[Résolu] Pages internets très longues à afficher

Bonjour,

Désinstalle pdfforge Toolbar.

Télécharge Ad-Remover (de C_XX) sur ton Bureau.

Déconnecte-toi et ferme toutes applications en cours.

Double-clique sur AD-R situé sur ton Bureau pour le lancer.

Choisis Nettoyer puis valide.

Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

Bonjour Helper et merci pour ton aide...

Jai desinstallé Pdfforge toolbar. Par contre, impossible d'aller jusqu'au bout d'Ad-remover au bout de 30 % il m'indique un message d'erreur : line -1 : error : variable used without being declared...

Merci encore

Retélécharge-le puis réessaie.

même chose ça reste bloqué à 30 %..

Avec le même message d'erreur ?

Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.

Double-clique sur le fichier téléchargé pour lancer le processus d'installation.

Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.

Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.

Sélectionne Exécuter un examen rapide.

Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

Citation :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.

Ferme tes navigateurs.

Si des malwares ont été détectés, clique sur Afficher les résultats.

Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.

MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

bonjour !!

Voici le rapport MBAM :

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3888
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21/03/2010 09:19:51
mbam-log-2010-03-21 (09-19-51).txt

Type de recherche: Examen rapide
Eléments examinés: 172727
Temps écoulé: 6 hour(s), 29 minute(s), 16 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\drivers\yrciudam.sys (Rootkit.Agent) -> Delete on reboot.
C:\Documents and Settings\utilisateur1\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

Relance MBAM, va dans Quarantaine et supprime tout.

[#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.

Il va te demander d'installer la console de récupération : accepte.

Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix

bonsoir,

Voici le rapport de combofix. Mes pages internet mettent toujours au moins 5mn à arriver.... c'est la cata !!! snif :

ComboFix 10-03-20.04 - utilisateur1 21/03/2010 15:35:10.2.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2046.1495 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\utilisateur1\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! antivirus 4.7.1001 [VPS 000747-3] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ZoneAlarm Antivirus *On-access scanning enabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Un antivirus résident est actif

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\marion\Application Data\Dossier de téléchargement Share-to-Web
C:\Documents and Settings\televente\Application Data\Dossier de téléchargement Share-to-Web
C:\Documents and Settings\utilisateur1\Application Data\Dossier de téléchargement Share-to-Web
C:\Program Files\Search Guard Plus
C:\Program Files\Search Guard Plus\fbsProtection.xml
C:\Program Files\Search Guard Plus\fbsSearchProvider.xml
C:\Program Files\Search Guard Plus\FbsSearchProviderIE8.exe
C:\Program Files\Search Guard Plus\SearchGuardPlus.ico
C:\Program Files\Search Guard Plus\uninstalSGP.exe
C:\Program Files\Search Guard PlusU
C:\Program Files\Search Guard PlusU\SGPU.ico
C:\Program Files\Search Guard PlusU\sgpUpdater.exe
C:\Program Files\Search Guard PlusU\sgpUpdater.xml
C:\Program Files\Search Guard PlusU\sgpUpdaters.exe
C:\Program Files\Search Guard PlusU\Tmp\removesgp.exe
C:\Program Files\Search Guard PlusU\Tmp\removesgp0.exe
C:\Program Files\Search Guard PlusU\uninstalSGPU.exe
C:\Program Files\SGPSA
C:\Program Files\SGPSA\SearchAssistant.dll
C:\WINDOWS\system32\AVSredirect.dll
C:\WINDOWS\system32\fjhdyfhsn.bat
.
---- Exécution préalable -------
.
C:\Documents and Settings\utilisateur1\Application Data\Dossier de téléchargement Share-to-Web \Asterix---Obelix-XXL-2---Mission-Ouifix.nds.torrent
C:\Documents and Settings\utilisateur1\Application Data\Dossier de téléchargement Share-to-Web \utorrent.exe
C:\InfoSat.txt
C:\Program Files\Internet Explorer\fxavx.ini

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_M_HOOK
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


((((((((((((((((((((((((((((( Fichiers créés du 2010-02-21 au 2010-03-21 ))))))))))))))))))))))))))))))))))))
.

2010-03-21 18:06:18 . 2010-03-21 18:06:18 -------- d-----w- C:\Documents and Settings\utilisateur1\Application Data\Dossier de téléchargement Share-to-Web
2010-03-21 18:06:18 . 2010-03-21 18:06:18 -------- d-----w- C:\Documents and Settings\utilisateur1\Application Data\Dossier de téléchargement Share-to-Web
2010-03-21 10:05:55 . 2010-03-21 10:05:55 -------- d-----w- C:\Documents and Settings\utilisateur1\temp
2010-03-21 10:05:26 . 2010-03-21 10:05:29 -------- d-----w- C:\Documents and Settings\utilisateur1\Application Data\TeamViewer
2010-03-20 14:30:42 . 2010-03-20 18:01:10 -------- d-----w- C:\Ad-Remover
2010-03-19 20:46:04 . 2007-01-18 12:00:28 3968 ----a-w- C:\WINDOWS\system32\drivers\AvgArCln.sys
2010-03-19 19:27:05 . 2010-03-19 19:27:05 -------- d-----w- C:\Program Files\Sophos
2010-03-19 19:25:53 . 2010-03-21 18:07:48 838144 ----a-w- C:\WINDOWS\system32\drivers\yrciudam.sys
2010-03-19 19:20:42 . 2008-04-13 19:40:58 8192 ----a-w- C:\WINDOWS\system32\drivers\changer.sys
2010-03-19 19:20:42 . 2008-04-13 19:40:58 8192 ----a-w- C:\WINDOWS\system32\dllcache\changer.sys
2010-03-18 21:59:54 . 2010-03-18 21:59:54 -------- d-----w- C:\Documents and Settings\utilisateur1\Application Data\Foxit Software
2010-03-11 06:04:54 . 2009-10-23 15:28:37 3558912 ------w- C:\WINDOWS\system32\dllcache\moviemk.exe
2010-03-05 17:04:33 . 2010-03-05 17:04:41 59704 ----a-w- C:\Documents and Settings\marion\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-05 16:55:41 . 2010-03-05 16:55:41 -------- d-----w- C:\Documents and Settings\marion\Application Data\Search Settings
2010-03-05 16:55:24 . 2010-03-05 16:56:02 -------- d-----w- C:\Documents and Settings\marion\Application Data\pdfforge
2010-03-03 07:35:41 . 2010-02-12 10:03:03 293376 ------w- C:\WINDOWS\system32\browserchoice.exe
2010-02-25 19:33:24 . 2010-03-18 19:34:32 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\Application Data\Nitro PDF
2010-02-24 20:09:46 . 2010-02-24 20:09:46 -------- d-----w- C:\Documents and Settings\utilisateur1\Application Data\Nitro PDF
2010-02-24 20:09:05 . 2009-12-18 09:31:10 17728 ----a-w- C:\WINDOWS\system32\nitrolocalui.dll
2010-02-24 20:09:05 . 2009-12-18 09:30:52 26432 ----a-w- C:\WINDOWS\system32\nitrolocalmon.dll
2010-02-24 20:08:44 . 2010-02-24 20:08:44 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Nitro PDF
2010-02-24 20:08:43 . 2010-02-24 20:08:43 -------- d-----w- C:\Program Files\Fichiers communs\Nitro PDF
2010-02-24 20:08:41 . 2010-02-24 20:08:41 -------- d-----w- C:\Program Files\Nitro PDF
2010-02-24 20:07:46 . 2010-02-24 20:07:46 -------- d-----w- C:\Documents and Settings\utilisateur1\Application Data\Downloaded Installations
2010-02-24 19:58:06 . 2010-02-24 19:58:06 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\Application Data\Application Updater

