a------ C:\WINDOWS\system32\svhostz7.exe
2007-01-09 13:01 1,024 --a--c--- C:\nsrat.exe
2007-01-08 17:15 30,221 -----c--- C:\rmfi.exe
2007-01-08 17:14 84,480 -r-hs---- C:\WINDOWS\wpablan.exe
2007-01-07 20:38 <REP> d-------- C:\DOCUME~1\Kevin\Application Data\Symantec
2007-01-06 22:51 <REP> d--hs---- C:\found.000
2007-01-06 22:25 0 --a--c--- C:\whmiqq.exe
2007-01-06 22:25 0 --a--c--- C:\pjvatvux.exe
2007-01-06 22:25 0 --a--c--- C:\omhran.exe
2007-01-06 22:25 0 --a--c--- C:\ngaobk.exe
2007-01-06 22:25 0 --a--c--- C:\doqic.exe
2007-01-06 22:25 0 --a--c--- C:\cgpevf.exe
2007-01-06 22:24 0 --a--c--- C:\ntbtggkm.exe
2007-01-06 22:24 0 --a--c--- C:\jtcjyqpk.exe
2007-01-06 16:19 <REP> d----c--- C:\DOCUME~1\ALEXAN~1\Application Data\Ultimate Cleaner
2007-01-06 14:27 <REP> d-------- C:\DOCUME~1\Kevin\Application Data\Ultimate Cleaner
2007-01-05 12:08 <REP> d-------- C:\DOCUME~1\Kevin\Application Data\Ultimate Defender
2007-01-05 11:37 <REP> d---s---- C:\DOCUME~1\NETWOR~1\Favoris
2007-01-05 11:37 <REP> d---s---- C:\DOCUME~1\NETWOR~1\Favoris
2007-01-05 11:36 <REP> d-------- C:\DOCUME~1\NETWOR~1\Menu D‚marrer
2007-01-05 11:36 <REP> d-------- C:\DOCUME~1\NETWOR~1\Menu D‚marrer
2007-01-03 16:35 <REP> d-------- C:\Program Files\Alwil Software
2007-01-03 16:24 0 --a------ C:\WINDOWS\system32\setup_53572.exe
2007-01-03 13:53 22,016 --a------ C:\WINDOWS\system32\Partizan.exe
2007-01-03 13:52 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2007-01-03 10:11 0 --a------ C:\WINDOWS\system32\hrcopul.dll
2007-01-03 10:05 <REP> d-------- C:\Program Files\Ultimate Cleaner
2007-01-02 15:11 0 --a------ C:\WINDOWS\internat.exe
2007-01-02 15:11 <REP> d-------- C:\Program Files\password recovery pro demo
2007-01-02 15:11 <REP> d-------- C:\DOCUME~1\Kevin\Application Data\adprotect nospam
2007-01-02 14:54 0 --a--c--- C:\sdqmmkl.exe
2007-01-02 13:55 133,727 --a--c--- C:\ragh.exe
2007-01-02 10:05 84,480 -r-hs---- C:\WINDOWS\WeRecl.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-23 18:51 -------- d----c--- C:\Program Files\Fichiers communs\symantec shared
2007-01-23 18:49 -------- d-------- C:\Program Files\deskbar
2007-01-13 16:59 10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-01-06 22:03 -------- d-------- C:\Program Files\google
2007-01-06 16:19 -------- d----c--- C:\Documents and Settings\Alexandre Dias\Application Data\ultimate cleaner
2007-01-05 12:24 -------- d-------- C:\Program Files\msn messenger
2007-01-04 20:16 656 --a------ C:\WINDOWS\system32\sfc_os.dll
2007-01-03 16:23 -------- d----c--- C:\Documents and Settings\Alexandre Dias\Application Data\google
2006-12-22 10:48 -------- d----c--- C:\Documents and Settings\Alexandre Dias\Application Data\logitech
2006-12-19 20:55 -------- d--h----- C:\Program Files\installshield installation information
2006-12-19 20:55 -------- d-------- C:\Program Files\musicmatch
2006-12-19 20:52 118784 -r------- C:\WINDOWS\bwunin-7.2.0.137-8876480sl.exe
2006-12-19 20:52 -------- d-------- C:\Program Files\logitech
2006-12-19 20:47 -------- d-------- C:\Program Files\Fichiers communs\logitech
2006-12-01 23:35 -------- d----c--- C:\Documents and Settings\Alexandre Dias\Application Data\prevx
2006-11-21 17:20 0 --a------ C:\WINDOWS\system32\setup_66621.exe
2006-11-11 14:34 0 --a------ C:\WINDOWS\system32\setup_12517.exe
2006-11-07 13:27 675840 --a------ C:\WINDOWS\system32\cduninst.exe
2006-10-31 13:57 0 --a------ C:\WINDOWS\system32\setup_02004.exe
2006-10-31 09:48 0 --a------ C:\WINDOWS\system32\setup_52574.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"LBqERRdqP"="desrhook.exe"
