Benard

Bonsoir, voici les 2 rapports Combofix ComboFix 10-04-12.01 - Bernard 13/04/2010 19:22:44.2.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.32.1036.18.2038.1419 [GMT 2:00] Lancé depuis: c:\documents and settings\Bernard\Bureau\panpan.exe Commutateurs utilisés :: c:\documents and settings\Bernard\Bureau\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} * Un antivirus résident est actif FILE :: "c:\program files\regcure" "c:\program files\regcure\regcure.exe" "c:\windows\system32\dccdd.ini" "c:\windows\system32\dccdd.ini2" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\regcure\regcure.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2010-03-13 au 2010-04-13 )))))))))))))))))))))))))))))))))))) . 2010-04-12 21:40 . 2010-04-12 20:26 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-04-12 21:20 . 2010-04-12 21:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-04-12 20:22 . 2010-04-12 20:22 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-04-12 20:22 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe 2010-04-12 20:22 . 2010-04-12 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-04-10 20:53 . 2010-04-10 20:53 -------- d-----r- c:\documents and settings\LocalService\Favoris 2010-04-10 17:44 . 2010-04-10 17:58 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-04-10 17:44 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-04-10 17:44 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-04-10 17:44 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-04-10 17:44 . 2010-04-10 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-04-09 21:36 . 2010-02-06 18:51 918816 ----a-w- c:\documents and settings\Bernard\Application Data\Sun\Java\JRERunOnce.exe 2010-04-09 21:34 . 2010-04-09 21:34 79488 ----a-w- c:\documents and settings\Bernard\Application Data\Sun\Java\jre1.6.0_18\gtapi.dll 2010-04-09 17:36 . 2010-04-09 17:36 5918775 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-04-08 20:07 . 2010-04-08 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\OfficeRecovery 2010-04-08 16:05 . 2007-08-31 10:52 56496 ----a-w- c:\windows\system32\wbhelp2.dll 2010-04-08 16:05 . 2007-08-31 10:52 33968 ----a-w- c:\windows\system32\anim.dll 2010-04-08 16:05 . 1999-11-22 13:50 4608 ----a-w- c:\windows\system32\W95INF32.DLL 2010-04-08 16:05 . 1999-11-22 13:50 2272 ----a-w- c:\windows\system32\W95INF16.DLL 2010-04-07 21:29 . 2004-03-16 06:35 49152 ----a-w- c:\windows\system32\OctaneARM.dll 2010-04-07 21:01 . 2010-04-07 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2010-04-07 21:01 . 2010-04-07 21:01 -------- d-----w- c:\program files\Fichiers communs\ParetoLogic 2010-04-07 21:00 . 2010-04-07 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Cached Installations 2010-04-04 09:33 . 2010-04-04 09:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2010-04-03 09:56 . 2010-04-03 09:56 -------- d-----w- c:\documents and settings\All Users\Application Data\element5 2010-04-03 09:56 . 2010-04-03 09:56 -------- d-----w- c:\program files\Fichiers communs\element5 Shared 2010-04-01 20:26 . 2010-04-01 20:31 -------- d-----w- c:\documents and settings\Bernard\Application Data\XnView 2010-03-31 19:20 . 2010-03-31 19:20 -------- d-----w- c:\documents and settings\Bernard\Application Data\Uniblue 2010-03-31 17:41 . 2010-03-31 17:41 118182 ----a-w- c:\windows\Collage Templates Pack Uninstaller.exe 2010-03-30 19:25 . 2010-03-30 19:25 189949 ----a-w- c:\windows\Photo Pos Pro Uninstaller.exe 2010-03-30 19:25 . 2010-03-30 19:25 -------- d-----w- c:\program files\Fichiers communs\Thraex Software 2010-03-29 17:24 . 2007-08-27 14:25 133632 ----a-w- c:\windows\system32\PhotoImpression Slideshow.scr 2010-03-29 17:24 . 2010-03-29 17:24 -------- d-----w- c:\windows\system32\PhotoImpression Slideshow 2010-03-28 09:28 . 2010-03-28 09:28 -------- d-----w- c:\documents and settings\Bernard\Local Settings\Application Data\IsolatedStorage 2010-03-28 09:28 . 2010-03-28 09:28 -------- d-----w- c:\windows\XSxS 2010-03-28 09:28 . 2010-03-28 09:28 -------- d-----w- c:\program files\Xenocode 2010-03-28 09:28 . 2010-03-28 09:28 -------- d-----w- c:\documents and settings\Bernard\Local Settings\Application Data\Xenocode 2010-03-28 09:03 . 2010-03-28 09:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Visan 2010-03-28 09:01 . 2010-04-01 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations 2010-03-28 09:01 . 2010-03-28 09:02 -------- d-----w- c:\program files\HP Photo Creations 2010-03-27 21:31 . 2010-03-27 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant 2010-03-27 21:06 . 2010-03-27 21:06 -------- d-----w- c:\documents and settings\Bernard\Application Data\EPSON 2010-03-27 20:27 . 2010-03-27 20:27 -------- d-----w- c:\documents and settings\Bernard\Application Data\KodakCredentialStore 2010-03-25 20:32 . 2010-03-25 20:42 19499 ----a-w- c:\windows\hpqins13.dat 2010-03-24 21:38 . 2010-03-24 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\UDL 2010-03-24 21:38 . 2010-03-24 21:38 -------- d-----w- c:\program files\Epson Software 2010-03-24 21:37 . 2010-03-24 21:37 -------- d-----w- c:\documents and settings\Bernard\Application Data\InstallShield 2010-03-24 21:07 . 2010-03-24 21:07 -------- d-----w- c:\documents and settings\Bernard\Local Settings\Application Data\HP 2010-03-24 20:27 . 2010-03-24 20:27 -------- d-----w- c:\documents and settings\Bernard\Application Data\HP 2010-03-24 20:24 . 2010-03-24 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG 2010-03-24 20:22 . 2007-03-08 04:20 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys 2010-03-24 20:22 . 2007-03-08 04:20 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys 2010-03-24 20:22 . 2010-03-24 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard 2010-03-24 20:21 . 2007-04-04 07:47 267864 ----a-r- c:\windows\system32\hpzids01.dll 2010-03-24 20:21 . 2007-03-28 12:57 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll 2010-03-24 20:21 . 2007-03-28 13:01 118272 ----a-w- c:\windows\system32\hpz3l5ha.dll 2010-03-24 20:21 . 2006-10-31 12:49 94208 ----a-w- c:\windows\system32\HPJIPX1U.DLL 2010-03-24 20:21 . 2006-10-31 12:49 163840 ----a-w- c:\windows\system32\HPJCMN2U.DLL 2010-03-24 20:21 . 2006-10-31 12:48 49152 ----a-w- c:\windows\system32\HPBNRAC2.DLL 2010-03-24 20:21 . 2006-10-31 12:48 241721 ----a-w- c:\windows\system32\HPBMINI.DLL 2010-03-24 20:21 . 2007-03-08 04:20 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys 2010-03-24 20:21 . 2007-03-08 04:20 364544 ----a-r- c:\windows\system32\hppldcoi.dll 2010-03-24 20:18 . 2010-03-27 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2010-03-24 20:17 . 2010-03-24 20:17 -------- d-----w- c:\program files\Fichiers communs\HP 2010-03-24 20:15 . 2010-03-27 21:50 -------- d-----w- c:\program files\HP 2010-03-24 20:13 . 2010-03-28 08:45 181887 ----a-w- c:\windows\hpoins16.dat 2010-03-24 20:13 . 2008-01-24 01:03 4602 ------w- c:\windows\hpomdl16.dat 2010-03-21 09:59 . 2008-04-02 19:00 198656 ----a-w- c:\windows\system32\CNMLM83.DLL 2010-03-21 09:59 . 2006-09-12 19:00 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP83.DLL 2010-03-21 09:59 . 2006-09-12 19:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD83.DLL . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-13 17:39 . 2007-07-25 19:00 -------- d-----w- c:\program files\RegCure 2010-04-13 16:59 . 2007-07-20 20:28 -------- d-----w- c:\documents and settings\Bernard\Application Data\DMCache 2010-04-12 21:16 . 2009-05-12 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitmeter2 2010-04-12 20:16 . 2007-07-17 12:24 -------- d-----w- c:\documents and settings\Bernard\Application Data\Lavasoft 2010-04-11 17:35 . 2007-07-20 20:10 -------- d-----w- c:\documents and settings\Bernard\Application Data\Spyware Terminator 2010-04-11 17:23 . 2007-07-20 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator 2010-04-11 10:15 . 2007-07-20 20:10 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe 2010-04-11 10:02 . 2007-12-28 11:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-04-11 10:02 . 2007-07-20 20:10 -------- d-----w- c:\program files\Spyware Terminator 2010-04-09 21:36 . 2007-07-17 10:22 -------- d-----w- c:\program files\Fichiers communs\Java 2010-04-09 20:51 . 2007-07-17 10:32 104632 ----a-w- c:\documents and settings\Bernard\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-09 16:44 . 2004-08-05 12:00 85608 ----a-w- c:\windows\system32\perfc00C.dat 2010-04-09 16:44 . 2004-08-05 12:00 513410 ----a-w- c:\windows\system32\perfh00C.dat 2010-04-07 21:19 . 2007-07-17 10:36 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-04-05 16:20 . 2009-03-01 17:02 248 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll 2010-04-04 16:28 . 2007-07-19 18:30 -------- d-----w- c:\documents and settings\Bernard\Application Data\Vso 2010-04-04 10:22 . 2007-07-20 20:14 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys 2010-04-04 09:38 . 2008-05-07 16:15 -------- d-----w- c:\program files\Picasa2 2010-04-03 09:57 . 2008-10-12 16:53 -------- d-----w- c:\documents and settings\Bernard\Application Data\ArcSoft 2010-03-31 16:42 . 2007-07-19 18:41 -------- d-----w- c:\documents and settings\Bernard\Application Data\Corel 2010-03-31 16:03 . 2007-07-21 19:55 88 --sh--r- c:\windows\system32\5ECE5E1F74.sys 2010-03-31 16:03 . 2007-07-21 19:55 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys 2010-03-29 22:46 . 2008-09-01 20:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-29 22:45 . 2008-09-01 20:29 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-21 10:00 . 2010-03-21 10:00 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ 2010-03-20 15:14 . 2007-07-17 10:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-03-20 14:37 . 2009-02-26 20:00 -------- d-----w- c:\documents and settings\Bernard\Application Data\Lasersoft Imaging 2010-02-25 18:19 . 2010-02-25 18:19 -------- d-----w- c:\documents and settings\Bernard\Application Data\Nero 2010-02-25 18:10 . 2010-02-25 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero 2010-02-25 18:09 . 2010-02-25 18:09 -------- d-----w- c:\program files\Fichiers communs\Nero 2010-02-25 06:17 . 2004-08-05 12:00 916480 ------w- c:\windows\system32\wininet.dll 2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr 2010-02-12 10:03 . 2010-03-01 09:51 293376 ------w- c:\windows\system32\browserchoice.exe 2010-02-06 18:59 . 2010-02-06 18:59 503808 ----a-w- c:\documents and settings\Bernard\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-630691be-n\msvcp71.dll 2010-02-06 18:59 . 2010-02-06 18:59 499712 ----a-w- c:\documents and settings\Bernard\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-630691be-n\jmc.dll 2010-02-06 18:59 . 2010-02-06 18:59 348160 ----a-w- c:\documents and settings\Bernard\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-630691be-n\msvcr71.dll 2010-02-06 18:58 . 2010-02-06 18:58 61440 ----a-w- c:\documents and settings\Bernard\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-67a6f985-n\decora-sse.dll 2010-02-06 18:58 . 2010-02-06 18:58 12800 ----a-w- c:\documents and settings\Bernard\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-67a6f985-n\decora-d3d.dll 2010-02-06 18:58 . 2010-02-06 18:58 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-01-22 03:13 . 2010-01-31 10:41 198064 ----a-w- c:\documents and settings\Bernard\Application Data\Mozilla\Firefox\Profiles\u8d8i3ux.default\extensions\mozilla_cc@internetdownloadmanager.com\components\idmmzcc.dll 2007-01-25 01:52 . 2007-01-25 01:52 65536 ----a-w- c:\program files\Fichiers communs\NMSAccessU.exe 2008-06-19 09:16 . 2008-06-19 09:16 118784 ----a-w- c:\program files\mozilla firefox\plugins\MyCamera.dll 2008-02-17 19:44 . 2008-02-16 17:19 175603 --sha-w- c:\windows\system32\dccdd.ini.ren 2008-02-17 19:42 . 2008-02-16 17:19 175603 --sha-w- c:\windows\system32\dccdd.ini2.ren . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="d:\winutil\Internet Download Manager\IDMan.exe" [2006-11-12 880896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="d:\winutil\AntiVir PersonalEdition Classic\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Bitmeter2.lnk - d:\winsys\BitMeter\BitMeter2.exe [2009-1-3 1462272] Wincmd.lnk - d:\winprog\Wincmd\TOTALCMD.EXE [2007-7-19 2902984] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk] backup=c:\windows\pss\Logiciel Kodak EasyShare.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\U.S. Robotics Wireless Manager UI] c:\windows\system32\WLTRAY [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] 2007-06-11 09:25 6731312 ------w- d:\winutil\AVG Anti-Spyware 7.5\avgas.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] 2007-07-19 21:25 684032 ------w- d:\winapps\Easy CD Creator\DirectCD\Directcd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-12-11 14:57 948672 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-03-16 09:45 63712 ------w- d:\winapps\PhotoShop Album\3.2\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-22 00:57 35760 ----a-w- d:\winutil\Adobe Reader 9.1\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 16:43 69632 -c----w- c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2010-03-18 09:19 207360 ----a-w- c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client] 2009-10-25 16:39 3730832 ----a-w- d:\winutil\Babylon\Babylon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2006-10-09 09:28 139264 ------w- c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu] 2007-05-14 16:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] 2006-09-28 19:21 57344 ------w- d:\winapps\CloneCD\CloneCDTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector] 2003-11-27 09:16 217088 ----a-w- c:\program files\Fichiers communs\ACD Systems\FR\DevDetect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2008-10-21 08:51 172032 ----a-w- c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-10-14 20:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon] 2008-08-20 09:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2008-10-21 08:51 143360 ----a-w- c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray] 2007-12-10 13:53 1103752 ------w- d:\winutil\Spyware Doctor\pctsTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 02:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent] 2009-10-07 09:12 1086760 ----a-w- d:\winapps\Nero Backitup\Nero BackItUp\NBAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 14:40 155648 ------w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4] 2007-02-04 11:02 79400 ----a-w- d:\winapps\OmnipageSE4\OpWareSE4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando] 2007-10-05 10:33 5207368 ------w- d:\winutil\pando\pando.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2008-10-21 08:51 143360 ----a-w- c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-06-29 04:24 286720 ------w- d:\winutil\quicktime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio] 2005-01-07 15:07 61952 ------w- c:\windows\system32\HdAShCut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2006-06-28 12:54 16248320 -c----w- c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] 2006-05-16 16:04 2879488 -c----w- c:\windows\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2006-10-25 08:03 210472 ----a-w- c:\program files\Fichiers communs\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-01-11 13:21 246504 ----a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe] 2005-03-13 23:37 1057280 ------w- c:\program files\SuperCopier2\SuperCopier2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2007-07-19 19:32 185896 ------w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "PnkBstrB"=2 (0x2) "PnkBstrA"=2 (0x2) "AVG Anti-Spyware Guard"=3 (0x3) "AntiVirScheduler"=2 (0x2) "sp_rssrv"=2 (0x2) "sdCoreService"=3 (0x3) "sdAuxService"=3 (0x3) "ProtexisLicensing"=2 (0x2) "NBService"=3 (0x3) "hpqddsvc"=2 (0x2) "hpqcxs08"=3 (0x3) "AdobeActiveFileMonitor5.0"=2 (0x2) "ACDaemon"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "d:\\Winutil\\pando\\pando.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "d:\\Winutil\\phpDesigner 2008\\phpDesigner2008.exe"= "d:\\Winapps\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [20/07/2007 22:14 142592] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\winutil\Lavasoft\Ad-Aware\AAWService.exe [4/02/2010 17:52 1265264] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/11/2008 23:19 664064] S3 AntiVirSchedulerService;Avira AntiVir Planificateur;d:\winutil\AntiVir PersonalEdition Classic\Avira\AntiVir Desktop\sched.exe [10/04/2010 19:44 108289] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\winapps\common\Database\bin\fbserver.exe [10/03/2009 20:15 1527900] S3 sdAuxService;PC Tools Auxiliary Service;d:\winutil\Spyware Doctor\pctsAuxs.exe [20/02/2008 20:48 747912] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contenu du dossier 'Tâches planifiées' 2010-04-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job - d:\winutil\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 20:26] 2010-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57] 2010-04-13 c:\windows\Tasks\ParetoLogic Registration.job - c:\program files\Fichiers communs\ParetoLogic\UUS2\UUS.dll [2008-02-22 10:25] 2010-04-08 c:\windows\Tasks\RegCure.job - d:\winsys\RegCure\RegCure.exe [2007-07-20 08:49] 2010-04-13 c:\windows\Tasks\User_Feed_Synchronization-{7C876E5A-5E06-41DF-B94D-EFF5E3472588}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31] 2010-04-13 c:\windows\Tasks\XoftSpySE.job - d:\winsys\XoftSpySE\XoftSpy.exe [2007-07-20 10:32] . . ------- Examen supplémentaire ------- . uStart Page = about:blank IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download All Links with IDM - d:\winutil\Internet Download Manager\IEGetAll.htm IE: Download with IDM - d:\winutil\Internet Download Manager\IEExt.htm IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Liens de téléchargement avec Mega Manager... IE: Translate this web page with Babylon - d:\winutil\Babylon\Utils\BabylonIEPI.dll/ActionTU.htm IE: Translate with Babylon - d:\winutil\Babylon\Utils\BabylonIEPI.dll/Action.htm IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://d:\winutil\Babylon\Utils\BabylonIEPI.dll/ActionTU.htm FF - ProfilePath - c:\documents and settings\Bernard\Application Data\Mozilla\Firefox\Profiles\u8d8i3ux.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:blank FF - prefs.js: keyword.URL - hxxp://se.search.yahoo.com/search?ei=utf-8&fr=megaup&p= FF - component: c:\documents and settings\Bernard\Application Data\Mozilla\Firefox\Profiles\u8d8i3ux.default\extensions\mozilla_cc@internetdownloadmanager.com\components\idmmzcc.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCIG.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll FF - plugin: c:\program files\Picasa2\npPicasa3.dll FF - plugin: d:\winutil\Adobe Reader 9.1\Reader\browser\nppdf32.dll FF - plugin: d:\winutil\quicktime\Plugins\npqtplugin.dll FF - plugin: d:\winutil\quicktime\Plugins\npqtplugin2.dll FF - plugin: d:\winutil\quicktime\Plugins\npqtplugin3.dll FF - plugin: d:\winutil\quicktime\Plugins\npqtplugin4.dll FF - plugin: d:\winutil\quicktime\Plugins\npqtplugin5.dll FF - plugin: d:\winutil\quicktime\Plugins\npqtplugin6.dll FF - plugin: d:\winutil\quicktime\Plugins\npqtplugin7.dll ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.bookmark_page", false); c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.current_page", false); c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.restore_default", false); c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importBookmarksHTML", true); c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importDefaults", false); c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.search.selectedEngine", "xeoo.com"); c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("keyword.URL", "http://xeoo.com/?p=url&a=firefox&k="); c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.startup.homepage", "http://www.xeoo.com/?p=h&a=firefox"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-13 19:40 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-861567501-1450960922-839522115-1004\Software\SecuROM\License information*] "datasecu"=hex:2d,4a,0c,0e,de,94,4d,97,e8,fd,2c,f5,37,36,56,cd,e8,00,e3,a2,0c, 5b,33,56,6b,c5,9e,2d,e6,65,db,34,86,cb,e0,14,12,86,2e,a2,b5,85,c0,8c,4d,22,\ "rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{46c39b8b-4b8c-4fb0-80cd-bfc45e10d56c}] @Denied: (Full) (Everyone) "Model"=dword:0000011d "Therad"=dword:00000014 "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,51,c4,5c,06,a5,56,2b,b8,fc,6c,7d,0c,e4,64,14,e0,34,0b,ed,d8,24,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):ca,3b,4a,81,0a,05,c7,f4,25,0b,e9,a6,37,d7,e8,74,1c,60,61,67,8e, ae,cc,bc,1f,f0,ad,c2,5c,69,9f,70,77,75,7a,37,c6,5f,54,73,00,00,00,00,00,00,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(760) c:\windows\System32\BCMLogon.dll . Heure de fin: 2010-04-13 19:43:18 ComboFix-quarantined-files.txt 2010-04-13 17:43 ComboFix2.txt 2010-04-12 21:22 Avant-CF: 9.064.378.368 octets libres Après-CF: 9.027.989.504 octets libres - - End Of File - - E5FB41EE4C4C185C33BA7D7095A077FE et MBR Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK

