Pub intempestive msn

Bonjour,

Télécharge Flash Disinfector (de sUBs) sur ton Bureau.

Connecte tous les périphériques externes ( DD , USB , ..... )

Double clique sur Flash Disinfector et laisse toi guider.

*******

Télécharge Lop S&D.exe (d' Eric 71 & Angeldark) sur ton bureau.

Double-clique dessus pour lancer l'installation

Puis double-clique sur le raccourci Lop S&D présent sur ton bureau (Si tu es sous Vista, clique droit -> exécuter en tant qu'admin)

Séléctionne la langue souhaitée , puis choisis l'Option 1 (Recherche)

Patiente jusqu'à la fin du scan

Poste le rapport généré (C:\lopR.txt)

Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
Tapes explorer et valide. Cela te fera apparaitre ton bureau

Ci dessous mon rapport

-----------------------[ Lop S&D 4.2.0-9 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : TANDEM POUR L'ECOLE ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 03/06/2008 | 21:39:57.64 ] [ PC : TANDEM ]
[ MAJ : 16-05-2008 | 23:35 ]

-------------[ Listing des dossiers dans Application Data ]------------

[01/01/2003|22:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[13/09/2004|19:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[14/05/2008|13:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\file joy proc deaf
[16/12/2006|14:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[01/12/2006|20:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[20/04/2008|20:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
[16/12/2007|17:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Link Data Security
[13/09/2004|19:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[17/11/2005|11:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[02/05/2008|18:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[09/03/2008|19:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Snapfish Livres de photo
[01/12/2006|20:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[24/05/2008|09:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[19/04/2005|12:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[16/12/2007|17:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UniversalisV12
[07/07/2006|13:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[22/08/2007|15:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
[22/08/2007|15:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[13/09/2004|19:17] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[13/06/2006|17:14] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

[13/09/2004|19:17] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[17/10/2006|21:52] C:\DOCUME~1\TANDEM~1\APPLIC~1\3M
[19/04/2005|16:25] C:\DOCUME~1\TANDEM~1\APPLIC~1\Adobe
[19/04/2005|16:51] C:\DOCUME~1\TANDEM~1\APPLIC~1\AdobeUM
[31/05/2005|18:26] C:\DOCUME~1\TANDEM~1\APPLIC~1\Apple Computer
[17/10/2005|16:53] C:\DOCUME~1\TANDEM~1\APPLIC~1\CopyToDvd
[21/05/2005|14:00] C:\DOCUME~1\TANDEM~1\APPLIC~1\CyberLink
[13/09/2004|19:17] C:\DOCUME~1\TANDEM~1\APPLIC~1\desktop.ini
[29/08/2006|12:11] C:\DOCUME~1\TANDEM~1\APPLIC~1\ezpinst.exe
[02/09/2006|23:27] C:\DOCUME~1\TANDEM~1\APPLIC~1\Google
[14/05/2008|22:48] C:\DOCUME~1\TANDEM~1\APPLIC~1\gpl second noun
[10/12/2006|13:56] C:\DOCUME~1\TANDEM~1\APPLIC~1\Help
[01/12/2006|20:14] C:\DOCUME~1\TANDEM~1\APPLIC~1\HP
[13/09/2004|19:31] C:\DOCUME~1\TANDEM~1\APPLIC~1\Identities
[23/09/2007|01:02] C:\DOCUME~1\TANDEM~1\APPLIC~1\internaldb41.dat
[23/09/2007|01:03] C:\DOCUME~1\TANDEM~1\APPLIC~1\internaldb6334.dat
[23/09/2007|00:54] C:\DOCUME~1\TANDEM~1\APPLIC~1\internaldb8467.dat
[27/07/2005|15:17] C:\DOCUME~1\TANDEM~1\APPLIC~1\Lavasoft
[31/08/2005|20:22] C:\DOCUME~1\TANDEM~1\APPLIC~1\Leadertech
[02/05/2008|00:06] C:\DOCUME~1\TANDEM~1\APPLIC~1\LimeWire
[19/04/2005|13:31] C:\DOCUME~1\TANDEM~1\APPLIC~1\Macromedia
[17/11/2005|11:46] C:\DOCUME~1\TANDEM~1\APPLIC~1\Media Player Classic
[13/09/2004|19:17] C:\DOCUME~1\TANDEM~1\APPLIC~1\Microsoft
[16/12/2007|18:00] C:\DOCUME~1\TANDEM~1\APPLIC~1\Mozilla
[30/04/2005|23:24] C:\DOCUME~1\TANDEM~1\APPLIC~1\MSNInstaller
[29/08/2006|12:11] C:\DOCUME~1\TANDEM~1\APPLIC~1\pcouffin.cat
[29/08/2006|12:11] C:\DOCUME~1\TANDEM~1\APPLIC~1\pcouffin.inf
[29/08/2006|12:12] C:\DOCUME~1\TANDEM~1\APPLIC~1\pcouffin.log
[29/08/2006|12:11] C:\DOCUME~1\TANDEM~1\APPLIC~1\pcouffin.sys
[16/12/2006|14:14] C:\DOCUME~1\TANDEM~1\APPLIC~1\Real
[02/05/2008|18:56] C:\DOCUME~1\TANDEM~1\APPLIC~1\skypePM
[03/01/2007|13:46] C:\DOCUME~1\TANDEM~1\APPLIC~1\Snapfish
[19/04/2005|15:00] C:\DOCUME~1\TANDEM~1\APPLIC~1\Sun
[19/04/2005|12:39] C:\DOCUME~1\TANDEM~1\APPLIC~1\Symantec
[16/12/2007|18:00] C:\DOCUME~1\TANDEM~1\APPLIC~1\Universalis V12
[12/05/2008|22:19] C:\DOCUME~1\TANDEM~1\APPLIC~1\vlc
[09/04/2006|17:33] C:\DOCUME~1\TANDEM~1\APPLIC~1\Vso
[09/12/2006|11:08] C:\DOCUME~1\TANDEM~1\APPLIC~1\XTND_BTUIObjects

[22/10/2006|15:28] C:\DOCUME~1\INVIT\APPLIC~1\3M
[20/08/2007|22:20] C:\DOCUME~1\INVIT\APPLIC~1\Adobe
[13/09/2004|19:17] C:\DOCUME~1\INVIT\APPLIC~1\desktop.ini
[16/12/2006|15:36] C:\DOCUME~1\INVIT\APPLIC~1\Google
[18/05/2008|17:25] C:\DOCUME~1\INVIT\APPLIC~1\gpl second noun
[09/12/2006|17:03] C:\DOCUME~1\INVIT\APPLIC~1\HP
[13/09/2004|19:31] C:\DOCUME~1\INVIT\APPLIC~1\Identities
[06/10/2006|19:21] C:\DOCUME~1\INVIT\APPLIC~1\Macromedia
[28/12/2007|10:44] C:\DOCUME~1\INVIT\APPLIC~1\Media Player Classic
[13/09/2004|19:17] C:\DOCUME~1\INVIT\APPLIC~1\Microsoft
[30/04/2008|21:36] C:\DOCUME~1\INVIT\APPLIC~1\Mozilla
[16/12/2006|15:32] C:\DOCUME~1\INVIT\APPLIC~1\Real
[24/05/2007|15:45] C:\DOCUME~1\INVIT\APPLIC~1\Sun
[24/05/2008|22:21] C:\DOCUME~1\INVIT\APPLIC~1\vlc