"Instant Access"="rundll32.exe EGACCESS4_1066.dll,InstantAccess"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.6962\\GoogleToolbarNotifier.exe"
"ctpmon"="ctpmon.exe"
"Win32"="zvlaau.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"nwiz"="nwiz.exe /install"
"SoundMan"="SOUNDMAN.EXE"
"Microsoft Works Update Detection"="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"EoEngine"=""
"EoComputer"=""
"EPSON Stylus Photo RX520 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAGE.EXE /P31 \"EPSON Stylus Photo RX520 Series\" /O6 \"USB001\" /M \"Stylus Photo RX520\""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"ixjapkwmbu"="c:\\windows\\system32\\ixjapkwmbu.exe ixjapkwmbu"
"hrcopul.dll"="C:\\WINDOWS\\System32\\rundll32.exe \"C:\\Documents and Settings\\LocalService\\Local Settings\\Application Data\\hrcopul.dll\",vuljcec"
"AutoSys"="C:\\WINDOWS\\System32\\autosys.exe"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"SvcManager"="kernelex6.exe"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"
"ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
"Advanced Tools Check"="C:\\PROGRA~1\\NORTON~1\\AdvTools\\ADVCHK.EXE"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"Win32"="zvlaau.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\0]
"Operation"=dword:00000001
"Target"="\\??\\C:\\DOCUME~1\\Kevin\\LOCALS~1\\Temp\\h91746.exe"
"Source"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\1]
"Operation"=dword:00000001
"Target"="\\??\\C:\\DOCUME~1\\Kevin\\LOCALS~1\\Temp\\gis2d4897"
"Source"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\2]
"Operation"=dword:00000001
"Target"="C:\\WINDOWS\\SYSTEM32\\KERNEL~1.EXE"
"Source"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Win32"="zvlaau.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\InterVideo WinCinema Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Lancement rapide d'Adobe Reader.lnk"
"backup"="C:\\WINDOWS\\pss\\Lancement rapide d'Adobe Reader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Lancement rapide d'Adobe Reader"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~4\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CAMTRAY"
"hkey"="HKLM"
"command"="C:\\Program Files\\Creative\\Shared Files\\CAMTRAY.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eBayTBDaemon"
"hkey"="HKLM"
"command"="C:\\Program Files\\eBay\\eBay Toolbar2\\eBayTBDaemon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mm_tray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.6962\\GoogleToolbarNotifier.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ultimate Cleaner]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="App"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Ultimate Cleaner\\App.exe\" hide"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="dxclib303562752.dll,wbsys.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{09F9FFD2-7232-4158-B29B-648FE4E9C85C}"=""
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Cccs"="\"C:\\PROGRA~1\\ASKS~1\\iexplore.exe\" -vt yazr"
"WinInit"="\"C:\\WINDOWS\\TEMP\\241437.exe\" "
"Win32"="zvlaau.exe"
"ctpmon"="ctpmon.exe"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Cccs"="\"C:\\PROGRA~1\\ASKS~1\\iexplore.exe\" -vt yazr"
"WinInit"="\"C:\\WINDOWS\\TEMP\\241437.exe\" "
"Win32"="zvlaau.exe"
"ctpmon"="ctpmon.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtsqq
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 07-01-27 15:53:03
************************************************
Voici le Rapport FixNavi
Search Navipromo version 1.0.3 commencé le 27/01/2007 à 16:01:31,82
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!