Bonne nuit, je vais suivre ton conseil, je serai plus prudent à l'avenir éviter les sites de crack et autres crasses voici le rapport combifix moi, je n'y comprends pas grand chose ComboFix 10-04-12.01 - Bernard 12/04/2010 22:54:05.1.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.32.1036.18.2038.1297 [GMT 2:00] Lancé depuis: c:\documents and settings\Bernard\Bureau\panpan.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Bernard\Application Data\inst.exe c:\windows\system32\AutoRun.inf c:\windows\system32\syoepk_lib0.dll c:\windows\system32\wbem\Performance\WmiApRpl_new.h . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Legacy_SSHNAS ((((((((((((((((((((((((((((( Fichiers créés du 2010-03-12 au 2010-04-12 )))))))))))))))))))))))))))))))))))) . 2010-04-12 20:26 . 2010-04-12 20:26 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-04-12 20:22 . 2010-04-12 20:22 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-04-12 20:22 . 2010-04-12 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-04-10 20:53 . 2010-04-10 20:53 -------- d-----r- c:\documents and settings\LocalService\Favoris 2010-04-10 17:44 . 2010-04-10 17:58 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-04-10 17:44 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-04-10 17:44 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-04-10 17:44 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-04-10 17:44 . 2010-04-10 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-04-08 20:07 . 2010-04-08 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\OfficeRecovery 2010-04-08 16:05 . 2007-08-31 10:52 56496 ----a-w- c:\windows\system32\wbhelp2.dll 2010-04-08 16:05 . 2007-08-31 10:52 33968 ----a-w- c:\windows\system32\anim.dll 2010-04-08 16:05 . 1999-11-22 13:50 4608 ----a-w- c:\windows\system32\W95INF32.DLL 2010-04-08 16:05 . 1999-11-22 13:50 2272 ----a-w- c:\windows\system32\W95INF16.DLL 2010-04-07 21:29 . 2004-03-16 06:35 49152 ----a-w- c:\windows\system32\OctaneARM.dll 2010-04-07 21:01 . 2010-04-07 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2010-04-07 21:01 . 2010-04-07 21:01 -------- d-----w- c:\program files\Fichiers communs\ParetoLogic 2010-04-07 21:00 . 2010-04-07 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Cached Installations 2010-04-04 09:33 . 2010-04-04 09:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2010-04-03 09:56 . 2010-04-03 09:56 -------- d-----w- c:\documents and settings\All Users\Application Data\element5 2010-04-03 09:56 . 2010-04-03 09:56 -------- d-----w- c:\program files\Fichiers communs\element5 Shared 2010-04-01 20:26 . 2010-04-01 20:31 -------- d-----w- c:\documents and settings\Bernard\Application Data\XnView 2010-03-31 19:20 . 2010-03-31 19:20 -------- d-----w- c:\documents and settings\Bernard\Application Data\Uniblue 2010-03-31 17:41 . 2010-03-31 17:41 118182 ----a-w- c:\windows\Collage Templates Pack Uninstaller.exe 2010-03-30 19:25 . 2010-03-30 19:25 189949 ----a-w- c:\windows\Photo Pos Pro Uninstaller.exe 2010-03-30 19:25 . 2010-03-30 19:25 -------- d-----w- c:\program files\Fichiers communs\Thraex Software 2010-03-29 17:24 . 2007-08-27 14:25 133632 ----a-w- c:\windows\system32\PhotoImpression Slideshow.scr 2010-03-29 17:24 . 2010-03-29 17:24 -------- d-----w- c:\windows\system32\PhotoImpression Slideshow 2010-03-28 09:28 . 2010-03-28 09:28 -------- d-----w- c:\documents and settings\Bernard\Local Settings\Application Data\IsolatedStorage 2010-03-28 09:28 . 2010-03-28 09:28 -------- d-----w- c:\windows\XSxS 2010-03-28 09:28 . 2010-03-28 09:28 -------- d-----w- c:\program files\Xenocode 2010-03-28 09:28 . 2010-03-28 09:28 -------- d-----w- c:\documents and settings\Bernard\Local Settings\Application Data\Xenocode 2010-03-28 09:03 . 2010-03-28 09:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Visan 2010-03-28 09:01 . 2010-04-01 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations 2010-03-28 09:01 . 2010-03-28 09:02 -------- d-----w- c:\program files\HP Photo Creations 2010-03-27 21:31 . 2010-03-27 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant 2010-03-27 21:06 . 2010-03-27 21:06 -------- d-----w- c:\documents and settings\Bernard\Application Data\EPSON 2010-03-27 20:27 . 2010-03-27 20:27 -------- d-----w- c:\documents and settings\Bernard\Application Data\KodakCredentialStore 2010-03-25 20:32 . 2010-03-25 20:42 19499 ----a-w- c:\windows\hpqins13.dat 2010-03-24 21:38 . 2010-03-24 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\UDL 2010-03-24 21:38 . 2010-03-24 21:38 -------- d-----w- c:\program files\Epson Software 2010-03-24 21:37 . 2010-03-24 21:37 -------- d-----w- c:\documents and settings\Bernard\Application Data\InstallShield 2010-03-24 21:07 . 2010-03-24 21:07 -------- d-----w- c:\documents and settings\Bernard\Local Settings\Application Data\HP 2010-03-24 20:27 . 2010-03-24 20:27 -------- d-----w- c:\documents and settings\Bernard\Application Data\HP 2010-03-24 20:24 . 2010-03-24 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG 2010-03-24 20:22 . 2007-03-08 04:20 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys 2010-03-24 20:22 . 2007-03-08 04:20 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys 2010-03-24 20:22 . 2010-03-24 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard 2010-03-24 20:21 . 2007-04-04 07:47 267864 ----a-r- c:\windows\system32\hpzids01.dll 2010-03-24 20:21 . 2007-03-28 12:57 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll 2010-03-24 20:21 . 2007-03-28 13:01 118272 ----a-w- c:\windows\system32\hpz3l5ha.dll 2010-03-24 20:21 . 2006-10-31 12:49 94208 ----a-w- c:\windows\system32\HPJIPX1U.DLL 2010-03-24 20:21 . 2006-10-31 12:49 163840 ----a-w- c:\windows\system32\HPJCMN2U.DLL 2010-03-24 20:21 . 2006-10-31 12:48 49152 ----a-w- c:\windows\system32\HPBNRAC2.DLL 2010-03-24 20:21 . 2006-10-31 12:48 241721 ----a-w- c:\windows\system32\HPBMINI.DLL 2010-03-24 20:21 . 2007-03-08 04:20 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys 2010-03-24 20:21 . 2007-03-08 04:20 364544 ----a-r- c:\windows\system32\hppldcoi.dll 2010-03-24 20:18 . 2010-03-27 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2010-03-24 20:17 . 2010-03-24 20:17 -------- d-----w- c:\program files\Fichiers communs\HP 2010-03-24 20:15 . 2010-03-27 21:50 -------- d-----w- c:\program files\HP 2010-03-24 20:13 . 2010-03-28 08:45 181887 ----a-w- c:\windows\hpoins16.dat 2010-03-24 20:13 . 2008-01-24 01:03 4602 ------w- c:\windows\hpomdl16.dat 2010-03-21 10:00 . 2010-03-21 10:00 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ 2010-03-21 09:59 . 2008-04-02 19:00 198656 ----a-w- c:\windows\system32\CNMLM83.DLL 2010-03-21 09:59 . 2006-09-12 19:00 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP83.DLL 2010-03-21 09:59 . 2006-09-12 19:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD83.DLL . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-12 21:16 . 2009-05-12 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitmeter2 2010-04-12 21:13 . 2007-07-20 20:28 -------- d-----w- c:\documents and settings\Bernard\Application Data\DMCache 2010-04-12 20:16 . 2007-07-17 12:24 -------- d-----w- c:\documents and settings\Bernard\Application Data\Lavasoft 2010-04-11 17:35 . 2007-07-20 20:10 -------- d-----w- c:\documents and settings\Bernard\Application Data\Spyware Terminator 2010-04-11 17:23 . 2007-07-20 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator 2010-04-11 10:15 . 2007-07-20 20:10 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe 2010-04-11 10:02 . 2007-12-28 11:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-04-11 10:02 . 2007-07-20 20:10 -------- d-----w- c:\program files\Spyware Terminator 2010-04-09 21:36 . 2007-07-17 10:22 -------- d-----w- c:\program files\Fichiers communs\Java 2010-04-09 21:34 . 2010-04-09 21:34 79488 ----a-w- c:\documents and settings\Bernard\Application Data\Sun\Java\jre1.6.0_18\gtapi.dll 2010-04-09 20:51 . 2007-07-17 10:32 104632 ----a-w- c:\documents and settings\Bernard\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-09 17:36 . 2010-04-09 17:36 5918775 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-04-09 16:44 . 2004-08-05 12:00 85608 ----a-w- c:\windows\system32\perfc00C.dat 2010-04-09 16:44 . 2004-08-05 12:00 513410 ----a-w- c:\windows\system32\perfh00C.dat 2010-04-07 21:19 . 2007-07-17 10:36 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-04-05 16:20 . 2009-03-01 17:02 248 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll 2010-04-04 16:28 . 2007-07-19 18:30 -------- d-----w- c:\documents and settings\Bernard\Application Data\Vso 2010-04-04 10:22 . 2007-07-20 20:14 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys 2010-04-04 09:38 . 2008-05-07 16:15 -------- d-----w- c:\program files\Picasa2 2010-04-03 09:57 . 2008-10-12 16:53 -------- d-----w- c:\documents and settings\Bernard\Application Data\ArcSoft 2010-03-31 16:42 . 2007-07-19 18:41 -------- d-----w- c:\documents and settings\Bernard\Application Data\Corel 2010-03-31 16:03 . 2007-07-21 19:55 88 --sh--r- c:\windows\system32\5ECE5E1F74.sys 2010-03-31 16:03 . 2007-07-21 19:55 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys 2010-03-29 22:46 . 2008-09-01 20:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-29 22:45 . 2008-09-01 20:29 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-20 15:14 . 2007-07-17 10:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-03-20 14:37 . 2009-02-26 20:00 -------- d-----w- c:\documents and settings\Bernard\Application Data\Lasersoft Imaging 2010-02-25 18:19 . 2010-02-25 18:19 -------- d-----w- c:\documents and settings\Bernard\Application Data\Nero 2010-02-25 18:10 . 2010-02-25 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero 2010-02-25 18:09 . 2010-02-25 18:09 -------- d-----w- c:\program files\Fichiers communs\Nero 2010-02-25 06:17 . 2004-08-05 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr 2010-02-12 10:03 . 2010-03-01 09:51 293376 ------w- c:\windows\system32\browserchoice.exe 2010-02-06 18:59 . 2010-02-06 18:59 503808 ----a-w- c:\documents and settings\Bernard\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-630691be-n\msvcp71.dll 2010-02-06 18:59 . 2010-02-06 18:59 499712 ----a-w- c:\documents and settings\Bernard\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-630691be-n\jmc.dll 2010-02-06 18:59 . 2010-02-06 18:59 348160 ----a-w- c:\documents and settings\Bernard\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-630691be-n\msvcr71.dll 2010-02-06 18:58 . 2010-02-06 18:58 61440 ----a-w- c:\documents and settings\Bernard\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-67a6f985-n\decora-sse.dll 2010-02-06 18:58 . 2010-02-06 18:58 12800 ----a-w- c:\documents and settings\Bernard\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-67a6f985-n\decora-d3d.dll 2010-02-06 18:58 . 2010-02-06 18:58 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-02-06 18:51 . 2010-04-09 21:36 918816 ----a-w- c:\documents and settings\Bernard\Application Data\Sun\Java\JRERunOnce.exe 2010-02-04 15:53 . 2010-04-12 20:22 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe 2010-01-22 03:13 . 2010-01-31 10:41 198064 ----a-w- c:\documents and settings\Bernard\Application Data\Mozilla\Firefox\Profiles\u8d8i3ux.default\extensions\mozilla_cc@internetdownloadmanager.com\components\idmmzcc.dll 2007-01-25 01:52 . 2007-01-25 01:52 65536 ----a-w- c:\program files\Fichiers communs\NMSAccessU.exe 2008-06-19 09:16 . 2008-06-19 09:16 118784 ----a-w- c:\program files\mozilla firefox\plugins\MyCamera.dll 2008-02-17 19:44 . 2008-02-16 17:19 175603 --sha-w- c:\windows\system32\dccdd.ini.ren 2008-02-17 19:42 . 2008-02-16 17:19 175603 --sha-w- c:\windows\system32\dccdd.ini2.ren . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="d:\winutil\Internet Download Manager\IDMan.exe" [2006-11-12 880896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="d:\winutil\AntiVir PersonalEdition Classic\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Bitmeter2.lnk - d:\winsys\BitMeter\BitMeter2.exe [2009-1-3 1462272] Wincmd.lnk - d:\winprog\Wincmd\TOTALCMD.EXE [2007-7-19 2902984] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk] backup=c:\windows\pss\Logiciel Kodak EasyShare.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\U.S. Robotics Wireless Manager UI] c:\windows\system32\WLTRAY [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] 2007-06-11 09:25 6731312 ------w- d:\winutil\AVG Anti-Spyware 7.5\avgas.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] 2007-07-19 21:25 684032 ------w- d:\winapps\Easy CD Creator\DirectCD\Directcd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-12-11 14:57 948672 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-03-16 09:45 63712 ------w- d:\winapps\PhotoShop Album\3.2\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-22 00:57 35760 ----a-w- d:\winutil\Adobe Reader 9.1\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 16:43 69632 -c----w- c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2010-03-18 09:19 207360 ----a-w- c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client] 2009-10-25 16:39 3730832 ----a-w- d:\winutil\Babylon\Babylon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2006-10-09 09:28 139264 ------w- c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu] 2007-05-14 16:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] 2006-09-28 19:21 57344 ------w- d:\winapps\CloneCD\CloneCDTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector] 2003-11-27 09:16 217088 ----a-w- c:\program files\Fichiers communs\ACD Systems\FR\DevDetect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2008-10-21 08:51 172032 ----a-w- c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-10-14 20:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon] 2008-08-20 09:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2008-10-21 08:51 143360 ----a-w- c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray] 2007-12-10 13:53 1103752 ------w- d:\winutil\Spyware Doctor\pctsTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 02:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent] 2009-10-07 09:12 1086760 ----a-w- d:\winapps\Nero Backitup\Nero BackItUp\NBAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 14:40 155648 ------w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4] 2007-02-04 11:02 79400 ----a-w- d:\winapps\OmnipageSE4\OpWareSE4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando] 2007-10-05 10:33 5207368 ------w- d:\winutil\pando\pando.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2008-10-21 08:51 143360 ----a-w- c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-06-29 04:24 286720 ------w- d:\winutil\quicktime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio] 2005-01-07 15:07 61952 ------w- c:\windows\system32\HdAShCut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2006-06-28 12:54 16248320 -c----w- c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] 2006-05-16 16:04 2879488 -c----w- c:\windows\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2006-10-25 08:03 210472 ----a-w- c:\program files\Fichiers communs\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-01-11 13:21 246504 ----a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe] 2005-03-13 23:37 1057280 ------w- c:\program files\SuperCopier2\SuperCopier2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2007-07-19 19:32 185896 ------w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "PnkBstrB"=2 (0x2) "PnkBstrA"=2 (0x2) "AVG Anti-Spyware Guard"=3 (0x3) "AntiVirScheduler"=2 (0x2) "sp_rssrv"=2 (0x2) "sdCoreService"=3 (0x3) "sdAuxService"=3 (0x3) "ProtexisLicensing"=2 (0x2) "NBService"=3 (0x3) "hpqddsvc"=2 (0x2) "hpqcxs08"=3 (0x3) "AdobeActiveFileMonitor5.0"=2 (0x2) "ACDaemon"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "d:\\Winutil\\pando\\pando.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "d:\\Winutil\\phpDesigner 2008\\phpDesigner2008.exe"= "d:\\Winapps\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/11/2008 23:19 664064] R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [20/07/2007 22:14 142592] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\winutil\Lavasoft\Ad-Aware\AAWService.exe [4/02/2010 17:52 1265264] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\winapps\common\Database\bin\fbserver.exe [10/03/2009 20:15 1527900] S3 sdAuxService;PC Tools Auxiliary Service;d:\winutil\Spyware Doctor\pctsAuxs.exe [20/02/2008 20:48 747912] S4 AntiVirSchedulerService;Avira AntiVir Planificateur;d:\winutil\AntiVir PersonalEdition Classic\Avira\AntiVir Desktop\sched.exe [10/04/2010 19:44 108289] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contenu du dossier 'Tâches planifiées' 2010-04-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job - d:\winutil\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 20:26] 2010-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57] 2010-04-12 c:\windows\Tasks\ParetoLogic Registration.job - c:\program files\Fichiers communs\ParetoLogic\UUS2\UUS.dll [2008-02-22 10:25] 2010-04-12 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2007-06-07 16:49] 2010-04-08 c:\windows\Tasks\RegCure.job - d:\winsys\RegCure\RegCure.exe [2007-07-20 08:49] 2010-04-12 c:\windows\Tasks\User_Feed_Synchronization-{7C876E5A-5E06-41DF-B94D-EFF5E3472588}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31] 2010-04-10 c:\windows\Tasks\XoftSpySE.job - d:\winsys\XoftSpySE\XoftSpy.exe [2007-07-20 10:32] . . ------- Examen supplémentaire ------- . uStart Page = about:blank IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download All Links with IDM - d:\winutil\Internet Download Manager\IEGetAll.htm IE: Download with IDM - d:\winutil\Internet Download Manager\IEExt.htm IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Liens de téléchargement avec Mega Manager... IE: Translate this web page with Babylon - d:\winutil\Babylon\Utils\BabylonIEPI.dll/ActionTU.htm IE: Translate with Babylon - d:\winutil\Babylon\Utils\BabylonIEPI.dll/Action.htm IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://d:\winutil\Babylon\Utils\BabylonIEPI.dll/ActionTU.htm FF - ProfilePath - c:\documents and settings\Bernard\Application Data\Mozilla\Firefox\Profiles\u8d8i3ux.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:blank FF - prefs.js: keyword.URL - hxxp://se.search.yahoo.com/search?ei=utf-8&fr=megaup&p= FF - component: c:\documents and settings\Bernard\Application Data\Mozilla\Firefox\Profiles\u8d8i3ux.default\extensions\mozilla_cc@internetdownloadmanager.com\components\idmmzcc.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCIG.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll FF - plugin: c:\program files\Picasa2\npPicasa3.dll FF - plugin: d:\winutil\Adobe Reader 9.1\Reader\browser\nppdf32.dll FF - plugin: d:\winutil\quicktime\Plugins\npqtplugin.dll FF - plugin: d:\winutil\quicktime\Plugins\npqtplugin2.dll FF - plugin: d:\winutil\quicktime\Plugins\npqtplugin3.dll FF - plugin: d:\winutil\quicktime\Plugins\npqtplugin4.dll FF - plugin: d:\winutil\quicktime\Plugins\npqtplugin5.dll FF - plugin: d:\winutil\quicktime\Plugins\npqtplugin6.dll FF - plugin: d:\winutil\quicktime\Plugins\npqtplugin7.dll ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.bookmark_page", false); c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.current_page", false); c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.restore_default", false); c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importBookmarksHTML", true); c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importDefaults", false); c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.search.selectedEngine", "xeoo.com"); c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("keyword.URL", "http://xeoo.com/?p=url&a=firefox&k="); c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.startup.homepage", "http://www.xeoo.com/?p=h&a=firefox"); . - - - - ORPHELINS SUPPRIMES - - - - SafeBoot-AVG Anti-Spyware Driver MSConfigStartUp-avgnt - d:\winutil\AntiVir PersonalEdition Classic\avgnt.exe MSConfigStartUp-TrojanScanner - d:\winutil\Trojan Remover\Trjscan.exe MSConfigStartUp-YVIBBBHA8C - c:\docume~1\Bernard\LOCALS~1\Temp\Ghx.exe AddRemove-AnyDVD - d:\winutil\AnyDVD\AnyDVD-uninst.exe AddRemove-Passware Kit Enterprise - d:\winutil\Lost password\un-kit_ent.exe AddRemove-Trojan Remover_is1 - d:\winutil\Trojan Remover\unins000.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-12 23:12 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe >>UNKNOWN [0x8A5ECBF8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> 0x8a5ecbf8 \Driver\ACPI -> ACPI.sys @ 0xb9e93cb8 \Driver\atapi -> sfsync02.sys @ 0xba0c98b4 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 NDIS: -> SendCompleteHandler -> 0x0 PacketIndicateHandler -> 0x0 SendHandler -> 0x0 Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-861567501-1450960922-839522115-1004\Software\SecuROM\License information*] "datasecu"=hex:2d,4a,0c,0e,de,94,4d,97,e8,fd,2c,f5,37,36,56,cd,e8,00,e3,a2,0c, 5b,33,56,6b,c5,9e,2d,e6,65,db,34,86,cb,e0,14,12,86,2e,a2,b5,85,c0,8c,4d,22,\ "rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{46c39b8b-4b8c-4fb0-80cd-bfc45e10d56c}] @Denied: (Full) (Everyone) "Model"=dword:0000011d "Therad"=dword:00000014 "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,51,c4,5c,06,a5,56,2b,b8,fc,6c,7d,0c,e4,64,14,e0,34,0b,ed,d8,24,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):ca,3b,4a,81,0a,05,c7,f4,25,0b,e9,a6,37,d7,e8,74,1c,60,61,67,8e, ae,cc,bc,1f,f0,ad,c2,5c,69,9f,70,77,75,7a,37,c6,5f,54,73,00,00,00,00,00,00,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(804) c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(3192) c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\eappprxy.dll d:\winapps\CorelDraw\programs\CMFFld80.dll d:\winapps\Arcsoft\PhotoImpression 5\share\pihook.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe d:\winutil\CDBurnerXP\NMSAccessU.exe c:\windows\system32\IoctlSvc.exe d:\winutil\Spyware Terminator\sp_rsser.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wbem\unsecapp.exe d:\winutil\Lavasoft\Ad-Aware\AAWTray.exe . ************************************************************************** . Heure de fin: 2010-04-12 23:22:26 - La machine a redémarré ComboFix-quarantined-files.txt 2010-04-12 21:22 Avant-CF: 9.226.432.512 octets libres Après-CF: 9.070.686.208 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptOut - - End Of File - - 3DDB53060B1940549B68A7E3E0D31FE7