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-21 11:37:25 . 2010-01-21 19:12:57 -------- d-----w- C:\Documents and Settings\utilisateur1\Application Data\Software Informer
2010-03-20 20:15:44 . 2009-11-29 11:24:50 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-19 19:47:32 . 2007-08-29 07:15:57 -------- d-----w- C:\Program Files\Spybot - Search & Destroy
2010-03-19 19:13:39 . 2010-03-18 22:01:54 12 ----a-w- C:\WINDOWS\system32\config\systemprofile\Application Data\jasltw.dat
2010-03-18 20:07:09 . 2008-02-08 22:14:43 -------- d-----w- C:\Documents and Settings\utilisateur1\Application Data\uTorrent
2010-03-10 15:15:35 . 2009-07-18 21:27:38 -------- d-----w- C:\Documents and Settings\utilisateur1\Application Data\MeizuManager
2010-03-09 21:20:27 . 2007-08-29 07:16:01 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-08 22:26:53 . 2009-10-05 21:39:27 747464 ----a-w- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-06 17:56:57 . 2008-12-24 11:21:30 -------- d-----w- C:\Program Files\uTorrent
2010-02-25 16:24:15 . 2007-12-28 14:03:17 -------- d-----w- C:\Program Files\JS Nature
2010-02-24 19:26:37 . 2007-03-18 21:56:10 -------- d-----w- C:\Program Files\PDF Editeur 2
2010-02-24 09:39:16 . 2007-03-18 21:56:11 73216 ----a-w- C:\WINDOWS\cadkasdeinst01f.exe
2010-02-19 15:20:11 . 2010-02-19 15:20:11 -------- d-----w- C:\Program Files\eRightSoft
2010-02-01 05:50:41 . 2008-02-06 17:06:00 664 ----a-w- C:\WINDOWS\system32\d3d9caps.dat
2010-01-21 19:12:57 . 2010-01-21 19:12:56 -------- d-----w- C:\Program Files\Software Informer
2010-01-21 06:28:40 . 2008-12-17 11:49:40 -------- d-----w- C:\Program Files\Microsoft Silverlight
2010-01-13 13:08:42 . 2004-08-20 10:24:14 85396 ----a-w- C:\WINDOWS\system32\perfc00C.dat
2010-01-13 13:08:42 . 2004-08-20 10:24:14 511874 ----a-w- C:\WINDOWS\system32\perfh00C.dat
2010-01-07 15:07:14 . 2009-11-29 11:24:55 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07:04 . 2009-11-29 11:24:51 19160 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2009-12-31 16:50:03 . 2006-01-30 22:02:05 353792 ----a-w- C:\WINDOWS\system32\drivers\srv.sys
2009-12-27 10:36:56 . 2008-01-23 14:30:21 4212 ---ha-w- C:\WINDOWS\system32\zllictbl.dat
2009-12-21 19:07:01 . 2004-08-20 10:24:09 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2006-05-28 11:35:20 . 2006-05-28 11:35:26 774144 ----a-w- C:\Program Files\RngInterstitial.dll
2006-02-03 08:00:57 . 2006-02-03 08:00:57 56 --sh--r- C:\WINDOWS\system32\6316059473.sys
2006-05-03 10:06:54 . 2010-02-19 15:21:32 163328 --sh--r- C:\WINDOWS\system32\flvDX.dll
2006-02-03 08:00:57 . 2006-02-03 08:00:53 2516 --sha-w- C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 11:47:16 . 2010-02-19 15:21:33 31232 --sh--r- C:\WINDOWS\system32\msfDX.dll
2008-03-16 13:30:52 . 2010-02-19 15:21:34 216064 --sh--r- C:\WINDOWS\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 19:36:57 68856]
"Software Informer"="C:\Program Files\Software Informer\softinfo.exe" [2009-11-25 17:50:10 2011205]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 13:40:48 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 19:42:54 1404928]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 03:12:00 94208]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20:00 122940]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 03:19:34 69632]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 07:35:40 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 07:32:24 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 07:36:20 114688]
"Monitor"="C:\WINDOWS\Philips\SPC220NC\Monitor.exe" [2006-11-03 09:01:16 319488]
"Google Quick Search Box"="C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-10 17:06:28 68592]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 12:08:11 209153]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2009-09-05 00:54:42 417792]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-09 17:11:09 185896]

C:\Documents and Settings\marion\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

C:\Documents and Settings\televente\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

C:\Documents and Settings\utilisateur1\Menu D‚marrer\Programmes\D‚marrage\
syspck32.exe [2008-4-14 35840]
wkcalrem.LNK - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2005-1-21 24651]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-28 19:21:26 141600 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
2009-10-17 00:39:40 1037192 ----a-w- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\utilisateur1\\Bureau\\Truf\\Truf.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\WINDOWS\\system32\\mcoinstall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4672:UDP"= 4672:UDP:udp emule
"4662:TCP"= 4662:TCP:emule tcp
"4711:TCP"= 4711:TCP:emule

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMHELPR.SYS [08/06/2006 22:27:40 4064]
S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\drivers\camdrv21.sys [01/12/2006 21:41:16 223232]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\WINDOWS\system32\39.tmp --> C:\WINDOWS\system32\39.tmp [?]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - yrciudam
.
Contenu du dossier 'Tâches planifiées'

2010-02-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34:12 . 2008-07-30 11:34:12]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {FD3D5E1A-B6F9-4C0C-93A4-C75F82D40484} = 192.168.1.1
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-SGPUpdater - C:\Program Files\Search Guard PlusU\sgpUpdaters.exe
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-sglfb.sys
SafeBoot-tga.sys
MSConfigStartUp-AVPCC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe

Il manque la fin.

je sais... ca tourne depuis + de 2h avec un message : cette fenetre va se fermer merci d'attendre quelque instant.... et ca ne fait rien ce qui fait qu'il doit manquer la fin...

autant pour moi voici la fin qui vient de s'afficher :

ComboFix 10-03-20.04 - utilisateur1 21/03/2010 15:35:10.2.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2046.1495 [GMT 1:00]
Lancé depuis: c:\documents and settings\utilisateur1\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! antivirus 4.7.1001 [VPS 000747-3] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ZoneAlarm Antivirus *On-access scanning enabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Un antivirus résident est actif

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\marion\Application Data\Dossier de téléchargement Share-to-Web
c:\documents and settings\televente\Application Data\Dossier de téléchargement Share-to-Web
c:\documents and settings\utilisateur1\Application Data\Dossier de téléchargement Share-to-Web
c:\program files\Search Guard Plus
c:\program files\Search Guard Plus\fbsProtection.xml
c:\program files\Search Guard Plus\fbsSearchProvider.xml
c:\program files\Search Guard Plus\FbsSearchProviderIE8.exe
c:\program files\Search Guard Plus\SearchGuardPlus.ico
c:\program files\Search Guard Plus\uninstalSGP.exe
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\SGPU.ico
c:\program files\Search Guard PlusU\sgpUpdater.exe
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\program files\Search Guard PlusU\sgpUpdaters.exe
c:\program files\Search Guard PlusU\Tmp\removesgp.exe
c:\program files\Search Guard PlusU\Tmp\removesgp0.exe
c:\program files\Search Guard PlusU\uninstalSGPU.exe
c:\program files\SGPSA
c:\program files\SGPSA\SearchAssistant.dll
c:\windows\system32\AVSredirect.dll
c:\windows\system32\fjhdyfhsn.bat
.
---- Exécution préalable -------
.
c:\documents and settings\utilisateur1\Application Data\Dossier de téléchargement Share-to-Web \Asterix---Obelix-XXL-2---Mission-Ouifix.nds.torrent
c:\documents and settings\utilisateur1\Application Data\Dossier de téléchargement Share-to-Web \utorrent.exe
C:\InfoSat.txt
c:\program files\Internet Explorer\fxavx.ini

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_M_HOOK
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


((((((((((((((((((((((((((((( Fichiers créés du 2010-02-21 au 2010-03-21 ))))))))))))))))))))))))))))))))))))
.