[30/04/2008|22:28] C:\DOCUME~1\EMILIEN\APPLIC~1\Adobe
[13/09/2004|19:17] C:\DOCUME~1\EMILIEN\APPLIC~1\desktop.ini
[30/04/2008|22:34] C:\DOCUME~1\EMILIEN\APPLIC~1\EoRezo
[14/05/2008|13:01] C:\DOCUME~1\EMILIEN\APPLIC~1\gpl second noun
[13/09/2004|19:31] C:\DOCUME~1\EMILIEN\APPLIC~1\Identities
[30/04/2008|22:31] C:\DOCUME~1\EMILIEN\APPLIC~1\Macromedia
[13/09/2004|19:17] C:\DOCUME~1\EMILIEN\APPLIC~1\Microsoft
[30/04/2008|22:44] C:\DOCUME~1\EMILIEN\APPLIC~1\Mozilla
[14/05/2008|14:48] C:\DOCUME~1\EMILIEN\APPLIC~1\vlc


----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[03/06/2008 21:00][--ah-----] C:\WINDOWS\tasks\A9B332AA9148B226.job
[23/09/2007 01:04][--ah-----] C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
[03/06/2008 18:47][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

A9B332AA9148B226.job <--> c:\docume~1\emilien\applic~1\gplsec~1\antiproxydefy.exe

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[28/12/2007|10:42] C:\Program Files\7-Zip
[01/01/2003|22:02] C:\Program Files\Acer Inc
[01/01/2003|22:07] C:\Program Files\Adobe
[06/01/2008|21:21] C:\Program Files\Alwil Software
[01/01/2003|21:51] C:\Program Files\AMD
[28/02/2006|09:38] C:\Program Files\ColiPoste
[13/09/2004|19:23] C:\Program Files\ComPlus Applications
[07/09/2007|17:27] C:\Program Files\Cyanide
[01/01/2003|22:04] C:\Program Files\CyberLink
[01/11/2005|15:31] C:\Program Files\DAP
[30/04/2008|22:34] C:\Program Files\EoRezo
[09/12/2006|11:01] C:\Program Files\Extended Systems
[13/09/2004|19:18] C:\Program Files\Fichiers communs
[30/05/2008|20:31] C:\Program Files\gpl second noun
[20/04/2006|10:10] C:\Program Files\Hewlett-Packard
[01/12/2006|19:58] C:\Program Files\HP
[13/09/2004|19:24] C:\Program Files\Internet Explorer
[04/07/2006|21:47] C:\Program Files\Inventel
[30/04/2008|22:36] C:\Program Files\ItsLabel
[19/04/2005|14:57] C:\Program Files\Java
[01/01/2003|21:59] C:\Program Files\Launch Manager
[01/01/2003|22:06] C:\Program Files\Ligos
[24/02/2007|13:42] C:\Program Files\LimeWire
[19/04/2005|12:29] C:\Program Files\ltmoh
[26/02/2006|22:39] C:\Program Files\Macrogaming
[13/04/2007|22:38] C:\Program Files\MarkAny
[13/09/2004|19:23] C:\Program Files\Messenger
[23/08/2007|23:17] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[20/02/2007|20:45] C:\Program Files\Microsoft Carioca
[13/09/2004|19:26] C:\Program Files\microsoft frontpage
[22/09/2007|21:47] C:\Program Files\Microsoft IntelliPoint
[19/04/2005|13:12] C:\Program Files\Microsoft Office
[19/07/2005|10:03] C:\Program Files\Microsoft Works
[01/11/2007|15:17] C:\Program Files\MIKSOFT
[13/09/2004|19:24] C:\Program Files\Movie Maker
[30/04/2008|21:35] C:\Program Files\Mozilla Firefox
[01/01/2008|22:50] C:\Program Files\MSECache
[13/09/2004|19:22] C:\Program Files\MSN
[13/09/2004|19:23] C:\Program Files\MSN Gaming Zone
[19/08/2007|22:11] C:\Program Files\MSN Messenger
[03/12/2006|00:32] C:\Program Files\MSXML 4.0
[13/09/2004|19:24] C:\Program Files\NetMeeting
[01/01/2003|22:05] C:\Program Files\NewTech Infosystems
[19/04/2005|12:39] C:\Program Files\Norton AntiVirus
[10/02/2008|10:54] C:\Program Files\NRJ
[13/09/2004|19:23] C:\Program Files\Online Services
[06/03/2007|00:02] C:\Program Files\outlook
[13/09/2004|19:24] C:\Program Files\Outlook Express
[16/12/2006|14:15] C:\Program Files\Real
[27/05/2007|15:06] C:\Program Files\RM-X Player V4.2
[19/04/2005|12:27] C:\Program Files\S3Inc
[13/04/2007|22:38] C:\Program Files\Samsung
[17/11/2005|11:38] C:\Program Files\Satsuki Decoder Pack
[13/09/2004|19:25] C:\Program Files\Services en ligne
[14/01/2007|20:36] C:\Program Files\Snapfish-livrephoto
[24/05/2008|09:40] C:\Program Files\Spybot - Search & Destroy
[01/01/2003|21:53] C:\Program Files\Synaptics
[16/12/2007|17:40] C:\Program Files\Universalis
[16/08/2005|12:39] C:\Program Files\VDCodecPack1.3
[05/02/2006|19:01] C:\Program Files\VIA
[01/01/2003|21:53] C:\Program Files\VIAudioi
[12/05/2008|21:22] C:\Program Files\VideoLAN
[03/02/2008|14:22] C:\Program Files\VISUAL PLANNING 4.3
[12/10/2005|09:51] C:\Program Files\VSO
[22/08/2007|15:02] C:\Program Files\Windows Live
[10/12/2006|14:21] C:\Program Files\Windows Media Connect 2
[13/09/2004|19:23] C:\Program Files\Windows Media Player
[13/09/2004|19:22] C:\Program Files\Windows NT
[13/09/2004|19:25] C:\Program Files\WindowsUpdate
[13/09/2004|19:27] C:\Program Files\xerox
[01/05/2008|11:13] C:\Program Files\Xilisoft
[20/04/2006|10:17] C:\Program Files\Zero G Registry

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[19/04/2005|16:25] C:\Program Files\Fichiers communs\Adobe
[22/09/2007|22:17] C:\Program Files\Fichiers communs\BitDefender
[19/04/2005|13:13] C:\Program Files\Fichiers communs\DESIGNER
[04/07/2006|21:48] C:\Program Files\Fichiers communs\FDEUnInstaller.exe
[01/12/2006|20:03] C:\Program Files\Fichiers communs\Hewlett-Packard
[01/01/2003|21:51] C:\Program Files\Fichiers communs\InstallShield
[19/04/2005|14:54] C:\Program Files\Fichiers communs\Java
[13/09/2004|19:18] C:\Program Files\Fichiers communs\Microsoft Shared
[13/09/2004|19:24] C:\Program Files\Fichiers communs\MSSoap
[13/09/2004|19:18] C:\Program Files\Fichiers communs\ODBC
[16/12/2006|14:15] C:\Program Files\Fichiers communs\Real
[13/09/2004|19:24] C:\Program Files\Fichiers communs\Services
[13/09/2004|19:18] C:\Program Files\Fichiers communs\SpeechEngines
[20/04/2006|10:08] C:\Program Files\Fichiers communs\SWF Studio
[19/04/2005|12:39] C:\Program Files\Fichiers communs\Symantec Shared
[13/09/2004|19:24] C:\Program Files\Fichiers communs\System
[26/02/2006|15:33] C:\Program Files\Fichiers communs\Vbox
[02/03/2008|10:47] C:\Program Files\Fichiers communs\WindowsLiveInstaller

---------------------------[ Process ]--------------------------

... 37

iexplore.exe ~ [3128]
iexplore.exe ~ [3812]
iexplore.exe ~ [1420]
iexplore.exe ~ [2664]