Bonsoir, la machine à l'air d'aller mieux voici le rapport fait par antivir (il n'était pas facile à trouver Avira AntiVir Personal Date de création du fichier de rapport : samedi 10 avril 2010 19:59 La recherche porte sur 1987196 souches de virus. Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus Numéro de série : 0000149996-ADJIE-0000001 Plateforme : Windows XP Version de Windows : (Service Pack 3) [5.1.2600] Mode Boot : Démarré normalement Identifiant : SYSTEM Nom de l'ordinateur : PCBERNARD Informations de version : BUILD.DAT : 9.0.0.75 21698 Bytes 22/01/2010 23:14:00 AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/04/2010 17:58:15 AVSCAN.DLL : 9.0.3.0 49409 Bytes 3/03/2009 09:21:02 LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11 LUKERES.DLL : 9.0.2.0 13569 Bytes 3/03/2009 09:21:31 VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 17:58:13 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 17:58:13 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 17:58:13 VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 17:58:13 VBASE004.VDF : 7.10.4.203 1579008 Bytes 5/03/2010 17:58:13 VBASE005.VDF : 7.10.4.204 2048 Bytes 5/03/2010 17:58:13 VBASE006.VDF : 7.10.4.205 2048 Bytes 5/03/2010 17:58:13 VBASE007.VDF : 7.10.4.206 2048 Bytes 5/03/2010 17:58:13 VBASE008.VDF : 7.10.4.207 2048 Bytes 5/03/2010 17:58:13 VBASE009.VDF : 7.10.4.208 2048 Bytes 5/03/2010 17:58:13 VBASE010.VDF : 7.10.4.209 2048 Bytes 5/03/2010 17:58:13 VBASE011.VDF : 7.10.4.210 2048 Bytes 5/03/2010 17:58:13 VBASE012.VDF : 7.10.4.211 2048 Bytes 5/03/2010 17:58:13 VBASE013.VDF : 7.10.4.242 153088 Bytes 8/03/2010 17:58:13 VBASE014.VDF : 7.10.5.17 99328 Bytes 10/03/2010 17:58:13 VBASE015.VDF : 7.10.5.44 107008 Bytes 11/03/2010 17:58:14 VBASE016.VDF : 7.10.5.69 92672 Bytes 12/03/2010 17:58:14 VBASE017.VDF : 7.10.5.91 119808 Bytes 15/03/2010 17:58:14 VBASE018.VDF : 7.10.5.121 112640 Bytes 18/03/2010 17:58:14 VBASE019.VDF : 7.10.5.138 139776 Bytes 18/03/2010 17:58:14 VBASE020.VDF : 7.10.5.164 113152 Bytes 22/03/2010 17:58:14 VBASE021.VDF : 7.10.5.182 108032 Bytes 23/03/2010 17:58:14 VBASE022.VDF : 7.10.5.199 123904 Bytes 24/03/2010 17:58:14 VBASE023.VDF : 7.10.5.217 279552 Bytes 25/03/2010 17:58:14 VBASE024.VDF : 7.10.5.234 202240 Bytes 26/03/2010 17:58:14 VBASE025.VDF : 7.10.5.254 187904 Bytes 30/03/2010 17:58:14 VBASE026.VDF : 7.10.6.18 130560 Bytes 1/04/2010 17:58:14 VBASE027.VDF : 7.10.6.34 136192 Bytes 6/04/2010 17:58:14 VBASE028.VDF : 7.10.6.44 232448 Bytes 7/04/2010 17:58:14 VBASE029.VDF : 7.10.6.45 2048 Bytes 7/04/2010 17:58:14 VBASE030.VDF : 7.10.6.46 2048 Bytes 7/04/2010 17:58:14 VBASE031.VDF : 7.10.6.55 101376 Bytes 9/04/2010 17:58:14 Version du moteur : 8.2.1.210 AEVDF.DLL : 8.1.1.3 106868 Bytes 10/04/2010 17:58:14 AESCRIPT.DLL : 8.1.3.24 1282425 Bytes 10/04/2010 17:58:14 AESCN.DLL : 8.1.5.0 127347 Bytes 10/04/2010 17:58:14 AESBX.DLL : 8.1.2.1 254323 Bytes 10/04/2010 17:58:14 AERDL.DLL : 8.1.4.3 541043 Bytes 10/04/2010 17:58:14 AEPACK.DLL : 8.2.1.1 426358 Bytes 10/04/2010 17:58:14 AEOFFICE.DLL : 8.1.0.41 201083 Bytes 10/04/2010 17:58:14 AEHEUR.DLL : 8.1.1.16 2503031 Bytes 10/04/2010 17:58:14 AEHELP.DLL : 8.1.11.3 242039 Bytes 10/04/2010 17:58:14 AEGEN.DLL : 8.1.3.6 373108 Bytes 10/04/2010 17:58:14 AEEMU.DLL : 8.1.1.0 393587 Bytes 10/04/2010 17:58:14 AECORE.DLL : 8.1.13.1 188790 Bytes 10/04/2010 17:58:14 AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2008 13:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30 AVPREF.DLL : 9.0.3.0 44289 Bytes 10/04/2010 17:58:14 AVREP.DLL : 8.0.0.7 159784 Bytes 10/04/2010 17:58:15 AVREG.DLL : 9.0.0.0 36609 Bytes 7/11/2008 14:24:42 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/02/2009 07:20:57 NETNT.DLL : 9.0.0.0 11521 Bytes 7/11/2008 14:40:59 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 10/04/2010 17:58:11 RCTEXT.DLL : 9.0.73.0 88321 Bytes 10/04/2010 17:58:11 Configuration pour la recherche actuelle : Nom de la tâche...............................: Contrôle intégral du système Fichier de configuration......................: d:\winutil\antivir personaledition classic\avira\antivir desktop\sysscan.avp Documentation.................................: bas Action principale.............................: interactif Action secondaire.............................: ignorer Recherche sur les secteurs d'amorçage maître..: marche Recherche sur les secteurs d'amorçage.........: marche Secteurs d'amorçage...........................: C:, D:, E:, F:, G:, L:, P:, Recherche dans les programmes actifs..........: marche Recherche en cours sur l'enregistrement.......: marche Recherche de Rootkits.........................: marche Contrôle d'intégrité de fichiers système......: arrêt Fichier mode de recherche.....................: Tous les fichiers Recherche sur les archives....................: marche Limiter la profondeur de récursivité..........: 20 Archive Smart Extensions......................: marche Heuristique de macrovirus.....................: marche Heuristique fichier...........................: moyen Début de la recherche : samedi 10 avril 2010 19:59 La recherche d'objets cachés commence. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\McShield\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 [iNFO] L'entrée d'enregistrement n'est pas visible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\McShield\security [iNFO] L'entrée d'enregistrement n'est pas visible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\McTaskManager\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 [iNFO] L'entrée d'enregistrement n'est pas visible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\McTaskManager\security [iNFO] L'entrée d'enregistrement n'est pas visible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mfeapfk\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 [iNFO] L'entrée d'enregistrement n'est pas visible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mfeapfk\security [iNFO] L'entrée d'enregistrement n'est pas visible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mfeavfk\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 [iNFO] L'entrée d'enregistrement n'est pas visible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mfeavfk\security [iNFO] L'entrée d'enregistrement n'est pas visible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mfebopk\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 [iNFO] L'entrée d'enregistrement n'est pas visible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mfebopk\security [iNFO] L'entrée d'enregistrement n'est pas visible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mfehidk\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 [iNFO] L'entrée d'enregistrement n'est pas visible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mfehidk\security [iNFO] L'entrée d'enregistrement n'est pas visible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mferkdk\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 [iNFO] L'entrée d'enregistrement n'est pas visible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mferkdk\security [iNFO] L'entrée d'enregistrement n'est pas visible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mfetdik\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 [iNFO] L'entrée d'enregistrement n'est pas visible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mfetdik\security [iNFO] L'entrée d'enregistrement n'est pas visible. '60915' objets ont été contrôlés, '16' objets cachés ont été trouvés. La recherche sur les processus démarrés commence : Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés Processus de recherche 'wscntfy.exe' - '1' module(s) sont contrôlés Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés Processus de recherche 'notepad.exe' - '1' module(s) sont contrôlés Processus de recherche 'ScanningProcess.exe' - '1' module(s) sont contrôlés Processus de recherche 'ScanningProcess.exe' - '1' module(s) sont contrôlés Processus de recherche 'java.exe' - '1' module(s) sont contrôlés Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés Processus de recherche 'iexplore.exe' - '1' module(s) sont contrôlés Processus de recherche 'iexplore.exe' - '1' module(s) sont contrôlés Processus de recherche 'mmc.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés Processus de recherche 'wmiapsrv.exe' - '1' module(s) sont contrôlés Processus de recherche 'TOTALCMD.EXE' - '1' module(s) sont contrôlés Processus de recherche 'BitMeter2.exe' - '1' module(s) sont contrôlés Processus de recherche 'IDMan.exe' - '1' module(s) sont contrôlés Processus de recherche 'CALMAIN.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'IoctlSvc.exe' - '1' module(s) sont contrôlés Processus de recherche 'NMSAccessU.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'mdm.exe' - '1' module(s) sont contrôlés Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés Processus de recherche 'BCMWLTRY.EXE' - '1' module(s) sont contrôlés Processus de recherche 'WLTRYSVC.EXE' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés Processus de recherche 'services.exe' - '1' module(s) sont contrôlés Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés '44' processus ont été contrôlés avec '44' modules La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [iNFO] Aucun virus trouvé ! Secteur d'amorçage maître HD1 [iNFO] Aucun virus trouvé ! Secteur d'amorçage maître HD2 [iNFO] Aucun virus trouvé ! Secteur d'amorçage maître HD3 [iNFO] Aucun virus trouvé ! La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [iNFO] Aucun virus trouvé ! Secteur d'amorçage 'D:\' [iNFO] Aucun virus trouvé ! Secteur d'amorçage 'E:\' [iNFO] Aucun virus trouvé ! Secteur d'amorçage 'F:\' [iNFO] Aucun virus trouvé ! Secteur d'amorçage 'G:\' [iNFO] Aucun virus trouvé ! Secteur d'amorçage 'L:\' [iNFO] Aucun virus trouvé ! Secteur d'amorçage 'P:\' [iNFO] Aucun virus trouvé ! La recherche sur les renvois aux fichiers exécutables (registre) commence : Le registre a été contrôlé ( '54' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' <Windows> C:\hiberfil.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! [REMARQUE] Ce fichier est un fichier système Windows. [REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche. C:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! [REMARQUE] Ce fichier est un fichier système Windows. [REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche. C:\Documents and Settings\Bernard\Mes documents\Downloads\Compressed\alkonostmaxformatv3.60crackpalace.zip [0] Type d'archive: ZIP --> Alkonost.Max.Format.v3.60.WinAll.Cracked-PALACE/crack/MaxFormat.exe [RESULTAT] Contient le cheval de Troie TR/Genome.acyx C:\Documents and Settings\Bernard\Mes documents\Downloads\Compressed\cucusoftavitovcddvdsvcdconvertercrackctp.zip [0] Type d'archive: ZIP --> ctp-catvdsc_crk.exe [RESULTAT] Contient le cheval de Troie TR/Virtl.20924 C:\Documents and Settings\Bernard\Mes documents\Downloads\Compressed\Trojan Remover 6.7.3.zip [0] Type d'archive: ZIP --> keYgeN & Patch Trojan Remover 6.7.3/keygen.exe [RESULTAT] Contient le cheval de Troie TR/Dropper.Gen --> trsetup.exe [RESULTAT] Contient le cheval de Troie TR/Dropper.Gen C:\Documents and Settings\Bernard\Mes documents\Downloads\Programs\3wPlayer-1.9.0.0-setup-0511.exe [RESULTAT] Contient le modèle de détection du dropper DR/Inject.OZ.5 C:\Documents and Settings\Bernard\Mes documents\Downloads\Programs\clean-codec3437.exe [RESULTAT] Contient le cheval de Troie TR/Dropper.Gen C:\Documents and Settings\Bernard\Mes documents\Downloads\Programs\DivoCodec-1.0.0.2-setup-0711.exe [RESULTAT] Contient le modèle de détection du dropper DR/Inject.OZ.3 C:\Documents and Settings\Bernard\Mes documents\Downloads\Programs\DivoCodec-1.0.0.2-setup-0711_2.exe [RESULTAT] Contient le modèle de détection du dropper DR/Obfuscated.MN.11 C:\Documents and Settings\Bernard\Mes documents\Downloads\Programs\freeripmp3.exe [RESULTAT] Contient le modèle de détection du dropper DR/MyWebSearch.1793776 C:\Documents and Settings\Bernard\Mes documents\Downloads\Programs\VundoFix_2.exe [RESULTAT] Contient le cheval de Troie TR/Dldr.Delf.llp C:\System Volume Information\_restore{03C0DFB4-FCF5-4AFA-B4BD-32776FFFDE22}\RP941\A0083508.dll [RESULTAT] Contient le cheval de Troie TR/Agent.207872 C:\WINDOWS\system32\drivers\dtscsi.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! C:\WINDOWS\system32\drivers\sptd.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! C:\WINDOWS\system32\drivers\sptd2525.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! Recherche débutant dans 'D:\' D:\crack\microsoftofficexpallversions&servicepacksactivatorjupiter.zip [0] Type d'archive: ZIP --> OfficeXP_Activator.exe [RESULTAT] Contient le cheval de Troie TR/Agent.21438.B D:\OLD_D\Winutil\Internet Download Manager\idmmkb.dll [RESULTAT] Contient le modèle de détection du logiciel espion ou publicitaire ADSPY/Webhancer.I D:\System Volume Information\_restore{03C0DFB4-FCF5-4AFA-B4BD-32776FFFDE22}\RP941\A0083497.exe [RESULTAT] Contient le cheval de Troie TR/Trash.Gen D:\System Volume Information\_restore{03C0DFB4-FCF5-4AFA-B4BD-32776FFFDE22}\RP941\A0083498.exe [RESULTAT] Contient le cheval de Troie TR/Trash.Gen D:\temp\ExamDiff[1].Pro.3.4.Keymaker.zip [0] Type d'archive: ZIP --> ExamDiff.Pro.3.4.Keymaker.zip [1] Type d'archive: ZIP --> edp_3.4_kg.exe [RESULTAT] Contient le cheval de Troie TR/Crypt.ZPACK.Gen D:\Winutil\Internet Download Manager\idmmkb.dll [RESULTAT] Contient le modèle de détection du logiciel espion ou publicitaire ADSPY/Webhancer.I D:\Winutil\Trojan Remover\keygen.exe [RESULTAT] Contient le cheval de Troie TR/Dropper.Gen D:\Winutil\Trojan Remover\Rmvtrjan-1.exe [RESULTAT] Contient le cheval de Troie TR/Agent.1033080.A D:\Winutil\Trojan Remover\trsetup.exe [RESULTAT] Contient le cheval de Troie TR/Dropper.Gen Recherche débutant dans 'E:\' E:\Downloads\Compressed\Nero_BackIt_Up_and_Burn_1.2.17b_incl_keygen.rar [0] Type d'archive: RAR --> Nero BackIt Up and Burn 1.2.17 [PDU]\Keymaker.exe [RESULTAT] Contient le cheval de Troie TR/ATRAPS.Gen E:\System Volume Information\_restore{03C0DFB4-FCF5-4AFA-B4BD-32776FFFDE22}\RP941\A0083499.exe [RESULTAT] Contient le cheval de Troie TR/Drop.Softomat.AN E:\System Volume Information\_restore{03C0DFB4-FCF5-4AFA-B4BD-32776FFFDE22}\RP941\A0083500.exe [RESULTAT] Contient le cheval de Troie TR/Drop.Softomat.AN Recherche débutant dans 'F:\' <BNS2> F:\pc_tc2kg.zip [0] Type d'archive: ZIP --> TCkg.exe [RESULTAT] Contient le cheval de Troie TR/Crypt.XPACK.Gen F:\tmp\lwhex964.zip [0] Type d'archive: ZIP --> crack.EXE [RESULTAT] Contient le cheval de Troie TR/Dropper.Gen F:\tmp\Smartdraw_608_crk.zip [0] Type d'archive: ZIP --> Smartdraw_608_crk/crack.exe [RESULTAT] Contient le cheval de Troie TR/Renaz.19344 F:\tmp\Total_Commander_v6[1].01_by_AGAiN.zip [0] Type d'archive: ZIP --> ttlcmm60.rar [1] Type d'archive: RAR --> Keymaker.exe [RESULTAT] Contient le cheval de Troie TR/Spy.180224.B F:\tmp\Total_Commander_v6[1].01_by_Harpoon.zip [0] Type d'archive: ZIP --> hpntc6.002 [1] Type d'archive: RAR --> Crack\wincmd.key [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. F:\tmp\Ulead_Cool_3D_3-5_Fr.zip [0] Type d'archive: ZIP --> cool3d35/crack.exe [RESULTAT] Contient le cheval de Troie TR/Dropper.Gen F:\tmp\Ulead_DVD_PictureShow_1-0.zip [0] Type d'archive: ZIP --> udps1fr/crack.exe [RESULTAT] Contient le cheval de Troie TR/Dropper.Gen F:\tmp\WinHex_9.64.zip [0] Type d'archive: ZIP --> crack.EXE [RESULTAT] Contient le cheval de Troie TR/Dropper.Gen F:\tmp\WinZip_8-1_SR_1.zip [0] Type d'archive: ZIP --> crack.exe [RESULTAT] Contient le cheval de Troie TR/Dropper.Gen F:\tmp\Windows XP\Scooby_DancerLE.exe [0] Type d'archive: RSRC --> Object [1] Type d'archive: CAB (Microsoft) --> Setup.exe [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. Recherche débutant dans 'G:\' <BNS4> G:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! [REMARQUE] Ce fichier est un fichier système Windows. [REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche. G:\Save du C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\49C31173.exe [RESULTAT] Contient le cheval de Troie TR/Crypt.ULPM.Gen G:\Save du C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4B4522ED.exe [RESULTAT] Contient le cheval de Troie TR/Crypt.ULPM.Gen G:\Save du C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\535744A0.exe [0] Type d'archive: HIDDEN --> FIL\\\?\G:\Save du C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\535744A0.exe [RESULTAT] Contient le modèle de détection du logiciel espion ou publicitaire ADSPY/WinFixer.BC G:\Save du C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\640F6F5F.exe [RESULTAT] Contient le cheval de Troie TR/Crypt.ULPM.Gen G:\Save du C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\745D0BB8.tmp [0] Type d'archive: HIDDEN --> FIL\\\?\G:\Save du C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\745D0BB8.tmp [RESULTAT] Contient le cheval de Troie TR/Spy.Agent.A.3 G:\Save du C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{2F2F6882-6663-4517-BD2A-C0192AC0EEEF}\00000001.URM [RESULTAT] Contient le cheval de Troie TR/Agent.aox G:\Save du C\Documents and Settings\BERNARD\Local Settings\Temporary Internet Files\Content.IE5\PWAS1D3K\counter21[1].htm [RESULTAT] Contient le modèle de détection du virus de script HTML HTML/Malicious.ActiveX.Gen G:\Save du C\Documents and Settings\BERNARD\Mes documents\Downloads\Compressed\corelpaintshopprophotoxi.corporatefrenchkeygenbs.zip [0] Type d'archive: ZIP --> Corel_Paint_Shop_Pro_Photo_XI_Incl._Keygen_RETAIL_CORPORATE_FRENCH-BS/keygen.exe [RESULTAT] Contient le code suspect : HEUR/Crypted G:\Save du C\Documents and Settings\BERNARD\Mes documents\Downloads\Compressed\Corel_Paint_Shop_Pro_Photo_XI_Incl._Keygen_RETAIL_CORPORATE_FRENCH-BS.rar [0] Type d'archive: RAR --> Corel_Paint_Shop_Pro_Photo_XI_Incl._Keygen_RETAIL_CORPORATE_FRENCH-BS\keygen.exe [RESULTAT] Contient le code suspect : HEUR/Crypted G:\Save du C\Documents and Settings\BERNARD\Mes documents\Downloads\Compressed\Norton.Internet.Security.2005.Incl.Keygen-SSG.ZIP [0] Type d'archive: ZIP --> Norton.Internet.Security.2005.Incl.Keygen-SSG/snis2514.zip [1] Type d'archive: ZIP --> keygen.rar [2] Type d'archive: RAR --> kgnis.exe [RESULTAT] Contient le cheval de Troie TR/Agent.60928.19 G:\Save du C\Documents and Settings\BERNARD\Mes documents\Downloads\Compressed\Paint.Shop.Pro.9.00_CRKEXE-FFF.zip [0] Type d'archive: ZIP --> fffpsp9.rar [1] Type d'archive: RAR --> Paint Shop Pro 9.exe [RESULTAT] Contient le cheval de Troie TR/Crypt.XPACK.Gen G:\Save du C\Documents and Settings\BERNARD\Mes documents\Downloads\Compressed\Paint.Shop.Pro.9.00_CRKEXE-FFF_2.zip [0] Type d'archive: ZIP --> Paint.Shop.Pro.9.00_CRKEXE-FFF.zip [1] Type d'archive: ZIP --> fffpsp9.rar [2] Type d'archive: RAR --> Paint Shop Pro 9.exe [RESULTAT] Contient le cheval de Troie TR/Crypt.XPACK.Gen G:\Save du C\Documents and Settings\BERNARD\Mes documents\Downloads\Compressed\Paint.Shop.Pro.9.00_CRKEXE-FFF_3.zip [0] Type d'archive: ZIP --> fffpsp9.rar [1] Type d'archive: RAR --> Paint Shop Pro 9.exe [RESULTAT] Contient le cheval de Troie TR/Crypt.XPACK.Gen G:\Save du C\OLD_C\Program Files\Internet Download Manager\idmmkb.dll [RESULTAT] Contient le modèle de détection du logiciel espion ou publicitaire ADSPY/Webhancer.I G:\Save du C\Tmp\keygen.exe [RESULTAT] Contient le code suspect : HEUR/Crypted Recherche débutant dans 'L:\' <32_00_00> Recherche débutant dans 'P:\' <My Book> Début de la désinfection : C:\Documents and Settings\Bernard\Mes documents\Downloads\Compressed\alkonostmaxformatv3.60crackpalace.zip [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c2c7138.qua' ! C:\Documents and Settings\Bernard\Mes documents\Downloads\Compressed\cucusoftavitovcddvdsvcdconvertercrackctp.zip [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c247141.qua' ! C:\Documents and Settings\Bernard\Mes documents\Downloads\Compressed\Trojan Remover 6.7.3.zip [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c30713e.qua' ! C:\Documents and Settings\Bernard\Mes documents\Downloads\Programs\3wPlayer-1.9.0.0-setup-0511.exe [RESULTAT] Contient le modèle de détection du dropper DR/Inject.OZ.5 [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c117144.qua' ! C:\Documents and Settings\Bernard\Mes documents\Downloads\Programs\clean-codec3437.exe [RESULTAT] Contient le cheval de Troie TR/Dropper.Gen [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c267139.qua' ! C:\Documents and Settings\Bernard\Mes documents\Downloads\Programs\DivoCodec-1.0.0.2-setup-0711.exe [RESULTAT] Contient le modèle de détection du dropper DR/Inject.OZ.3 [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c377137.qua' ! C:\Documents and Settings\Bernard\Mes documents\Downloads\Programs\DivoCodec-1.0.0.2-setup-0711_2.exe [RESULTAT] Contient le modèle de détection du dropper DR/Obfuscated.MN.11 [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4ae26148.qua' ! C:\Documents and Settings\Bernard\Mes documents\Downloads\Programs\freeripmp3.exe [RESULTAT] Contient le modèle de détection du dropper DR/MyWebSearch.1793776 [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c267140.qua' ! C:\Documents and Settings\Bernard\Mes documents\Downloads\Programs\VundoFix_2.exe [RESULTAT] Contient le cheval de Troie TR/Dldr.Delf.llp [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c2f7144.qua' ! C:\System Volume Information\_restore{03C0DFB4-FCF5-4AFA-B4BD-32776FFFDE22}\RP941\A0083508.dll [RESULTAT] Contient le cheval de Troie TR/Agent.207872 [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bf170ff.qua' ! D:\crack\microsoftofficexpallversions&servicepacksactivatorjupiter.zip [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c247138.qua' ! D:\OLD_D\Winutil\Internet Download Manager\idmmkb.dll [RESULTAT] Contient le modèle de détection du logiciel espion ou publicitaire ADSPY/Webhancer.I [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c2e7133.qua' ! D:\System Volume Information\_restore{03C0DFB4-FCF5-4AFA-B4BD-32776FFFDE22}\RP941\A0083497.exe [RESULTAT] Contient le cheval de Troie TR/Trash.Gen [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4d18e710.qua' ! D:\System Volume Information\_restore{03C0DFB4-FCF5-4AFA-B4BD-32776FFFDE22}\RP941\A0083498.exe [RESULTAT] Contient le cheval de Troie TR/Trash.Gen [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4d1ad4a0.qua' ! D:\temp\ExamDiff[1].Pro.3.4.Keymaker.zip [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c227147.qua' ! D:\Winutil\Internet Download Manager\idmmkb.dll [RESULTAT] Contient le modèle de détection du logiciel espion ou publicitaire ADSPY/Webhancer.I [AVERTISSEMENT] Erreur lors de la création d'une copie de sécurité du fichier. Le fichier n'a pas été supprimé. Code d'erreur : 26003 [AVERTISSEMENT] Impossible de supprimer le fichier ! [REMARQUE] Tentative en cours d'exécuter l'action à l'aide de la bibliothèque ARK. [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c2e7135.qua' ! D:\Winutil\Trojan Remover\keygen.exe [RESULTAT] Contient le cheval de Troie TR/Dropper.Gen [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c3a7135.qua' ! D:\Winutil\Trojan Remover\Rmvtrjan-1.exe [RESULTAT] Contient le cheval de Troie TR/Agent.1033080.A [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c37713d.qua' ! D:\Winutil\Trojan Remover\trsetup.exe [RESULTAT] Contient le cheval de Troie TR/Dropper.Gen [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c347142.qua' ! E:\Downloads\Compressed\Nero_BackIt_Up_and_Burn_1.2.17b_incl_keygen.rar [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c337135.qua' ! E:\System Volume Information\_restore{03C0DFB4-FCF5-4AFA-B4BD-32776FFFDE22}\RP941\A0083499.exe [RESULTAT] Contient le cheval de Troie TR/Drop.Softomat.AN [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bf17125.qua' ! E:\System Volume Information\_restore{03C0DFB4-FCF5-4AFA-B4BD-32776FFFDE22}\RP941\A0083500.exe [RESULTAT] Contient le cheval de Troie TR/Drop.Softomat.AN [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4d1ebc46.qua' ! F:\pc_tc2kg.zip [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c207158.qua' ! F:\tmp\lwhex964.zip [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c29716d.qua' ! F:\tmp\Smartdraw_608_crk.zip [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c227163.qua' ! F:\tmp\Total_Commander_v6[1].01_by_AGAiN.zip [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c357165.qua' ! F:\tmp\Ulead_Cool_3D_3-5_Fr.zip [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c267162.qua' ! F:\tmp\Ulead_DVD_PictureShow_1-0.zip [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4ad495db.qua' ! F:\tmp\WinHex_9.64.zip [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c2f715f.qua' ! F:\tmp\WinZip_8-1_SR_1.zip [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4ad56a50.qua' ! G:\Save du C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\49C31173.exe [RESULTAT] Contient le cheval de Troie TR/Crypt.ULPM.Gen [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c04712f.qua' ! G:\Save du C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4B4522ED.exe [RESULTAT] Contient le cheval de Troie TR/Crypt.ULPM.Gen [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bf57138.qua' ! G:\Save du C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\535744A0.exe [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bf67129.qua' ! G:\Save du C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\640F6F5F.exe [RESULTAT] Contient le cheval de Troie TR/Crypt.ULPM.Gen [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bf1712a.qua' ! G:\Save du C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\745D0BB8.tmp [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bf6712b.qua' ! G:\Save du C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{2F2F6882-6663-4517-BD2A-C0192AC0EEEF}\00000001.URM [RESULTAT] Contient le cheval de Troie TR/Agent.aox [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bf17127.qua' ! G:\Save du C\Documents and Settings\BERNARD\Local Settings\Temporary Internet Files\Content.IE5\PWAS1D3K\counter21[1].htm [RESULTAT] Contient le modèle de détection du virus de script HTML HTML/Malicious.ActiveX.Gen [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c367166.qua' ! G:\Save du C\Documents and Settings\BERNARD\Mes documents\Downloads\Compressed\corelpaintshopprophotoxi.corporatefrenchkeygenbs.zip [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c337166.qua' ! G:\Save du C\Documents and Settings\BERNARD\Mes documents\Downloads\Compressed\Corel_Paint_Shop_Pro_Photo_XI_Incl._Keygen_RETAIL_CORPORATE_FRENCH-BS.rar [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '441812cf.qua' ! G:\Save du C\Documents and Settings\BERNARD\Mes documents\Downloads\Compressed\Norton.Internet.Security.2005.Incl.Keygen-SSG.ZIP [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '44192a87.qua' ! G:\Save du C\Documents and Settings\BERNARD\Mes documents\Downloads\Compressed\Paint.Shop.Pro.9.00_CRKEXE-FFF.zip [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c2a7158.qua' ! G:\Save du C\Documents and Settings\BERNARD\Mes documents\Downloads\Compressed\Paint.Shop.Pro.9.00_CRKEXE-FFF_2.zip [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '44070261.qua' ! G:\Save du C\Documents and Settings\BERNARD\Mes documents\Downloads\Compressed\Paint.Shop.Pro.9.00_CRKEXE-FFF_3.zip [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '44061a29.qua' ! G:\Save du C\OLD_C\Program Files\Internet Download Manager\idmmkb.dll [RESULTAT] Contient le modèle de détection du logiciel espion ou publicitaire ADSPY/Webhancer.I [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c2e715b.qua' ! G:\Save du C\Tmp\keygen.exe [RESULTAT] Contient le code suspect : HEUR/Crypted [REMARQUE] Le résultat positif a été classé comme suspect. [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c3a715c.qua' ! Fin de la recherche : dimanche 11 avril 2010 08:49 Temps nécessaire: 4:55:46 Heure(s) La recherche a été effectuée intégralement 24734 Les répertoires ont été contrôlés 1271712 Des fichiers ont été contrôlés 43 Des virus ou programmes indésirables ont été trouvés 3 Des fichiers ont été classés comme suspects 0 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 45 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 6 Impossible de contrôler des fichiers 1271660 Fichiers non infectés 17389 Les archives ont été contrôlées 11 Avertissements 48 Consignes 60915 Des objets ont été contrôlés lors du Rootkitscan 16 Des objets cachés ont été trouvés et encore un grand merci pour l'aide apportée