2010-03-21 18:06 . 2010-03-21 18:06 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\Dossier de téléchargement Share-to-Web
2010-03-21 18:06 . 2010-03-21 18:06 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\Dossier de téléchargement Share-to-Web
2010-03-21 10:05 . 2010-03-21 10:05 -------- d-----w- c:\documents and settings\utilisateur1\temp
2010-03-21 10:05 . 2010-03-21 10:05 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\TeamViewer
2010-03-20 14:30 . 2010-03-20 18:01 -------- d-----w- C:\Ad-Remover
2010-03-19 20:46 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-03-19 19:27 . 2010-03-19 19:27 -------- d-----w- c:\program files\Sophos
2010-03-19 19:25 . 2010-03-21 18:07 838144 ----a-w- c:\windows\system32\drivers\yrciudam.sys
2010-03-19 19:20 . 2008-04-13 19:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-03-19 19:20 . 2008-04-13 19:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
2010-03-18 21:59 . 2010-03-18 21:59 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\Foxit Software
2010-03-11 06:04 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-05 17:04 . 2010-03-05 17:04 59704 ----a-w- c:\documents and settings\marion\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-05 16:55 . 2010-03-05 16:55 -------- d-----w- c:\documents and settings\marion\Application Data\Search Settings
2010-03-05 16:55 . 2010-03-05 16:56 -------- d-----w- c:\documents and settings\marion\Application Data\pdfforge
2010-03-03 07:35 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-25 19:33 . 2010-03-18 19:34 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Nitro PDF
2010-02-24 20:09 . 2010-02-24 20:09 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\Nitro PDF
2010-02-24 20:09 . 2009-12-18 09:31 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2010-02-24 20:09 . 2009-12-18 09:30 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2010-02-24 20:08 . 2010-02-24 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Nitro PDF
2010-02-24 20:08 . 2010-02-24 20:08 -------- d-----w- c:\program files\Fichiers communs\Nitro PDF
2010-02-24 20:08 . 2010-02-24 20:08 -------- d-----w- c:\program files\Nitro PDF
2010-02-24 20:07 . 2010-02-24 20:07 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\Downloaded Installations
2010-02-24 19:58 . 2010-02-24 19:58 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-21 11:37 . 2010-01-21 19:12 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\Software Informer
2010-03-20 20:15 . 2009-11-29 11:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-19 19:47 . 2007-08-29 07:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-19 19:13 . 2010-03-18 22:01 12 ----a-w- c:\windows\system32\config\systemprofile\Application Data\jasltw.dat
2010-03-18 20:07 . 2008-02-08 22:14 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\uTorrent
2010-03-10 15:15 . 2009-07-18 21:27 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\MeizuManager
2010-03-09 21:20 . 2007-08-29 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-08 22:26 . 2009-10-05 21:39 747464 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-06 17:56 . 2008-12-24 11:21 -------- d-----w- c:\program files\uTorrent
2010-02-25 16:24 . 2007-12-28 14:03 -------- d-----w- c:\program files\JS Nature
2010-02-24 19:26 . 2007-03-18 21:56 -------- d-----w- c:\program files\PDF Editeur 2
2010-02-24 09:39 . 2007-03-18 21:56 73216 ----a-w- c:\windows\cadkasdeinst01f.exe
2010-02-19 15:20 . 2010-02-19 15:20 -------- d-----w- c:\program files\eRightSoft
2010-02-01 05:50 . 2008-02-06 17:06 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-21 19:12 . 2010-01-21 19:12 -------- d-----w- c:\program files\Software Informer
2010-01-21 06:28 . 2008-12-17 11:49 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-13 13:08 . 2004-08-20 10:24 85396 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-13 13:08 . 2004-08-20 10:24 511874 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-07 15:07 . 2009-11-29 11:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-11-29 11:24 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2006-01-30 22:02 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-27 10:36 . 2008-01-23 14:30 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-12-21 19:07 . 2004-08-20 10:24 916480 ----a-w- c:\windows\system32\wininet.dll
2006-05-28 11:35 . 2006-05-28 11:35 774144 ----a-w- c:\program files\RngInterstitial.dll
2006-02-03 08:00 . 2006-02-03 08:00 56 --sh--r- c:\windows\system32\6316059473.sys
2006-05-03 10:06 . 2010-02-19 15:21 163328 --sh--r- c:\windows\system32\flvDX.dll
2006-02-03 08:00 . 2006-02-03 08:00 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 11:47 . 2010-02-19 15:21 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-02-19 15:21 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 68856]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-11-25 2011205]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Monitor"="c:\windows\Philips\SPC220NC\Monitor.exe" [2006-11-03 319488]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-10 68592]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-09 185896]

c:\documents and settings\marion\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\televente\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\utilisateur1\Menu D‚marrer\Programmes\D‚marrage\
syspck32.exe [2008-4-14 35840]
wkcalrem.LNK - c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2005-1-21 24651]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-28 19:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
2009-10-17 00:39 1037192 ----a-w- c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\utilisateur1\\Bureau\\Truf\\Truf.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\WINDOWS\\system32\\mcoinstall.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4672:UDP"= 4672:UDP:udp emule
"4662:TCP"= 4662:TCP:emule tcp
"4711:TCP"= 4711:TCP:emule

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [08/06/2006 22:27 4064]
S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [01/12/2006 21:41 223232]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\39.tmp --> c:\windows\system32\39.tmp [?]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - yrciudam
.
Contenu du dossier 'Tâches planifiées'

2010-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {FD3D5E1A-B6F9-4C0C-93A4-C75F82D40484} = 192.168.1.1
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-SGPUpdater - c:\program files\Search Guard PlusU\sgpUpdaters.exe
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-sglfb.sys
SafeBoot-tga.sys
MSConfigStartUp-AVPCC - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-21 19:06
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SGPUpdater = c:\program files\Search Guard PlusU\sgpUpdaters.exe??o?caption="Galerie de boutons" visibility="1" e

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\39.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\yrciudam]

.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1015457174-881130128-1800161634-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:bf,1f,af,0f,ff,52,e0,d2,40,de,8e,2a,05,43,a7,6e,6b,ef,30,9f,bf,be,f1,
21,3b,58,1b,1c,71,07,de,60,54,79,e6,db,1e,e1,36,ee,d1,f6,8f,7a,9d,c1,f0,fa,\
"??"=hex:2a,b0,63,e8,2d,cf,c5,c2,dc,50,dd,e5,73,c7,04,14

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(7968)
c:\program files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll
c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe
c:\program files\UltraVNC\repeater.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\windows\system32\wscntfy.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\Windows Live\Messenger\msnmsgr.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\Real\RealPlayer\RealPlay.exe
c:\windows\system32\mstsc.exe
.
**************************************************************************
.
Heure de fin: 2010-03-21 21:33:37 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-03-21 20:32

Avant-CF: 22 511 357 952 octets libres
Après-CF: 23 231 541 248 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - BA573F0588B219276B9E223D75992A7F

/!\ Seul Nathaliede peut suivre cette procédure /!\

Désactive toute protection résidente (Antivirus...) !

---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :


---> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes.

- Colle (CTRL+V) le texte dans le Bloc-notes.
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer.
- Quitte le Bloc-notes.

---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :

Cela va relancer Combofix : au message qui apparaît, accepte.

Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.

Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

 

bonjour !

ci-joint nouveau rapport combofix :

ComboFix 10-03-21.01 - utilisateur1 21/03/2010 23:20:51.3.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2046.1480 [GMT 1:00]
Lancé depuis: c:\documents and settings\utilisateur1\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\utilisateur1\Bureau\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! antivirus 4.7.1001 [VPS 000747-3] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ZoneAlarm Antivirus *On-access scanning enabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\documents and settings\utilisateur1\Menu Démarrer\Programmes\Démarrage\syspck32.exe"
"c:\windows\system32\config\systemprofile\Application Data\jasltw.dat"
"c:\windows\system32\drivers\yrciudam.sys"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\marion\Application Data\Search Settings
c:\documents and settings\marion\Application Data\Search Settings\kb130\temp\ws-14683.log
c:\documents and settings\utilisateur1\Application Data\Dossier de téléchargement Share-to-Web
c:\documents and settings\utilisateur1\Menu Démarrer\Programmes\Démarrage\syspck32.exe
c:\windows\system32\config\systemprofile\Application Data\jasltw.dat
c:\windows\system32\drivers\yrciudam.sys

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MEMSWEEP2
-------\Legacy_yrciudam
-------\Service_yrciudam


((((((((((((((((((((((((((((( Fichiers créés du 2010-02-22 au 2010-03-22 ))))))))))))))))))))))))))))))))))))
.