Fix lancé depuis C:\Documents and Settings\Alexandre Dias\Bureau\navilog1
Mise a jour le 26.01.2007 a 18h00 by IL-MAFIOSO
Executé en mode normal
*** Recherche Programmes installes ***
Instant Access
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
C:\Program Files\WebMediaPlayer trouvé !
*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***
*** Recherche dossiers dans C:\Documents and Settings\Alexandre Dias\Application Data ***
*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
http://www.f-secure.com/blacklight [...] _help.html
F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================
Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1055.
[+] Started on 01/27/07 at 16:01:35.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items ................................................................................................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 01/27/07 at 16:15:46 (return code = 0).
*** Recherche fichiers ***
C:\WINDOWS\tmlpcert2007 trouvé !
C:\WINDOWS\system32\egaccess4_1064.dll trouvé !
C:\WINDOWS\system32\nvs2.inf trouvé !
*** Recherche cles registre ***
Recharche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
C:\WINDOWS\System32\egaccess4_1064.dll REG_DWORD 0x1
C:\WINDOWS\System32\egaccess4_1066.dll REG_DWORD 0x1
Recharche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C
WINDOWS/System32/egaccess4_1064.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\CWINDOWS/System32/egaccess4_1066.dll
Recherche Clé Magic Control
HKEY_CURRENT_USER\Software\Lanconfig trouvé !
*** Module de recherche complémentaire ***
(recherche fichiers spécifiques)
C:\WINDOWS\system32\ixjapkwmbu.dat
*** Analyse Terminé le 27/01/2007 à 16:17:43,31 ***
***************************************************
Voici le Rapport HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 16:28:38, on 27/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\wpablan.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\kernelex6.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\zvlaau.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\ctpmon.exe
C:\WINDOWS\System32\ctpmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\Rar$EX00.094\scanner.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: {EA551C00-2AE5-11d3-8592-00A0C98E9EA4} - - (no file)
O2 - BHO: (no name) - {09F9FFD2-7232-4158-B29B-648FE4E9C85C} - C:\WINDOWS\System32\xxyaxus.dll (file missing)
O2 - BHO: (no name) - {4EAFF741-9C5C-437C-93CC-928CC099E4DA} - C:\WINDOWS\System32\vtsqq.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\mvgcmgew.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ixjapkwmbu] c:\windows\system32\ixjapkwmbu.exe ixjapkwmbu
O4 - HKLM\..\Run: [hrcopul.dll] C:\WINDOWS\System32\rundll32.exe "C:\Documents and Settings\LocalService\Local Settings\Application Data\hrcopul.dll",vuljcec
O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\System32\autosys.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SvcManager] kernelex6.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Win32] zvlaau.exe
O4 - HKLM\..\RunServices: [Win32] zvlaau.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LBqERRdqP] desrhook.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGACCESS4_1066.dll,InstantAccess
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctpmon] ctpmon.exe
O4 - HKCU\..\Run: [Win32] zvlaau.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: WkCalRem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?dff67217d1bd45188cd2a6788b6b13c0
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?dff67217d1bd45188cd2a6788b6b13c0
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/ga [...] dot8_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/ga [...] ltt3_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/ga [...] /tt3_x.cab
O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - http://scripts.dlv4.com/binaries/e [...] 064_XP.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {27FA5271-12D2-43E3-9424-365A43236EE7} (PIXACO upload plugin) - http://fr.pixaco.com/static/download/iedropupload.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepira [...] Loader.dll
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/20adb2 [...] 601_fr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.misterclic.fr/Component [...] oader3.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/s [...] Plugin.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVC Download Control) - http://www.sonypictures.com/games/ [...] ontrol.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/671 [...] taller.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/conten [...] loader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn. [...] Atchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {FA1D6D8F-C6ED-4752-8512-A33283240130} - http://scripts.dlv4.com/binaries/e [...] 066_XP.cab
O18 - Protocol: bw+0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: dxclib303562752.dll,wbsys.dll
O20 - Winlogon Notify: vtsqq - C:\WINDOWS\System32\vtsqq.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Install Driver Manager (Install Driver Table Manager) - Unknown owner - C:\WINDOWS\wpablan.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Services IPSEC PolicyAgentNetlogon (PolicyAgentNetlogon) - Unknown owner - C:\WINDOWS\System32\23930.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Microsoft Windows Als Service (Windows Als Service) - Conexant Systems - (no file)
O23 - Service: Microsoft Apache for Windows (Windows Apache Service) - Unknown owner - C:\WINDOWS\wpablin.exe (file missing)
O23 - Service: Windows Atapi Driver - Unknown owner - (no file)
****************************************************
Je pense que c'est pas encore fini 
mais je te remerci déjà pour ce que tu fais
Loin d'être fini
Redémarre en mode sans échec
Double clique sur Navilog1.bat.