Bonsoir, voici le rapport OTM entretemps, j'avais fait un scan avec avira qui m'a déjà supprimé quelques fichiers All processes killed Error: Unable to interpret <Go> in the current context! ========== FILES ========== C:\Documents and Settings\Bernard\Mes documents\Downloads\Compressed\alkonostmaxformatv3.05loadertsrh.zip moved successfully. File/Folder C:\Documents and Settings\Bernard\Mes documents\Downloads\Compressed\alkonostmaxformatv3.60crackpalace.zip not found. C:\Documents and Settings\Bernard\Mes documents\Downloads\Compressed\archpr.zip moved successfully. File/Folder C:\Documents and Settings\Bernard\Mes documents\Downloads\Compressed\Trojan Remover 6.7.3.zip not found. File/Folder C:\Documents and Settings\Bernard\Mes documents\Downloads\Programs\3wPlayer-1.9.0.0-setup-0511.exe not found. File/Folder C:\Documents and Settings\Bernard\Mes documents\Downloads\Programs\DivoCodec-1.0.0.2-setup-0711.exe not found. File/Folder C:\Documents and Settings\Bernard\Mes documents\Downloads\Programs\DivoCodec-1.0.0.2-setup-0711_2.exe not found. File/Folder C:\Documents and Settings\Bernard\Mes documents\Downloads\Programs\freeripmp3.exe not found. File/Folder C:\Documents and Settings\Bernard\Mes documents\Downloads\Programs\VundoFix_2.exe not found. C:\Documents and Settings\Bernard\Mes documents\Downloads\Programs\Win32OpenSSL-v0.9.6m.exe moved successfully. File/Folder C:\Documents and Settings\Bernard\Mes documents\Downloads\Programs\Win32OpenSSL-v0.9.6m.exe not found. D:\OLD_D\Ancien1\Tmp1\commandos.exe moved successfully. File/Folder D:\Winutil\Lost password\efskey.exe not found. D:\Winutil\Lost password folder moved successfully. File/Folder D:\Winutil\Trojan Remover\keygen.exe not found. File/Folder D:\Winutil\Trojan Remover\trsetup.exe not found. D:\Winutil\Trojan Remover folder moved successfully. F:\servu25a.zip moved successfully. F:\tmp\SetupCloneDVD.exe moved successfully. File/Folder G:\Save du C\Documents and Settings\BERNARD\Local Settings\Temporary Internet Files\Content.IE5\PWAS1D3K\counter21[1].htm not found. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Bernard ->Temp folder emptied: 104981100 bytes ->Temporary Internet Files folder emptied: 99909587 bytes ->Java cache emptied: 130154 bytes ->FireFox cache emptied: 69009407 bytes ->Flash cache emptied: 4203 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 54898405 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 970185 bytes Total Files Cleaned = 315,00 mb OTM by OldTimer - Version 3.1.10.1 log created on 04112010_192717 Files moved on Reboot... File C:\Documents and Settings\Bernard\Local Settings\Temp\~DF50F4.tmp not found! File C:\Documents and Settings\Bernard\Local Settings\Temp\~DF5195.tmp not found! File C:\Documents and Settings\Bernard\Local Settings\Temp\~DF530E.tmp not found! File C:\Documents and Settings\Bernard\Local Settings\Temp\~DF5321.tmp not found! File C:\Documents and Settings\Bernard\Local Settings\Temp\~DFF43E.tmp not found! File C:\Documents and Settings\Bernard\Local Settings\Temp\~DFF44B.tmp not found! C:\Documents and Settings\Bernard\Local Settings\Temporary Internet Files\Content.IE5\UCU3ZGQD\437905[1].htm moved successfully. C:\Documents and Settings\Bernard\Local Settings\Temporary Internet Files\Content.IE5\UCU3ZGQD\sh15[1].html moved successfully. C:\Documents and Settings\Bernard\Local Settings\Temporary Internet Files\Content.IE5\0KEMCGUE\ads[1].htm moved successfully. C:\Documents and Settings\Bernard\Local Settings\Temporary Internet Files\Content.IE5\0KEMCGUE\index[2].htm moved successfully. C:\Documents and Settings\Bernard\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. C:\Documents and Settings\Bernard\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully. Registry entries deleted on Reboot... j'ai redémarré le pc