2010-03-21 18:06 . 2010-03-21 18:06 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\Dossier de téléchargement Share-to-Web
2010-03-21 10:05 . 2010-03-21 10:05 -------- d-----w- c:\documents and settings\utilisateur1\temp
2010-03-21 10:05 . 2010-03-21 10:05 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\TeamViewer
2010-03-20 14:30 . 2010-03-20 18:01 -------- d-----w- C:\Ad-Remover
2010-03-19 20:46 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-03-19 19:27 . 2010-03-19 19:27 -------- d-----w- c:\program files\Sophos
2010-03-19 19:20 . 2008-04-13 19:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-03-19 19:20 . 2008-04-13 19:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
2010-03-18 21:59 . 2010-03-18 21:59 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\Foxit Software
2010-03-11 06:04 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-05 17:04 . 2010-03-05 17:04 59704 ----a-w- c:\documents and settings\marion\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-05 16:55 . 2010-03-05 16:56 -------- d-----w- c:\documents and settings\marion\Application Data\pdfforge
2010-03-03 07:35 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-25 19:33 . 2010-03-18 19:34 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Nitro PDF
2010-02-24 20:09 . 2010-02-24 20:09 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\Nitro PDF
2010-02-24 20:09 . 2009-12-18 09:31 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2010-02-24 20:09 . 2009-12-18 09:30 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2010-02-24 20:08 . 2010-02-24 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Nitro PDF
2010-02-24 20:08 . 2010-02-24 20:08 -------- d-----w- c:\program files\Fichiers communs\Nitro PDF
2010-02-24 20:08 . 2010-02-24 20:08 -------- d-----w- c:\program files\Nitro PDF
2010-02-24 20:07 . 2010-02-24 20:07 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\Downloaded Installations
2010-02-24 19:58 . 2010-02-24 19:58 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-21 21:41 . 2010-01-21 19:12 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\Software Informer
2010-03-20 20:15 . 2009-11-29 11:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-19 19:47 . 2007-08-29 07:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-18 20:07 . 2008-02-08 22:14 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\uTorrent
2010-03-10 15:15 . 2009-07-18 21:27 -------- d-----w- c:\documents and settings\utilisateur1\Application Data\MeizuManager
2010-03-09 21:20 . 2007-08-29 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-08 22:26 . 2009-10-05 21:39 747464 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-06 17:56 . 2008-12-24 11:21 -------- d-----w- c:\program files\uTorrent
2010-02-25 16:24 . 2007-12-28 14:03 -------- d-----w- c:\program files\JS Nature
2010-02-24 19:26 . 2007-03-18 21:56 -------- d-----w- c:\program files\PDF Editeur 2
2010-02-24 09:39 . 2007-03-18 21:56 73216 ----a-w- c:\windows\cadkasdeinst01f.exe
2010-02-19 15:20 . 2010-02-19 15:20 -------- d-----w- c:\program files\eRightSoft
2010-02-01 05:50 . 2008-02-06 17:06 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-21 19:12 . 2010-01-21 19:12 -------- d-----w- c:\program files\Software Informer
2010-01-21 06:28 . 2008-12-17 11:49 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-13 13:08 . 2004-08-20 10:24 85396 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-13 13:08 . 2004-08-20 10:24 511874 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-07 15:07 . 2009-11-29 11:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-11-29 11:24 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2006-01-30 22:02 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-27 10:36 . 2008-01-23 14:30 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2006-05-28 11:35 . 2006-05-28 11:35 774144 ----a-w- c:\program files\RngInterstitial.dll
2006-02-03 08:00 . 2006-02-03 08:00 56 --sh--r- c:\windows\system32\6316059473.sys
2006-05-03 10:06 . 2010-02-19 15:21 163328 --sh--r- c:\windows\system32\flvDX.dll
2006-02-03 08:00 . 2006-02-03 08:00 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 11:47 . 2010-02-19 15:21 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-02-19 15:21 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 68856]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-11-25 2011205]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Monitor"="c:\windows\Philips\SPC220NC\Monitor.exe" [2006-11-03 319488]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-10 68592]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-09 185896]

c:\documents and settings\marion\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\televente\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\utilisateur1\Menu D‚marrer\Programmes\D‚marrage\
wkcalrem.LNK - c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2005-1-21 24651]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-28 19:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
2009-10-17 00:39 1037192 ----a-w- c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\utilisateur1\\Bureau\\Truf\\Truf.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\WINDOWS\\system32\\mcoinstall.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4672:UDP"= 4672:UDP:udp emule
"4662:TCP"= 4662:TCP:emule tcp
"4711:TCP"= 4711:TCP:emule

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [08/06/2006 22:27 4064]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [29/11/2009 12:37 108289]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [18/12/2009 10:49 188736]
R2 repeater_service;repeater_service;c:\program files\UltraVNC\repeater.exe [27/06/2007 08:35 176128]
S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [01/12/2006 21:41 223232]
S3 SPC220NC;Philips SPC220NC Webcam;c:\windows\system32\drivers\SPC220NC.SYS [08/10/2008 14:56 507136]
S4 AVPCC;AVP Control Centre Service;"c:\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /service --> c:\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe [?]
S4 KAVMonitorService;KAV Monitor Service;"c:\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe" /service --> c:\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe [?]
.
Contenu du dossier 'Tâches planifiées'

2010-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {FD3D5E1A-B6F9-4C0C-93A4-C75F82D40484} = 192.168.1.1
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-22 07:05
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1015457174-881130128-1800161634-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:bf,1f,af,0f,ff,52,e0,d2,40,de,8e,2a,05,43,a7,6e,6b,ef,30,9f,bf,be,f1,
21,3b,58,1b,1c,71,07,de,60,54,79,e6,db,1e,e1,36,ee,d1,f6,8f,7a,9d,c1,f0,fa,\
"??"=hex:2a,b0,63,e8,2d,cf,c5,c2,dc,50,dd,e5,73,c7,04,14

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(6156)
c:\program files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll
c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
.
**************************************************************************
.
Heure de fin: 2010-03-22 07:19:19 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-03-22 06:19
ComboFix2.txt 2010-03-21 20:34

Avant-CF: 23 239 069 696 octets libres
Après-CF: 23 196 999 680 octets libres

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 796A4BD39D9A5DBDFF07D56A52F7AD07

Menu Démarrer > Exécuter > Tape ComboFix /uninstall et valide.

Réessaie la manip' avec Ad-Remover.

Super c'est passé ! voici le rapport :

.
======= RAPPORT D'AD-REMOVER 2.0.0.0,B | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 19/03/10 à 18:30
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 18:25:47 le 22/03/2010 | Mode normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\ADR.exe
SE: Microsoft® Windows XP™ Service Pack 3 - X86
Nom du PC: DCK0M22J | Utilisateur actuel: utilisateur1 (Administrateur)
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\marion\Application Data\pdfforge
C:\Documents and Settings\utilisateur1\Application Data\Viewpoint
C:\Program Files\AGI
C:\Program Files\Mozilla FireFox\Components\AskSearch.js

(!) -- Fichiers temporaires supprimés.
.
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{197058E9-09DC-41B4-9D4C-7035E609BECD}
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
HKLM\Software\AskBarDis
HKLM\Software\Classes\CLSID\{4260e0cc-0f75-462e-88a3-1e05c248bf4c}
HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
HKLM\Software\MetaStream
HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
HKLM\Software\Microsoft\Code Store Database\Distribution Units\CabBuilder
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1489E0BE-F7F5-456e-9326-588E3F9A1647}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E09159C-93AC-4690-9415-7C0ED4B70AEB}
.
============== SCAN ADDITIONNEL ==============
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\SYSTEM32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\SYSTEM32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
============== SUSPECT(S) ==============
.
C:\Documents and Settings\utilisateur1\Application Data\uTorrent\The Legend of Zelda - Spirit Tracks patché Supercard slot 2.rar.torrent
C:\Documents and Settings\utilisateur1\Application Data\uTorrent\xpa-lzst-cracked.rar.torrent
C:\Documents and Settings\utilisateur1\Mes documents\Downloads\Les Sims 2 la Totale\02 - Patch pour les Sims 2\thesims2_update.exe
C:\Documents and Settings\utilisateur1\Mes documents\Downloads\Les Sims 2 la Totale\04 - Académie\crack\The Sims 2 - University (EURO) MI.rar
C:\Documents and Settings\utilisateur1\Mes documents\Downloads\Les Sims 2 la Totale\05 - Patch pour les Sims 2 Académie\sims2ep1_patch.exe
C:\Documents and Settings\utilisateur1\Mes documents\Downloads\Les Sims 2 la Totale\07 - Patch pour les Sims 2 Nuits de Folie\sims2ep2_patch.exe
C:\Documents and Settings\utilisateur1\Mes documents\Downloads\Les Sims 2 la Totale\08 - La Bonne Affaire\crack\rld-sofb.rar
C:\Documents and Settings\utilisateur1\Mes documents\Downloads\Les Sims 2 la Totale\09 - Patch pour les Sims 2 La Bonne Affaire\sims2ep3_patch.exe
C:\Documents and Settings\utilisateur1\Mes documents\Downloads\Les Sims 2 la Totale\11 - Patch pour les Sims 2 Fun en Famille\sims2sp1_patch.exe
C:\Documents and Settings\utilisateur1\Mes documents\Downloads\The Legend of Zelda - Spirit Tracks patché Supercard slot 2.rar
C:\Documents and Settings\utilisateur1\Mes documents\Downloads\xpa-lzst-cracked.rar
C:\Documents and Settings\utilisateur1\Mes documents\EA Games\Les Sims 2\teléchargement fichier\Patch_pr_coce.rar
C:\Documents and Settings\utilisateur1\Mes documents\Téléchargements\patch51.exe
.
========================================
.
C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp: 3 Fichier(s), 4 Dossier(s)
C:\WINDOWS\temp: 11 Fichier(s), 5 Dossier(s)
Temporary Internet Files: 2 Fichier(s), 11 Dossier(s)
.
C:\Ad-Remover\Quarantine: 1 Fichier(s)
C:\Ad-Remover\Backup: 25 Fichier(s)
.
C:\Ad-Report-CLEAN[1].txt - 510 Octet(s)
C:\Ad-Report-CLEAN[2].txt - 510 Octet(s)
C:\Ad-Report-CLEAN[3].txt - 510 Octet(s)
C:\Ad-Report-CLEAN[4].txt - 510 Octet(s)
C:\Ad-Report-CLEAN[5].txt - 5029 Octet(s)
.
Fin à: 18:44:34, 22/03/2010
.
============== E.O.F - CLEAN[5] ==============

Relance Ad-Remover et choisis Nettoyer.