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf
C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf\locks plus.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf\OWNS DALE.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf\Tick Data.exe
C:\DOCUME~1\TANDEM~1\APPLIC~1\gplsec~1
C:\DOCUME~1\INVIT\APPLIC~1\gplsec~1
C:\DOCUME~1\INVIT\APPLIC~1\gplsec~1\LONGLOVETITLE.exe
C:\DOCUME~1\INVIT\APPLIC~1\gplsec~1\rrehqgfx.exe
C:\DOCUME~1\INVIT\APPLIC~1\gplsec~1\view bolt junk build.exe
C:\DOCUME~1\INVIT\APPLIC~1\gplsec~1\anti proxy defy.exe
C:\DOCUME~1\EMILIEN\APPLIC~1\gplsec~1
C:\DOCUME~1\EMILIEN\APPLIC~1\gplsec~1\LONGLOVETITLE.exe
C:\DOCUME~1\EMILIEN\APPLIC~1\gplsec~1\ybcauvlf.exe
C:\DOCUME~1\EMILIEN\APPLIC~1\gplsec~1\view bolt junk build.exe
C:\DOCUME~1\EMILIEN\APPLIC~1\gplsec~1\anti proxy defy.exe
C:\DOCUME~1\EMILIEN\APPLIC~1\gplsec~1\gbusmtbr.exe
C:\DOCUME~1\EMILIEN\APPLIC~1\gplsec~1\pyvtxtat.exe
C:\Program Files\gplsec~1
C:\WINDOWS\Tasks\A9B332AA9148B226.job

----------------------[ Verification du Registre ]----------------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Proc Deaf Delete Peak"="C:\\Documents and Settings\\All Users\\Application Data\\file joy proc deaf\\Tick Data.exe"

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE


----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 21:41:02
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Solitaire.Pop [ISO + Crack).zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Winrar v 3 70 Beta 2 (Cracked).zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Mac Crack Attack 1.0.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Autocad 2007 Incl Crack.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Jedi Knight II Jedi Outcast Crack of Doom map .zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Commodore 64 Games (cracked and cheats).zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\WinZIP 11 02 PRO+Crack.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\SlySoft AnyDVD HD 6 1 3 0 final cracked By Punjab rar.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Access Password Cracker 1.0 build 20060201.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\RA Games - Ice Cream Tycoon + Crack {DanManInSane}.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\RAR Password Cracker 4.12.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Alcohol 120 v1 9 5 4327 Retail WinALL Cracked-BLiZZARD zip.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Limewire Pro 4 10 Cracked - BLiZZARD zip.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Titan Quest Immortal Throne NoDVD CRACK-Unleashed.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\SlySoft CloneCD v5 3 0 1 With Crack-BLiZZARD zip.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Diskeeper Corporation 2007 Pro Premier + crack rar.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Ultimate ZIP Cracker 7.3.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Windows VIsta Crack Finale.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Windows Vista Crack for all Versions + Updater.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Windows Vista Crack Ultimate AllVersion NEW REALLY WORK EASY.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\WinRar Lifetime KEY (no crack, all versions).zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Windows XP ALL Versions Crack.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Alcohol 120 v2 0 1 4212 Retail WinALL Cracked-BLiZZARD.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\SpywareDoctor v 4 0 0 2613 With Crack-BLaCkLitE zip.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\PowerIso 3 3 With Crack-BLaCkLitE zip.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Limewire Pro 4 10 Cracked-BLaCkLitE zip.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\PalmCrack 1.1.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Registry Repair Wizard 2007 4 52 + crack.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\DVD and CD Cover Print v3 4 2 WinAll Cracked-BRD[www.NeMeSYZ.com].zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Bigfish Games - Peggle + Crack {DanManInSane}.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\L0phtCrack LC5 v5 04 3586606 TPB.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Alcohol 120 v1 9 5 4327 Retail + Crack By Odiliada.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\The Elder Scrolls IV Oblivion + NoDVD Crack.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Windows Vista Crack.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\[Demonoid com]-Microsoft Windows XP Media Center Edition 2005 Activation crack.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Vista Ultimate Crack (PatchUnlock) 100% works.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Microsoft Windows Vista RTM PROPER Activation Crack-ReeBSaW rar.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Winrar 3 70 + Crack.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Adobe Acrobat 8 Professional FULL DVD Incl CRACK.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Webroot Spy Sweeper v5.3.2 Build 2361 [ENG][+crack].zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Windows Vista All Versions x86 x64 Final Best Crack-VanVan zip.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Microsoft Windows Vista Ultimate X86 (c) Microsoft KEYGEN + NOACTIVATION.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Microsoft Office 2007 keygen.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\anapod 9 0 with keygen rar.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\diablo2 duper+keygen+maphack+d2hackit rar.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Cyberlink PowerDVD Ultra Deluxe v7 3 Multilingual Incl Keygen-ViRiLiTY.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Windows Vista Keygen.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\SlySoft AnyDVD HD v6 1 3 0 WinALL Keygen and Patch Only.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Alcohol 120% 1 9 6 4629 Retail With Activator+Keygen-BLiZZARD zip.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Winamp v5 33 x86 Professionall Build 13 02 2007 + Keygen.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Cyberlink PowerDVD Ultra Deluxe v7 3 Multilingual Incl Keygen-ViRiLiTY www.NEWTORRENTS.info .zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\BS Player Pro v2 12 942 Pro + Keygen.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Winamp 5 33 Pro + Keygen - [www slotorrent net].zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\System Mechanic 7 Pro + Keygen.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Registry Mechanic 6 0 + Keygen.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Webroot Spy Sweeper v5 3 1 2344 Plus Keygen-BLiZZARD.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Hide IP Platnium 3 31 + Keygen.zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\ACDSee Photo Manager v9.0 Build 108 [ENG][+keygen].zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\Keygenerator pentru Microsoft Office 2007(httptorrents c-net ro).zip
=> C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete\WinAVI Video Converter 7 7 + Keygen [www.andrew-fu.net].zip


[F:108][D:26]-> C:\DOCUME~1\TANDEM~1\LOCALS~1\Temp
[F:33][D:0]-> C:\DOCUME~1\TANDEM~1\Cookies
[F:385][D:6]-> C:\DOCUME~1\TANDEM~1\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled

--------------------[ Fin du rapport a 21:42:01.59 ]----------------------

Re,

Sélectionne entièrement l'encadré ci-dessous , puis clique droit Copier



Relance Lop S&D

Choisis cette fois ci l'Option 4 (LopScript)

Une page blanche va s'ouvrir , clique droit dessus et choisis Coller

Ferme la page , il te sera demandé de l'enregistrer , clique sur [Enregistrer]

Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré (C:\lopR.txt)

Voici le rapport


-----------------------[ Lop S&D 4.2.0-9 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : TANDEM POUR L'ECOLE ] [ "C:\Lop SD" ] [ Selection : 4 ]
[ 06/06/2008 | 21:58:51.50 ] [ PC : TANDEM ]
[ MAJ : 16-05-2008 | 23:35 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ LopScript //////////////////////////////////

