Se connecter avec
S'enregistrer | Connectez-vous

"Sorry, your license has expired"...

Dernière réponse : dans Sécurité

Bonjour tt le monde, je suis victime depui quelques jours dun virus qui m'empeche dacceder a mon bureau.
Le message d'erreur s'affiche au demarrage :
"Sorry, your license has expired. You need to increase your license to continue work. Click the button below to fix this problem"
J'ai lu ds un poste precedent quil fallait faire un rapport ac hijackthis, le voici:

Logfile of HijackThis v1.99.1
Scan saved at 18:56:08, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Fichiers communs\AOL\1135854273\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\locker.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\wl.exe
c:\program files\fichiers communs\aol\1135854273\ee\aolsoftware.exe
C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HELPCTR.EXE
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
c:\windows\system32\ps2.EXE
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\CONTEN~1.EXE
C:\Documents and Settings\Propriétaire\Bureau\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\svchost.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: (no name) - {38A3D872-034F-4B79-B6FD-FAE54DA16482} - C:\WINDOWS\system32\awvvw.dll (file missing)
O2 - BHO: egmulhxk.msdn_hlp - {477840F3-BA52-44D9-8E41-38D61CAA010F} - C:\WINDOWS\system32\egmulhxk.dll (file missing)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: (no name) - {9689187B-4341-456D-91F9-F37176444BE5} - C:\WINDOWS\system32\htynnwio.dll (file missing)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {D47E6F46-5571-4BAF-B10F-42479AE52DDE} - C:\Program Files\Symantec\homeq555077.dll (file missing)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {DA517E05-A1DD-4CB8-801B-9B630F9122D2} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\superfindout.dll
O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\iifdebc.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1135854273\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_SA9.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [luaguxtp] c:\windows\system32\luaguxtp.exe luaguxtp
O4 - HKLM\..\Run: [SysSFGE.exe] C:\WINDOWS\system32\SysSFGE.exe
O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKLM\..\Run: [License] locker.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKCU\..\Run: [atomlite] C:\DOCUME~1\PROPRI~1\APPLIC~1\KNOBBA~1\WayFace.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0e\aoltray.exe
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jh...
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {0878F049-D33E-45E0-A157-C36A6683CF25} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1CD4E2DC-2DA0-4154-8723-38CB04FB6A58} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {2A3DFC59-8A87-49A1-85D1-42903410911F} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {321F38B6-7E5F-470E-B58C-927523B7AF92} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {54579C3D-A58D-4623-B5B5-465552BDA45B} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {5FD9726A-4977-449D-8352-25FDD8A510B5} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {7504F0D5-644A-4103-9D02-95488B6CB9A1} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://www.sexequalite.com/11731/NueIngrid.exe
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {8D8BAF56-B581-4B90-A549-C4AC6B03F1BB} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {98BFD494-F6AD-4794-9038-832C0654CC43} (AOL YGP UPF Ctrl) - http://photos05.aol.fr/ygp/aol/plugin/upf/YGPUPF.fr-FR....
O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/sysinetsvc32_...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O16 - DPF: {B4E0F9CB-BC06-4A33-BBB3-F75F16B6FF5E} - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/f...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab
O16 - DPF: {C2481ED1-9896-4D49-AE90-69858DFDE446} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {C6760A07-A574-4705-B113-7856315922C3} - http://akamai.downloadv3.com/binaries/IA/sysnetsvc32_FR...
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {EC4AFBF3-4540-4306-AF10-4CAC509EA16B} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {EFB23983-5803-4914-ADA3-C0EA2CFBDC37} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {FA1D6D8F-C6ED-4752-8512-A33283240130} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O17 - HKLM\System\CCS\Services\Tcpip\..\{071B7350-4211-4896-85B9-4F168E381767}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{F46DC4B4-D999-4979-8709-791ED991FBAF}: NameServer = 84.103.237.141 86.64.145.141
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\sms32zzqzz.dll
O20 - Winlogon Notify: awvvw - C:\WINDOWS\system32\awvvw.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: iifdebc - iifdebc.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Autres pages sur : sorry your license has expired

Lassé par la pub ? Créez un compte

Salut,

Tu es bien infecté !

Infection Vundo :

Fais ces manips dans l’ordre :

1/ Télécharge VundoFix.exe (d’ Atribune) :

Double-clique VundoFix.exe .
Clique sur Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Ensuite clique sur YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu auras un message comme quoi l’ordinateur va s’éteindre, fais ok

Poste le rapport qui se trouve dans C:\vundofix.txt

2/ Télécharge Combofix (de sUBs) sur ton Bureau.

Désactive toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt

3/ Poste un nouveau rapport HiJackThis (en ayant renommé HiJackthis.exe en SCANNER.EXE)

Rapport Vundofix :


VundoFix V6.7.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 20:48:07 05/01/2008

Listing files found while scanning....

C:\WINDOWS\system32\awvvw.dll
C:\WINDOWS\system32\DivX.dll
C:\WINDOWS\system32\iifdebc.dll
C:\WINDOWS\system32\wvvwa.bak1
C:\WINDOWS\system32\wvvwa.bak2
C:\WINDOWS\system32\wvvwa.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\DivX.dll
C:\WINDOWS\system32\DivX.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvvwa.bak1
C:\WINDOWS\system32\wvvwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvvwa.bak2
C:\WINDOWS\system32\wvvwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvvwa.ini
C:\WINDOWS\system32\wvvwa.ini Has been deleted!

Performing Repairs to the registry.
Done!

Rapport Combofix :



ComboFix 08-01-04.1 - Propriétaire 2008-01-06 0:40:48.2 - NTFSx86
Running from: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\nqtwa.bak1
C:\WINDOWS\system32\nqtwa.bak2

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))))))))
.

2008-01-05 22:04 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 20:48 . 2008-01-05 20:48 <REP> d-------- C:\VundoFix Backups
2008-01-05 20:26 . 2008-01-05 20:26 <REP> d-------- C:\Program Files\Avira
2008-01-05 20:26 . 2008-01-05 20:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-05 17:49 . 2008-01-05 17:49 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-01-05 17:49 . 2008-01-05 17:49 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-01-05 17:49 . 2008-01-05 17:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-01-05 17:49 . 2008-01-05 17:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-01-05 17:49 . 2008-01-05 17:49 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-01-05 17:49 . 2008-01-05 17:49 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-01-05 17:49 . 2008-01-05 17:49 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-01-05 17:49 . 2008-01-05 17:49 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-01-05 17:49 . 2008-01-05 17:49 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SampleView
2008-01-05 17:34 . 2008-01-05 17:34 827,392 --a------ C:\WINDOWS\system32\FLASH.OCX
2008-01-05 13:36 . 2006-10-27 15:09 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-01-05 12:50 . 2008-01-05 17:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-01-05 12:50 . 2008-01-05 17:49 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-01-05 12:50 . 2004-01-01 11:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sonic
2008-01-05 11:20 . 2008-01-05 17:49 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\IEPro
2008-01-05 11:20 . 2008-01-05 17:49 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\IEPro
2008-01-04 19:12 . 2008-01-04 19:12 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-01-04 13:21 . 2008-01-04 13:21 474 --a------ C:\WINDOWS\otstuk.tmp
2008-01-04 13:20 . 2008-01-04 13:20 2 --a------ C:\WINDOWS\uid.tmp
2007-12-31 20:25 . 2007-12-31 20:25 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-12-31 20:25 . 2007-12-31 20:25 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-12-31 20:23 . 2006-09-22 10:17 40 --a------ C:\WINDOWS\RUNAWAY2.INI
2007-12-31 20:15 . 2007-12-31 20:15 <REP> d-------- C:\Program Files\PENDULO Studios
2007-12-28 21:57 . 2007-12-28 21:58 <REP> d-------- C:\WINDOWS\system32\NtmsData
2007-12-28 21:42 . 2007-12-28 21:42 98 --a------ C:\WINDOWS\system32\winsms.dll
2007-12-27 21:53 . 2007-12-27 21:53 <REP> d-------- C:\Program Files\Alwil Software
2007-12-27 21:41 . 2007-12-27 21:41 <REP> d-------- C:\Program Files\Lavasoft
2007-12-27 21:41 . 2007-12-27 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-27 21:39 . 2007-12-27 21:39 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-27 10:46 . 2007-12-27 10:46 49,664 --a------ C:\WINDOWS\system32\SysSFGE.exe
2007-12-27 00:02 . 2007-12-27 00:02 4 --a------ C:\WINDOWS\system32\jpewocmz.ini
2007-12-27 00:01 . 2007-12-27 00:01 58,368 --a------ C:\tsqfy.exe
2007-12-27 00:01 . 2007-12-27 00:02 2 --a------ C:\-326732977
2007-12-27 00:00 . 2007-12-27 00:00 <REP> d-------- C:\WINDOWS\system32\ardCo17
2007-12-27 00:00 . 2007-12-27 00:00 <REP> d-------- C:\temp\cEeer12
2007-12-19 20:02 . 2007-12-19 20:02 283,648 --a------ C:\WINDOWS\system32\luaguxtp.exe~
2007-12-19 15:52 . 2007-12-19 15:52 221,184 --a------ C:\WINDOWS\locker.exe
2007-12-19 15:19 . 2007-12-19 15:19 38,400 --a------ C:\WINDOWS\wl.exe
2007-12-19 15:13 . 2007-12-19 15:13 73,216 --a------ C:\WINDOWS\WinLockDll.dll
2007-12-13 20:14 . 2007-12-13 20:14 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-12-12 00:01 . 2007-12-12 00:01 118 --a------ C:\WINDOWS\otstuk.bat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 16:57 --------- d-----w C:\Program Files\AOL 8.0e
2008-01-05 16:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-28 20:58 --------- d-----w C:\Program Files\HP
2007-12-27 23:08 --------- d-----w C:\Program Files\AOL 9.0
2007-12-27 21:35 --------- d-----w C:\Program Files\Symantec
2007-12-27 21:03 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Knob Balm 2
2007-12-27 21:03 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Knob Balm 2
2007-12-27 21:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\build ping dead more
2007-12-25 07:10 --------- d-----w C:\Program Files\eMule
2007-11-25 10:25 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\EPSON
2007-11-25 10:25 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\EPSON
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-05 04:34 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2006-11-09 18:52 4,437,401 ----a-w C:\Program Files\eMule-NG-0[1].47c-Installer.rar
2006-10-09 20:07 81,920 ----a-w C:\Documents and Settings\Propriétaire\Application Data\ezpinst.exe
2006-10-09 20:07 81,920 ----a-w C:\Documents and Settings\Propriétaire\Application Data\ezpinst.exe
2006-10-09 20:07 47,360 ----a-w C:\Documents and Settings\Propriétaire\Application Data\pcouffin.sys
2006-10-09 20:07 47,360 ----a-w C:\Documents and Settings\Propriétaire\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38A3D872-034F-4B79-B6FD-FAE54DA16482}]
C:\WINDOWS\system32\awvvw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{477840F3-BA52-44D9-8E41-38D61CAA010F}]
C:\WINDOWS\system32\egmulhxk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9689187B-4341-456D-91F9-F37176444BE5}]
C:\WINDOWS\system32\htynnwio.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D47E6F46-5571-4BAF-B10F-42479AE52DDE}]
C:\Program Files\Symantec\homeq555077.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"atomlite"="C:\DOCUME~1\PROPRI~1\APPLIC~1\KNOBBA~1\WayFace.exe" [ ]
"Acme.PCHButton"="C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe" [2004-01-01 11:42 159744]
"WINSOS VERIFY"="C:\Program Files\WINSOS\WINSOS.exe" [ ]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 10:14 57344]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [ ]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04 52736]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 03:23 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 03:16 483328]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 08:01 110592]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2003-11-03 16:50 221184]
"VTTimer"="VTTimer.exe" []
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 20:10 335872]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 20:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-02-12 09:20 98304]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [ ]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-07-27 00:42 180269]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 10:38 866816]
"AOLSAV"="C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" [2004-11-10 16:18 80384]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 11:01 70952]
"YeppStudioAgent"="C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [ ]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1135854273\ee\AOLSoftware.exe" [2006-11-17 14:16 50736]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [ ]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-30 00:54 269104]
"VX1000"="C:\WINDOWS\vVX1000.exe" [2006-06-30 00:42 707376]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-07-19 10:06 40960]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [ ]
"SysSFGE.exe"="C:\WINDOWS\system32\SysSFGE.exe" [2007-12-27 10:46 49664]
"License"="locker.exe" [2007-12-19 15:52 221184 C:\WINDOWS\locker.exe]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 12:02 61440]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2004-08-14 19:02:30]
AOL 8.0 Ic“ne AOL.lnk - C:\Program Files\AOL 8.0e\aoltray.exe [2006-07-02 14:44:37]
D‚marrage d'Office.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-11-19]
Microsoft Recherche acc‚l‚r‚e.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-11-19]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvw]
C:\WINDOWS\system32\awvvw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdebc]
iifdebc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\sms32zzqzz.dll