Tu as deux antivirus ?

je n'ai qu'un seul antivirus : avira

Voici le 2e rapport ad-remover :

.
======= RAPPORT D'AD-REMOVER 2.0.0.0,B | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 19/03/10 à 18:30
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 19:51:09 le 22/03/2010 | Mode normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\ADR.exe
SE: Microsoft® Windows XP™ Service Pack 3 - X86
Nom du PC: DCK0M22J | Utilisateur actuel: utilisateur1 (Administrateur)
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.

(!) -- Fichiers temporaires supprimés.
.
.
============== SCAN ADDITIONNEL ==============
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\SYSTEM32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\SYSTEM32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
============== SUSPECT(S) ==============
.
C:\Documents and Settings\utilisateur1\Application Data\uTorrent\The Legend of Zelda - Spirit Tracks patché Supercard slot 2.rar.torrent
C:\Documents and Settings\utilisateur1\Application Data\uTorrent\xpa-lzst-cracked.rar.torrent
C:\Documents and Settings\utilisateur1\Mes documents\Downloads\Les Sims 2 la Totale\02 - Patch pour les Sims 2\thesims2_update.exe
C:\Documents and Settings\utilisateur1\Mes documents\Downloads\Les Sims 2 la Totale\04 - Académie\crack\The Sims 2 - University (EURO) MI.rar
C:\Documents and Settings\utilisateur1\Mes documents\Downloads\Les Sims 2 la Totale\05 - Patch pour les Sims 2 Académie\sims2ep1_patch.exe
C:\Documents and Settings\utilisateur1\Mes documents\Downloads\Les Sims 2 la Totale\07 - Patch pour les Sims 2 Nuits de Folie\sims2ep2_patch.exe
C:\Documents and Settings\utilisateur1\Mes documents\Downloads\Les Sims 2 la Totale\08 - La Bonne Affaire\crack\rld-sofb.rar
C:\Documents and Settings\utilisateur1\Mes documents\Downloads\Les Sims 2 la Totale\09 - Patch pour les Sims 2 La Bonne Affaire\sims2ep3_patch.exe
C:\Documents and Settings\utilisateur1\Mes documents\Downloads\Les Sims 2 la Totale\11 - Patch pour les Sims 2 Fun en Famille\sims2sp1_patch.exe
C:\Documents and Settings\utilisateur1\Mes documents\Downloads\The Legend of Zelda - Spirit Tracks patché Supercard slot 2.rar
C:\Documents and Settings\utilisateur1\Mes documents\Downloads\xpa-lzst-cracked.rar
C:\Documents and Settings\utilisateur1\Mes documents\EA Games\Les Sims 2\teléchargement fichier\Patch_pr_coce.rar
C:\Documents and Settings\utilisateur1\Mes documents\Téléchargements\patch51.exe
.
========================================
.
C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp: 3 Fichier(s), 4 Dossier(s)
C:\WINDOWS\temp: 14 Fichier(s), 5 Dossier(s)
Temporary Internet Files: 2 Fichier(s), 11 Dossier(s)
.
C:\Ad-Remover\Quarantine: 1 Fichier(s)
C:\Ad-Remover\Backup: 25 Fichier(s)
.
C:\Ad-Report-CLEAN[1].txt - 510 Octet(s)
C:\Ad-Report-CLEAN[2].txt - 510 Octet(s)
C:\Ad-Report-CLEAN[3].txt - 510 Octet(s)
C:\Ad-Report-CLEAN[4].txt - 510 Octet(s)
C:\Ad-Report-CLEAN[5].txt - 5155 Octet(s)
C:\Ad-Report-CLEAN[6].txt - 3870 Octet(s)
.
Fin à: 20:09:39, 22/03/2010
.
============== E.O.F - CLEAN[6] ==============

Dans le rapport ComboFix, je vois Kaspersky.

Pour Ad-Remover, je voulais dire Désinstaller et non Nettoyer (tu l'avais déjà fait).

mdr... désolée je ne fais que suivre tes consignes à la lettre ! pas grave on aura fait un 2e scan ça ne fait pas de mal... ok je desinstalle ad-remover.

Quand à Kaspersky, effectivement c'etait un de mes 1er antivirus... je vais regarder pour le desintaller totalement

Télécharge OTL (de OldTimer) sur ton Bureau.

Double-clique sur OTL pour le lancer.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

Une fenêtre apparaît. Dans la section Output en haut de cette fenêtre, coche Minimal Output.

Coche également les cases à côté de LOP Check et Purity Check.

Enfin, clique sur le bouton Run Scan. Le scan ne prendra pas beaucoup de temps.

Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau).

Pour me transmettre les rapports :

Clique sur ce lien : http://www.cijoint.fr/

Clique sur Parcourir... et cherche le fichier du rapport que tu souhaites me transmettre.

Clique sur Ouvrir.

Clique sur Cliquez ici pour déposer le fichier.

Un lien de cette forme, hxxp://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt, est ajouté dans la page.

Copie-colle ce lien dans ta réponse.

bonjour,

Voici le lien demandé pour le fichier :

http://www.cijoint.fr/cjlink.php?file=cj201003/cijdsFfe...


Une petite question pour ma culture personnelle : pourquoi ne pas faire un copier/coller direct comme ts les rapports donnés jusqu'à présent ?

Car le rapport est long et tu risques de ne pas pouvoir le poster entièrement.

Désinstalle AVG Anti-Spyware qui est obsolète.

Double-clique sur OTL pour le lancer.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

Sous l'onglet Custom Scans/Fixes en bas de la fenêtre, copie-colle le texte suivant (entre les deux espaces) :

:OTL
SRV - (KAVMonitorService) -- File not found
SRV - (AVPCC) -- File not found
SRV - (avast! Web Scanner) -- File not found
SRV - (avast! Mail Scanner) -- File not found
SRV - (avast! Antivirus) -- File not found
SRV - (aswUpdSv) -- File not found
DRV - (Klif) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (kl1) -- C:\WINDOWS\System32\DRIVERS\kl1.sys (Kaspersky Lab)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-wind... (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-wind... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-wind... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-wind... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-wind... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-wind... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-wind... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-wind... (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-wind... (Java Plug-in 1.6.0_15)

:commands
[emptytemp]
[reboot]

Puis clique sur le bouton Run Fix en haut de la fenêtre.

Laisse le programme travailler, redémarre une fois le fix terminé.

Poste le rapport qui s'affichera après redémarrage.

Ok... voici le rapport :

All processes killed
========== OTL ==========
Service KAVMonitorService stopped successfully!
Service KAVMonitorService deleted successfully!
File File not found not found.
Service AVPCC stopped successfully!
Service AVPCC deleted successfully!
File File not found not found.
Service avast! Web Scanner stopped successfully!
Service avast! Web Scanner deleted successfully!
File File not found not found.
Service avast! Mail Scanner stopped successfully!
Service avast! Mail Scanner deleted successfully!
File File not found not found.
Service avast! Antivirus stopped successfully!
Service avast! Antivirus deleted successfully!
File File not found not found.
Service aswUpdSv stopped successfully!
Service aswUpdSv deleted successfully!
File File not found not found.
Error: Unable to stop service Klif!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Klif deleted successfully.
C:\WINDOWS\system32\drivers\klif.sys moved successfully.
Error: Unable to stop service kl1!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kl1 deleted successfully.
C:\WINDOWS\system32\drivers\kl1.sys moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: marion
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 7647 bytes
->FireFox cache emptied: 34993575 bytes
->Flash cache emptied: 1768 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Propriétaire

User: televente
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 377715 bytes
->Java cache emptied: 3630266 bytes
->Flash cache emptied: 33291 bytes

User: utilisateur1
->Temp folder emptied: 562075 bytes
->Temporary Internet Files folder emptied: 1571935 bytes
->Java cache emptied: 118677 bytes
->Google Chrome cache emptied: 103868163 bytes
->Flash cache emptied: 1660 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 1060024 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 542634 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2040 bytes

Total Files Cleaned = 140,00 mb


OTL by OldTimer - Version 3.1.37.3 log created on 03232010_213647

Files\Folders moved on Reboot...
C:\Documents and Settings\utilisateur1\Local Settings\Temporary Internet Files\Content.IE5\RLD2QWEF\292494-11-pages-internets-tres-longues-afficher[1].htm moved successfully.
C:\Documents and Settings\utilisateur1\Local Settings\Temporary Internet Files\Content.IE5\0B016LND\favicon[6].ico moved successfully.
C:\Documents and Settings\utilisateur1\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

Le PC va bien ?