C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete

Supprimé! - C:\Documents and Settings\TANDEM POUR L'ECOLE\Complete

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf\locks plus.exe
Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf\OWNS DALE.exe
Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf\Tick Data.exe
Supprimé! - C:\DOCUME~1\INVIT\APPLIC~1\gplsec~1\LONGLOVETITLE.exe
Supprimé! - C:\DOCUME~1\INVIT\APPLIC~1\gplsec~1\rrehqgfx.exe
Supprimé! - C:\DOCUME~1\INVIT\APPLIC~1\gplsec~1\view bolt junk build.exe
Supprimé! - C:\DOCUME~1\INVIT\APPLIC~1\gplsec~1\anti proxy defy.exe
Supprimé! - C:\DOCUME~1\EMILIEN\APPLIC~1\gplsec~1\LONGLOVETITLE.exe
Supprimé! - C:\DOCUME~1\EMILIEN\APPLIC~1\gplsec~1\ybcauvlf.exe
Supprimé! - C:\DOCUME~1\EMILIEN\APPLIC~1\gplsec~1\view bolt junk build.exe
Supprimé! - C:\DOCUME~1\EMILIEN\APPLIC~1\gplsec~1\anti proxy defy.exe
Supprimé! - C:\DOCUME~1\EMILIEN\APPLIC~1\gplsec~1\gbusmtbr.exe
Supprimé! - C:\DOCUME~1\EMILIEN\APPLIC~1\gplsec~1\pyvtxtat.exe
Supprimé! - C:\WINDOWS\Tasks\A9B332AA9148B226.job
Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf
Supprimé! - C:\DOCUME~1\TANDEM~1\APPLIC~1\gplsec~1
Supprimé! - C:\DOCUME~1\INVIT\APPLIC~1\gplsec~1
Supprimé! - C:\DOCUME~1\EMILIEN\APPLIC~1\gplsec~1
Supprimé! - C:\Program Files\gplsec~1

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


-------------[ Listing des dossiers dans Application Data ]------------

[01/01/2003|22:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[13/09/2004|19:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[16/12/2006|14:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[01/12/2006|20:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[20/04/2008|20:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
[16/12/2007|17:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Link Data Security
[13/09/2004|19:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[17/11/2005|11:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[02/05/2008|18:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[09/03/2008|19:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Snapfish Livres de photo
[01/12/2006|20:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[24/05/2008|09:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[19/04/2005|12:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[16/12/2007|17:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UniversalisV12
[07/07/2006|13:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[22/08/2007|15:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
[22/08/2007|15:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[13/09/2004|19:17] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[13/06/2006|17:14] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

[13/09/2004|19:17] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[17/10/2006|21:52] C:\DOCUME~1\TANDEM~1\APPLIC~1\3M
[19/04/2005|16:25] C:\DOCUME~1\TANDEM~1\APPLIC~1\Adobe
[19/04/2005|16:51] C:\DOCUME~1\TANDEM~1\APPLIC~1\AdobeUM
[31/05/2005|18:26] C:\DOCUME~1\TANDEM~1\APPLIC~1\Apple Computer
[17/10/2005|16:53] C:\DOCUME~1\TANDEM~1\APPLIC~1\CopyToDvd
[21/05/2005|14:00] C:\DOCUME~1\TANDEM~1\APPLIC~1\CyberLink
[13/09/2004|19:17] C:\DOCUME~1\TANDEM~1\APPLIC~1\desktop.ini
[29/08/2006|12:11] C:\DOCUME~1\TANDEM~1\APPLIC~1\ezpinst.exe
[02/09/2006|23:27] C:\DOCUME~1\TANDEM~1\APPLIC~1\Google
[10/12/2006|13:56] C:\DOCUME~1\TANDEM~1\APPLIC~1\Help
[01/12/2006|20:14] C:\DOCUME~1\TANDEM~1\APPLIC~1\HP
[13/09/2004|19:31] C:\DOCUME~1\TANDEM~1\APPLIC~1\Identities
[23/09/2007|01:02] C:\DOCUME~1\TANDEM~1\APPLIC~1\internaldb41.dat
[23/09/2007|01:03] C:\DOCUME~1\TANDEM~1\APPLIC~1\internaldb6334.dat
[23/09/2007|00:54] C:\DOCUME~1\TANDEM~1\APPLIC~1\internaldb8467.dat
[27/07/2005|15:17] C:\DOCUME~1\TANDEM~1\APPLIC~1\Lavasoft
[31/08/2005|20:22] C:\DOCUME~1\TANDEM~1\APPLIC~1\Leadertech
[02/05/2008|00:06] C:\DOCUME~1\TANDEM~1\APPLIC~1\LimeWire
[19/04/2005|13:31] C:\DOCUME~1\TANDEM~1\APPLIC~1\Macromedia
[17/11/2005|11:46] C:\DOCUME~1\TANDEM~1\APPLIC~1\Media Player Classic
[13/09/2004|19:17] C:\DOCUME~1\TANDEM~1\APPLIC~1\Microsoft
[16/12/2007|18:00] C:\DOCUME~1\TANDEM~1\APPLIC~1\Mozilla
[30/04/2005|23:24] C:\DOCUME~1\TANDEM~1\APPLIC~1\MSNInstaller
[29/08/2006|12:11] C:\DOCUME~1\TANDEM~1\APPLIC~1\pcouffin.cat
[29/08/2006|12:11] C:\DOCUME~1\TANDEM~1\APPLIC~1\pcouffin.inf
[29/08/2006|12:12] C:\DOCUME~1\TANDEM~1\APPLIC~1\pcouffin.log
[29/08/2006|12:11] C:\DOCUME~1\TANDEM~1\APPLIC~1\pcouffin.sys
[16/12/2006|14:14] C:\DOCUME~1\TANDEM~1\APPLIC~1\Real
[02/05/2008|18:56] C:\DOCUME~1\TANDEM~1\APPLIC~1\skypePM
[03/01/2007|13:46] C:\DOCUME~1\TANDEM~1\APPLIC~1\Snapfish
[19/04/2005|15:00] C:\DOCUME~1\TANDEM~1\APPLIC~1\Sun
[19/04/2005|12:39] C:\DOCUME~1\TANDEM~1\APPLIC~1\Symantec
[16/12/2007|18:00] C:\DOCUME~1\TANDEM~1\APPLIC~1\Universalis V12
[12/05/2008|22:19] C:\DOCUME~1\TANDEM~1\APPLIC~1\vlc
[09/04/2006|17:33] C:\DOCUME~1\TANDEM~1\APPLIC~1\Vso
[09/12/2006|11:08] C:\DOCUME~1\TANDEM~1\APPLIC~1\XTND_BTUIObjects

[22/10/2006|15:28] C:\DOCUME~1\INVIT\APPLIC~1\3M
[20/08/2007|22:20] C:\DOCUME~1\INVIT\APPLIC~1\Adobe
[13/09/2004|19:17] C:\DOCUME~1\INVIT\APPLIC~1\desktop.ini
[16/12/2006|15:36] C:\DOCUME~1\INVIT\APPLIC~1\Google
[09/12/2006|17:03] C:\DOCUME~1\INVIT\APPLIC~1\HP
[13/09/2004|19:31] C:\DOCUME~1\INVIT\APPLIC~1\Identities
[06/10/2006|19:21] C:\DOCUME~1\INVIT\APPLIC~1\Macromedia
[28/12/2007|10:44] C:\DOCUME~1\INVIT\APPLIC~1\Media Player Classic
[13/09/2004|19:17] C:\DOCUME~1\INVIT\APPLIC~1\Microsoft
[30/04/2008|21:36] C:\DOCUME~1\INVIT\APPLIC~1\Mozilla
[16/12/2006|15:32] C:\DOCUME~1\INVIT\APPLIC~1\Real
[24/05/2007|15:45] C:\DOCUME~1\INVIT\APPLIC~1\Sun
[24/05/2008|22:21] C:\DOCUME~1\INVIT\APPLIC~1\vlc