Le scan vient seulement de se terminer voilà le résultat Je vois que tout n'est pas encore nickel -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Saturday, April 10, 2010 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Saturday, April 10, 2010 06:27:48 Records in database: 3930623 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ L:\ P:\ Scan statistics: Objects scanned: 320811 Threats found: 17 Infected objects found: 22 Suspicious objects found: 0 Scan duration: 07:32:53 File name / Threat / Threats count C:\Documents and Settings\Bernard\Mes documents\Downloads\Compressed\alkonostmaxformatv3.05loadertsrh.zip Infected: not-a-virus:RiskTool.Win32.Patcher.a 1 C:\Documents and Settings\Bernard\Mes documents\Downloads\Compressed\alkonostmaxformatv3.60crackpalace.zip Infected: Trojan.Win32.Genome.acyx 1 C:\Documents and Settings\Bernard\Mes documents\Downloads\Compressed\archpr.zip Infected: not-a-virus:PSWTool.Win32.AdvancedPR.c 1 C:\Documents and Settings\Bernard\Mes documents\Downloads\Compressed\Trojan Remover 6.7.3.zip Infected: Trojan.Win32.Chifrax.d 2 C:\Documents and Settings\Bernard\Mes documents\Downloads\Programs\3wPlayer-1.9.0.0-setup-0511.exe Infected: Trojan.Win32.Inject.oz 1 C:\Documents and Settings\Bernard\Mes documents\Downloads\Programs\DivoCodec-1.0.0.2-setup-0711.exe Infected: Trojan.Win32.Inject.oz 1 C:\Documents and Settings\Bernard\Mes documents\Downloads\Programs\DivoCodec-1.0.0.2-setup-0711_2.exe Infected: Trojan.Win32.Obfuscated.mn 1 C:\Documents and Settings\Bernard\Mes documents\Downloads\Programs\freeripmp3.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.br 1 C:\Documents and Settings\Bernard\Mes documents\Downloads\Programs\VundoFix_2.exe Infected: Trojan-Downloader.Win32.Delf.llp 1 C:\Documents and Settings\Bernard\Mes documents\Downloads\Programs\Win32OpenSSL-v0.9.6m.exe Infected: Exploit.Win32.IMG-WMF.cap 1 C:\Documents and Settings\Bernard\Mes documents\Downloads\Programs\Win32OpenSSL-v0.9.6m.exe Infected: Exploit.Win32.IMG-WMF.caq 1 D:\OLD_D\Ancien1\Tmp1\commandos.exe Infected: Backdoor.Win32.DsBot.afp 1 D:\Winutil\Lost password\efskey.exe Infected: not-a-virus:PSWTool.Win32.LostPassword.a 1 D:\Winutil\Trojan Remover\keygen.exe Infected: Trojan.Win32.Chifrax.d 1 D:\Winutil\Trojan Remover\trsetup.exe Infected: Trojan.Win32.Chifrax.d 1 F:\servu25a.zip Infected: not-a-virus:Server-FTP.Win32.Serv-U.24.a 1 F:\tmp\SetupCloneDVD.exe Infected: not-a-virus:AdWare.Win32.CommonName.aq 1 G:\Save du C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\49C31173.exe Infected: Trojan-Downloader.Win32.Tibs.kj 1 G:\Save du C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4B4522ED.exe Infected: Email-Worm.Win32.Zhelatin.r 1 G:\Save du C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\640F6F5F.exe Infected: Trojan-Downloader.Win32.Tibs.kj 1 G:\Save du C\Documents and Settings\BERNARD\Local Settings\Temporary Internet Files\Content.IE5\PWAS1D3K\counter21[1].htm Infected: Trojan-Downloader.VBS.Agent.p 1 Selected area has been scanned.