Refais un scan OTL et poste le rapport OTL.

Bonjour !

Plus de signe de fièvre, toux passé... à priori le pc se comporte parfaitement bien... je rigole... les pages internet sont revenues à la bonne vitesse...

Concernant Kaspersky, je ne le vois pas dans mon menu de desintallation. As tu une idée comment l'enlever ?

Voici le nouveau rapport OTL :

OTL logfile created on: 24/03/2010 07:28:55 - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\utilisateur1\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 73,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145,96 Gb Total Space | 22,08 Gb Free Space | 15,13% Space Free | Partition Type: NTFS
Drive D: | 211,76 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DCK0M22J
Current User Name: utilisateur1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\utilisateur1\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - c:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\WINDOWS\Philips\SPC220NC\Monitor.exe (PixArt Imaging Incorporation)
PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)
PRC - C:\Program Files\UltraVNC\repeater.exe ( )
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\utilisateur1\Bureau\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll (Logitech Inc.)


========== Win32 Services (SafeList) ==========

SRV - (NitroDriverReadSpool) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (LVPrcSrv) -- c:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (C-DillaCdaC11BA) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)
SRV - (repeater_service) -- C:\Program Files\UltraVNC\repeater.exe ( )
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (Changer) -- C:\WINDOWS\system32\drivers\changer.sys (Microsoft Corporation)
DRV - (usbaudio) Pilote USB audio (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (BlueletAudio) -- C:\WINDOWS\system32\drivers\blueletaudio.sys (IVT Corporation.)
DRV - (Btcsrusb) -- C:\WINDOWS\system32\drivers\btcusb.sys (IVT Corporation.)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (BlueletSCOAudio) -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys (IVT Corporation.)
DRV - (BT) -- C:\WINDOWS\system32\drivers\btnetdrv.sys (IVT Corporation.)
DRV - (BTHidMgr) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys (IVT Corporation.)
DRV - (BTHidEnum) -- C:\WINDOWS\System32\Drivers\vbtenum.sys (IVT Corporation.)
DRV - (VcommMgr) -- C:\WINDOWS\system32\drivers\VcommMgr.sys (IVT Corporation.)
DRV - (VComm) -- C:\WINDOWS\system32\drivers\VComm.sys (IVT Corporation.)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (SPC220NC) -- C:\WINDOWS\system32\drivers\SPC220NC.SYS (PixArt Imaging Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys ()
DRV - (CdaC15BA) -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS (Macrovision Europe Ltd)
DRV - (AFS2K) -- C:\WINDOWS\system32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (vncdrv) -- C:\WINDOWS\system32\drivers\vncdrv.sys (RDV Soft)
DRV - (QCDonner) Logitech QuickCam Express(PID_0840) -- C:\WINDOWS\system32\drivers\lvcd.sys (Logitech Inc.)
DRV - (prohlp02) -- C:\WINDOWS\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (sfhlp01) -- C:\WINDOWS\System32\drivers\sfhlp01.sys (Protection Technology)
DRV - (prodrv06) -- C:\WINDOWS\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (prosync1) -- C:\WINDOWS\System32\drivers\prosync1.sys (Protection Technology)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (camvid20) -- C:\WINDOWS\system32\drivers\camdrv21.sys (Microsoft Corporation)
DRV - (ATMhelpr) -- C:\WINDOWS\system32\drivers\ATMHELPR.SYS (Adobe Systems Incorporated)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/04/09 18:12:52 | 000,000,000 | ---D | M]

[2010/02/24 20:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\utilisateur1\Application Data\Mozilla\Extensions
[2009/03/13 21:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\utilisateur1\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/03/22 07:04:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\Philips\SPC220NC\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\utilisateur1\Menu Démarrer\Programmes\Démarrage\wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/F... (Facebook Photo Uploader 5 Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.... (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/direc... (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.ca... (MSN Photo Upload Tool)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applications/pconnector... (Keynote Connector Launcher 2)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.extrafilm.fr/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca... (UnoCtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sourc... (BDSCANONLINE Control)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://nathaliede.spaces.live.com/PhotoUpload/MsnPUpld.... (Reg Error: Key error.)
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} http://www.inoculer.com/antivirus/Msie/bitdefender.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1... (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/curren... (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca... (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPACl... (MessengerStatsClient Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/fl... (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol... (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\utilisateur1\Application Data\Microsoft\Internet Explorer\Papier peint de Internet Explorer.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\utilisateur1\Application Data\Microsoft\Internet Explorer\Papier peint de Internet Explorer.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/20 11:37:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/12/03 12:37:10 | 000,000,027 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/23 22:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\WinDirStat
[2010/03/23 21:36:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/23 18:53:47 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\utilisateur1\Bureau\OTL.exe
[2010/03/22 18:24:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/22 06:52:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/03/21 19:06:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\utilisateur1\Application Data\Dossier de téléchargement Share-to-Web
[2010/03/21 19:06:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\utilisateur1\Application Data\Dossier de téléchargement Share-to-Web
[2010/03/21 15:16:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/21 11:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\utilisateur1\temp
[2010/03/21 11:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\utilisateur1\Application Data\TeamViewer
[2010/03/19 20:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/03/19 20:20:42 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010/03/19 20:20:42 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010/03/18 22:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\utilisateur1\Application Data\Foxit Software
[2010/03/17 18:10:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\utilisateur1\Bureau\flo travail lycee
[2010/03/11 07:04:54 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/10 07:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\utilisateur1\Bureau\LAON
[2010/03/09 22:17:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\utilisateur1\Recent
[2010/03/08 21:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/03/03 08:35:41 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/02/24 21:09:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\utilisateur1\Application Data\Nitro PDF
[2010/02/24 21:09:05 | 000,026,432 | ---- | C] (Nitro PDF Software) -- C:\WINDOWS\System32\nitrolocalmon.dll
[2010/02/24 21:09:05 | 000,017,728 | ---- | C] (Nitro PDF Software) -- C:\WINDOWS\System32\nitrolocalui.dll
[2010/02/24 21:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2010/02/24 21:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Nitro PDF
[2010/02/24 21:08:41 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2010/02/24 21:07:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\utilisateur1\Application Data\Downloaded Installations
[2010/01/21 18:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/08/05 23:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/05/21 12:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/03/01 23:54:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/05/28 12:35:26 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2006/02/03 08:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2005/04/20 17:16:54 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[2004/08/20 11:30:08 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/03/24 07:27:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/24 07:27:10 | 000,000,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/03/24 07:26:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/24 07:26:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/23 22:51:02 | 013,631,488 | ---- | M] () -- C:\Documents and Settings\utilisateur1\ntuser.dat
[2010/03/23 22:51:02 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\utilisateur1\ntuser.ini
[2010/03/23 22:01:19 | 000,001,898 | -H-- | M] () -- C:\Documents and Settings\utilisateur1\Mes documents\Default.rdp
[2010/03/23 18:53:55 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\utilisateur1\Bureau\OTL.exe
[2010/03/22 19:48:12 | 000,000,271 | ---- | M] () -- C:\WINDOWS\hpqcopy.INI
[2010/03/22 07:05:08 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/22 07:04:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/21 15:17:01 | 000,000,286 | RHS- | M] () -- C:\boot.ini
[2010/03/20 21:15:40 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/03/17 18:05:21 | 000,001,086 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/12 22:29:39 | 000,000,518 | ---- | M] () -- C:\WINDOWS\LEXSTAT.INI
[2010/03/12 20:38:49 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\utilisateur1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/12 20:22:46 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk
[2010/03/10 19:00:46 | 000,000,811 | ---- | M] () -- C:\WINDOWS\EZPHOTO.INI
[2010/03/10 19:00:35 | 002,953,216 | ---- | M] () -- C:\Documents and Settings\utilisateur1\Mes documents\Money.mny
[2010/03/10 19:00:34 | 002,954,318 | R--- | M] () -- C:\Documents and Settings\utilisateur1\Mes documents\Money Sauvegarde.mbf
[2010/03/09 23:04:42 | 000,000,537 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/03/06 10:04:01 | 000,035,193 | ---- | M] () -- C:\Documents and Settings\utilisateur1\Bureau\flo.jpg
[2010/03/04 19:03:06 | 001,524,736 | ---- | M] () -- C:\Documents and Settings\utilisateur1\Bureau\FACTURE SARL.xls
[2010/03/03 19:25:07 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\utilisateur1\Bureau\etat des lieux.xls
[2010/03/03 11:09:38 | 000,001,503 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Choix de navigateur .lnk
[2010/03/01 07:13:47 | 001,106,432 | ---- | M] () -- C:\Documents and Settings\utilisateur1\Mes documents\famille nucleaire.doc
[2010/02/28 18:14:05 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\utilisateur1\Mes documents\~$mille nucleaire.doc
[2010/02/28 18:12:16 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\utilisateur1\Mes documents\Les évolutions de la famille et ses conséquences.doc
[2010/02/28 15:41:45 | 000,365,056 | ---- | M] () -- C:\Documents and Settings\utilisateur1\Mes documents\famille monoparentale.doc
[2010/02/26 16:16:17 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\utilisateur1\Mes documents\+.doc
[2010/02/25 13:57:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/24 21:09:01 | 000,001,770 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Nitro PDF Professional.lnk
[2010/02/24 10:49:06 | 000,302,719 | ---- | M] () -- C:\Documents and Settings\utilisateur1\Bureau\essqa.rtf
[2010/02/24 10:39:16 | 000,073,216 | ---- | M] () -- C:\WINDOWS\cadkasdeinst01f.exe