[30/04/2008|22:28] C:\DOCUME~1\EMILIEN\APPLIC~1\Adobe
[13/09/2004|19:17] C:\DOCUME~1\EMILIEN\APPLIC~1\desktop.ini
[30/04/2008|22:34] C:\DOCUME~1\EMILIEN\APPLIC~1\EoRezo
[13/09/2004|19:31] C:\DOCUME~1\EMILIEN\APPLIC~1\Identities
[30/04/2008|22:31] C:\DOCUME~1\EMILIEN\APPLIC~1\Macromedia
[13/09/2004|19:17] C:\DOCUME~1\EMILIEN\APPLIC~1\Microsoft
[30/04/2008|22:44] C:\DOCUME~1\EMILIEN\APPLIC~1\Mozilla
[04/06/2008|13:49] C:\DOCUME~1\EMILIEN\APPLIC~1\Sun
[14/05/2008|14:48] C:\DOCUME~1\EMILIEN\APPLIC~1\vlc


----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[23/09/2007 01:04][--ah-----] C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
[06/06/2008 21:04][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[28/12/2007|10:42] C:\Program Files\7-Zip
[01/01/2003|22:02] C:\Program Files\Acer Inc
[01/01/2003|22:07] C:\Program Files\Adobe
[06/01/2008|21:21] C:\Program Files\Alwil Software
[01/01/2003|21:51] C:\Program Files\AMD
[28/02/2006|09:38] C:\Program Files\ColiPoste
[13/09/2004|19:23] C:\Program Files\ComPlus Applications
[07/09/2007|17:27] C:\Program Files\Cyanide
[01/01/2003|22:04] C:\Program Files\CyberLink
[01/11/2005|15:31] C:\Program Files\DAP
[30/04/2008|22:34] C:\Program Files\EoRezo
[09/12/2006|11:01] C:\Program Files\Extended Systems
[13/09/2004|19:18] C:\Program Files\Fichiers communs
[20/04/2006|10:10] C:\Program Files\Hewlett-Packard
[01/12/2006|19:58] C:\Program Files\HP
[13/09/2004|19:24] C:\Program Files\Internet Explorer
[04/07/2006|21:47] C:\Program Files\Inventel
[30/04/2008|22:36] C:\Program Files\ItsLabel
[19/04/2005|14:57] C:\Program Files\Java
[01/01/2003|21:59] C:\Program Files\Launch Manager
[01/01/2003|22:06] C:\Program Files\Ligos
[24/02/2007|13:42] C:\Program Files\LimeWire
[19/04/2005|12:29] C:\Program Files\ltmoh
[26/02/2006|22:39] C:\Program Files\Macrogaming
[13/04/2007|22:38] C:\Program Files\MarkAny
[13/09/2004|19:23] C:\Program Files\Messenger
[23/08/2007|23:17] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[20/02/2007|20:45] C:\Program Files\Microsoft Carioca
[13/09/2004|19:26] C:\Program Files\microsoft frontpage
[22/09/2007|21:47] C:\Program Files\Microsoft IntelliPoint
[19/04/2005|13:12] C:\Program Files\Microsoft Office
[19/07/2005|10:03] C:\Program Files\Microsoft Works
[01/11/2007|15:17] C:\Program Files\MIKSOFT
[13/09/2004|19:24] C:\Program Files\Movie Maker
[30/04/2008|21:35] C:\Program Files\Mozilla Firefox
[01/01/2008|22:50] C:\Program Files\MSECache
[13/09/2004|19:22] C:\Program Files\MSN
[13/09/2004|19:23] C:\Program Files\MSN Gaming Zone
[19/08/2007|22:11] C:\Program Files\MSN Messenger
[03/12/2006|00:32] C:\Program Files\MSXML 4.0
[13/09/2004|19:24] C:\Program Files\NetMeeting
[01/01/2003|22:05] C:\Program Files\NewTech Infosystems
[19/04/2005|12:39] C:\Program Files\Norton AntiVirus
[10/02/2008|10:54] C:\Program Files\NRJ
[13/09/2004|19:23] C:\Program Files\Online Services
[06/03/2007|00:02] C:\Program Files\outlook
[13/09/2004|19:24] C:\Program Files\Outlook Express
[16/12/2006|14:15] C:\Program Files\Real
[27/05/2007|15:06] C:\Program Files\RM-X Player V4.2
[19/04/2005|12:27] C:\Program Files\S3Inc
[13/04/2007|22:38] C:\Program Files\Samsung
[17/11/2005|11:38] C:\Program Files\Satsuki Decoder Pack
[13/09/2004|19:25] C:\Program Files\Services en ligne
[14/01/2007|20:36] C:\Program Files\Snapfish-livrephoto
[24/05/2008|09:40] C:\Program Files\Spybot - Search & Destroy
[01/01/2003|21:53] C:\Program Files\Synaptics
[16/12/2007|17:40] C:\Program Files\Universalis
[16/08/2005|12:39] C:\Program Files\VDCodecPack1.3
[05/02/2006|19:01] C:\Program Files\VIA
[01/01/2003|21:53] C:\Program Files\VIAudioi
[12/05/2008|21:22] C:\Program Files\VideoLAN
[03/02/2008|14:22] C:\Program Files\VISUAL PLANNING 4.3
[12/10/2005|09:51] C:\Program Files\VSO
[22/08/2007|15:02] C:\Program Files\Windows Live
[10/12/2006|14:21] C:\Program Files\Windows Media Connect 2
[13/09/2004|19:23] C:\Program Files\Windows Media Player
[13/09/2004|19:22] C:\Program Files\Windows NT
[13/09/2004|19:25] C:\Program Files\WindowsUpdate
[13/09/2004|19:27] C:\Program Files\xerox
[01/05/2008|11:13] C:\Program Files\Xilisoft
[20/04/2006|10:17] C:\Program Files\Zero G Registry

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[19/04/2005|16:25] C:\Program Files\Fichiers communs\Adobe
[22/09/2007|22:17] C:\Program Files\Fichiers communs\BitDefender
[19/04/2005|13:13] C:\Program Files\Fichiers communs\DESIGNER
[04/07/2006|21:48] C:\Program Files\Fichiers communs\FDEUnInstaller.exe
[01/12/2006|20:03] C:\Program Files\Fichiers communs\Hewlett-Packard
[01/01/2003|21:51] C:\Program Files\Fichiers communs\InstallShield
[19/04/2005|14:54] C:\Program Files\Fichiers communs\Java
[13/09/2004|19:18] C:\Program Files\Fichiers communs\Microsoft Shared
[13/09/2004|19:24] C:\Program Files\Fichiers communs\MSSoap
[13/09/2004|19:18] C:\Program Files\Fichiers communs\ODBC
[16/12/2006|14:15] C:\Program Files\Fichiers communs\Real
[13/09/2004|19:24] C:\Program Files\Fichiers communs\Services
[13/09/2004|19:18] C:\Program Files\Fichiers communs\SpeechEngines
[20/04/2006|10:08] C:\Program Files\Fichiers communs\SWF Studio
[19/04/2005|12:39] C:\Program Files\Fichiers communs\Symantec Shared
[13/09/2004|19:24] C:\Program Files\Fichiers communs\System
[26/02/2006|15:33] C:\Program Files\Fichiers communs\Vbox
[02/03/2008|10:47] C:\Program Files\Fichiers communs\WindowsLiveInstaller

---------------------------[ Process ]--------------------------

... 27

... OK !

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

Aucun fichier / dossier Lop trouvé !

----------------------[ Verification du Registre ]----------------------

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE


----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 22:07:33
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------


Aucune autre infection trouvée !

[F:117][D:26]-> C:\DOCUME~1\TANDEM~1\LOCALS~1\Temp
[F:55][D:0]-> C:\DOCUME~1\TANDEM~1\Cookies
[F:1008][D:6]-> C:\DOCUME~1\TANDEM~1\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled

--------------------[ Fin du rapport a 22:08:16.96 ]----------------------

Re,

Sélectionne l’intégralité du cadre ci-dessous :

Copie/colle le dans le Bloc-notes (Démarrer\Tous les programmes\Accessoires\Bloc-notes.)
Enregistre le sous sur ton Bureau sous le nom de Correction.bat
Double-clique dessus. Poste le rapport généré (si présent).