R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamSvc.exe" [2006-06-30 00:54]
R3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-12-08 10:53]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]
S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-06-30 00:42]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2005-03-13 18:31:40 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 00:54:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-06 1:00:15
ComboFix-quarantined-files.txt 2008-01-06 00:00:12
ComboFix2.txt 2008-01-05 21:40:07
.
2007-12-21 21:31:57 --- E O F ---

rapport Hijackthis :



Logfile of HijackThis v1.99.1
Scan saved at 01:04:11, on 06/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Fichiers communs\AOL\1135854273\ee\AOLSoftware.exe
C:\WINDOWS\vVX1000.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
c:\program files\fichiers communs\aol\1135854273\ee\aolsoftware.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Documents and Settings\Propriétaire\Bureau\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: (no name) - {38A3D872-034F-4B79-B6FD-FAE54DA16482} - C:\WINDOWS\system32\awvvw.dll (file missing)
O2 - BHO: egmulhxk.msdn_hlp - {477840F3-BA52-44D9-8E41-38D61CAA010F} - C:\WINDOWS\system32\egmulhxk.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: (no name) - {9689187B-4341-456D-91F9-F37176444BE5} - C:\WINDOWS\system32\htynnwio.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
O2 - BHO: (no name) - {D47E6F46-5571-4BAF-B10F-42479AE52DDE} - C:\Program Files\Symantec\homeq555077.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1135854273\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [SysSFGE.exe] C:\WINDOWS\system32\SysSFGE.exe
O4 - HKLM\..\Run: [License] locker.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [atomlite] C:\DOCUME~1\PROPRI~1\APPLIC~1\KNOBBA~1\WayFace.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0e\aoltray.exe
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jh...
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://www.sexequalite.com/11731/NueIngrid.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {98BFD494-F6AD-4794-9038-832C0654CC43} (AOL YGP UPF Ctrl) - http://photos05.aol.fr/ygp/aol/plugin/upf/YGPUPF.fr-FR....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O16 - DPF: {B4E0F9CB-BC06-4A33-BBB3-F75F16B6FF5E} - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/f...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\..\{071B7350-4211-4896-85B9-4F168E381767}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{F46DC4B4-D999-4979-8709-791ED991FBAF}: NameServer = 86.64.145.143 84.103.237.143
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\sms32zzqzz.dll
O20 - Winlogon Notify: awvvw - C:\WINDOWS\system32\awvvw.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: iifdebc - iifdebc.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Re,

Avant de continuer, fais ceci :

Télécharge SDFix (d’Andy Manchesta)

Enregistre le sur ton le bureau.

Lance le.
Fais install afin qu’il puisse s’extraire.

Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Lance SDFix.
Double clique sur RunThis.bat . (L’extension bat peut ne pas apparaître)
Appuie sur Y pour le lancer.

Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
Il est probable que le redémarrage soit un peu plus long que d’habitude.
Une fois l’apparition de ton Bureau, il affichera Finished

Appuie sur une touche.

Un rapport est généré , poste le dans ta réponse.
Il se trouve également. dans le dossier SDFix >Report.txt<


SDFix: Version 1.124

Run by Propriétaire on 06/01/2008 at 01:33

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


C:\WINDOWS\system32\Microsoft\backup.ftp Found
C:\WINDOWS\system32\Microsoft\backup.tftp Found

Checking files:

Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe

Dummy:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\TSQFY.EXE - Deleted
C:\-32673~1 - Deleted
C:\PROGRA~1\OUTLOO~1\PROHDY~1.HTM - Deleted
C:\PROGRA~1\OUTLOO~1\LAXUKIB - Deleted
C:\WINDOWS\photo album.zip - Deleted
C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted
C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 01:51:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000029
"TracesSuccessful"=dword:00000002

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 5


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Thu 8 Jul 2004 196 A.SHR --- "C:\BOOT.BAK"
Wed 23 Apr 2003 49,221 A..H. --- "C:\Program Files\AOL 8.0\aolphx.exe"
Wed 23 Apr 2003 36,937 A..H. --- "C:\Program Files\AOL 8.0\aoltray.exe"
Wed 23 Apr 2003 40,960 A..H. --- "C:\Program Files\AOL 8.0\RBM.exe"
Wed 23 Apr 2003 237,633 A..H. --- "C:\Program Files\AOL 8.0\waol.exe"
Wed 23 Apr 2003 49,221 A..H. --- "C:\Program Files\AOL 8.0a\aolphx.exe"
Wed 23 Apr 2003 36,937 A..H. --- "C:\Program Files\AOL 8.0a\aoltray.exe"
Wed 23 Apr 2003 40,960 A..H. --- "C:\Program Files\AOL 8.0a\RBM.exe"
Wed 23 Apr 2003 237,633 A..H. --- "C:\Program Files\AOL 8.0a\waol.exe"
Wed 23 Apr 2003 49,221 A..H. --- "C:\Program Files\AOL 8.0b\aolphx.exe"
Wed 23 Apr 2003 36,937 A..H. --- "C:\Program Files\AOL 8.0b\aoltray.exe"
Wed 23 Apr 2003 40,960 A..H. --- "C:\Program Files\AOL 8.0b\RBM.exe"
Wed 23 Apr 2003 237,633 A..H. --- "C:\Program Files\AOL 8.0b\waol.exe"
Wed 23 Apr 2003 49,221 A..H. --- "C:\Program Files\AOL 8.0c\aolphx.exe"
Wed 23 Apr 2003 36,937 A..H. --- "C:\Program Files\AOL 8.0c\aoltray.exe"
Wed 23 Apr 2003 40,960 A..H. --- "C:\Program Files\AOL 8.0c\RBM.exe"
Wed 23 Apr 2003 237,633 A..H. --- "C:\Program Files\AOL 8.0c\waol.exe"
Wed 23 Apr 2003 49,221 A..H. --- "C:\Program Files\AOL 8.0d\aolphx.exe"
Wed 23 Apr 2003 36,937 A..H. --- "C:\Program Files\AOL 8.0d\aoltray.exe"
Wed 23 Apr 2003 40,960 A..H. --- "C:\Program Files\AOL 8.0d\RBM.exe"
Wed 23 Apr 2003 237,633 A..H. --- "C:\Program Files\AOL 8.0d\waol.exe"
Wed 23 Apr 2003 49,221 A..H. --- "C:\Program Files\AOL 8.0e\aolphx.exe"
Wed 23 Apr 2003 36,937 A..H. --- "C:\Program Files\AOL 8.0e\aoltray.exe"
Wed 23 Apr 2003 40,960 A..H. --- "C:\Program Files\AOL 8.0e\RBM.exe"
Wed 23 Apr 2003 237,633 A..H. --- "C:\Program Files\AOL 8.0e\waol.exe"
Mon 10 May 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Mon 10 May 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Mon 10 May 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Sat 31 Aug 2002 1,821 A..H. --- "C:\WINDOWS\system32\msisl$.dll"
Thu 16 Sep 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 4 Apr 2007 0 ...H. --- "C:\Documents and Settings\Propri‚taire\Bureau\~WRL0003.tmp"
Wed 23 Apr 2003 49,223 A..H. --- "C:\Program Files\AOL 8.0\COMIT\cswitch.exe"
Wed 23 Apr 2003 49,223 A..H. --- "C:\Program Files\AOL 8.0a\COMIT\cswitch.exe"
Wed 23 Apr 2003 49,223 A..H. --- "C:\Program Files\AOL 8.0b\COMIT\cswitch.exe"
Wed 23 Apr 2003 49,223 A..H. --- "C:\Program Files\AOL 8.0c\COMIT\cswitch.exe"
Wed 23 Apr 2003 49,223 A..H. --- "C:\Program Files\AOL 8.0d\COMIT\cswitch.exe"
Wed 23 Apr 2003 49,223 A..H. --- "C:\Program Files\AOL 8.0e\COMIT\cswitch.exe"
Thu 10 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sun 8 Feb 2004 5,294,080 A..H. --- "C:\hp\patches\42WW1REC\src\App00153.exe"
Sun 8 Feb 2004 452,096 A..H. --- "C:\hp\patches\42WW1REC\src\App00292.exe"
Sun 8 Feb 2004 444,416 A..H. --- "C:\hp\patches\42WW1REC\src\App00491.exe"
Sun 8 Feb 2004 1,838,592 A..H. --- "C:\hp\patches\42WW1REC\src\App02995.exe"
Sun 8 Feb 2004 492,544 A..H. --- "C:\hp\patches\42WW1REC\src\App04827.exe"
Sun 8 Feb 2004 1,401,856 A..H. --- "C:\hp\patches\42WW1REC\src\App05447.exe"
Sun 8 Feb 2004 440,320 A..H. --- "C:\hp\patches\42WW1REC\src\App05705.exe"
Sun 8 Feb 2004 462,848 A..H. --- "C:\hp\patches\42WW1REC\src\App09961.exe"
Sun 8 Feb 2004 15,596,032 A..H. --- "C:\hp\patches\42WW1REC\src\App14604.exe"
Sun 8 Feb 2004 5,256,704 A..H. --- "C:\hp\patches\42WW1REC\src\App16827.exe"
Sun 8 Feb 2004 3,668,992 A..H. --- "C:\hp\patches\42WW1REC\src\App17421.exe"
Wed 11 Feb 2004 696,832 A..H. --- "C:\hp\patches\42WW1REC\src\App18716.exe"
Sun 8 Feb 2004 423,936 A..H. --- "C:\hp\patches\42WW1REC\src\App19169.exe"
Sun 8 Feb 2004 1,157,632 A..H. --- "C:\hp\patches\42WW1REC\src\App19718.exe"
Wed 11 Feb 2004 995,328 A..H. --- "C:\hp\patches\42WW1REC\src\App19895.exe"
Sun 8 Feb 2004 453,632 A..H. --- "C:\hp\patches\42WW1REC\src\App23281.exe"
Sun 8 Feb 2004 453,632 A..H. --- "C:\hp\patches\42WW1REC\src\App24464.exe"
Sun 8 Feb 2004 2,251,776 A..H. --- "C:\hp\patches\42WW1REC\src\App26962.exe"
Sun 8 Feb 2004 481,792 A..H. --- "C:\hp\patches\42WW1REC\src\App29358.exe"
Sun 8 Feb 2004 12,426,752 A..H. --- "C:\hp\patches\42WW1REC\src\App32391.exe"
Sun 8 Feb 2004 12,426,752 A..H. --- "C:\hp\patches\42WW1REC\src\App99990.exe"
Sun 8 Feb 2004 15,596,032 A..H. --- "C:\hp\patches\42WW1REC\src\App99992.exe"
Sun 8 Feb 2004 5,256,704 A..H. --- "C:\hp\patches\42WW1REC\src\App99993.exe"
Sun 8 Feb 2004 5,256,704 A..H. --- "C:\hp\patches\42WW1REC\src\xApp14604.exe"
Thu 18 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\388e66e644283db0233c4a98f2fd08a0\BIT1A.tmp"
Fri 4 Oct 2002 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"
Mon 12 Nov 2007 21,978,112 ...H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ecole\P‚riode Formation Entreprise\Atelier de la couleur\~WRL2880.tmp"
Mon 10 Sep 2007 29,696 ...H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ecole\P‚riode Formation Entreprise\Contre-Jour\~WRL0173.tmp"

Finished!