Choisis maintenant l'option 2 puis valide.
Laisse toi guider et réponds aux questions éventuelles.
Réponds aux questions éventuelles.
Ton bureau va disparaître, c'est normal !
Patiente jusqu'à l'apparition de ce message :
"*** Nettoyage Termine le ..... ***"
Appuie sur une touche comme demandé, le Bloc-notes va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver en mode normal.
Referme le Bloc-notes. Ton bureau va maintenant réapparaître.
Redémarre normalement puis poste le rapport sauvegardé auparavant (C:\cleannavi.txt).
**********
Télécharge Look2Me-Destroyer.exe (par Atribune) sur ton Bureau.
- Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
- Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
- Coche Run this program as a task
- Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 1 minute". Clique OK
- Il se relancera après la minute, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.
- Lorsque le scan termine, clique sur le bouton Remove L2M
- Un message Done Scanning apparaîtra, clique OK.
- Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.
- Ton PC va maintenant s'éteindre.
- Démarre ton PC normalement.
- Colle le rapport généré (Look2Me-Destroyer.txt), situé sur le Bureau, ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
** Si Look2Me-Destroyer ne se relance pas automatiquement après la minute, redémarre et essaie à nouveau.
Passe en sans échec 
Re,
Voici les différents rapports :
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 16:45:08 07/02/2007
+ Résultat de l'analyse:
HKU\S-1-5-21-1844237615-746137067-839522115-1002\Software\Apropos -> Adware.Apropos : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\DeluxeCommunications -> Adware.DeluxeCommunications : Nettoyé et sauvegardé (mise en quarantaine).
HKU\.DEFAULT\Software\DeluxeCommunications -> Adware.DeluxeCommunications : Nettoyé et sauvegardé (mise en quarantaine).
HKU\.DEFAULT\Software\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Nettoyé et sauvegardé (mise en quarantaine).
HKU\S-1-5-18\Software\DeluxeCommunications -> Adware.DeluxeCommunications : Nettoyé et sauvegardé (mise en quarantaine).
HKU\S-1-5-18\Software\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\awtqpnk.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\awtstrq.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\cbxvwww.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\jkkiigg.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\pmnonom.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\qomjhfd.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\qomljgg.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\yayyvvu.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\msinnt.exe -> Backdoor.Rbot.bvz : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\zvlaau.exe -> Backdoor.Rbot.bvz : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0ZI3YB21\iciefpcczr[1].txt -> Downloader.Obfuscated.bh : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\sfc_os.dll -> Downloader.SFC.os : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\838ZGJO7\flescyzjj[1].htm -> Downloader.Small.ddy : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KTWP4HMR\flescyzjj[1].htm -> Downloader.Small.ddy : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CF6PIDQH\loaded[1].exe -> Downloader.Small.edb : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZG6YRVTH\loadadv[1].exe -> Downloader.Small.edb : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\838ZGJO7\loaded[1].exe -> Downloader.Small.edb : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\8XEFSLYR\ml[1].htm -> Downloader.Small.efh : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\LRVZ194E\ml[1].exe -> Downloader.Small.efh : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KTWP4HMR\lfolv[1].htm -> Hijacker.Agent.is : Nettoyé et sauvegardé (mise en quarantaine).
C:\mfye.exe -> Hijacker.Agent.is : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\QLOVMHKT\script-28[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Kevin\Cookies\kevin@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\Kevin\Cookies\kevin@oasc02.247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.6:C:\Documents and Settings\Alexandre Dias\Application Data\Mozilla\Firefox\Profiles\napznp4f.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.7:C:\Documents and Settings\Alexandre Dias\Application Data\Mozilla\Firefox\Profiles\napznp4f.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\Kevin\Cookies\kevin@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\Kevin\Cookies\kevin@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\Sabrina\Local Settings\Temp\Cookies\sabrina@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\Kevin\Cookies\kevin@adviva[2].txt -> TrackingCookie.Adviva : Nettoyé.