Voici le rapport, merci de l aide

Le volume dans le lecteur C s'appelle ACER
Le num‚ro de s‚rie du volume est 0A2A-1AD4

R‚pertoire de C:\DOCUME~1\ALLUSE~1\APPLIC~1\Link Data Security

16/12/2007 17:59 <REP> .
16/12/2007 17:59 <REP> ..
16/12/2007 17:59 <REP> ENCYCUNI_DVDEUV12110906
0 fichier(s) 0 octets

R‚pertoire de C:\DOCUME~1\ALLUSE~1\APPLIC~1\Link Data Security\ENCYCUNI_DVDEUV12110906

16/12/2007 17:59 <REP> .
16/12/2007 17:59 <REP> ..
16/12/2007 17:59 256 settings.bin
1 fichier(s) 256 octets

Total des fichiers list‚sÿ:
1 fichier(s) 256 octets
5 R‚p(s) 979ÿ517ÿ440 octets libres

Re,

Supprime ce dossier.

Poste un nouveau rapport HijackThis.

Je ne sais pas coment supprimer le fichier dont tu parles.
Voici quand meme mon rapport

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:43, on 07/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RavMonE.exe
C:\WINDOWS\system32\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\TANDEM POUR L'ECOLE\Mes documents\Téléchargement\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33568
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\RavMonE.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fnacphoto.com/ECTelechargement/Origma/ImageU...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://privateannazouette.spaces.live.com/PhotoUpload/M...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5173 bytes

Re,

Télécharge ComboFix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)

Double clique sur ComboFix.exe.

Accepte la licence en cliquant sur Oui.

Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

Aide : Comment utiliser ComboFix.

Encore merci pour l'aide, déjà j'ai l'impression de ne plus avoir de fenetre de pub msn qui appariassent mais je tu peux m aider a nettoyer encore plus mon pc, c est cool
Voici le rapport combofix

ComboFix 08-06-07.1 - TANDEM POUR L'ECOLE 2008-06-07 20:07:18.1 - FAT32x86
Endroit: C:\Documents and Settings\TANDEM POUR L'ECOLE\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Invité\ravmonlog
C:\Documents and Settings\TANDEM POUR L'ECOLE\Application Data\macromedia\Flash Player\#SharedObjects\5WMQ3K3F\www.broadcaster.com
C:\Documents and Settings\TANDEM POUR L'ECOLE\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\TANDEM POUR L'ECOLE\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\outlook
C:\Program Files\outlook\p.zip
C:\WINDOWS\ravmone.exe
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\Temp\log.txt

.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-07 to 2008-06-07 ))))))))))))))))))))))))))))))))))))
.

2008-06-02 19:10 . 2008-06-02 19:10 <REP> d--hs---- C:\FOUND.000
2008-05-31 14:07 . 2008-05-31 14:07 <REP> d-------- C:\Documents and Settings\Default User
2008-05-25 11:45 . 2008-05-25 11:45 <REP> d-------- C:\Lop SD
2008-05-24 22:21 . 2008-05-24 22:21 <REP> d-------- C:\Documents and Settings\Invité\Application Data\vlc
2008-05-24 09:39 . 2008-05-24 09:40 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-24 09:39 . 2008-05-24 09:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-14 14:48 . 2008-05-14 14:48 <REP> d-------- C:\Documents and Settings\Emilien\Application Data\vlc
2008-05-12 22:19 . 2008-05-12 22:19 <REP> d-------- C:\Documents and Settings\TANDEM POUR L'ECOLE\Application Data\vlc
2008-05-12 21:22 . 2008-05-12 21:22 <REP> d-------- C:\Program Files\VideoLAN

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 18:43 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-02 16:56 --------- d-----w C:\Documents and Settings\TANDEM POUR L'ECOLE\Application Data\skypePM
2008-05-02 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-05-01 22:06 --------- d-----w C:\Documents and Settings\TANDEM POUR L'ECOLE\Application Data\LimeWire
2008-05-01 09:13 --------- d-----w C:\Program Files\Xilisoft
2008-04-30 20:36 --------- d-----w C:\Program Files\ItsLabel
2008-04-30 20:34 --------- d-----w C:\Program Files\EoRezo
2008-04-30 20:34 --------- d-----w C:\Documents and Settings\Emilien\Application Data\EoRezo
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2007-09-22 23:03 384 ----a-w C:\Documents and Settings\TANDEM POUR L'ECOLE\Application Data\internaldb6334.dat
2007-09-22 23:02 18,432 ----a-w C:\Documents and Settings\TANDEM POUR L'ECOLE\Application Data\internaldb41.dat
2007-09-22 22:54 212 ----a-w C:\Documents and Settings\TANDEM POUR L'ECOLE\Application Data\internaldb8467.dat
2006-08-29 10:11 81,920 ----a-w C:\Documents and Settings\TANDEM POUR L'ECOLE\Application Data\ezpinst.exe
2006-08-29 10:11 47,360 ----a-w C:\Documents and Settings\TANDEM POUR L'ECOLE\Application Data\pcouffin.sys
2006-07-04 19:48 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2005-11-17 11:38 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= STV680tg.dll
"VIDC.VP40"= vp4vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\System32\\muzapp.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16673:TCP"= 16673:TCP:NortonAV
"17482:TCP"= 17482:TCP:NortonAV
"18859:TCP"= 18859:TCP:NortonAV
"17261:TCP"= 17261:TCP:NortonAV
"12597:TCP"= 12597:TCP:NortonAV
"18656:TCP"= 18656:TCP:NortonAV
"17632:TCP"= 17632:TCP:NortonAV
"16322:TCP"= 16322:TCP:NortonAV
"16248:TCP"= 16248:TCP:NortonAV
"13189:TCP"= 13189:TCP:NortonAV
"13329:TCP"= 13329:TCP:NortonAV
"17156:TCP"= 17156:TCP:NortonAV
"16345:TCP"= 16345:TCP:NortonAV
"13606:TCP"= 13606:TCP:NortonAV
"18309:TCP"= 18309:TCP:NortonAV
"12222:TCP"= 12222:TCP:NortonAV
"15586:TCP"= 15586:TCP:NortonAV
"16315:TCP"= 16315:TCP:NortonAV
"15176:TCP"= 15176:TCP:NortonAV
"12594:TCP"= 12594:TCP:NortonAV
"14009:TCP"= 14009:TCP:NortonAV
"12553:TCP"= 12553:TCP:NortonAV
"16147:TCP"= 16147:TCP:NortonAV
"16952:TCP"= 16952:TCP:NortonAV
"17335:TCP"= 17335:TCP:NortonAV
"14451:TCP"= 14451:TCP:NortonAV
"12166:TCP"= 12166:TCP:NortonAV
"17708:TCP"= 17708:TCP:NortonAV
"16731:TCP"= 16731:TCP:NortonAV
"13789:TCP"= 13789:TCP:NortonAV
"17507:TCP"= 17507:TCP:NortonAV
"16660:TCP"= 16660:TCP:NortonAV
"16699:TCP"= 16699:TCP:NortonAV
"12184:TCP"= 12184:TCP:NortonAV
"18074:TCP"= 18074:TCP:NortonAV
"12499:TCP"= 12499:TCP:NortonAV
"18411:TCP"= 18411:TCP:NortonAV
"18379:TCP"= 18379:TCP:NortonAV
"18124:TCP"= 18124:TCP:NortonAV
"16747:TCP"= 16747:TCP:NortonAV
"13462:TCP"= 13462:TCP:NortonAV
"12804:TCP"= 12804:TCP:NortonAV
"17134:TCP"= 17134:TCP:NortonAV
"14793:TCP"= 14793:TCP:NortonAV
"12536:TCP"= 12536:TCP:NortonAV