Re,

Télécharge MsnFix (de !aur3n7) sur ton Bureau. (>>Tuto<<)
Dézippe-le sur ton bureau.

Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat. (L’extension bat peut ne pas apparaître)
- Exécute l'option R.
- Si l'infection est détectée, presse une touche pour lancer le nettoyage. (N)

Si tu dois redémarrer l’ordinateur fais le manuellement.

Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log

Note : Si tu obtiens un fichier zip d’upload sur ton bureau, fais ceci

MSNFix 1.618

C:\Documents and Settings\Propriétaire\Bureau\MSNFix\MSNFix
Fix exécuté le 06/01/2008 - 11:03:05,04 By Propriétaire
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\nsreg.dat

************************ MSNCHK ***** /!\ beta test /!\



************************ Recherche les dossiers présents

... C:\Temp\
... C:\WINDOWS\system32\updatelinkmsn\




************************ Suppression des fichiers

.. OK ... C:\WINDOWS\nsreg.dat


************************ Suppression des dossiers

.. OK ... C:\Temp\
.. OK ... C:\WINDOWS\system32\updatelinkmsn\


************************ Nettoyage du registre



************************ Fichiers suspects

Aucun Fichier trouvé


Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 06012008_11084885.zip

==> SVP merci d'envoyer le fichier 06012008_11084885.zip sur http://upload.changelog.fr


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

ComboFix 08-01-04.1 - Propriétaire 2008-01-11 15:49:26.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.52 [GMT 1:00]
Running from: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-11 to 2008-01-11 ))))))))))))))))))))))))))))))))))))
.

2008-01-06 01:30 . 2008-01-06 01:30 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-05 22:04 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 20:48 . 2008-01-05 20:48 <REP> d-------- C:\VundoFix Backups
2008-01-05 20:26 . 2008-01-05 20:26 <REP> d-------- C:\Program Files\Avira
2008-01-05 20:26 . 2008-01-05 20:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-05 17:49 . 2008-01-05 17:49 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-01-05 17:49 . 2008-01-05 17:49 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-01-05 17:49 . 2008-01-05 17:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-01-05 17:49 . 2008-01-05 17:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-01-05 17:49 . 2008-01-05 17:49 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-01-05 17:49 . 2008-01-05 17:49 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-01-05 17:49 . 2008-01-05 17:49 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-01-05 17:49 . 2008-01-05 17:49 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-01-05 17:49 . 2008-01-05 17:49 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SampleView
2008-01-05 17:34 . 2008-01-05 17:34 827,392 --a------ C:\WINDOWS\system32\FLASH.OCX
2008-01-05 13:36 . 2006-10-27 15:09 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-01-05 12:50 . 2008-01-05 17:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-01-05 12:50 . 2008-01-05 17:49 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-01-05 12:50 . 2004-01-01 11:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sonic
2008-01-05 11:20 . 2008-01-05 17:49 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\IEPro
2008-01-05 11:20 . 2008-01-05 17:49 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\IEPro
2008-01-04 19:12 . 2008-01-04 19:12 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-01-04 13:21 . 2008-01-04 13:21 474 --a------ C:\WINDOWS\otstuk.tmp
2008-01-04 13:20 . 2008-01-04 13:20 2 --a------ C:\WINDOWS\uid.tmp
2007-12-31 20:25 . 2007-12-31 20:25 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-12-31 20:25 . 2007-12-31 20:25 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-12-31 20:23 . 2006-09-22 10:17 40 --a------ C:\WINDOWS\RUNAWAY2.INI
2007-12-31 20:15 . 2007-12-31 20:15 <REP> d-------- C:\Program Files\PENDULO Studios
2007-12-28 21:57 . 2007-12-28 21:58 <REP> d-------- C:\WINDOWS\system32\NtmsData
2007-12-28 21:42 . 2007-12-28 21:42 98 --a------ C:\WINDOWS\system32\winsms.dll
2007-12-27 21:53 . 2007-12-27 21:53 <REP> d-------- C:\Program Files\Alwil Software
2007-12-27 21:41 . 2007-12-27 21:41 <REP> d-------- C:\Program Files\Lavasoft
2007-12-27 21:41 . 2007-12-27 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-27 21:39 . 2007-12-27 21:39 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-27 10:46 . 2007-12-27 10:46 49,664 --a------ C:\WINDOWS\system32\SysSFGE.exe
2007-12-27 00:02 . 2007-12-27 00:02 4 --a------ C:\WINDOWS\system32\jpewocmz.ini
2007-12-27 00:00 . 2007-12-27 00:00 <REP> d-------- C:\WINDOWS\system32\ardCo17
2007-12-19 20:02 . 2007-12-19 20:02 283,648 --a------ C:\WINDOWS\system32\luaguxtp.exe~
2007-12-19 15:19 . 2007-12-19 15:19 38,400 --a------ C:\WINDOWS\wl.exe
2007-12-19 15:13 . 2007-12-19 15:13 73,216 --a------ C:\WINDOWS\WinLockDll.dll
2007-12-13 20:14 . 2007-12-13 20:14 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-12-12 00:01 . 2007-12-12 00:01 118 --a------ C:\WINDOWS\otstuk.bat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 16:57 --------- d-----w C:\Program Files\AOL 8.0e
2008-01-05 16:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-28 20:58 --------- d-----w C:\Program Files\HP
2007-12-27 23:08 --------- d-----w C:\Program Files\AOL 9.0
2007-12-27 21:35 --------- d-----w C:\Program Files\Symantec
2007-12-27 21:03 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Knob Balm 2
2007-12-27 21:03 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Knob Balm 2
2007-12-27 21:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\build ping dead more
2007-12-26 23:01 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2007-12-26 23:01 14,336 ----a-w C:\WINDOWS\system32\svchost(3).exe
2007-12-26 23:01 14,336 ----a-w C:\WINDOWS\system32\svchost(2).exe
2007-12-25 07:10 --------- d-----w C:\Program Files\eMule
2007-11-25 10:25 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\EPSON
2007-11-25 10:25 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\EPSON
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2006-11-09 18:52 4,437,401 ----a-w C:\Program Files\eMule-NG-0[1].47c-Installer.rar
2006-10-09 20:07 81,920 ----a-w C:\Documents and Settings\Propriétaire\Application Data\ezpinst.exe
2006-10-09 20:07 81,920 ----a-w C:\Documents and Settings\Propriétaire\Application Data\ezpinst.exe
2006-10-09 20:07 47,360 ----a-w C:\Documents and Settings\Propriétaire\Application Data\pcouffin.sys
2006-10-09 20:07 47,360 ----a-w C:\Documents and Settings\Propriétaire\Application Data\pcouffin.sys
2006-04-09 09:42 8,926 ----a-w C:\WINDOWS\Cursors\curseurs_agedeglace2.zip
.

((((((((((((((((((((((((((((( snapshot@2008-01-05_22.39.35.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2007-11-07 09:50:06 733,696 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
+ 2008-01-05 05:57:26 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-01-06 00:30:28 11,296,768 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-01-06 00:30:29 12,288 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-01-05 05:57:26 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-01-06 00:30:14 11,296,768 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-01-06 00:30:14 12,288 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2006-08-17 12:29:49 728,576 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:28:31 728,576 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
- 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2007-09-07 11:05:19 62,016 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2008-01-07 20:03:47 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
- 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38A3D872-034F-4B79-B6FD-FAE54DA16482}]
C:\WINDOWS\system32\awvvw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{477840F3-BA52-44D9-8E41-38D61CAA010F}]
C:\WINDOWS\system32\egmulhxk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9689187B-4341-456D-91F9-F37176444BE5}]
C:\WINDOWS\system32\htynnwio.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D47E6F46-5571-4BAF-B10F-42479AE52DDE}]
C:\Program Files\Symantec\homeq555077.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"atomlite"="C:\DOCUME~1\PROPRI~1\APPLIC~1\KNOBBA~1\WayFace.exe" [ ]
"Acme.PCHButton"="C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe" [2004-01-01 11:42 159744]
"WINSOS VERIFY"="C:\Program Files\WINSOS\WINSOS.exe" [ ]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 10:14 57344]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [ ]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04 52736]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 03:23 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 03:16 483328]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 08:01 110592]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2003-11-03 16:50 221184]
"VTTimer"="VTTimer.exe" []
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 20:10 335872]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 20:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-02-12 09:20 98304]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [ ]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-07-27 00:42 180269]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 10:38 866816]
"AOLSAV"="C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" [2004-11-10 16:18 80384]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 11:01 70952]
"YeppStudioAgent"="C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [ ]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1135854273\ee\AOLSoftware.exe" [2006-11-17 14:16 50736]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [ ]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-30 00:54 269104]
"VX1000"="C:\WINDOWS\vVX1000.exe" [2006-06-30 00:42 707376]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-07-19 10:06 40960]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [ ]
"SysSFGE.exe"="C:\WINDOWS\system32\SysSFGE.exe" [2007-12-27 10:46 49664]
"License"="locker.exe" []
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 12:02 61440]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-07 21:03 249896]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2004-08-14 19:02:30]
AOL 8.0 Ic“ne AOL.lnk - C:\Program Files\AOL 8.0e\aoltray.exe [2006-07-02 14:44:37]
D‚marrage d'Office.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-11-19]
Microsoft Recherche acc‚l‚r‚e.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-11-19]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvw]
C:\WINDOWS\system32\awvvw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdebc]
iifdebc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\sms32zzqzz.dll

R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamSvc.exe" [2006-06-30 00:54]
R3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-12-08 10:53]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]
S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-06-30 00:42]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2005-03-13 18:31:40 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 15:56:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-11 16:00:16
ComboFix-quarantined-files.txt 2008-01-11 15:00:12
ComboFix2.txt 2008-01-06 00:00:16
ComboFix3.txt 2008-01-05 21:40:07
.
2008-01-08 23:13:08 --- E O F ---

Voici le Hijackthis ;) 



Logfile of HijackThis v1.99.1
Scan saved at 16:10:03, on 11/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Fichiers communs\AOL\1135854273\ee\AOLSoftware.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\program files\fichiers communs\aol\1135854273\ee\aolsoftware.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Documents and Settings\Propriétaire\Bureau\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: (no name) - {38A3D872-034F-4B79-B6FD-FAE54DA16482} - C:\WINDOWS\system32\awvvw.dll (file missing)
O2 - BHO: egmulhxk.msdn_hlp - {477840F3-BA52-44D9-8E41-38D61CAA010F} - C:\WINDOWS\system32\egmulhxk.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: (no name) - {9689187B-4341-456D-91F9-F37176444BE5} - C:\WINDOWS\system32\htynnwio.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
O2 - BHO: (no name) - {D47E6F46-5571-4BAF-B10F-42479AE52DDE} - C:\Program Files\Symantec\homeq555077.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1135854273\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [SysSFGE.exe] C:\WINDOWS\system32\SysSFGE.exe
O4 - HKLM\..\Run: [License] locker.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [atomlite] C:\DOCUME~1\PROPRI~1\APPLIC~1\KNOBBA~1\WayFace.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0e\aoltray.exe
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jh...
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://www.sexequalite.com/11731/NueIngrid.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {98BFD494-F6AD-4794-9038-832C0654CC43} (AOL YGP UPF Ctrl) - http://photos05.aol.fr/ygp/aol/plugin/upf/YGPUPF.fr-FR....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O16 - DPF: {B4E0F9CB-BC06-4A33-BBB3-F75F16B6FF5E} - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/f...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\..\{B71E8247-98F3-42FF-958A-F3EC6163D147}: NameServer = 84.103.237.144 86.64.145.144
O17 - HKLM\System\CCS\Services\Tcpip\..\{F39C43A1-BF26-4FCB-89B1-ED1DB82AC4B0}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\sms32zzqzz.dll
O20 - Winlogon Notify: awvvw - C:\WINDOWS\system32\awvvw.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: iifdebc - iifdebc.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Apparemment, d'autres infections ....