========== Files Created - No Company Name ==========

[2010/03/06 10:04:01 | 000,035,193 | ---- | C] () -- C:\Documents and Settings\utilisateur1\Bureau\flo.jpg
[2010/03/03 19:25:07 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\utilisateur1\Bureau\etat des lieux.xls
[2010/03/03 11:09:37 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Choix de navigateur .lnk
[2010/02/28 18:14:05 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\utilisateur1\Mes documents\~$mille nucleaire.doc
[2010/02/26 16:16:02 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\utilisateur1\Mes documents\+.doc
[2010/02/24 21:09:01 | 000,001,770 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Nitro PDF Professional.lnk
[2010/02/24 10:48:58 | 000,302,719 | ---- | C] () -- C:\Documents and Settings\utilisateur1\Bureau\essqa.rtf
[2010/02/23 17:40:10 | 001,106,432 | ---- | C] () -- C:\Documents and Settings\utilisateur1\Mes documents\famille nucleaire.doc
[2009/12/04 14:45:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2009/10/05 22:39:27 | 000,747,464 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/07/18 22:05:54 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/07/18 22:05:48 | 000,532,498 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009/07/18 22:05:47 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/07/18 22:05:47 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/07/18 22:05:46 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/07/18 22:05:43 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/07/18 22:05:41 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009/06/17 11:13:30 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/01/25 18:11:50 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\utilisateur1\Application Data\winscp.rnd
[2008/12/25 13:57:47 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/12/25 13:57:24 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2008/11/26 08:50:44 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\utilisateur1\Local Settings\Application Data\keyfile3.drm
[2008/10/08 14:56:23 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SPC220NC.INI
[2008/06/04 10:48:05 | 000,000,052 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI
[2008/02/10 12:50:52 | 000,029,472 | ---- | C] () -- C:\WINDOWS\jonaIII.ini
[2008/01/23 15:29:48 | 000,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc040c.dll
[2008/01/23 15:29:48 | 000,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc040c.dll
[2008/01/23 15:27:52 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2007/09/08 09:21:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bbcauto.INI
[2007/07/25 10:56:35 | 000,000,261 | ---- | C] () -- C:\WINDOWS\TMConverter.ini
[2007/07/19 13:33:22 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/03/27 18:26:53 | 000,000,022 | ---- | C] () -- C:\WINDOWS\lmps.INI
[2007/02/13 21:36:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\awras32.INI
[2006/12/30 17:09:25 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/12/25 23:34:10 | 000,153,761 | ---- | C] () -- C:\WINDOWS\System32\U2FRTF.DLL
[2006/12/25 23:34:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\U2FXLS.DLL
[2006/12/25 23:34:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\U2FWKS.DLL
[2006/12/25 23:34:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\U2FTEXT.DLL
[2006/12/25 23:34:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\U2FSEPV.DLL
[2006/12/25 23:34:09 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\U2FHTML.DLL
[2006/12/25 23:34:09 | 000,097,489 | ---- | C] () -- C:\WINDOWS\System32\U2FCR.DLL
[2006/12/25 23:34:09 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\U2FREC.DLL
[2006/12/25 23:34:09 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\U2FDIF.DLL
[2006/12/25 23:34:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\U2DDISK.DLL
[2006/12/25 23:34:05 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2IRDAO.DLL
[2006/12/25 23:34:05 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2CTDAO.DLL
[2006/12/25 23:34:05 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\P2BBND.DLL
[2006/12/24 00:04:25 | 000,000,042 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/11/27 21:15:21 | 000,000,016 | ---- | C] () -- C:\WINDOWS\RealityFusion.ini
[2006/11/15 22:03:12 | 000,024,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006/11/15 22:00:56 | 001,678,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2006/10/28 17:21:10 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2006/10/28 17:21:10 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006/10/09 19:15:29 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2006/09/29 17:37:54 | 000,000,352 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/09/20 11:15:31 | 000,000,085 | ---- | C] () -- C:\WINDOWS\hpqwrap.INI
[2006/08/10 09:51:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/07/18 23:09:47 | 000,000,977 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/06/08 22:26:34 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/06/08 22:26:34 | 000,000,114 | ---- | C] () -- C:\WINDOWS\kpcms.ini
[2006/06/08 22:26:32 | 000,000,811 | ---- | C] () -- C:\WINDOWS\EZPHOTO.INI
[2006/06/03 18:05:27 | 000,000,053 | ---- | C] () -- C:\WINDOWS\styliste.ini
[2006/03/12 23:25:29 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\utilisateur1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/11 09:39:04 | 000,000,271 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2006/03/09 17:40:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/02/16 22:58:37 | 000,000,518 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2006/02/03 09:00:57 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\6316059473.sys
[2006/02/03 09:00:53 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/02/03 08:57:33 | 000,000,861 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/03 08:50:42 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/02/03 08:46:43 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\utilisateur1\Local Settings\Application Data\fusioncache.dat
[2006/01/30 23:29:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/30 23:25:22 | 000,000,537 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/01/30 23:04:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/01/30 23:03:42 | 000,000,537 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 09:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/04/20 17:16:54 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\P2SODBC.DLL
[2005/04/20 17:16:54 | 000,124,256 | ---- | C] () -- C:\WINDOWS\System32\U2DMAPI.DLL
[2005/04/20 17:16:54 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\U2FWORDW.DLL
[2005/04/20 17:16:54 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\CRXLAT32.DLL
[2005/04/20 17:16:53 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[2005/03/01 15:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/08/20 11:45:35 | 000,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/20 11:34:09 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[1997/08/29 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/08/29 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/08/29 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\VAFR232.DLL
[1997/08/29 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Zapotec.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\wmprfFRA.prx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\winnt256.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\winnt.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\winhelp.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\vmmreg32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Vent de prairie.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\vbaddin.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\vb.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\utpath.inf:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Tasse à café.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\TASKMAN.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xenroll.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wshisn.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wshatm.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wpdtrace.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wpdmtpdr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wowfaxui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wowfax.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wowdeb.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMSUI32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmiprop.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmimgmt.msc:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmerrFRA.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wisptis.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winstrm.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINSSPI.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINSIZE.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winnls.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winmsd.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winhlp32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winhelp.hlp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winfax.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winchat.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\win.com:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wifeman.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\webhits.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wdl.trm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wbdbase.sve:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wbdbase.nld:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wbdbase.ita:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wbdbase.fra:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wbdbase.esn:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wbdbase.enu:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wbdbase.deu:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wbcache.sve:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wbcache.nld:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wbcache.ita:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wbcache.fra:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wbcache.esn:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wbcache.enu:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wbcache.deu:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\w32topl.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\w32tm.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vxdmdcdlg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vssadmin.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vss_ps.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vjoy.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga64k.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga256.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vfpodbc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\verifier.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ver.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VEN2232.OLB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VBAME.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VBAFR32.OLB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VBAEND32.OLB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VBAEN32.OLB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VB5DB.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VAFR232.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\v7vga.rom:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrvpa.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrvoica.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrv80a.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrv42a.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrsvpia.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrshuta.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrsdpia.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrrtosa.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrprbda.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrmlnka.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrlogon.cmd:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrlbva.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrfaxa.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrdtea.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrdpa.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrcoina.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usrcntra.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\USASCII.TRN:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ureg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unlodctr.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\umdmxfrm.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ufat.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\typelib.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tsshutdn.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tslabels.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tslabels.h:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tskill.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tsdiscon.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tsd32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tscupgrd.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tscon.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tracert6.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tftp.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\telephon.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tcpsvcs.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tcpmon.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tcmsetup.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tcmlang.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TcmEchiquier.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\taskman.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tapiui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tapiperf.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\systray.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sysprtj.sep:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sysprint.sep:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\syskey.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sysinv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sysedit.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\syncapp.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\swprv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SWEDISH.TRN:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\svcpack.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\subst.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\subrange.uce:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\storage.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sqlwoa.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sqlwid.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sqlsrv32.rll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sqlsodbc.chm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\spxcoins.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sprio800.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sprio600.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sprestrt.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\spnike.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\softpub.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Snap32n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\slbrccsp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\slbcsp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sisbkup.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shiftjis.uce:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\share.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shadow.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sfmapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sfc.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\setver.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\setupdll.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\setup.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\serwvdrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\services.msc:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\serialui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\senscfg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\secupd.sig:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\secupd.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sdpblb.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\scrrnfr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\scredir.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SCP32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\scofr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sccbase.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\scardssp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SCANPST.HLP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rwinsta.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\runas.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rtm.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsvpperf.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsvpmsg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsvpcnts.h:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsvp.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsmui.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsmsink.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsm.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsaci.rat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rpcns4.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\routetab.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\routemon.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\route.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ROBOEX32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rnr20.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rfmsglog.txt:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\reset.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\replace.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rend.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\regwiz.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\regini.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\regedt32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RefEdit.TWD:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\recover.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasser.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasrad.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasmxs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasmontr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasdial.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasctrs.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasctrs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasctrnm.h:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasautou.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\qwinsta.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\qosname.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\qappsrv.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pubprn.vbs:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Pubole32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PUBDLG.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\psnppagn.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pscript.sep:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pschdprf.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pschdprf.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pschdcnt.h:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PRONtObj.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\prodspec.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\print.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\prflbmsg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PostProc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\popup.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pmspl.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\plustab.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ping6.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PICSTORE.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\perfwci.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\perfwci.h:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\perfts.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\perfi00C.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\perfi009.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\perffilt.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\perffilt.h:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\perfd00C.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\perfd009.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\perfci.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\perfci.h:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pentnt.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pcl.sep:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pathping.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\paqsp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\panmap.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OUTLCOMM.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\osuninst.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olesvr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OLEMSG32.REG:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OLEMSG32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OLEMSG.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olecli.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ole2nls.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ole2disp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ole2.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OEMBKGN1.BMP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ODBCTL32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ODBCSTF.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ODBCKEY.INF:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ODBCJTNW.HLP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ODBCJTNW.CNT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ODBCJET.HLP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ODBCJET.CNT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ODBCINST.HLP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ODBCINST.CNT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\odbc16gt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ochlp30e.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntsd.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntmsoprq.msc:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntmsmgr.msc:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntmsevt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntlanui2.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntlanui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntio804.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntio412.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntio411.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntio404.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntimage.gif:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntdos804.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntdos412.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntdos411.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntdos404.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NORWEG.TRN:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.tha:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.sve:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.nld:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.ita:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.fra:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.esn:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.enu:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.eng:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.deu:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.cht:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.chs:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nmevtmsg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nlsfunc.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netui2.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\neth.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netfxperf.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\net.hlp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ncxpnt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ncpa.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nbtstat.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\narrhook.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msxml4r.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msxml2r.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSXBSE35.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSWINSCK.oca:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSUNI10.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSTEXT35.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msswchx.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msswch.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mssip32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msrecr40.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msrclr40.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msratelc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msr2cenu.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msr2c.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSPST32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSPRPFR.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSOTHUNK.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msobjs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSJet35.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSISAM10.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSFS32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSEXCL35.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msdtcprf.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msdtcprf.h:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msacm.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msaatext.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mrinfo.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mprui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mprmsg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mprddm.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mpnotify.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mountvol.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\modex.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mode.com:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmutilse.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmtask.tsk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmdriver.inf:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mll_qic.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mll_mtf.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mll_hp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MLCFG32.CPL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mlang.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ML3XEC16.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MISC2.SRG:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MINET32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\migpwd.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mib.bin:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mfcuia32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MFC71u.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mfc70u.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mfc70.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MFC42FRA.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mem.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mdwmdmsp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mdhcp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mcoinstall.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mciwave.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mciseq.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mciole32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mciole16.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mciavi.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mchgrcoi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mcdsrv32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MAPISRVR.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MAPISP32.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MAPI.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\main.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lzexpand.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lusrmgr.msc:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lrnxp.ico:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lprmonui.dll:KAVICHS
@Altern