C:\Documents and Settings\Kevin\Cookies\kevin@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Kevin\Cookies\kevin@bfast[2].txt -> TrackingCookie.Bfast : Nettoyé.
C:\Documents and Settings\Kevin\Cookies\kevin@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Sabrina\Local Settings\Temp\Cookies\sabrina@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Kevin\Cookies\kevin@banner.casinoking[2].txt -> TrackingCookie.Casinoking : Nettoyé.
C:\Documents and Settings\Kevin\Cookies\kevin@casinoking[2].txt -> TrackingCookie.Casinoking : Nettoyé.
C:\Documents and Settings\Kevin\Cookies\kevin@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyé.
C:\Documents and Settings\Kevin\Cookies\kevin@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Kevin\Cookies\kevin@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\Sabrina\Local Settings\Temp\Cookies\sabrina@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.10:C:\Documents and Settings\Alexandre Dias\Application Data\Mozilla\Firefox\Profiles\napznp4f.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.11:C:\Documents and Settings\Alexandre Dias\Application Data\Mozilla\Firefox\Profiles\napznp4f.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.12:C:\Documents and Settings\Alexandre Dias\Application Data\Mozilla\Firefox\Profiles\napznp4f.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.13:C:\Documents and Settings\Alexandre Dias\Application Data\Mozilla\Firefox\Profiles\napznp4f.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.8:C:\Documents and Settings\Alexandre Dias\Application Data\Mozilla\Firefox\Profiles\napznp4f.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.9:C:\Documents and Settings\Alexandre Dias\Application Data\Mozilla\Firefox\Profiles\napznp4f.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
C:\Documents and Settings\Kevin\Cookies\kevin@searchportal.information[1].txt -> TrackingCookie.Information : Nettoyé.
C:\Documents and Settings\Kevin\Cookies\kevin@linksynergy[2].txt -> TrackingCookie.Linksynergy : Nettoyé.
C:\Documents and Settings\Kevin\Cookies\kevin@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Nettoyé.
C:\Documents and Settings\Kevin\Cookies\kevin@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Sabrina\Local Settings\Temp\Cookies\sabrina@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Kevin\Cookies\kevin@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Nettoyé.
C:\Documents and Settings\Kevin\Cookies\kevin@overture[2].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Kevin\Cookies\kevin@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Nettoyé.
C:\Documents and Settings\Kevin\Cookies\kevin@revenue[2].txt -> TrackingCookie.Revenue : Nettoyé.
C:\Documents and Settings\Sabrina\Local Settings\Temp\Cookies\sabrina@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Sabrina\Local Settings\Temp\Cookies\sabrina@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Kevin\Cookies\kevin@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Sabrina\Local Settings\Temp\Cookies\sabrina@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Kevin\Cookies\kevin@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Sabrina\Local Settings\Temp\Cookies\sabrina@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Kevin\Cookies\kevin@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\WINDOWS\system32\3963185065.dll -> Trojan.Ceda.b : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\Com\install.bat -> Trojan.Drev : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CF6PIDQH\dwtmjkgh[1].htm -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CF6PIDQH\hgmslsbl[1].htm -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CF6PIDQH\hloptxakt[1].htm -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OJUYI0A3\syvspzzjtp[1].htm -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZG6YRVTH\puwgdnk[1].htm -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZG6YRVTH\unxtdrnolu[1].htm -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\838ZGJO7\hgmslsbl[1].htm -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KTWP4HMR\unxtdrnolu[1].htm -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
C:\eimh.exe -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
C:\jswaao.exe -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
C:\nsrat.exe -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
C:\wrncp.exe -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
C:\ypcqmug.exe -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
*******************************************************
Logfile of HijackThis v1.99.1