Repasse SDFIX, puis :

Télécharge Navilog (de Il-Mafioso)

Enregistre-le sur ton Bureau.
Installe-le en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
! N'utilise pas l'option 2,3 et 4 sans notre accord !
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste le rapport ici.

Le rapport se trouve ici :C:\fixnavi.txt


Télécharge Lop S&D.exe ( d’ Eric 71 & Angeldark ) sur ton bureau

  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
  • Séléctionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré ( C:\lopR.txt )

    ( Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )

    Search Navipromo version 3.4.0 commencé le 13/01/2008 à 19:07:56,00

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Mise à jour le 09.01.2008 à 20h00 par IL-MAFIOSO


    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.11
    Système de fichiers : NTFS

    Executé en mode normal

    *** Recherche Programmes installés ***




    *** Recherche dossiers dans C:\WINDOWS ***



    *** Recherche dossiers dans C:\Program Files ***



    *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




    *** Recherche dossiers dans "C:\Documents and Settings\Propriétaire\application data" ***



    *** Recherche dossiers dans "C:\Documents and Settings\Propriétaire\MENUDM~1\PROGRA~1" ***


    *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Aucun Fichier trouvé



    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans C:\WINDOWS\system32 *

    Fichiers trouvés :

    luaguxtp..exe trouvé !

    * Recherche dans "C:\Documents and Settings\Propriétaire\local settings\application data" *



    *** Recherche fichiers ***


    C:\WINDOWS\Downloaded Program Files\IaLdr32.inf trouvé !


    *** Recherche clés spécifiques dans le Registre ***


    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :


    2)Recherche Heuristique :

    * Dans C:\WINDOWS\system32 :


    * Dans "C:\Documents and Settings\Propriétaire\local settings\application data" :


    3)Recherche Certificats :

    Certificat Egroup absent !

    4)Recherche fichiers connus :



    *** Analyse terminée le 13/01/2008 à 19:17:29,65 ***


    -----------------------------[ Lop S&D 2.0.1 ]---------------------------

    Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]

    "C:\Program Files\Lop SD"

    [ 13/01/2008 | 19:23:01,89 ] [ GREGORY ]


    -------------[ Listing des dossiers dans Application Data ]------------

    C:\Documents and Settings\Administrateur\APPLIC~1\Microsoft
    C:\Documents and Settings\Administrateur\APPLIC~1\Identities
    C:\Documents and Settings\Administrateur\APPLIC~1\SampleView
    C:\Documents and Settings\Administrateur\APPLIC~1\Sun
    C:\Documents and Settings\Administrateur\APPLIC~1\Symantec
    C:\Documents and Settings\Administrateur\APPLIC~1\Sonic
    C:\Documents and Settings\Administrateur\APPLIC~1\desktop.ini

    C:\Documents and Settings\All Users\APPLIC~1\addr_file.html
    C:\Documents and Settings\All Users\APPLIC~1\Avira
    C:\Documents and Settings\All Users\APPLIC~1\hpzinstall.log
    C:\Documents and Settings\All Users\APPLIC~1\build ping dead more
    C:\Documents and Settings\All Users\APPLIC~1\Lavasoft
    C:\Documents and Settings\All Users\APPLIC~1\Adobe
    C:\Documents and Settings\All Users\APPLIC~1\AOL
    C:\Documents and Settings\All Users\APPLIC~1\JollyBear
    C:\Documents and Settings\All Users\APPLIC~1\Zylom
    C:\Documents and Settings\All Users\APPLIC~1\WinZip
    C:\Documents and Settings\All Users\APPLIC~1\Microsoft
    C:\Documents and Settings\All Users\APPLIC~1\Yahoo! Companion
    C:\Documents and Settings\All Users\APPLIC~1\UDL
    C:\Documents and Settings\All Users\APPLIC~1\Symantec
    C:\Documents and Settings\All Users\APPLIC~1\Droppix
    C:\Documents and Settings\All Users\APPLIC~1\Windows Genuine Advantage
    C:\Documents and Settings\All Users\APPLIC~1\Viewpoint
    C:\Documents and Settings\All Users\APPLIC~1\QuickTime
    C:\Documents and Settings\All Users\APPLIC~1\MSN6
    C:\Documents and Settings\All Users\APPLIC~1\Motive
    C:\Documents and Settings\All Users\APPLIC~1\InterVideo
    C:\Documents and Settings\All Users\APPLIC~1\SBSI
    C:\Documents and Settings\All Users\APPLIC~1\desktop.ini

    C:\Documents and Settings\Default User\APPLIC~1\SampleView
    C:\Documents and Settings\Default User\APPLIC~1\Sonic
    C:\Documents and Settings\Default User\APPLIC~1\Sun
    C:\Documents and Settings\Default User\APPLIC~1\Microsoft
    C:\Documents and Settings\Default User\APPLIC~1\Identities
    C:\Documents and Settings\Default User\APPLIC~1\desktop.ini
    C:\Documents and Settings\Default User\APPLIC~1\Symantec

    C:\Documents and Settings\LocalService\APPLIC~1\Microsoft

    C:\Documents and Settings\NetworkService\APPLIC~1\Microsoft

    C:\Documents and Settings\Propri‚taire\APPLIC~1\IEPro
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Knob Balm 2
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Adobe
    C:\Documents and Settings\Propri‚taire\APPLIC~1\EPSON
    C:\Documents and Settings\Propri‚taire\APPLIC~1\OLYMPUS
    C:\Documents and Settings\Propri‚taire\APPLIC~1\.akvis_coloriage.settings
    C:\Documents and Settings\Propri‚taire\APPLIC~1\vlc
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Microsoft
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Identities
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Zylom
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Lavasoft
    C:\Documents and Settings\Propri‚taire\APPLIC~1\update.log
    C:\Documents and Settings\Propri‚taire\APPLIC~1\WinPatrol
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Vso
    C:\Documents and Settings\Propri‚taire\APPLIC~1\pcouffin.log
    C:\Documents and Settings\Propri‚taire\APPLIC~1\ezpinst.exe
    C:\Documents and Settings\Propri‚taire\APPLIC~1\pcouffin.cat
    C:\Documents and Settings\Propri‚taire\APPLIC~1\pcouffin.sys
    C:\Documents and Settings\Propri‚taire\APPLIC~1\pcouffin.inf
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Droppix
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Ahead
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Azureus
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Motive
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Macromedia
    C:\Documents and Settings\Propri‚taire\APPLIC~1\AOL
    C:\Documents and Settings\Propri‚taire\APPLIC~1\You've Got Pictures Screensaver
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Real
    C:\Documents and Settings\Propri‚taire\APPLIC~1\MSN6
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Watchtower
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Creative
    C:\Documents and Settings\Propri‚taire\APPLIC~1\openace
    C:\Documents and Settings\Propri‚taire\APPLIC~1\InterVideo
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Sonic
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Leadertech
    C:\Documents and Settings\Propri‚taire\APPLIC~1\AdobeUM
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Help
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Kazaa Lite
    C:\Documents and Settings\Propri‚taire\APPLIC~1\SampleView
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Sun
    C:\Documents and Settings\Propri‚taire\APPLIC~1\desktop.ini
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Symantec


    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [21/09/2003 09:45][-rah-----]C:\WINDOWS\tasks\desktop.ini
    [13/01/2008 10:38][--ah-----]C:\WINDOWS\tasks\SA.DAT
    [13/03/2005 19:31][--a------]C:\WINDOWS\tasks\Symantec NetDetect.job

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    C:\Program Files\ABBYY FineReader 6.0 Sprint
    C:\Program Files\Adobe
    C:\Program Files\Alwil Software
    C:\Program Files\AOL
    C:\Program Files\AOL 8.0
    C:\Program Files\AOL 8.0a
    C:\Program Files\AOL 8.0b
    C:\Program Files\AOL 8.0c
    C:\Program Files\AOL 8.0d
    C:\Program Files\AOL 8.0e
    C:\Program Files\AOL 9.0
    C:\Program Files\AOL Compagnon
    C:\Program Files\ATI Technologies
    C:\Program Files\Avira
    C:\Program Files\BeWAN ADSL V1.7.0.5
    C:\Program Files\BillP Studios
    C:\Program Files\Common Files
    C:\Program Files\DiMAGE Viewer
    C:\Program Files\DivX
    C:\Program Files\EA GAMES
    C:\Program Files\EA SPORTS
    C:\Program Files\Easy Internet signup
    C:\Program Files\eChanblard
    C:\Program Files\eMule
    C:\Program Files\eMule-NG-0[1].47c-Installer.rar
    C:\Program Files\epson
    C:\Program Files\Fichiers communs
    C:\Program Files\HP
    C:\Program Files\Internet Explorer
    C:\Program Files\InterVideo
    C:\Program Files\Java
    C:\Program Files\Lavasoft
    C:\Program Files\Logitech
    C:\Program Files\Lop SD
    C:\Program Files\Macrogaming
    C:\Program Files\Microsoft CAPICOM 2.1.0.2
    C:\Program Files\microsoft frontpage
    C:\Program Files\Microsoft LifeCam
    C:\Program Files\Microsoft Office
    C:\Program Files\Movie Maker
    C:\Program Files\MSN Gaming Zone
    C:\Program Files\MSN Messenger
    C:\Program Files\MSXML 4.0
    C:\Program Files\Navilog1
    C:\Program Files\NetMeeting
    C:\Program Files\Nullsoft
    C:\Program Files\OLYMPUS
    C:\Program Files\Outlook Express
    C:\Program Files\PENDULO Studios
    C:\Program Files\PIXELA
    C:\Program Files\Presario PC Help
    C:\Program Files\QuickTime
    C:\Program Files\QuickZip
    C:\Program Files\RADVideo
    C:\Program Files\Real
    C:\Program Files\RecordNow!
    C:\Program Files\Rockstar Games
    C:\Program Files\Samsung
    C:\Program Files\Services en ligne
    C:\Program Files\Sonic
    C:\Program Files\Symantec
    C:\Program Files\TechCity Solutions
    C:\Program Files\Thomson
    C:\Program Files\Ulead Systems
    C:\Program Files\VideoLAN
    C:\Program Files\Viewpoint
    C:\Program Files\Watchtower
    C:\Program Files\Windows Media Connect 2
    C:\Program Files\Windows Media Player
    C:\Program Files\Windows NT
    C:\Program Files\xerox
    C:\Program Files\Yahoo!