arf désolée, trop long.... voici le lien du rapport :

http://www.cijoint.fr/cjlink.php?file=cj201003/cijzqGGV...

Kaspersky a laissé des ADS sur plusieurs fichiers.

Suite cette manip' :
http://assiste.forum.free.fr/viewtopic.php?p=104376&sid...

ok c'est fait !

Tu n'as pas eu de rapport ?

non j'viens de vérifier pas de rapport à la suite du scan

1/

Télécharge ToolsCleaner2 sur ton Bureau.

Double-clique sur ToolsCleaner2.exe pour le lancer.

Clique sur Recherche et laisse le scan agir.

Clique sur Suppression pour finaliser.

Tu peux, si tu le souhaites, te servir des Options Facultatives.

Clique sur Quitter pour obtenir le rapport.

Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


2/

Télécharge et installe CCleaner (N'installe pas la Yahoo! Toolbar).

Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....

Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.


3/

Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.


==Prévention==

Pour supprimer les popups d'AntiVir : Lien

Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, Propriétés, onglet Mises à jour automatiques).

Par rapport au P2P : Lien

Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


==Problème résolu ?==

--> Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre. Pour cela :

Clique, dans ton premier message, sur le bouton Editer .

Ajoute la mention [Résolu] devant le titre.

Clique ensuite sur Valider votre message.


Sois plus vigilant(e) sur Internet  

bonsoir !

voici le rapport demandé !

Oui je pense que mon problème est résolu à présent....

Merci beaucoup pour ton aide précieuse ainsi que les conseils donnés que j'essaierai d'appliquer à la lettre :-)

Encore merci !

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\fixnavi.txt: trouvé !
C:\rapport_clean.txt: trouvé !
C:\TB.txt: trouvé !
C:\FindyKill.txt: trouvé !
C:\HijackThis: trouvé !
C:\Toolbar SD: trouvé !
C:\FindyKill: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\utilisateur1\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\utilisateur1\Bureau\nat\EliBaglA.exe: trouvé !
C:\Documents and Settings\utilisateur1\Bureau\Raccourcis Bureau non utilisés\HijackThis.lnk: trouvé !
C:\HijackThis\hijackthis.log: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Ad-remover: trouvé !
C:\Program Files\Ad-Remover\BACKUP\Ad-R.exe: trouvé !
C:\Program Files\Hijackthis Version Française\hijackthis.log: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files\Navilog1\catchme.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
--> Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\utilisateur1\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\utilisateur1\Bureau\nat\EliBaglA.exe: supprimé !
C:\Documents and Settings\utilisateur1\Bureau\Raccourcis Bureau non utilisés\HijackThis.lnk: supprimé !
C:\Program Files\Ad-Remover\BACKUP\Ad-R.exe: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Program Files\Navilog1\catchme.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\fixnavi.txt: supprimé !
C:\rapport_clean.txt: supprimé !
C:\TB.txt: supprimé !
C:\FindyKill.txt: supprimé !
C:\HijackThis\hijackthis.log: supprimé !
C:\Program Files\Hijackthis Version Française\hijackthis.log: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\HijackThis: supprimé !
C:\Toolbar SD: supprimé !
C:\FindyKill: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Ad-remover: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Tu peux supprimer ToolsCleaner.

Bonne soirée