Scan saved at 16:47:29, on 07/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\Rar$EX01.031\scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: {EA551C00-2AE5-11d3-8592-00A0C98E9EA4} - - (no file)
O2 - BHO: (no name) - {09F9FFD2-7232-4158-B29B-648FE4E9C85C} - C:\WINDOWS\System32\xxyaxus.dll (file missing)
O2 - BHO: (no name) - {4EAFF741-9C5C-437C-93CC-928CC099E4DA} - C:\WINDOWS\System32\vtsqq.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\mvgcmgew.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ixjapkwmbu] c:\windows\system32\ixjapkwmbu.exe ixjapkwmbu
O4 - HKLM\..\Run: [hrcopul.dll] C:\WINDOWS\System32\rundll32.exe "C:\Documents and Settings\LocalService\Local Settings\Application Data\hrcopul.dll",vuljcec
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LBqERRdqP] desrhook.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: WkCalRem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?dff67217d1bd45188cd2a6788b6b13c0
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?dff67217d1bd45188cd2a6788b6b13c0
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/ga [...] dot8_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/ga [...] ltt3_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/ga [...] /tt3_x.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {27FA5271-12D2-43E3-9424-365A43236EE7} (PIXACO upload plugin) - http://fr.pixaco.com/static/download/iedropupload.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepira [...] Loader.dll
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/20adb2 [...] 601_fr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.misterclic.fr/Component [...] oader3.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/s [...] Plugin.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVC Download Control) - http://www.sonypictures.com/games/ [...] ontrol.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/671 [...] taller.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/conten [...] loader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn. [...] Atchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O18 - Protocol: bw+0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: dxclib303562752.dll,wbsys.dll
O20 - Winlogon Notify: vtsqq - C:\WINDOWS\System32\vtsqq.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Install Driver Manager (Install Driver Table Manager) - Unknown owner - C:\WINDOWS\wpablan.exe (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Services IPSEC PolicyAgentNetlogon (PolicyAgentNetlogon) - Unknown owner - C:\WINDOWS\System32\23930.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Microsoft Windows Als Service (Windows Als Service) - Conexant Systems - (no file)
O23 - Service: Micros
*******************************************************
Voila, bonne chance
Poste un rapport Combofix.
On passe aux choses sérieuses
Re,
Télécharge KillBox d'Option^Explicit.
Dézippe le dans un dossier ou sur ton bureau (Clique droit puis Extraire Tout).
Selectionne le texte dans le cadre :
| Citation : C:\chemical.exe
|
---> Clique Droit puis Copier.
----------
-- Ouvre Killbox.exe
-- Choisis "Delete on reboot"
-- Clique sur :
- " File " -> " Paste from Clipboard "
- " All Files "
Pour terminer clique sur ![[:angeldark:3]](http://img.infos-du-net.com/forum/images/perso/3/angeldark.gif "[:angeldark:3]")
Une question te sera alors posée :
" File will be Removed on Reboot, Do you want to reboot now ? "
-- Répond par OUI, un compte à rebours s'enclenche, ton PC va redémarrer.
-- Après redémarrage, relance Killbox puis clique sur le menu : Files -> Logs -> Actions History Log, poste ce rapport ici.
NOTE: Si tu reçois le message "PendingFileRenameOperations Registry Data has been removed by external process!"
Redémarre ton PC manuellement.
AIDE : Tuto sur KillBox (Jesses)
Re,
- Fais un scan en ligne Kaspersky avec Internet Explorer :
- Clique sur
- Clique maintenant sur J'accepte.
- Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
- Patiente pendant l'installation des Mises à jour.
- Choisis par la suite l'analyse du Poste de travail
- Sauvegarde puis colle le rapport généré en fin d'analyse.
AIDE : Configurer le contrôle des ActiveX
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
Après on termine le travail avec Hijackthis.
Répondre à Angeldark
Re,
Voici le rapport,
C:\Program Files\Fichiers Communs\BOONTY Shared\Service moved successfully.
C:\Program Files\Fichiers Communs\BOONTY Shared moved successfully.
File/Folder C:\WINDOWS\wpablin.exe not found.
File/Folder C:\WINDOWS\system32\desrhook.exe not found.
File/Folder C:\WINDOWS\system32\dxclib303562752.dll not found.
Created on 02/08/2007 22:03:26
Bonne chance pour la suite