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    C:\Program Files\Fichiers communs\Adobe
    C:\Program Files\Fichiers communs\Ahead
    C:\Program Files\Fichiers communs\AOL
    C:\Program Files\Fichiers communs\aolback
    C:\Program Files\Fichiers communs\aolshare
    C:\Program Files\Fichiers communs\Hewlett-Packard
    C:\Program Files\Fichiers communs\HP
    C:\Program Files\Fichiers communs\InstallShield
    C:\Program Files\Fichiers communs\Java
    C:\Program Files\Fichiers communs\LightScribe
    C:\Program Files\Fichiers communs\Logitech
    C:\Program Files\Fichiers communs\Microsoft Shared
    C:\Program Files\Fichiers communs\MSSoap
    C:\Program Files\Fichiers communs\Nullsoft
    C:\Program Files\Fichiers communs\Real
    C:\Program Files\Fichiers communs\Scanner
    C:\Program Files\Fichiers communs\Services
    C:\Program Files\Fichiers communs\Sonic
    C:\Program Files\Fichiers communs\SpeechEngines
    C:\Program Files\Fichiers communs\SureThing Shared
    C:\Program Files\Fichiers communs\Symantec Shared
    C:\Program Files\Fichiers communs\System
    C:\Program Files\Fichiers communs\Vbox
    C:\Program Files\Fichiers communs\Wise Installation Wizard
    C:\Program Files\Fichiers communs\xing shared

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé ! )

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    Aucun fichier / dossier Lop trouvé !

    ----------------------[ Verification du Registre ]----------------------

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts MODIFIE

    127.0.0.1 localhost

    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-13 19:24:26
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden files ...
    scan completed successfully
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    Aucune autre infection trouvée !

    --------------------[ Fin du rapport a 19:24:45,85 ]----------------------

    Re,

    Désinstalle :
    SweetIm
    Macromaging.

    Supprime leurs dossiers dans ProgramFiles.
    Supprime C:\Documents and Settings\All Users\APPLIC~1\build ping dead more

    +++++++++++

    Double clique sur le raccourci de navilog1.
    Option 2 puis valide. (entrée)
    Laisse toi guider.
    Ton ordinateur va redémarrer, sinon fais le manuellement.

    Ton bureau va disparaître.

    Patiente jusqu'à l'apparition de ce message :
    "*** Nettoyage Termine le ..... ***"

    Appuie sur une touche comme demandé, le Bloc-notes va s'ouvrir.
    Sauvegarde le rapport.
    Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

    Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
    Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
    Tapes explorer et valides. Cela te fera apparaitre ton bureau

    Démarrer -> panneau de configuration -> options internet
    Clique sur l'onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés" :

    electronic-group ; egroup ; Montorgueil ; VIP ; "Sunny Day Design Ltd"

    ~~> Supprime-les tous <~~

    Poste le rapport sauvegardé auparavant (C:\cleannavi.txt)
    Ainsi qu'un nouveau rapport Hijackthis.

    Clean Navipromo version 3.4.0 commencé le 13/01/2008 à 20:19:51,84

    Outil exécuté depuis C:\Program Files\navilog1
    Mise à jour le 09.01.2008 à 20h00 par IL-MAFIOSO


    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.11
    Système de fichiers : NTFS

    Mode suppression automatique



    *** fsbl1.txt non trouvé ***
    (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


    *** Suppression avec sauvegardes résultats GenericNaviSearch ***

    * Suppression dans C:\WINDOWS\System32 *


    * Suppression dans "C:\Documents and Settings\PropriÚtaire\local settings\application data" *



    *** Suppression dossiers dans C:\WINDOWS ***


    *** Suppression dossiers dans C:\Program Files ***


    *** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***


    *** Suppression dossiers dans "C:\Documents and Settings\PropriÚtaire\application data" ***


    *** Suppression dossiers dans "C:\Documents and Settings\PropriÚtaire\MENUDM~1\PROGRA~1" ***


    *** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***



    *** Suppression fichiers ***

    C:\WINDOWS\Downloaded Program Files\IaLdr32.inf supprimé !

    *** Suppression fichiers temporaires ***

    Nettoyage contenu C:\WINDOWS\Temp effectué !
    Nettoyage contenu C:\Documents and Settings\Propriétaire\local settings\Temp effectué !

    *** Traitement Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

    2)Recherche, création sauvegardes et suppression Heuristique :


    * Dans C:\WINDOWS\system32 *


    * Dans "C:\Documents and Settings\PropriÚtaire\local settings\application data" *


    *** Sauvegarde du Registre vers dossier Backupnavi ***

    sauvegarde du Registre réalisée avec succès !

    *** Nettoyage Registre ***

    Nettoyage Registre Ok


    *** Certificats ***

    Certificat Egroup absent !

    *** Nettoyage terminé le 13/01/2008 à 20:24:57,00 ***

    Logfile of HijackThis v1.99.1
    Scan saved at 20:31:18, on 13/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe
    C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    C:\Program Files\Fichiers communs\AOL\1135854273\ee\AOLSoftware.exe
    C:\WINDOWS\vVX1000.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    c:\program files\fichiers communs\aol\1135854273\ee\aolsoftware.exe
    C:\Program Files\AOL 9.0\waol.exe
    C:\Program Files\AOL 9.0\shellmon.exe
    C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
    C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\svchost.exe
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
    O2 - BHO: (no name) - {38A3D872-034F-4B79-B6FD-FAE54DA16482} - C:\WINDOWS\system32\awvvw.dll (file missing)
    O2 - BHO: egmulhxk.msdn_hlp - {477840F3-BA52-44D9-8E41-38D61CAA010F} - C:\WINDOWS\system32\egmulhxk.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
    O2 - BHO: (no name) - {9689187B-4341-456D-91F9-F37176444BE5} - C:\WINDOWS\system32\htynnwio.dll (file missing)
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
    O2 - BHO: (no name) - {D47E6F46-5571-4BAF-B10F-42479AE52DDE} - C:\Program Files\Symantec\homeq555077.dll (file missing)
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
    O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1135854273\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
    O4 - HKLM\..\Run: [SysSFGE.exe] C:\WINDOWS\system32\SysSFGE.exe
    O4 - HKLM\..\Run: [License] locker.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [atomlite] C:\DOCUME~1\PROPRI~1\APPLIC~1\KNOBBA~1\WayFace.exe
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
    O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
    O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0e\aoltray.exe
    O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jh...
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguard.com/installation/Install.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://www.sexequalite.com/11731/NueIngrid.exe
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {98BFD494-F6AD-4794-9038-832C0654CC43} (AOL YGP UPF Ctrl) - http://photos05.aol.fr/ygp/aol/plugin/upf/YGPUPF.fr-FR....
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
    O16 - DPF: {B4E0F9CB-BC06-4A33-BBB3-F75F16B6FF5E} - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/f...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\system32\sms32zzqzz.dll
    O20 - Winlogon Notify: awvvw - C:\WINDOWS\system32\awvvw.dll (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: iifdebc - iifdebc.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


    -----------------------------[ Lop S&D 2.0.1 ]---------------------------

    Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]

    "C:\Program Files\Lop SD"

    [ 14/01/2008 | 18:17:14,10 ] [ GREGORY ]


    -------------[ Listing des dossiers dans Application Data ]------------

    C:\Documents and Settings\Administrateur\APPLIC~1\Microsoft
    C:\Documents and Settings\Administrateur\APPLIC~1\Identities
    C:\Documents and Settings\Administrateur\APPLIC~1\SampleView
    C:\Documents and Settings\Administrateur\APPLIC~1\Sun
    C:\Documents and Settings\Administrateur\APPLIC~1\Symantec
    C:\Documents and Settings\Administrateur\APPLIC~1\Sonic
    C:\Documents and Settings\Administrateur\APPLIC~1\desktop.ini

    C:\Documents and Settings\All Users\APPLIC~1\addr_file.html
    C:\Documents and Settings\All Users\APPLIC~1\Avira
    C:\Documents and Settings\All Users\APPLIC~1\hpzinstall.log
    C:\Documents and Settings\All Users\APPLIC~1\build ping dead more
    C:\Documents and Settings\All Users\APPLIC~1\Lavasoft
    C:\Documents and Settings\All Users\APPLIC~1\Adobe
    C:\Documents and Settings\All Users\APPLIC~1\AOL
    C:\Documents and Settings\All Users\APPLIC~1\JollyBear
    C:\Documents and Settings\All Users\APPLIC~1\Zylom
    C:\Documents and Settings\All Users\APPLIC~1\WinZip
    C:\Documents and Settings\All Users\APPLIC~1\Microsoft
    C:\Documents and Settings\All Users\APPLIC~1\Yahoo! Companion
    C:\Documents and Settings\All Users\APPLIC~1\UDL
    C:\Documents and Settings\All Users\APPLIC~1\Symantec
    C:\Documents and Settings\All Users\APPLIC~1\Droppix
    C:\Documents and Settings\All Users\APPLIC~1\Windows Genuine Advantage
    C:\Documents and Settings\All Users\APPLIC~1\Viewpoint
    C:\Documents and Settings\All Users\APPLIC~1\QuickTime
    C:\Documents and Settings\All Users\APPLIC~1\MSN6
    C:\Documents and Settings\All Users\APPLIC~1\Motive
    C:\Documents and Settings\All Users\APPLIC~1\InterVideo
    C:\Documents and Settings\All Users\APPLIC~1\SBSI
    C:\Documents and Settings\All Users\APPLIC~1\desktop.ini

    C:\Documents and Settings\Default User\APPLIC~1\SampleView
    C:\Documents and Settings\Default User\APPLIC~1\Sonic
    C:\Documents and Settings\Default User\APPLIC~1\Sun
    C:\Documents and Settings\Default User\APPLIC~1\Microsoft
    C:\Documents and Settings\Default User\APPLIC~1\Identities
    C:\Documents and Settings\Default User\APPLIC~1\desktop.ini
    C:\Documents and Settings\Default User\APPLIC~1\Symantec

    C:\Documents and Settings\LocalService\APPLIC~1\Microsoft

    C:\Documents and Settings\NetworkService\APPLIC~1\Microsoft

    C:\Documents and Settings\Propri‚taire\APPLIC~1\IEPro
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Knob Balm 2
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Adobe
    C:\Documents and Settings\Propri‚taire\APPLIC~1\EPSON
    C:\Documents and Settings\Propri‚taire\APPLIC~1\OLYMPUS
    C:\Documents and Settings\Propri‚taire\APPLIC~1\.akvis_coloriage.settings
    C:\Documents and Settings\Propri‚taire\APPLIC~1\vlc
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Microsoft
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Identities
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Zylom
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Lavasoft
    C:\Documents and Settings\Propri‚taire\APPLIC~1\update.log
    C:\Documents and Settings\Propri‚taire\APPLIC~1\WinPatrol
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Vso
    C:\Documents and Settings\Propri‚taire\APPLIC~1\pcouffin.log
    C:\Documents and Settings\Propri‚taire\APPLIC~1\ezpinst.exe
    C:\Documents and Settings\Propri‚taire\APPLIC~1\pcouffin.cat
    C:\Documents and Settings\Propri‚taire\APPLIC~1\pcouffin.sys
    C:\Documents and Settings\Propri‚taire\APPLIC~1\pcouffin.inf
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Droppix
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Ahead
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Azureus
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Motive
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Macromedia
    C:\Documents and Settings\Propri‚taire\APPLIC~1\AOL
    C:\Documents and Settings\Propri‚taire\APPLIC~1\You've Got Pictures Screensaver
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Real
    C:\Documents and Settings\Propri‚taire\APPLIC~1\MSN6
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Watchtower
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Creative
    C:\Documents and Settings\Propri‚taire\APPLIC~1\openace
    C:\Documents and Settings\Propri‚taire\APPLIC~1\InterVideo
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Sonic
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Leadertech
    C:\Documents and Settings\Propri‚taire\APPLIC~1\AdobeUM
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Help
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Kazaa Lite
    C:\Documents and Settings\Propri‚taire\APPLIC~1\SampleView
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Sun
    C:\Documents and Settings\Propri‚taire\APPLIC~1\desktop.ini
    C:\Documents and Settings\Propri‚taire\APPLIC~1\Symantec