Re bonsoir, il en a détecté 23 voici le rapport avant la suppression Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Version de la base de données: 3930 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 9/04/2010 22:04:29 mbam-log-2010-04-09 (22-04-29).txt Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|) Elément(s) analysé(s): 411483 Temps écoulé: 1 heure(s), 51 minute(s), 51 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 23 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 3 Fichier(s) infecté(s): 20 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\CLSID\{2f9ad413-2e0b-4a85-bb2a-cf961238262a} (Adware.Hotbar) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{8c788aa2-7530-43be-97b7-4d491f13bea3} (Adware.Softomate) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Adware.Hotbar) -> No action taken. HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> No action taken. HKEY_CLASSES_ROOT\hotbarax.info (Adware.Hotbar) -> No action taken. HKEY_CLASSES_ROOT\hotbarax.info.1 (Adware.Hotbar) -> No action taken. HKEY_CLASSES_ROOT\hotbarax.userprofiles (Adware.Hotbar) -> No action taken. HKEY_CLASSES_ROOT\hotbarax.userprofiles.1 (Adware.Hotbar) -> No action taken. HKEY_CLASSES_ROOT\hotbarweather.weathercontroller (Adware.Hotbar) -> No action taken. HKEY_CLASSES_ROOT\hotbarweather.weathercontroller.1 (Adware.Hotbar) -> No action taken. HKEY_CURRENT_USER\Software\hotbarsa (Adware.Hotbar) -> No action taken. HKEY_CLASSES_ROOT\cntntcntr.cntntdic (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\cntntcntr.cntntdic.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\cntntcntr.cntntdisp (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\cntntcntr.cntntdisp.1 (Adware.Zango) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> No action taken. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll schannel.dll digest.dll msnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> No action taken. Dossier(s) infecté(s): C:\Documents and Settings\All Users\Application Data\HotbarSA (Adware.Hotbar) -> No action taken. C:\Documents and Settings\Bernard\Application Data\WeatherDPA (Adware.Hotbar) -> No action taken. C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hotbar (Adware.Hotbar) -> No action taken. Fichier(s) infecté(s): D:\Winapps\ACDsee\ACDSee\6.0\ACD_Sytems_Products_Crack.exe (Malware.Packer.Gen) -> No action taken. D:\Winutil\Total Uninstall 4\Patch.exe (Trojan.Bancos) -> No action taken. E:\Downloads\Programs\setup.exe (Adware.Hotbar) -> No action taken. E:\Downloads\Programs\setup_2.exe (Adware.Hotbar) -> No action taken. C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA.dat (Adware.Hotbar) -> No action taken. C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAAbout.mht (Adware.Hotbar) -> No action taken. C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAau.dat (Adware.Hotbar) -> No action taken. C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAEULA.mht (Adware.Hotbar) -> No action taken. C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_hpk.dat (Adware.Hotbar) -> No action taken. C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_kyf.dat (Adware.Hotbar) -> No action taken. C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hotbar\About Hotbar.lnk (Adware.Hotbar) -> No action taken. C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hotbar\Hotbar Customer Support Center.lnk (Adware.Hotbar) -> No action taken. C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hotbar\Hotbar Games!.lnk (Adware.Hotbar) -> No action taken. C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hotbar\Hotbar Uninstall Instructions.lnk (Adware.Hotbar) -> No action taken. C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hotbar\Hotbar Videos!.lnk (Adware.Hotbar) -> No action taken. C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hotbar\Reset Cursor.lnk (Adware.Hotbar) -> No action taken. C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hotbar\Weather.lnk (Adware.Hotbar) -> No action taken. C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> No action taken. C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken. C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken. et le rapport après la suppression Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Version de la base de données: 3930 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 9/04/2010 22:06:10 mbam-log-2010-04-09 (22-06-10).txt Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|) Elément(s) analysé(s): 411483 Temps écoulé: 1 heure(s), 51 minute(s), 51 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 23 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 3 Fichier(s) infecté(s): 20 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\CLSID\{2f9ad413-2e0b-4a85-bb2a-cf961238262a} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8c788aa2-7530-43be-97b7-4d491f13bea3} (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hotbarax.info (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hotbarax.info.1 (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hotbarax.userprofiles (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hotbarax.userprofiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hotbarweather.weathercontroller (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hotbarweather.weathercontroller.1 (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\hotbarsa (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cntntcntr.cntntdic (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cntntcntr.cntntdic.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cntntcntr.cntntdisp (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cntntcntr.cntntdisp.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll schannel.dll digest.dll msnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Documents and Settings\All Users\Application Data\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Documents and Settings\Bernard\Application Data\WeatherDPA (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully. Fichier(s) infecté(s): D:\Winapps\ACDsee\ACDSee\6.0\ACD_Sytems_Products_Crack.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. D:\Winutil\Total Uninstall 4\Patch.exe (Trojan.Bancos) -> Quarantined and deleted successfully. E:\Downloads\Programs\setup.exe (Adware.Hotbar) -> Quarantined and deleted successfully. E:\Downloads\Programs\setup_2.exe (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAAbout.mht (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAau.dat (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAEULA.mht (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_hpk.dat (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hotbar\About Hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hotbar\Hotbar Customer Support Center.lnk (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hotbar\Hotbar Games!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hotbar\Hotbar Uninstall Instructions.lnk (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hotbar\Hotbar Videos!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hotbar\Reset Cursor.lnk (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hotbar\Weather.lnk (Adware.Hotbar) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. et le nouveau rapport Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:15:25, on 9/04/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\System32\svchost.exe D:\Winutil\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe D:\Winutil\Internet Download Manager\IDMan.exe D:\Winsys\BitMeter\BitMeter2.exe C:\WINDOWS\System32\svchost.exe D:\Winprog\Wincmd\TOTALCMD.EXE D:\Winsys\Scanner\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Winutil\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - D:\Winutil\pando\PandoIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Winutil\SPYBOT~1\SDHelper.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - D:\Winutil\Babylon\Utils\BabylonIEPI.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O4 - HKCU\..\Run: [iDMan] D:\Winutil\Internet Download Manager\IDMan.exe /onboot O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Global Startup: Bitmeter2.lnk = D:\Winsys\BitMeter\BitMeter2.exe O4 - Global Startup: Wincmd.lnk = D:\Winprog\Wincmd\TOTALCMD.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Download All Links with IDM - D:\Winutil\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - D:\Winutil\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Translate this web page with Babylon - res://D:\Winutil\Babylon\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://D:\Winutil\Babylon\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Winutil\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Winutil\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - D:\Winutil\Babylon\Utils\BabylonIEPI.dll O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - D:\Winutil\Babylon\Utils\BabylonIEPI.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Winapps\Common\Database\bin\fbserver.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: License Management Service ESD - element5 - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: NMSAccessU - Unknown owner - D:\Winutil\CDBurnerXP\NMSAccessU.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 6421 bytes