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
R3 IPN2220;acer IPN2220 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys [2004-03-29 17:23]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
S3 BTCOMM;BTCOMM;C:\WINDOWS\system32\drivers\Btcomm.sys []
S3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys []
S3 CSRBC01;%CSRBC01.SvcDesc%;C:\WINDOWS\system32\Drivers\csrbc01.sys []
S3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\system32\drivers\vadmulti.sys []

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-09-22 23:04:28 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 20:12:19
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-06-07 20:14:16
ComboFix-quarantined-files.txt 2008-06-07 18:14:14

Pre-Run: 836,665,344 octets libres
Post-Run: 1,496,940,544 octets libres

164 --- E O F --- 2008-04-24 14:48:08

Re,

Désinstalle via Ajout/Suppression de Programmes (si présents) :

Eorezo & co

- Poste de travail/outils/option des dossiers/affichage/afficher les fichiers et dossiers cachés/Appliquer - - > OK
- Poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d’exploitation./Appliquer - - > OK

Tu recocheras après.

Puis supprime les dossiers correspondants :

Dans Programfiles

Dans Programfiles\Fichiers communs

Dans %allusersprofile%\application data
( XP -> C:\Documents and Settings\All users\Application Data,
Vista -> C:\Users\ton nom\appdata\roaming)

Etc ... (Tu peux rechercher les dossiers à supprimer par une recherche Windows [Démarrer\rechercher])

Télécharge Ccleaner sur ton Bureau.

Clique sur "download the latest version"

Installe-le en laissant seulement les options suivantes cochées :
- Ajouter un raccourci sur le Bureau
- Contrôler automatiquement les mises à jour de CCleaner

Lance le Nettoyage

Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.

Aide : Comment utiliser CCleaner.

*******

Sélectionne l'intégralité du cadre ci-dessous :

Collect::
C:\StubInstaller.exe


Folder::
C:\Program Files\EoRezo
C:\FOUND.000

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\StubInstaller.exe"=-
"C:\\WINDOWS\\System32\\muzapp.exe"=-

Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport ComboFix.txt.
S'il n'y a pas de rédémarrage, poste quand même le rapport.

Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)

Enregistre le sous sur ton bureau sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

Cela va relancer Combofix. Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.

Bonjour
Je n ai pas pu supprimer eorezo co par ajout suppression programme mais je l ai fait par programm files, j espere que c bon
Pour les autres imposs de supprimer fichier commun et application data
Pour le reste j ai suivi la procédure et voici le rapport combofix :

ComboFix 08-06-07.1 - TANDEM POUR L'ECOLE 2008-06-09 22:35:29.2 - FAT32x86
Endroit: C:\Documents and Settings\TANDEM POUR L'ECOLE\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\TANDEM POUR L'ECOLE\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\FOUND.000
C:\FOUND.000\FILE0000.CHK
C:\FOUND.000\FILE0001.CHK
C:\FOUND.000\FILE0002.CHK
C:\FOUND.000\FILE0003.CHK
C:\FOUND.000\FILE0004.CHK
C:\FOUND.000\FILE0005.CHK
C:\FOUND.000\FILE0006.CHK
C:\FOUND.000\FILE0007.CHK
C:\FOUND.000\FILE0008.CHK
C:\FOUND.000\FILE0009.CHK
C:\FOUND.000\FILE0010.CHK
C:\FOUND.000\FILE0011.CHK
C:\FOUND.000\FILE0012.CHK
C:\FOUND.000\FILE0013.CHK
C:\FOUND.000\FILE0014.CHK
C:\FOUND.000\FILE0015.CHK
C:\FOUND.000\FILE0016.CHK
C:\FOUND.000\FILE0017.CHK
C:\FOUND.000\FILE0018.CHK
C:\FOUND.000\FILE0019.CHK
C:\StubInstaller.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-09 to 2008-06-09 ))))))))))))))))))))))))))))))))))))
.

2008-06-09 22:21 . 2008-06-09 22:21 <REP> d-------- C:\Program Files\Yahoo!
2008-06-09 22:21 . 2008-06-09 22:21 <REP> d-------- C:\Program Files\CCleaner
2008-05-31 14:07 . 2008-05-31 14:07 <REP> d-------- C:\Documents and Settings\Default User
2008-05-25 11:45 . 2008-05-25 11:45 <REP> d-------- C:\Lop SD
2008-05-24 22:21 . 2008-05-24 22:21 <REP> d-------- C:\Documents and Settings\Invité\Application Data\vlc
2008-05-24 09:39 . 2008-05-24 09:40 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-24 09:39 . 2008-05-24 09:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-14 14:48 . 2008-05-14 14:48 <REP> d-------- C:\Documents and Settings\Emilien\Application Data\vlc
2008-05-12 22:19 . 2008-05-12 22:19 <REP> d-------- C:\Documents and Settings\TANDEM POUR L'ECOLE\Application Data\vlc
2008-05-12 21:22 . 2008-05-12 21:22 <REP> d-------- C:\Program Files\VideoLAN

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 18:43 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-02 16:56 --------- d-----w C:\Documents and Settings\TANDEM POUR L'ECOLE\Application Data\skypePM
2008-05-02 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-05-01 22:06 --------- d-----w C:\Documents and Settings\TANDEM POUR L'ECOLE\Application Data\LimeWire
2008-05-01 09:13 --------- d-----w C:\Program Files\Xilisoft
2008-04-30 20:36 --------- d-----w C:\Program Files\ItsLabel
2008-04-30 20:34 --------- d-----w C:\Documents and Settings\Emilien\Application Data\EoRezo
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2007-09-22 23:03 384 ----a-w C:\Documents and Settings\TANDEM POUR L'ECOLE\Application Data\internaldb6334.dat
2007-09-22 23:02 18,432 ----a-w C:\Documents and Settings\TANDEM POUR L'ECOLE\Application Data\internaldb41.dat
2007-09-22 22:54 212 ----a-w C:\Documents and Settings\TANDEM POUR L'ECOLE\Application Data\internaldb8467.dat
2006-08-29 10:11 81,920 ----a-w C:\Documents and Settings\TANDEM POUR L'ECOLE\Application Data\ezpinst.exe
2006-08-29 10:11 47,360 ----a-w C:\Documents and Settings\TANDEM POUR L'ECOLE\Application Data\pcouffin.sys
2006-07-04 19:48 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((( snapshot@2008-06-07_20.14.00.78 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-07 08:14:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-09 16:56:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2005-11-17 11:38 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= STV680tg.dll
"VIDC.VP40"= vp4vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16673:TCP"= 16673:TCP:NortonAV
"17482:TCP"= 17482:TCP:NortonAV
"18859:TCP"= 18859:TCP:NortonAV
"17261:TCP"= 17261:TCP:NortonAV
"12597:TCP"= 12597:TCP:NortonAV
"18656:TCP"= 18656:TCP:NortonAV
"17632:TCP"= 17632:TCP:NortonAV
"16322:TCP"= 16322:TCP:NortonAV
"16248:TCP"= 16248:TCP:NortonAV
"13189:TCP"= 13189:TCP:NortonAV
"13329:TCP"= 13329:TCP:NortonAV
"17156:TCP"= 17156:TCP:NortonAV
"16345:TCP"= 16345:TCP:NortonAV
"13606:TCP"= 13606:TCP:NortonAV
"18309:TCP"= 18309:TCP:NortonAV
"12222:TCP"= 12222:TCP:NortonAV
"15586:TCP"= 15586:TCP:NortonAV
"16315:TCP"= 16315:TCP:NortonAV
"15176:TCP"= 15176:TCP:NortonAV
"12594:TCP"= 12594:TCP:NortonAV
"14009:TCP"= 14009:TCP:NortonAV
"12553:TCP"= 12553:TCP:NortonAV
"16147:TCP"= 16147:TCP:NortonAV
"16952:TCP"= 16952:TCP:NortonAV
"17335:TCP"= 17335:TCP:NortonAV
"14451:TCP"= 14451:TCP:NortonAV
"12166:TCP"= 12166:TCP:NortonAV
"17708:TCP"= 17708:TCP:NortonAV
"16731:TCP"= 16731:TCP:NortonAV
"13789:TCP"= 13789:TCP:NortonAV
"17507:TCP"= 17507:TCP:NortonAV
"16660:TCP"= 16660:TCP:NortonAV
"16699:TCP"= 16699:TCP:NortonAV
"12184:TCP"= 12184:TCP:NortonAV
"18074:TCP"= 18074:TCP:NortonAV
"12499:TCP"= 12499:TCP:NortonAV
"18411:TCP"= 18411:TCP:NortonAV
"18379:TCP"= 18379:TCP:NortonAV
"18124:TCP"= 18124:TCP:NortonAV
"16747:TCP"= 16747:TCP:NortonAV
"13462:TCP"= 13462:TCP:NortonAV
"12804:TCP"= 12804:TCP:NortonAV
"17134:TCP"= 17134:TCP:NortonAV
"14793:TCP"= 14793:TCP:NortonAV
"12536:TCP"= 12536:TCP:NortonAV