    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [21/09/2003 09:45][-rah-----]C:\WINDOWS\tasks\desktop.ini
    [14/01/2008 18:09][--ah-----]C:\WINDOWS\tasks\SA.DAT
    [13/03/2005 19:31][--a------]C:\WINDOWS\tasks\Symantec NetDetect.job

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    C:\Program Files\ABBYY FineReader 6.0 Sprint
    C:\Program Files\Adobe
    C:\Program Files\Alwil Software
    C:\Program Files\AOL
    C:\Program Files\AOL 8.0
    C:\Program Files\AOL 8.0a
    C:\Program Files\AOL 8.0b
    C:\Program Files\AOL 8.0c
    C:\Program Files\AOL 8.0d
    C:\Program Files\AOL 8.0e
    C:\Program Files\AOL 9.0
    C:\Program Files\AOL Compagnon
    C:\Program Files\ATI Technologies
    C:\Program Files\Avira
    C:\Program Files\BeWAN ADSL V1.7.0.5
    C:\Program Files\BillP Studios
    C:\Program Files\Common Files
    C:\Program Files\DiMAGE Viewer
    C:\Program Files\DivX
    C:\Program Files\EA GAMES
    C:\Program Files\EA SPORTS
    C:\Program Files\Easy Internet signup
    C:\Program Files\eChanblard
    C:\Program Files\eMule
    C:\Program Files\eMule-NG-0[1].47c-Installer.rar
    C:\Program Files\epson
    C:\Program Files\Fichiers communs
    C:\Program Files\HP
    C:\Program Files\Internet Explorer
    C:\Program Files\InterVideo
    C:\Program Files\Java
    C:\Program Files\Lavasoft
    C:\Program Files\Logitech
    C:\Program Files\Lop SD
    C:\Program Files\Microsoft CAPICOM 2.1.0.2
    C:\Program Files\microsoft frontpage
    C:\Program Files\Microsoft LifeCam
    C:\Program Files\Microsoft Office
    C:\Program Files\Movie Maker
    C:\Program Files\MSN Gaming Zone
    C:\Program Files\MSN Messenger
    C:\Program Files\MSXML 4.0
    C:\Program Files\Navilog1
    C:\Program Files\NetMeeting
    C:\Program Files\Nullsoft
    C:\Program Files\OLYMPUS
    C:\Program Files\Outlook Express
    C:\Program Files\PENDULO Studios
    C:\Program Files\PIXELA
    C:\Program Files\Presario PC Help
    C:\Program Files\QuickTime
    C:\Program Files\QuickZip
    C:\Program Files\RADVideo
    C:\Program Files\Real
    C:\Program Files\RecordNow!
    C:\Program Files\Rockstar Games
    C:\Program Files\Samsung
    C:\Program Files\Services en ligne
    C:\Program Files\Sonic
    C:\Program Files\Symantec
    C:\Program Files\TechCity Solutions
    C:\Program Files\Thomson
    C:\Program Files\Ulead Systems
    C:\Program Files\VideoLAN
    C:\Program Files\Viewpoint
    C:\Program Files\Watchtower
    C:\Program Files\Windows Media Connect 2
    C:\Program Files\Windows Media Player
    C:\Program Files\Windows NT
    C:\Program Files\xerox
    C:\Program Files\Yahoo!

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    C:\Program Files\Fichiers communs\Adobe
    C:\Program Files\Fichiers communs\Ahead
    C:\Program Files\Fichiers communs\AOL
    C:\Program Files\Fichiers communs\aolback
    C:\Program Files\Fichiers communs\aolshare
    C:\Program Files\Fichiers communs\Hewlett-Packard
    C:\Program Files\Fichiers communs\HP
    C:\Program Files\Fichiers communs\InstallShield
    C:\Program Files\Fichiers communs\Java
    C:\Program Files\Fichiers communs\LightScribe
    C:\Program Files\Fichiers communs\Logitech
    C:\Program Files\Fichiers communs\Microsoft Shared
    C:\Program Files\Fichiers communs\MSSoap
    C:\Program Files\Fichiers communs\Nullsoft
    C:\Program Files\Fichiers communs\Real
    C:\Program Files\Fichiers communs\Scanner
    C:\Program Files\Fichiers communs\Services
    C:\Program Files\Fichiers communs\Sonic
    C:\Program Files\Fichiers communs\SpeechEngines
    C:\Program Files\Fichiers communs\SureThing Shared
    C:\Program Files\Fichiers communs\Symantec Shared
    C:\Program Files\Fichiers communs\System
    C:\Program Files\Fichiers communs\Vbox
    C:\Program Files\Fichiers communs\Wise Installation Wizard
    C:\Program Files\Fichiers communs\xing shared

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé ! )

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    Aucun fichier / dossier Lop trouvé !

    ----------------------[ Verification du Registre ]----------------------

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts MODIFIE

    127.0.0.1 localhost

    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-14 18:18:58
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden files ...
    scan completed successfully
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    Aucune autre infection trouvée !

    --------------------[ Fin du rapport a 18:19:23,65 ]----------------------

    Re,

    Repasse SDFIx, poste le rapport.

    Supprime ces dossiers :
    - C:\Documents and Settings\Propriétaire\APPLIC~1\openace
    - C:\Documents and Settings\Propriétaire\APPLIC~1\WinPatrol
    - C:\Documents and Settings\Propriétaire\APPLIC~1\Knob Balm 2
    - C:\Documents and Settings\All Users\APPLIC~1\build ping dead more


    SDFix: Version 1.124

    Run by Propriétaire on 19/01/2008 at 12:25

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\system\svchost.exe - Deleted




    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-19 12:34:43
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...


    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 5


    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:D isabled:Messenger"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Call"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    Remaining Files:
    ---------------

    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Thu 8 Jul 2004 196 A.SHR --- "C:\BOOT.BAK"
    Wed 23 Apr 2003 49,221 A..H. --- "C:\Program Files\AOL 8.0\aolphx.exe"
    Wed 23 Apr 2003 36,937 A..H. --- "C:\Program Files\AOL 8.0\aoltray.exe"
    Wed 23 Apr 2003 40,960 A..H. --- "C:\Program Files\AOL 8.0\RBM.exe"
    Wed 23 Apr 2003 237,633 A..H. --- "C:\Program Files\AOL 8.0\waol.exe"
    Wed 23 Apr 2003 49,221 A..H. --- "C:\Program Files\AOL 8.0a\aolphx.exe"
    Wed 23 Apr 2003 36,937 A..H. --- "C:\Program Files\AOL 8.0a\aoltray.exe"
    Wed 23 Apr 2003 40,960 A..H. --- "C:\Program Files\AOL 8.0a\RBM.exe"
    Wed 23 Apr 2003 237,633 A..H. --- "C:\Program Files\AOL 8.0a\waol.exe"
    Wed 23 Apr 2003 49,221 A..H. --- "C:\Program Files\AOL 8.0b\aolphx.exe"
    Wed 23 Apr 2003 36,937 A..H. --- "C:\Program Files\AOL 8.0b\aoltray.exe"
    Wed 23 Apr 2003 40,960 A..H. --- "C:\Program Files\AOL 8.0b\RBM.exe"
    Wed 23 Apr 2003 237,633 A..H. --- "C:\Program Files\AOL 8.0b\waol.exe"
    Wed 23 Apr 2003 49,221 A..H. --- "C:\Program Files\AOL 8.0c\aolphx.exe"
    Wed 23 Apr 2003 36,937 A..H. --- "C:\Program Files\AOL 8.0c\aoltray.exe"
    Wed 23 Apr 2003 40,960 A..H. --- "C:\Program Files\AOL 8.0c\RBM.exe"
    Wed 23 Apr 2003 237,633 A..H. --- "C:\Program Files\AOL 8.0c\waol.exe"
    Wed 23 Apr 2003 49,221 A..H. --- "C:\Program Files\AOL 8.0d\aolphx.exe"
    Wed 23 Apr 2003 36,937 A..H. --- "C:\Program Files\AOL 8.0d\aoltray.exe"
    Wed 23 Apr 2003 40,960 A..H. --- "C:\Program Files\AOL 8.0d\RBM.exe"
    Wed 23 Apr 2003 237,633 A..H. --- "C:\Program Files\AOL 8.0d\waol.exe"
    Wed 23 Apr 2003 49,221 A..H. --- "C:\Program Files\AOL 8.0e\aolphx.exe"
    Wed 23 Apr 2003 36,937 A..H. --- "C:\Program Files\AOL 8.0e\aoltray.exe"
    Wed 23 Apr 2003 40,960 A..H. --- "C:\Program Files\AOL 8.0e\RBM.exe"
    Wed 23 Apr 2003 237,633 A..H. --- "C:\Program Files\AOL 8.0e\waol.exe"
    Mon 10 May 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
    Mon 10 May 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
    Mon 10 May 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
    Sat 31 Aug 2002 1,821 A..H. --- "C:\WINDOWS\system32\msisl$.dll"
    Thu 16 Sep 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Wed 4 Apr 2007 0 ...H. --- "C:\Documents and Settings\Propri‚taire\Bureau\~WRL0003.tmp"
    Wed 23 Apr 2003 49,223 A..H. --- "C:\Program Files\AOL 8.0\COMIT\cswitch.exe"
    Wed 23 Apr 2003 49,223 A..H. --- "C:\Program Files\AOL 8.0a\COMIT\cswitch.exe"
    Wed 23 Apr 2003 49,223 A..H. --- "C:\Program Files\AOL 8.0b\COMIT\cswitch.exe"
    Wed 23 Apr 2003 49,223 A..H. --- "C:\Program Files\AOL 8.0c\COMIT\cswitch.exe"
    Wed 23 Apr 2003 49,223 A..H. --- "C:\Program Files\AOL 8.0d\COMIT\cswitch.exe"
    Wed 23 Apr 2003 49,223 A..H. --- "C:\Program Files\AOL 8.0e\COMIT\cswitch.exe"
    Sat 2 Dec 2006 106,496 A.SHR --- "C:\WINDOWS\system\_sv_CMD_\_U_.exe"
    Thu 10 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
    Sun 8 Feb 2004 5,294,080 A..H. --- "C:\hp\patches\42WW1REC\src\App00153.exe"
    Sun 8 Feb 2004 452,096 A..H. --- "C:\hp\patches\42WW1REC\src\App00292.exe"
    Sun 8 Feb 2004 444,416 A..H. --- "C:\hp\patches\42WW1REC\src\App00491.exe"
    Sun 8 Feb 2004 1,838,592 A..H. --- "C:\hp\patches\42WW1REC\src\App02995.exe"
    Sun 8 Feb 2004 492,544 A..H. --- "C:\hp\patches\42WW1REC\src\App04827.exe"
    Sun 8 Feb 2004 1,401,856 A..H. --- "C:\hp\patches\42WW1REC\src\App05447.exe"
    Sun 8 Feb 2004 440,320 A..H. --- "C:\hp\patches\42WW1REC\src\App05705.exe"
    Sun 8 Feb 2004 462,848 A..H. --- "C:\hp\patches\42WW1REC\src\App09961.exe"
    Sun 8 Feb 2004 15,596,032 A..H. --- "C:\hp\patches\42WW1REC\src\App14604.exe"
    Sun 8 Feb 2004 5,256,704 A..H. --- "C:\hp\patches\42WW1REC\src\App16827.exe"
    Sun 8 Feb 2004 3,668,992 A..H. --- "C:\hp\patches\42WW1REC\src\App17421.exe"
    Wed 11 Feb 2004 696,832 A..H. --- "C:\hp\patches\42WW1REC\src\App18716.exe"
    Sun 8 Feb 2004 423,936 A..H. --- "C:\hp\patches\42WW1REC\src\App19169.exe"
    Sun 8 Feb 2004 1,157,632 A..H. --- "C:\hp\patches\42WW1REC\src\App19718.exe"
    Wed 11 Feb 2004 995,328 A..H. --- "C:\hp\patches\42WW1REC\src\App19895.exe"
    Sun 8 Feb 2004 453,632 A..H. --- "C:\hp\patches\42WW1REC\src\App23281.exe"
    Sun 8 Feb 2004 453,632 A..H. --- "C:\hp\patches\42WW1REC\src\App24464.exe"
    Sun 8 Feb 2004 2,251,776 A..H. --- "C:\hp\patches\42WW1REC\src\App26962.exe"
    Sun 8 Feb 2004 481,792 A..H. --- "C:\hp\patches\42WW1REC\src\App29358.exe"
    Sun 8 Feb 2004 12,426,752 A..H. --- "C:\hp\patches\42WW1REC\src\App32391.exe"
    Sun 8 Feb 2004 12,426,752 A..H. --- "C:\hp\patches\42WW1REC\src\App99990.exe"
    Sun 8 Feb 2004 15,596,032 A..H. --- "C:\hp\patches\42WW1REC\src\App99992.exe"
    Sun 8 Feb 2004 5,256,704 A..H. --- "C:\hp\patches\42WW1REC\src\App99993.exe"
    Sun 8 Feb 2004 5,256,704 A..H. --- "C:\hp\patches\42WW1REC\src\xApp14604.exe"
    Thu 18 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\388e66e644283db0233c4a98f2fd08a0\BIT1A.tmp"
    Fri 4 Oct 2002 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"
    Mon 12 Nov 2007 21,978,112 ...H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ecole\P‚riode Formation Entreprise\Atelier de la couleur\~WRL2880.tmp"
    Mon 10 Sep 2007 29,696 ...H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ecole\P‚riode Formation Entreprise\Contre-Jour\~WRL0173.tmp"