Bonsoir, j'ai liquidé rapidsshare des sites de confiance j'ai de nouveau accès à intrnet explorer mais il y a peut-être encore des problèmes qui subsistent j'utilise rapidshare pour télécharger des fichiers voici le rapport otm All processes killed Error: Unable to interpret <Go> in the current context! ========== FILES ========== File/Folder c:\documents and settings\bernard\locals~1\temp\ghx.exe not found. ========== REGISTRY ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\YVIBBBHA8C deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 112094 bytes User: All Users User: Bernard ->Temp folder emptied: 2102612854 bytes ->Temporary Internet Files folder emptied: 98970830 bytes ->Java cache emptied: 1062675 bytes ->FireFox cache emptied: 120779439 bytes ->Flash cache emptied: 114399 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 115442455 bytes %systemroot% .tmp files removed: 2503865 bytes %systemroot%\System32 .tmp files removed: 3072 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 85008930 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12989938 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 14294025 bytes Total Files Cleaned = 2.436,00 mb OTM by OldTimer - Version 3.1.10.1 log created on 04092010_184401 Files moved on Reboot... File C:\Documents and Settings\Bernard\Local Settings\Temp\~DF7106.tmp not found! File C:\Documents and Settings\Bernard\Local Settings\Temp\~DF711B.tmp not found! File C:\Documents and Settings\Bernard\Local Settings\Temp\~DF7184.tmp not found! File C:\Documents and Settings\Bernard\Local Settings\Temp\~DF7193.tmp not found! File C:\Documents and Settings\Bernard\Local Settings\Temp\~DF71E1.tmp not found! File C:\Documents and Settings\Bernard\Local Settings\Temp\~DF71F0.tmp not found! C:\Documents and Settings\Bernard\Local Settings\Temporary Internet Files\Content.IE5\3FBNG7V3\index[3].htm moved successfully. C:\Documents and Settings\Bernard\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. C:\Documents and Settings\Bernard\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully. Registry entries deleted on Reboot... Merci pour ton aide

Bonjour, je n'arrive plus à me connecter à internet explorer et je n'ai plus de point de restauration système quelqu'un pourrait-il m'aider je joins le rapport Hijack this Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:40:47, on 8/04/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\System32\svchost.exe D:\Winutil\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe D:\Winutil\Internet Download Manager\IDMan.exe D:\Winsys\BitMeter\BitMeter2.exe D:\Winprog\Wincmd\TOTALCMD.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Winsys\File Recover\FileRecover.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\explorer.exe E:\Downloads\Programs\FixVundo.exe C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe D:\Winutil\Malwarebytes' Anti-Malware\mbam.exe D:\Winsys\Scanner\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Winutil\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - D:\Winutil\pando\PandoIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Winutil\SPYBOT~1\SDHelper.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - D:\Winutil\Babylon\Utils\BabylonIEPI.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O4 - HKCU\..\Run: [iDMan] D:\Winutil\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [YVIBBBHA8C] C:\DOCUME~1\Bernard\LOCALS~1\Temp\Ghx.exe O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Global Startup: Bitmeter2.lnk = D:\Winsys\BitMeter\BitMeter2.exe O4 - Global Startup: Wincmd.lnk = D:\Winprog\Wincmd\TOTALCMD.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Download All Links with IDM - D:\Winutil\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - D:\Winutil\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Translate this web page with Babylon - res://D:\Winutil\Babylon\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://D:\Winutil\Babylon\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Winutil\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Winutil\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - D:\Winutil\Babylon\Utils\BabylonIEPI.dll O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - D:\Winutil\Babylon\Utils\BabylonIEPI.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://www.rapidshare.com O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Winapps\Common\Database\bin\fbserver.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: License Management Service ESD - element5 - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: NMSAccessU - Unknown owner - D:\Winutil\CDBurnerXP\NMSAccessU.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 6971 bytes Merci d'avance

je pense que le problème est résolu, un grand merci

voici le rapport de smitfraudfix SmitFraudFix v2.345 Rapport fait à 7:49:12,78, mar. 02/09/2008 Executé à partir de C:\Documents and Settings\Bernard\Mes documents\Downloads\Programs\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe D:\Winutil\AntiVir PersonalEdition Classic\sched.exe D:\Winutil\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\McAfee\Common Framework\McTray.exe D:\Winutil\AnyDVD\AnyDVD.exe D:\Winapps\PhotoShop Album\3.2\Apps\apdproxy.exe D:\Winutil\Internet Download Manager\IDMan.exe D:\Winprog\Wincmd\TOTALCMD.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe D:\WinAVIVideoConverter\WinAVI.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Bernard »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Bernard\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Bernard\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! AntiXPVSTFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: U.S. Robotics Wireless MAXg USB Adapter - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.254 HKLM\SYSTEM\CCS\Services\Tcpip\..\{F1DB3482-C8D0-43CE-B0A7-B8B9003BA3F3}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\..\{F1DB3482-C8D0-43CE-B0A7-B8B9003BA3F3}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS2\Services\Tcpip\..\{F1DB3482-C8D0-43CE-B0A7-B8B9003BA3F3}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin

voilà le rapport mbam et hyjackthis il y en a eu 4 supprimés Malwarebytes' Anti-Malware 1.25 Version de la base de données: 1062 Windows 5.1.2600 Service Pack 2 22:34:59 1/09/2008 mbam-log-09-01-2008 (22-34-51).txt Type de recherche: Examen rapide Eléments examinés: 45426 Temps écoulé: 3 minute(s), 48 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 4 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken. HKEY_CLASSES_ROOT\emotigt.bkwr (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\emotigt.toolbar.1 (Trojan.FakeAlert) -> No action taken. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:37:06, on 1/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe D:\Winutil\AntiVir PersonalEdition Classic\sched.exe D:\Winutil\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\McAfee\Common Framework\McTray.exe D:\Winutil\AnyDVD\AnyDVD.exe D:\Winapps\PhotoShop Album\3.2\Apps\apdproxy.exe D:\Winutil\Internet Download Manager\IDMan.exe D:\Winprog\Wincmd\TOTALCMD.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe D:\WinAVIVideoConverter\WinAVI.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\SoftwareDistribution\Download\be077a0a5c65554c0fa221a5c8a0529b\update\update.exe D:\Winsys\Scanner\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Winutil\Internet Download Manager\IDMIECC.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - D:\Winutil\pando\PandoIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Winutil\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [AnyDVD] "D:\Winutil\AnyDVD\AnyDVD.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Winutil\quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Winapps\PhotoShop Album\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [iDMan] D:\Winutil\Internet Download Manager\IDMan.exe /onboot O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Global Startup: Wincmd.lnk = D:\Winprog\Wincmd\TOTALCMD.EXE O8 - Extra context menu item: Download All Links with IDM - D:\Winutil\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - D:\Winutil\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Winutil\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Winutil\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://www.rapidshare.com O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Winutil\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Winutil\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Winutil\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Winutil\Spyware Doctor\pctsSvc.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 6429 bytes