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
R3 IPN2220;acer IPN2220 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys [2004-03-29 17:23]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
S3 BTCOMM;BTCOMM;C:\WINDOWS\system32\drivers\Btcomm.sys []
S3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys []
S3 CSRBC01;%CSRBC01.SvcDesc%;C:\WINDOWS\system32\Drivers\csrbc01.sys []
S3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\system32\drivers\vadmulti.sys []

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-09-22 23:04:28 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 22:39:45
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-06-09 22:41:36
ComboFix-quarantined-files.txt 2008-06-09 20:41:32
ComboFix2.txt 2008-06-07 18:14:18

Pre-Run: 1,485,914,112 octets libres
Post-Run: 1,485,668,352 octets libres

175 --- E O F --- 2008-04-24 14:48:08

Poste un nouveau rapport HJT  

Voila le rapport HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:11, on 10/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\TANDEM POUR L'ECOLE\Mes documents\Téléchargement\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33568
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fnacphoto.com/ECTelechargement/Origma/ImageU...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://privateannazouette.spaces.live.com/PhotoUpload/M...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5403 bytes

Re,

Télécharge Clean (de Malekal) sur ton Bureau.

Dézippe le sur ton Bureau. Double-clic sur le dossier Clean qui vient d'apparaître.

Double-clic sur Clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.

Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.

Poste le rapport qui se trouve ici : C:\rapport_clean.txt

Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.

Aide : Comment utiliser Clean.

*******

Télécharge MalwareByte's Anti-Malware sur ton Bureau.

Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées :
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.

REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

[#FF0000]Aide : Comment utiliser MBAM.

**********

Télécharge Ccleaner sur ton Bureau.

Clique sur "download the latest version"

Installe-le en laissant seulement les options suivantes cochées :
- Ajouter un raccourci sur le Bureau
- Contrôler automatiquement les mises à jour de CCleaner

Lance le Nettoyage

Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.

Aide : Comment utiliser CCleaner.

***************

Télécharge AntiVir sur ton Bureau.

Double clique sur l'exécutable téléchargé pour lancer l'installation.

A la fin de l'installation, clique sur Finish.

Ouvre Antivir, assure-toi qu’il soit bien à jour !

Dans l'onglet Local Protection, choisis Scanner.

Active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur).

Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur.

Poste moi le rapport généré : Pour cela, clique sur l'onglet Overview, puis choisis Reports, tu trouveras son rapport..

Note : Pour une éradication des menaces plus efficace, lance le scan en mode sans échec.

Pourquoi changer ? Avast vs Antivir.

Aide : Comment installer et utiliser AntiVir.

J'ai pas réussi les opérations avec malware mais voici mon rapport antivir


Avira AntiVir Personal
Report file date: dimanche 15 juin 2008 14:57

Scanning for 1165085 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: TANDEM POUR L'ECOLE
Computer name: TANDEM

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:58
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:38
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:24
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:42
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21/03/2008 19:12:34
ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 25/03/2008 08:27:50
Engineversion : 8.1.0.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:22
AESCRIPT.DLL : 8.1.0.19 229754 Bytes 07/04/2008 15:34:46
AESCN.DLL : 8.1.0.12 115060 Bytes 07/04/2008 15:34:46
AERDL.DLL : 8.1.0.19 418164 Bytes 07/04/2008 15:34:46
AEPACK.DLL : 8.1.1.0 364918 Bytes 18/03/2008 11:20:44
AEOFFICE.DLL : 8.1.0.15 192889 Bytes 07/04/2008 15:34:46
AEHEUR.DLL : 8.1.0.15 1147253 Bytes 07/04/2008 15:34:46
AEHELP.DLL : 8.1.0.11 115061 Bytes 07/04/2008 15:34:44
AEGEN.DLL : 8.1.0.15 299379 Bytes 07/04/2008 15:34:44
AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 15:34:44
AECORE.DLL : 8.1.0.25 168309 Bytes 08/04/2008 09:58:34
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:54
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:52
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:48
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:50
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:32
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:26
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:12

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, E:, F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 15 juin 2008 14:57

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'FIREFOX.EXE' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'RavMonE.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\RavMonE.exe'
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'anbmServ.exe' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
Process 'RavMonE.exe' has been terminated
C:\WINDOWS\RavMonE.exe
[DETECTION] Contains detection pattern of the worm WORM/RJUMP.E
[NOTE] The file was moved to '48cb1354.qua'!

29 processes with 28 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] In the drive 'F:\' no data medium is inserted!

Starting to scan the registry.

The registry was scanned ( '23' files ).


Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\upload_moi_TANDEM.tar.gz
[0] Archive type: GZ
--> upload_moi.tar
[1] Archive type: TAR (tape archiver)
--> qoobox/Quarantine/C/WINDOWS/RavMonE.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/RJUMP.E
--> WINDOWS/RavMonE.exe
[DETECTION] Contains detection pattern of the worm WORM/RJUMP.E
[NOTE] The file was moved to '48c1145c.qua'!
C:\System Volume Information\_restore{A65CAB81-8F87-4280-8ABC-C81056D754CC}\RP845\A0377815.exe
[DETECTION] Contains detection pattern of the worm WORM/RJUMP.E
[NOTE] The file was moved to '48882495.qua'!
C:\System Volume Information\_restore{A65CAB81-8F87-4280-8ABC-C81056D754CC}\RP850\A0387169.exe
[DETECTION] Contains detection pattern of the worm WORM/RJUMP.E
[NOTE] The file was moved to '488824c9.qua'!
C:\QooBox\Quarantine\C\WINDOWS\RavMonE.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/RJUMP.E
[NOTE] The file was moved to '48cb25ad.qua'!
Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'F:\'
Search path F:\ could not be opened!
Le périphérique n'est pas prêt.



End of the scan: dimanche 15 juin 2008 16:24
Used time: 1:27:15 min

The scan has been done completely.

6300 Scanning directories
187901 Files were scanned
7 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
5 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
187894 Files not concerned
6864 Archives were scanned
2 Warnings
5 Notes

Que n'as-tu pas réussi ?

Il manque le rapport Clean et MBAM.

C est ces deux rapports que je n arrive pas à éditer

C'est à dire ?