    Finished!

    Logfile of HijackThis v1.99.1
    Scan saved at 14:10:48, on 19/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    C:\Program Files\Fichiers communs\AOL\1135854273\ee\AOLSoftware.exe
    C:\WINDOWS\vVX1000.exe
    c:\program files\fichiers communs\aol\1135854273\ee\aolsoftware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\AOL 9.0\waol.exe
    C:\Program Files\AOL 9.0\shellmon.exe
    C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Documents and Settings\Propriétaire\Bureau\Anti-virus\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\svchost.exe
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
    O2 - BHO: (no name) - {38A3D872-034F-4B79-B6FD-FAE54DA16482} - C:\WINDOWS\system32\awvvw.dll (file missing)
    O2 - BHO: egmulhxk.msdn_hlp - {477840F3-BA52-44D9-8E41-38D61CAA010F} - C:\WINDOWS\system32\egmulhxk.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
    O2 - BHO: (no name) - {9689187B-4341-456D-91F9-F37176444BE5} - C:\WINDOWS\system32\htynnwio.dll (file missing)
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
    O2 - BHO: (no name) - {D47E6F46-5571-4BAF-B10F-42479AE52DDE} - C:\Program Files\Symantec\homeq555077.dll (file missing)
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
    O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1135854273\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
    O4 - HKLM\..\Run: [SysSFGE.exe] C:\WINDOWS\system32\SysSFGE.exe
    O4 - HKLM\..\Run: [License] locker.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [atomlite] C:\DOCUME~1\PROPRI~1\APPLIC~1\KNOBBA~1\WayFace.exe
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
    O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
    O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0e\aoltray.exe
    O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jh...
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguard.com/installation/Install.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://www.sexequalite.com/11731/NueIngrid.exe
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {98BFD494-F6AD-4794-9038-832C0654CC43} (AOL YGP UPF Ctrl) - http://photos05.aol.fr/ygp/aol/plugin/upf/YGPUPF.fr-FR....
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
    O16 - DPF: {B4E0F9CB-BC06-4A33-BBB3-F75F16B6FF5E} - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/f...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B71E8247-98F3-42FF-958A-F3EC6163D147}: NameServer = 84.103.237.145 86.64.145.145
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F39C43A1-BF26-4FCB-89B1-ED1DB82AC4B0}: NameServer = 205.188.146.145
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\system32\sms32zzqzz.dll
    O20 - Winlogon Notify: awvvw - C:\WINDOWS\system32\awvvw.dll (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: iifdebc - iifdebc.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    Bien ok ;) 

    Télécharge OTMoveIt > Tuto <

    Sauvegarde-le sur le Bureau

    Séléctionne l'encadré ci-dessous
    C:\WINDOWS\system32\sms32zzqzz.dll
    C:\WINDOWS\locker.exe
    C:\WINDOWS\system32\SysSFGE.exe

    Lance maintenant OTMoveIt .
    Assure toi que la case unregister dll’s and ocx’s soit cochée.
    Deux cadres apparaissent , clique droit sur le cadre de gauche , puis colle l'encadré ci desssus.
    Et clique sur Movelt !

    Si le programme te demande de redemarrer, accepte.

    Poste le rapport qui se trouve dans : C:\_OTMoveIt\MovedFiles\date de création!

    NOTE : Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.

    ++++++++++++

    Relance HiJackThis, do a system scan only, coche ces lignes :
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\svchost.exe
    O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
    O2 - BHO: (no name) - {38A3D872-034F-4B79-B6FD-FAE54DA16482} - C:\WINDOWS\system32\awvvw.dll (file missing)
    O2 - BHO: egmulhxk.msdn_hlp - {477840F3-BA52-44D9-8E41-38D61CAA010F} - C:\WINDOWS\system32\egmulhxk.dll (file missing)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
    O2 - BHO: (no name) - {9689187B-4341-456D-91F9-F37176444BE5} - C:\WINDOWS\system32\htynnwio.dll (file missing)
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
    O2 - BHO: (no name) - {D47E6F46-5571-4BAF-B10F-42479AE52DDE} - C:\Program Files\Symantec\homeq555077.dll (file missing)
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
    O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1135854273\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    O4 - HKLM\..\Run: [SysSFGE.exe] C:\WINDOWS\system32\SysSFGE.exe
    O4 - HKLM\..\Run: [License] locker.exe
    O4 - HKCU\..\Run: [atomlite] C:\DOCUME~1\PROPRI~1\APPLIC~1\KNOBBA~1\WayFace.exe
    O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolb [...] xdm795CGFR
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocac [...] 0.0.15.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguard.com/installation/Install.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 6316502750
    O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://www.sexequalite.com/11731/NueIngrid.exe
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
    O16 - DPF: {98BFD494-F6AD-4794-9038-832C0654CC43} (AOL YGP UPF Ctrl) - http://photos05.aol.fr/ygp/aol/plu [...] .2.4.0.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
    O16 - DPF: {B4E0F9CB-BC06-4A33-BBB3-F75F16B6FF5E} - http://htmldialer.parisvoyeur.com/ [...] Iseult.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b32846.cab
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\sms32zzqzz.dll
    O20 - Winlogon Notify: awvvw - C:\WINDOWS\system32\awvvw.dll (file missing
    O20 - Winlogon Notify: iifdebc - iifdebc.dll (file missing)

    Puis Fix Checked !

    +++++++++++++++++++++

    Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
    Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
    Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
    Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé et poste le rapport ici.
    Le rapport se trouve ici : C:\rapport_clean.txt

    Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.

    ++++++++++++++++

    Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
    Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

    +++++++++++++

    Lance Antivir :
    Vérifie qu’il soit bien à jour ! Fais une analyse complète, poste le rapport.



    AntiVir PersonalEdition Classic
    Report file date: dimanche 20 janvier 2008 10:46

    Scanning for 1027920 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: GREGORY

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 20:03:46
    ANTIVIR2.VDF : 7.0.1.205 620544 Bytes 08/01/2008 20:03:07
    ANTIVIR3.VDF : 7.0.1.227 161280 Bytes 11/01/2008 20:02:06
    AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 07/01/2008 20:03:47
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.2 360488 Bytes 07/01/2008 20:03:47
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: dimanche 20 janvier 2008 10:46

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'cscript.exe' - '1' Module(s) have been scanned
    Scan process 'cmd.exe' - '1' Module(s) have been scanned
    Scan process 'aolsoftware.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'aoltpspd.exe' - '1' Module(s) have been scanned
    Scan process 'shellmon.exe' - '1' Module(s) have been scanned
    Scan process 'waol.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'aolsoftware.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'PCHButton.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'kbd.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'wanmpsvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'MSCamSvc.exe' - '1' Module(s) have been scanned
    Scan process 'vVX1000.exe' - '1' Module(s) have been scanned
    Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'AOLAgent.exe' - '1' Module(s) have been scanned
    Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
    Scan process 'dragdiag.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'ALCXMNTR.EXE' - '1' Module(s) have been scanned
    Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
    Scan process 'hphmon05.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    46 processes with 46 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '48' files ).


    Starting the file scan:

    Begin scan in 'C:\' <PRESARIO>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\Propriétaire\Bureau\catchme.zip
    [0] Archive type: ZIP
    --> svchost.exe
    [DETECTION] Is the Trojan horse TR/Agent.Small.D.2
    [INFO] The file was moved to '48071abd.qua'!
    C:\SDFix\backups_old1\backups.zip
    [0] Archive type: ZIP
    --> backups/photo album.zip
    [1] Archive type: ZIP
    --> photo album2007.pif
    [DETECTION] Is the Trojan horse TR/Agent.24772
    [INFO] The file was moved to '47f62225.qua'!
    C:\WINDOWS\otstuk.tmp
    [DETECTION] Contains detection pattern of the VBS script virus VBS/Click.A
    [INFO] The file was moved to '48062304.qua'!
    C:\WINDOWS\system\_sv_CMD_\_U_.exe
    [DETECTION] Is the Trojan horse TR/Agent.Small.D.2
    [INFO] The file was moved to '47f22692.qua'!
    C:\WINDOWS\system32\ardCo17\ardCo172314.exe
    [DETECTION] Is the Trojan horse TR/Dldr.VB.caw.1
    [INFO] The file was moved to '47f7270c.qua'!
    Begin scan in 'D:\' <PRESARIO_RP>


    End of the scan: dimanche 20 janvier 2008 11:57
    Used time: 1:11:51 min

    The scan has been done completely.