voici le rapport de combifix ComboFix 08-08-31.01 - Bernard 2008-09-01 21:45:47.1 - NTFSx86 MINIMAL Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1750 [GMT 2:00] Endroit: C:\Documents and Settings\Bernard\Bureau\ComboFix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Bernard\Application Data\macromedia\Flash Player\#SharedObjects\EAW7ULJR\bin.clearspring.com C:\Documents and Settings\Bernard\Application Data\macromedia\Flash Player\#SharedObjects\EAW7ULJR\bin.clearspring.com\clearspring.sol C:\Documents and Settings\Bernard\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com C:\Documents and Settings\Bernard\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol C:\Documents and Settings\Bernard\Cookies\bernard@ads.rtl[1].txt C:\Documents and Settings\Bernard\Cookies\bernard@antivirusfiable[2].txt C:\Documents and Settings\Bernard\Cookies\bernard@reparateurdesysteme[1].txt C:\WINDOWS\system32\x64 J:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers créés 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))))))) . 2008-09-01 21:30 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-09-01 21:30 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-09-01 21:30 . 2008-02-16 20:46 85,504 --a------ C:\WINDOWS\system32\VACFix.exe 2008-09-01 21:30 . 2008-02-08 11:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-09-01 21:30 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-09-01 21:30 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-09-01 21:30 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-09-01 21:20 . 2008-09-01 21:20 25,304 --a------ C:\Temp\tcpip2.reg 2008-09-01 21:20 . 2008-09-01 21:20 25,208 --a------ C:\Temp\tcpip1.reg 2008-09-01 20:39 . 2008-09-01 20:39 <REP> d-------- C:\WINDOWS\ERUNT 2008-09-01 19:48 . 2008-09-01 20:49 <REP> d-------- C:\SDFix 2008-09-01 08:09 . 2008-09-01 20:58 <REP> d-------- C:\WINDOWS\system32\CatRoot2 2008-08-31 20:10 . 2008-08-28 14:57 167,424 --a------ C:\WINDOWS\system32\MSA.cpl 2008-08-31 19:11 . 2008-08-31 19:11 3,082 --a------ C:\WINDOWS\system32\affv208325p1now.sys 2008-08-31 12:49 . 2008-08-31 12:49 106,496 --a------ C:\WINDOWS\system32\CodecBHO.dll 2008-08-22 10:04 . 2004-10-12 14:40 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll 2008-08-22 10:04 . 2004-10-12 14:46 1,761,280 --a------ C:\WINDOWS\system32\ffdshow.ax 2008-08-22 10:04 . 2004-10-05 16:16 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll 2008-08-22 10:04 . 2004-10-12 14:42 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll 2008-08-22 10:04 . 2003-04-03 00:17 172,032 --a------ C:\WINDOWS\system32\ac3filter.ax 2008-08-22 10:04 . 2004-10-04 01:50 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll 2008-08-10 11:02 . 2008-08-10 11:02 7 --a------ C:\WINDOWS\tpntma04.ini 2008-08-04 18:35 . 2008-08-04 18:38 <REP> d-------- C:\Garmin-save 2008-08-03 18:42 . 2008-08-03 18:42 62 --a------ C:\WINDOWS\WININIT.INI . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-01 19:39 2,596 ----a-w C:\WINDOWS\system32\tmp.reg 2008-09-01 18:50 --------- d-----w C:\Documents and Settings\Bernard\Application Data\DMCache 2008-09-01 18:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-31 20:38 --------- d-----w C:\Program Files\Spyware Terminator 2008-08-31 20:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator 2008-08-31 18:30 --------- d-----w C:\Documents and Settings\Bernard\Application Data\Spyware Terminator 2008-08-31 16:58 --------- d-----w C:\Documents and Settings\Bernard\Application Data\Vso 2008-08-10 07:05 --------- d-----w C:\Documents and Settings\Bernard\Application Data\Corel 2008-08-06 16:05 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-07-28 18:53 --------- d-----w C:\Documents and Settings\Bernard\Application Data\GARMIN 2008-07-28 18:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\GARMIN 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-02-12 19:12 22,328 ----a-w C:\Documents and Settings\Bernard\Application Data\PnkBstrK.sys 2007-07-19 18:30 81,920 ------w C:\Documents and Settings\Bernard\Application Data\ezpinst.exe 2007-07-19 18:30 47,360 ------w C:\Documents and Settings\Bernard\Application Data\pcouffin.sys 2008-02-17 19:44 175,603 --sha-w C:\WINDOWS\system32\dccdd.ini.ren 2008-02-17 19:42 175,603 --sha-w C:\WINDOWS\system32\dccdd.ini2.ren . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="D:\Winutil\Internet Download Manager\IDMan.exe" [2006-11-12 18:55 880896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 08:50 112216] "McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39 136768] "AnyDVD"="D:\Winutil\AnyDVD\AnyDVD.exe" [2004-02-19 00:31 177152] "QuickTime Task"="D:\Winutil\quicktime\qttask.exe" [2007-06-29 06:24 286720] "Adobe Photo Downloader"="D:\Winapps\PhotoShop Album\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Wincmd.lnk - D:\Winprog\Wincmd\TOTALCMD.EXE [2007-07-19 00:40:59 2902984] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\U.S. Robotics Wireless Manager UI] C:\WINDOWS\system32\WLTRAY [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] --------- 2007-06-11 11:25 6731312 D:\Winutil\AVG Anti-Spyware 7.5\avgas.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] --------- 2007-07-19 23:25 684032 D:\Winapps\Easy CD Creator\DirectCD\Directcd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --------- 2007-03-16 11:45 63712 D:\Winapps\PhotoShop Album\3.2\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] --------- 2007-04-02 11:35 327720 D:\Winutil\AntiVir PersonalEdition Classic\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --------- 2006-10-09 11:28 139264 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] --------- 2006-09-28 21:21 57344 D:\Winapps\CloneCD\CloneCDTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector] --------- 2003-11-27 10:16 217088 C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --------- 2007-02-26 10:34 155648 C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --------- 2007-02-26 10:34 131072 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray] --------- 2007-12-10 15:53 1103752 D:\Winutil\Spyware Doctor\pctsTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --------- 2006-01-12 16:40 155648 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando] --------- 2007-10-05 12:33 5207368 D:\Winutil\pando\pando.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] --------- 2007-02-26 10:33 131072 C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --------- 2007-06-29 06:24 286720 D:\Winutil\quicktime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --------- 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe] --------- 2005-03-14 01:37 1057280 C:\Program Files\SuperCopier2\SuperCopier2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --------- 2007-07-19 21:32 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner] --------- 2008-01-01 20:20 737872 D:\Winutil\Trojan Remover\Trjscan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --------- 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio] --------- 2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] --------- 2006-06-28 14:54 16248320 C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] --------- 2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "PnkBstrB"=2 (0x2) "PnkBstrA"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "D:\\Winutil\\pando\\pando.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "D:\\Winutil\\phpDesigner 2008\\phpDesigner2008.exe"= R3 BCMTPM;BCMTPM;C:\WINDOWS\system32\DRIVERS\btpmw32.sys [2006-07-17 14:07] S1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-12-27 12:09] S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2004-09-07 16:42] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\u8d8i3ux.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - about:blank FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll FF -: plugin - D:\Winutil\quicktime\Plugins\npqtplugin.dll FF -: plugin - D:\Winutil\quicktime\Plugins\npqtplugin2.dll FF -: plugin - D:\Winutil\quicktime\Plugins\npqtplugin3.dll FF -: plugin - D:\Winutil\quicktime\Plugins\npqtplugin4.dll FF -: plugin - D:\Winutil\quicktime\Plugins\npqtplugin5.dll FF -: plugin - D:\Winutil\quicktime\Plugins\npqtplugin6.dll FF -: plugin - D:\Winutil\quicktime\Plugins\npqtplugin7.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-01 21:48:07 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-09-01 21:49:29 ComboFix-quarantined-files.txt 2008-09-01 19:49:07 Pre-Run: 6,620,291,072 octets libres Post-Run: 6,657,396,736 octets libres 192

Bonjour, j'ai reçu plusieurs messages d'avertissements j'ai essayé de faire une restauration , j'ai choisi un jour en l'occurrence le 25/8 mais la restauration ne se fait pas en cliquant sur suivant, rien ne se passe voici le rapport Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:13:03, on 1/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe D:\Winutil\AntiVir PersonalEdition Classic\sched.exe D:\Winutil\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\McAfee\Common Framework\naPrdMgr.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\PSIService.exe D:\Winutil\Spyware Doctor\pctsAuxs.exe D:\Winutil\Spyware Doctor\pctsSvc.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\McAfee\Common Framework\UdaterUI.exe D:\Winutil\AnyDVD\AnyDVD.exe C:\Program Files\McAfee\Common Framework\McTray.exe D:\Winapps\PhotoShop Album\3.2\Apps\apdproxy.exe D:\Winutil\AVG Anti-Spyware 7.5\avgas.exe D:\Winutil\Internet Download Manager\IDMan.exe D:\Winprog\Wincmd\TOTALCMD.EXE D:\Winutil\Spyware Doctor\pctsTray.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe C:\WINDOWS\system32\restore\rstrui.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\mmc.exe D:\Winsys\Scanner\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Winutil\Internet Download Manager\IDMIECC.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - D:\Winutil\pando\PandoIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Winutil\SPYBOT~1\SDHelper.dll O2 - BHO: CodecPlugin Class - {6b0ac2d1-cfa4-4021-81d5-e7e239e87496} - C:\WINDOWS\system32\CodecBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: emotigt - {72B445FA-2456-4718-8580-3D963E4CCB5A} - (no file) O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [AnyDVD] "D:\Winutil\AnyDVD\AnyDVD.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Winutil\quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Winapps\PhotoShop Album\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [\VIEEB.exe] C:\Windows\System32\VIEEB.exe O4 - HKLM\..\Run: [\VIEEC.exe] C:\Windows\System32\VIEEC.exe O4 - HKLM\..\Run: [\VIEED.exe] C:\Windows\System32\VIEED.exe O4 - HKLM\..\Run: [\VIEEE.exe] C:\Windows\System32\VIEEE.exe O4 - HKLM\..\Run: [Antivirus] C:\Program Files\MSA\MSA.exe O4 - HKLM\..\Run: [\VIEEF.exe] C:\Windows\System32\VIEEF.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Winutil\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [\VIEF3.exe] C:\Windows\System32\VIEF3.exe O4 - HKLM\..\Run: [\VIE1.exe] C:\Windows\System32\VIE1.exe O4 - HKLM\..\Run: [\VIE2.exe] C:\Windows\System32\VIE2.exe O4 - HKLM\..\Run: [\VIE3.exe] C:\Windows\System32\VIE3.exe O4 - HKLM\..\Run: [\VIE5.exe] C:\Windows\System32\VIE5.exe O4 - HKLM\..\Run: [iSTray] "D:\Winutil\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [iDMan] D:\Winutil\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [\VIEEB.exe] C:\Windows\System32\VIEEB.exe O4 - HKCU\..\Run: [\VIEEC.exe] C:\Windows\System32\VIEEC.exe O4 - HKCU\..\Run: [\VIEED.exe] C:\Windows\System32\VIEED.exe O4 - HKCU\..\Run: [\VIEEE.exe] C:\Windows\System32\VIEEE.exe O4 - HKCU\..\Run: [Antivirus] C:\Program Files\MSA\MSA.exe O4 - HKCU\..\Run: [\VIEEF.exe] C:\Windows\System32\VIEEF.exe O4 - HKCU\..\Run: [\VIEF3.exe] C:\Windows\System32\VIEF3.exe O4 - HKCU\..\Run: [\VIE1.exe] C:\Windows\System32\VIE1.exe O4 - HKCU\..\Run: [\VIE2.exe] C:\Windows\System32\VIE2.exe O4 - HKCU\..\Run: [\VIE3.exe] C:\Windows\System32\VIE3.exe O4 - HKCU\..\Run: [\VIE5.exe] C:\Windows\System32\VIE5.exe O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Global Startup: Wincmd.lnk = D:\Winprog\Wincmd\TOTALCMD.EXE O8 - Extra context menu item: Download All Links with IDM - D:\Winutil\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - D:\Winutil\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Winutil\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Winutil\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://www.rapidshare.com O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F1DB3482-C8D0-43CE-B0A7-B8B9003BA3F3}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220 208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220 208.67.222.222 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Winutil\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Winutil\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Winutil\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Winutil\Spyware Doctor\pctsSvc.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 9133 bytes Pouvez vous m'aider ?

j'ai scanné le système à plusieurs reprises, des virus on bien été détectés mais je reçois des fenêtres qui s'ouvrent toutes seules et qui pointe vers http://antivirusfiable.com/garde et il y a un message WARNING: You must protect your system from threats! Voici le rapport Hijack Un grand merci pour votre aide Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:01:57, on 21/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\McAfee\Common Framework\naPrdMgr.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\McAfee\Common Framework\UdaterUI.exe D:\Winutil\AnyDVD\AnyDVD.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe D:\Winapps\PhotoShop Album\3.2\Apps\apdproxy.exe D:\Winutil\Internet Download Manager\IDMan.exe D:\Winprog\Wincmd\TOTALCMD.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE D:\Winutil\Spyware Doctor\pctsAuxs.exe D:\Winutil\Spyware Doctor\pctsSvc.exe D:\Winutil\Spyware Doctor\pctsTray.exe D:\Winutil\Spyware Doctor\pctsGui.exe D:\Winutil\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\regedit.exe D:\Winutil\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE D:\Winutil\pando\pando.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe D:\Winsys\Scanner\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Winutil\Internet Download Manager\IDMIECC.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - D:\Winutil\pando\PandoIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll O2 - BHO: SXG Advisor - {A2F12137-1918-4F31-B179-94C21A1E2BC2} - C:\WINDOWS\dmdvpnvnp.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: emotigt - {72B445FA-2456-4718-8580-3D963E4CCB5A} - C:\WINDOWS\emotigt.dll (file missing) O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [AnyDVD] "D:\Winutil\AnyDVD\AnyDVD.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Winutil\quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Winapps\PhotoShop Album\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TrojanScanner] D:\Winutil\Trojan Remover\Trjscan.exe O4 - HKLM\..\Run: [iSTray] "D:\Winutil\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Winutil\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [iDMan] D:\Winutil\Internet Download Manager\IDMan.exe /onboot O4 - Global Startup: Wincmd.lnk = D:\Winprog\Wincmd\TOTALCMD.EXE O8 - Extra context menu item: Download All Links with IDM - D:\Winutil\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - D:\Winutil\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - D:\Winutil\MegaManager\mm_file.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.rapidshare.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185119889937 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O21 - SSODL: admgcx - {6A271B00-062B-479B-9EB1-661CD117DE3D} - C:\WINDOWS\admgcx.dll O21 - SSODL: bdmanager - {B26107AB-B4EA-4186-ADF9-C197E95F521F} - C:\WINDOWS\bdmanager.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Winutil\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Winutil\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Winutil\Spyware Doctor\pctsSvc.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 9242 bytes

voici le résultat et le scan avec avg est en cours Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:03:21, on 20/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\McAfee\Common Framework\naPrdMgr.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\McAfee\Common Framework\UdaterUI.exe D:\Winutil\AnyDVD\AnyDVD.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe D:\Winapps\PhotoShop Album\3.2\Apps\apdproxy.exe D:\Winutil\Internet Download Manager\IDMan.exe D:\Winprog\Wincmd\TOTALCMD.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\PROGRA~1\MOZILL~1\FIREFOX.EXE D:\Winutil\Spyware Doctor\pctsAuxs.exe D:\Winutil\Spyware Doctor\pctsSvc.exe D:\Winutil\Spyware Doctor\pctsTray.exe D:\Winutil\Spyware Doctor\pctsGui.exe C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe C:\Documents and Settings\Bernard\Mes documents\Downloads\Programs\stng380.exe D:\Winsys\Scanner\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Winutil\Internet Download Manager\IDMIECC.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - D:\Winutil\pando\PandoIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll O2 - BHO: SXG Advisor - {A2F12137-1918-4F31-B179-94C21A1E2BC2} - C:\WINDOWS\dmdvpnvnp.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: emotigt - {72B445FA-2456-4718-8580-3D963E4CCB5A} - C:\WINDOWS\emotigt.dll (file missing) O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [AnyDVD] "D:\Winutil\AnyDVD\AnyDVD.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Winutil\quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Winapps\PhotoShop Album\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TrojanScanner] D:\Winutil\Trojan Remover\Trjscan.exe O4 - HKLM\..\Run: [iSTray] "D:\Winutil\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [iDMan] D:\Winutil\Internet Download Manager\IDMan.exe /onboot O4 - Global Startup: Wincmd.lnk = D:\Winprog\Wincmd\TOTALCMD.EXE O8 - Extra context menu item: Download All Links with IDM - D:\Winutil\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - D:\Winutil\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - D:\Winutil\MegaManager\mm_file.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.rapidshare.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185119889937 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O21 - SSODL: admgcx - {6A271B00-062B-479B-9EB1-661CD117DE3D} - C:\WINDOWS\admgcx.dll O21 - SSODL: bdmanager - {B26107AB-B4EA-4186-ADF9-C197E95F521F} - C:\WINDOWS\bdmanager.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Winutil\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Winutil\Spyware Doctor\pctsSvc.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 8267 bytes