    9454 Scanning directories
    281592 Files were scanned
    5 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    5 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    281587 Files not concerned
    16734 Archives were scanned
    2 Warnings
    7 Notes

    Re,

    Tu peux supprimer les dossiers suivants :
    - C:\WINDOWS\system32\ardCo17
    - C:\WINDOWS\system\_sv_CMD_

    ++++++++

    Poste moi le nouveau rapport combofix

    ++++++++

    Télécharge AVG Anti-Spyware Installes-le.
    Si le lien ne fonctionne pas : >Clique ici<
    Lance AVG et fais une mise à jour.
    Clique sur le bouton Analyse (de la barre d'outils)
    Puis sur l'onglet comment réagir, clique sur Actions recommandées. Choisis Quarantaine.
    Ne fais pas d’analyse pour le moment.
    Redémarre en mode sans échec
    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
    Relance Avg.
    Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
    A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas.
    Clique sur "Enregistrer le rapport". Ceci génère un rapport qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
    Poste le ici.
    &
    Toujours en mode sans échec, relance clean et fais l'option 2, poste le rapport.

    ComboFix 08-01-20.1 - Propriétaire 2008-01-20 12:02:00.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.53 [GMT 1:00]
    Running from: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system\_sv_CMD_
    C:\WINDOWS\system32\winsms.dll
    C:\WINDOWS\wl.exe
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-20 to 2008-01-20 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-20 12:01 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-20 10:41 . 2008-01-20 10:41 <REP> d-------- C:\Program Files\CCleaner
    2008-01-13 19:22 . 2008-01-14 18:19 <REP> d-------- C:\Program Files\Lop SD
    2008-01-13 19:06 . 2008-01-13 20:24 <REP> d-------- C:\Program Files\Navilog1
    2008-01-06 01:30 . 2008-01-06 01:30 <REP> d-------- C:\WINDOWS\ERUNT
    2008-01-05 20:26 . 2008-01-05 20:26 <REP> d-------- C:\Program Files\Avira
    2008-01-05 20:26 . 2008-01-05 20:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-01-05 17:49 . 2008-01-05 17:49 <REP> d--h----- C:\WINDOWS\msdownld.tmp
    2008-01-05 17:49 . 2008-01-05 17:49 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
    2008-01-05 17:49 . 2008-01-05 17:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
    2008-01-05 17:49 . 2008-01-05 17:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-01-05 17:49 . 2008-01-05 17:49 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
    2008-01-05 17:49 . 2008-01-05 17:49 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2008-01-05 17:49 . 2008-01-05 17:49 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-01-05 17:49 . 2008-01-05 17:49 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
    2008-01-05 17:49 . 2008-01-05 17:49 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SampleView
    2008-01-05 17:34 . 2008-01-05 17:34 827,392 --a------ C:\WINDOWS\system32\FLASH.OCX
    2008-01-05 13:36 . 2006-10-27 15:09 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
    2008-01-05 12:50 . 2008-01-05 17:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
    2008-01-05 12:50 . 2008-01-05 17:49 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2008-01-05 12:50 . 2004-01-01 11:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sonic
    2008-01-05 11:20 . 2008-01-05 17:49 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\IEPro
    2008-01-05 11:20 . 2008-01-05 17:49 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\IEPro
    2008-01-04 19:12 . 2008-01-04 19:12 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
    2008-01-04 13:20 . 2008-01-04 13:20 2 --a------ C:\WINDOWS\uid.tmp
    2007-12-31 20:25 . 2007-12-31 20:25 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
    2007-12-31 20:25 . 2007-12-31 20:25 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
    2007-12-31 20:23 . 2006-09-22 10:17 40 --a------ C:\WINDOWS\RUNAWAY2.INI
    2007-12-31 20:15 . 2007-12-31 20:15 <REP> d-------- C:\Program Files\PENDULO Studios
    2007-12-28 21:57 . 2007-12-28 21:58 <REP> d-------- C:\WINDOWS\system32\NtmsData
    2007-12-27 21:53 . 2007-12-27 21:53 <REP> d-------- C:\Program Files\Alwil Software
    2007-12-27 21:41 . 2007-12-27 21:41 <REP> d-------- C:\Program Files\Lavasoft
    2007-12-27 21:41 . 2007-12-27 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-12-27 21:39 . 2007-12-27 21:39 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-12-27 00:02 . 2007-12-27 00:02 4 --a------ C:\WINDOWS\system32\jpewocmz.ini
    2007-12-27 00:00 . 2008-01-20 11:46 <REP> d-------- C:\WINDOWS\system32\ardCo17

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-19 22:21 --------- d-----w C:\Program Files\eMule
    2008-01-05 16:57 --------- d-----w C:\Program Files\AOL 8.0e
    2008-01-05 16:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-28 20:58 --------- d-----w C:\Program Files\HP
    2007-12-27 23:08 --------- d-----w C:\Program Files\AOL 9.0
    2007-12-27 21:35 --------- d-----w C:\Program Files\Symantec
    2007-12-19 14:13 73,216 ----a-w C:\WINDOWS\WinLockDll.dll
    2007-11-25 10:25 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\EPSON
    2007-11-25 10:25 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\EPSON
    2006-11-09 18:52 4,437,401 ----a-w C:\Program Files\eMule-NG-0[1].47c-Installer.rar
    2006-10-09 20:07 81,920 ----a-w C:\Documents and Settings\Propriétaire\Application Data\ezpinst.exe
    2006-10-09 20:07 81,920 ----a-w C:\Documents and Settings\Propriétaire\Application Data\ezpinst.exe
    2006-10-09 20:07 47,360 ----a-w C:\Documents and Settings\Propriétaire\Application Data\pcouffin.sys
    2006-10-09 20:07 47,360 ----a-w C:\Documents and Settings\Propriétaire\Application Data\pcouffin.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acme.PCHButton"="C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe" [2004-01-01 11:42 159744]
    "WINSOS VERIFY"="C:\Program Files\WINSOS\WINSOS.exe" [ ]
    "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 10:14 57344]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [ ]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04 52736]
    "HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 03:23 49152]
    "HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 03:16 483328]
    "UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 08:01 110592]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2003-11-03 16:50 221184]
    "VTTimer"="VTTimer.exe" []
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 20:10 335872]
    "AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 20:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
    "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [ ]
    "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 10:38 866816]
    "AOLSAV"="C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" [2004-11-10 16:18 80384]
    "AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 11:01 70952]
    "YeppStudioAgent"="C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [ ]
    "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-30 00:54 269104]
    "VX1000"="C:\WINDOWS\vVX1000.exe" [2006-06-30 00:42 707376]
    "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-07-19 10:06 40960]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [ ]
    "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 12:02 61440]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-07 21:03 249896]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2004-08-14 19:02:30 110592]
    AOL 8.0 Ic“ne AOL.lnk - C:\Program Files\AOL 8.0e\aoltray.exe [2006-07-02 14:44:37 36937]
    Microsoft Recherche acc‚l‚r‚e.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-11-19 111376]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLogoff"= 0 (0x0)

    R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamSvc.exe" [2006-06-30 00:54]
    R3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-12-08 10:53]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]
    S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-06-30 00:42]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2005-03-13 18:31:40 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-20 12:10:00
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-20 12:13:16
    ComboFix-quarantined-files.txt 2008-01-20 11:13:14
    .
    2008-01-08 23:13:08 --- E O F ---

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 14:21:05 20/01/2008

    + Résultat de l'analyse:



    C:\Program Files\Common Files\Companion Wizard\WapCHK.dll -> Adware.Companion : Ignoré.
    C:\Program Files\Rockstar Games\GTA San Andreas\hlm-intro.exe -> Backdoor.Hupigon.kg : Nettoyé et sauvegardé (mise en quarantaine).
    C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP932\A0293044.exe -> Downloader.VB.ccs : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\Propriétaire\Cookies\propriétaire@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\Propriétaire\Cookies\propriétaire@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
    C:\Documents and Settings\Propriétaire\Cookies\propriétaire@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
    C:\Documents and Settings\Propriétaire\Cookies\propriétaire@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
    C:\Documents and Settings\Propriétaire\Cookies\propriétaire@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
    C:\Documents and Settings\Propriétaire\Cookies\propriétaire@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Nettoyé.
    C:\Documents and Settings\Propriétaire\Cookies\propriétaire@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
    C:\Documents and Settings\Propriétaire\Cookies\propriétaire@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
    C:\Documents and Settings\Propriétaire\Cookies\propriétaire@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.


    Fin du rapport

    Script execute en mode sans echec
    Rapport clean par Malekal_morte - http://www.malekal.com
    Script execute en mode sans echec 20/01/2008 a 14:24:18,43

    Microsoft Windows XP [version 5.1.2600]

    *** Suppression des fichiers dans C:

    *** Suppression des fichiers dans C:\WINDOWS\
    tentative de suppression de C:\WINDOWS\ALCXMNTR.EXE
    tentative de suppression de C:\WINDOWS\WMCRRS.exe

    *** Suppression des fichiers dans C:\WINDOWS\system32

    Logfile of HijackThis v1.99.1
    Scan saved at 18:04:13, on 20/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    C:\WINDOWS\vVX1000.exe
    C:\Program Files\Fichiers communs\AOL\1135854273\ee\aolsoftware.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    c:\program files\fichiers communs\aol\1135854273\ee\aolsoftware.exe
    C:\Program Files\AOL 9.0\waol.exe
    C:\Program Files\AOL 9.0\shellmon.exe
    C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
    C:\Documents and Settings\Propriétaire\Bureau\Anti-virus\hijackthis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
    O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
    O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0e\aoltray.exe
    O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B71E8247-98F3-42FF-958A-F3EC6163D147}: NameServer = 84.103.237.144 86.64.145.144
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F39C43A1-BF26-4FCB-89B1-ED1DB82AC4B0}: NameServer = 205.188.146.145
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    Peux-tu m'en dire plus sur la contrefaçon de logiciel ?

    Pour le démarrage de WIndows :

    Regarde :
    Citation :
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
    O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
    O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0e\aoltray.exe
    O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE


    Tout ça est lancé au démarrage de Windows, à toi d'enlever celles qui te paraissent superflues. Des logiciels par exemple que tu n'utilises que occasionnellement.

    Fixe ces lignes dans Hijackthis :
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

    en fait, au demarrage de windows, je suis informé que je suis peut etre victime dune contrefaçon de logiciel! Une etoile bleue est presente ds la barre du menu demarrer, a gauche de l'heure. Qd je pose le curseur dessus voila ce qui est ecrit : "vous etes peut etre victime d'une contrefaçon de logiciel" Ce message est apparu suite au scan de AVG et de Clean en mode sans echec, en redemarrant windows normalement

    Ah ça, c'est parce que tu n'as pas une version légale de Windows.
    Et si ya l'étoile bleue, c'est que tu as sûrement dû installer le windows genuine advantage en voulant installer IE7 ou WMP11 par exemple.
    Donc je te conseille vivement d'entrer une clef légale.

    Pour enlever les éléments superflus (tu dois être sûr de ce que tu fais):
    - Démarrer>exécuter>tape services.msc, tu désactives le démarrage automatique pour ce que tu veux.
    - Ou tu peux fixer directement des lignes 04 dans Hijackthis, sois prudent tout de même ;) 

    J'ai pourtant une version legale de Windows :( ...
    Par contre j'ai récement voulu installer IE7...
    Et j'ai pa vraiment compris comment entrer une clef legale :( 
    Désolé j'y connai pa grd chose mai en tt cas merci pr tout, j'ai deja resolu pa mal de pb grace a vous ;) 
    Lassé par la pub ? Créez un compte

    Créer un nouveau sujet

    Tom's guide dans le monde